OpenShift 4 - DevSecOps Workshop (8) - 为Pipeline增加生成Image任务
《OpenShift 4.x HOL教程汇总》
说明:本文已经在OpenShift 4.8环境中验证
文章目录
- 手工验证生成 Image 的操作
- 为 Pipeline 增加生成 Image 的任务
- 测试运行生成的 Image
本步将像Pipeline中添加任务来生成应用镜像,随后将其推送到Quay。
手工验证生成 Image 的操作
- 从Nexus下载已经生成的应用包到“oc-build”目录。
$ mkdir oc-build
$ wget -O oc-build/jboss-tasks-rs-7.0.0-SNAPSHOT.war "http://${NEXUS_URL}/service/rest/v1/search/assets/download?sort=version&repository=maven-snapshots&maven.groupId=org.jboss.quickstarts.eap&maven.artifactId=jboss-tasks-rs&maven.baseVersion=7.0.0-SNAPSHOT&maven.extension=war"
- 基于在openshift项目中的“jboss-eap72-openshift:1.1”镜像流创建一个名为“tekton-tasks”新的BuildConfig对象。
$ oc new-build --name=tekton-tasks --image-stream jboss-eap72-openshift:1.1 --binary=true -n ${DEV}
--> Found image 0ca7413 (23 months old) in image stream "openshift/jboss-eap72-openshift" under tag "1.1" for "jboss-eap72-openshift:1.1"JBoss EAP 7.2-------------Platform for building and running JavaEE applications on JBoss EAP 7.2Tags: builder, javaee, eap, eap7* A source build using binary input will be created* The resulting image will be pushed to image stream tag "tekton-tasks:latest"* A binary build was created, use 'oc start-build --from-dir' to trigger a new build--> Creating resources with label build=tekton-tasks ...imagestream.image.openshift.io "tekton-tasks" createdbuildconfig.build.openshift.io "tekton-tasks" created
--> Success
- 查看由上一步创建的BuildConfig对象和ImageStream对象。注意BuildConfig的LATEST和istag对象的“IMAGE REFERENCE”的内容。
$ oc get buildconfig tekton-tasks -n ${DEV}
NAME TYPE FROM LATEST
tekton-tasks Source Binary 0$ oc get is tekton-tasks -n ${DEV}
NAME IMAGE REPOSITORY TAGS UPDATED
tekton-tasks default-route-openshift-image-registry.apps.cluster-39c8.39c8.sandbox139.opentlc.com/user1-dev/tekton-tasks latest$ oc get istag tekton-tasks:latest -n ${DEV}
Error from server (NotFound): imagestreamtags.image.openshift.io "tekton-tasks:latest" not found
- 启动名为“tekton-tasks”的BuildConfig。
$ oc start-build tekton-tasks --from-dir=./oc-build/ --wait=true -n ${DEV}
Uploading directory "oc-build" as binary input for the build ...
Uploading finished
build.build.openshift.io/tekton-tasks-1 started
- 再次查看BuildConfig对象和ImageStream对象,确认其中BuildConfig的LATEST和istag对象的“IMAGE REFERENCE”都发生了更新变化。,另外也生成了名为"tekton-tasks:latest"的istag对象。
$ oc get bc tekton-tasks -n ${DEV}
NAME TYPE FROM LATEST
tekton-tasks Source Binary 1$ oc get is tekton-tasks -n ${DEV}
NAME IMAGE REPOSITORY TAGS UPDATED
tekton-tasks default-route-openshift-image-registry.apps.cluster-39c8.39c8.sandbox139.opentlc.com/user1-dev/tekton-tasks latest 19 seconds ago$ oc get istag tekton-tasks:latest -n ${DEV}
NAME IMAGE REFERENCE UPDATED
tekton-tasks:latest image-registry.openshift-image-registry.svc:5000/user1-dev/tekton-tasks@sha256:f28e444783d263701061da94e0150a67ccce9a69b55d999b04982334e861e877 29 seconds ago
为 Pipeline 增加生成 Image 的任务
下面我们将在 Task 中实现上一步手工生成 Image 的操作。
- 执行命令创建名为“create-image”的任务,其中使用了create-build-config和build-app-image来创建BuildConfig并生成ImageStream和Image对象。
$ oc apply -f - << EOF
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: create-imagenamespace: ${CICD}
spec:params:- default: tasksdescription: The name of the appname: app_nametype: string- description: The name dev projectname: dev_projecttype: string- description: binary artifact path in the local artifact repo# something like org/jboss/quickstarts/eap/jboss-tasks-rs/7.0.0-SNAPSHOT/jboss-tasks-rs-7.0.0-SNAPSHOT.wartype: stringname: artifact_pathresources:inputs:- name: sourcetype: gitsteps:- name: create-build-configimage: 'quay.io/openshift/origin-cli:latest'script: >#!/bin/shset -e -o pipefailecho "Creating new build config" # This allows the new build to be created whether it exists or notoc new-build -o yaml --name=\$(params.app_name) --image-stream=jboss-eap72-openshift:1.1 --binary=true -n\$(params.dev_project) | oc apply -n \$(params.dev_project) -f - - name: build-app-imageimage: 'quay.io/openshift/origin-cli:latest' script: >#!/bin/shset -e -o pipefailecho "Start the openshift build" rm -rf \$(resources.inputs.source.path)/oc-build && mkdir -p \$(resources.inputs.source.path)/oc-build/deployments cp \$(workspaces.maven-repo.path)/\$(params.artifact_path) \$(resources.inputs.source.path)/oc-build/deployments/ROOT.war oc start-build \$(params.app_name) --from-dir=\$(resources.inputs.source.path)/oc-build -n \$(params.dev_project) --wait=true workspaces:- name: maven-repo
EOF
- 执行命令测试运行"create-image"任务。
$ tkn task start create-image -n ${CICD} --showlog \--inputresource source=tasks-source-code \--param app_name=tekton-tasks \--param dev_project=${DEV} \--param artifact_path='org/jboss/quickstarts/eap/jboss-tasks-rs/7.0.0-SNAPSHOT/jboss-tasks-rs-7.0.0-SNAPSHOT.war' \--workspace name=maven-repo,claimName=maven-repo-pvc
TaskRun started: create-image-run-pdj4q
Waiting for logs to be available...
