Tekton Tasks 基础

Tasks 概述

Task是一系列Step的组合,每个Step主要负责运行特定的构建或交付工具从而完成相关的一次特定事项;Task以Kubernetes集群上Pod运行。Task是名称空间级别的资源。

Tasks 组成

Parameters:是使得Task及Pipeline资源定义出的“模板”更加具有通用性的关键要素之一
Steps:具体执行的任务
Workspaces:由Task声明的,且需要由TaskRun在运行时提供的文件系统
Results:它将Task中Step生成的结果保存于临时文件中

Results

Results 概述

在Pipeline的Task之间使用同一个共享的Workspace可以完成数据共享,但对于简单的字符串数据的传递,则可以使用Results API完成;
Results用于让Task及其Step保存执行结果,并可在同一Pipeline中的后续Task中调用该结果;

Results 保存路径

Task将会为每个results条目自动创建一个文件以进行保存,这些文件统一放置于/tektons/results目录中;
每个results条目的相关值(value)需要在Step中进行生成并保存,且Task不会对相关数据进行任何多余的操作;

Results 变量

在Task中引用Results时使用的变量

results.<resultName>.path
results['<resultName>'].path 或 results["<resultName>"].path

在Pipeline中引用Results时使用的变量

tasks.<taskName>.results.<resultName>
tasks.<taskName>.results['<resultName>'] 或 tasks.<taskName>.results["<resultName>"]

Workspace

Workspace 概述

Workspace用于为Task中的各Step提供工作目录,基于该Task运行的TaskRun需要在运行时提供该目录

Workspace 运行方式

TaskRun的实际运行形式为Pod,因而Workspace对应的实际组件为Pod上的Volume
由Task声明的,且需要由TaskRun在运行时提供的文件系统;通常对应于Kubernetes上的ConfigMap、Secret、emptyDir、静态PVC类型的卷,或者是VolumeClaimTemplate动态请求的PVC;emptyDir的生命周期与Pod相同,因此仅能在一个TaskRun的各Step间共享数据;若要跨Task共享数据,则需要使用PVC;
ConfigMap和Secret:只读式的Workspace
PersistentVolumeClaim:支持跨Task共享数据的Workspace
   静态预配
   动态预配:基于VolumeClaimTemplate动态创建
emptyDir:临时工作目录,用后即弃

Workspace 作用

1. 跨Task共享数据
2. 借助于Secrets加载机密凭据
3. 借助于ConfigMap加载配置数据
4. 持久化存储数据
5. 为Task提供缓存以加速构建过程

Workspace 变量

$(workspaces.<name>.path):由<name>指定的Workspace挂载的路径,对于可选且TaskRun未声明时,其值为空;
$(workspaces.<name>.bound):其值为true或false,用于标识指定的Workspace是已经绑定;对于optional为false的Workspace,该变量的值将始终为true;
$(workspaces.<name>.claim):由<name>标示的Workspace所使用的PVC的名称;对于非PVC类型的存储卷,该变量值为空;
$(workspaces.<name>.volume):由<name>标示的Workspace所使用的存储卷的名称;

Task 资源清单

apiVersion: tekton.dev/v1   # 指定 API 版本。
kind: Task                  # 将此资源对象标识为一个Task对象。
metadata:                   # 指定唯一标识 Task资源对象的元数据。例如,一个name.
  name: hello
spec:                       # 指定该资源对象Task的配置信息
  workspaces:
    - name: signals         # 必选字段,该Workspace的唯一标识符
      description:          # 描述信息,通常标明其使用目的
      mountPath:            # 在各Step中的挂载路径,默认为“/workspace/<name>”,其中<name>是当前Workspace的名称
      readOnly:             # 是否为只读,默认为false
      optional:             # 是否为可选,默认为false
 
  results:
    - name: current-date-unix-timestamp   # 唯一名称
      description:                        # 描述信息
                
  params:                   # 定义变量信息
    - name:                 # 变量名称
      type: string          # 参数类型,有string、array (beta feature)、object (beta feature),默认值 string
      description:          # 描述信息
      default:              # 默认值
      enum: ["v1", "v2"]    # 枚举
      value:                # 静态赋值
    - name: gitrepo
      type: object
      properties:
        url:
          type: string
        commit:
          type: string
    - name: flags
      type: array
  
  steps:
    - name:                                           # task名称                      
      image:                                          # 执行task的镜像
      command: ["echo"]                               # 执行的命令
      args: ["push", "$(params.gitrepo)"]             # 执行命令的参数
      script: |                                       # 指定运行的脚本,多行脚本,可以使用“|”启用,script同command互斥
        #!/usr/bin/env bash
        echo "Hello from Bash!" 
        date +%s | tee $(results.current-date-unix-timestamp.path)  # 调用results结果
        
      securityContext:                                # 设置允许容器用户id
        runAsUser: 2000 
      env:                                            # 设置环境变量
        - name: 
          value: 
      computeResources:                               # 资源限制
        requests:
          memory: 1Gi
          cpu: 500m
        limits:
          memory: 2Gi
          cpu: 800m
      timeout: 60s                                    # 超时时间,例如 1s 或 1ms
      onError: continue                               # 本次step执行失败则跳过本次任务,继续向下执行其它step
      stdoutConfig:                                   # 标准输出
        path: ...
      stderrConfig:                                   # 标准错误输出
        path: ...
      
