Tekton 安装

发布时间: 更新时间: 总字数:724 阅读时间:2m 作者: 分享 复制网址

Tekton 安装

环境要求

  • kubernetes 1.22 or later
  • k8s 集群的 cluster-admin 权限

安装步骤

安装

安装 Tekton Pipeline

说明:

# https://github.com/tektoncd/pipeline/releases/download/v0.39.0/release.yaml
curl -Lfs -o tektoncd-pipeline.yaml https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml

# 参考 https://mirrors.kb.cx/?s=gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd 查找hub.docker.com的替换镜像
sed 's#gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller#gcriotekton/pipeline-controller#g' -i *.yaml
sed 's#gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook#gcriotekton/pipeline-webhook#g' -i *.yaml

# 其中 tekton-pipelines-controller 通过 args -kubeconfig-writer-image 执行运行时的依赖镜像,也需要替换
sed 's#gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/kubeconfigwriter#gcriotekton/pipeline-kubeconfigwriter#g' -i *.yaml
sed 's#gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint#gcriotekton/pipeline-entrypoint#g' -i *.yaml
sed 's#gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init#gcriotekton/pipeline-git-init#g' -i *.yaml
sed 's#gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop#gcriotekton/pipeline-nop#g' -i *.yaml
sed 's#gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/imagedigestexporter#gcriotekton/pipeline-imagedigestexporter#g' -i *.yaml
sed 's#gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/pullrequest-init#gcriotekton/pipeline-pullrequest-init#g' -i *.yaml
sed 's#gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/workingdirinit#gcriotekton/pipeline-workingdirinit#g' -i *.yaml

# 可选,若镜像的 digest 同步失败的话,需要将镜像后的 digest 去掉
sed 's#@sha256:[a-z0-9]{64}##g' -i -E tektoncd-pipeline.yaml

# 可选,由于是 k8s 1.25.0 版本,需要修复部分资源升级导致的问题,且 policy/v1 PodSecurityPolicy 从该版本移除,出现问题暂时未处理
sed 's#autoscaling/v2beta1#autoscaling/v2#g' -i tektoncd-pipeline.yaml

kubectl apply -f tektoncd-pipeline.yaml
  • 部署日志
tekton-release-install-log
root@k8s-master:~/tekton# kubectl apply -f tektoncd-pipeline.yaml
namespace/tekton-pipelines created
clusterrole.rbac.authorization.k8s.io/tekton-pipelines-controller-cluster-access created
clusterrole.rbac.authorization.k8s.io/tekton-pipelines-controller-tenant-access created
clusterrole.rbac.authorization.k8s.io/tekton-pipelines-webhook-cluster-access created
role.rbac.authorization.k8s.io/tekton-pipelines-controller created
role.rbac.authorization.k8s.io/tekton-pipelines-webhook created
role.rbac.authorization.k8s.io/tekton-pipelines-leader-election created
role.rbac.authorization.k8s.io/tekton-pipelines-info created
serviceaccount/tekton-pipelines-controller created
serviceaccount/tekton-pipelines-webhook created
clusterrolebinding.rbac.authorization.k8s.io/tekton-pipelines-controller-cluster-access created
clusterrolebinding.rbac.authorization.k8s.io/tekton-pipelines-controller-tenant-access created
clusterrolebinding.rbac.authorization.k8s.io/tekton-pipelines-webhook-cluster-access created
rolebinding.rbac.authorization.k8s.io/tekton-pipelines-controller created
rolebinding.rbac.authorization.k8s.io/tekton-pipelines-webhook created
rolebinding.rbac.authorization.k8s.io/tekton-pipelines-controller-leaderelection created
rolebinding.rbac.authorization.k8s.io/tekton-pipelines-webhook-leaderelection created
rolebinding.rbac.authorization.k8s.io/tekton-pipelines-info created
customresourcedefinition.apiextensions.k8s.io/clustertasks.tekton.dev created
customresourcedefinition.apiextensions.k8s.io/pipelines.tekton.dev created
customresourcedefinition.apiextensions.k8s.io/pipelineruns.tekton.dev created
customresourcedefinition.apiextensions.k8s.io/resolutionrequests.resolution.tekton.dev created
customresourcedefinition.apiextensions.k8s.io/pipelineresources.tekton.dev created
customresourcedefinition.apiextensions.k8s.io/runs.tekton.dev created
customresourcedefinition.apiextensions.k8s.io/tasks.tekton.dev created
customresourcedefinition.apiextensions.k8s.io/taskruns.tekton.dev created
secret/webhook-certs created
validatingwebhookconfiguration.admissionregistration.k8s.io/validation.webhook.pipeline.tekton.dev created
mutatingwebhookconfiguration.admissionregistration.k8s.io/webhook.pipeline.tekton.dev created
validatingwebhookconfiguration.admissionregistration.k8s.io/config.webhook.pipeline.tekton.dev created
clusterrole.rbac.authorization.k8s.io/tekton-aggregate-edit created
clusterrole.rbac.authorization.k8s.io/tekton-aggregate-view created
configmap/config-artifact-bucket created
configmap/config-artifact-pvc created
configmap/config-defaults created
configmap/feature-flags created
configmap/pipelines-info created
configmap/config-leader-election created
configmap/config-logging created
configmap/config-observability created
configmap/config-registry-cert created
deployment.apps/tekton-pipelines-controller created
service/tekton-pipelines-controller created
deployment.apps/tekton-pipelines-webhook created
service/tekton-pipelines-webhook created
resource mapping not found for name: "tekton-pipelines" namespace: "" from "tektoncd-pipeline.yaml": no matches for kind "PodSecurityPolicy" in version "policy/v1"
ensure CRDs are installed first
Error from server (BadRequest): error when creating "tektoncd-pipeline.yaml": HorizontalPodAutoscaler in version "v2" cannot be handled as a HorizontalPodAutoscaler: strict decoding error: unknown field "spec.metrics[0].resource.targetAverageUtilization"

