用 Tekton 来构建镜像并推送到极狐GitLab 私有仓库

发现极狐GitLab还有内置的私有镜像仓库,所以想尝试用 Tekton 来构建容器镜像,然后推送到极狐GitLab的私有镜像仓库。

关于 Tekton

Tekton是 Google 开源的一款用来构建云原生 CI/CD 的工具。它把 CI/CD Pipeline 抽象成了一些概念,比如 Pipeline、Task、Step,还有 Pipeline 的“控制器” PipelineRun、Task 的“控制器” TaskRun 等等。可以用 Step、Task 来组建 Pipeline。Pipeline 与 Task 的关系如下:

用 Tekton 来构建镜像并推送到极狐GitLab 私有仓库_第1张图片

极狐GitLab私有仓库的使用

极狐GitLab内置的私有镜像仓库使用是比较方便的,可以在 Project --> Packages & Registries --> Container Registry 中查看,如下图:

用 Tekton 来构建镜像并推送到极狐GitLab 私有仓库_第2张图片

 

Tekton 构建镜像并推送

首先需要安装 Tekton-Pipeline,参考Tekton 官网即快速完成安装:

$ kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml

tekton-pipelines namespace 下面就会有 pod 生成:

$ kubectl -n tekton-pipelines get pods
tekton-pipelines-controller-5978f55d68-fgzfh        1/1     Running   0          13d
tekton-pipelines-webhook-75c56bb869-cmx6j           1/1     Running   0          13d

接着把仓库 DevOps Is Shit / tekton-jihu-cr · GitLab clone 到本地,目录结构如下:

$ tree
.
├── README.md
├── pipelineresource.yaml
├── sa.yaml
├── secret-credentials.yaml
├── task.yaml
└── taskrun.yaml

0 directories, 6 files

文件说明:

  • pipelineresource.yaml:定义了整个 Pipeline 中的输入资源(源码,放在极狐GitLab上,Repo 地址为:https://jihulab.com/keyboard-man/tekton-image)和输出资源(镜像)
  • sa.yaml:定义了 serviceaccount
  • secret-credentials.yaml:定义了拉取源代码及推送镜像的凭据信息
  • task.yaml: Task 的定义
  • taskrun.yaml: Taksrun 的定义

使用 kubectl apply 命令将上述资源进行部署即可:

$ kubectl create ns tekton-jihu
$ kubectl -n tekton-jihu apply -f pipelineresource.yaml
$ kubectl -n tekton-jihu apply -f secret-credentials.yaml
$ kubectl -n tekton-jihu apply -f sa.yaml
$ kubectl -n tekton-jihu apply -f task.yaml
$ kubectl -n tekton-jihu apply -f taskrun.yaml 

接着就可以看到有一个拉取源代码,构建容器镜像并推送到极狐GitLab私有镜像仓库上:

$ tkn -n tekton-jihu tr list
NAME                     STARTED        DURATION   STATUS
build-docker-image-run   21 hours ago   1 minute   Succeeded

整个构建是在 pod 内完成的:

$ kubectl -n tekton-jihu get pods
NAME                         READY   STATUS      RESTARTS   AGE
build-docker-image-run-pod   0/4     Completed   0          21h

可以查看构建日志,看一下推送的过程:

$ kubectl -n tekton-jihu logs -f build-docker-image-run-pod -c step-image-build-and-push
INFO[0000] Resolved base name golang:1.12.9-alpine3.9 to builder
INFO[0000] Retrieving image manifest golang:1.12.9-alpine3.9
INFO[0000] Retrieving image golang:1.12.9-alpine3.9 from registry index.docker.io
INFO[0003] Retrieving image manifest alpine:latest
INFO[0003] Retrieving image alpine:latest from registry index.docker.io
INFO[0005] Built cross stage deps: map[0:[/tmp/main]]
INFO[0005] Retrieving image manifest golang:1.12.9-alpine3.9
INFO[0005] Returning cached image manifest
INFO[0005] Executing 0 build triggers
INFO[0005] Unpacking rootfs as cmd COPY main.go /tmp requires it.
INFO[0020] WORKDIR /tmp
INFO[0020] cmd: workdir
INFO[0020] Changed working directory to /tmp
INFO[0020] No files changed in this command, skipping snapshotting.
INFO[0020] COPY main.go /tmp
INFO[0020] Taking snapshot of files...
INFO[0020] RUN go build main.go
INFO[0020] Taking snapshot of full filesystem...
INFO[0022] cmd: /bin/sh
INFO[0022] args: [-c go build main.go]
INFO[0022] Running: [/bin/sh -c go build main.go]
INFO[0023] Taking snapshot of full filesystem...
INFO[0024] Saving file tmp/main for later use
INFO[0024] Deleting filesystem...
INFO[0024] Retrieving image manifest alpine:latest
INFO[0024] Returning cached image manifest
INFO[0024] Executing 0 build triggers
INFO[0024] Unpacking rootfs as cmd COPY --from=builder /tmp/main /usr/src/app/ requires it.
INFO[0028] WORKDIR /usr/src/app/
INFO[0028] cmd: workdir
INFO[0028] Changed working directory to /usr/src/app/
INFO[0028] Creating directory /usr/src/app/
INFO[0028] Taking snapshot of files...
INFO[0028] COPY --from=builder /tmp/main /usr/src/app/
INFO[0028] Taking snapshot of files...
INFO[0028] CMD ["./main"]
INFO[0028] Pushing image to registry.jihulab.com/keyboard-man/tekton-image:v0.0.1
INFO[0094] Pushed image to 1 destinations

从倒数第二句可以看到,镜像陪推送到了 registry.jihulab.com/keyboard-man/tekton-image中。可以在极狐GitLab界面上进行检查:

用 Tekton 来构建镜像并推送到极狐GitLab 私有仓库_第3张图片

可以用这个镜像进行一个测试:

$ docker run --rm -p 9990:9990 registry.jihulab.com/keyboard-man/tekton-image:v0.0.1

可以看到如下输出结果:

$ curl localhost:9990/devops-is-shit
DevOps is shit, do you argee with me????

可以将输出结果和源代码进行对比:

https://jihulab.com/keyboard-man/tekton-image/-/blob/main/main.go。

利用 Tekton 来构建容器镜像并推送到极狐GitLab内置的镜像仓库就这么 happy 的搞定了。

 

你可能感兴趣的:(Kubernetes,容器)