Trigger +Pipeline 完整实战案例

这篇具有很好参考价值的文章主要介绍了Trigger +Pipeline 完整实战案例。希望对大家有所帮助。如果存在错误或未考虑完全的地方,请大家不吝赐教,您也可以点击"举报违法"按钮提交疑问。

2.4.1 案例环境说明

  • 示例项目:http://code.icloud2native.com/root/spring-boot-helloWorld.git

  • 触发机制:

    1. 用户推送代码至项目仓库
    2. 由Push Hook 自东触发pipeline的流水线的执行

    Trigger +Pipeline 完整实战案例

2.4.2 项目实现

1、在k8s上部署一个gitlab,前面上节已经完成。

2、运行的任何一个eventlistener的webhook不允许匿名推事件,所以得生成gitlab webhook token的secret: 01-gitlab-token.yaml:

apiVersion: v1
kind: Secret
metadata:
  name: gitlab-webhook-token
type: Opaque
stringData:
  # Generated by command "openssl rand -base64 12"
  webhookToken: "8/MDKoGoabPzFeZr"

3、eventlistener运行为pod的时候,要读取trgger等资源,所以需要授予RBAC : 02-gitlab-eventlistener-rbac.yaml

apiVersion: v1 
kind: ServiceAccount
metadata:
  name: tekton-triggers-gitlab-sa
secrets:
- name: gitlab-webhook-token
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: tekton-triggers-gitlab-minimal
rules:
  # Permissions for every EventListener deployment to function
  - apiGroups: ["triggers.tekton.dev"]
    resources: ["eventlisteners", "triggerbindings", "triggertemplates", "interceptors"]
    # resources: ["*"]
    verbs: ["get", "list"]
  - apiGroups: [""]
    # secrets are only needed for Github/Gitlab interceptors, serviceaccounts only for per trigger authorization
    resources: ["configmaps", "secrets", "serviceaccounts"]
    verbs: ["get", "list", "watch"]
  # Permissions to create resources in associated TriggerTemplates
  - apiGroups: ["tekton.dev"]
    resources: ["pipelineruns", "pipelineresources", "taskruns"]
    verbs: ["create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: tekton-triggers-gitlab-binding
subjects:
  - kind: ServiceAccount
    name: tekton-triggers-gitlab-sa
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: tekton-triggers-gitlab-minimal
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: tekton-triggers-gitlab-minimal
rules:
  - apiGroups: ["triggers.tekton.dev"]
    resources: ["clusterinterceptors"]
    verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: tekton-triggers-gitlab-binding
subjects:
  - kind: ServiceAccount
    name: tekton-triggers-gitlab-sa
    namespace: default
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: tekton-triggers-gitlab-minimal

4、最后一个task: deploy-task,需要部署到k8s集群,所以该pod需要一定的权限,定义RBAC: 03-task-deploy-to-cluster-rbac.yaml:

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: helloworld-admin
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: helloworld-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: helloworld-admin
  namespace: default

5、基于maven构建的cache定义的pvc:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: maven-cache
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  storageClassName: nfs-csi
  volumeMode: Filesystem

6、将该项目所有的task定义在一个文件: 05-task-source-2-image.yaml:

