《OpenShift 4.x HOL教程汇总》
说明:本文已经在OpenShift 4.8环境中验证
本节通过新的任务将前一步生成的应用镜像部署到“ Dev”项目。
将最新的应用镜像部署到Dev环境中
- 为了方便测试,可以先把“${DEV}”项目中和“tekton-tasks”相关的资源删除掉。说明:因为在运行出现问题,本文注释了最后的“oc rollout latest dc …”。
$ oc delete all -l app=tekton-tasks -n ${DEV}
$ oc delete all -l build=tekton-tasks -n ${DEV}
- 创建“deploy-to-dev”任务,部署运行镜像。
$ oc apply -f - << EOF
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: deploy-to-dev
namespace: ${
CICD}
spec:
params:
- description: The name of the app
name: app_name
type: string
- description: The name of the dev project
name: dev_project
type: string
resources:
inputs:
- name: source
type: git
steps:
- name: deploy-app-from-image
image: 'quay.io/openshift/origin-cli:latest'
script: >
#!/bin/sh
set -e -o pipefail
echo "Create new app from image stream in \$(params.dev_project) project"
oc new-app --image-stream=\$(params.app_name):latest -n \$(params.dev_project) --as-deployment-config=true -o yaml | oc apply -n \$(params.dev_project) -f -
echo "Setting manual triggers on deployment \$(params.app_name)"
oc set triggers dc/\$(params.app_name) --remove-all -n \$(params.dev_project)
oc set triggers dc/\$(params.app_name) --manual=true -n \$(params.dev_project)
if ! oc get route/\$(params.app_name) -n \$(params.dev_project) ; then
oc expose svc \$(params.app_name) -n \$(params.dev_project) || echo "Failed to create route for \$(params.app_name)"
fi
# oc rollout latest dc/\$(params.app_name) -n \$(params.dev_project)
EOF
- 测试运行“deploy-to-dev”任务。
$ tkn task start deploy-to-dev -n ${CICD} --showlog \
--inputresource source=tasks-source-code \
--param app_name=tekton-tasks --param dev_project=${DEV}
TaskRun started: deploy-to-dev-run-7spwn
Waiting for logs to be available...
[git-source-source-rw5vq] {
"level":"info","ts":1629197711.7198257,"caller":"git/git.go:169","msg":"Successfully cloned https://gitea-server-devsecops.apps.cluster-39c8.39c8.sandbox139.opentlc.com/user1/openshift-tasks.git @ bde310585bda8209cf384a85c6a72c6f34813910 (grafted, HEAD, origin/dso4) in path /workspace/source"}
[git-source-source-rw5vq] {
"level":"info","ts":1629197711.8201256,"caller":"git/git.go:207","msg":"Successfully initialized and updated submodules in path /workspace/source"}
[deploy-app-from-image] Create new app from image stream in \user1-dev project
[deploy-app-from-image] deploymentconfig.apps.openshift.io/tekton-tasks configured
[deploy-app-from-image] service/tekton-tasks configured
[deploy-app-from-image] Setting manual triggers on deployment \tekton-tasks
[deploy-app-from-image] deploymentconfig.apps.openshift.io/tekton-tasks triggers updated
[deploy-app-from-image] NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
[deploy-app-from-image] tekton-tasks tekton-tasks-user1-dev.apps.cluster-39c8.39c8.sandbox139.opentlc.com tekton-tasks 8080-tcp None
[deploy-app-from-image] deploymentconfig.apps.openshift.io/tekton-tasks rolled out
- 确认已经生成名为“tekton-tasks”的Route,还可进一步在浏览器中打开Route地址。
$ oc get route tekton-tasks -n ${DEV}
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
tekton-tasks tekton-tasks-user1-dev.apps.cluster-39c8.39c8.sandbox139.opentlc.com tekton-tasks 8080-tcp None
- 使用命令向“tasks-dev-pipeline”管道追加“deploy-to-dev”任务。
$ TASKS="$(oc get pipelines tasks-dev-pipeline -n ${
CICD} -o yaml | yq r - 'spec.tasks' | yq p - 'spec.tasks')"
$ oc patch pipelines tasks-dev-pipeline -n ${CICD} --type=merge -p "$(cat << EOF
$TASKS
- name: deploy-to-dev
taskRef:
kind: Task
name: deploy-to-dev
params:
- name: app_name
value: tekton-tasks
- name: dev_project
value: ${DEV}
resources:
inputs:
- name: source
resource: pipeline-source
runAfter:
- create-image
EOF
)"
- 或者可以根据下图在OpenShift控制台上编辑“tasks-dev-pipeline”管道,增加“deploy-to-dev”任务。
