云原生CI/CD框架Tekton国内部署方式

作者：Lizeyang 2021-11-26 08:14:05开源云原生 Tekton 是一款功能非常强大而灵活的 CI/CD 开源的云原生框架。致力于提供全功能、标准化的云原生 CI/CD 解决方案。本文主要是通过流水线自动化的将tekton镜像同步到腾讯云仓库，并部署tekton.

[[436836]]

Tekton 是一款功能非常强大而灵活的 CI/CD 开源的云原生框架。致力于提供全功能、标准化的云原生 CI/CD 解决方案。【本文主要是通过流水线自动化的将tekton镜像同步到腾讯云仓库，并部署tekton】

应用镜像

阿里云镜像仓库居然有限制…这次转到腾讯云镜像仓库了;ccr.ccs.tencentyun.com/tektons/dashboard

Pipeline

借助GitHub Actions:

同步镜像并生成镜像映射文件(json):收集镜像映射文件为制品;

ThisisabasicworkflowtohelpyougetstartedwithActionsname:GetTektonImagesenv:VERSION:v0.29.0on:push:paths:-'.github/workflows/tekton.yaml'-'tekton/**'jobs:build:runs-on:ubuntu-18.04steps:-uses:actions/checkout@v2-name:buildrun:|curlhttps://storage.googleapis.com/tekton-releases/pipeline/previous/${{env.VERSION}}/release.yaml-orelease.yamlgrep-v"#"release.yaml|grep-v"^$">release1.yaml;sed-i's/\-\-\-/###/g'release1.yamlpython3tekton/get_tekton_images.py${{secrets.DOCKER_USER}}${{secrets.DOCKER_PASSWD}}-uses:actions/upload-artifact@v2with:name:${{env.VERSION}}-tekton-imagespath:tekton_images.json

部署文件解析

1.下载release部署yaml;

2.解析Deployments对象中的images;

a.tekton-pipelines-controller

b.tekton-pipelines-webhook

c.tekton-dashboard(最新tag)

gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.29.0@sha256:72f79471f06d096cc53e51385017c9f0f7edbc87379bf415f99d4bd11cf7bc2bgcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/kubeconfigwriter:v0.29.0@sha256:6d058f2203b9ab66f538cb586c7dc3b7cc31ae958a4135dd99e51799f24b06c9gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.29.0@sha256:c0b0ed1cd81090ce8eecf60b936e9345089d9dfdb6ebdd2fd7b4a0341ef4f2b9gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.29.0@sha256:66958b78766741c25e31954f47bc9fd53eaa28263506b262bf2cc6df04f18561gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.29.0@sha256:6a037d5ba27d9c6be32a9038bfe676fb67d2e4145b4f53e9c61fb3e69f06e816gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/imagedigestexporter:v0.29.0@sha256:e38dd0d32253fce5aaf1e501c0bc71facc3720564b7e97055921cc5390d612e0gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/pullrequest-init:v0.29.0@sha256:d28202fb8b33a1d4c05f261ef8dcbcdcf3b469887d4dad256ce91f73c917420egcr.io/google.com/cloudsdktool/cloud-sdk@sha256:27b2c22bf259d9bc1a291e99c63791ba0c27a04d2db0a43241ba0f1f20f4067fgcr.io/distroless/base@sha256:aa4fd987555ea10e1a4ec8765da8158b5ffdfef1e72da512c7ede509bc9966c4mcr.microsoft.com/powershell:nanoserver@sha256:b6d5ff841b78bdf2dfed7550000fd4f3437385b8fa686ec0f010be24777654d6gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.29.0@sha256:46d5b90a7f4e9996351ad893a26bcbd27216676ad4d5316088ce351fb2c2c3dd

