OpenShift 4 Tekton (6) - 将Tekton和ArgoCD集成

文章目录

  • 实现场景
  • 实现CI/CD配置
    • 准备Git Repo
    • 安装Tekton和ArgoCD客户端
    • 安装Tekton Operator、ArgoCD Operator和ArgoCD服务端环境
    • 创建ArgoCD的应用
    • 创建Tekton Pipeline
    • 允许Tekton Pipeline更新Infra Repo中的内容
    • 创建Webhook并配置Code Repo的Webhook
  • 运行Tekton Pipeline
    • 方法1-手动触发
    • 方法2-Webhook触发
  • 参考

实现场景

本文实现下图基于包括GitHub、Tekton、ArgoCD、WebHook的CI/CD场景:

  1. NodeJs应用代码放在Github的Code Repository中,代码变化后会通过Webhook触发Tekton的Pipeline运行。
  2. Tekton的Pipeline先从Code Repository中获得应用代码,然后Build成Image,随后将应用Image推送到OpenShift内部的Image Registry上。最后再更新GitHub的Infra Repository中的部署配置。
  3. ArgoCD发现Infra Repository中的部署配置变化后自动同步到OpenShift。
  4. OpenShift根据新的部署配置从其内部的Image Registry获取最新的应用Image,然后部署到OpenShift中。
    OpenShift 4 Tekton (6) - 将Tekton和ArgoCD集成_第1张图片

实现CI/CD配置

准备Git Repo

  1. Fork以下3个git repo到自己的github账户中。
    https://github.com/liuxiaoyu-git/tutorial-tekton-argocd-pipeline(Tekton Pipeline)
    https://github.com/liuxiaoyu-git/tutorial-tekton-argocd-code(NodeJs应用代码)
    https://github.com/liuxiaoyu-git/tutorial-tekton-argocd-infra(OpenShift部署)
  2. 在tutorial-tekton-argocd-pipeline的git repo中修改以下文件的内容,将其中的“liuxiaoyu-git”替换为自己的git账户名。
    pipeline/pipeline-build-git.yaml
    pipeline/git.yaml
  3. 执行命令设置环境变量。
$ export GIT_USERNAME=YOUR-GIT
$ export GIT_PIPELINE='tutorial-tekton-argocd-pipeline'
$ export GIT_CODE='tutorial-tekton-argocd-code'
$ export GIT_INFRA='tutorial-tekton-argocd-infra'

安装Tekton和ArgoCD客户端

  1. 运行以下命令,安装Tekton客户端。
$ curl -LO https://github.com/tektoncd/cli/releases/download/v0.8.0/tkn_0.8.0_Linux_x86_64.tar.gz
$ tar -xvf tkn_0.8.0_Linux_x86_64.tar.gz
$ sudo mv tkn /usr/bin/
  1. 运行以下命令,安装ArgoCD客户端。
$ sudo curl -L https://github.com/argoproj/argo-cd/releases/download/v1.4.2/argocd-linux-amd64 -o /usr/local/bin/argocd
$ sudo chmod +x /usr/local/bin/argocd

安装Tekton Operator、ArgoCD Operator和ArgoCD服务端环境

  1. 执行命令下载tutorial-tekton-argocd-pipeline repo。
$ git clone https://github.com/$GIT_USERNAME/tutorial-tekton-argocd-pipeline
$ cd tutorial-tekton-argocd-pipeline
  1. 执行命令安装Tekton Operator、ArgoCD Operator。
$ oc apply -f operators/tekton-operator.yaml
$ oc apply -f operators/argocd-operator.yaml
  1. 执行命令,查看Tekton Operator、ArgoCD Operator的安装状态。
$ oc get ClusterServiceVersion -n argocd
NAME                                   DISPLAY                        VERSION   REPLACES                              PHASE
argocd-operator-helm.v0.0.3            Argo CD Operator (Helm)        0.0.3     argocd-operator-helm.v0.0.2           Succeeded
openshift-pipelines-operator.v0.10.7   OpenShift Pipelines Operator   0.10.7    openshift-pipelines-operator.v0.8.2   Succeeded

