Tekton Pipelines
Intro
Tekton Pipelines 是一个为Kubernetes应用程序配置和运行CI / CD风格
的Pipelined的开源实现
Pipeline 创建 Custom Resources 作为构建模块来声明pipelines
Tekton Pipelines 是云原生的
- 运行于
Kubernetes - 将
Kubernetes集群作为一级资源类型 - 使用容器作为构建块
Tekton Pipelines 是解耦的
- Pipeline 可以被部署于任意 k8s 集群
- 组成
pipeline的task可以分开独立运行 - 向 Git repos 之类的资源可以轻松的在运行之间交换
Tekton Pipelines are Typed
- 类型化的资源意味着对于诸如 Image 之类的资源,可以轻松地将资源输出
此设计的高级细节:
- Pipeline 运行管道,可以实现一个流程,可以由事件出发,也可以通过
PipelineRun来 运行 - Task 基本运行单元,可以通过
TaskRun来运行 - PipelineResource
Task的输入和输出资源
各类资源介绍
PipelineResources
PipelineResource 是 Pipline 中 Task 的输入和输出对象
Syntax:
To define a configuration file for a PipelineResource, you can specify the following fields:
- Required:
- apiVersion - Specifies the API version, for example tekton.dev/v1alpha1.
- kind - Specify the PipelineResource resource object.
- metadata - Specifies data to uniquely identify the PipelineResource object, for example a name.
- spec - Specifies the configuration information for your PipelineResource resource object.
- type - Specifies the type of the PipelineResource
- Optional:
- params - Parameters which are specific to each type of PipelineResource
Types:
- Git
- PullRequest
- Image
- Cluster
- Storage
- CloutEvent
Tasks
Task(or ClusterTask) 是 CI 中一个组顺序执行的 step 的集合,是基本任务单位。Task 会在 pod 中运行。
Task 需要声明三部分:
- inputs
- outputs
- steps
Task 在 namespace 中可用,ClusterTask 在整个集群可用
Syntax:
To define a configuration file for a Task resource, you can specify the following fields:
- Required:
- apiVersion - Specifies the API version, for example tekton.dev/v1alpha1.
- kind - Specify the Task resource object.
- metadata - Specifies data to uniquely identify the Task resource object, for example a name.
- spec - Specifies the configuration information for your Task resource object. Task steps must be defined through either of the following fields: -steps - Specifies one or more container images that you want to run in your Task.
- Optional:
- inputs - Specifies parameters and PipelineResources needed by your Task
- outputs - Specifies PipelineResources created by your Task
- volumes - Specifies one or more volumes that you want to make available to your Task's steps.
- stepTemplate - Specifies a Container step definition to use as the basis for all steps within your Task.
- sidecars - Specifies sidecar containers to run alongside steps.
Piplines
Pipline 定义并执行一组 Task
Syntax:
To define a configuration file for a Pipeline resource, you can specify the following fields:
- Required:
- apiVersion - Specifies the API version, for example tekton.dev/v1alpha1.
- kind - Specify the Pipeline resource object.
- metadata - Specifies data to uniquely identify the Pipeline resource object, for example a name.
- spec - Specifies the configuration information for your Pipeline resource
object. In order for a Pipeline to do anything, the spec must include:
- tasks - Specifies which Tasks to run and how to run them
- Optional:
- resources - Specifies which PipelineResources of which types the Pipeline will be using in its Tasks
- tasks
- resources.inputs / resource.outputs
- from - Used when the content of the PipelineResource should come from the output of a previous Pipeline Task
- runAfter - Used when the Pipeline Task should be executed after another Pipeline Task, but there is no output linking required
- retries - Used when the task is wanted to be executed if it fails. Could be a network error or a missing dependency. It does not apply to cancellations.
- conditions - Used when a task is to be executed only if the specified conditions are evaluated to be true.
