Tekton CI案例1

发表于 | 分类于
字数统计: 953 字 | 阅读时长 ≈ 5 分钟

任务流程

1
以Go项目为例来创建一个CI流水线,在流水线中运行应用程序的单元测试、构建镜像并推送到Docker仓库。

准备代码库资源

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
https://gitee.com/liyk1024/tekton-examples.git

# Dockerfile
FROM golang:1.15-alpine  AS builder
WORKDIR /opt/
COPY . .
RUN go env -w GO111MODULE=on && CGO_ENABLED=0 GOOS=linux go build  -o app .

FROM alpine:latest
COPY --from=builder /opt/app .
CMD ["./app"]


# main.go
package main

import (
	"github.com/kataras/iris/v12"
	"github.com/kataras/iris/v12/middleware/basicauth"
)

func newApp() *iris.Application {
	app := iris.New()
	opts := basicauth.Options{
		Allow: basicauth.AllowUsers(map[string]string{"admin": "admin"}),
	}
	authentication := basicauth.New(opts) // or just: basicauth.Default(map...)
	app.Get("/", func(ctx iris.Context) { ctx.Redirect("/admin") })
	// to party
	needAuth := app.Party("/admin", authentication)
	{
		//http://localhost:8080/admin
		needAuth.Get("/", h)
		// http://localhost:8080/admin/profile
		needAuth.Get("/profile", h)
		// http://localhost:8080/admin/settings
		needAuth.Get("/settings", h)
	}
	return app
}

func h(ctx iris.Context) {
	username, password, _ := ctx.Request().BasicAuth()
	ctx.Writef("%s %s:%s", ctx.Path(), username, password)
}

func main() {
	app := newApp()
	app.Listen(":8080")
}

PipelineResource对象

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# 定义输入gitee信息
[root@master ci-demo]# cat gitee-resource.yaml 
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
  name: gitee-tekton-examples
  namespace: default
spec:
  type: git
  params:
    - name: url
      value: https://gitee.com/liyk1024/tekton-examples.git 
    - name: revision
      value: main

# 定义输出镜像名称信息,这里注册的dockerhub
[root@master ci-demo]# cat dockerhubresource.yaml 
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
  name: docker-registry-tekton-examples
  namespace: default
spec:
  type: image
  params:
    - name: url
      value: docker.io/liyk1024/key1024

Secret

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
[root@master ci-demo]# cat giteesecret.yaml 
apiVersion: v1
kind: Secret
metadata:
  name: github-auth
  annotations:
    tekton.dev/git-0: https://gitee.com
type: kubernetes.io/basic-auth
stringData:
  username: "15xxx"
  password: "Xxx"
  

[root@master ci-demo]# cat dockerhubsecret.yaml 
apiVersion: v1
kind: Secret
metadata:
  name: docker-registry-auth
  namespace: default
  annotations:
    tekton.dev/docker-0: https://index.docker.io/v1/
type: kubernetes.io/basic-auth
stringData:
  username: "liykxx"
  password: "xxx"

ServiceAccount

1
2
3
4
5
6
7
8
9
# 关联secret认证
[root@master ci-demo]# cat serviceaccount.yaml 
apiVersion: v1
kind: ServiceAccount
metadata:
  name: pipeline-sa
secrets:
  - name: docker-registry-auth
  - name: gitee-auth

Task任务

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
[root@master ci-demo]# cat task.yaml
# 创建go单元任务
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: go-test
  annotations:
    tekton.dev/tags: go-run-test
spec:
  resources:
    inputs:
      - name: source-repo
        type: git
  steps:
    - name: go-run-test
      image: golang:1.15-alpine
      workingDir: /workspace/source-repo
      env:
      - name: CGO_ENABLED
        value: "0"
      command: ["go"]
      args: ["test"]
---
# 创建image tag任务,获取git提交的head作为镜像的tag,通过results把结果传递给其他task。
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: image-tag
  annotations:
    tekton.dev/tags: git-commit-head
spec:
  resources:
    inputs:
      - name: source-repo
        type: git
  results:
    - name: git-commit-head
      description: The precise commit SHA that was fetched by this Task
  steps:
    - name: git-commit-head
      image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.24.3
      script: |
        #!/usr/bin/env sh
        cd /workspace/source-repo/
        RESULT_SHA="$(git rev-parse --short HEAD | tr -d '\n')"
        echo -n "$RESULT_SHA" > $(results.git-commit-head.path)

---
# 编译、构建镜像和上传镜像
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: build-and-push
  annotations:
    tekton.dev/tags: build-and-push
spec:
  params:
    - name: pathToDockerFile
      type: string
      description: The path to the dockerfile to build
      default: /workspace/source-repo/Dockerfile
    - name: imageTag
      description: Tag to apply to the built image
      type: string
    - name: pathToContext
      type: string
      description: |
        The build context used by Kaniko
        (https://github.com/GoogleContainerTools/kaniko#kaniko-build-contexts)
      default: $(resources.inputs.source-repo.path)
  resources:
    inputs:
      - name: source-repo
        type: git
    outputs:
      - name: builtImage
        type: image
  steps:
    - name: build-and-push
      image: gcr.io/kaniko-project/executor:latest
      env:
        - name: DOCKER_CONFIG
          value: /tekton/home/.docker
      args:
        - --context=$(params.pathToContext)
        - --dockerfile=$(params.pathToDockerFile)
        - --destination=$(resources.outputs.builtImage.url):$(params.imageTag)

Pipeline

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# 创建流水线,把上面任务连起来
[root@master ci-demo]# cat pipeline.yaml
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: go-pipeline
spec:
  resources:
    - name: source-repo
      type: git
    - name: builtImage
      type: image
  tasks:
    # 运行应用测试
    - name: go-test
      taskRef:
        name: go-test
      resources:
        inputs:
          - name: source-repo      # Task 输入名称
            resource: source-repo  # Pipeline 资源名称
    - name: image-tag
      taskRef:
        name: image-tag
      resources:
        inputs:
          - name: source-repo      # Task 输入名称
            resource: source-repo  # Pipeline 资源名称
      runAfter:
        - go-test                  # go-test 任务执行之后
    - name: build-and-push
      params:
        - name: imageTag
          value: $(tasks.image-tag.results.git-commit-head) # 注入参数
      taskRef:
        name: build-and-push
      resources:
        inputs:
          - name: source-repo      # Task 输入名称
            resource: source-repo  # Pipeline 资源名称
        outputs:
          - name: builtImage
            resource: builtImage
      runAfter:
        - image-tag                # image-tag 任务执行之后

PipelineRun

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
  name: run-pipeline-go
spec:
  serviceAccountName: pipeline-sa
  pipelineRef:
    name: go-pipeline
  resources:
    - name: source-repo
      resourceRef:
        name: gitee-tekton-examples
    - name: builtImage
      resourceRef:
        name: docker-registry-tekton-examples

运行结果验证

  • PipelineRuns

  • DockerHub

-------------本文结束感谢您的阅读-------------
原创技术分享,感谢您的支持。