Tekton Tigger使用案例进阶
[root@master 03-trigger-gitlab]# kubectl apply -f .
secret/gitlab-webhook-token created
serviceaccount/tekton-triggers-gitlab-sa created
role.rbac.authorization.k8s.io/tekton-triggers-gitlab-minimal created
rolebinding.rbac.authorization.k8s.io/tekton-triggers-gitlab-binding created
clusterrole.rbac.authorization.k8s.io/tekton-triggers-gitlab-minimal created
clusterrolebinding.rbac.authorization.k8s.io/tekton-triggers-gitlab-binding created
serviceaccount/helloworld-admin created
clusterrolebinding.rbac.authorization.k8s.io/helloworld-admin created
persistentvolumeclaim/maven-cache configured
task.tekton.dev/git-clone created
task.tekton.dev/build-to-package created
task.tekton.dev/generate-build-id created
task.tekton.dev/image-build-and-push created
task.tekton.dev/deploy-using-kubectl created
pipeline.tekton.dev/source-to-image created
triggerbinding.triggers.tekton.dev/s2i-binding created
triggertemplate.triggers.tekton.dev/s2i-tt created
eventlistener.triggers.tekton.dev/s2i-listener created
[root@master 03-trigger-gitlab]# cat 01-gitlab-token-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: gitlab-webhook-token
type: Opaque
stringData:
# Generated by command "openssl rand -base64 12"
webhookToken: "DXeqvozMlTA67aQB"
[root@master 03-trigger-gitlab]# cat 02-gitlab-eventlistener-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: tekton-triggers-gitlab-sa
secrets:
- name: gitlab-webhook-token
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tekton-triggers-gitlab-minimal
rules:
# Permissions for every EventListener deployment to function
- apiGroups: ["triggers.tekton.dev"]
resources: ["eventlisteners", "triggerbindings", "triggertemplates"]
verbs: ["get"]
- apiGroups: [""]
# secrets are only needed for Github/Gitlab interceptors, serviceaccounts only for per trigger authorization
resources: ["configmaps", "secrets", "serviceaccounts"]
verbs: ["get", "list", "watch"]
# Permissions to create resources in associated TriggerTemplates
- apiGroups: ["tekton.dev"]
resources: ["pipelineruns", "pipelineresources", "taskruns"]
verbs: ["create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: tekton-triggers-gitlab-binding
subjects:
- kind: ServiceAccount
name: tekton-triggers-gitlab-sa
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: tekton-triggers-gitlab-minimal
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tekton-triggers-gitlab-minimal
rules:
- apiGroups: ["triggers.tekton.dev"]
resources: ["clusterinterceptors"]
verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tekton-triggers-gitlab-binding
subjects:
- kind: ServiceAccount
name: tekton-triggers-gitlab-sa
namespace: default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-triggers-gitlab-minimal
[root@master 03-trigger-gitlab]# cat 03-task-deploy-to-cluster-rbac.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: helloworld-admin
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: helloworld-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: helloworld-admin
namespace: default
[root@master 03-trigger-gitlab]# cat 04-pvc-manen-cache.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: maven-cache
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 5Gi
storageClassName: nfs-csi
volumeMode: Filesystem
[root@master 03-trigger-gitlab]# cat 05-tasks-source-to-image.yaml
# Maintainer: MageEdu "<mage@magedu.com>"
# Version: v1.0.1
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: git-clone
spec:
description: Clone the code repository to the workspace.
