什么是?Tekton?

Tekton?是一個功能強大且靈活的?Kubernetes?原生開源框架，是谷歌開源的，功能強大且靈活， 開源社區(qū)也正在快速的迭代和發(fā)展壯大，主要用于創(chuàng)建持續(xù)集成和交付(CI/CD)系統(tǒng)。通過抽象底 層實現細節(jié)，用戶可以跨多云平臺和本地系統(tǒng)進行構建、測試和部署。另外，基于?kubernetes CRD?定義的?pipeline?流水線也是?Tekton?最重要的特征。

CRD?全稱是?CustomResourceDefinition:

在 Kubernetes?中一切都可視為資源，Kubernetes 1.7?之后增加了對?CRD?自定義資源二次開發(fā) 能力來擴展?Kubernetes API，通過?CRD?我們可以向?Kubernetes API?中增加新資源類型，而 不需要修改?Kubernetes?源碼來創(chuàng)建自定義的?API server，該功能大大提高了?Kubernetes?的擴 展能力。當你創(chuàng)建一個新的?CustomResourceDefinition (CRD)時，Kubernetes API?服務器將為 你指定的每個版本創(chuàng)建一個新的?RESTful?資源路徑，我們可以根據該?api?路徑來創(chuàng)建一些我們自己 定義的類型資源。CRD?可以是命名空間的，也可以是集群范圍的，由?CRD?的作用域(scpoe)字段中 所指定的，與現有的內置對象一樣，刪除名稱空間將刪除該名稱空間中的所有自定義對象。?customresourcedefinition?本身沒有名稱空間，所有名稱空間都可以使用。

3.2 為什么要用?k8s?原生的?CI-CD?工具?Tekton? 持續(xù)集成是云原生應用的支柱技術之一，因此在交付基于云原生的一些支撐產品的時候，CICD?是一 個無法拒絕的需求。為了滿足這種需要，自然而然會想到對?Jenkins(X)或者?Gitlab?進行集成，也 有創(chuàng)業(yè)公司出來的一些小工具比如?Argo Rollout。Tekton?是一款?k8s?原生的應用發(fā)布框架，主 要用來構建?CI/CD?系統(tǒng)。它原本是?knative?項目里面一個叫做?build-pipeline?的子項目，用來 作為?knative-build?的下一代引擎。然而，隨著?k8s?社區(qū)里各種各樣的需求涌入，這個子項目慢 慢成長為一個通用的框架，能夠提供靈活強大的能力去做基于?k8s?的構建發(fā)布。Tekton?其實只提 供?Pipeline?這個一個功能，Pipeline?會被直接映射成?K8s Pod?等?API?資源。而比如應用發(fā)布 過程的控制，灰度和上線策略，都是我們自己編寫?K8s Controller?來實現的，也就意味著?Tekton?不會在?K8s?上蓋一個”大帽子“，比如我們想看發(fā)布狀態(tài)、日志等是直接通過?K8s?查看這個?Pipeline?對應的?Pod?的狀態(tài)和日志，不需要再面對另外一個?API

Tekton?功能:

1.Kubernetes?原生的?Tekton?的所有配置都是使用?CRD?方式進行編寫存儲的，非常易于檢索和使 用。

2.配置和流程分離:?Tekton?的?Pipeline?和配置可以分開編寫，使用名稱進行引用。?3.輕量級核心的?Pipeline?非常輕便:適合作為組件進行集成，另外也有周邊的?Dashboard、?Trigger、CLI?等工具，能夠進一步挖掘其潛力。

4.可復用、組合的?Pipeline?構建方式:非常適合在集成過程中對?Pipeline?進行定制。

3.3使用?Tekton?自動化發(fā)布應用流程

這里的流程大致是:

1、用戶把需要部署的應用先按照一套標準的應用定義寫成?YAML?文件(類似?Helm Chart);?2、用戶把應用定義?YAML?推送到?Git?倉庫里;

3、Tekton CD (一個?K8s Operator)?會監(jiān)聽到相應的改動，根據不同條件生成不同的?Tekton Pipelines;

Tekton CD?的操作具體分為以下幾種情況:

1、如果?Git?改動里有一個應用?YAML?且該應用不存在，那么將渲染和生成?Tekton Pipelines?用來創(chuàng)建應用。

2、如果?Git?改動里有一個應用?YAML?且該應用存在，那么將渲染和生成?Tekton Pipelines?用 來升級應用。這里我們會根據應用定義?YAML?里的策略來做升級，比如做金絲雀發(fā)布、灰度升級。?

3、如果?Git?改動里有一個應用?YAML?且該應用存在且標記了“被刪除”，那么將渲染和生成?Tekton Pipelines?用來刪除應用。確認應用被刪除后，我們才從?Git?里刪除這個應用的?YAML。

安裝?Tekton

#把?tekton-0-12-0.tar.gz?和?busybox-1-0.tar.gz?上傳到 工作節(jié)點機器上，手動解壓:

#編寫安裝?tekton?資源清單文件

kubectl apply -f release.yaml

# Copyright 2019 The Tekton Authors

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

apiVersion: v1

kind: Namespace

metadata:

? name: tekton-pipelines

---

# Copyright 2019 The Tekton Authors

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

apiVersion: policy/v1beta1

kind: PodSecurityPolicy

metadata:

? name: tekton-pipelines

spec:

? privileged: false

? allowPrivilegeEscalation: false

? volumes:

? - 'emptyDir'

? - 'configMap'

? - 'secret'

? hostNetwork: false

? hostIPC: false

? hostPID: false

? runAsUser:

? ? rule: 'RunAsAny'

? seLinux:

? ? rule: 'RunAsAny'

? supplementalGroups:

? ? rule: 'MustRunAs'

? ? ranges:

? ? - min: 1

? ? ? max: 65535

? fsGroup:

? ? rule: 'MustRunAs'

? ? ranges:

? ? - min: 1

? ? ? max: 65535

---

# Copyright 2020 The Tekton Authors

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? https://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

kind: ClusterRole

apiVersion: rbac.authorization.k8s.io/v1

metadata:

? name: tekton-pipelines-controller-cluster-access

rules:

- apiGroups: [""]

? # Namespace access is required because the controller timeout handling logic

? # iterates over all namespaces and times out any PipelineRuns that have expired.

