Tekton 克隆 git 仓库

Tekton 克隆 git仓库

介绍如何使用 Tektonhub 官方 git-clone task 克隆 github 上的源码到本地。
Tekton 克隆 git 仓库_第1张图片

git-clone task yaml文件下载地址:https://hub.tekton.dev/tekton/task/git-clone

查看git-clone task yaml内容:
Tekton 克隆 git 仓库_第2张图片
点击Install,选择一种方式创建 task
Tekton 克隆 git 仓库_第3张图片

这里使用kubectl命令创建官方git-clone task

kubectl apply -f \
https://raw.githubusercontent.com/tektoncd/catalog/main/task/git-clone/0.9/git-clone.yaml

查看创建的task

$ kubectl get task
NAME             AGE
git-clone        4h32m

git-clone task创建后,可以通过taskRunpipelineRun进行调用。

非认证方式克隆

公开仓库无需配置认证即可直接克隆,这里以克隆 tekton pipeline 官方仓库为例。

创建一个简单的 taskRun 调用 git-clone task 来执行克隆任务,并向git-clone task传递一些自定义参数:

$ cat git-clone-taskrun.yaml
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
  generateName: git-clone-taskrun-
spec:
  taskRef:
    name: git-clone
  podTemplate:
    hostNetwork: true
  workspaces:
    - name: output
      emptyDir: {}
  params:
  - name: url
    value: https://github.com/tektoncd/pipeline.git
  - name: revision
    value: main
  - name: subdirectory
    value: pipeline
  - name: httpProxy
    value: http://192.168.72.1:7890/
  - name: httpsProxy
    value: http://192.168.72.1:7890/
  - name: deleteExisting
    value: "true"
  - name: gitInitImage
    #value: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:latest
    value: dyrnq/tektoncd-pipeline-cmd-git-init:latest

所有的参数都是在git-clone task中已经预定义的,这里只需传参即可,参数说明:

  • workspaces:必选,为克隆的代码指定一个卷,这里作为演示,使用emptyDir类型的卷
  • url:指定克隆的git仓库地址
  • revision:指定克隆的git仓库分支
  • httpProxy:克隆github很有可能由于众所周知的原因失败,这里使用本地代理,可选
  • subdirectory:配置代码克隆到指定子目录下
  • gitInitImage:指定执行克隆任务的docker镜像,由于官方镜像无法访问,可以在dockerhub搜索可用镜像

应用yaml文件

kubectl create -f git-clone-taskrun.yaml

登录tekton dashboard 确认 taskRun 任务成功,说明已经成功克隆远程仓库到本地:
Tekton 克隆 git 仓库_第4张图片

basic-auth 认证方式克隆

前置要求:

  • 已准备远程私有 GitHub 仓库
  • 用于访问远程存储库的 GitHub 个人访问令牌 (PAT)。

以basic-auth认证方式为例,注意该pipeline依然调用官方git-clone task执行克隆任务。

1. 创建secret和serviceaccount账号

设置创建 github-pat-secret 时使用的所需环境变量

export GITHUB_USERNAME=''
export TEKTON_GITHUB_PAT=''

创建可以保存您的 GitHub.com 凭据的 Kubernetes secret:

cat >git-clone-sa.yaml<apiVersion: v1
kind: Secret
metadata:
  name: basic-user-pass
  annotations:
    tekton.dev/git-0: https://github.com
type: kubernetes.io/basic-auth
stringData:
  username: $GITHUB_USERNAME
  password: $TEKTON_GITHUB_PAT
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: github-bot
secrets:
  - name: basic-user-pass
EOF

应用yaml文件

kubectl apply -f git-clone-sa.yaml

2. 创建Pipeline和PipelineRun

官方参考:
https://github.com/tektoncd/catalog/blob/main/task/git-clone/0.9/samples/git-clone-checking-out-a-branch.yaml