[git-source-source-gx868] {"level":"info","ts":1629181943.040389,"caller":"git/git.go:169","msg":"Successfully cloned https://gitea-server-devsecops.apps.cluster-39c8.39c8.sandbox139.opentlc.com/user1/openshift-tasks.git @ bde310585bda8209cf384a85c6a72c6f34813910 (grafted, HEAD, origin/dso4) in path /workspace/source"}
[git-source-source-gx868] {"level":"info","ts":1629181943.1477466,"caller":"git/git.go:207","msg":"Successfully initialized and updated submodules in path /workspace/source"}[create-build-config] Creating new build config
[create-build-config] imagestream.image.openshift.io/tekton-tasks created
[create-build-config] buildconfig.build.openshift.io/tekton-tasks created[build-app-image] Start the openshift build
[build-app-image] Uploading directory "/workspace/source/oc-build" as binary input for the build ...
[build-app-image]
[build-app-image] Uploading finished
[build-app-image] build.build.openshift.io/tekton-tasks-1 started
- 再次查看BuildConfig 、ImageStream和istag对象,其中BuildConfig的LATEST和istag对象的“IMAGE REFERENCE”都发生了更新变化。
$ oc get buildconfig tekton-tasks -n ${DEV}
NAME TYPE FROM LATEST
tekton-tasks Source Binary 2$ oc get imagestream tekton-tasks -n ${DEV}
NAME IMAGE REPOSITORY TAGS UPDATED
tekton-tasks default-route-openshift-image-registry.apps.cluster-39c8.39c8.sandbox139.opentlc.com/user1-dev/tekton-tasks latest 13 minutes ago$ oc get istag tekton-tasks:latest -n ${DEV}
NAME IMAGE REFERENCE UPDATED
tekton-tasks:latest image-registry.openshift-image-registry.svc:5000/user1-dev/tekton-tasks@sha256:eac120a2ca3cd6c6f423829f74eeb3bdd29965067fd53fa0378620aeb7a7cd5b About a minute ago
- 执行命令向“tasks-dev-pipeline”管道追加“create-image”任务。
$ TASKS="$(oc get pipelines tasks-dev-pipeline -n ${CICD} -o yaml | yq r - 'spec.tasks' | yq p - 'spec.tasks')"
$ oc patch pipelines tasks-dev-pipeline -n ${CICD} --type=merge -p "$(cat << EOF
$TASKS- name: create-imagetaskRef:kind: Taskname: create-imageparams:- name: app_namevalue: tekton-tasks- name: dev_projectvalue: ${DEV}- name: artifact_pathvalue: org/jboss/quickstarts/eap/jboss-tasks-rs/7.0.0-SNAPSHOT/jboss-tasks-rs-7.0.0-SNAPSHOT.warresources:inputs:- name: sourceresource: pipeline-sourceworkspaces:- name: maven-repoworkspace: local-maven-reporunAfter:- archive
EOF
)"
或者可以根据下图在OpenShift控制台上增加“create-image”任务。
- 用命令运行测试“tasks-dev-pipeline”管道。
$ tkn pipeline start tasks-dev-pipeline -n ${CICD} --showlog \--resource pipeline-source=tasks-source-code \--workspace name=local-maven-repo,claimName=maven-repo-pvc
。。。
[create-build-config] Creating new build config
[create-build-config] imagestreamtag.image.openshift.io/tekton-tasks:latest created
[create-build-config] buildconfig.build.openshift.io/tekton-tasks configured[build-app-image] Start the openshift build
[build-app-image] Uploading directory "/workspace/source/oc-build" as binary input for the build ...