params:
- name: git-repo-url
type: string
description: git repository url to clone
- name: git-revision
type: string
description: git revision to checkout (branch, tag, sha, ref)
workspaces:
- name: source
description: The git repo will be cloned onto the volume backing this workspace
steps:
- name: git-clone
image: alpine/git:v2.36.1
script: |
git clone -v $(params.git-repo-url) $(workspaces.source.path)/source
cd $(workspaces.source.path)/source && git reset --hard $(params.git-revision)
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: build-to-package
spec:
description: build application and package the files to image
workspaces:
- name: source
description: The git repo that cloned onto the volume backing this workspace
steps:
- name: build
image: maven:3.8-openjdk-11-slim
workingDir: $(workspaces.source.path)/source
volumeMounts:
- name: m2
mountPath: /root/.m2
script: mvn clean install
volumes:
- name: m2
persistentVolumeClaim:
claimName: maven-cache
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: generate-build-id
spec:
params:
- name: version
description: The version of the application
type: string
results:
- name: datetime
description: The current date and time
- name: buildId
description: The build ID
steps:
- name: generate-datetime
image: ikubernetes/admin-box:v1.2
script: |
#!/usr/bin/env bash
datetime=`date +%Y%m%d-%H%M%S`
echo -n ${datetime} | tee $(results.datetime.path)
- name: generate-buildid
image: ikubernetes/admin-box:v1.2
script: |
#!/usr/bin/env bash
buildDatetime=`cat $(results.datetime.path)`
buildId=$(params.version)-${buildDatetime}
echo -n ${buildId} | tee $(results.buildId.path)
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: image-build-and-push
spec:
description: package the application files to image
params:
- name: dockerfile
description: The path to the dockerfile to build (relative to the context)
default: Dockerfile
- name: image-url
description: Url of image repository
- name: image-tag
description: Tag to apply to the built image
workspaces:
- name: source
- name: dockerconfig
mountPath: /kaniko/.docker
steps:
- name: image-build-and-push
image: gcr.io/kaniko-project/executor:debug
securityContext:
runAsUser: 0
env:
- name: DOCKER_CONFIG
value: /kaniko/.docker
command:
- /kaniko/executor
args:
- --dockerfile=$(params.dockerfile)
- --context=$(workspaces.source.path)/source
- --destination=$(params.image-url):$(params.image-tag)
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: deploy-using-kubectl
spec:
workspaces:
- name: source
description: The git repo
params:
- name: deploy-config-file
description: The path to the yaml file to deploy within the git source
- name: image-url
description: Image name including repository
- name: image-tag
description: Image tag
steps:
- name: update-yaml
image: alpine:3.16
command: ["sed"]
args:
- "-i"
- "-e"
- "s@__IMAGE__@$(params.image-url):$(params.image-tag)@g"
- "$(workspaces.source.path)/source/deploy/$(params.deploy-config-file)"
- name: run-kubectl
image: lachlanevenson/k8s-kubectl
command: ["kubectl"]
args:
- "apply"
- "-f"
- "$(workspaces.source.path)/source/deploy/$(params.deploy-config-file)"
---
[root@master 03-trigger-gitlab]# cat 06-pipeline-source-to-image.yaml
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: source-to-image
spec:
params:
- name: git-repo-url
type: string
description: git repository url to clone
- name: git-revision
type: string
description: git revision to checkout (branch, tag, sha, ref)
default: main
- name: image-build-context
description: The path to the build context, used by Kaniko - within the workspace
default: .
- name: image-url
description: Url of image repository
- name: version
description: The version of the application
type: string
default: "v0.9"
- name: deploy-config-file
description: The path to the yaml file to deploy within the git source
default: all-in-one.yaml
#results:
# - name: datetime
# description: The current date and time
# - name: buildId
# description: The build ID
workspaces:
- name: codebase
- name: docker-config
tasks:
- name: git-clone
taskRef:
name: git-clone
params:
- name: git-repo-url
value: "$(params.git-repo-url)"
- name: git-revision
value: "$(params.git-revision)"
workspaces:
- name: source
workspace: codebase
- name: build-to-package
taskRef:
name: build-to-package
workspaces:
- name: source
workspace: codebase
runAfter:
- git-clone
- name: generate-build-id
taskRef:
name: generate-build-id
params:
- name: version
value: "$(params.version)"
runAfter:
- git-clone
- name: image-build-and-push
taskRef:
name: image-build-and-push
params:
- name: image-url
value: "$(params.image-url)"
- name: image-tag
value: "$(tasks.generate-build-id.results.buildId)"
workspaces:
- name: source
workspace: codebase
- name: dockerconfig
workspace: docker-config
runAfter:
- generate-build-id
- build-to-package
- name: deploy-to-cluster
taskRef:
name: deploy-using-kubectl
workspaces:
- name: source
workspace: codebase
params:
- name: deploy-config-file
value: $(params.deploy-config-file)
- name: image-url
value: $(params.image-url)
- name: image-tag
value: "$(tasks.generate-build-id.results.buildId)"
runAfter:
- image-build-and-push
[root@master 03-trigger-gitlab]# cat 07-gitlab-push-binding.yaml
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerBinding
metadata:
name: s2i-binding
spec:
params:
- name: git-revision
value: $(body.checkout_sha)
- name: git-repo-url
value: $(body.repository.git_http_url)
- name: image-url
value: ikubernetes/spring-boot-helloworld
- name: version
value: v0.9
[root@master 03-trigger-gitlab]# cat 08-gitlab-triggertemplate-s2i.yaml
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:
name: s2i-tt
spec:
params: # 定义参数
- name: git-revision
- name: git-repo-url
- name: image-url
- name: version
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: s2i-trigger-run- # TaskRun 名称前缀
spec:
