OpenShift 4 Tekton (1) - OpenShift Pipeline入门
文章目录
- Tekton核心概念
- 本CICD Pipeine场景说明
- 环境说明
- 操作步骤
- 安装OpenShift Pipelines Operator
- 配置OpenShift Pipeline
- 创建OpenShift项目
- 创建Task对象
- 创建Pipeline对象
- 创建PipelineResource
- 使用Pipeline
- 直接运行Pipeline
- 在创建应用中指定Pipeline
- 清除环境
- 使用VSCode针对OpenShift的Tekton Pipeline扩展
- 参考
Tekton是Google推崇的云原生(就是面向Kubernetes)开源CICD框架,2019年已经得到Redhat等云厂商的支持。在OpenShift 4的 OpenShift Pipeline中已经通过Operator Frame集成了Tekton框架,这样无需复杂集成和操作,我们就可实现各种基于Tekton的CICD Pipeline构建、操作、运行和监控了。
Tekton核心概念
在K8s或OpenShift中Tekton Pipeline是通过CRDs的方式进行定义的。Tekton Pipeline包括以下几种核心对象:
- Task和TaskRun:Task对象用来定义要在CICD中要干的一件事。Task中可以包括多个Step,每个step定义一个独立操作。例如下面定义了一个在ubuntu容器中输出hello world的任务。TaskRun对象是用来运行Task的(运行载体是Pod),其中Tesk中Step是顺序执行的,而每个Step都运行在各自的Container中。
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: echo-hello-world
spec:
steps:
- name: echo
image: ubuntu
command:
- echo
args:
- "hello world"
- Pipeline和PipelineRun:Pipeline用来定义按照指定顺序执行的一组Task。PipelineRun用来按照定义运行一些列的TaskRun。
- PipelineResource:在Pipeline运行期间向执行的Task传递参数,这些参数主要和环境相关,例如git repository的地址。
在运行Tekton Pipeline的时候,OpenShift会使用TaskRun和PipelineRun对象分别运行Tesk和Pipeline。Pipeline会按照指定的顺序执行Task,并获取结果。
本CICD Pipeine场景说明
本CICD Pipeline场景会部署两个模块,api和ui。这两个部分都是从git上获取代码,然后使用S2I方式构建镜像,然后再部署运行。
环境说明
本实验已经验证的运行环境:
- OpenShift 4.2/OpenShift 4.3/OpenShift 4.4
- Tekton Client
$ curl -L https://github.com/tektoncd/cli/releases/download/v0.9.0/tkn_0.9.0_Linux_x86_64.tar.gz | tar -xzf -
$ mv tkn /usr/bin/
操作步骤
安装OpenShift Pipelines Operator
- 用admin身份登录OpenShift Cosole,进入Administrator视图。
- 通过菜单进入Operators–>OpeartorHub。
- 查找到OpenShift Pipelines Operator,并点击进入,可以看到目前还是Tech Preivew。
- 在OpenShift Pipelines Operator介绍界面中点击Install。
- 在Create Operator Subscription界面中接受缺省选项,点击Subscribe。
- 此时页面会自动跳转到Operators–>Installed Opeartors,可以看到刚刚安装好的OpenShift Pipelines Operator。
- 查看安装后查看和Tekton相关API(OpenShift 4.4部署的数量有简化)。
$ oc api-resources --api-group=tekton.dev
NAME SHORTNAMES APIGROUP NAMESPACED KIND
clustertasks tekton.dev false ClusterTask
conditions tekton.dev true Condition
eventlisteners el tekton.dev true EventListener
pipelineresources tekton.dev true PipelineResource
pipelineruns pr,prs tekton.dev true PipelineRun
pipelines tekton.dev true Pipeline
taskruns tr,trs tekton.dev true TaskRun
tasks tekton.dev true Task
triggerbindings tb tekton.dev true TriggerBinding
triggertemplates tt tekton.dev true TriggerTemplate
- 安装OpenShift Pipelines Operator后会自动创建openshift-pipelines项目,并在其中运行了以下Pod。
$ oc get pod -n openshift-pipelines
NAME READY STATUS RESTARTS AGE
tekton-pipelines-controller-cbbbb9b6-2vhc2 1/1 Running 0 43m
tekton-pipelines-webhook-5d467b4747-q2k9t 1/1 Running 0 43m
tekton-triggers-controller-84766fbf76-8f29r 1/1 Running 0 43m
tekton-triggers-webhook-66456d7fbc-fxv28 1/1 Running 0 43m
- 可以用以下命令可以看到OpenShift Pipelines Operator自动创建的OpenShift Pipelines Config实例。
$ oc get config
NAME AGE
cluster 4m
配置OpenShift Pipeline
创建OpenShift项目
- 执行命令,创建一个项目。
$ oc new-project pipelines-tutorial
