案例环境说明

• 示例项目：

  代码仓库：https://gitee.com/mageedu/spring-boot-helloWorld.git

  构建工具maven

• pipeline各Task

  • git-clone：克隆项目的源代码

  • build-to-package: 代码测试，构建和打包

  • generate-build-id：生成build id

  • image-build-and-push：镜像构建和推送

  • deploy-to-cluster：将新版本的镜像部署到kubernetes集群

• Workspace

  • 基于PVC，跨task数据共享

2.2.5.2 pipeline完成Image构建，推送和部署

1. 01-git-clone的Task

   apiVersion: tekton.dev/v1beta1
   kind: Task
   metadata:
     name: git-clone
   spec:
     description: Clone code to the workspace
     params:
     - name: url
       type: string
       description: git url to clone
       default: ""
     - name: branch
       type: string
       description: git branch to checkout
       default: "main"
     workspaces:
     - name: source
       description: The code repo will clone in the workspace
     steps:
     - name: git-clone
       image: alpine/git:v2.36.1
       script: git clone -b $(params.branch) -v $(params.url) $(workspaces.source.path)/source
   
   

2. 02–build-to-package.yaml

   apiVersion: tekton.dev/v1beta1
   kind: Task
   metadata:
     name: build-to-package
   spec:
     workspaces:
     - name: source
       description: The code repo in the workspaces
     steps:
     - name: build
       image: maven:3.8-openjdk-11-slim
       workingDir: $(workspaces.source.path)/source
       volumeMounts:
       - name: m2
         mountPath: /root/.m2
       script: mvn clean install
     # 定义volume提供maven cache，但是前提得创建出来maven-cache的pvc
     volumes:
     - name: m2
       persistentVolumeClaim:
         claimName: maven-cache
   

3. 03-generate-build-id.yaml

   apiVersion: tekton.dev/v1beta1
   kind: Task
   metadata:
     name: generate-build-id
   spec:
     params:
       - name: version
         description: The version of the application
         type: string
     results:
       - name: datetime
         description: The current date and time
       - name: buildId
         description: The build ID
     steps:
       - name: generate-datetime
         image: ikubernetes/admin-box:v1.2
         script: |
           #!/usr/bin/env bash
           datetime=`date +%Y%m%d-%H%M%S`
           echo -n ${datetime} | tee $(results.datetime.path)
       - name: generate-buildid
         image: ikubernetes/admin-box:v1.2
         script: |
           #!/usr/bin/env bash
           buildDatetime=`cat $(results.datetime.path)`
           buildId=$(params.version)-${buildDatetime}
           echo -n ${buildId} | tee $(results.buildId.path)
   
   

4. 04-build-image-push.yaml

   要想能推送镜像到镜像仓库，必须创建一个secret对象，挂在到kaniko的/kaniko/.docker目录下，具体创建secret的方法有两种：

   1、先在一台机器上login镜像仓库，这里以dockerhub为例，将会把认证文件保存在~/.docker/config.json:
   

5. 基于config,json创建sectet，这里的secret的类型选择generic

   kubectl create secret generic docker-config --from-file=/root/.docker/config.json
   

   2、先基于user/password创建一个base64：

   echo -n USER:PASSWORD | base64
   

   创建一个config.json，然后将创建出来的base64替换到下面xxxxxxxxxxxxxxx

   {
   	"auths": {
   		"https://index.docker.io/v1/": {
   			"auth": "xxxxxxxxxxxxxxx"
   		}
   	}
   }
   

   最后创建一个secret

   kubectl create secret generic docker-config --from-file=<path to .docker/config.json>
   

6. 05-deploy-task.yaml

   apiVersion: tekton.dev/v1beta1
   kind: Task
   metadata:
     name: deploy-using-kubectl
   spec:
     workspaces:
       - name: source
         description: The git repo
     params:
       - name: deploy-config-file
         description: The path to the yaml file to deploy within the git source
       - name: image-url
         description: Image name including repository
       - name: image-tag
         description: Image tag
     steps:
       - name: update-yaml
         image: alpine:3.16
         command: ["sed"]
         args:
           - "-i"
           - "-e"
           - "s@__IMAGE__@$(params.image-url):$(params.image-tag)@g"
           - "$(workspaces.source.path)/source/deploy/$(params.deploy-config-file)"
       - name: run-kubectl
         image: lachlanevenson/k8s-kubectl
         command: ["kubectl"]
         args:
           - "apply"
           - "-f"
           - "$(workspaces.source.path)/source/deploy/$(params.deploy-config-file)"
   

