1、ACK集群安装NAS插件:
kind: Deployment apiVersion: extensions/v1beta1 metadata: name: alicloud-nas-controller namespace: kube-system spec: strategy: type: Recreate template: metadata: labels: app: alicloud-nas-controller spec: tolerations: - operator: Exists affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 1 preference: matchExpressions: - key: node-role.kubernetes.io/master operator: Exists priorityClassName: system-node-critical serviceAccount: admin hostNetwork: true containers: - name: nfs-provisioner image: registry.cn-hangzhou.aliyuncs.com/acs/alicloud-nas-controller:v1.14.3.8-58bf821-aliyun env: - name: PROVISIONER_NAME value: alicloud/nas securityContext: privileged: true volumeMounts: - mountPath: /var/log name: log affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: type operator: NotIn values: - virtual-kubelet volumes: - hostPath: path: /var/log name: log
1.1、创建Nas StorageClass
apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: alicloud-nas mountOptions: - nolock,tcp,noresvport - vers=3 parameters: server: "xxx.cn-shenzhen.nas.aliyuncs.com:/tekton" driver: flexvolume provisioner: alicloud/nas reclaimPolicy: Delete
1.2、检查ACK storageclass 设置 alicloud-nas为默认存储类
注:因为Tekton每次构建都需要动态创建PVC,为构建存储数据,阿里自带的存储类CSI创建硬盘不能少于20G,故选择NAS,便宜
设置alicloud-nas为默认存储类 kubectl patch sc alicloud-nas -p '{"metadata": {"annotations": {"storageclass.beta.kubernetes.io/is-default-class": "true"}}}' kubectl get storageclasses NAME PROVISIONER AGE alicloud-disk-available alicloud/disk 420d alicloud-disk-efficiency alicloud/disk 420d alicloud-disk-essd alicloud/disk 420d alicloud-disk-ssd alicloud/disk 420d alicloud-nas (default) alicloud/nas 4h35m
2、安装Tekton Pipelines
kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.notags.yaml 安装可能需要一些时间才能完成。您可以使用以下命令检查进度: kubectl get pods --namespace tekton-pipelines NAME READY STATUS RESTARTS AGE tekton-dashboard-698b46b468-7qdhq 1/1 Running 0 41h tekton-pipelines-controller-5d8f4756bb-5xxt2 1/1 Running 0 18h tekton-pipelines-webhook-5bb8695cc7-5hc42 1/1 Running 0 18h 确认列出的每个组件都具有状态Running
3、安装Tekton DashboardUI
kubectl apply --filename https://github.com/tektoncd/dashboard/releases/latest/download/tekton-dashboard-release.yaml 安装可能需要一些时间才能完成。您可以使用以下命令检查进度: kubectl get pods --namespace tekton-pipelines NAME READY STATUS RESTARTS AGE tekton-dashboard-698b46b468-7qdhq 1/1 Running 0 41h tekton-pipelines-controller-5d8f4756bb-5xxt2 1/1 Running 0 18h tekton-pipelines-webhook-5bb8695cc7-5hc42 1/1 Running 0 18h 确认列出的每个组件都具有状态Running
4、创建Ingress暴露服务,tekton各个服务的svc安装过程中都会安装完成
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: tekton-dashboard-ui namespace: tekton-pipelines spec: rules: - host: tekton.xxx.com http: paths: - backend: serviceName: tekton-dashboard servicePort: 9097 path: / tls: - hosts: - tekton.xxx.com secretName: xxx
安装到此成功!!!
