发现极狐 GitLab 还有内置的私有镜像仓库,所以想尝试用 Tekton 来构建容器镜像,然后推送到极狐 GitLab 的私有镜像仓库。
关于 Tekton
Tekton 是 Google 开源的一款用来构建云原生 CI/CD 的工具。它把 CI/CD Pipeline 抽象成了一些概念,比如 Pipeline、Task、Step,还有 Pipeline 的“控制器” PipelineRun、Task 的“控制器” TaskRun 等等。可以用 Step、Task 来组建 Pipeline。Pipeline 与 Task 的关系如下:
极狐 GitLab 私有仓库的使用
极狐 GitLab 内置的私有镜像仓库使用是比较方便的,可以在 Project --> Packages & Registries --> Container Registry 中查看,如下图:
Tekton 构建镜像并推送
首先需要安装 Tekton-Pipeline,参考 Tekton 官网即快速完成安装:
$ kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
复制代码
在 tekton-pipelines namespace 下面就会有 pod 生成:
$ kubectl -n tekton-pipelines get podstekton-pipelines-controller-5978f55d68-fgzfh 1/1 Running 0 13dtekton-pipelines-webhook-75c56bb869-cmx6j 1/1 Running 0 13d
复制代码
接着把仓库 DevOps Is Shit / tekton-jihu-cr · GitLab clone 到本地,目录结构如下:
$ tree.├── README.md├── pipelineresource.yaml├── sa.yaml├── secret-credentials.yaml├── task.yaml└── taskrun.yaml 0 directories, 6 files
复制代码
文件说明:
pipelineresource.yaml:定义了整个 Pipeline 中的输入资源(源码,放在极狐 GitLab 上,Repo 地址为:DevOps Is Shit / tekton-image · 极狐GitLab
sa.yaml:定义了 serviceaccount
secret-credentials.yaml:定义了拉取源代码及推送镜像的凭据信息
task.yaml: Task 的定义
taskrun.yaml: Taksrun 的定义
使用 kubectl apply 命令将上述资源进行部署即可:
$ kubectl create ns tekton-jihu$ kubectl -n tekton-jihu apply -f pipelineresource.yaml$ kubectl -n tekton-jihu apply -f secret-credentials.yaml$ kubectl -n tekton-jihu apply -f sa.yaml$ kubectl -n tekton-jihu apply -f task.yaml$ kubectl -n tekton-jihu apply -f taskrun.yaml
复制代码
接着就可以看到有一个拉取源代码,构建容器镜像并推送到极狐 GitLab 私有镜像仓库上:
$ tkn -n tekton-jihu tr listNAME STARTED DURATION STATUSbuild-docker-image-run 21 hours ago 1 minute Succeeded
复制代码
整个构建是在 pod 内完成的:
$ kubectl -n tekton-jihu get podsNAME READY STATUS RESTARTS AGEbuild-docker-image-run-pod 0/4 Completed 0 21h
复制代码
可以查看构建日志,看一下推送的过程:
$ kubectl -n tekton-jihu logs -f build-docker-image-run-pod -c step-image-build-and-pushINFO[0000] Resolved base name golang:1.12.9-alpine3.9 to builderINFO[0000] Retrieving image manifest golang:1.12.9-alpine3.9INFO[0000] Retrieving image golang:1.12.9-alpine3.9 from registry DockerINFO[0003] Retrieving image manifest alpine:latestINFO[0003] Retrieving image alpine:latest from registry DockerINFO[0005] Built cross stage deps: map[0:[/tmp/main]]INFO[0005] Retrieving image manifest golang:1.12.9-alpine3.9INFO[0005] Returning cached image manifestINFO[0005] Executing 0 build triggersINFO[0005] Unpacking rootfs as cmd COPY main.go /tmp requires it.INFO[0020] WORKDIR /tmpINFO[0020] cmd: workdirINFO[0020] Changed working directory to /tmpINFO[0020] No files changed in this command, skipping snapshotting.INFO[0020] COPY main.go /tmpINFO[0020] Taking snapshot of files...INFO[0020] RUN go build main.goINFO[0020] Taking snapshot of full filesystem...INFO[0022] cmd: /bin/shINFO[0022] args: [-c go build main.go]INFO[0022] Running: [/bin/sh -c go build main.go]INFO[0023] Taking snapshot of full filesystem...INFO[0024] Saving file tmp/main for later useINFO[0024] Deleting filesystem...INFO[0024] Retrieving image manifest alpine:latestINFO[0024] Returning cached image manifestINFO[0024] Executing 0 build triggersINFO[0024] Unpacking rootfs as cmd COPY --from=builder /tmp/main /usr/src/app/ requires it.INFO[0028] WORKDIR /usr/src/app/INFO[0028] cmd: workdirINFO[0028] Changed working directory to /usr/src/app/INFO[0028] Creating directory /usr/src/app/INFO[0028] Taking snapshot of files...INFO[0028] COPY --from=builder /tmp/main /usr/src/app/INFO[0028] Taking snapshot of files...INFO[0028] CMD ["./main"]INFO[0028] Pushing image to registry.jihulab.com/keyboard-man/tekton-image:v0.0.1INFO[0094] Pushed image to 1 destinations
复制代码
从倒数第二句可以看到,镜像陪推送到了 registry.jihulab.com/keyboard-man/tekton-image中。可以在极狐GitLab界面上进行检查:
可以用这个镜像进行一个测试:
$ docker run --rm -p 9990:9990 registry.jihulab.com/keyboard-man/tekton-image:v0.0.1
复制代码
可以看到如下输出结果:
$ curl localhost:9990/devops-is-shitDevOps is shit, do you argee with me????
复制代码
可以将输出结果和源代码进行对比:
文件 · main · DevOps Is Shit / tekton-image · 极狐GitLab
利用 Tekton 来构建容器镜像并推送到极狐 GitLab 内置的镜像仓库就这么 happy 的搞定了。
评论