《OpenShift 4.x HOL教程汇总》
说明:本文已经在OpenShift 4.8环境中验证
文章目录
本节将通过Tekton的Trigger机制启动运行这两个Pipeline。其中“ tasks-stage-pipeline”管道独立于“ tasks-dev-pipeline”管道,这是因为可以允许“ tasks-stage-pipeline”管道是通过人工启动运行,而“ tasks-dev-pipeline”管道是在Gitea上的应用代码变化后被自动触发。
Tekton Trigger 的运行机制
外部事件可以通过Route->Service->TriggerBinding将触发Pipeline的参数传给运行Trigger的Pod。EventListener按照TriggerTemplate的内容创建对应的PipelineRun对象运行管道。
为 tasks-dev-pipeline 管道配置 Trigger 相关对象
- 创建TriggerTemplate对象,该对象将关联Trigger要运行的Pipeline,在这里是“tasks-dev-pipeline”管道。
$ oc apply -f - << EOF
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: dev-tekton-tasks-trigger-template
namespace: ${
CICD}
spec:
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: dev-tekton-tasks-triggered-
spec:
pipelineRef:
name: tasks-dev-pipeline
resources:
- name: pipeline-source
resourceRef:
name: tasks-source-code
serviceAccountName: pipeline
workspaces:
- name: local-maven-repo
persistentVolumeClaim:
claimName: maven-repo-pvc
EOF
- 创建TriggerBinding对象。
$ oc apply -f - << EOF
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
name: dev-tekton-tasks-trigger-binding
namespace: ${
CICD}
EOF
- 创建EventListener对象,定义了名为"gitea-event"的触发器,并使用“dev-tekton-tasks-trigger-binding”和“dev-tekton-tasks-trigger-template”。在创建完EventListener后会自动创建对应的Deployment和Service等对象。
$ oc apply -f - << EOF
apiVersion: triggers.tekton.dev/v1alpha1
kind: EventListener
metadata:
name: dev-tekton-event-listener
namespace: ${
CICD}
spec:
serviceAccountName: pipeline
triggers:
- name: gitea-event
bindings:
- ref: dev-tekton-tasks-trigger-binding
interceptors:
- cel:
filter: body.secret == "secret1234"
template:
ref: dev-tekton-tasks-trigger-template
EOF
- 基于Service创建Route,最后可以在OpenShift的“拓扑”界面中查看“user1-cicd”项目中部署的和EventListener相关的资源,复制下Route的地址。
$ oc expose svc el-dev-tekton-event-listener -n ${CICD}
$ oc get route el-dev-tekton-event-listener -ojsonpath={
.spec.host} -n ${CICD}
el-dev-tekton-event-listener
为 Git 配置 Webhook
-
用和OpenShift相同的用户登录Gitea控制台,在用户的“openshift-tasks”仓库中进入“仓库设置”中的“管理Web钩子”,然后在“添加Web钩子”中选择“Gitea”。
-
在“添加Web钩子”页面中把前面获得的“EventListener”的Route地址作为“目标URL”地址(注意前面需要有“http://”)。在“秘钥文本”中填入“secret1234”,最后点击“添加Web钩子”按钮。
-
在“成功”页面后点击Web钩子的链接,然后找到页面下方的“最近推送记录”区域,最后点击“测试推送”按钮。此后页面将显示下图的推送结果。
-
在OpenShift控制台中进入“user1-cicd”项目的“dev-tekton-tasks”管道,在其对应的“管道运行”中找到“dev-tekton-tasks-triggered-xxxx”并进入查看Pipeline的运行状态和日志。这样Webhook就可以成功启动运行Pipeline了。
为 tasks-stage-pipeline 管道配置 Trigger 相关对象
方法1
- 为了触包括TriggerTemplate、TriggerBinding、EventListener三个对象。其中TriggerTemplate对象关联了“tasks-stage-pipeline”管道,并增加了一个名为“app_ver”的TriggerTemplate级别参数,该参数用来指定向STAGE区域部署镜像的“ImageStreamTag”。为了获得该参数的值,在TriggerBinding中也有“app_ver”参数,这样我们可以通过基于REST的Trigger访问接口将参数值传给TriggerBinding的“app_ver”参数。
$ oc apply -f - << EOF
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