---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: git-clone
spec:
  description: Clone the code repository to the workspace. 
  params:
    - name: git-repo-url
      type: string
      description: git repository url to clone
    - name: git-revision
      type: string
      description: git revision to checkout (branch, tag, sha, ref)
  workspaces:
    - name: source
      description: The git repo will be cloned onto the volume backing this workspace
  steps:
    - name: git-clone
      image: alpine/git:v2.36.1
      script: | 
        git clone -v $(params.git-repo-url) $(workspaces.source.path)/source
        cd $(workspaces.source.path)/source && git reset --hard $(params.git-revision)
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: build-to-package
spec:
  description: build application and package the files to image
  workspaces:
    - name: source
      description: The git repo that cloned onto the volume backing this workspace
  steps:
    - name: build
      image: maven:3.8-openjdk-11-slim
      workingDir: $(workspaces.source.path)/source
      volumeMounts:
        - name: m2
          mountPath: /root/.m2
      script: mvn clean install
  volumes:
    - name: m2
      persistentVolumeClaim:
        claimName: maven-cache
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: generate-build-id
spec:
  params:
    - name: version
      description: The version of the application
      type: string
  results:
    - name: datetime
      description: The current date and time
    - name: buildId
      description: The build ID
  steps:
    - name: generate-datetime
      image: ikubernetes/admin-box:v1.2
      script: |
        #!/usr/bin/env bash
        datetime=`date +%Y%m%d-%H%M%S`
        echo -n ${datetime} | tee $(results.datetime.path)
    - name: generate-buildid
      image: ikubernetes/admin-box:v1.2
      script: |
        #!/usr/bin/env bash
        buildDatetime=`cat $(results.datetime.path)`
        buildId=$(params.version)-${buildDatetime}
        echo -n ${buildId} | tee $(results.buildId.path)
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: image-build-and-push
spec:
  description: package the application files to image
  params:
    - name: dockerfile
      description: The path to the dockerfile to build (relative to the context)
      default: Dockerfile
    - name: image-url
      description: Url of image repository
    - name: image-tag
      description: Tag to apply to the built image
  workspaces:
    - name: source
    - name: dockerconfig
      mountPath: /kaniko/.docker
  steps:
    - name: image-build-and-push
      image: gcr.io/kaniko-project/executor:debug
      securityContext:
        runAsUser: 0
      env:
        - name: DOCKER_CONFIG
          value: /kaniko/.docker
      command:
        - /kaniko/executor
      args:
        - --dockerfile=$(params.dockerfile)
        - --context=$(workspaces.source.path)/source
        - --destination=$(params.image-url):$(params.image-tag)
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: deploy-using-kubectl
spec:
  workspaces:
    - name: source
      description: The git repo
  params:
    - name: deploy-config-file
      description: The path to the yaml file to deploy within the git source
    - name: image-url
      description: Image name including repository
    - name: image-tag
      description: Image tag
  steps:
    - name: update-yaml
      image: alpine:3.16
      command: ["sed"]
      args:
        - "-i"
        - "-e"
        - "s@__IMAGE__@$(params.image-url):$(params.image-tag)@g"
        - "$(workspaces.source.path)/source/deploy/$(params.deploy-config-file)"
    - name: run-kubectl
      image: lachlanevenson/k8s-kubectl
      command: ["kubectl"]
      args:
        - "apply"
        - "-f"
        - "$(workspaces.source.path)/source/deploy/$(params.deploy-config-file)

7、将前面的task定义为pipeline资源:06-pipeine-s2i.yaml:

apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: source-to-image
spec:
  params:
    - name: git-repo-url
      type: string
      description: git repository url to clone
    - name: git-revision
      type: string
      description: git revision to checkout (branch, tag, sha, ref)
      default: main
    - name: image-build-context
      description: The path to the build context, used by Kaniko - within the workspace
      default: .
    - name: image-url
      description: Url of image repository
    - name: version
      description: The version of the application
      type: string
      default: "v0.9" 
    - name: deploy-config-file
      description: The path to the yaml file to deploy within the git source
      default: all-in-one.yaml
  workspaces:
    - name: codebase
    - name: docker-config
  tasks:
    - name: git-clone
      taskRef:
        name: git-clone
      params:
        - name: git-repo-url
          value: "$(params.git-repo-url)"
        - name: git-revision
          value: "$(params.git-revision)"
      workspaces:
        - name: source
          workspace: codebase
    - name: build-to-package
      taskRef:
        name: build-to-package
      workspaces:
        - name: source
          workspace: codebase
      runAfter:
        - git-clone
    - name: generate-build-id
      taskRef:
        name: generate-build-id
      params:
        - name: version
          value: "$(params.version)"
      runAfter:
        - git-clone
    - name: image-build-and-push
      taskRef:
        name: image-build-and-push
      params:
        - name: image-url
          value: "$(params.image-url)"
        - name: image-tag
          value: "$(tasks.generate-build-id.results.buildId)"
      workspaces:
        - name: source
          workspace: codebase
        - name: dockerconfig
          workspace: docker-config
      runAfter:
        - generate-build-id
        - build-to-package
    - name: deploy-to-cluster
      taskRef:
        name: deploy-using-kubectl
      workspaces:
        - name: source
          workspace: codebase
      params:
        - name: deploy-config-file
          value: $(params.deploy-config-file)
        - name: image-url
          value: $(params.image-url)
        - name: image-tag
          value: "$(tasks.generate-build-id.results.buildId)"
      runAfter:
        - image-build-and-push