- 当安装OpenShift Pipelines Operator后,它会自动为项目创建一个名为pipeline 的ServiceAccount,以拥有build和push镜像的权限。执行命令,验证是否有名为pipeline的ServiceAccount。
$ oc get serviceaccount pipeline
NAME SECRETS AGE
pipeline 2 12h
创建Task对象
这里我们创建的独立的Task对象,而在后面步骤中在我们创建的Pipeline对象中包含多个tasks,这些不是独立的Task对象,而只是Pipeline对象执行tasks的说明。
- 执行命令创建2个Task对象。
$ oc create -f https://raw.githubusercontent.com/liuxiaoyu-git/pipelines-tutorial/release-v0.9/pipeline/update_deployment_task.yaml
task.tekton.dev/update-deployment created
$ oc create -f https://raw.githubusercontent.com/liuxiaoyu-git/pipelines-tutorial/release-v0.9/pipeline/apply_manifest_task.yaml
task.tekton.dev/apply-manifests created
- 在执行成功后可以用命令验证其状态
$ oc get task
NAME AGE
apply-manifests 26m
update-deployment 26m
- 也可以用Tekton的的客户端获取Task的状态
$ tkn task ls
NAME AGE
apply-manifests 26 minutes ago
update-deployment 27 minutes ago
- 除了上面定制的两个Tesk,我们还会用到buildah和s2i-python-3这两个ClusterTask。执行命令查看集群范围的ClusterTask,这些ClusterTask是在创建项目后,有Pipeline Operator自动创建的。
$ tkn clustertask ls
NAME AGE
buildah 5 minutes ago
buildah-v0-10-0 5 minutes ago
jib-maven 5 minutes ago
kn 5 minutes ago
maven 5 minutes ago
openshift-client 5 minutes ago
openshift-client-v0-10-0 5 minutes ago
s2i 5 minutes ago
s2i-go 5 minutes ago
s2i-go-v0-10-0 5 minutes ago
s2i-java-11 5 minutes ago
s2i-java-11-v0-10-0 5 minutes ago
s2i-java-8 5 minutes ago
s2i-java-8-v0-10-0 5 minutes ago
s2i-nodejs 5 minutes ago
s2i-nodejs-v0-10-0 5 minutes ago
s2i-perl 5 minutes ago
s2i-perl-v0-10-0 5 minutes ago
s2i-php 5 minutes ago
s2i-php-v0-10-0 5 minutes ago
s2i-python-3 5 minutes ago
s2i-python-3-v0-10-0 5 minutes ago
s2i-ruby 5 minutes ago
s2i-ruby-v0-10-0 5 minutes ago
s2i-v0-10-0 5 minutes ago
tkn 5 minutes ago
创建Pipeline对象
- 执行命令,创建Pipeline对象。
$ oc create -f https://raw.githubusercontent.com/liuxiaoyu-git/pipelines-tutorial/release-v0.9/pipeline/pipeline.yaml
pipeline.tekton.dev/build-and-deploy created
- 执行命令查看Pipeline状态。
$ tkn pipeline ls
NAME AGE LAST RUN STARTED DURATION STATUS
build-and-deploy 2 minutes ago --- --- --- ---
- 查看定义Pipeline对象的https://raw.githubusercontent.com/liuxiaoyu-git/pipelines-tutorial/release-v0.9/pipeline/pipeline.yaml文件,可以看到其中tasks区域定义了执行步骤。其中名为build-api和build-ui的task定义中没有runAfter,因此这两个task可以同时执行。
创建PipelineResource
- 查看PipelineResource的定义文件,https://raw.githubusercontent.com/liuxiaoyu-git/pipelines-tutorial/release-v0.9/pipeline/resources.yaml。resources.yaml中定义了4个PipelineResource:api-repo/ui-repo和api-image/ui-image,分别定义应用的git repository和生成的App Image推送的位置。
- 执行命令创建Pipeline用到的4个PipelineResource,然后查看其状态。注意:状态中的DETAILS的内容是资源的缺省值。
$ oc create -f https://raw.githubusercontent.com/liuxiaoyu-git/pipelines-tutorial/release-v0.9/pipeline/resources.yaml
pipelineresource.tekton.dev/api-repo created
pipelineresource.tekton.dev/api-image created
pipelineresource.tekton.dev/ui-repo created
pipelineresource.tekton.dev/ui-image created
$ tkn resource ls
NAME TYPE DETAILS
api-repo git url: http://github.com/openshift-pipelines/vote-api.git
ui-repo git url: http://github.com/openshift-pipelines/vote-ui.git