7. 06-pipelinerun-s2i.yaml

   apiVersion: tekton.dev/v1beta1
   kind: Pipeline
   metadata:
     name: source-to-image
   spec:
     params:
       - name: git-url
       - name: pathToContext
         description: The path to the build context, used by Kaniko - within the workspace
         default: .
       - name: image-url
         description: Url of image repository
       - name: deploy-config-file
         description: The path to the yaml file to deploy within the git source
         default: all-in-one.yaml
       - name: version
         description: The version of the application
         type: string
         default: "v0.10" 
     workspaces:
       - name: codebase
       - name: docker-config
     tasks:
       - name: git-clone
         taskRef:
           name: git-clone
         params:
           - name: url
             value: "$(params.git-url)"
         workspaces:
           - name: source
             workspace: codebase
       - name: build-to-package
         taskRef:
           name: build-to-package
         workspaces:
           - name: source
             workspace: codebase
         runAfter:
           - git-clone
       - name: generate-build-id
         taskRef:
           name: generate-build-id
         params:
           - name: version
             value: "$(params.version)"
         runAfter:
           - git-clone
       - name: image-build-and-push
         taskRef:
           name: image-build-and-push
         params:
           - name: image-url
             value: "$(params.image-url)"
           - name: image-tag
             value: "$(tasks.generate-build-id.results.buildId)"
         workspaces:
           - name: source
             workspace: codebase
           - name: dockerconfig
             workspace: docker-config
         runAfter:
           - generate-build-id
           - build-to-package
       - name: deploy-to-cluster
         taskRef:
           name: deploy-using-kubectl
         workspaces:
           - name: source
             workspace: codebase
         params:
           - name: deploy-config-file
             value: $(params.deploy-config-file)
           - name: image-url
             value: $(params.image-url)
           - name: image-tag
             value: "$(tasks.generate-build-id.results.buildId)"
         runAfter:
           - image-build-and-push
   
   

8. 07-rbac.yaml

   因为06task的容器要执行kubectl，所以，给这个pod要指定一个serviceaccount，这样才能操作集群的资源

   ---
   apiVersion: v1
   kind: ServiceAccount
   metadata:
     name: helloworld-admin
   ---
   apiVersion: rbac.authorization.k8s.io/v1
   kind: ClusterRoleBinding
   metadata:
     name: helloworld-admin
   roleRef:
     apiGroup: rbac.authorization.k8s.io
     kind: ClusterRole
     name: cluster-admin
   subjects:
   - kind: ServiceAccount
     name: helloworld-admin
     namespace: default
   
   

9. 08-pipelinerun-s2i.yaml

   apiVersion: tekton.dev/v1beta1
   kind: PipelineRun
   metadata:
     name: s2i-buildid-run-00002
   spec:
     serviceAccountName: default
     taskRunSpecs:
       - pipelineTaskName: deploy-to-cluster
         taskServiceAccountName: helloworld-admin
     pipelineRef:
       name: source-to-image
     params:
       - name: git-url
         value: https://gitee.com/mageedu/spring-boot-helloWorld.git
       - name: image-url
         value: icloud2native/spring-boot-helloworld
       - name: version
         value: v0.1.2
     workspaces:
       - name: codebase
         volumeClaimTemplate:
           spec:
             accessModes:
               - ReadWriteOnce
             resources:
               requests:
                 storage: 1Gi
             storageClassName: nfs-csi
       - name: docker-config
         secret:
           secretName: docker-config
   
   

   运行:

   kubectl apply -f .
   

   结果：

   1. 整个pipeline执行成功
      
      2、image推送到dockerhub
      
      3、查看部署
      
      更多关于tekton文章，后续更新。。。