Tektonを使用してCI/CD-2を構築
43427 ワード
Tektonを使用してCI/CDを構築
Taskの作成
Git-clone
ダウンロード
Jib-Build
Task
kind: Task
metadata:
name: jib-gradle
labels:
app.kubernetes.io/version: "0.3"
annotations:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/categories: Image Build
tekton.dev/tags: image-build
tekton.dev/displayName: "jib gradle"
tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le"
spec:
description: >-
This Task builds Java/Kotlin/Groovy/Scala source into a container image using Google’s Jib tool.
Jib works with Gradle and Maven projects, and this template is for Gradle projects.
params:
- name: BUILDER_IMAGE
description: The location of the gradle builder image
default: openjdk:11-jdk
- name: IMAGE
description: Reference of the image gradle will produce
- name: DIRECTORY
description: The directory containing the app, relative to the source repository root
default: .
- name: EXTRA_ARGS
description: Extra arguments to add to the gradle jib build
default: ""
workspaces:
- name: source
results:
- name: IMAGE_DIGEST
description: Digest of the image just built.
steps:
- name: build-and-push
image: $(params.BUILDER_IMAGE)
workingDir: $(workspaces.source.path)/$(params.DIRECTORY)
script: |
chmod +x gradlew
./gradlew jib \
-Djib.to.image="$(params.IMAGE)" \
$(params.EXTRA_ARGS)
env:
- name: HOME
value: /workspace
- name: "DOCKER_CONFIG"
value: $(credentials.path)/.docker/
volumeMounts:
securityContext:
runAsUser: 0
- name: digest-to-results
image: $(params.BUILDER_IMAGE)
script: cat $(workspaces.source.path)/$(params.DIRECTORY)/image-digest | tee /tekton/results/IMAGE_DIGEST
volumes:
- name: empty-dir-volume
emptyDir: {}
Kubectl-Deploy
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
tekton.dev/categories: Kubernetes
tekton.dev/displayName: kubernetes actions
tekton.dev/pipelines.minVersion: 0.17.0
tekton.dev/platforms: linux/amd64
tekton.dev/tags: 'CLI, kubectl'
creationTimestamp: '2022-01-25T01:00:34Z'
generation: 1
labels:
app.kubernetes.io/version: '0.2'
managedFields:
- apiVersion: tekton.dev/v1beta1
fieldsType: FieldsV1
fieldsV1:
'f:metadata':
'f:annotations':
.: {}
'f:kubectl.kubernetes.io/last-applied-configuration': {}
'f:tekton.dev/categories': {}
'f:tekton.dev/displayName': {}
'f:tekton.dev/pipelines.minVersion': {}
'f:tekton.dev/platforms': {}
'f:tekton.dev/tags': {}
'f:labels':
.: {}
'f:app.kubernetes.io/version': {}
'f:spec':
.: {}
'f:description': {}
'f:params': {}
'f:results': {}
'f:steps': {}
'f:workspaces': {}
manager: kubectl-client-side-apply
operation: Update
time: '2022-01-25T01:00:34Z'
name: kubectl-deploy
resourceVersion: '3052774'
uid: 44000dca-ba62-4494-bb29-2dc4aa3af86b
spec:
description: This task is the generic kubectl CLI task which can be used to run all kinds of k8s commands
params:
- default: 'gcr.io/cloud-builders/kubectl@sha256:8ab94be8b2b4f3d117f02d868b39540fddd225447abf4014f7ba4765cb39f753'
name: IMAGE
type: string
- name: TAG
type: string
- name: YAMLFILE
type: string
- name: NAMESPACE
type: string
results:
- description: some result can be emitted if someone wants to.
name: output-result
steps:
- args:
- '-i'
- s;latest;$(params.TAG);g
- $(workspaces.manifest-dir.path)/$(params.YAMLFILE)
command:
- sed
image: alpine
name: update-yaml
resources: {}
- image: $(params.IMAGE)
name: kubectl
resources: {}
script: |
#!/usr/bin/env bash
[ "$(workspaces.manifest-dir.bound)" == "true" ] && \
cd $(workspaces.manifest-dir.path)
[ "$(workspaces.kubeconfig-dir.bound)" == "true" ] && \
[ -f $(workspaces.kubeconfig-dir.path)/kubeconfig ] && \
export KUBECONFIG=$(workspaces.kubeconfig-dir.path)/kubeconfig
kubectl apply -f $(workspaces.manifest-dir.path)/$(params.YAMLFILE) --namespace $(params.NAMESPACE)
workspaces:
- name: manifest-dir
optional: true
- name: kubeconfig-dir
optional: true
Pipeline,PipelineRunを作成する
Pipeline
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: tekton-pipeline
spec:
workspaces:
- name: pipeline-shared-data
- name: kubeconfig-dir
tasks:
- name: clone-repository
taskRef:
kind: Task
name: git-clone
params:
- name: url
value: "https://github.com/sgwon96/devopsTest"
- name: revision
value: "main"
- name: deleteExisting
value: "true"
workspaces:
- name: output
workspace: pipeline-shared-data
- name: build-image
taskRef:
kind: Task
name: jib-gradle
runAfter:
- clone-repository
params:
- name: IMAGE
value: "zxcvb5434/devopstest:$(tasks.clone-repository.results.commit)"
workspaces:
- name: source
workspace: pipeline-shared-data
- name: kubectl-deploy
taskRef:
kind: Task
name: kubectl-deploy
runAfter:
- build-image
params:
- name: TAG
value: "$(tasks.clone-repository.results.commit)"
- name: YAMLFILE
value: "./k8s/deployment.yaml"
- name: NAMESPACE
value: "default"
workspaces:
- name: kubeconfig-dir
workspace: kubeconfig-dir
- name: manifest-dir
workspace: pipeline-shared-data
PipelineRun
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
name: tekton-pipelinerun
spec:
pipelineRef:
name: tekton-pipeline
serviceAccountName: tekton-sa
workspaces:
- name: pipeline-shared-data
persistentvolumeclaim:
claimName: task-pv-claim
- name: kubeconfig-dir
configMap:
name: kubeconfig
Dockerにアクセスするためのサーキット情報を含むサービスアカウントをPipelineRunに割り当てます.