serviceAccountName: default
## PipelineRun.Spec.ServiceAccountNames field is deprecated; use PipelineRun.Spec.TaskRunSpecs instead.
#serviceAccountNames:
# - taskName: deploy-to-cluster
# serviceAccountName: helloworld-admin
pipelineRef:
name: source-to-image
taskRunSpecs:
- pipelineTaskName: deploy-to-cluster
taskServiceAccountName: helloworld-admin
# taskPodTemplate:
# nodeSelector:
# disktype: ssd
params:
- name: git-repo-url
value: $(tt.params.git-repo-url)
- name: git-revision
value: $(tt.params.git-revision)
- name: image-url
value: $(tt.params.image-url)
- name: version
value: $(tt.params.version)
workspaces:
- name: codebase
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: nfs-csi
- name: docker-config
secret:
secretName: docker-config
[root@master 03-trigger-gitlab]# cat 09-gitlab-eventlistener-s2i.yaml
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
name: s2i-listener
spec:
serviceAccountName: tekton-triggers-gitlab-sa
triggers:
- name: gitlab-push-events-trigger
interceptors:
- ref:
name: "gitlab"
params:
- name: "secretRef"
value:
secretName: gitlab-webhook-token
secretKey: webhookToken
- name: "eventTypes"
value:
- "Push Hook"
- "Tag Push Hook"
- "Merge Request Hook"
bindings:
- ref: s2i-binding
template:
ref: s2i-tt
[root@master 03-trigger-gitlab]#新建一个webhook
推送个事件
查看触发的pipelinerun
[root@master 03-trigger-gitlab]# tkn pipelinerun list
NAME STARTED DURATION STATUS
s2i-trigger-run-p9lbp 1 minute ago --- Running
s2i-image-push-run-00001-r-9bsfk 1 day ago 18m51s Failed
source-2-package-run-004 2 days ago 2m49s Succeeded
[root@master 03-trigger-gitlab]# tkn pipelinerun logs -f s2i-trigger-run-p9lbp
[git-clone : git-clone] Cloning into '/workspace/source/source'...
[git-clone : git-clone] POST git-upload-pack (175 bytes)
[git-clone : git-clone] POST git-upload-pack (367 bytes)
[git-clone : git-clone] HEAD is now at 03ff8ee update to v0.9.6
[generate-build-id : generate-datetime] 20221105-123055
[generate-build-id : generate-buildid] v0.9-20221105-123055登陆到TektonDashboard可以看到已经在执行构建镜像的操作
等部署好之后 我尝试更新下gitlab仓库看看能不能自动触发
[root@master 03-trigger-gitlab]# kubectl run client-$RANDOM --image ikubernetes/admin-box:v1.2 --restart=Never -it --rm --command --/bin/bash
root@client-1012 /# while true; do curl spring-boot-helloworld.hello/version; sleep .5; done
Spring Boot Helloworld, version 0.9.4
Spring Boot Helloworld, version 0.9.4
Spring Boot Helloworld, version 0.9.4
Spring Boot Helloworld, version 0.9.4把仓库克隆下来
[root@master ~]# git clone https:/gitlab.yang.com/root/spring-boot-helloWorld.git
Cloning into 'spring-boot-helloWorld'...
remote: Enumerating objects: 164, done.
remote: Total 164 (delta 0), reused 0 (delta 0), pack-reused 164
Receiving objects: 100% (164/164), 24.16 KiB | 0 bytes/s, done.
Resolving deltas: 100% (47/47), done.
[root@master ~]# 修改下版本号
[root@master spring-boot-helloWorld]# vim src/main/java/com/neo/controller/HelloWorldController.java
package com.neo.controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class HelloWorldController {
@RequestMapping("/")
public String index() {
return "Hello Spring Boot 2.0!\n";
}
@RequestMapping("/hello")
public String hello() {
return "Hello World from MageEdu.com";
}
@RequestMapping("/version")
public String version() {
return "Spring Boot Helloworld, version 0.9.5\n";
}
}
[root@master spring-boot-helloWorld]# vim pom.xml 
将replicas修改为4
[root@master spring-boot-helloWorld]# vim deploy/all-in-one.yaml 推送
[root@master spring-boot-helloWorld]# git status
# On branch main
# Changes to be committed:
# (use "git reset HEAD <file>..." to unstage)
#
# modified: deploy/all-in-one.yaml
# modified: pom.xml
# modified: src/main/java/com/neo/controller/HelloWorldController.java
#
[root@master spring-boot-helloWorld]# git config --global user.name root
[root@master spring-boot-helloWorld]# git config --global user.email yang@yang.com
[root@master spring-boot-helloWorld]# git add .
[root@master spring-boot-helloWorld]# git commit -m "update to v0.9.5"
[main 6f5e950] update to v0.9.5
3 files changed, 3 insertions(+), 3 deletions(-)
[root@master spring-boot-helloWorld]# git push origin再去查看tekton dashboard会自动创建一个pipelinerun