8、最后将trigger, triggerbind, triggertemplate定义:07-eventlisten.yaml

apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerBinding
metadata:
  name: s2i-binding
spec:
  params:
  - name: git-revision
    value: $(body.checkout_sha)
  - name: git-repo-url
    value: $(body.repository.git_http_url)
  - name: image-url
    value: icloud2native/spring-boot-helloworld
  - name: version
    value: v0.10
---
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:
  name: s2i-tt
spec:
  params:  # 定义参数
  - name: git-revision
  - name: git-repo-url
  - name: image-url
  - name: version
  resourcetemplates:
  - apiVersion: tekton.dev/v1beta1
    kind: PipelineRun
    metadata:
      generateName: s2i-trigger-run-  # TaskRun 名称前缀
    spec:
      serviceAccountName: default
      pipelineRef:
        name: source-to-image
      taskRunSpecs:
        - pipelineTaskName: deploy-to-cluster
          taskServiceAccountName: helloworld-admin
      params:
        - name: git-repo-url
          value: $(tt.params.git-repo-url)
        - name: git-revision
          value: $(tt.params.git-revision)
        - name: image-url
          value: $(tt.params.image-url)
        - name: version
          value: $(tt.params.version)
      workspaces:
        - name: codebase
          volumeClaimTemplate:
            spec:
              accessModes:
                - ReadWriteOnce
              resources:
                requests:
                  storage: 1Gi
              storageClassName: nfs-csi
        - name: docker-config
          secret:
            secretName: docker-config
---
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
  name: s2i-listener
spec:
  serviceAccountName: tekton-triggers-gitlab-sa
  triggers:
  - name: gitlab-push-events-trigger
    interceptors:
    - ref:
        name: "gitlab"
      params:
      - name: "secretRef"
        value:
          secretName: gitlab-webhook-token
          secretKey: webhookToken
      - name: "eventTypes"
        value:
          - "Push Hook"
          - "Tag Push Hook"
          - "Merge Request Hook"
    bindings:
    - ref: s2i-binding
    template:
      ref: s2i-tt

9、运行

kubectl apply -f .

Trigger +Pipeline 完整实战案例

10、在gitlab上增加eventlistener的webhook, 取消SSL验证

Trigger +Pipeline 完整实战案例

2.4.3 项目测试

本地修改main分支文件,然后push, 查看tekton的dashboard上是否会触发:

1、gitlab上已经push 到main分支:

Trigger +Pipeline 完整实战案例

2、查看是否触发tekton的pipeline执行

Trigger +Pipeline 完整实战案例

3、查看dockerhub以及kubernetes是否部署成功

Trigger +Pipeline 完整实战案例
Trigger +Pipeline 完整实战案例
未完待续 。。。文章来源地址https://www.toymoban.com/news/detail-455094.html

到了这里,关于Trigger +Pipeline 完整实战案例的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处: 如若内容造成侵权/违法违规/事实不符,请点击违法举报进行投诉反馈,一经查实,立即删除!