OpenShift 4 Tekton (6) - 将Tekton和ArgoCD集成_第2张图片
4. 成功后执行命令创建ArgoCD服务端环境。

$ oc apply -f operators/argocd-cr.yaml
  1. 执行命令,查看ArgoCD部署执行情况。
$ oc get deploy
NAME                            READY   UP-TO-DATE   AVAILABLE   AGE
argocd-application-controller   1/1     1            1           4m2s
argocd-dex-server               1/1     1            1           4m2s
argocd-operator-helm            1/1     1            1           10m
argocd-redis                    1/1     1            1           4m2s
argocd-repo-server              1/1     1            1           4m2s
argocd-server                   1/1     1            1           4m2s

OpenShift 4 Tekton (6) - 将Tekton和ArgoCD集成_第3张图片
6. 执行命令,获得ArgoCD的admin用户登录密码。

$ export ARGOCD_NAMESPACE="argocd"
$ export ARGOCD_PASSWORD=$(oc get pods -n $ARGOCD_NAMESPACE -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2)
  1. 获得ArgoCD服务端的访问URL。
$ export ARGOCD_SERVER=$(oc get route argocd-server -n $ARGOCD_NAMESPACE -o jsonpath='{.spec.host}')
$ export ARGOCD_URL="https://$ARGOCD_SERVER"
  1. 确认可以用ArgoCD的客户端和浏览器分别登录ArgoCD。
$ argocd login --username admin --password $ARGOCD_PASSWORD $ARGOCD_SERVER

创建ArgoCD的应用

  1. 创建OpenShift项目用来运行Tekton Pipeline。
$ oc new-project tekton-argocd
  1. 执行命令,创建一个Argo应用,并将其对应到tutorial-tekton-argocd-infra。
$ export NAMESPACE=$(oc project -q)
$ export ARGOCD_APP=$(oc project -q)
$ export GIT_REPOSITORY_URL="https://github.com/$GIT_USERNAME/tutorial-tekton-argocd-infra"
$ export GIT_MANIFEST_DIR="yamls/ocp"
$ argocd app create $ARGOCD_APP \
  --project default \
  --repo $GIT_REPOSITORY_URL \
  --path $GIT_MANIFEST_DIR \
  --dest-server https://kubernetes.default.svc \
  --dest-namespace $NAMESPACE \
  --sync-policy automated \
  --self-heal \
  --auto-prune
  1. 当创建Argo应用后,可以在ArgoCD控制台中看到该应用的状态如下。由于当前在OpenShift中还没有对应的ImageStream,所以会提示找不到“image-registry.openshift-image-registry.svc:5000/tekton-argocd/app:6bf1e2b”镜像(Tag可能会有差别)。
    OpenShift 4 Tekton (6) - 将Tekton和ArgoCD集成_第4张图片

创建Tekton Pipeline

  1. 在tekton-argocd项目中创建Pipeline资源。
$ oc apply -f pipeline/ -n $NAMESPACE
pipelineresource.tekton.dev/source created
pipelineresource.tekton.dev/image created
pipeline.tekton.dev/build-git created
task.tekton.dev/build-git created
task.tekton.dev/build created
  1. 确认有以下Tekton对象。
$ tkn task ls -n $NAMESPACE
NAME        AGE
build       1 minute ago
build-git   1 minute ago
 
$ tkn pipeline ls -n $NAMESPACE
NAME        AGE            LAST RUN   STARTED   DURATION   STATUS
build-git   1 minute ago   ---        ---       ---        ---
 
$ tkn resources ls -n $NAMESPACE
NAME     TYPE    DETAILS
source   git     url: https://github.com/csantanapr/tutorial-tekton-argocd-code
image    image   url: image-registry.openshift-image-registry.svc:5000/$NAMESPACE/app
  1. 运行Tekton的名为build的Task。
$ tkn task start build \
  -i image=image \
  -i source=source \
  --showlog \
  -s pipeline \
  -n $NAMESPACE
  1. 在Task成功执行后,确认tekton-argocd项目中已经有了名为app的ImageStream。说明:实际tag可能和下面示例tag会不一样。
$ oc get imagestream -n $NAMESPACE
NAME   IMAGE REPOSITORY                                                                                                      TAGS      UPDATED
app    default-route-openshift-image-registry.apps.cluster-beijing-c8e6.beijing-c8e6.example.opentlc.com/tekton-argocd/app   6bf1e2b   30 seconds ago

