基于tekton和argocd的CICD实现(4/4) 2021-08-05 CICD 暂无评论 2864 次阅读 # 完成镜像推送后自动修改配置仓库yaml信息 前面三篇已经完成了更改代码后自动拉取最新代码并编译打包成镜像,将镜像上传至SWR镜像仓库。同时当配置仓内yaml文件变化时,ArgoCD会自动更新集群内的应用信息。 本篇将整个流程串起来,当镜像更新后,自动更新配置仓内的yaml文件,修改yaml文件内的image字段,从而触发ArgoCD的部署,构建整套的CICD流程。 ## Task 首先需要一个task能够修改[配置仓](https://github.com/Myrat92/sample-go/tree/master/demo-go)内的yaml文件。 创建一个update_yaml_task.yaml。Task使用了[yq](https://github.com/mikefarah/yq)工具用来操作yaml文件,将代码的commit id作为镜像的image tag,修改配置仓内yaml的image字段。 ```yaml apiVersion: tekton.dev/v1beta1 kind: Task metadata: name: change-manifests spec: params: - name: imageurl - name: git_url description: Git repository containing manifest files to update default: github.com/Myrat92/sample-go.git - name: git_email default: pipeline@k8s.local - name: git_name default: Tekton Pipeline - name: git_manifest_dir description: Manifests files dir default: demo-go - name: tool_image default: cnych/helm-kubectl-curl-git-jq-yq steps: - name: git-push image: $(params.tool_image) env: - name: GIT_USERNAME valueFrom: secretKeyRef: name: gitlab-auth key: username optional: true - name: GIT_PASSWORD valueFrom: secretKeyRef: name: gitlab-auth key: password optional: true command: ["/bin/bash"] args: - -c - | set -eu echo Load environment variables from previous steps # source /workspace/env-config git config --global user.email "$(params.git_email)" git config --global user.name "$(params.git_name)" git clone --branch master --depth 1 http://${GIT_USERNAME}:${GIT_PASSWORD}@$(params.git_url) repo cd "repo/$(params.git_manifest_dir)" ls -l echo old value: cat demo-go-deployment.yaml | yq r - 'spec.template.spec.containers[0].image' echo replacing with new value: yq w -i demo-go-deployment.yaml 'spec.template.spec.containers[0].image' "$(params.imageurl)" echo verifying new value yq r demo-go-deployment.yaml spec.template.spec.containers[0].image if ! git diff-index --quiet HEAD --; then git status git add . git commit -m "auto updated yaml by tekton pipeline" git push else echo "no changes, git repository is up to date" fi ``` 同时需要GitHub的密钥 登录自己GitHub账号中进入`Setting` -> `Developer setting` -> `Personal access tokens`,可以生成访问令牌。 创建secret.yaml,将上面生成的访问令牌填入`password`供该task访问GitHub使用。 ```yaml apiVersion: v1 kind: Secret metadata: name: gitlab-auth type: Opaque stringData: username: <USERNAME> password: <PASSWORD> ``` ## Pipeline 修改[第一篇](https://myrat.top/archives/22/)中的`Pipeline`,在最后加入刚刚创建的`Task`,并且设置`runAfter`为`buildpacks`,表示在`buildpacks`执行完之后再执行更新yaml的操作。 ```yaml apiVersion: tekton.dev/v1beta1 kind: Pipeline metadata: name: buildpacks-test-pipeline spec: params: - name: imageurl workspaces: - name: shared-workspace resources: - name: build-image type: image tasks: - name: fetch-repository # This task fetches a repository from github, using the `git-clone` task we installed taskRef: name: git-clone workspaces: - name: output workspace: shared-workspace params: - name: url value: https://github.com/Myrat92/sample-go - name: subdirectory value: "" - name: deleteExisting value: "true" - name: buildpacks # This task uses the `buildpacks` task to build the application taskRef: name: buildpacks runAfter: - fetch-repository workspaces: - name: source workspace: shared-workspace params: - name: imageurl value: $(params.imageurl) - name: SOURCE_SUBPATH value: '' # This is the path within our samples repo we want to build - name: BUILDER_IMAGE value: 'paketobuildpacks/builder:base' # This is the builder we want the task to use - name: CACHE value: buildpacks-cache resources: outputs: - name: image resource: build-image - name: update-yaml # Update image url to yaml taskRef: name: change-manifests runAfter: - buildpacks params: - name: imageurl value: $(params.imageurl) ``` ## 测试 至此整套CICD就搭建完成了。 我们修改我们项目的源码,并push到GitHub仓库,Tekton就会自动拉取对应代码并构建为镜像,并将commit id作为镜像tag,将镜像推送至SWR仓库。之后Tekton会修改配置仓库内应用yaml的image字段,更新其tag为最新镜像的tag。然后ArgoCD会监测到配置仓库的变化,自动同步集群内的应用信息,应用拉取对应tag的镜像,完成应用升级。 打赏: 微信, 支付宝 标签: CICD 本作品采用知识共享署名-非商业性使用-相同方式共享 4.0 国际许可协议进行许可。本站myrat.top所有文章均为原创,转载请注明出处。
微信
支付宝