开源 CI/CD 构建框架 TekTon 的深入剖析
简介
实现原理
DAG 支持
示例:
- name: lint-repo
taskRef:
name: pylint
resources:
inputs:
- name: workspace
resource: my-repo
- name: test-app
taskRef:
name: make-test
resources:
inputs:
- name: workspace
resource: my-repo
- name: build-app
taskRef:
name: kaniko-build-app
runAfter:
- test-app
resources:
inputs:
- name: workspace
resource: my-repo
outputs:
- name: image
resource: my-app-image
- name: build-frontend
taskRef:
name: kaniko-build-frontend
runAfter:
- test-app
resources:
inputs:
- name: workspace
resource: my-repo
outputs:
- name: image
resource: my-frontend-image
- name: deploy-all
taskRef:
name: deploy-kubectl
resources:
inputs:
- name: my-app-image
resource: my-app-image
from:
- build-app
- name: my-frontend-image
resource: my-frontend-image
from:
- build-frontend
| |
v v
test-app lint-repo
/ \
v v
build-app build-frontend
\ /
v v
deploy-all
条件判断
https://github.com/tektoncd/pipeline/blob/e2755583d52ae46907790d40ba4886d55611cd23/docs/conditions.md
* condition检查失败(exitCode != 0),task不会被执行,pipelineRun状态不会因为condition检查失败而失败。
* 多个条件之间 “与” 逻辑关系
PipelineResource 在 Task 间数据交换
kind: PipelineResource
metadata:
name: skaffold-git-build-push-kaniko
spec:
type: git
params:
- name: revision
value: v0.32.0
- name: url
value: https://github.com/GoogleContainerTools/skaffold
kind: Task
metadata:
name: build-push-kaniko
spec:
inputs:
resources:
- name: workspace
type: git
steps:
- name: build-and-push
image: registry.cn-shanghai.aliyuncs.com/kaniko-project-edas/executor:v0.17.1
Task中Step执行顺序控制
Tekton 源自 Knative Build ,在 Knative Build 中使用 Init-container 来串联 Steps 保证 Steps 顺序执行,在上面的分析中我们知道 Tekton 是用 Containers 来执行 Steps , Pod 的 Containers 是并行执行的, Tekton 是如何保证 Steps 执行顺序呢?
这是一个 TaskRun 创建的 Pod 的部分描述信息,可以看到所有的 Step 都是被 /tekton/tools/entrypoints 封装起来执行的。 -wait_file 指定一个文件,通过监听文件句柄,在探测到文件存在时执行被封装的 Step 任务。 -post_file 指定一个文件,在Step任务完成后创建这个文件。通过文件序列 /tekton/tools/${index} 来对 Step 进行排序。
- args:
- -wait_file
- /tekton/tools/0
- -post_file
- /tekton/tools/1
- -termination_path
- /tekton/termination
- -entrypoint
- /ko-app/git-init
- --
- -url
- https://github.com/GoogleContainerTools/skaffold
- -revision
- v0.32.0
- -path
- /workspace/workspace
command:
- /tekton/tools/entrypoint
image: registry.cn-shanghai.aliyuncs.com/kaniko-project-edas/git-init:v0.10.2
name: step-git-source-skaffold-git-build-push-kaniko-rz765
- args:
- -wait_file
- /tekton/tools/1
- -post_file
- /tekton/tools/2
- -termination_path
- /tekton/termination
- -entrypoint
- /kaniko/executor
- --
- --dockerfile=Dockerfile
- --destination=localhost:5000/leeroy-web
- --context=/workspace/workspace/examples/microservices/leeroy-web
- --oci-layout-path=$(inputs.resources.builtImage.path)
command:
- /tekton/tools/entrypoint
image: registry.cn-shanghai.aliyuncs.com/kaniko-project-edas/executor@sha256:565d31516f9bb91763dcf8e23ee161144fd4e27624b257674136c71559ce4493
name: step-build-and-push
- args:
- -wait_file
- /tekton/tools/2
- -post_file
- /tekton/tools/3
- -termination_path
- /tekton/termination
- -entrypoint