api-image image url: image-registry.openshift-image-registry.svc:5000/pipelines-tutorial/api:latest
ui-image image url: image-registry.openshift-image-registry.svc:5000/pipelines-tutorial/ui:latest
使用Pipeline
直接运行Pipeline
- 通过命令运行Tekton Pipeline,然后在命令行中为4个Resource选择对应的的选项。
$ tkn pipeline start build-and-deploy
? Choose the git resource to use for api-repo: api-repo (http://github.com/liuxiaoyu-git/vote-api.git)
? Choose the image resource to use for api-image: api-image (image-registry.openshift-image-registry.svc:5000/pipelines-tutorial/api:latest)
? Choose the git resource to use for ui-repo: ui-repo (http://github.com/liuxiaoyu-git/vote-ui.git)
? Choose the image resource to use for ui-image: ui-image (image-registry.openshift-image-registry.svc:5000/pipelines-tutorial/ui:latest)
Pipelinerun started: build-and-deploy-run-vv57k
In order to track the pipelinerun progress run:
tkn pipelinerun logs build-and-deploy-run-vv57k -f -n pipelines-tutorial
- 然后查看pipeline运行状态。当前是Running状态,在运行完后可再次执行,其状态会变为Succeeded。
$ tkn pipeline list
NAME AGE LAST RUN STARTED DURATION STATUS
build-and-deploy 41 minutes ago build-and-deploy-run-vv57k 1 minute ago --- Running
此时在OpenShift控制台的Developer视图中的Pipelines中可以查看build-and-deploy的PipelineRun情况,可以看到build-api和build-ui是同时在运行。
3. 执行以下命令可以查看TaskRun和PipelineRun的执行状态(根据Pipeline执行速度,可能看到的执行状态和下面不同)。从STARTTIME可以看出名为build-api和build-ui的taskrun是同时运行的。
$ oc get pipelineruns -n pipelines-tutorial
NAME SUCCEEDED REASON STARTTIME COMPLETIONTIME
build-and-deploy-run-vv57k Unknown Running 4m34s
$ oc get taskruns -n pipelines-tutorial
NAME SUCCEEDED REASON STARTTIME COMPLETIONTIME
build-and-deploy-run-7fhbd-apply-api-manifests-gxcvd True Succeeded 71s 52s
build-and-deploy-run-7fhbd-build-api-smt6v True Succeeded 3m30s 71s
build-and-deploy-run-7fhbd-build-ui-fjszj Unknown Running 3m30s
build-and-deploy-run-7fhbd-update-api-image-jhsmg Unknown Running 52s
- 可执行命令查看Pipeline的执行日志:
$ tkn pipeline logs -f
....
[build-ui : push] {"level":"info","ts":1584697662.9880128,"logger":"fallback-logger","caller":"logging/config.go:69","msg":"Fetch GitHub commit ID from kodata failed: \"KO_DATA_PATH\" does not exist or is empty"}
[build-ui : push] Getting image source signatures
[build-ui : push] Copying blob sha256:cedd25c356a04d0fb467d4715483c20e0be63ba58fdfdccc62eeaa4cd02873cb
[build-ui : push] Copying blob sha256:c7fbe90ae90e9c6452e5d809f069907907e6f32532565104921f600fb956306c
[build-ui : push] Copying blob sha256:74d760a83a4b8bcb3d01e7726e06c11469f0bb2ce4645474cb91a607c27bf482
[build-ui : push] Copying blob sha256:35817540a17b5b90cb4426078d53813b16e70c75e1cce3db116d2fbbca7fbf10
[build-ui : push] Copying blob sha256:0673f18b23fcf8f750bca483ac32b42ac2db5383abc339f664f8b64aa3fcfb5f
[build-ui : push] Copying blob sha256:84ecc5257b90d8d8b51cf749f244f3b7b5d949e4d2761f7522bebd81f07d2ecb
[build-ui : push] Copying blob sha256:5ce88cda89ea3a3d86009a982df0044d0ef98a408eb24e3c066308d9bf86caf2
[build-ui : push] Copying blob sha256:4c88f4710799a4df8881e57abc4274b6b5cf6d14b49d1075c70fcb272342b391