用Python编写一个数据解析脚本：

importyamlimportjsonimportsysimportosclassTekton:def__init__(self,file_name,registry_user,registry_passwd):self.yaml_file=file_nameself.arg_imgs=["gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard@sha256:95f71a2568ced67ec370b5360f88bec3280601908cac9e62dfbb801114480437"]self.split_str="###"self.deployments=["tekton-pipelines-controller","tekton-pipelines-webhook"]self.kind_type="Deployment"self.target_registry="ccr.ccs.tencentyun.com/tektons/"self.repos=["controller","kubeconfigwriter","git-init","entrypoint","nop","imagedigestexporter","pullrequest-init","cloud-sdk","base","powershell","webhook"]self.result=[]self.registry_user=registry_userself.registry_passwd=registry_passwddefload_yaml(self,data):content=yaml.load(data)returncontentdefload_json(self,data):content=json.loads(data)returncontentdefget_images(self):f=open(self.yaml_file,'r').read()foriinf.split("###")[:-1]:try:content=self.load_yaml(i.replace("###",""))ifcontent["kind"]==self.kind_type:deploy_name=content["metadata"]["name"]#获取imageifdeploy_nameinself.deployments:img=content["spec"]["template"]["spec"]["containers"][0]["image"]self.arg_imgs.append(img)#获取参数中的imagesifdeploy_name=="tekton-pipelines-controller":arg_img=content["spec"]["template"]["spec"]["containers"][0]["args"]forainarg_img:ifnota.startswith("-"):self.arg_imgs.append(a)exceptExceptionase:print(e)returnself.arg_imgsdefsave_json_file(self,data,file_name):foriinself.arg_imgs:self.result.append({"s_image":i,"t_image":self.target_registry+i.split("/")[-1].split("@")[0]})newdata=json.dumps(self.result,indent=4)a=open(file_name,'w')a.write(newdata)a.close()defsync_images(self):f=open("tekton_images.json",'r').read()content=self.load_json(f)docker_login_cmd="dockerlogin-u{0}-p{1}{2}".format(self.registry_user,self.registry_passwd,self.target_registry.split("/")[0])os.system(docker_login_cmd)foritemincontent:print("[GetImages]{}".format(item))docker_pull_cmd="dockerpull{0}".format(item["s_image"])docker_tag_cmd="dockertag{0}{1}".format(item["s_image"],item["t_image"])docker_push_cmd="dockerpush{0}".format(item["t_image"])os.system(docker_pull_cmd+"&&"+docker_tag_cmd+"&&"+docker_push_cmd)print("[GetImagesDone]{}".format(item))if__name__=='__main__':tekton=Tekton("release1.yaml",sys.argv[1],sys.argv[2])images=tekton.get_images()tekton.save_json_file(images,"tekton_images.json")tekton.sync_images()

镜像映射文件

s_image 原始镜像名称， t_image 目标镜像名称; 这里使用腾讯云的镜像仓库;

[{"s_image":"gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.29.0@sha256:72f79471f06d096cc53e51385017c9f0f7edbc87379bf415f99d4bd11cf7bc2b","t_image":"ccr.ccs.tencentyun.com/tektons/controller:v0.29.0"},{"s_image":"gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/kubeconfigwriter:v0.29.0@sha256:6d058f2203b9ab66f538cb586c7dc3b7cc31ae958a4135dd99e51799f24b06c9","t_image":"ccr.ccs.tencentyun.com/tektons/kubeconfigwriter:v0.29.0"},{"s_image":"gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.29.0@sha256:c0b0ed1cd81090ce8eecf60b936e9345089d9dfdb6ebdd2fd7b4a0341ef4f2b9","t_image":"ccr.ccs.tencentyun.com/tektons/git-init:v0.29.0"},{"s_image":"gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.29.0@sha256:66958b78766741c25e31954f47bc9fd53eaa28263506b262bf2cc6df04f18561","t_image":"ccr.ccs.tencentyun.com/tektons/entrypoint:v0.29.0"},{"s_image":"gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.29.0@sha256:6a037d5ba27d9c6be32a9038bfe676fb67d2e4145b4f53e9c61fb3e69f06e816","t_image":"ccr.ccs.tencentyun.com/tektons/nop:v0.29.0"},{"s_image":"gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/imagedigestexporter:v0.29.0@sha256:e38dd0d32253fce5aaf1e501c0bc71facc3720564b7e97055921cc5390d612e0","t_image":"ccr.ccs.tencentyun.com/tektons/imagedigestexporter:v0.29.0"},{"s_image":"gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/pullrequest-init:v0.29.0@sha256:d28202fb8b33a1d4c05f261ef8dcbcdcf3b469887d4dad256ce91f73c917420e","t_image":"ccr.ccs.tencentyun.com/tektons/pullrequest-init:v0.29.0"},{"s_image":"gcr.io/google.com/cloudsdktool/cloud-sdk@sha256:27b2c22bf259d9bc1a291e99c63791ba0c27a04d2db0a43241ba0f1f20f4067f","t_image":"ccr.ccs.tencentyun.com/tektons/cloud-sdk"},{"s_image":"gcr.io/distroless/base@sha256:aa4fd987555ea10e1a4ec8765da8158b5ffdfef1e72da512c7ede509bc9966c4","t_image":"ccr.ccs.tencentyun.com/tektons/base"},{"s_image":"mcr.microsoft.com/powershell:nanoserver@sha256:b6d5ff841b78bdf2dfed7550000fd4f3437385b8fa686ec0f010be24777654d6","t_image":"ccr.ccs.tencentyun.com/tektons/powershell:nanoserver"},{"s_image":"gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.29.0@sha256:46d5b90a7f4e9996351ad893a26bcbd27216676ad4d5316088ce351fb2c2c3dd","t_image":"ccr.ccs.tencentyun.com/tektons/webhook:v0.29.0"},{"s_image":"gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard@sha256:95f71a2568ced67ec370b5360f88bec3280601908cac9e62dfbb801114480437","t_image":"ccr.ccs.tencentyun.com/tektons/dashboard"}]