创建 git 克隆PipelinePipelineRun,该管道将从私有 GitHub 存储库克隆并查看代码中README文件内容:

$ cat git-clone-pipelinerun.yaml
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: cat-branch-readme
spec:
  params:
  - name: repo-url
    type: string
    description: The git repository URL to clone from.
  - name: branch-name
    type: string
    description: The git branch to clone.
  - name: httpProxy
    type: string
    description: The httpProxy params.
  - name: httpsProxy
    type: string
    description: The httpsProxy params.
  - name: gitInitImage
    type: string
    description: The gitInitImage params.
  workspaces:
  - name: shared-data
  tasks:
  - name: fetch-repo
    taskRef:
      name: git-clone
    workspaces:
    - name: output
      workspace: shared-data
    params:
    - name: url
      value: $(params.repo-url)
    - name: revision
      value: $(params.branch-name)
    - name: httpProxy
      value: $(params.httpProxy)
    - name: httpsProxy
      value: $(params.httpsProxy)
    - name: gitInitImage
      value: $(params.gitInitImage)
  - name: cat-readme
    runAfter: ["fetch-repo"]
    workspaces:
    - name: source
      workspace: shared-data
    taskSpec:
      workspaces:
      - name: source
      steps:
      - image: zshusers/zsh:4.3.15
        script: |
          #!/usr/bin/env zsh
          cat $(workspaces.source.path)/README.md
---
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
  generateName: git-clone-checking-out-a-branch-
spec:
  serviceAccountName: github-bot
  pipelineRef:
    name: cat-branch-readme
  podTemplate:
    securityContext:
      fsGroup: 65532
  workspaces:
  - name: shared-data
    volumeClaimTemplate:
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 1Gi
  params:
  - name: repo-url
    value: https://github.com/willzhang/test.git
  - name: branch-name
    value: main
  - name: httpProxy
    value: http://192.168.72.1:7890/
  - name: httpsProxy
    value: http://192.168.72.1:7890/
  - name: gitInitImage
    value: registry.cn-shenzhen.aliyuncs.com/cnmirror/git-init:latest

参数说明:

  • workspaces:必选,PipelineRun中定义了volumeClaimTemplate类型的workspaces,能够动态申请所需的持久卷,使用kubectl get storageclass命令,确认k8s集群有默认可用的storageclass资源可用,本示例输出为openebs-hostpath (default)
  • serviceAccountName:必选,注意PipelineRun中定义了serviceAccountName: github-bot参数,用于执行任务
  • url:指定克隆的私有github仓库地址
  • revision:指定克隆的git仓库分支
  • gitInitImage:指定执行克隆任务的docker镜像,由于官方镜像无法访问,可以在dockerhub搜索可用镜像

应用yaml文件

kubectl create -f git-clone-pipelinerun.yaml

登录dashbord确认克隆任务是否成功
Tekton 克隆 git 仓库_第5张图片

ssh-auth认证方式

1. 创建secret和serviceaccount账号

任意一台linux机器,生成 SSH 密钥对

ssh-keygen -t rsa -b 4096 -f id_rsa -q -N ""

将公钥id_rsa.pub上传至github

root@kube001:~# cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCXygldZ3tt0ovNLk44pQlJkFzglT71sAh2OcjfpbbloLtQ7JlPwakzW0jBqsK/dOIuqLmMm176diQauX32JrGL8BcOEj0Mp5OGWIwB+lmpMVqd2UMVaPhsfu0q4hmXYUdFiqm2MB68sUJ1/P5FsFYb6N1ZJ/Gi4oXwL9F6BTEzE0eDE6PVHwQRp+2NM7zBkHVx1XJCOzfX4+Xzu93xMid/Zp5Lfsafxx89PDznk6fUtqd53TjoMpxxxxxxx5SLAPVbE0lh8SzHEGXbNGzmQeN2waWLUAw6VaXhgDPApFZ2Id43Ug3+v9dEY79mvK4DZm81Kzsqb7bffWLB5uPr3P5r9bkh8rcajmkd44QU642XFmuGWiQ4MMz0SMerjLEoKn8kEBY6C17qPEcb4kpBWF3hLfGI2XYnxhtvjDSuYbzIvsGzG/lW4AdHyEQcjm4YyVTLPfvwO9mQeZqdsxdYHOrxkjEgGwpVFbe5cRt/1b0IZrBDAfX5+cZsViHWVmtdisbbPkTSQTngBphIhTp1LIVvDNmgYYGQ2I/jlwSHfSLuGi0pbgIdbV8RKmipmAkTNj/4aTLOnqnYyCc7BMTEJZzeIiFu1tkjZULlhwnILTpsYaQe9NDKEHl1Q== root@kube001