name: tasks-stage-pipeline-trigger-binding
namespace: ${
CICD}
spec:
params:
- name: app_ver
value: \$(body.app_ver)
---
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: tasks-stage-pipeline-trigger-template
namespace: ${
CICD}
spec:
params:
- name: app_ver
description: App version / gitsha to deploy
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: tasks-stage-pipeline-triggered-
spec:
pipelineRef:
name: tasks-stage-pipeline
serviceAccountName: pipeline
params:
- name: app_version
value: \$(tt.params.app_ver)
---
apiVersion: triggers.tekton.dev/v1alpha1
kind: EventListener
metadata:
name: stage-tekton-event-listener
namespace: ${
CICD}
spec:
serviceAccountName: pipeline
triggers:
- name: curl-event
bindings:
- ref: tasks-stage-pipeline-trigger-binding
interceptors:
- cel:
filter: body.secret == "secret1234"
template:
ref: tasks-stage-pipeline-trigger-template
EOF
- 根据Trigger的Service生成Route,未来可以通过向该Route发送参数从而实现人工触发该Pipeline。
$ oc expose svc el-stage-tekton-event-listener -n ${CICD}
方法2
- 先创建TriggerBinding对象,说明Trigger从HTTP Body中获取“app_ver”参数。
$ oc apply -f - << EOF
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
name: tasks-stage-pipeline-trigger-binding
namespace: ${
CICD}
spec:
params:
- name: app_ver
value: \$(body.app_ver)
EOF
- 在OpenShift控制台中进入“tasks-stage-pipeline”管道,在“操作”下拉菜单中进入“添加触发器”。
- 在“添加触发器”对话框中,按照下图配置,然后点击“添加”。
Git 供应商类型:tasks-stage-pipeline-trigger-binding
app_version:$(tt.params.app_ver)
- 在控制台上刷新查看“tasks-stage-pipeline”管道,确认出现 TriggerTemplate 触发模板,其中TriggerTemplate的名称是根据TriggerBinding自动生成的,另外下方的链接是OpenShift自动生成访问Trigger的Route地址。
进入 TriggerTemplate 触发模板,可以查看这个TriggerTemplate关联的 Pipeline 和 EentListener 对象,其中 EentListener 对象名称也是自动生成的。
触发 Trigger
- 获取启动“tasks-stage-pipeline”管道的Route。
$ LISTENER_URL=$(oc get route el-stage-tekton-event-listener -n ${
CICD} -ojsonpath={
.spec.host})
- 为了测试,我们根据现有“DEV”区域的ImageStreamTag(“tekton-tasks:latest”)生成一个名为“tekton-tasks:foobar1”新ImageStreamTag。
$ oc tag tekton-tasks:latest tekton-tasks:foobar1 -n ${DEV}
Tag tekton-tasks:foobar1 set to tekton-tasks@sha256:8f01f4dad4d98b2884df121bde031ba45a6894eb21de658d2fa5d05fd4dfe1b0.
- 执行命令触发执行“tasks-stage-pipeline”管道,其中指定了使用“foobar1”的镜像。
$ curl -X POST -d '{"app_ver":"foobar1", "secret":"secret1234"}' ${LISTENER_URL}
{
"eventListener":"stage-tekton-event-listener","namespace":"user1-cicd","eventListenerUID":"a84a7159-3cb9-48e2-b1b9-de35c9565117","eventID":"42ead008-728f-4292-8735-703b4051bbc2"}
- 执行命令查看管道运行的日志,确认执行成功,并且使用的是“tekton-tasks:foobar1”镜像。
$ tkn pipeline logs tasks-stage-pipeline -L -n ${CICD}
Tagging image stream in user1-stage/tekton-tasks:foobar1
Tag user1-stage/tekton-tasks:foobar1 set to user1-dev/tekton-tasks@sha256:ddfbcb129da0dc3eaafd0cff93f59f40a66302f6d51b4b9419a82dd203205612.