[build-ui : push] Copying config sha256:95de826888a9086ad00fa10731d1ac94263d6d1eca5424db81bc5bb4d0010235
[build-ui : push] Writing manifest to image destination
[build-ui : push] Copying config sha256:95de826888a9086ad00fa10731d1ac94263d6d1eca5424db81bc5bb4d0010235
[build-ui : push] Writing manifest to image destination
[build-ui : push] Storing signatures
[build-ui : image-digest-exporter-lbbl5] {"level":"info","ts":1584697665.2419577,"logger":"fallback-logger","caller":"logging/config.go:69","msg":"Fetch GitHub commit ID from kodata failed: \"KO_DATA_PATH\" does not exist or is empty"}
[build-ui : image-digest-exporter-lbbl5] {"level":"info","ts":1584697938.3112879,"logger":"fallback-logger","caller":"logging/config.go:69","msg":"Fetch GitHub commit ID from kodata failed: \"KO_DATA_PATH\" does not exist or is empty"}
[build-ui : image-digest-exporter-lbbl5] {"level":"info","ts":1584697938.3113863,"logger":"fallback-logger","caller":"imagedigestexporter/main.go:58","msg":"No index.json found for: ui-image"}
[update-ui-image : patch] deployment.extensions/ui patched
- 可在OpenShift控制台的Developer视图中的Pipilines中查看Pipeline、Rource,以及它们执行情况和Task的执行日志。
- 在Pipeline执行成功后执行命令生成Route。
$ oc expose svc vote-ui -n pipelines-tutorial
- 我们可以在Openshift控制台Developer视图的Topology中看到应用的状态已经是蓝色可访问状态。
- 最后点击vote-ui的Route的链接即可访问到应用。
在创建应用中指定Pipeline
在控制台上通过S2I部署应用的时候,OpenShift能够自动生成Pipeline来描述构建应用CI/CD的过程。
说明:本部分操作只适用于OpenShift 4.3以上版本的OpenShift Console。
- 进入OpenShift Console的Developer视图,先进入左侧的“+Add”菜单,然后在右侧进入“From Git”区域。
- 在Git Repo URL中填写https://github.com/sclorg/cakephp-ex.git;在Builder Image中选择PHP;在下方Pipelines中选中“Add pipeline”选项,然后可以查看Pipeline。最后点击Create按钮。
- 进入左侧Topology菜单,可查看PHP应用通过Pipeline执行build的状态和日志,在成功完成后显示以下界面。
- 通过上图中的Route访问该应用即可。
- 从上面(3)进入Pipeline Runs的View Log,此时就可查看Pipeline Run的日志。
清除环境
$ oc delete -f https://raw.githubusercontent.com/liuxiaoyu-git/pipelines-tutorial/release-v0.9/pipeline/update_deployment_task.yaml
xiaoyliu@DESKTOP-M6BG8KP C:\MyLab\tekton
$ oc delete -f https://raw.githubusercontent.com/liuxiaoyu-git/pipelines-tutorial/release-v0.9/pipeline/apply_manifest_task.yaml
$ oc delete -f https://raw.githubusercontent.com/liuxiaoyu-git/pipelines-tutorial/release-v0.9/pipeline/pipeline.yaml
$ tkn resource delete --all -f
$ tkn pipelinerun delete --all -f
$ tkn taskrun delete --all -f
$ oc delete deployment --all
$ oc delete rs --all
$ oc delete pod --all
$ oc delete svc --all
$ oc delete route --all
$ oc delete is --all
$ oc get all
No resources found in pipelines-tutorial namespace.
使用VSCode针对OpenShift的Tekton Pipeline扩展
以上对Pipeline的操作还可在VSCode中实现,这需要用到VSCode针对OpenShift的Tekton Pipeline扩展,具体可参见以下链接中的说明,本文不再赘述。
https://marketplace.visualstudio.com/items?itemName=redhat.vscode-tekton-pipelines
参考
- Tekton在OpenShift 3.11上运行(只是运行,没有任何界面和功能集成)可参见Continuous delivery with Tekton Dashboards example
- HelloWorld Tekton Pipeline on OpenShift
- https://www.openshift.com/learn/topics/pipelines
- Pipeline Operator Installation
- https://openshift.github.io/pipelines-docs/docs/0.10.5/index.html