允许Tekton Pipeline更新Infra Repo中的内容

  1. 在自己GitHub账号中进入Setting,然后在页面点击“Developer setting”链接,最后进入“Personal access tokens”。
    OpenShift 4 Tekton (6) - 将Tekton和ArgoCD集成_第5张图片
  2. 点击“Generate new token”按钮,进入“New personal access token”页面。先在Note中填入“Tekton Pipeline”,然后在Scopes区域选中repo和admin:repo_hook,最后点击下面Generate token按钮。
    OpenShift 4 Tekton (6) - 将Tekton和ArgoCD集成_第6张图片
  3. 复制生成的Token字符创,并用它设置以下GIT_TOKEN变量,然后生成secret对象。
$ export GIT_TOKEN=''
$ oc create secret generic git-infra-secret \
  --from-literal=username="$GIT_USERNAME" \
  --from-literal=token="$GIT_TOKEN" \
  -n $NAMESPACE

创建Webhook并配置Code Repo的Webhook

  1. 执行命令,为Pipeline创建Webhook。
$ oc apply -f triggers/ -n $NAMESPACE
$ oc create route edge --service=el-cicd -n $NAMESPACE
$ export GIT_WEBHOOK_URL=$(oc get route el-cicd -o jsonpath='{.spec.host}' -n $NAMESPACE)
  1. 执行命令,将Webhook配置到名为tutorial-tekton-argocd-code的Git Repo上。
$ curl -v -X POST -u $GIT_USERNAME:$GIT_TOKEN -d "{\"name\": \"web\",\"active\": true,\"events\": [\"push\"],\"config\": {\"url\": \"https://$GIT_WEBHOOK_URL\",\"content_type\": \"json\",\"insecure_ssl\": \"0\"}}" -L https://api.github.com/repos/$GIT_USERNAME/$GIT_CODE/hooks
  1. 如执行成功,应有以下执行响应结果。
** About to connect() to api.github.com port 443 (#0)
**   Trying 13.250.94.254...
** Connected to api.github.com (13.250.94.254) port 443 (#0)
** Initializing NSS with certpath: sql:/etc/pki/nssdb
**   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
** SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
** Server certificate:
**       subject: CN=*.github.com,O="GitHub, Inc.",L=San Francisco,ST=California,C=US
**       start date: Jul 08 00:00:00 2019 GMT
**       expire date: Jul 16 12:00:00 2020 GMT
**       common name: *.github.com
**       issuer: CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US
** Server auth using Basic with user 'liuxiaoyu-git'
> POST /repos/liuxiaoyu-git/tutorial-tekton-argocd-code/hooks HTTP/1.1
> Authorization: Basic bGl1eGlhb3l1LWdpdDoyYzkxZWQ3Nzg0MzU3NjMyMTM3YTVhNDRiMjBmNjcyMzEzY2Q2ZWEx
> User-Agent: curl/7.29.0
> Host: api.github.com
> Accept: */*
> Content-Length: 202
> Content-Type: application/x-www-form-urlencoded
>
 4. upload completely sent off: 202 out of 202 bytes
< HTTP/1.1 201 Created
< Date: Sun, 26 Apr 2020 14:54:17 GMT
< Content-Type: application/json; charset=utf-8
< Content-Length: 771
< Server: GitHub.com
< Status: 201 Created
< X-RateLimit-Limit: 5000
< X-RateLimit-Remaining: 4999
< X-RateLimit-Reset: 1587916457
< Cache-Control: private, max-age=60, s-maxage=60
< Vary: Accept, Authorization, Cookie, X-GitHub-OTP
< ETag: "0f8659953257c11b433917a9088c7e97"
< X-OAuth-Scopes: admin:repo_hook, repo
< X-Accepted-OAuth-Scopes: admin:repo_hook, public_repo, repo, write:repo_hook
< Location: https://api.github.com/repos/liuxiaoyu-git/tutorial-tekton-argocd-code/hooks/205246180
< X-GitHub-Media-Type: github.v3; format=json
< Access-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, Deprecation, Sunset
< Access-Control-Allow-Origin: *
< Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
< X-Frame-Options: deny
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
< Content-Security-Policy: default-src 'none'
< Vary: Accept-Encoding, Accept, X-Requested-With
< X-GitHub-Request-Id: EA0C:0D30:E2DBFC:1226B13:5EA5A099
<
{
  "type": "Repository",
  "id": 205246180,
  "name": "web",
  "active": true,
  "events": [
    "push"
  ],
  "config": {
    "content_type": "json",
    "insecure_ssl": "0",
    "url": "https://el-cicd-tekton-argocd.apps.cluster-beijing-c8e6.beijing-c8e6.example.opentlc.com"
  },
  "updated_at": "2020-04-26T14:54:17Z",
  "created_at": "2020-04-26T14:54:17Z",
  "url": "https://api.github.com/repos/liuxiaoyu-git/tutorial-tekton-argocd-code/hooks/205246180",
  "test_url": "https://api.github.com/repos/liuxiaoyu-git/tutorial-tekton-argocd-code/hooks/205246180/test",
  "ping_url": "https://api.github.com/repos/liuxiaoyu-git/tutorial-tekton-argocd-code/hooks/205246180/pings",
  "last_response": {
    "code": null,
    "status": "unused",
    "message": null
  }
}
** Connection #0 to host api.github.com left intact
  1. 进入Github的tutorial-tekton-argocd-code的Repository,然后进入Settings中的Webhooks。确认SSL verification是Disable的。
    OpenShift 4 Tekton (6) - 将Tekton和ArgoCD集成_第7张图片