? # Pod access is required because the taskrun controller wants to be updated when

? # a Pod underlying a TaskRun changes state.

? resources: ["namespaces", "pods"]

? verbs: ["list", "watch"]

? # Controller needs cluster access to all of the CRDs that it is responsible for

? # managing.

- apiGroups: ["tekton.dev"]

? resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "pipelineresources",

? ? "conditions"]

? verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]

- apiGroups: ["tekton.dev"]

? resources: ["taskruns/finalizers", "pipelineruns/finalizers"]

? verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]

- apiGroups: ["tekton.dev"]

? resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status",

? ? "pipelineruns/status", "pipelineresources/status"]

? verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]

- apiGroups: ["policy"]

? resources: ["podsecuritypolicies"]

? resourceNames: ["tekton-pipelines"]

? verbs: ["use"]

---

kind: ClusterRole

apiVersion: rbac.authorization.k8s.io/v1

metadata:

? # This is the access that the controller needs on a per-namespace basis.

? name: tekton-pipelines-controller-tenant-access

rules:

- apiGroups: [""]

? resources: ["pods", "pods/log", "secrets", "events", "serviceaccounts", "configmaps",

? ? "persistentvolumeclaims", "limitranges"]

? verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]

? # Unclear if this access is actually required.? Simply a hold-over from the previous

? # incarnation of the controller's ClusterRole.

- apiGroups: ["apps"]

? resources: ["deployments"]

? verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]

- apiGroups: ["apps"]

? resources: ["deployments/finalizers"]

? verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]

---

kind: ClusterRole

apiVersion: rbac.authorization.k8s.io/v1

metadata:

? name: tekton-pipelines-webhook-cluster-access

rules:

- # The webhook needs to be able to list and update customresourcedefinitions,

? # mainly to update the webhook certificates.

? apiGroups: ["apiextensions.k8s.io"]

? resources: ["customresourcedefinitions", "customresourcedefinitions/status"]

? verbs: ["get", "list", "update", "patch", "watch"]

- apiGroups: ["admissionregistration.k8s.io"]

? # The webhook performs a reconciliation on these two resources and continuously

? # updates configuration.

? resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"]

? # knative starts informers on these things, which is why we need get, list and watch.

? verbs: ["list", "watch"]

- apiGroups: ["admissionregistration.k8s.io"]

? resources: ["mutatingwebhookconfigurations"]

? # This mutating webhook is responsible for applying defaults to tekton objects

? # as they are received.

? resourceNames: ["webhook.pipeline.tekton.dev"]

? # When there are changes to the configs or secrets, knative updates the mutatingwebhook config

? # with the updated certificates or the refreshed set of rules.

? verbs: ["get", "update"]

- apiGroups: ["admissionregistration.k8s.io"]

? resources: ["validatingwebhookconfigurations"]

? # validation.webhook.pipeline.tekton.dev performs schema validation when you, for example, create TaskRuns.

? # config.webhook.pipeline.tekton.dev validates the logging configuration against knative's logging structure

? resourceNames: ["validation.webhook.pipeline.tekton.dev", "config.webhook.pipeline.tekton.dev"]

? # When there are changes to the configs or secrets, knative updates the validatingwebhook config

? # with the updated certificates or the refreshed set of rules.

? verbs: ["get", "update"]

---

# Copyright 2020 The Tekton Authors

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? https://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

kind: Role

apiVersion: rbac.authorization.k8s.io/v1

metadata:

? name: tekton-pipelines-controller

? namespace: tekton-pipelines

rules:

- apiGroups: [""]

? resources: ["configmaps"]

? verbs: ["list", "watch"]

- # The controller needs access to these configmaps for logging information and runtime configuration.

? apiGroups: [""]

? resources: ["configmaps"]

? verbs: ["get"]

? resourceNames: ["config-logging", "config-observability", "config-artifact-bucket",

? ? "config-artifact-pvc", "feature-flags", "config-leader-election"]

---

kind: Role

apiVersion: rbac.authorization.k8s.io/v1

metadata:

? name: tekton-pipelines-webhook

? namespace: tekton-pipelines

rules:

- apiGroups: [""]

? resources: ["configmaps"]

? verbs: ["list", "watch"]

- # The webhook needs access to these configmaps for logging information.

? apiGroups: [""]

? resources: ["configmaps"]

? verbs: ["get"]

? resourceNames: ["config-logging", "config-observability"]

- apiGroups: [""]

? resources: ["secrets"]

? verbs: ["list", "watch"]

- # The webhook daemon makes a reconciliation loop on webhook-certs. Whenever

? # the secret changes it updates the webhook configurations with the certificates

? # stored in the secret.

? apiGroups: [""]

? resources: ["secrets"]

? verbs: ["get", "update"]

? resourceNames: ["webhook-certs"]

---

# Copyright 2019 The Tekton Authors

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

apiVersion: v1

kind: ServiceAccount

metadata:

? name: tekton-pipelines-controller

? namespace: tekton-pipelines

---

apiVersion: v1

kind: ServiceAccount

metadata:

? name: tekton-pipelines-webhook

? namespace: tekton-pipelines

---

# Copyright 2019 The Tekton Authors

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRoleBinding

metadata:

? name: tekton-pipelines-controller-cluster-access

subjects:

- kind: ServiceAccount

? name: tekton-pipelines-controller

? namespace: tekton-pipelines

roleRef:

? kind: ClusterRole

? name: tekton-pipelines-controller-cluster-access

? apiGroup: rbac.authorization.k8s.io

---

# If this ClusterRoleBinding is replaced with a RoleBinding

# then the ClusterRole would be namespaced. The access described by

# the tekton-pipelines-controller-tenant-access ClusterRole would

# be scoped to individual tenant namespaces.

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRoleBinding

metadata:

? name: tekton-pipelines-controller-tenant-access

subjects:

- kind: ServiceAccount

? name: tekton-pipelines-controller

? namespace: tekton-pipelines

roleRef:

? kind: ClusterRole

? name: tekton-pipelines-controller-tenant-access

? apiGroup: rbac.authorization.k8s.io

---

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRoleBinding

metadata:

? name: tekton-pipelines-webhook-cluster-access

subjects:

- kind: ServiceAccount

? name: tekton-pipelines-webhook

? namespace: tekton-pipelines

roleRef:

? kind: ClusterRole

? name: tekton-pipelines-webhook-cluster-access

? apiGroup: rbac.authorization.k8s.io

---

# Copyright 2020 The Tekton Authors

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: RoleBinding

metadata:

? name: tekton-pipelines-controller

? namespace: tekton-pipelines

subjects:

- kind: ServiceAccount

? name: tekton-pipelines-controller

? namespace: tekton-pipelines

roleRef:

? kind: Role

? name: tekton-pipelines-controller

? apiGroup: rbac.authorization.k8s.io

---

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: RoleBinding

metadata:

? name: tekton-pipelines-webhook

? namespace: tekton-pipelines

subjects:

- kind: ServiceAccount

? name: tekton-pipelines-webhook

? namespace: tekton-pipelines

roleRef:

? kind: Role

? name: tekton-pipelines-webhook

? apiGroup: rbac.authorization.k8s.io

---

# Copyright 2019 The Tekton Authors

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? https://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

apiVersion: apiextensions.k8s.io/v1beta1

kind: CustomResourceDefinition

metadata:

? name: clustertasks.tekton.dev

? labels:

? ? pipeline.tekton.dev/release: "devel"

? ? version: "devel"

spec:

? group: tekton.dev

? preserveUnknownFields: false

? validation:

? ? openAPIV3Schema:

? ? ? type: object

? ? ? # One can use x-kubernetes-preserve-unknown-fields: true

? ? ? # at the root of the schema (and inside any properties, additionalProperties)

? ? ? # to get the traditional CRD behaviour that nothing is pruned, despite

? ? ? # setting spec.preserveUnknownProperties: false.

? ? ? #

? ? ? # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/

? ? ? # See issue: https://github.com/knative/serving/issues/912

? ? ? x-kubernetes-preserve-unknown-fields: true

? versions:

? - name: v1alpha1

? ? served: true

? ? storage: true

? - name: v1beta1

? ? served: true

? ? storage: false

? names:

? ? kind: ClusterTask

? ? plural: clustertasks

? ? categories:

? ? - tekton

? ? - tekton-pipelines

? scope: Cluster

? # Opt into the status subresource so metadata.generation

? # starts to increment

? subresources:

? ? status: {}

? conversion:

? ? strategy: Webhook

? ? webhookClientConfig:

? ? ? service:

? ? ? ? name: tekton-pipelines-webhook

? ? ? ? namespace: tekton-pipelines

---

# Copyright 2019 The Tekton Authors

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? https://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

apiVersion: apiextensions.k8s.io/v1beta1

kind: CustomResourceDefinition

metadata:

? name: conditions.tekton.dev

? labels:

? ? pipeline.tekton.dev/release: "devel"

? ? version: "devel"

spec:

? group: tekton.dev

? names:

? ? kind: Condition

? ? plural: conditions

? ? categories:

? ? - tekton

? ? - tekton-pipelines

? scope: Namespaced

? # Opt into the status subresource so metadata.generation

? # starts to increment

? subresources:

? ? status: {}

? version: v1alpha1

---

# Copyright 2018 The Knative Authors

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? https://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

apiVersion: apiextensions.k8s.io/v1beta1

kind: CustomResourceDefinition

metadata:

? name: images.caching.internal.knative.dev

? labels:

? ? knative.dev/crd-install: "true"

spec:

? group: caching.internal.knative.dev

? version: v1alpha1

? names:

? ? kind: Image

? ? plural: images

? ? singular: image

? ? categories:

? ? - knative-internal

? ? - caching

? ? shortNames:

? ? - img

? scope: Namespaced

? subresources:

? ? status: {}

---

# Copyright 2019 The Tekton Authors

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? https://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

apiVersion: apiextensions.k8s.io/v1beta1

kind: CustomResourceDefinition

metadata:

? name: pipelines.tekton.dev

? labels:

? ? pipeline.tekton.dev/release: "devel"

? ? version: "devel"

spec:

? group: tekton.dev

? preserveUnknownFields: false

? validation:

? ? openAPIV3Schema:

? ? ? type: object

? ? ? # One can use x-kubernetes-preserve-unknown-fields: true

? ? ? # at the root of the schema (and inside any properties, additionalProperties)

? ? ? # to get the traditional CRD behaviour that nothing is pruned, despite

? ? ? # setting spec.preserveUnknownProperties: false.

? ? ? #

? ? ? # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/

? ? ? # See issue: https://github.com/knative/serving/issues/912

? ? ? x-kubernetes-preserve-unknown-fields: true

? versions:

? - name: v1alpha1

? ? served: true

? ? storage: true

? - name: v1beta1

? ? served: true

? ? storage: false

? names:

? ? kind: Pipeline

? ? plural: pipelines

? ? categories:

? ? - tekton

? ? - tekton-pipelines

? scope: Namespaced

? # Opt into the status subresource so metadata.generation

? # starts to increment

? subresources:

? ? status: {}

? conversion:

? ? strategy: Webhook

? ? webhookClientConfig:

? ? ? service:

? ? ? ? name: tekton-pipelines-webhook

? ? ? ? namespace: tekton-pipelines

---

# Copyright 2019 The Tekton Authors

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? https://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

apiVersion: apiextensions.k8s.io/v1beta1

kind: CustomResourceDefinition

metadata:

? name: pipelineruns.tekton.dev

? labels:

? ? pipeline.tekton.dev/release: "devel"

? ? version: "devel"

spec:

? group: tekton.dev

? preserveUnknownFields: false

? validation:

? ? openAPIV3Schema:

? ? ? type: object

? ? ? # One can use x-kubernetes-preserve-unknown-fields: true

? ? ? # at the root of the schema (and inside any properties, additionalProperties)

? ? ? # to get the traditional CRD behaviour that nothing is pruned, despite

? ? ? # setting spec.preserveUnknownProperties: false.