pipelineで定義されたワークスペースに永続ボリューム宣言、configmapを割り当てる
検査結果
TriggerによるPipelineRunの自動作成
コンポーネント
設定
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.14.2/release.yaml
kubectl get pods -n tekton-pipelines
NAME READY STATUS RESTARTS AGE
tekton-dashboard-68b95c8fd5-mdl7q 1/1 Running 0 7h2m
tekton-pipelines-controller-8695d55cc6-mrg4f 1/1 Running 0 7h3m
tekton-pipelines-webhook-77bd94976b-4ghqj 1/1 Running 0 7h3m
tekton-triggers-controller-5878b4dcdb-q4xjv 1/1 Running 0 2m53s
tekton-triggers-webhook-5d5c4d948d-w4dzv 1/1 Running 0 2m53s
Trigger Binding
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
name: triggerbinding
spec:
params:
- name: tag
value: $(body.ref)
Trigger Template
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: triggertemplate
spec:
params:
- name: tag
description: git tag
default: latest
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: tekton-pipeline-run-
spec:
serviceAccountName: tekton-sa
pipelineRef:
name: tekton-pipeline
params:
- name: tag
value: $(tt.params.tag)
workspaces:
- name: pipeline-shared-data
persistentvolumeclaim:
claimName: task-pv-claim
- name: kubeconfig-dir
configMap:
name: k8s-kubeconfig
Pipelineの変更
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: tekton-pipeline
spec:
workspaces:
- name: pipeline-shared-data
- name: kubeconfig-dir
params:
- name: tag
type: string
description: Docker image tag
tasks:
- name: clone-repository
taskRef:
kind: Task
name: git-clone
params:
- name: url
value: "https://github.com/sgwon96/devopsTest"
- name: revision
value: "main"
- name: deleteExisting
value: "true"
workspaces:
- name: output
workspace: pipeline-shared-data
- name: build-image
taskRef:
kind: Task
name: jib-gradle
runAfter:
- clone-repository
params:
- name: IMAGE
value: "zxcvb5434/devopstest:$(params.tag)"
workspaces:
- name: source
workspace: pipeline-shared-data
- name: kubectl-deploy
taskRef:
kind: Task
name: kubectl-deploy
runAfter:
- build-image
params:
- name: TAG
value: "$(params.tag)"
- name: YAMLFILE
value: "./k8s/deployment.yaml"
- name: NAMESPACE
value: "default"
workspaces:
- name: kubeconfig-dir
workspace: kubeconfig-dir
- name: manifest-dir
workspace: pipeline-shared-data
Event Listener
apiVersion: triggers.tekton.dev/v1alpha1
kind: EventListener
metadata:
name: trigger-eventlistner
spec:
serviceAccountName: tekton-triggers-sa
triggers:
- bindings:
- ref: triggerbinding
template:
ref: triggertemplate
apiVersion: v1
kind: ServiceAccount
metadata:
name: tekton-triggers-sa
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: tekton-triggers-role
rules:
# EventListeners need to be able to fetch all namespaced resources
- apiGroups: ["triggers.tekton.dev"]
resources: ["eventlisteners", "triggerbindings", "triggertemplates", "triggers"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
# secrets are only needed for GitHub/GitLab interceptors
# configmaps is needed for updating logging config
resources: ["configmaps", "secrets"]
verbs: ["get", "list", "watch"]
# Permissions to create resources in associated TriggerTemplates
- apiGroups: ["tekton.dev"]
resources: ["pipelineruns", "pipelineresources", "taskruns"]
verbs: ["create"]
- apiGroups: [""]
resources: ["serviceaccounts"]
verbs: ["impersonate"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: tekton-triggers-rolebinding
subjects:
- kind: ServiceAccount
name: tekton-triggers-sa
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: tekton-triggers-role
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tekton-triggers-clusterrole
rules:
# EventListeners need to be able to fetch any clustertriggerbindings
- apiGroups: ["triggers.tekton.dev"]
resources: ["clustertriggerbindings","clusterinterceptors"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tekton-triggers-clusterbinding
subjects:
- kind: ServiceAccount
name: tekton-triggers-sa
namespace: default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-triggers-clusterrole
k get pods
NAME READY STATUS RESTARTS AGE
devops-spring-deployment-7b4c96f45c-fhzzt 1/1 Running 0 20m
el-trigger-eventlistner-7fdcbfcb9-l9mqc 1/1 Running 0 52s
GitHub Webhookの登録
イメージ交換成功
整理する
Tektonを使用して、
Reference
Reference
この問題について(Tektonを使用してCI/CD-2を構築), 我々は、より多くの情報をここで見つけました https://velog.io/@sgwon1996/Tekton으로-CICD-구축하기-2テキストは自由に共有またはコピーできます。ただし、このドキュメントのURLは参考URLとして残しておいてください。
Collection and Share based on the CC Protocol