参考 https://github.com/tektoncd/pipeline/blob/main/docs/tutorial.md
Create a Task
Create a Pipeline containing your Tasks
Use a TaskRun to instantiate and execute a Task outside of a Pipeline
Use a PipelineRun to instantiate and run a Pipeline containing your Tasks1. Create a Task
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: echo-hello-world
namespace: lizhe
spec:
steps:
- name: echo
image: ubuntu
command:
- echo
args:
- "Hello World"
tkn task describe echo-hello-world
2. Create a Pipeline containing your Tasks
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
name: echo-hello-world-task-run
namespace: lizhe
spec:
taskRef:
name: echo-hello-world
和 argo一样, 它也会创建pod,另外也可以用 tkn
tkn taskrun describe echo-hello-world-task-run -n lizhe
3. PipelineResources
要创建一个 git resource 常规做法如下
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: tektongolang-git
namespace: lizhe
spec:
type: git
params:
- name: revision
value: master
- name: url
value: https://github.com/zl86790/tektongolang.git
创建一个 docker resource
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: lizhe-image
namespace: lizhe
spec:
type: image
params:
- name: url
value: libaibai/tektongolang
但是我们要使用 私有库 , 所以还需要secrets
4. 创建 git 用的权限
apiVersion: v1
kind: Secret
metadata:
name: basic-user-pass
namespace: lizhe
annotations:
tekton.dev/git-0: https://github.com # Described below
type: kubernetes.io/basic-auth
stringData:
username: <cleartext username>
password: <cleartext password>关联这个 secret 到 service account
apiVersion: v1
kind: ServiceAccount
metadata:
name: build-bot
namespace: lizhe
secrets:
- name: basic-user-pass5. 创建 docker 用的权限
kubectl create secret docker-registry regcred -n lizhe \
--docker-server=<your-registry-server> \
--docker-username=<your-name> \
--docker-password=<your-pword> \
--docker-email=<your-email>
kubectl create secret docker-registry regcred -n lizhe \
--docker-server=https://index.docker.io/v1/ \
--docker-username=<your-name> \
--docker-password=<your-pword> \
--docker-email=<your-email>
关联这个 secret 到 service account
apiVersion: v1
kind: ServiceAccount
metadata:
name: tutorial-service
namespace: lizhe
secrets:
- name: regcred稍微修改一下把 git 的 secret 也绑上,这样一会使用一个 sa 就可以了
apiVersion: v1
kind: ServiceAccount
metadata:
name: tutorial-service
namespace: lizhe
secrets:
- name: regcred
- name: basic-user-pass
6. build-docker-image-from-git-source
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: build-docker-image-from-git-source
namespace: lizhe
spec:
params:
- name: pathToDockerFile
type: string
description: The path to the dockerfile to build
default: $(resources.inputs.docker-source.path)/Dockerfile
- name: pathToContext
type: string
description: |
The build context used by Kaniko
(https://github.com/GoogleContainerTools/kaniko#kaniko-build-contexts)
default: $(resources.inputs.docker-source.path)
resources:
inputs:
- name: docker-source
type: git
outputs:
- name: builtImage
type: image
steps:
- name: build-and-push
image: gcr.io/kaniko-project/executor:latest
# specifying DOCKER_CONFIG is required to allow kaniko to detect docker credential
env:
- name: "DOCKER_CONFIG"
value: "/tekton/home/.docker/"
command:
- /kaniko/executor
args:
- --dockerfile=$(params.pathToDockerFile)
- --destination=$(resources.outputs.builtImage.url)
- --context=$(params.pathToContext)
7. Run your task
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
name: build-docker-image-from-git-source-task-run
namespace: lizhe
spec:
serviceAccountName: tutorial-service
taskRef:
name: build-docker-image-from-git-source
params:
- name: pathToDockerFile
value: Dockerfile
- name: pathToContext
value: $(resources.inputs.docker-source.path)/
resources:
inputs:
- name: docker-source
resourceRef:
name: tektongolang-git
outputs:
- name: builtImage
resourceRef:
name: lizhe-image
kubectl get tekton-pipelines -A
build-docker-image-from-git-source-task-run-r-tz2g4