? ? ? #

? ? ? # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/

? ? ? # See issue: https://github.com/knative/serving/issues/912

? ? ? x-kubernetes-preserve-unknown-fields: true

? versions:

? - name: v1alpha1

? ? served: true

? ? storage: true

? - name: v1beta1

? ? served: true

? ? storage: false

? names:

? ? kind: PipelineRun

? ? plural: pipelineruns

? ? categories:

? ? - tekton

? ? - tekton-pipelines

? ? shortNames:

? ? - pr

? ? - prs

? scope: Namespaced

? additionalPrinterColumns:

? - name: Succeeded

? ? type: string

? ? JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].status"

? - name: Reason

? ? type: string

? ? JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].reason"

? - name: StartTime

? ? type: date

? ? JSONPath: .status.startTime

? - name: CompletionTime

? ? type: date

? ? JSONPath: .status.completionTime

? # Opt into the status subresource so metadata.generation

? # starts to increment

? subresources:

? ? status: {}

? conversion:

? ? strategy: Webhook

? ? webhookClientConfig:

? ? ? service:

? ? ? ? name: tekton-pipelines-webhook

? ? ? ? namespace: tekton-pipelines

---

# Copyright 2019 The Tekton Authors

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? https://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

apiVersion: apiextensions.k8s.io/v1beta1

kind: CustomResourceDefinition

metadata:

? name: pipelineresources.tekton.dev

? labels:

? ? pipeline.tekton.dev/release: "devel"

? ? version: "devel"

spec:

? group: tekton.dev

? names:

? ? kind: PipelineResource

? ? plural: pipelineresources

? ? categories:

? ? - tekton

? ? - tekton-pipelines

? scope: Namespaced

? # Opt into the status subresource so metadata.generation

? # starts to increment

? subresources:

? ? status: {}

? version: v1alpha1

---

# Copyright 2019 The Tekton Authors

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? https://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

apiVersion: apiextensions.k8s.io/v1beta1

kind: CustomResourceDefinition

metadata:

? name: tasks.tekton.dev

? labels:

? ? pipeline.tekton.dev/release: "devel"

? ? version: "devel"

spec:

? group: tekton.dev

? preserveUnknownFields: false

? validation:

? ? openAPIV3Schema:

? ? ? type: object

? ? ? # One can use x-kubernetes-preserve-unknown-fields: true

? ? ? # at the root of the schema (and inside any properties, additionalProperties)

? ? ? # to get the traditional CRD behaviour that nothing is pruned, despite

? ? ? # setting spec.preserveUnknownProperties: false.

? ? ? #

? ? ? # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/

? ? ? # See issue: https://github.com/knative/serving/issues/912

? ? ? x-kubernetes-preserve-unknown-fields: true

? versions:

? - name: v1alpha1

? ? served: true

? ? storage: true

? - name: v1beta1

? ? served: true

? ? storage: false

? names:

? ? kind: Task

? ? plural: tasks

? ? categories:

? ? - tekton

? ? - tekton-pipelines

? scope: Namespaced

? # Opt into the status subresource so metadata.generation

? # starts to increment

? subresources:

? ? status: {}

? conversion:

? ? strategy: Webhook

? ? webhookClientConfig:

? ? ? service:

? ? ? ? name: tekton-pipelines-webhook

? ? ? ? namespace: tekton-pipelines

---

# Copyright 2019 The Tekton Authors

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? https://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

apiVersion: apiextensions.k8s.io/v1beta1

kind: CustomResourceDefinition

metadata:

? name: taskruns.tekton.dev

? labels:

? ? pipeline.tekton.dev/release: "devel"

? ? version: "devel"

spec:

? group: tekton.dev

? preserveUnknownFields: false

? validation:

? ? openAPIV3Schema:

? ? ? type: object

? ? ? # One can use x-kubernetes-preserve-unknown-fields: true

? ? ? # at the root of the schema (and inside any properties, additionalProperties)

? ? ? # to get the traditional CRD behaviour that nothing is pruned, despite

? ? ? # setting spec.preserveUnknownProperties: false.

? ? ? #

? ? ? # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/

? ? ? # See issue: https://github.com/knative/serving/issues/912

? ? ? x-kubernetes-preserve-unknown-fields: true

? versions:

? - name: v1alpha1

? ? served: true

? ? storage: true

? - name: v1beta1

? ? served: true

? ? storage: false

? names:

? ? kind: TaskRun

? ? plural: taskruns

? ? categories:

? ? - tekton

? ? - tekton-pipelines

? ? shortNames:

? ? - tr

? ? - trs

? scope: Namespaced

? additionalPrinterColumns:

? - name: Succeeded

? ? type: string

? ? JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].status"

? - name: Reason

? ? type: string

? ? JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].reason"

? - name: StartTime

? ? type: date

? ? JSONPath: .status.startTime

? - name: CompletionTime

? ? type: date

? ? JSONPath: .status.completionTime

? # Opt into the status subresource so metadata.generation

? # starts to increment

? subresources:

? ? status: {}

? conversion:

? ? strategy: Webhook

? ? webhookClientConfig:

? ? ? service:

? ? ? ? name: tekton-pipelines-webhook

? ? ? ? namespace: tekton-pipelines

---

# Copyright 2020 The Tekton Authors

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? https://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

apiVersion: v1

kind: Secret

metadata:

? name: webhook-certs

? namespace: tekton-pipelines

? labels:

? ? pipeline.tekton.dev/release: devel

# The data is populated at install time.

---

apiVersion: admissionregistration.k8s.io/v1beta1

kind: ValidatingWebhookConfiguration

metadata:

? name: validation.webhook.pipeline.tekton.dev

? labels:

? ? pipeline.tekton.dev/release: devel

webhooks:

- admissionReviewVersions:

? - v1beta1

? clientConfig:

? ? service:

? ? ? name: tekton-pipelines-webhook

? ? ? namespace: tekton-pipelines

? failurePolicy: Fail

? sideEffects: None

? name: validation.webhook.pipeline.tekton.dev

---

apiVersion: admissionregistration.k8s.io/v1beta1

kind: MutatingWebhookConfiguration

metadata:

? name: webhook.pipeline.tekton.dev

? labels:

? ? pipeline.tekton.dev/release: devel

webhooks:

- admissionReviewVersions:

? - v1beta1

? clientConfig:

? ? service:

? ? ? name: tekton-pipelines-webhook

? ? ? namespace: tekton-pipelines

? failurePolicy: Fail

? sideEffects: None

? name: webhook.pipeline.tekton.dev

---

apiVersion: admissionregistration.k8s.io/v1beta1

kind: ValidatingWebhookConfiguration

metadata:

? name: config.webhook.pipeline.tekton.dev

? labels:

? ? pipeline.tekton.dev/release: devel

webhooks:

- admissionReviewVersions:

? - v1beta1

? clientConfig:

? ? service:

? ? ? name: tekton-pipelines-webhook

? ? ? namespace: tekton-pipelines

? failurePolicy: Fail

? sideEffects: None

? name: config.webhook.pipeline.tekton.dev

? namespaceSelector:

? ? matchExpressions:

? ? - key: pipeline.tekton.dev/release

? ? ? operator: Exists

---

# Copyright 2019 The Tekton Authors

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? https://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

? name: tekton-aggregate-edit

? labels:

? ? rbac.authorization.k8s.io/aggregate-to-edit: "true"

? ? rbac.authorization.k8s.io/aggregate-to-admin: "true"

rules:

- apiGroups:

? - tekton.dev

? resources:

? - tasks

? - taskruns

? - pipelines

? - pipelineruns

? - pipelineresources

? - conditions

? verbs:

? - create

? - delete

? - deletecollection

? - get

? - list

? - patch

? - update

? - watch

---

# Copyright 2019 The Tekton Authors

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? https://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

? name: tekton-aggregate-view

? labels:

? ? rbac.authorization.k8s.io/aggregate-to-view: "true"

rules:

- apiGroups:

? - tekton.dev

? resources:

? - tasks

? - taskruns

? - pipelines

? - pipelineruns

? - pipelineresources

? - conditions

? verbs:

? - get

? - list

? - watch

---

# Copyright 2019 The Tekton Authors

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? https://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

apiVersion: v1

kind: ConfigMap

metadata:

? name: config-artifact-bucket

? namespace: tekton-pipelines

#? data:

#? ? # location of the gcs bucket to be used for artifact storage

#? ? location: "gs://bucket-name"

#? ? # name of the secret that will contain the credentials for the service account

#? ? # with access to the bucket

#? ? bucket.service.account.secret.name:

#? ? # The key in the secret with the required service account json

#? ? bucket.service.account.secret.key:

---

# Copyright 2019 The Tekton Authors

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? https://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

apiVersion: v1

kind: ConfigMap

metadata:

? name: config-artifact-pvc

? namespace: tekton-pipelines

# data:

#? # size of the PVC volume

#? size: 5Gi

#

#? # storage class of the PVC volume

#? storageClassName: storage-class-name

---

# Copyright 2019 The Tekton Authors

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? https://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

apiVersion: v1

kind: ConfigMap

metadata:

? name: config-defaults

? namespace: tekton-pipelines

data:

? _example: |-

? ? ################################

? ? #? ? ? ? ? ? ? ? ? ? ? ? ? ? ? #

? ? #? ? EXAMPLE CONFIGURATION? ? #

? ? #? ? ? ? ? ? ? ? ? ? ? ? ? ? ? #

? ? ################################

? ? # This block is not actually functional configuration,

? ? # but serves to illustrate the available configuration

? ? # options and document them in a way that is accessible

? ? # to users that `kubectl edit` this config map.

? ? #

? ? # These sample configuration options may be copied out of

? ? # this example block and unindented to be in the data block

? ? # to actually change the configuration.

? ? # default-timeout-minutes contains the default number of

? ? # minutes to use for TaskRun and PipelineRun, if none is specified.

? ? default-timeout-minutes: "60"? # 60 minutes

? ? # default-service-account contains the default service account name

? ? # to use for TaskRun and PipelineRun, if none is specified.

? ? default-service-account: "default"

? ? # default-managed-by-label-value contains the default value given to the

? ? # "app.kubernetes.io/managed-by" label applied to all Pods created for

? ? # TaskRuns. If a user's requested TaskRun specifies another value for this

? ? # label, the user's request supercedes.

? ? default-managed-by-label-value: "tekton-pipelines"

? ? # default-pod-template contains the default pod template to use

? ? # TaskRun and PipelineRun, if none is specified. If a pod template

? ? # is specified, the default pod template is ignored.

? ? # default-pod-template:

---

# Copyright 2019 The Tekton Authors

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? https://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

apiVersion: v1

kind: ConfigMap

metadata:

? name: feature-flags

? namespace: tekton-pipelines

data:

? # Setting this flag to "true" will prevent Tekton overriding your

? # Task container's $HOME environment variable.

? #

? # The default behaviour currently is for Tekton to override the

? # $HOME environment variable but this will change in an upcoming

? # release.

? #

? # See https://github.com/tektoncd/pipeline/issues/2013 for more

? # info.

? disable-home-env-overwrite: "false"

? # Setting this flag to "true" will prevent Tekton overriding your

? # Task container's working directory.

? #

? # The default behaviour currently is for Tekton to override the

? # working directory if not set by the user but this will change

? # in an upcoming release.

? #

? # See https://github.com/tektoncd/pipeline/issues/1836 for more

? # info.