领支付宝红包 赞助服务器费用

相关文章

  • Stable Diffusion with Diffusers 学习笔记: 原理+完整pipeline代码

    参考链接: https://huggingface.co/blog/stable_diffusion#how-does-stable-diffusion-work 在这篇文章中,我们想展示如何使用Stable Diffusion with the 🧨 Diffusers library,,解释模型是如何工作的,最后深入探讨扩散器是如何允许自定义图像生成pipeline的。 如果你对扩散模型完全陌生,我们建议你阅读

    2024年02月05日
    浏览(62)
  • ColossalChat:使用完整的 RLHF Pipeline复现ChatGPT 的开源解决方案

            ChatGPT、GPT-4等大型AI模型和应用在全球范围内风靡一时,成为技术产业革命和AGI(Artificial General Intelligence)发展的基础。 不仅科技巨头竞相发布新品,许多来自学术界和产业界的人工智能专家也加入了相关的创业浪潮。 生成式 AI 每天都在快速迭代,不断完善!  

    2023年04月24日
    浏览(41)
  • 目标检测YOLO实战应用案例100讲-面向恶劣环境下的多模态 行人识别

    目录 前言 国内外研究现状  可见光行人目标识别  红外行人目标识别 

    2024年02月07日
    浏览(42)
  • LLM之RAG实战(十六)| 使用Llama-2、PgVector和LlamaIndex构建LLM Rag Pipeline

           近年来,大型语言模型(LLM)取得了显著的进步,然而大模型缺点之一是幻觉问题,即“一本正经的胡说八道”。其中RAG(Retrieval Augmented Generation,检索增强生成)是解决幻觉比较有效的方法。本文,我们将深入研究使用 transformer库 、 Llama-2模型 、 PgVector数据库 和

    2024年01月21日
    浏览(47)
  • 【Go】K8s 管理系统项目[Jenkins Pipeline K8s环境–应用部署]

    考虑到实际工作中前后端可能是不同的同学完成,一般Api部分完成后改动会比较小,web部分改动会比较频繁.于是将api和web分了2个pipeline实现 docker目录存放镜像构建相关文件 k8s-plantform-api 存放api部分代码 Jenkinsfile用作pipeline配置 yaml用作生成k8s下k8s-plantform-api相关资源 1.1.1 docker目

    2023年04月08日
    浏览(57)
  • springboot基础篇(快速入门 + 完整项目案例)

    SpringBoot程序优点: 起步依赖(简化依赖配置) parent 所有SpringBoot项目要继承的项目,定义了若干个坐标版本号(依赖管理,而非依赖),以达到减少依赖冲突的目的 自动配置(简化常用工程相关配置) stater SpringBoot中常见项目名称,定义了当前项目使用的所有依赖坐标,以

    2024年02月11日
    浏览(47)
  • 【javaWeb+tomcat+MySQL】综合案例-完整步骤

    目录 一、前提 二、创建一个普通的java项目 三、添加Web Application 四、添加tomcat 五、测试tomcat是否连接成功  六、在src目录下创建四个package 七、在WEB-INF下创建文件夹lib,导入两个jar包  八、把druid.properties粘贴在src目录下 八、实体类、方法类、测试类、连接类(代码部分)

    2024年02月07日
    浏览(48)
  • Flowable工作流入门&完整SpringBoot案例

    工作流(Workflow),是指对于一项业务,按照规定的流程,逐级传递、申请、执行等,并且受到了严格控制的一种业务过程。 BPM(Business Process Management)是指对于某项业务的整个生命周期进行全面管理的一种模式,最核心的内容包括了工作流、决策、交互等。在这些管理过程

    2024年02月12日
    浏览(44)
  • FlinkSQL kafka完整案例 可直接复制使用

    为自己记录一下flinksql 消费kafka json数据 并写入doris的完整案例 用完发现,flinksql 是真的香。 虽然尽量追求完整,但是从kafka造数据开始写,过于累赘因此省略。正文开始。 kafka原始数据 原始数据形式 flinksql 连接 准备连接sql 以下的连接器元数据可以在表定义中通过元数据列

    2024年02月14日
    浏览(39)
  • 网易云音乐小程序案例分享 附完整代码

    todo: 添加音乐到收藏(最近)列表 歌词滚动

    2023年04月24日
    浏览(39)

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

博客赞助

微信扫一扫打赏

请作者喝杯咖啡吧~博客赞助

支付宝扫一扫领取红包,优惠每天领

二维码1

领取红包

二维码2

领红包