阿里云Kubernetes服务上使用Tekton完成应用发布初体验
Tekton 是一个功能强大且灵活的 Kubernetes 原生开源框架,用于创建持续集成和交付(CI/CD)系统。通过抽象底层实现细节,用户可以跨多云平台和本地系统进行构建、测试和部署。
本文是基于阿里云Kubernetes服务部署Tekton Pipeline,并使用它完成源码拉取、应用打包、镜像推送和应用部署的实践过程。
Tekton Pipeline中有5类对象,核心理念是通过定义yaml定义构建过程.构建任务的状态存放在status字段中。
其中5类对象分别是:PipelineResouce、Task、TaskRun、Pipeline、PipelineRun。
Task是单个任务的构建过程,需要通过定义TaskRun任务去运行Task。
Pipeline包含多个Task,并在此基础上定义input和output,input和output以PipelineResource作为交付。
PipelineResource是可用于input和output的对象集合。
同样地,需要定义PipelineRun才会运行Pipeline。
1. 在阿里云Kubernetes集群中部署Tekton Pipeline
kubectl apply --filename https://storage.googleapis.com/tekton-releases/latest/release.yaml
查看Tekton Pipelines组件是否运行正常:
$ kubectl -n tekton-pipelines get po NAME READY STATUS RESTARTS AGE tekton-pipelines-controller-6bcd7ff5d6-vzmrh 1/1 Running 0 25h tekton-pipelines-webhook-6856cf9c47-l6nj6 1/1 Running 0 25h
2. 创建Git Resource, Registry Resource
编辑 git-pipeline-resource.yaml :
apiVersion: tekton.dev/v1alpha1 kind: PipelineResource metadata: name: git-pipeline-resource spec: type: git params: - name: revision value: tekton - name: url value: https://code.aliyun.com/haoshuwei/jenkins-demo.git
git repo的分支名称为 tekton 。
编辑 registry-pipeline-resource.yaml :
apiVersion: tekton.dev/v1alpha1 kind: PipelineResource metadata: name: registry-pipeline-resource spec: type: image params: - name: url value: registry.cn-hangzhou.aliyuncs.com/haoshuwei/tekton-demo
容器镜像仓库地址为 registry.cn-hangzhou.aliyuncs.com/haoshuwei/tekton-demo, 标签为 latest
创建pipeline resource:
$ kubectl -n tekton-pipelines create -f git-pipeline-resource.yaml $ kubectl -n tekton-pipelines create -f registry-pipeline-resource.yaml
查看已创建的pipeline resource资源:
$ kubectl -n tekton-pipelines get PipelineResource NAME AGE git-pipeline-resource 2h registry-pipeline-resource 2h
3. 创建Git Repo/Docker Registry Authentication
拉取私有git源码项目需要配置使用Git Repo Authentication;拉取和推送docker镜像需要配置Docker Registry Authentication。在Tekton Pipeline中,Git Repo/Docker Registry Authentication会被定义成ServiceAccount来使用。
编辑 secret tekton-basic-user-pass-git.yaml :
apiVersion: v1 kind: Secret metadata: name: tekton-basic-user-pass-git annotations: tekton.dev/git-0: https://code.aliyun.com type: kubernetes.io/basic-auth stringData: username: <cleartext non-encoded> password: <cleartext non-encoded>
编辑 secret tekton-basic-user-pass-registry.yaml :
apiVersion: v1 kind: Secret metadata: name: tekton-basic-user-pass-registry annotations: tekton.dev/docker-0: https://registry.cn-hangzhou.aliyuncs.com type: kubernetes.io/basic-auth stringData: username: <cleartext non-encoded> password: <cleartext non-encoded>
编辑 serviceaccount tekton-git-and-registry.yaml :
apiVersion: v1 kind: ServiceAccount metadata: name: tekton-git-and-registry secrets: - name: tekton-basic-user-pass-git - name: tekton-basic-user-pass-registry
创建serviceaccount:
$ kubectl -n tekton-pipelines create -f tekton-basic-user-pass-git.yaml $ kubectl -n tekton-pipelines create -f tekton-basic-user-pass-registry.yaml $ kubectl -n tekton-pipelines create -f tekton-git-and-registry.yaml
查看secret以及sa:
$ kubectl -n tekton-pipelines get secret NAME TYPE DATA AGE default-token-pwncj kubernetes.io/service-account-token 3 25h tekton-basic-user-pass-git kubernetes.io/basic-auth 2 151m tekton-basic-user-pass-registry kubernetes.io/basic-auth 2 151m tekton-git-and-registry-token-tr95m kubernetes.io/service-account-token 3 151m tekton-pipelines-controller-token-lc2fv kubernetes.io/service-account-token 3 25h webhook-certs Opaque 3 25h
$ kubectl -n tekton-pipelines get sa NAME SECRETS AGE default 1 25h tekton-git-and-registry 3 152m tekton-pipelines-controller 1 25h
4. 配置serviceaccount tekton-git-and-registry获取命名空间tekton-pipelines的管理权限用于部署应用
创建ClusterRoleBinding tekton-cluster-admin :
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: tekton-cluster-admin subjects: - kind: ServiceAccount name: tekton-git-and-registry namespace: tekton-pipelines roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io
5. 创建一个Task
创建task build-app.yaml :