镜像映射文件可以在GitHubActions页面下载：

下载镜像脚本

解析上面生成的镜像文件，docker pull下载对应的镜像到本地;

importjsonimportosclassTekton:def__init__(self):self.json_file="tekton_images.json"self.target_registry="ccr.ccs.tencentyun.com/tektons/"#self.registry_user=registry_user#self.registry_passwd=registry_passwddefload_json(self,data):content=json.loads(data)returncontentdefdown_images(self):f=open(self.json_file,'r').read()content=self.load_json(f)#docker_login_cmd="dockerlogin-u{0}-p{1}{2}".format(#self.registry_user,#self.registry_passwd,#self.target_registry.split("/")[0])foritemincontent:print("[GetImages]{}".format(item["t_image"]))docker_pull_cmd="dockerpull{0}".format(item["t_image"])#docker_tag_cmd="dockertag{0}{1}".format(item["t_image"],item["s_image"].split("@")[0])os.system(docker_pull_cmd+"&&"+docker_tag_cmd)print("[GetImagesDone]{}".format(item))if__name__=='__main__':t=Tekton().down_images()

部署Tekton

替换部署文件中的镜像:

手动更新release.yaml中的镜像;然后kubectl apply release.yaml 部署(后续有时间再优化脚本，实现自动更新release.yaml)手动更新tekton-dashboard-release.yaml中的镜像;然后部署;

[root@master~]#kubectl-ntekton-pipelinesgetpodNAMEREADYSTATUSRESTARTSAGEtekton-dashboard-5c4b89d9-2z8g71/1Running021mtekton-pipelines-controller-b96f647bb-gff691/1Running013htekton-pipelines-webhook-76bc9c97b9-cd2m41/1Running013h

编写一个Ingress来暴露tekton dashboard：

apiVersion:extensions/v1beta1kind:Ingressmetadata:name:tekton-servicenamespace:tekton-pipelinesannotations:kubernetes.io/ingress.class:nginxnginx.ingress.kubernetes.io/proxy-body-size:256mspec:rules:-host:tekton.idevops.sitehttp:paths:-path:/backend:serviceName:tekton-dashboardservicePort:9097

访问UI页面：

编写Pipeline

apiVersion:tekton.dev/v1beta1kind:Taskmetadata:name:tektoncd-taskspec:resources:inputs:-name:repotype:gitsteps:-name:run-testimage:maven:3-jdk-8workingDir:/workspace/repocommand:["mvn"]args:["clean","package"]---apiVersion:tekton.dev/v1alpha1kind:PipelineResourcemetadata:name:tektoncd-resourcespec:type:gitparams:-name:urlvalue:http://192.168.1.200/devops/devops-maven-service.git-name:revisionvalue:master---apiVersion:tekton.dev/v1beta1kind:TaskRunmetadata:name:cdpipelinespec:taskRef:name:tektoncd-taskresources:inputs:-name:reporesourceRef:name:tektoncd-resource