配置示例:https://github.com/settings/keys
Tekton 克隆 git 仓库_第6张图片

获取私钥内容,复制到Secret中ssh-privatekey字段。

root@kube001:~# cat /root/.ssh/id_rsa
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAgEAl8oJXWd7bdKLzS5OOKUJSZBc4JU+9bAIdjnI36W25aC7UOyZT8Gp
M1tIwarCv3TiLqi5jJte+nYkGrl99iaxi/AXDhI9DKeThliMAfpZqTFandlDFWj4bH7tKu
IZl2FHRYqptjAevLFCdfz+RbBWG+jdWSfxouKF8C/RegUxMxNHgxOj1R8EEaftjTO8wZB1
cdVyQjs31+Pl87vd8TInf2aeS3wrxzSSr40OwuxUeFIKwLQgoMdjmHnXzznThxcE0DdPPT
w855On1Laned046DKUDMMnpDSYgZuZ2WQFgV0zf96+UiwD1WxNJYfEsxxBl2zRs5kHjdsG
li1AMOlWl4YAzwKRWdiHeN1IN/r/XRGO/ZryuA2ZvNSs7Km+2331iwebj69z+a/W5IfK3G
o5pHeOEFOuNlxZrhlokODDM9EjHq4yxKCp/JBAWOgte6jxHG+JKQVhd4S3xiNl2J8Ybb4w
0rmG8yL7Bsdfxxx5uGMlUyz378DvxxxxxasfsafsfxxxWBzqsdfwxIBsKVRW3uXEbf9W9C
GawQwH1+fnGbFYh1lZrXYrG2z5E0kE54AaYSIU6dSyFbwzZoGGBkNiP45cEh30i7hotKW4
CHW1fESpoqZgJEzY/+Gkyzp6p2MgnOwTExCWc3iIhbtbZI2VC5YcJyC06bGGkHvTQyhB5d
UAAAdIcAUlZ3AFJWcAAAAHc3NoLXJzYQAAAgEAl8oJXWd7bdKLzS5OOKUJSZBc4JU+9bAI
djnI36W25aC7UOyZT8GpM1tIwarCv3TiLqi5jJte+nYkGrl99iaxi/AXDhI9DKeThliMAf
pZqTFandlDFWj4bH7tKuIZl2FHRYqptjAevLFCdfz+RbBWG+jdWSfxouKF8C/RegUxMxNH
gxOj1R8EEaftjTO8wZB1cdVyQjs31+Pl87vd8TInf2aeS3wrxzSSr40OwuxUeFIKwLQgoM
djmHnXzznThxcE0DdPPTw855On1Laned046DKUDMMnpDSYgZuZ2WQFgV0zf96+UiwD1WxN
JYfEsxxBl2zRs5kHjdsGli1AMOlWl4YAzwKRWdiHeN1IN/r/XRGO/ZryuA2ZvNSs7Km+23
31iwebj69z+a/W5IfK3Go5pHeOEFOuNlxZrhlokODDM9EjHq4yxKCp/JBAWOgte6jxHG+J
KQVhd4S3xiNl2J8Ybb4w0rmG8yL7Bsxv5VuAHR8hEHI5uGMlUyz378DvZkHmanbMXWBzq8
ZIxIBsKVRW3uXEbf9W9CGawQwH1+fnGbFYh1lZrXYrG2z5E0kE54AaYSIU6dSyFbwzZoGG
BkNiP45cEh30i7hotKW4CHW1fESpoqZgJEzY/+Gkyzp6p2MgnOwTExCWc3iIhbtbZI2VC5
YcJyC06bGGkHvTQyhB5dUAAAADAQABAAACABisDdahVeY1dWTd9Hfvl3FeJkKY77lmqhFx
dg2oNXDgreHK+2aD33lKCqr0EyCkookcAsDwlkEWx+qSIP/MLUrGNTEj1MmESY3qQaOmqk