  sidecars:
    - image: alpine
      # Note: must explicitly include volumeMount for the workspace to be accessible in the Sidecar
      volumeMounts:
        - name: $(workspaces.signals.volume)       # 调用workspace
          mountPath: $(workspaces.signals.path)

Task 示例

apiVersion: tekton.dev/v1
kind: Task
metadata:
  name: git-clone
spec:
  description: Clone the code repository to the workspace. 
  params:
    - name: git-repo-url
      type: string
      description: git repository url to clone
    - name: git-revision
      type: string
      description: git revision to checkout (branch, tag, sha, ref)
  workspaces:
    - name: source
      description: The git repo will be cloned onto the volume backing this workspace
  steps:
    - name: git-clone
      image: alpine/git:v2.36.1
      script: | 
        git clone -v $(params.git-repo-url) $(workspaces.source.path)/source
        cd $(workspaces.source.path)/source && git reset --hard $(params.git-revision)
---
apiVersion: tekton.dev/v1
kind: Task
metadata:
  name: build-to-package
spec:
  description: build application and package the files to image
  workspaces:
    - name: source
      description: The git repo that cloned onto the volume backing this workspace
  steps:
    - name: build
      image: maven:3.8-openjdk-11-slim
      workingDir: $(workspaces.source.path)/source
      volumeMounts:
        - name: m2
          mountPath: /root/.m2
      script: mvn clean install
  volumes:
    - name: m2
      persistentVolumeClaim:
        claimName: maven-cache
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: generate-build-id
spec:
  params:
    - name: version
      description: The version of the application
      type: string
  results:
    - name: datetime
      description: The current date and time
    - name: buildId
      description: The build ID
  steps:
    - name: generate-datetime
      image: ikubernetes/admin-box:v1.2
      script: |
        #!/usr/bin/env bash
        datetime=`date +%Y%m%d-%H%M%S`
        echo -n ${datetime} | tee $(results.datetime.path)
    - name: generate-buildid
      image: ikubernetes/admin-box:v1.2
      script: |
        #!/usr/bin/env bash
        buildDatetime=`cat $(results.datetime.path)`
        buildId=$(params.version)-${buildDatetime}
        echo -n ${buildId} | tee $(results.buildId.path)
---
apiVersion: tekton.dev/v1
kind: Task
metadata:
  name: image-build-and-push
spec:
  description: package the application files to image
  params:
    - name: dockerfile
      description: The path to the dockerfile to build (relative to the context)
      default: Dockerfile
    - name: image-url
      description: Url of image repository
    - name: image-tag
      description: Tag to apply to the built image
  workspaces:
    - name: source
    - name: dockerconfig
      mountPath: /kaniko/.docker
  steps:
    - name: image-build-and-push
      image: gcr.dockerproxy.com/kaniko-project/executor:latest
      securityContext:
        runAsUser: 0
      env:
        - name: DOCKER_CONFIG
          value: /kaniko/.docker
      command:
        - /kaniko/executor
      args:
        - --dockerfile=$(params.dockerfile)
        - --context=$(workspaces.source.path)/source
        - --destination=$(params.image-url):$(params.image-tag)
        - --cache=true
        - --cache-dir=$(workspaces.source.path)/cache
---
apiVersion: tekton.dev/v1
kind: Task
metadata:
  name: deploy-using-kubectl
spec:
  workspaces:
    - name: source
      description: The git repo
  params:
    - name: deploy-config-file
      description: The path to the yaml file to deploy within the git source
    - name: image-url
      description: Image name including repository
    - name: image-tag
      description: Image tag
  steps:
    - name: update-yaml
      image: alpine:3.16
      command: ["sed"]
      args:
        - "-i"
        - "-e"
        - "s@__IMAGE__@$(params.image-url):$(params.image-tag)@g"
        - "$(workspaces.source.path)/source/deploy/$(params.deploy-config-file)"
    - name: run-kubectl
      image: lachlanevenson/k8s-kubectl
      command: ["kubectl"]
      args:
        - "apply"
        - "-f"
        - "$(workspaces.source.path)/source/deploy/$(params.deploy-config-file)"
---

参考文档

https://tekton.dev/docs/pipelines/tasks/

posted @ 2023-12-02 20:07  小吉猫  阅读(131)  评论(0编辑  收藏  举报