背景
前面的文章講了tekton中pipeline的教程和使用案例,大家有沒有想過,每次都要運行taskrun或者pipelineRun才能真正運行流水線。那怎麼做到自動化執行taskrun和pipelineRun呢?我想了下有兩種方式:
- 使用client-go去創建taskRun和pipelineRun
- 使用tekton的另一個組件trigger觸發器。
單純運行taskrun和pipelineRun,或者實例化以下task和pipeline,那麼選用trigger會比較好,因爲不需要額外開發,只需要將每次需要傳給task的參數發送給trigger中的eventlistener即可。要是用clien-go的話還要寫代碼,比較麻煩。下面我就介紹下安裝Trigger和運行一個簡單的示例。
安裝Trigger
安裝環境
- 一個版本在1.15以上的k8s集羣
- 集羣中安裝了Tekton的Pipelines組件(可參照我之前的文章)
開始安裝
官方安裝,運行以下命令:
kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml
由於裏面有些鏡像是谷歌鏡像,所以我幫大家把鏡像拉取下來了,並推送到了dockerhub上,所以大家可以運行以下命令來代替上面的官方命令:
Kubectl apply -f https://github.com/fishingfly/tekton-deploy/blob/master/tekton-trigger-release.yaml
儘量在你的機器上配置阿里雲的鏡像加速器,那拉取dokcerhub鏡像會快點。
查看是否安裝成功:
kubectl get pods --namespace tekton-pipelines
看到pod都是running的狀態,就是安裝成功了。
運行實例
運行以下yaml:
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: v1alpha1-task-template
spec:
resourcetemplates:
- apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
generateName: v1alpha1-task-run-
spec:
taskSpec:
steps:
- name: "hellothere"
image: ubuntu
script: echo "hello there"
---
apiVersion: triggers.tekton.dev/v1alpha1
kind: EventListener
metadata:
name: v1alpha1-task-listener
spec:
# from examples/role-resources/servicaccount.yaml
serviceAccountName: tekton-triggers-example-sa
triggers:
- name: v1alpha1-task-trigger
template:
name: v1alpha1-task-template
---
apiVersion: v1
kind: Secret
metadata:
name: tekton-triggers-example-secret
type: Opaque
stringData:
secretToken: "1234567"
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: tekton-triggers-example-sa
secrets:
- name: tekton-triggers-example-secret
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: tekton-triggers-example-binding
subjects:
- kind: ServiceAccount
name: tekton-triggers-example-sa
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: tekton-triggers-example-minimal
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tekton-triggers-example-minimal
rules:
# Permissions for every EventListener deployment to function
- apiGroups: ["triggers.tekton.dev"]
resources: ["eventlisteners", "triggerbindings", "triggertemplates"]
verbs: ["get"]
- apiGroups: [""]
# secrets are only needed for Github/Gitlab interceptors, serviceaccounts only for per trigger authorization
resources: ["configmaps", "secrets", "serviceaccounts"]
verbs: ["get", "list", "watch"]
# Permissions to create resources in associated TriggerTemplates
- apiGroups: ["tekton.dev"]
resources: ["pipelineruns", "pipelineresources", "taskruns"]
verbs: ["create"]
運行:
kubectl apply -f examples/v1alpha1-task/v1alpha1-task-listener.yaml
此時看下default命名空間下,看到這樣一個pod:el-v1alpha1-task-listener-5967dc5fd-4xmnx 在運行,此時運行以下命令:
kubectl port-forward \
"$(kubectl get pod --selector=eventlistener=v1alpha1-task-listener -oname)" \
8080
然後再起個終端去訪問本地的8080端口:
curl -v \
-H 'Content-Type: application/json' \
--data "{}" \
http://localhost:8080
看下deault命名空間下是部署多了一個pod在運行:
kubectl get taskruns | grep v1alpha1-task-run-
這就完成通過發送Http請求到eventlistner服務然後觸發taskrun的實例化的過程。
總結
使用trigger將大大簡化我們實例化tekton中資源的過程,trigger不僅可以實例化taskrun、pipelineRun,還能實例化tekton中的其他資源。目前來講trigger唯一的不足是不能通過trigger來動態刪除tekton的資源,相信以後會有改進。