E+lPCYWneV7t9PyEQSqT86YCfVEJ3c93oLQ/bCrx/ruCtkL+pofDXSJRwz4ZQ4WNVo+lQ7
coNXPcWS6qFrefBqhzSAEcjjMEIGuJ9j94DXeqUSLIOvhLwl9vvS7UXQvTArgbTt8mm/zx
f/Ig18ZD4Oh0lC3D3jVzD7BqokIFfGFhRj+D2U0RI3PFzAyoKT5/Mtj4vmzD+2CM99gZKq
nVXRr3WqCfHr21b69XielVL98oWBZO421N45QOaL0gdnr0458x9sujKEbqogj2dvew9R6p
YrcrFC4a6Xbi+WIeLwqTIZhNInXvT7eqDAPnjejutD2P2RwYUMSuAGAlmL2Vphwg03sSGa
kf2UXTLIZzSIwzU4AOSaS3puxT2jKAWPeoGE7+wykb2ZxlMMLyRGdr6W+C0E0KESE7az7S
ZfO6Fkv4UR4/sXb4U8pr7rtWFw9vfyzXUpruNyMNwFitzT6YFwmewHCmIu9kiiWBx92oy7
Xg61v3GelHYhqMIsVmLnem0SKbjVyO6OrIIY7phsK/9c5dHM60KtQgD2xPUt1qy0biezYQ
EaCPiAjBeUd+oH1IJnAAABAHkNdRkkzMMNwlJL/JprD8HR296BzSfQ0TOoVin7csdBoQIA
Z/+ZeTR4JtuAGWuZlDr7coyuTb7a9HzDW75C9Ldt1nnT1eSrN+CymA3GGHoz3gkn3lmc2F
wJowOYg0GZMO4ynG2pltzeC9Ktzn+j+RascJ8VXarknB4xfyggqRvi/oyr5/Q6SzXxLy2V
0lQDXvgjTL8Vug39GGLDYgLT5K7fxM6Tzyh7CJjYOJPm1MATR635xhaYuQxscR7/+1nIBg
2sUk9LFoVI/DRiKvWaPWazNPQG0ylHbZY1gcDB8xBzWOSGt9A7K/ypXKnnlWy9NGXnMG+V
Zir05NNs2nzGvrUAAAEBALrEooyYqrXZtksRhMoGQBUoKg3V7z4FceGVLhwe0zuP18KLA3
6IPHkSwuP5radGpaB4qXGj/X5lZIwo1FaVy8mYfhh2rApvhbedo3i+e+ngWwP1kNSETlor
l3a3Oy3onowTW08YuRGcBtGTv4Hwj0LoRvt+Ts4cx8GNV/dZFWnNVJEvCR9BvVoeiATHA3
0igzO6c69/+K5RRumifMg4xmg5YOvuW8RnCZ7vUmBhKSEFRW3e/6u2UftHgEhQ2tAS+AeH
RnJdY3AWGL3eXd5UzDYEt5DQBnTOHVUlM7bOH3o2GhW814Tha7SdS4EYUNY/4tTml5N+r3
aDVw0IJuOxAF8AAAEBANAOE+4RpubP8DDAG+rRoYQNrtiYAI/Rdu9CR+wkjI4+hrOmnCJu
VEae24TmlNLtWo2GGG0ZE8+zXx+cKRdYj1baS4rDFP+iW9AnxaoAdWp8mW/xJMXSz7wjZk
5VRA5ivtZDLpgyicBwf1PYqHOIGrNedCmmtHDzhV0ERyt7D/Prql3IWVgvz09RdhD3pXcO
DkE4TLs5RMSA2Erh6OddRIwsSM07tXLwalQpuyuoGNMyK/ZidugfQesIEZPwb7cPi35eSQ
5lT2EpjfPsxBSWisUA3U1AIVBhejpK58ZHw6TH/AZEXNFGdENKNwAMV+FR3Rn3V7NTH/y7
SzPzjmCldksAAAAMcm9vdEBrdWJlMDAxAQIDBAUGBw==
-----END OPENSSH PRIVATE KEY-----

