核心概念
- Task: 定义一个可执行的步骤序列,例如构建镜像、运行测试等。
- Pipeline: 定义一个由多个 Task 组成的流水线,用于自动化 CI/CD 流程。
- TaskRun: Task 的一次执行实例。
- PipelineRun: Pipeline 的一次执行实例。
- PipelineResource (已弃用): 用于定义 Pipeline 的输入和输出资源,如 Git 仓库、镜像仓库等。(推荐使用 Workspaces 替代)
- Workspace: 用于在 Task 之间共享数据和资源。
Tekton Pipelines 安装
在 k8s 中部署
bash
kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml查看
bash
kubectl -n tekton-pipelines get podsDashboard 安装
直接使用 k8s 部署
bash
kubectl apply --filename https://storage.googleapis.com/tekton-releases/dashboard/latest/release-full.yaml使用安装脚本
bash
curl -sL https://raw.githubusercontent.com/tektoncd/dashboard/main/scripts/release-installer | bash -s -- install latest --read-write配置ingress加入到apisix
yml
# tekton-dashboard-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tekton-dashboard-ingress
namespace: tekton-pipelines
annotations:
kubernetes.io/ingress.class: apisix
spec:
rules:
- host: tekton.cyjjohn.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: tekton-dashboard
port:
number: 9097Cli 工具
bash
# 自行替换版本
curl -LO https://github.com/tektoncd/cli/releases/download/v0.41.0/tkn_0.41.0_Linux_x86_64.tar.gz
# Replace YOUR-DOWNLOADED-FILE with the file path of your own.
sudo tar xvzf YOUR-DOWNLOADED-FILE -C /usr/local/bin/ tknTekton 运行第一个 Task
运行 Task 和 Taskrun
bash
kubectl apply -f taskrun.yml -f task.yml
# task.yml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: build-and-push-image
spec:
params:
- name: IMAGE
type: string
description: The Docker image to build and push
- name: DOCKERFILE
type: string
description: Path to the Dockerfile
default: Dockerfile
- name: CONTEXT
type: string
description: The build context
default: .
steps:
- name: build
image: gcr.io/kaniko-project/executor:latest
command: ["/kaniko/executor"]
args:
- "--dockerfile=$(params.DOCKERFILE)"
- "--context=$(params.CONTEXT)"
- "--destination=$(params.IMAGE)"
# taskrun.yml
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
name: build-and-push-taskrun
spec:
taskRef:
name: build-and-push-image
params:
- name: IMAGE
value: "your-docker-registry/your-image:latest"
- name: DOCKERFILE
value: "path/to/your/Dockerfile"Tekton CLI (tkn) 管理 Tekton 资源
- 查看 Task:
tkn task list - 查看 Pipeline:
tkn pipeline list - 启动 TaskRun:
tkn task start your-task --param IMAGE=your-image:latest - 启动 PipelineRun:
tkn pipeline start your-pipeline --param IMAGE=your-image:latest - 查看 TaskRun/PipelineRun 日志:
tkn taskrun logs your-taskrun -f或tkn pipelinerun logs your-pipelinerun -f
在 Pipeline 中指定 Task 的执行方式
timeout
指定超时时间
retries
失败情况下的重试次数
runAfter
定义任务之间的顺序步骤
params 参数传递
Pipeline 参数传递给 Task: Pipeline 可以定义参数,并将这些参数传递给它所包含的 Task。
yamlapiVersion: tekton.dev/v1beta1 kind: Pipeline metadata: name: my-pipeline spec: params: - name: IMAGE_NAME type: string description: The name of the image to build tasks: - name: build-image taskRef: name: build-and-push params: - name: IMAGE value: $(params.IMAGE_NAME)在这个例子中,Pipeline 定义了一个名为
IMAGE_NAME的参数,并将它的值传递给build-imageTask 的IMAGE参数。Task 结果传递给后续 Task: Task 可以定义结果 (results),并将这些结果传递给后续的 Task。
首先,在 Task 中定义 result:
yamlapiVersion: tekton.dev/v1beta1 kind: Task metadata: name: my-task spec: steps: - name: generate-result image: ubuntu script: | #!/usr/bin/env bash echo -n "my-result-value" | tee /tekton/results/my-result results: - name: my-result description: The value of my result value: $(steps.generate-result.results.my-result)然后,在 Pipeline 中使用 result:
yamlapiVersion: tekton.dev/v1beta1 kind: Pipeline metadata: name: my-pipeline spec: tasks: - name: task-1 taskRef: name: my-task - name: task-2 taskRef: name: another-task runAfter: - task-1 params: - name: INPUT_VALUE value: $(tasks.task-1.results.my-result)在这个例子中,
task-1的my-result结果被传递给task-2的INPUT_VALUE参数。
workspace 工作空间
workspaces: Pipeline 使用workspaces来定义 Task 之间共享的存储空间。yamlapiVersion: tekton.dev/v1beta1 kind: Pipeline metadata: name: my-pipeline spec: workspaces: - name: shared-data description: | This workspace is used to share data between the tasks in this pipeline. tasks: - name: fetch-source taskRef: name: git-clone workspaces: - name: output workspace: shared-data - name: build-image taskRef: name: build-and-push workspaces: - name: source workspace: shared-data runAfter: - fetch-source在这个例子中,
shared-dataWorkspace 被fetch-sourceTask 用于存储克隆的代码,然后被build-imageTask 用于构建镜像。
添加仓库
配置k8s凭证
bash
# git仓库凭证
ssh-keygen -t rsa -b 4096 -N "" -f ~/.ssh/id_rsa
# 将公钥 ( ~/.ssh/id_rsa.pub ) 添加到 GitHub 之后
kubectl create secret generic git-private-key \
--from-file=ssh-privatekey=~/.ssh/id_rsa \
-n my-tekton-namespace
# docker仓库凭证
kubectl create secret docker-registry docker-credentials \
--docker-server=<your-docker-registry-server> \
--docker-username=<your-docker-registry-username> \
--docker-password=<your-docker-registry-password> \
-n <your-namespace>创建 Tekton PipelineResource (Git 仓库)
yml
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: my-git-repo
namespace: <your-namespace>
spec:
type: git
params:
- name: url
value: <your-git-repository-url>
- name: revision
value: main # 或你的分支名