- 再次删除和“tekton-tasks”相关的对象,然后运行“tasks-dev-pipeline”管道。在完成运行后可再次确认可以通过浏览器访问生成的“tekton-tasks”路由的地址。
$ oc delete all -l app=tekton-tasks -n ${DEV}
$ oc delete all -l build=tekton-tasks -n ${DEV}
$ tkn pipeline start tasks-dev-pipeline -n ${CICD} --showlog \
--resource pipeline-source=tasks-source-code \
--workspace name=local-maven-repo,claimName=maven-repo-pvc
$ oc get route tekton-tasks -n ${DEV}
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
tekton-tasks tekton-tasks-user1-dev.apps.cluster-39c8.39c8.sandbox139.opentlc.com tekton-tasks 8080-tcp None
- 在OpenShift 控制台中可查看"tasks-dev-pipeline管道的运行实例的执行情况和日志。
为最新应用镜像的ImageStream打特定标签
在前面的步骤中我们将最新的应用打包成应用镜像,并用名为“latest”的ImageStreamTag指向最新的应用镜像,然后再部署“latest”版本的应用镜像。由于每次运行Pipeline都会生成新的应用镜像,我们可以为每次生成的应用镜像配置对应的“ImageStreamTag”以区分不同应用镜像的版本。
- 创建一个新任务“git-version”,它可根据应用的“git”获得对应的“gitsha”,我们会在后面使用“gitsha”作为镜像的“tag”(ImageStreamTag)。这个任务将根据输入参数“$(resources.inputs.source.path)”获得对应的“gitsha”,然后将结果返回以便在后续任务中可以用“$(tasks.<TASK-NAME>.results.<RESULT-NAME>)”使用该结果。
$ oc apply -f - << EOF
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: git-version
namespace: ${
CICD}
spec:
resources:
inputs:
- name: source
type: git
results:
- description: The precise commit SHA in the git
name: gitsha
steps:
- name: extract-git-rev
image: 'gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:latest'
script: >
#!/bin/sh
set -e -o pipefail
# get git sha
git rev-parse --verify --short HEAD | tr -d '\n' | tee \$(results.gitsha.path)
cat \$(results.gitsha.path)
workingDir: \$(resources.inputs.source.path)
EOF
- 测试运行git-version任务,最后返回的“bde3105”便是获得的“gitsha”。
$ tkn task start git-version -n ${CICD} --showlog --inputresource source=tasks-source-code
TaskRun started: git-version-run-nm6pf
Waiting for logs to be available...
[git-source-source-v2tfk] {
"level":"info","ts":1629205745.7937424,"caller":"git/git.go:169","msg":"Successfully cloned https://gitea-server-devsecops.apps.cluster-39c8.39c8.sandbox139.opentlc.com/user1/openshift-tasks.git @ bde310585bda8209cf384a85c6a72c6f34813910 (grafted, HEAD, origin/dso4) in path /workspace/source"}
[git-source-source-v2tfk] {
"level":"info","ts":1629205745.9043572,"caller":"git/git.go:207","msg":"Successfully initialized and updated submodules in path /workspace/source"}
[extract-git-rev] bde3105
- 更新“create-image”任务,在“build-app-image”步骤中增加内容,使用从“git-version”任务获取到的“gitsha”为最新“latest”的ImageStream创建一个新的“istag”。
$ oc apply -f - << EOF
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: create-image
namespace: ${
CICD}
spec:
params:
- default: tasks
description: The name of the app
name: app_name
type: string
- description: The name dev project
name: dev_project
type: string
- description: binary artifact path in the local artifact repo
# something like org/jboss/quickstarts/eap/jboss-tasks-rs/7.0.0-SNAPSHOT/jboss-tasks-rs-7.0.0-SNAPSHOT.war
type: string
name: artifact_path
- description: The git revision/sha to tag the created image with
type: string
name: gitsha
resources:
inputs:
- name: source
type: git
steps:
- name: create-build-config
image: 'quay.io/openshift/origin-cli:latest'
script: >
#!/bin/sh
set -e -o pipefail
echo "Creating new build config"
# This allows the new build to be created whether it exists or not
oc new-build -o yaml --name=\$(params.app_name) --image-stream=jboss-eap72-openshift:1.1 --binary=true -n
\$(params.dev_project) | oc apply -n \$(params.dev_project) -f -
- name: build-app-image
image: 'quay.io/openshift/origin-cli:latest'
script: >
#!/bin/sh
set -e -o pipefail
echo "Start the openshift build"
rm -rf \$(resources.inputs.source.path)/oc-build && mkdir -p \$(resources.inputs.source.path)/oc-build/deployments