。。。
在 tasks-dev-pipeline 中启动 tasks-stage-pipeline
- 创建以下任务,调用tasks-stage-pipeline管道的触发器访问地址。
$ oc apply -f - << EOF
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: start-update-gitops-pipeline-task
namespace: user1-cicd
spec:
params:
- description: The git revision/sha to tag the created image with
name: app_ver
type: string
steps:
- image: registry.access.redhat.com/ubi8/ubi-minimal
name: start-update-gitop
resources: {}
script: >
#!/usr/bin/env bash
curl -X POST -d '{"app_ver":"$(params.app_ver)", "secret":"secret1234"}' ${LISTENER_URL}
EOF
- 在“tasks-stage-pipeline”管道中追加以下内容调用“start-update-gitops-task”任务。
- name: start-update-gitops-pipeline
params:
- name: app_ver
value: $(tasks.git-rev.results.gitsha)
runAfter:
- container-vulnerability-scan
- oscap-image-scan
- deploy-to-dev
taskRef:
kind: Task
name: start-update-gitops-pipeline-task
- 再次运行“tasks-stage-pipeline”管道,确认它可以成功启动“tasks-stage-pipeline”管道。
其他 - EventListener 调试方法
- 查看EventListener 日志
$ tkn eventlistener logs stage-tekton-event-listener -n $CICD
[stage-tekton-event-listener-el-stage-tekton-event-listener-5b7b4d7b5c-56zdp]: {
"level":"info","ts":"2021-08-19T12:51:24.032Z","logger":"eventlistener","caller":"sink/sink.go:274","msg":"ResolvedParams : [{Name:app_ver Value:foobar1}]","knative.dev/controller":"eventlistener","eventlistener":"stage-tekton-event-listener","namespace":"user1-cicd","eventlistenerUID":"a84a7159-3cb9-48e2-b1b9-de35c9565117","/triggers-eventid":"670cd658-bbf6-46f0-8a2c-f0c5b6bdac25","/trigger":"curl-event"}
[stage-tekton-event-listener-el-stage-tekton-event-listener-5b7b4d7b5c-56zdp]: {
"level":"info","ts":"2021-08-19T12:51:24.036Z","logger":"eventlistener","caller":"resources/create.go:98","msg":"Generating resource: kind: &APIResource{Name:pipelineruns,Namespaced:true,Kind:PipelineRun,Verbs:[delete deletecollection get list patch create update watch],ShortNames:[pr prs],SingularName:pipelinerun,Categories:[tekton tekton-pipelines],Group:tekton.dev,Version:v1beta1,StorageVersionHash:RcAKAgPYYoo=,}, name: tasks-stage-pipeline-triggered-","knative.dev/controller":"eventlistener"}
[stage-tekton-event-listener-el-stage-tekton-event-listener-5b7b4d7b5c-56zdp]: {
"level":"info","ts":"2021-08-19T12:51:24.036Z","logger":"eventlistener","caller":"resources/create.go:106","msg":"For event ID \"670cd658-bbf6-46f0-8a2c-f0c5b6bdac25\" creating resource tekton.dev/v1beta1, Resource=pipelineruns","knative.dev/controller":"eventlistener"}
- 设置EventListener 日志级别
$ oc patch cm config-logging-triggers -p '{"data": {"loglevel.eventlistener": "debug"}}' -n ${CICD}
$ oc patch cm config-logging-triggers -p '{"data": {"loglevel.eventlistener": "info"}}' -n ${CICD}