创建secret和serviceaccount

$ cat git-clone-sa.yaml
apiVersion: v1
kind: Secret
metadata:
  name: ssh-key
  annotations:
    tekton.dev/git-0: github.com
type: kubernetes.io/ssh-auth
stringData:
  ssh-privatekey: |
    -----BEGIN OPENSSH PRIVATE KEY-----
    b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
    NhAAAAAwEAAQAAAgEAl8oJXWd7bdKLzS5OOKUJSZBc4JU+9bAIdjnI36W25aC7UOyZT8Gp
    M1tIwarCv3TiLqi5jJte+nYkGrl99iaxi/AXDhI9DKeThliMAfpZqTFandlDFWj4bH7tKu
    IZl2FHRYqptjAevLFCdfz+RbBWG+jdWSfxouKF8C/RegUxMxNHgxOj1R8EEaftjTO8wZB1
    cdVyQjs31+Pl87vd8TInf2aeS3wrxzSSr40OwuxUeFIKwLQgoMdjmHnXzznThxcE0DdPPT
    w855On1Laned046DKUDMMnpDSYgZuZ2WQFgV0zf96+UiwD1WxNJYfEsxxBl2zRs5kHjdsG
    li1AMOlWl4YAzwKRWdiHeN1IN/r/XRGO/ZryuA2ZvNSs7Km+2331iwebj69z+a/W5IfK3G
    o5pHeOEFOuNlxZrhlokODDM9EjHq4yxKCp/JBAWOgte6jxHG+JKQVhd4S3xiNl2J8Ybb4w
    0rmG8yL7Bsdfxxx5uGMlUyz378DvxxxxxasfsafsfxxxWBzqsdfwxIBsKVRW3uXEbf9W9C
    GawQwH1+fnGbFYh1lZrXYrG2z5E0kE54AaYSIU6dSyFbwzZoGGBkNiP45cEh30i7hotKW4
    CHW1fESpoqZgJEzY/+Gkyzp6p2MgnOwTExCWc3iIhbtbZI2VC5YcJyC06bGGkHvTQyhB5d
    UAAAdIcAUlZ3AFJWcAAAAHc3NoLXJzYQAAAgEAl8oJXWd7bdKLzS5OOKUJSZBc4JU+9bAI
    djnI36W25aC7UOyZT8GpM1tIwarCv3TiLqi5jJte+nYkGrl99iaxi/AXDhI9DKeThliMAf
    pZqTFandlDFWj4bH7tKuIZl2FHRYqptjAevLFCdfz+RbBWG+jdWSfxouKF8C/RegUxMxNH
    gxOj1R8EEaftjTO8wZB1cdVyQjs31+Pl87vd8TInf2aeS3wrxzSSr40OwuxUeFIKwLQgoM
    djmHnXzznThxcE0DdPPTw855On1Laned046DKUDMMnpDSYgZuZ2WQFgV0zf96+UiwD1WxN
    JYfEsxxBl2zRs5kHjdsGli1AMOlWl4YAzwKRWdiHeN1IN/r/XRGO/ZryuA2ZvNSs7Km+23
    31iwebj69z+a/W5IfK3Go5pHeOEFOuNlxZrhlokODDM9EjHq4yxKCp/JBAWOgte6jxHG+J
    KQVhd4S3xiNl2J8Ybb4w0rmG8yL7Bsxv5VuAHR8hEHI5uGMlUyz378DvZkHmanbMXWBzq8
    ZIxIBsKVRW3uXEbf9W9CGawQwH1+fnGbFYh1lZrXYrG2z5E0kE54AaYSIU6dSyFbwzZoGG
    BkNiP45cEh30i7hotKW4CHW1fESpoqZgJEzY/+Gkyzp6p2MgnOwTExCWc3iIhbtbZI2VC5
    YcJyC06bGGkHvTQyhB5dUAAAADAQABAAACABisDdahVeY1dWTd9Hfvl3FeJkKY77lmqhFx
    dg2oNXDgreHK+2aD33lKCqr0EyCkookcAsDwlkEWx+qSIP/MLUrGNTEj1MmESY3qQaOmqk