运行Tekton Pipeline

方法1-手动触发

  1. 执行以下命令,手动运行Pipeline,然后
$ tkn pipeline start build-git \
            --showlog \
            -r source=source \
            -r image=image \
            -s pipeline \
            -n $NAMESPACE
  1. 在完成后查看部署到OpenShift的测试应用页面。
$ curl http://$(oc get route ui -n tekton-argocd |awk 'NR==2 {print $2}')
<!DOCTYPE html><html><head><title>Cloud Native demo March 12th 2020</title><link rel="stylesheet" href="/stylesheets/style.css"></head><body><h1>Cloud Native demo March 12th 2020</h1><p>Welcome to Cloud Native demo March 12th 2020</p></body></html>
  1. 确认ImageStream已经有更新。
$ oc get is
NAME   IMAGE REPOSITORY                                                                                                      TAGS              UPDATED
app    default-route-openshift-image-registry.apps.cluster-beijing-c8e6.beijing-c8e6.example.opentlc.com/tekton-argocd/app   deca336,6bf1e2b   3 minutes ago

方法2-Webhook触发

  1. 在Github上修改tutorial-tekton-argocd-code中的“tutorial-tekton-argocd-code/src/routes/index.js”文件中“Cloud Native demo”后面的日期。
var express = require('express');
var router = express.Router();
 
/* GET home page. */
router.get('/', function (req, res, next) {
  res.render('index', { title: 'Cloud Native demo April 26th 2020' });
});
 
module.exports = router;
  1. 修改文件并提交后,确认pipelinerun在运行。
$ tkn pipelinerun list
NAME                  STARTED       DURATION    STATUS
cicd-run-8dtxk        3 hours ago   5 minutes   Succeeded
build-git-run-zq7hv   3 hours ago   3 minutes   Succeeded
  1. 在完成运行后可以在ArgoCD控制台中看到tekton-argocd项目是Synced状态。
    OpenShift 4 Tekton (6) - 将Tekton和ArgoCD集成_第8张图片
  2. 最后执行命令,查看返回的页面内容已经发生了变化。
$ curl http://$(oc get route ui -n tekton-argocd |awk 'NR==2 {print $2}')
<!DOCTYPE html><html><head><title>Cloud Native demo March 12th 2020</title><link rel="stylesheet" href="/stylesheets/style.css"></head><body><h1>Cloud Native demo March 12th 2020</h1><p>Welcome to Cloud Native demo April 27th 2020</p></body></html>

参考

https://cloudnative101.dev/project-cicd/solution/

你可能感兴趣的:(Tekton,pipeline,ArgoCD)