[build-app-image]
[build-app-image] Uploading finished
[build-app-image] build.build.openshift.io/tekton-tasks-1 started
也可在OpenShift控制台上运行“tasks-dev-pipeline”管道,然后查看管道运行的日志。
- 完成运行后可再次查看BuildConfig和istag对象,确定BuildConfig的LATEST和istag对象的“IMAGE REFERENCE”都发生了更新变化。。
$ oc get buildconfig tekton-tasks -n ${DEV}
NAME TYPE FROM LATEST
tekton-tasks Source Binary 3$ oc get istag tekton-tasks:latest -n ${DEV}
NAME IMAGE REFERENCE UPDATED
tekton-tasks:latest image-registry.openshift-image-registry.svc:5000/user1-dev/tekton-tasks@sha256:29328b9e9b9fa756e46786dceed7c0b7d7ec8e034a5d96e9c1299357e3431947 8 minutes ago
测试运行生成的 Image
- 执行命令,基于上一步生成的“tekton-tasks:latest”镜像运行应用。
$ oc new-app --image-stream=tekton-tasks:latest -n ${DEV}
$ oc expose svc tekton-tasks -n ${DEV}
- 或者用OpenShift控制台根据下图进入“容器镜像”
然后部署“user1-dev”中的“tekton-tasks:latest”镜像流。
在部署好后点击“路由”下方的链接即可访问应用。
OpenShift 4 - DevSecOps Workshop (8) - 为Pipeline增加生成Image任务相关推荐
- OpenShift 4 - DevSecOps Workshop (7) - 为Pipeline增加向Nexus制品库推送任务
<OpenShift 4.x HOL教程汇总> 说明:本文已经在OpenShift 4.8环境中验证 <OpenShift 4 - DevSecOps Workshop 系列视频 & ...
- OpenShift 4 - DevSecOps Workshop (5) - 为Pipeline增加测试Task
<OpenShift 4.x HOL教程汇总> 说明:本文已经在OpenShift 4.8环境中验证 <OpenShift 4 - DevSecOps Workshop 系列视频 & ...
- OpenShift 4 - DevSecOps Workshop (6) - 为Pipeline增加SonarQube实现SAST
<OpenShift 4.x HOL教程汇总> 说明:本文已经在OpenShift 4.8环境中验证 <OpenShift 4 - DevSecOps Workshop 系列视频 & ...
- OpenShift 4 - DevSecOps Workshop (4) - 为 Task 增加参数和Workspace
<OpenShift 4.x HOL教程汇总> 说明:本文已经在OpenShift 4.8环境中验证 <OpenShift 4 - DevSecOps Workshop 系列视频 & ...
- OpenShift 4 - DevSecOps Workshop (11) - 通过Trigger启动Pipeline运行
<OpenShift 4.x HOL教程汇总> 说明:本文已经在OpenShift 4.8环境中验证 <OpenShift 4 - DevSecOps Workshop 系列视频 & ...
- [OpenShift 4 - DevSecOps Workshop (16) - 使用 VSCode 编辑运行 Tekton Pipeline 资源
<OpenShift 4.x HOL教程汇总> 说明:本文已经在OpenShift 4.8环境中验证 <OpenShift 4 - DevSecOps Workshop 系列视频 & ...
- OpenShift 4 - DevSecOps Workshop (3) - 从PipelineResource、Task到一个简单的Pipeline
<OpenShift 4.x HOL教程汇总> 说明:本文已经在OpenShift 4.8环境中验证 <OpenShift 4 - DevSecOps Workshop 系列视频 & ...
- OpenShift 4 - DevSecOps Workshop (2) - 运行一个基于Tekton的Pipeline示例
<OpenShift 4.x HOL教程汇总> 说明:本文已经在OpenShift 4.8环境中验证 <OpenShift 4 - DevSecOps Workshop 系列视频 & ...
- OpenShift 4 - DevSecOps Workshop (15) - 利用OpenShift GitOps向多个目标部署应用
<OpenShift 4.x HOL教程汇总> 说明:本文已经在OpenShift 4.8环境中验证 <OpenShift 4 - DevSecOps Workshop 系列视频 & ...
最新文章
- Android 短信模块分析(四) MMS之短信的发送与接收
- JavaScript(15)jQuery 选择器
- NET问答: 如何让 HttpClient 支持 Http 2.0 协议?
- 当当网首页——CSS代码
- java mousepress_Java线程原语弃用
- java 0l是多少_Java 构造器 - osc_0ltyoebk的个人空间 - OSCHINA - 中文开源技术交流社区...
- 已经人均5G了?5G手机没人买,iPhone 11没5G该不该被嘲讽?
- ORA-12505,TNS:listener does not currently know of SID given in connect descriptor(不知道的SID)
- 你知道前端工程师的发展方向吗?
- mysql 提交 按钮_表单提交按钮input和button、a的差异
- Python pip freeze获取安装的Python包并使用pip install -r还原到这些包环境(转载)
- 校园卡管理系统c语言代码,基于C++的校园一卡通管理系统
- c#获取文件的MD5值
- 复联3观影指南丨漫威宇宙里的AI黑科技
- 问题 F: 小明与隔壁老王之间不得不说的故事
- moveit缺少libfcl.so.0.6文件
- 找到堡垒后的目标--逆向CDN的各种方式总结(干货,附解决方案
- BFS、DFS复杂度分析(时间、空间)
- vscode 前端常用插件推荐
- html中3d哪个方向是x轴,详解用CSS绘制3D旋转立方体