? disable-working-directory-overwrite: "false"

---

# Copyright 2020 Tekton Authors LLC

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? https://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

apiVersion: v1

kind: ConfigMap

metadata:

? name: config-leader-election

? namespace: tekton-pipelines

data:

? # An inactive but valid configuration follows; see example.

? resourceLock: "leases"

? leaseDuration: "15s"

? renewDeadline: "10s"

? retryPeriod: "2s"

---

# Copyright 2019 Tekton Authors LLC

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? https://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

apiVersion: v1

kind: ConfigMap

metadata:

? name: config-logging

? namespace: tekton-pipelines

data:

? # Common configuration for all knative codebase

? zap-logger-config: |

? ? {

? ? ? "level": "info",

? ? ? "development": false,

? ? ? "sampling": {

? ? ? ? "initial": 100,

? ? ? ? "thereafter": 100

? ? ? },

? ? ? "outputPaths": ["stdout"],

? ? ? "errorOutputPaths": ["stderr"],

? ? ? "encoding": "json",

? ? ? "encoderConfig": {

? ? ? ? "timeKey": "",

? ? ? ? "levelKey": "level",

? ? ? ? "nameKey": "logger",

? ? ? ? "callerKey": "caller",

? ? ? ? "messageKey": "msg",

? ? ? ? "stacktraceKey": "stacktrace",

? ? ? ? "lineEnding": "",

? ? ? ? "levelEncoder": "",

? ? ? ? "timeEncoder": "",

? ? ? ? "durationEncoder": "",

? ? ? ? "callerEncoder": ""

? ? ? }

? ? }

? # Log level overrides

? loglevel.controller: "info"

? loglevel.webhook: "info"

---

# Copyright 2019 The Tekton Authors

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? https://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

apiVersion: v1

kind: ConfigMap

metadata:

? name: config-observability

? namespace: tekton-pipelines

data:

? _example: |

? ? ################################

? ? #? ? ? ? ? ? ? ? ? ? ? ? ? ? ? #

? ? #? ? EXAMPLE CONFIGURATION? ? #

? ? #? ? ? ? ? ? ? ? ? ? ? ? ? ? ? #

? ? ################################

? ? # This block is not actually functional configuration,

? ? # but serves to illustrate the available configuration

? ? # options and document them in a way that is accessible

? ? # to users that `kubectl edit` this config map.

? ? #

? ? # These sample configuration options may be copied out of

? ? # this example block and unindented to be in the data block

? ? # to actually change the configuration.

? ? # metrics.backend-destination field specifies the system metrics destination.

? ? # It supports either prometheus (the default) or stackdriver.

? ? # Note: Using Stackdriver will incur additional charges.

? ? metrics.backend-destination: prometheus

? ? # metrics.stackdriver-project-id field specifies the Stackdriver project ID. This

? ? # field is optional. When running on GCE, application default credentials will be

? ? # used and metrics will be sent to the cluster's project if this field is

? ? # not provided.

? ? metrics.stackdriver-project-id: "<your stackdriver project id>"

? ? # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed

? ? # to send metrics to Stackdriver using "global" resource type and custom

? ? # metric type. Setting this flag to "true" could cause extra Stackdriver

? ? # charge.? If metrics.backend-destination is not Stackdriver, this is

? ? # ignored.

? ? metrics.allow-stackdriver-custom-metrics: "false"

---

# Copyright 2019 The Tekton Authors

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

apiVersion: apps/v1

kind: Deployment

metadata:

? name: tekton-pipelines-controller

? namespace: tekton-pipelines

? labels:

? ? app.kubernetes.io/name: tekton-pipelines

? ? app.kubernetes.io/component: controller

? ? pipeline.tekton.dev/release: "v0.12.0"

? ? version: "v0.12.0"

spec:

? replicas: 1

? selector:

? ? matchLabels:

? ? ? app: tekton-pipelines-controller

? template:

? ? metadata:

? ? ? annotations:

? ? ? ? cluster-autoscaler.kubernetes.io/safe-to-evict: "false"

? ? ? labels:

? ? ? ? app: tekton-pipelines-controller

? ? ? ? app.kubernetes.io/name: tekton-pipelines

? ? ? ? app.kubernetes.io/component: controller

? ? ? ? # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml

? ? ? ? pipeline.tekton.dev/release: "v0.12.0"

? ? ? ? version: "v0.12.0"

? ? spec:

? ? ? serviceAccountName: tekton-pipelines-controller

? ? ? containers:

? ? ? - name: tekton-pipelines-controller

? ? ? ? image: god/tekton-controller:v0.12.0

? ? ? ? args: [

? ? ? ? ? # These images are built on-demand by `ko resolve` and are replaced

? ? ? ? ? # by image references by digest.

? ? ? ? ? "-kubeconfig-writer-image", "god/tekton-kubeconfigwriter:v0.12.0",

? ? ? ? ? "-creds-image", "god/tekton-creds-init:v0.12.0",

? ? ? ? ? "-git-image", "god/tekton-git-init:v0.12.0",

? ? ? ? ? "-entrypoint-image", "god/tekton-entrypoint:v0.12.0",

? ? ? ? ? "-imagedigest-exporter-image", "god/tekton-imagedigestexporter:v0.12.0",

? ? ? ? ? "-pr-image", "god/tekton-pullrequest-init:v0.12.0",

? ? ? ? ? "-build-gcs-fetcher-image", "god/tekton-gcs-fetcher:v0.12.0",

? ? ? ? ? # These images are pulled from Dockerhub, by digest, as of April 15, 2020.

? ? ? ? ? "-nop-image", "god/tianon:v1.0",

? ? ? ? ? "-shell-image", "god/busybox:v1.0",

? ? ? ? ? "-gsutil-image", "google/cloud-sdk"]

? ? ? ? volumeMounts:

? ? ? ? - name: config-logging

? ? ? ? ? mountPath: /etc/config-logging

? ? ? ? env:

? ? ? ? - name: SYSTEM_NAMESPACE

? ? ? ? ? valueFrom:

? ? ? ? ? ? fieldRef:

? ? ? ? ? ? ? fieldPath: metadata.namespace

? ? ? ? - # If you are changing these names, you will also need to update

? ? ? ? ? # the controller's Role in 200-role.yaml to include the new

? ? ? ? ? # values in the "configmaps" "get" rule.

