前言

CICD已经成为业界主流，Tekton作为Google亲自drive的项目，重要性不言而喻
要做吃螃蟹的人，长江后浪推前浪，把前浪拍死在沙滩上
开坑Tekton，第一阶段主要focus在Tekton官方手册上，了解基本用法
Tekton与k8s息息相关，间或穿插k8s相关
Tekton的定位一言以蔽之：next generation engine
- 应用场景实例：push代码到GitHub上，自动trigger以下operation：build source code，然后将image push到remote hub上

Tekton tutorial

introduction

Create a Task
Create a Pipeline containing your Tasks
Use a TaskRun to instantiate and execute a Task outside of a Pipeline
Use a PipelineRun to instantiate and run a Pipeline containing your Tasks

Creating and running a Task

A Task defines a series of steps that run in a desired order and complete a set amount of build work. Every Task runs as a Pod on your Kubernetes cluster with each step as its own container. For example, the following Task outputs “Hello World”:
kind:Task etc

Tasks

QA

overview

collection of steps as part of CI flow
A task executes as a Pod on Kubernates cluster
task available within a specific ns/clusterTask available across the entire cluster

学习展望

学习Kubernetes-style resources for declaring CI/CD style pipelines
The pipelines run on Kubernetes like any other process.
Each step runs as an independent container.
Tekon run on k8s

Tekton Pipelines is a Kubernetes extension that installs and runs on your Kubernetes cluster. It defines a set of Kubernetes Custom Resources that act as building blocks from which you can assemble CI/CD pipelines. Once installed, Tekton Pipelines becomes available via the Kubernetes CLI (kubectl) and API calls, just like pods and other resources.

You will learn:
- How to install a private registry with a UI
- How to install the Tekton controller and optional CLI tool
- How to declare resources specific to defining a CI/CD pipeline
- About various Tekton resources like Resources, Tasks, and Pipelines
- How to kick off a pipeline and inspect its progress

整体

Step-task-pipeline

a k8s cluster + helm + prepare k8s dashboard
install registry+ registry proxies as Node Daemons+ install registry UI
1. Build container ->deploy them to registry
clone JS app
install tekon
install tekon dashboard
install tkn(manage tekon resource)
Apply ppresource
Apply two task
apply pipeline
need account access private resource

概念

cluster
node
component
K8s workflow
Container registries
stable helm chart for docker registry
stable chart
docker engine on each node
Tekton is a Kubernetes Operator
it can be completely administered using the standard Kubernetes manifests using the defined custom resources that have been associated with the Tekton controllers.
apply命令
A task will run inside a Pod on your cluster.
Each Tekton task runs as a Kubernetes Pod. Each step in the task runs as a separate container in the task’s Pod.
a task is a Pod

前提

a k8s cluster
Helm:包manager用于在K8S上安装应用
kubectl用于管理cluster

step by step

The Docker engine will pull from a “localhost” registry without triggering its security precautions.
run a kube-registry-proxy on each node in the cluster, exposing a port on the node (via the hostPort value), which Docker accepts since it is accessed by localhost.
Internal to all the container engines in the cluster, the registry is now available as a service for pushing and pulling container images. Pods can pull images from the registry at http://localhost:5000 and the proxies resolve the requests to https://registry-docker-registry.kube-system:5000.

Pipeline RunPipelineTasksStepsResources

apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:name: git
spec:type: gitparams:- name: revisionvalue: master- name: urlvalue: https://github.com/javajon/node-js-tekton

apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:name: build-image-from-source
spec:inputs:resources:- name: git-sourcetype: gitparams:- name: pathToContextdescription: The path to the build context, used by Kaniko - within the workspacedefault: .- name: pathToDockerfiledescription: The path to the Dockerfile to builddefault: Dockerfile- name: imageUrldescription: value should be like - us.icr.io/test_namespace/builtImageApp- name: imageTagdescription: Tag to apply to the built imagesteps:- name: list-srcimage: alpinecommand:- "ls"args:- "$(inputs.resources.git-source.path)"- name: build-and-pushimage: gcr.io/kaniko-project/executorcommand:- /kaniko/executorargs:- "--dockerfile=$(inputs.params.pathToDockerfile)"- "--destination=$(inputs.params.imageUrl):$(inputs.params.imageTag)"- "--context=$(inputs.resources.git-source.path)/$(inputs.params.pathToContext)/"- "--insecure"- "--insecure-pull"- "--skip-tls-verify"- "--skip-tls-verify-pull"

apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:name: deploy-application
spec:inputs:resources:- name: git-sourcetype: gitparams:- name: pathToContextdescription: The path to the build context, used by Kaniko - within the workspacedefault: .- name: pathToYamlFiledescription: The path to the yaml file to deploy within the git sourcedefault: deploy.yaml- name: imageUrldescription: Url of image repositorydefault: url- name: imageTagdescription: Tag of the images to be used.default: "latest"steps:- name: update-yamlimage: alpinecommand: ["sed"]args:- "-i"- "-e"- "s;IMAGE;$(inputs.params.imageUrl):$(inputs.params.imageTag);g"- "$(inputs.resources.git-source.path)/$(inputs.params.pathToContext)/$(inputs.params.pathToYamlFile)"- name: deploy-appimage: lachlanevenson/k8s-kubectlcommand: ["kubectl"]args:- "apply"- "-f"- "$(inputs.resources.git-source.path)/$(inputs.params.pathToContext)/$(inputs.params.pathToYamlFile)"

实例

常用命令

kubectl apply -f task-test.yaml
kubectl apply -f pipelineresource.yaml
kubectl apply -f taskrun.yaml查看 TaskRun 资源对象的状态来查看构建状态
kubectl get taskrun查看pods状态
kubectl get pods来查看任务运行的过程
kubectl describe pod testrun-pod-mw9bt查看容器的日志信息来了解任务的执行结果信息
kubectl logs testrun-pod-mw9bt --all-containers

创建CICD流水线

一款功能强大而灵活的 CI/CD 开源的云原生框架
Tekton 的前身是 Knative 项目的 build-pipeline 项目，这个项目是为了给 build 模块增加 pipeline 的功能，但是随着不同的功能加入到 Knative build 模块中，build 模块越来越变得像一个通用的 CI/CD 系统，于是，索性将 build-pipeline 剥离出 Knative，就变成了现在的 Tekton，而 Tekton 也从此致力于提供全功能、标准化的云原生 CI/CD 解决方案
创建一个构建流水线，在流水线中将运行应用程序的单元测试、构建 Docker 镜像然后推送到 Docker Hub

准备：可用的K8S集群，tekton安装

setup

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.14.2/release.yamlbrew install tektoncd-clikubectl apply --filename https://storage.googleapis.com/knative-releases/serving/latest/istio.yamlkubectl label namespace default istio-injection=enabledkubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml

基础概念

Task
- 任务执行模板
- 包含step（负责基于镜像启动container来执行操作，每个step由一个pod执行）
TaskRun
- 运行task，创建taskrun则运行task
- 传入task所需参数
Pipeline
- 编排task
PipelineRun
- 运行PP，创建即运行
PipelineResource
- 用于task间共享资源
- 可以把GIT仓库信息放在resource中
Tekton 本身是 Kubernetes 原生的编排系统。所以可以直接使用 Kubernetes 的 ServiceAccount 机制实现鉴权

这五个概念每一个都是以 CRD 的形式提供服务的

实例2

Tekton 作为 Knative Build 模块的升级版，提供了更丰富的功能，可以适用更多的场景

Docker Hub配置

为了能够build Docker 镜像，一般需要使用 Docker 来进行，我们这里是容器，所以可以使用 Docker In Docker 模式，但是这种模式安全性不高
除了这种方式之外，我们还可以使用 Google 推出的 Kaniko 工具来进行构建，该工具可以在 Kubernetes 集群中构建 Docker 镜像而无需依赖 Docker 守护进程。
使用 Kaniko 构建镜像和 Docker 命令基本上一致，所以我们可以提前设置下 Docker Hub 的登录凭证，方便后续将镜像推送到镜像仓库。登录凭证可以保存到 Kubernetes 的 Secret 资源对象中，创建一个名为 secret.yaml 的文件
- 注解信息是用来告诉 Tekton 这些认证信息所属的 Docker 镜像仓库