    E+lPCYWneV7t9PyEQSqT86YCfVEJ3c93oLQ/bCrx/ruCtkL+pofDXSJRwz4ZQ4WNVo+lQ7
    coNXPcWS6qFrefBqhzSAEcjjMEIGuJ9j94DXeqUSLIOvhLwl9vvS7UXQvTArgbTt8mm/zx
    f/Ig18ZD4Oh0lC3D3jVzD7BqokIFfGFhRj+D2U0RI3PFzAyoKT5/Mtj4vmzD+2CM99gZKq
    nVXRr3WqCfHr21b69XielVL98oWBZO421N45QOaL0gdnr0458x9sujKEbqogj2dvew9R6p
    YrcrFC4a6Xbi+WIeLwqTIZhNInXvT7eqDAPnjejutD2P2RwYUMSuAGAlmL2Vphwg03sSGa
    kf2UXTLIZzSIwzU4AOSaS3puxT2jKAWPeoGE7+wykb2ZxlMMLyRGdr6W+C0E0KESE7az7S
    ZfO6Fkv4UR4/sXb4U8pr7rtWFw9vfyzXUpruNyMNwFitzT6YFwmewHCmIu9kiiWBx92oy7
    Xg61v3GelHYhqMIsVmLnem0SKbjVyO6OrIIY7phsK/9c5dHM60KtQgD2xPUt1qy0biezYQ
    EaCPiAjBeUd+oH1IJnAAABAHkNdRkkzMMNwlJL/JprD8HR296BzSfQ0TOoVin7csdBoQIA
    Z/+ZeTR4JtuAGWuZlDr7coyuTb7a9HzDW75C9Ldt1nnT1eSrN+CymA3GGHoz3gkn3lmc2F
    wJowOYg0GZMO4ynG2pltzeC9Ktzn+j+RascJ8VXarknB4xfyggqRvi/oyr5/Q6SzXxLy2V
    0lQDXvgjTL8Vug39GGLDYgLT5K7fxM6Tzyh7CJjYOJPm1MATR635xhaYuQxscR7/+1nIBg
    2sUk9LFoVI/DRiKvWaPWazNPQG0ylHbZY1gcDB8xBzWOSGt9A7K/ypXKnnlWy9NGXnMG+V
    Zir05NNs2nzGvrUAAAEBALrEooyYqrXZtksRhMoGQBUoKg3V7z4FceGVLhwe0zuP18KLA3
    6IPHkSwuP5radGpaB4qXGj/X5lZIwo1FaVy8mYfhh2rApvhbedo3i+e+ngWwP1kNSETlor
    l3a3Oy3onowTW08YuRGcBtGTv4Hwj0LoRvt+Ts4cx8GNV/dZFWnNVJEvCR9BvVoeiATHA3
    0igzO6c69/+K5RRumifMg4xmg5YOvuW8RnCZ7vUmBhKSEFRW3e/6u2UftHgEhQ2tAS+AeH
    RnJdY3AWGL3eXd5UzDYEt5DQBnTOHVUlM7bOH3o2GhW814Tha7SdS4EYUNY/4tTml5N+r3
    aDVw0IJuOxAF8AAAEBANAOE+4RpubP8DDAG+rRoYQNrtiYAI/Rdu9CR+wkjI4+hrOmnCJu
    VEae24TmlNLtWo2GGG0ZE8+zXx+cKRdYj1baS4rDFP+iW9AnxaoAdWp8mW/xJMXSz7wjZk
    5VRA5ivtZDLpgyicBwf1PYqHOIGrNedCmmtHDzhV0ERyt7D/Prql3IWVgvz09RdhD3pXcO
    DkE4TLs5RMSA2Erh6OddRIwsSM07tXLwalQpuyuoGNMyK/ZidugfQesIEZPwb7cPi35eSQ
    5lT2EpjfPsxBSWisUA3U1AIVBhejpK58ZHw6TH/AZEXNFGdENKNwAMV+FR3Rn3V7NTH/y7
    SzPzjmCldksAAAAMcm9vdEBrdWJlMDAxAQIDBAUGBw==
    -----END OPENSSH PRIVATE KEY-----
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: github-bot
secrets:
  - name: ssh-key