日志中还有其他错误,需要根据情况判断是否需要修复(略)。

  • 查看资源
$ kubectl get pods --namespace tekton-pipelines --watch
NAME                                           READY   STATUS              RESTARTS   AGE
tekton-pipelines-controller-5f9784fc4d-glmq9   1/1     Running             0          15m
tekton-pipelines-webhook-6d47dc7dfc-j2p8f      1/1     Running             0          15m
$ kubectl get deployments --namespace tekton-pipelines
NAME                          READY   UP-TO-DATE   AVAILABLE   AGE
tekton-pipelines-controller   1/1     1            1           24m
tekton-pipelines-webhook      1/1     1            1           24m

安装 Tekton Triggers

安装 Tekton Dashboard

说明:

curl -Lfs -o tekton-dashboard-release.yaml https://storage.googleapis.com/tekton-releases/dashboard/latest/tekton-dashboard-release.yaml

sed 's#gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard#gcriotekton/dashboard-dashboard#g' -i tekton-dashboard-release.yaml

# 可选,替换 sha256
sed 's#@sha256:[a-z0-9]{64}##g' -i -E tekton-dashboard-release.yaml

kubectl apply -f tekton-dashboard-release.yaml
  • 安装日志
root@k8s-master:~/tekton# kubectl apply -f tekton-dashboard-release.yaml
customresourcedefinition.apiextensions.k8s.io/extensions.dashboard.tekton.dev created
serviceaccount/tekton-dashboard created
role.rbac.authorization.k8s.io/tekton-dashboard-info created
clusterrole.rbac.authorization.k8s.io/tekton-dashboard-backend created
clusterrole.rbac.authorization.k8s.io/tekton-dashboard-tenant created
rolebinding.rbac.authorization.k8s.io/tekton-dashboard-info created
clusterrolebinding.rbac.authorization.k8s.io/tekton-dashboard-backend created
configmap/dashboard-info created
service/tekton-dashboard created
deployment.apps/tekton-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/tekton-dashboard-tenant created
  • 资源查看
root@k8s-master:~/tekton# kubectl -n tekton-pipelines get pod
NAME                                           READY   STATUS        RESTARTS   AGE
tekton-dashboard-74c4cff4c5-w47sz              1/1     Running       0          2m56s
...
root@k8s-master:~/tekton# kubectl -n tekton-pipelines get svc
NAME                          TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                              AGE
tekton-dashboard              ClusterIP   10.99.6.172      <none>        9097/TCP                             8m12s
...

暴露到外部访问

可以采用 Istio 等,测试环境采用 NodePort 的方式暴露资源:

$ kubectl patch svc -n tekton-pipelines tekton-dashboard -p '{"spec": {"type": "NodePort"}}'
$ kubectl -n tekton-pipelines get svc
NAME                          TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                              AGE
tekton-dashboard              NodePort    10.99.6.172      <none>        9097:31840/TCP                       14m
tekton-pipelines-controller   ClusterIP   10.102.192.120   <none>        9090/TCP,8008/TCP,8080/TCP           31m
tekton-pipelines-webhook      ClusterIP   10.101.59.226    <none>        9090/TCP,8008/TCP,443/TCP,8080/TCP   31m
  • 访问:http://172.20.0.241:31840/,默认没有账户密码,可以基于 Istio 的 SSO 认证实现

安装客户端

https://github.com/tektoncd/cli/releases

curl -LO https://github.com/tektoncd/cli/releases/download/v0.26.0/tektoncd-cli-0.26.0_Linux-64bit.deb
dpkg -i tektoncd-cli-0.26.0_Linux-64bit.deb
最新评论
加载中...
Home Archives Categories Tags Statistics