apiVersion: tekton.dev/v1alpha1 kind: Task metadata: name: build-app spec: inputs: resources: - name: java-demo type: git params: - name: pathToDockerFile description: The path to the dockerfile to build default: /workspace/java-demo/Dockerfile - name: pathToContext description: The build context used by Kaniko default: /workspace/java-dem - name: pathToYaml description: The path to teh manifest to apply outputs: resources: - name: builtImage type: image steps: - name: build-mvn-package image: registry.cn-beijing.aliyuncs.com/acs-sample/jenkins-slave-maven:3.3.9-jdk-8-alpine workingDir: /workspace/java-demo command: - mvn args: - package - -B - -DskipTests - name: build-docker-image image: registry.cn-beijing.aliyuncs.com/acs-sample/jenkins-slave-kaniko:0.6.0 command: - kaniko args: - --dockerfile=${inputs.params.pathToDockerFile} - --destination=${outputs.resources.builtImage.url} - --context=${inputs.params.pathToContext} - name: deploy-app image: registry.cn-beijing.aliyuncs.com/acs-sample/jenkins-slave-kubectl:1.11.5 command: - kubectl args: - apply - -f - ${inputs.params.pathToYaml}
6. 创建TaskRun运行任务
创建taskrun build-app-task-run.yaml :
apiVersion: tekton.dev/v1alpha1 kind: TaskRun metadata: name: build-app-task-run spec: serviceAccount: tekton-git-and-registry taskRef: name: build-app trigger: type: manual inputs: resources: - name: java-demo resourceRef: name: git-pipeline-resource params: - name: pathToDockerFile value: Dockerfile - name: pathToContext value: /workspace/java-demo - name: pathToYaml value: /workspace/java-demo/deployment.yaml outputs: resources: - name: builtImage resourceRef: name: registry-pipeline-resource
7. 查看构建状态以及日志
查看taskrun状态:
$ kubectl -n tekton-pipelines get taskrun NAME SUCCEEDED REASON STARTTIME COMPLETIONTIME build-app-task-run Unknown Pending 4s
查看构建日志:
$ kubectl -n tekton-pipelines get po NAME READY STATUS RESTARTS AGE build-app-task-run-pod-b8f890 3/5 Running 0 75s tekton-pipelines-controller-6bcd7ff5d6-vzmrh 1/1 Running 0 25h tekton-pipelines-webhook-6856cf9c47-l6nj6 1/1 Running 0 25h
$ kubectl -n tekton-pipelines logs -f build-app-task-run-pod-b8f890 Error from server (BadRequest): a container name must be specified for pod build-app-task-run-pod-b8f890, choose one of: [build-step-git-source-git-pipeline-resource-77l5v build-step-build-mvn-package build-step-build-docker-image build-step-deploy-app nop] or one of the init containers: [build-step-credential-initializer-8dsnm build-step-place-tools]
mvn build的日志:
$ kubectl -n tekton-pipelines logs -f build-app-task-run-pod-b8f890 -c build-step-build-mvn-package [INFO] Scanning for projects... [INFO] [INFO] ------------------------------------------------------------------------ [INFO] Building jenkins-demo-web 1.0.0-SNAPSHOT [INFO] ------------------------------------------------------------------------ [INFO] Downloading: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom [INFO] Downloaded: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom (8 KB at 7.3 KB/sec) [INFO] Downloading: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom [INFO] Downloaded: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom (9 KB at 26.7 KB/sec) [INFO] Downloading: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom [INFO] Downloaded: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom (30 KB at 61.3 KB/sec) [INFO] Downloading: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom [INFO] Downloaded: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom (15 KB at 45.3 KB/sec) ....
docker build的日志:
$ kubectl -n tekton-pipelines logs -f build-app-task-run-pod-b8f890 -c build-step-build-docker-image INFO[0000] Downloading base image tomcat 2019/05/06 11:58:46 No matching credentials were found, falling back on anonymous INFO[0003] Taking snapshot of full filesystem... INFO[0003] Skipping paths under /builder/home, as it is a whitelisted directory INFO[0003] Skipping paths under /builder/tools, as it is a whitelisted directory INFO[0003] Skipping paths under /dev, as it is a whitelisted directory INFO[0003] Skipping paths under /kaniko, as it is a whitelisted directory INFO[0003] Skipping paths under /proc, as it is a whitelisted directory INFO[0003] Skipping paths under /run/secrets/kubernetes.io/serviceaccount, as it is a whitelisted directory INFO[0003] Skipping paths under /sys, as it is a whitelisted directory INFO[0003] Skipping paths under /var/run, as it is a whitelisted directory INFO[0003] Skipping paths under /workspace, as it is a whitelisted directory INFO[0003] Using files from context: [/workspace/java-demo/target/demo.war] INFO[0003] ADD target/demo.war /usr/local/tomcat/webapps/demo.war INFO[0003] Taking snapshot of files... ...