- resources.inputs / resource.outputs
Task 执行顺序,所有 Task 默认都会并行执行,除非指定了
- from
- runAfter 两项会指定 task 执行的依赖关系
For example see this Pipeline spec:
- name: lint-repo
taskRef:
name: pylint
resources:
inputs:
- name: workspace
resource: my-repo
- name: test-app
taskRef:
name: make-test
resources:
inputs:
- name: workspace
resource: my-repo
- name: build-app
taskRef:
name: kaniko-build-app
runAfter:
- test-app
resources:
inputs:
- name: workspace
resource: my-repo
outputs:
- name: image
resource: my-app-image
- name: build-frontend
taskRef:
name: kaniko-build-frontend
runAfter:
- test-app
resources:
inputs:
- name: workspace
resource: my-repo
outputs:
- name: image
resource: my-frontend-image
- name: deploy-all
taskRef:
name: deploy-kubectl
resources:
inputs:
- name: my-app-image
resource: my-app-image
from:
- build-app
- name: my-frontend-image
resource: my-frontend-image
from:
- build-frontend
This will result in the following execution graph:
| |
v v
test-app lint-repo
/ \
v v
build-app build-frontend
\ /
v v
deploy-all
安装
运行 kubectl 安装指定的 yaml 文件
kubectl apply -f https://raw.githubusercontent.com/gsmlg/pipeline/master/updated.yaml
检查所有 pod 都处于running状态时,安装完成
kubectl -n tekton-pipelines get pods
安装 dashboard,更方便的查看 pipeline
kubectl apply -f https://raw.githubusercontent.com/gsmlg/pipeline/master/updated_dashboard.yaml
演示运行一个singlecloud的构建过程
创建账户
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: pipeline-run-role
rules:
- apiGroups:
- extensions
resources:
- deployments
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: pipeline-run-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: pipeline-run-role
subjects:
- kind: ServiceAccount
name: pipeline-run-service
namespace: default
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: pipeline-run-service
namespace: default
secrets:
- name: regcred
---
apiVersion: v1
data:
.dockerconfigjson: <encoded docker registry auth data>
kind: Secret
metadata:
name: regcred
namespace: default
type: kubernetes.io/dockerconfigjson
定义资源
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: zcloud-image
spec:
type: image
params:
- name: url
value: docker.io/gsmlg/zcloud
创建 task
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: build-image-from-git
spec:
inputs:
resources:
- name: docker-source
type: git
params:
- name: pathToDockerFile
type: string
description: The path to the dockerfile to build
default: /workspace/docker-source/Dockerfile
- name: pathToContext
type: string
description:
The build context used by Kaniko
(https://github.com/GoogleContainerTools/kaniko#kaniko-build-contexts)
default: /workspace/docker-source
outputs:
resources:
- name: builtImage
type: image
steps:
- name: build-and-push
image: registry.zdns.cn/gsmlg/kaniko-project-executor:v0.13.0
# specifying DOCKER_CONFIG is required to allow kaniko to detect docker credential
env:
- name: 'DOCKER_CONFIG'
value: '/builder/home/.docker/'
command:
- /kaniko/executor
args:
- --dockerfile=$(inputs.params.pathToDockerFile)
- --destination=$(outputs.resources.builtImage.url)
- --context=$(inputs.params.pathToContext)
- --oci-layout-path=/builder/home/image-outputs/builtImage
- --skip-tls-verify
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: build-zcloud
spec:
inputs:
resources:
- name: docker-source
type: git
- name: image
type: image
- name: uiImage
type: image
params:
- name: pathToDockerFile
type: string
description: The path to the dockerfile to build
default: /workspace/docker-source/Dockerfile
- name: pathToContext
type: string
description:
The build context used by Kaniko
(https://github.com/GoogleContainerTools/kaniko#kaniko-build-contexts)
default: /workspace/docker-source
outputs:
resources:
- name: builtImage
type: image
steps:
- name: setup-dockerfile
image: docker.io/ubuntu:18.04
command:
- /workspace/docker-source/setup.sh
args:
- $(inputs.resources.image.url)
- $(inputs.resources.uiImage.url)
- /workspace/docker-source/Dockerfile
- name: build-and-push
image: registry.zdns.cn/gsmlg/kaniko-project-executor:v0.13.0
# specifying DOCKER_CONFIG is required to allow kaniko to detect docker credential
env:
- name: 'DOCKER_CONFIG'
value: '/builder/home/.docker/'
command:
- /kaniko/executor
args:
- --dockerfile=$(inputs.params.pathToDockerFile)
- --destination=$(outputs.resources.builtImage.url)
- --context=$(inputs.params.pathToContext)
- --oci-layout-path=/builder/home/image-outputs/builtImage
- --skip-tls-verify
---
apiVersion: tekton.dev/v1alpha1
kind: Pipeline
metadata:
name: zcloud-build-pipeline
spec:
resources:
- name: singlecloud-repo
type: git
- name: singlecloud-ui-repo
type: git
- name: zcloud-repo
type: git
- name: singlecloud-image
type: image
- name: singlecloud-ui-image
type: image
- name: zcloud-image
type: image
tasks:
- name: build-singlecloud-ui
retries: 1
taskRef:
name: build-image-from-git
resources:
inputs:
- name: docker-source
resource: singlecloud-ui-repo
outputs:
- name: builtImage
resource: singlecloud-ui-image
- name: build-singlecloud
taskRef:
name: build-image-from-git
resources:
inputs:
- name: docker-source
resource: singlecloud-repo
outputs:
- name: builtImage
resource: singlecloud-image
- name: build-zcloud
taskRef:
name: build-zcloud
resources:
inputs:
- name: docker-source
resource: zcloud-repo
- name: uiImage
resource: singlecloud-ui-image
from:
- build-singlecloud-ui
- name: image
resource: singlecloud-image
from:
- build-singlecloud
outputs:
- name: builtImage
resource: zcloud-image
运行 pipelinue:
apiVersion: tekton.dev/v1alpha1
kind: PipelineRun
metadata:
generateName: zcloud-build-run-
spec:
pipelineRef:
name: zcloud-build-pipeline
serviceAccount: pipeline-run-service
resources:
- name: singlecloud-repo
resourceSpec:
type: git
params:
- name: revision
value: master
- name: url
value: https://github.com/zdnscloud/singlecloud
- name: singlecloud-ui-repo
resourceSpec:
type: git
params:
- name: revision
value: master
- name: url
value: https://github.com/zdnscloud/singlecloud-ui
- name: zcloud-repo
resourceSpec:
type: git
params:
- name: revision
value: master
- name: url
value: https://github.com/gsmlg/zcloud-image
- name: singlecloud-image
resourceSpec:
type: image
params:
- name: url
value: registry.zdns.cn/zcloud/singlecloud:master
- name: singlecloud-ui-image
resourceSpec:
type: image
params:
- name: url
value: registry.zdns.cn/zcloud/singlecloud-ui:master
- name: zcloud-image
resourceRef:
name: zcloud-image