5、创建Tekton CI需要的Secret、ServiceAccount、namespace
5.1、创建构建使用的namespace
kubectl create namespace operation
5.2、创建拉取代码的git-secret
apiVersion: v1 kind: Secret metadata: annotations: tekton.dev/git-0: xxx.com name: git-ssh-key namespace: operation type: kubernetes.io/ssh-auth data: ssh-privatekey: xxxx
5.3、创建推送镜像的docker-secret
apiVersion: v1 kind: Secret metadata: annotations: tekton.dev/docker-0: https://xxx.com name: docker-registry namespace: operation type: kubernetes.io/basic-auth stringData: username: xxxx password: xxx
5.4、创建拉去镜像的docker-secret
kubectl create secret docker-registry regcred --docker-server=<你的镜像仓库服务器> --docker-username=<你的用户名> --docker-password=<你的密码> --docker-email=<你的邮箱地址>
5.5、修改operation命名空间下 default ServiceAccount
注:Tekton,构建的时候没有定义用户的时候,回默认使用构建的operation命名空间下的default 用户
apiVersion: v1 imagePullSecrets: - name: regsecret kind: ServiceAccount metadata: name: default namespace: operation secrets: - name: docker-registry - name: git-ssh-key
5.6、创建,maven-settings-ConfigMap,
注:用于tekton构建时指定的settings文件
kind: ConfigMap apiVersion: v1 metadata: name: maven-settings namespace: operation data: settings.xml: |- xxxx
5.7、ACK node节点打labes,
注:因Tekton 构建需要做缓存,加速构建速度、故利用容器的hostpath,来存储缓存数据,所以要固定构建节点通过定义node labes来绑定构建节点
kubectl label nodes xxx kops.k8s.io/instancegroup=build-instance-group kubectl label nodes xxx kops.k8s.io/instancegroup=build-instance-group kubectl get nodes --show-labels | grep build-instance-group xxx Ready <none> 243d v1.16.9-aliyun.1 kops.k8s.io/instancegroup=build-instance-group,
xxx Ready <none> 243d v1.16.9-aliyun.1 kops.k8s.io/instancegroup=build-instance-group,
5.8、修改Tekton ConfigMap 帮定labes,
kubectl get cm -n tekton-pipelines NAME DATA AGE config-artifact-bucket 0 46h config-artifact-pvc 2 46h config-defaults 2 46h config-leader-election 4 46h config-logging 3 46h config-observability 1 46h config-registry-cert 0 46h feature-flags 8 46h istio-ca-root-cert 1 46h kubectl edit cm config-defaults -n tekton-pipelines apiVersion: v1 data: _example: | ################################ # # # EXAMPLE CONFIGURATION # # # ################################ # This block is not actually functional configuration, # but serves to illustrate the available configuration # options and document them in a way that is accessible # to users that `kubectl edit` this config map. # # These sample configuration options may be copied out of # this example block and unindented to be in the data block # to actually change the configuration. # default-timeout-minutes contains the default number of # minutes to use for TaskRun and PipelineRun, if none is specified. default-timeout-minutes: "60" # 60 minutes # default-service-account contains the default service account name # to use for TaskRun and PipelineRun, if none is specified. default-service-account: "default" # default-managed-by-label-value contains the default value given to the # "app.kubernetes.io/managed-by" label applied to all Pods created for # TaskRuns. If a user's requested TaskRun specifies another value for this # label, the user's request supercedes. default-managed-by-label-value: "tekton-pipelines" # default-pod-template contains the default pod template to use # TaskRun and PipelineRun, if none is specified. If a pod template # is specified, the default pod template is ignored. # default-pod-template: # default-cloud-events-sink contains the default CloudEvents sink to be # used for TaskRun and PipelineRun, when no sink is specified. # Note that right now it is still not possible to set a PipelineRun or # TaskRun specific sink, so the default is the only option available. # If no sink is specified, no CloudEvent is generated # default-cloud-events-sink: # default-task-run-workspace-binding contains the default workspace # configuration provided for any Workspaces that a Task declares # but that a TaskRun does not explicitly provide. # default-task-run-workspace-binding: | # emptyDir: {} default-pod-template: |- nodeSelector: kops.k8s.io/instancegroup: build-instance-group kind: ConfigMap metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"v1","data":{"_example":"################################ # # # EXAMPLE CONFIGURATION # # # ################################ # This block is not actually functional configuration, # but serves to illustrate the available configuration # options and document them in a way that is accessible # to users that `kubectl edit` this config map. # # These sample configuration options may be copied out of # this example block and unindented to be in the data block # to actually change the configuration. # default-timeout-minutes contains the default number of # minutes to use for TaskRun and PipelineRun, if none is specified. default-timeout-minutes: "60" # 60 minutes # default-service-account contains the default service account name # to use for TaskRun and PipelineRun, if none is specified. default-service-account: "default" # default-managed-by-label-value contains the default value given to the # "app.kubernetes.io/managed-by" label applied to all Pods created for # TaskRuns. If a user's requested TaskRun specifies another value for this # label, the user's request supercedes. default-managed-by-label-value: "tekton-pipelines" # default-pod-template contains the default pod template to use # TaskRun and PipelineRun, if none is specified. If a pod template # is specified, the default pod template is ignored. # default-pod-template: # default-cloud-events-sink contains the default CloudEvents sink to be # used for TaskRun and PipelineRun, when no sink is specified. # Note that right now it is still not possible to set a PipelineRun or # TaskRun specific sink, so the default is the only option available. # If no sink is specified, no CloudEvent is generated # default-cloud-events-sink: # default-task-run-workspace-binding contains the default workspace # configuration provided for any Workspaces that a Task declares # but that a TaskRun does not explicitly provide. # default-task-run-workspace-binding: | # emptyDir: {} "},"kind":"ConfigMap","metadata":{"annotations":{},"labels":{"app.kubernetes.io/instance":"default","app.kubernetes.io/part-of":"tekton-pipelines"},"name":"config-defaults","namespace":"tekton-pipelines"}} creationTimestamp: "2021-01-05T09:54:34Z" labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines name: config-defaults namespace: tekton-pipelines resourceVersion: "2681271548" selfLink: /api/v1/namespaces/tekton-pipelines/configmaps/config-defaults uid: 5748ce13-ebd5-473f-82b1-ef92061a7dc8
所需要的镜像现在版本是v.0.19