? ? ? ? ? name: CONFIG_LOGGING_NAME

? ? ? ? ? value: config-logging

? ? ? ? - name: CONFIG_OBSERVABILITY_NAME

? ? ? ? ? value: config-observability

? ? ? ? - name: CONFIG_ARTIFACT_BUCKET_NAME

? ? ? ? ? value: config-artifact-bucket

? ? ? ? - name: CONFIG_ARTIFACT_PVC_NAME

? ? ? ? ? value: config-artifact-pvc

? ? ? ? - name: CONFIG_FEATURE_FLAGS_NAME

? ? ? ? ? value: feature-flags

? ? ? ? - name: CONFIG_LEADERELECTION_NAME

? ? ? ? ? value: config-leader-election

? ? ? ? - name: METRICS_DOMAIN

? ? ? ? ? value: tekton.dev/pipeline

? ? ? volumes:

? ? ? - name: config-logging

? ? ? ? configMap:

? ? ? ? ? name: config-logging

---

apiVersion: v1

kind: Service

metadata:

? labels:

? ? app: tekton-pipelines-controller

? ? pipeline.tekton.dev/release: "v0.12.0"

? ? version: "v0.12.0"

? name: tekton-pipelines-controller

? namespace: tekton-pipelines

spec:

? ports:

? - name: http-metrics

? ? port: 9090

? ? protocol: TCP

? ? targetPort: 9090

? selector:

? ? app: tekton-pipelines-controller

---

# Copyright 2019 The Tekton Authors

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#? ? https://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

apiVersion: apps/v1

kind: Deployment

metadata:

? # Note: the Deployment name must be the same as the Service name specified in

? # config/400-webhook-service.yaml. If you change this name, you must also

? # change the value of WEBHOOK_SERVICE_NAME below.

? name: tekton-pipelines-webhook

? namespace: tekton-pipelines

? labels:

? ? app.kubernetes.io/name: tekton-pipelines

? ? app.kubernetes.io/component: webhook-controller

? ? pipeline.tekton.dev/release: "v0.12.0"

? ? version: "v0.12.0"

spec:

? replicas: 1

? selector:

? ? matchLabels:

? ? ? app: tekton-pipelines-webhook

? ? ? role: webhook

? template:

? ? metadata:

? ? ? annotations:

? ? ? ? cluster-autoscaler.kubernetes.io/safe-to-evict: "false"

? ? ? labels:

? ? ? ? app: tekton-pipelines-webhook

? ? ? ? role: webhook

? ? ? ? app.kubernetes.io/name: tekton-pipelines

? ? ? ? app.kubernetes.io/component: webhook-controller

? ? ? ? pipeline.tekton.dev/release: "v0.12.0"

? ? ? ? version: "v0.12.0"

? ? spec:

? ? ? serviceAccountName: tekton-pipelines-webhook

? ? ? containers:

? ? ? - name: webhook

? ? ? ? # This is the Go import path for the binary that is containerized

? ? ? ? # and substituted here.

? ? ? ? image: ?god/tekton-webhook:v0.12.0

? ? ? ? env:

? ? ? ? - name: SYSTEM_NAMESPACE

? ? ? ? ? valueFrom:

? ? ? ? ? ? fieldRef:

? ? ? ? ? ? ? fieldPath: metadata.namespace

? ? ? ? - # If you are changing these names, you will also need to update

? ? ? ? ? # the webhook's Role in 200-role.yaml to include the new

? ? ? ? ? # values in the "configmaps" "get" rule.

? ? ? ? ? name: CONFIG_LOGGING_NAME

? ? ? ? ? value: config-logging

? ? ? ? - name: CONFIG_OBSERVABILITY_NAME

? ? ? ? ? value: config-observability

? ? ? ? - name: CONFIG_LEADERELECTION_NAME

? ? ? ? ? value: config-leader-election

? ? ? ? - name: WEBHOOK_SERVICE_NAME

? ? ? ? ? value: tekton-pipelines-webhook

? ? ? ? - name: WEBHOOK_SECRET_NAME

? ? ? ? ? value: webhook-certs

? ? ? ? - name: METRICS_DOMAIN

? ? ? ? ? value: tekton.dev/pipeline

? ? ? ? securityContext:

? ? ? ? ? allowPrivilegeEscalation: false

? ? ? ? ports:

? ? ? ? - name: metrics

? ? ? ? ? containerPort: 9090

? ? ? ? - name: profiling

? ? ? ? ? containerPort: 8008

? ? ? ? - name: https-webhook

? ? ? ? ? containerPort: 8443

---

apiVersion: v1

kind: Service

metadata:

? labels:

? ? app: tekton-pipelines-webhook

? ? role: webhook

? ? pipeline.tekton.dev/release: v0.12.0

? ? version: "v0.12.0"

? name: tekton-pipelines-webhook

? namespace: tekton-pipelines

spec:

? ports:

? - # Define metrics and profiling for them to be accessible within service meshes.