- /ko-app/imagedigestexporter
- --
- -images
- '[{"name":"skaffold-image-leeroy-web-build-push-kaniko","type":"image","url":"localhost:5000/leeroy-web","digest":"","OutputImageDir":"/workspace/output/builtImage"}]'
command:
- /tekton/tools/entrypoint
image: registry.cn-shanghai.aliyuncs.com/kaniko-project-edas/imagedigestexporter:v0.10.2
name: step-image-digest-exporter-lvlj9
实践
使用 Tekton 构建代码并部署到 SAE
Serverless 应用引擎( SAE ) 是阿里云上一款面向应用的 Serverless PaaS 平台,帮助 PaaS 层用户免运维 IaaS,按需使用,按量计费,实现低门槛微服务应用上云,有效解决成本及效率问题。支持 Spring Cloud、Dubbo 和 HSF 等流行的开发框架,真正实现了 Serverless 架构和微服务架构的完美融合。
接下来将使用 Tekton 部署一个 Spring Cloud 微服务应用到 SAE 平台。
示例中的演示代码地址:https://github.com/alicloud-demo/spring-cloud-demo
1、前置条件
在 Kubernetes 集群上安装 Tekton :
https://github.com/tektoncd/pipeline/blob/master/docs/install.md
创建一个 SAE 应用:
https://help.aliyun.com/document_detail/122439.html
2、定义一个 Git 资源
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: spring-cloud-demo
spec:
type: git
params:
- name: url
value: https://github.com/alicloud-demo/spring-cloud-demo
3、定义构建和部署 Task
根据 SAE 官方文档进行部署,详情参考:
https://help.aliyun.com/document_detail/110639.html
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: build-deploy-sae
spec:
inputs:
resources:
- name: source
type: git
steps:
- name: build-and-deploy
image: maven:3.3-jdk-8
command: ["mvn", "clean", "package", "-f", "source", "toolkit:deploy", "-Dtoolkit_profile=toolkit_profile.yaml", "-Dtoolkit_package=toolkit_package.yaml", "-Dtoolkit_deploy=toolkit_deploy.yaml"]
securityContext:
runAsUser: 0
4、定义 TaskRun 运行任务
apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
name: build-deploy-sae
spec:
taskRef:
name: build-deploy-sae
inputs:
resources:
- name: source
resourceRef:
name: spring-cloud-demo
5、导入到kubernetes中运行
kubectl apply -f source-2-service-taskrun.yaml
6、查看日志
kubectl logs build-deploy-sae-pod-85xdk step-build-and-deploy
构建日志:
部署日志:
[INFO] Start to upload [provider3-1.0-SNAPSHOT.jar] using [Sae uploader].
[INFO] [##################################################] 100.0%
[INFO] Upload finished in 3341 ms, download url: [https://edas-hz.oss-cn-hangzhou.aliyuncs.com/apps/K8S_APP_ID/37adb12b-5f0c-4711-98ec-1f1e91e6b043/provider3-1.0-SNAPSHOT.jar]
[INFO] Begin to trace change order: e2499b9a-6a51-4904-819c-1838c1dd62cb
[INFO] PipelineName: Batch: 1, PipelineId:f029314a-88bb-450b-aa35-7cc550ff1329
[INFO] Waiting...
[INFO] Waiting...
[INFO] Waiting...
[INFO] Waiting...
[INFO] Waiting...
[INFO] Waiting...
[INFO] Waiting...
[INFO] Waiting...
[INFO] Deploy application successfully!
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 32:41 min
[INFO] Finished at: 2020-04-15T10:09:39+00:00
[INFO] Final Memory: 47M/190M
[INFO] ------------------------------------------------------------------------
7、验证部署结果
在 SAE 控制台查看变更记录:
验证应用访问:
总结
区别于传统的 CI/CD 工具(Jenkins),Tekton 是一套构建 CICD 系统的框架。Tekton 不能使你立即获得 CI/CD 的能力。但是基于 Tekton 可以设计出各种花式的构建部署流水线。
作者信息:
九辩,阿里巴巴高级开发工程师,负责阿里云EDAS(企业级分布式应用服务)应用生命周期研发工作,长期关注云时代微服务的部署和治理工作。
来源:本文转自公众号阿里巴巴中间件,点击查看原文。
GNSEC 2020 线上峰会,专注于全方位的软件工程和技术,致力于定义新一代的软件工程。
近期好文: