跳转至

构建流水线

定义 PipelineResource

git-input 表示 Task 的输入,type=git 表示使用 git 仓库类型,url 表示 git 仓库的地址,revision 表示分支。

apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
  name: blog-git-input
  namespace: release-site
spec:
  type: git
  params:
    - name: url
      value: https://code.liaosirui.com/srliao/blog-hugo-page
    - name: revision
      value: master

配置认证信息

由于使用了私有 git 仓库,所以需要配置仓库的认证信息。

git-basic-user-pass 表示 gitlab 的认证信息,annotations 中 tekton.dev/git- 开头的 key 表示 git 类型的 secret,value 则是 git 仓库的地址,type 表示认证类型,支持 kubernetes.io/basic-authkubernetes.io/ssh-auth

apiVersion: v1
kind: Secret
metadata:
  name: git-basic-user-pass
  namespace: release-site
  annotations:
    tekton.dev/git-0: https://code.liaosirui.com/srliao/blog-hugo-page
type: kubernetes.io/basic-auth
stringData:
  username: srliao
  password: xxxx

build-bot 表示 PipelineRun、TaskRun 使用的 ServiceAccount,build-bot 绑定 git-basic-user-pass,这样 PipelineRun、TaskRun 就能使用相应认证信息。

apiVersion: v1
kind: ServiceAccount
metadata:
  name: build-bot
  namespace: release-site
secrets:
  - name: git-basic-user-pass

定义 Task

workspaces 类似于 k8s 中 volume,用于存储、共享数据,支持 pvc、configmap、secret,本例由于要将文件进行持久化,所以在 pipelineRun 中指定使用 pvc 作为存储实现。

params 下表示定义变量并设置了默认值,$() 表示引用某个变量

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: blog-build
  namespace: release-site
spec:
  workspaces:
    - name: site
  resources:
    inputs:
    - name: blog-source
      type: git
    outputs: {}
  params:
    - name: pathToOutput
      type: string
      default: /tmp/blog
  steps:
  - name: hugo-generate
    image: registry.cn-chengdu.aliyuncs.com/custom-srliao/hugo-builder:master_latest
    env: {}
    command:
      - /bin/bash
    args:
      - -c
      - hugo -D -d $(params.pathToOutput)

重启 nginx,部署静态页面

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: blog-deploy
  namespace: release-site
spec:
  workspaces:
    - name: site
  params:
    - name: deployToRestart
      type: string
      default: blog-nginx-site
    - name: deployNs
      type: string
      default: release-site
  steps:
  - name: restart-nginx
    image: docker.io/bitnami/kubectl:1.22.1
    securityContext:
      runAsUser: 0
    command:
      - kubectl
    args:
      - rollout restart deployment -n $(deployNs) $(deployToRestart)

定义 Pipeline

apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: blog-pipeline
  namespace: release-site
spec:
  workspaces:
    - name: site
  resources:
  - name: blog-source
    type: git
  params:
    - name: mrState
      type: string
    - name: targetBranch
      type: string
    - name: commitID
      type: string
    - name: pathToDockerfile
      type: string
      default: $(resources.inputs.docker-source.path)/Dockerfile
    - name: pathToContext
      type: string
      default: $(resources.inputs.docker-source.path)
    - name: pathToDeploy
      type: string
      default: $(workspaces.ws.path)/deploy
  tasks:
    - name: blog-build
      when:
      - input: "$(params.mrState)"
        operator: in
        values: ["merged"]
      - input: "$(params.targetBranch)"
        operator: in
        values: ["dev"]
      taskRef:
        name: build-push
      workspaces:
        - name: ws
          workspace: ws
      params: 
       - name: commitID
         value: $(params.commitID)
       - name: pathToDockerfile
         value: $(params.pathToDockerfile)
       - name: pathToContext
         value: $(params.pathToContext)
      resources:
        inputs:
          - name: docker-source
            resource: docker-source
        outputs:
          - name: build-image
            resource: build-image
    - name: blog-deploy
      when:
      - input: "$(params.mrState)"
        operator: in
        values: ["merged"]
      - input: "$(params.targetBranch)"
        operator: in
        values: ["dev"]
      runAfter:
      - blog-build
      taskRef:
        name: blog-deploy
      workspaces:
        - name: ws
          workspace: ws
      params:
       - name: pathToDeploy
         value: $(params.pathToDeploy)

监听修改

  • 定义 TriggerTemplate
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:
  name: blog-trigger-template
  namespace: release-site
spec:
  params:
    - name: commit-id
  resourcetemplates:
    - apiVersion: tekton.dev/v1beta1
      kind: PipelineRun
      metadata:
        generateName: blog-pipeline-run-
        namespace: test-tekton
      spec:
        serviceAccountName: build-bot
        pipelineRef:
          name: blog-pipeline
        workspaces:
          - name: site
            persistentVolumeClaim:
              claimName: build-cache
        params: 
          - name: commit-id
            value: $(tt.commit-id)
          - name: git-root
            value: $(resources.inputs.blog-source.path)
          - name: 
        resources:
          - name: blog-source
            resourceRef:
              name: git-input
  • 定义 TriggerBinding

webhook 消息体可参考:https://docs.gitea.io/en-us/webhooks/

apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerBinding
metadata:
  name: blog-trigger-binding
  namespace: release-site
spec:
  params:
    - name: commit-id
      value: $(body.commits.id)
  • 定义 EventListener
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
  name: blog-event-listener
  namespace: release-site
spec:
  serviceAccountName: build-bot
  triggers:
    - bindings:
        - ref: blog-trigger-binding
      template:
        ref: blog-trigger-template