发现极狐GitLab还有内置的私有镜像仓库,所以想尝试用 Tekton 来构建容器镜像,然后推送到极狐GitLab的私有镜像仓库。
Tekton是 Google 开源的一款用来构建云原生 CI/CD 的工具。它把 CI/CD Pipeline 抽象成了一些概念,比如 Pipeline、Task、Step,还有 Pipeline 的“控制器” PipelineRun、Task 的“控制器” TaskRun 等等。可以用 Step、Task 来组建 Pipeline。Pipeline 与 Task 的关系如下:
极狐GitLab内置的私有镜像仓库使用是比较方便的,可以在 Project --> Packages & Registries --> Container Registry 中查看,如下图:
首先需要安装 Tekton-Pipeline,参考Tekton 官网即快速完成安装:
$ kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
在 tekton-pipelines
namespace 下面就会有 pod 生成:
$ kubectl -n tekton-pipelines get pods
tekton-pipelines-controller-5978f55d68-fgzfh 1/1 Running 0 13d
tekton-pipelines-webhook-75c56bb869-cmx6j 1/1 Running 0 13d
接着把仓库 DevOps Is Shit / tekton-jihu-cr · GitLab clone 到本地,目录结构如下:
$ tree
.
├── README.md
├── pipelineresource.yaml
├── sa.yaml
├── secret-credentials.yaml
├── task.yaml
└── taskrun.yaml
0 directories, 6 files
文件说明:
serviceaccount
使用 kubectl apply
命令将上述资源进行部署即可:
$ kubectl create ns tekton-jihu
$ kubectl -n tekton-jihu apply -f pipelineresource.yaml
$ kubectl -n tekton-jihu apply -f secret-credentials.yaml
$ kubectl -n tekton-jihu apply -f sa.yaml
$ kubectl -n tekton-jihu apply -f task.yaml
$ kubectl -n tekton-jihu apply -f taskrun.yaml
接着就可以看到有一个拉取源代码,构建容器镜像并推送到极狐GitLab私有镜像仓库上:
$ tkn -n tekton-jihu tr list
NAME STARTED DURATION STATUS
build-docker-image-run 21 hours ago 1 minute Succeeded
整个构建是在 pod 内完成的:
$ kubectl -n tekton-jihu get pods
NAME READY STATUS RESTARTS AGE
build-docker-image-run-pod 0/4 Completed 0 21h
可以查看构建日志,看一下推送的过程:
$ kubectl -n tekton-jihu logs -f build-docker-image-run-pod -c step-image-build-and-push
INFO[0000] Resolved base name golang:1.12.9-alpine3.9 to builder
INFO[0000] Retrieving image manifest golang:1.12.9-alpine3.9
INFO[0000] Retrieving image golang:1.12.9-alpine3.9 from registry index.docker.io
INFO[0003] Retrieving image manifest alpine:latest
INFO[0003] Retrieving image alpine:latest from registry index.docker.io
INFO[0005] Built cross stage deps: map[0:[/tmp/main]]
INFO[0005] Retrieving image manifest golang:1.12.9-alpine3.9
INFO[0005] Returning cached image manifest
INFO[0005] Executing 0 build triggers
INFO[0005] Unpacking rootfs as cmd COPY main.go /tmp requires it.
INFO[0020] WORKDIR /tmp
INFO[0020] cmd: workdir
INFO[0020] Changed working directory to /tmp
INFO[0020] No files changed in this command, skipping snapshotting.
INFO[0020] COPY main.go /tmp
INFO[0020] Taking snapshot of files...
INFO[0020] RUN go build main.go
INFO[0020] Taking snapshot of full filesystem...
INFO[0022] cmd: /bin/sh
INFO[0022] args: [-c go build main.go]
INFO[0022] Running: [/bin/sh -c go build main.go]
INFO[0023] Taking snapshot of full filesystem...
INFO[0024] Saving file tmp/main for later use
INFO[0024] Deleting filesystem...
INFO[0024] Retrieving image manifest alpine:latest
INFO[0024] Returning cached image manifest
INFO[0024] Executing 0 build triggers
INFO[0024] Unpacking rootfs as cmd COPY --from=builder /tmp/main /usr/src/app/ requires it.
INFO[0028] WORKDIR /usr/src/app/
INFO[0028] cmd: workdir
INFO[0028] Changed working directory to /usr/src/app/
INFO[0028] Creating directory /usr/src/app/
INFO[0028] Taking snapshot of files...
INFO[0028] COPY --from=builder /tmp/main /usr/src/app/
INFO[0028] Taking snapshot of files...
INFO[0028] CMD ["./main"]
INFO[0028] Pushing image to registry.jihulab.com/keyboard-man/tekton-image:v0.0.1
INFO[0094] Pushed image to 1 destinations
从倒数第二句可以看到,镜像陪推送到了 registry.jihulab.com/keyboard-man/tekton-image
中。可以在极狐GitLab界面上进行检查:
可以用这个镜像进行一个测试:
$ docker run --rm -p 9990:9990 registry.jihulab.com/keyboard-man/tekton-image:v0.0.1
可以看到如下输出结果:
$ curl localhost:9990/devops-is-shit
DevOps is shit, do you argee with me????
可以将输出结果和源代码进行对比:
https://jihulab.com/keyboard-man/tekton-image/-/blob/main/main.go。
利用 Tekton 来构建容器镜像并推送到极狐GitLab内置的镜像仓库就这么 happy 的搞定了。