cp \$(workspaces.maven-repo.path)/\$(params.artifact_path) \$(resources.inputs.source.path)/oc-build/deployments/ROOT.war
oc start-build \$(params.app_name) --from-dir=\$(resources.inputs.source.path)/oc-build -n \$(params.dev_project) --wait=true
# Wait a moment for the image stream to be updated
GITSHA='\$(params.gitsha)'
echo "The git sha is \$GITSHA but also \$(params.gitsha)"
oc tag \$(params.app_name):latest \$(params.app_name):\$GITSHA -n \$(params.dev_project)
echo "Successfully created container image \$(params.dev_project)/\$(params.app_name):\$(params.gitsha)"
workspaces:
- name: maven-repo
EOF
- 在测试“create-image”任务前我们先查看当前名为“tekton-tasks”的ImageStream只有“latest”一个istag标签。
$ oc get is tekton-tasks -n ${DEV}
NAME IMAGE REPOSITORY TAGS UPDATED
tekton-tasks default-route-openshift-image-registry.apps.cluster-39c8.39c8.sandbox139.opentlc.com/user1-dev/tekton-tasks latest 9 hours ago
- 测试运行“create-image”任务。注意:因为是单独测试这个任务,因此我们先使用前面运行“git-version”任务时获得的“gitsha”内容,即bde3105”。在成功运行后确认“Successfully created container image user1-dev/tekton-tasks:bde3105”的结果,并记下日志中“Tag tekton-tasks:bde3105 set to tekton-tasks@sha256:9d4695111697c6b2b82e63fb089ff5bb822aa247ca084f887e343e91a51573ff”。
$ tkn task start create-image -n ${CICD} --showlog \
--inputresource source=tasks-source-code \
--param app_name=tekton-tasks \
--param dev_project=${DEV} \
--param gitsha=bde3105 \
--param artifact_path='org/jboss/quickstarts/eap/jboss-tasks-rs/7.0.0-SNAPSHOT/jboss-tasks-rs-7.0.0-SNAPSHOT.war' \
--workspace name=maven-repo,claimName=maven-repo-pvc
。。。
[build-app-image] Start the openshift build
[build-app-image] Uploading directory "/workspace/source/oc-build" as binary input for the build ...
[build-app-image]
[build-app-image] Uploading finished
[build-app-image] build.build.openshift.io/tekton-tasks-7 started
[build-app-image] The git sha is bde3105 but also bde3105
[build-app-image] Tag tekton-tasks:bde3105 set to tekton-tasks@sha256:9d4695111697c6b2b82e63fb089ff5bb822aa247ca084f887e343e91a51573ff.
[build-app-image] Successfully created container image user1-dev/tekton-tasks:bde3105
- 再次查看名为“tekton-tasks”的ImageStream,确认当前已经有“bde3105”的istag了。可以进一步确认“tekton-tasks:bde3105”的ImageStreamTag的信息,确认"IMAGE REFERENCE"也是“sha256:9d4695111697c6b2b82e63fb089ff5bb822aa247ca084f887e343e91a51573ff”,这就说明“tekton-tasks:bde3105”指向的是上一步测试过程构建出来的应用镜像。
$ oc get is tekton-tasks -n ${DEV}
NAME IMAGE REPOSITORY TAGS UPDATED
tekton-tasks default-route-openshift-image-registry.apps.cluster-39c8.39c8.sandbox139.opentlc.com/user1-dev/tekton-tasks bde3105,latest 13 seconds ago
$ oc get istag tekton-tasks:bde3105 -n ${DEV}
NAME IMAGE REFERENCE UPDATED
tekton-tasks:bde3105 image-registry.openshift-image-registry.svc:5000/user1-dev/tekton-tasks@sha256:9d4695111697c6b2b82e63fb089ff5bb822aa247ca084f887e343e91a51573ff 4 minutes ago
- 更新“deploy-to-dev”任务,向“DEV”环境中部署上一步新建的标签为“<gitsha>”的应用镜像。说明:因为在运行出现问题,本文注释了最后的“oc rollout latest dc …”。
$ oc apply -f - << EOF
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: deploy-to-dev
namespace: ${
CICD}
spec:
params:
- description: The name of the app
name: app_name
type: string
- description: The name of the dev project
name: dev_project
type: string
- description: The git revision/sha to tag the created image with
type: string
name: gitsha
resources:
inputs:
- name: source
type: git
steps:
- name: deploy-app-from-image
image: 'quay.io/openshift/origin-cli:latest'
script: >
#!/bin/sh
set -e -o pipefail
echo "Create new app from image stream in \$(params.dev_project) project"
oc new-app --image-stream=\$(params.app_name):\$(params.gitsha) -n
\$(params.dev_project) --as-deployment-config=true -o yaml | oc apply -n \$(params.dev_project) -f -