? ? name: http-metrics

? ? port: 9090

? ? targetPort: 9090

? - name: http-profiling

? ? port: 8008

? ? targetPort: 8008

? - name: https-webhook

? ? port: 443

? ? targetPort: 8443

? selector:

? ? app: tekton-pipelines-webhook

? ? role: webhook

---

更新資源文件。 ?kubectl apply -f release.yaml

#驗證?pod?是否創(chuàng)建成功

kubectl get pods -n tekton-pipelines

NAME? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? READY? STATUS? ? RESTARTS? AGE

tekton-pipelines-controller-df779b44b-7lvsx? 1/1? ? Running? 0? ? ? ? ? 20s

tekton-pipelines-webhook-6bb6b45fd4-6scgl? ? 1/1? ? Running? 0? ? ? ? ? 20s

Tekton?概念

Tekton?為?Kubernetes?提供了多種?CRD?資源對象，可用于定義我們的流水線，主要有以下幾個?CRD?資源對象:

1)Task:表示執(zhí)行命令的一系列步驟，task?里可以定義一系列的?steps，例如編譯代碼、構建鏡 像、推送鏡像等，每個?step?實際由一個?Pod?里的容器執(zhí)行。

2)TaskRun:task?只是定義了一個模版，taskRun?才真正代表了一次實際的運行，當然你也可以 自己手動創(chuàng)建一個?taskRun，taskRun?創(chuàng)建出來之后，就會自動觸發(fā)?task?描述的構建任務。?

3)Pipeline:一組任務，表示一個或多個?task、PipelineResource?以及各種定義參數的集合。?

4)PipelineRun:類似?task?和?taskRun?的關系，pipelineRun?也表示某一次實際運行的?pipeline，下發(fā)一個?pipelineRun CRD?實例到?Kubernetes?后，同樣也會觸發(fā)一次?pipeline?的 構建。

5)PipelineResource:表示?pipeline?輸入資源，比如?github?上的源碼，或者?pipeline?輸出資 源，例如一個容器鏡像或者構建生成的?jar?包等。

測試?Tekton?構建?CI/CD?流水線

測試一個簡單的?golang?程序。應用程序代碼，測試及?dockerfile?文件可在如下地址獲取:?https://github.com/cadrcadr/tekton-demo

1、clone?應用程序代碼進行測試，創(chuàng)建一個?task?任務

cat task-test.yaml

apiVersion: tekton.dev/v1beta1

kind: Task

metadata:

? name: test

spec:

? resources:

? ? inputs:

? ? - name: repo

? ? ? type: git

? steps:

? - name: run-test

? ? image: golang:1.14-alpine

? ? workingDir: /workspace/repo

? ? command: ["go"]

? ? args: ["test"]

kubectl apply -f task-test.yaml

#查看?Task?資源

kubectl get Task

NAME AGE

test 23s

#上面內容解釋說明:

resources?定義了我們的任務中定義的步驟中需要輸入的內容，這里我們的步驟需要?Clone?一個?Git?倉庫作為?go test?命令的輸入。Tekton?內置了一種?git?資源類型，它會自動將代碼倉庫?Clone?到?/workspace/$input_name?目錄中，由于我們這里輸入被命名成?repo，所以代碼會被?Clone?到?/workspace/repo?目錄下面。然后下面的?steps?就是來定義執(zhí)行運行測試命令的步驟， 這里我們直接在代碼的根目錄中運行?go test?命令即可，需要注意的是命令和參數需要分別定義。

2、創(chuàng)建?pipelineresource?資源對象

通過上面步驟我們定義了一個?

Task?任務，但是該任務并不會立即執(zhí)行，我們必須創(chuàng)建一個?TaskRun?引用它并提供所有必需輸入的數據才行。這里我們就需要將?git?代碼庫作為輸入，我們必 須先創(chuàng)建一個?PipelineResource?對象來定義輸入信息，創(chuàng)建一個名

為?

pipelineresource.yaml?的資源清單文件，內容如下所示:

# cat pipelineresource.yaml

apiVersion: tekton.dev/v1alpha1

kind: PipelineResource

metadata:

? name: god-tekton-example

spec:

? type: git

? params:

? ? - name: url

? ? ? value: https://github.com/cadrcadr/tekton-demo

? ? - name: revision

? ? ? value: master

kubectl apply -f pipelineresource.yaml

3、創(chuàng)建?taskrun?任務

cat taskrun.yaml

apiVersion: tekton.dev/v1beta1

kind: TaskRun

metadata:

? name: testrun

spec:

? taskRef:

? ? name: test

? resources:

? ? inputs:

? ? - name: repo

? ? ? resourceRef:

? ? ? ? name: god-tekton-example

]# kubectl apply -f taskrun.yaml

#上面資源清單文件解釋說明

這里通過?

taskRef?引用上面定義的?Task?和?git?倉庫作為輸入，resourceRef?也是引用上面定義的?PipelineResource?資源對象。

#創(chuàng)建后，我們可以通過查看?TaskRun?資源對象的狀態(tài)來查看構建狀態(tài)

?# kubectl get taskrun

NAME SUCCEEDED REASON STARTTIME

testrun Unknown Running 6s

# kubectl get pods

NAME READY STATUS RESTARTS AGE

testrun-pod-x9rkn 2/2 Running 0 9s

當任務執(zhí)行完成后，?Pod?就會變成?Completed?狀態(tài)了:

kubectl get pods

NAME READY STATUS RESTARTS AGE

testrun-pod-x9rkn 0/2 Completed 0 72s

我們可以通過?kubectl describe?命令來查看任務運行的過程，首先就是通過?initContainer?中的 一個?busybox?鏡像將代碼?Clone?下來，然后使用任務中定義的鏡像來執(zhí)行命令。當任務執(zhí)行完成 后，?Pod?就會變成?Completed?狀態(tài)了，我們可以查看容器的日志信息來了解任務的執(zhí)行結果信 息:

# kubectl logs testrun-pod-x9rkn --all-containers {"level":"info","ts":1617616592.58145,"caller":"git/git.go:136","msg":"Successfully cloned https://github.com/luckylucky421/tekton-demo @ c6c2a85091d538a13c44f85bcee9e861c362b0d3 (grafted, HEAD, origin/master) in path /workspace/repo"} {"level":"info","ts":1617616592.6319332,"caller":"git/git.go:177","msg":"Successfully initialized and updated submodules in path /workspace/repo"}

PASS

ok _/workspace/repo 0.003s

#通過上面可以看到我們的測試已經通過了。

總結:我們已經在?Kubernetes?集群上成功安裝了?Tekton，定義了一個?Task，并通過?YAML?清 單和創(chuàng)建?TaskRun?對其進行了測試。