应用yaml文件

kubectl apply -f git-clone-sa.yaml

2.创建Pipeline和PipelineRun

创建 git 克隆PipelineRun,该管道将从私有 GitHub 存储库克隆并简单列出内容:

$ cat git-clone-pipelinerun.yaml
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: cat-branch-readme
spec:
  params:
  - name: repo-url
    type: string
    description: The git repository URL to clone from.
  - name: branch-name
    type: string
    description: The git branch to clone.
  - name: gitInitImage
    type: string
    description: The gitInitImage params.
  workspaces:
  - name: shared-data
  tasks:
  - name: fetch-repo
    taskRef:
      name: git-clone
    workspaces:
    - name: output
      workspace: shared-data
    params:
    - name: url
      value: $(params.repo-url)
    - name: revision
      value: $(params.branch-name)
    - name: gitInitImage
      value: $(params.gitInitImage)
  - name: cat-readme
    runAfter: ["fetch-repo"]
    workspaces:
    - name: source
      workspace: shared-data
    taskSpec:
      workspaces:
      - name: source
      steps:
      - image: zshusers/zsh:4.3.15
        script: |
          #!/usr/bin/env zsh
          cat $(workspaces.source.path)/README.md
---
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
  generateName: git-clone-checking-out-a-branch-
spec:
  serviceAccountName: github-bot
  pipelineRef:
    name: cat-branch-readme
  podTemplate:
    securityContext:
      fsGroup: 65532
  workspaces:
  - name: shared-data
    volumeClaimTemplate:
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 1Gi
  params:
  - name: repo-url
    value: [email protected]:willzhang/test.git
  - name: branch-name
    value: main
  - name: gitInitImage
    value: registry.cn-shenzhen.aliyuncs.com/cnmirror/git-init:latest

参数说明:

  • 注意修改克隆URL地址格式为:[email protected]:willzhang/test.git
  • 去除httproxy部分,以免影响ssh认证

应用yaml文件

kubectl create -f git-clone-pipelinerun.yaml

登录dashbord 查看参数信息,确认克隆任务是否成功
Tekton 克隆 git 仓库_第7张图片

显示 git 仓库 README 信息
Tekton 克隆 git 仓库_第8张图片

参考:https://redhat-scholars.github.io/tekton-tutorial/tekton-tutorial/private_reg_repos.html

你可能感兴趣的:(devops,tekton,git,ci/cd)