app-deploy的日志:
$ kubectl -n tekton-pipelines logs -f build-app-task-run-pod-637855 -c build-step-deploy-app deployment.extensions/jenkins-java-demo created service/jenkins-java-demo created
taskrun的完成状态为True则构建部署过程完成:
$ kubectl -n tekton-pipelines get taskrun NAME SUCCEEDED REASON STARTTIME COMPLETIONTIME build-app-task-run True 4m 2m
8. 小结
Tekton Pipeline中任务模板可以拿来复用,而不需要重复定义,另外通过CRD重新定义CI/CD是一大亮点,初学者可能会觉得有些绕。
持续实验持续更新中。
作者:流生
原文链接
本文为云栖社区原创内容,未经允许不得转载。
低调大师中文资讯倾力打造互联网数据资讯、行业资源、电子商务、移动互联网、网络营销平台。
持续更新报道IT业界、互联网、市场资讯、驱动更新,是最及时权威的产业资讯及硬件资讯报道平台。
转载内容版权归作者及来源网站所有,本站原创内容转载请注明来源。
- 上一篇
在浏览器中进行深度学习:TensorFlow.js (十)构建一个推荐系统
推荐系统是机器学习的一个常见应用场景,它用于预测用户对物品的“评分”或“偏好”。通常推荐系统产生推荐列表的方式通常有两种: 协同过滤以及基于内容推荐,或者基于个性化推荐。协同过滤方法根据用户历史行为(例如其购买的、选择的、评价过的物品等)结合其他用户的相似决策建立模型。这种模型可用于预测用户对哪些物品可能感兴趣(或用户对物品的感兴趣程度)。 基于内容推荐利用一些列有关物品的离散特征,推荐出具有类似性质的相似物品。 如上图所示,简单的说,协同过滤就是给类似的用户推荐类似的东西,因为用户老王和老李比较像,而老李喜欢玩炉石传说,所以我们给老王也推荐炉石传说。而基于内容的推荐就是因为老王喜欢玩王者荣耀,而撸啊撸是和王者荣耀类似的游戏,所以我们给老王推荐撸啊撸。 好了,那么我们就来利用TensorflowJS构建一个电影推荐系统。 数据源 第一步是数据源,要推荐电影,网上有很多的相关网站。例如IMDB。这里我们使用另一大家可能不太熟悉的数据源movielens,数据分享在grouplens。 这里我们主要使用其中的两张表,电影数据movies.csv和用户评分数据ratings.csv id,t...
- 下一篇
阿里开源!轻量级深度学习端侧推理引擎 MNN
阿里妹导读:近日,阿里正式开源轻量级深度学习端侧推理引擎“MNN”。 AI科学家贾扬清如此评价道:“与 Tensorflow、Caffe2 等同时覆盖训练和推理的通用框架相比,MNN 更注重在推理时的加速和优化,解决在模型部署的阶段的效率问题,从而在移动端更高效地实现模型背后的业务。这和服务器端 TensorRT 等推理引擎的想法不谋而合。在大规模机器学习应用中,考虑到大规模的模型部署,机器学习的推理侧计算量往往是训练侧计算量的十倍以上,所以推理侧的优化尤其重要。” MNN背后的技术框架如何设计?未来有哪些规划?今天一起来深入了解。 1、MNN是什么? MNN 是一个轻量级的深度学习端侧推理引擎,核心解决深度神经网络模型在端侧推理运行问题,涵盖深度神经网络模型的优化、转换和推理。目前,MNN已经在手淘、手猫、优酷、聚划算、UC、飞猪、千牛等 20 多个 App 中使用,覆盖直播、短视频、搜索推荐、商品图像搜索、互动营销、权益发放、安全风控等场景,每天稳定运行上亿次。此外,菜鸟自提柜等 IoT 设备中也有应用。在 2018 年双十一购物节中,MNN 在天猫晚会笑脸红包、扫一扫、明星猜拳大...
相关文章
文章评论
共有0条评论来说两句吧...
文章二维码
点击排行
推荐阅读
最新文章
- Hadoop3单机部署,实现最简伪集群
- CentOS8编译安装MySQL8.0.19
- CentOS7编译安装Cmake3.16.3,解决mysql等软件编译问题
- Windows10,CentOS7,CentOS8安装MongoDB4.0.16
- SpringBoot2整合MyBatis,连接MySql数据库做增删改查操作
- SpringBoot2整合Thymeleaf,官方推荐html解决方案
- Eclipse初始化配置,告别卡顿、闪退、编译时间过长
- Springboot2将连接池hikari替换为druid,体验最强大的数据库连接池
- Mario游戏-低调大师作品
- CentOS6,CentOS7官方镜像安装Oracle11G