echo "Setting manual triggers on deployment \$(params.app_name)"
oc set triggers dc/\$(params.app_name) --remove-all -n \$(params.dev_project)
oc set triggers dc/\$(params.app_name) --manual=true -n \$(params.dev_project)
if ! oc get route/\$(params.app_name) -n \$(params.dev_project) ; then
oc expose svc \$(params.app_name) -n \$(params.dev_project) || echo "Failed to create route for \$(params.app_name)"
fi
# oc rollout latest dc/\$(params.app_name) -n \$(params.dev_project)
- name: announce-success
image: 'gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:latest'
script: >
#!/bin/sh
set -e -o pipefail
echo "Successfully build application \$(params.app_name)"
echo "After testing the app, run the deploy-app-to-stage pipeline with \$(params.gitsha) as the app_version parameter"
workingDir: \$(resources.inputs.source.path)
EOF
- 测试运行“deploy-to-dev”任务,在这里我们直接用前面获的内容为“bde3105”的“gitsha”进行测试,而在正式的Pipeline中我们会通过变量设置“gitsha”。为了验证,我们先删除“tekton-tasks”的相关对象,然后在后面验证“deploy-to-dev”任务能成功创建“tekton-tasks”的Route对象。
$ oc delete all -l app=tekton-tasks -n ${DEV}
$ tkn task start deploy-to-dev -n ${CICD} --showlog \
--inputresource source=tasks-source-code \
--param app_name=tekton-tasks \
--param dev_project=${DEV} \
--param gitsha=bde3105
。。。
[deploy-app-from-image] Create new app from image stream in user1-dev project
[deploy-app-from-image] deploymentconfig.apps.openshift.io/tekton-tasks configured
[deploy-app-from-image] service/tekton-tasks configured
[deploy-app-from-image] Setting manual triggers on deployment tekton-tasks
[deploy-app-from-image] deploymentconfig.apps.openshift.io/tekton-tasks triggers updated
[deploy-app-from-image] Error from server (NotFound): routes.route.openshift.io "tekton-tasks" not found
[deploy-app-from-image] route.route.openshift.io/tekton-tasks exposed
[announce-success] Successfully build application tekton-tasks
[announce-success] After testing the app, run the deploy-app-to-stage pipeline with bde3105 as the app_version parameter
$ oc get route tekton-tasks -n ${DEV}
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
tekton-tasks tekton-tasks-user1-dev.apps.cluster-39c8.39c8.sandbox139.opentlc.com tekton-tasks 8080-tcp None
- 在验证完“deploy-to-dev”任务后,我们可以执行以下命令将该任务添加到“tasks-dev-pipeline”管道,还在调用create-image和deploy-to-dev任务时为增加的gitsha参数赋值。
$ TASKS="$(oc get pipeline tasks-dev-pipeline -n ${
CICD} -o yaml | yq r - --collect 'spec.tasks.(taskRef.name==simple-maven)' | yq p - 'spec.tasks')"
$ oc patch pipelines tasks-dev-pipeline -n ${CICD} --type=merge -p "$(cat << EOF
$TASKS
- name: git-rev
taskRef:
kind: Task
name: git-version
resources:
inputs:
- name: source
resource: pipeline-source
- name: create-image
taskRef:
kind: Task
name: create-image
params:
- name: app_name
value: tekton-tasks
- name: dev_project
value: ${DEV}
- name: artifact_path
value: org/jboss/quickstarts/eap/jboss-tasks-rs/7.0.0-SNAPSHOT/jboss-tasks-rs-7.0.0-SNAPSHOT.war
- name: gitsha
value: '\$(tasks.git-rev.results.gitsha)'
resources:
inputs:
- name: source
resource: pipeline-source
workspaces:
- name: maven-repo
workspace: local-maven-repo
runAfter:
- archive
- name: deploy-to-dev
taskRef:
kind: Task
name: deploy-to-dev
params:
- name: app_name
value: tekton-tasks
- name: dev_project
value: ${DEV}
- name: gitsha
value: '\$(tasks.git-rev.results.gitsha)'
resources:
inputs:
- name: source
resource: pipeline-source
runAfter:
- create-image
EOF
)"
完成后可以在OpenShift控制台中查看“tasks-dev-pipeline”管道。
10. 最后测试修改后的“tasks-dev-pipeline”的管道。
$ tkn pipeline start tasks-dev-pipeline -n ${CICD} --showlog \
--resource pipeline-source=tasks-source-code \
--workspace name=local-maven-repo,claimName=maven-repo-pvc
- 可以在OpenShift控制台查看管道运行的日志。