RBAC

icepanel，可以用来快速创建和可视化我们的 Kubernetes 微服务应用程序

workspaces

工作空间是一种为执行中的管道及其任务提供可用的共享卷的方法。

在pipeline中定义worksapce作为共享卷传递个相关的task。在tekton中定义workspace的用途有以下几点：

存储输入和/或输出
在task之间共享数据
secret认证的挂载点
ConfigMap中保存的配置的挂载点
组织共享的常用工具的挂载点
高速缓存的构建工件可加快工作速度，简而言之，用于缓存构建时的包,例如作为Maven仓库存储

results

piple中可以使用task的运行结果作为其他Task的输入，即task可在执行过程中生成一些result,这些result可用作pipeline后续task中的参数值,此外Tekton将根据输入参数来推断tasks的执行顺序，以确保生成result的task在那些消耗其结果的task之前运行。

Eventlistener

k8s custome resource
process incoming HTTP based events with JSON payloads
EventListeners expose an addressable “Sink” to which incoming events are directed. (?)
Users can declare TriggerBindings to extract fields from events, and apply them to TriggerTemplates in order to create Tekton resources.
In addition, EventListeners allow lightweight event processing using Event Interceptors.

syntax

define a configuration file for an EventListener resource

1.1 Tekton学习笔记之基本概念相关推荐

Docker:学习笔记(1)——基础概念
Docker:学习笔记(1)--基础概念 Docker是什么软件开发后,我们需要在测试电脑.客户电脑.服务器安装运行,用户计算机的环境各不相同,所以需要进行各自的环境配置,耗时耗力.为了解决这个问题 ...
HTML/CSS学习笔记01【概念介绍、基本标签】
w3cschool菜鸟教程.CHM(腾讯微云):https://share.weiyun.com/c1FaX6ZD HTML/CSS学习笔记01[概念介绍.基本标签.表单标签][day01] HTML ...
网络流算法学习笔记——最大流问题基本概念和Ford-Fulkerson方法（标号法C++实现）
屈婉玲<算法设计与分析>第2版第7章网络流算法学习笔记. 基本概念最大流问题,相当于有从s到t的供水系统,每段路径都有限定流量,除了s.t两地外,每个中间点都不能滞留,从s流入多少,就从 ...
利用计算机技术实现对文本篇章,自然语言处理NLP学习笔记一：概念与模型初探...
前言先来看一些demo,来一些直观的了解. 自然语言处理: 可以做中文分词,词性分析,文本摘要等,为后面的知识图谱做准备. 知识图谱: 还有2个实际应用的例子,加深对NLP的理解九歌机器人: 微软 ...
TCP/IP详解学习笔记(1)-基本概念
为什么会有TCP/IP协议在世界上各地,各种各样的电脑运行着各自不同的操作系统为大家服务,这些电脑在表达同一种信息的时候所使用的方法是千差万别.就好像圣经中上帝打乱了各地人的口音,让他们无法合作一样 ...
冰冰学习笔记：进程概念
欢迎各位大佬光临本文章!!! 还请各位大佬提出宝贵的意见,如发现文章错误请联系冰冰,冰冰一定会虚心接受,及时改正. 本系列文章为冰冰学习编程的学习笔记,如果对您也有帮助,还请各位大佬.帅哥.美女点点支 ...
认知无线电学习笔记1 物理层概念
认知无线电学习笔记1 认知无线电物理层基础 Physical architecture of the cognitive radio PHY LAYER: 频谱感知(侦听) 接入技术 Radio fr ...
（1）《Head First HTML与CSS》学习笔记---HTML基本概念
前言: 1. 这本书并没有面面俱到,涵盖所有内容,只提供作为初学者真正需要的东西:基本知识和信心.所以这不是唯一的参考书.(我买了一本<HTML5权威指南>作为参考书和这本一起看, ...
遗传算法(Genetic Algorithm)之deap学习笔记(一): 基础概念
遗传算法是通过计算机模拟生物学中的染色体用于解决最优化的一种搜索算法. 使用遗传算法要考虑的因素: 个体表征(Individual representation) 评估和适应度分配(Evaluatio ...

1.1 Tekton学习笔记之基本概念

前言