欢迎关注我的公众号:
目前刚开始写一个月,一共写了18篇原创文章,文章目录如下:
istio多集群探秘,部署了50次多集群后我得出的结论
istio防故障利器,你知道几个,istio新手不要读,太难!
不懂envoyfilter也敢说精通istio系列-http-rbac-不要只会用AuthorizationPolicy配置权限
不懂envoyfilter也敢说精通istio系列-02-http-corsFilter-不要只会vs
不懂envoyfilter也敢说精通istio系列-03-http-csrf filter-再也不用再代码里写csrf逻辑了
不懂envoyfilter也敢说精通istio系列http-jwt_authn-不要只会RequestAuthorization
不懂envoyfilter也敢说精通istio系列-05-fault-filter-故障注入不止是vs
不懂envoyfilter也敢说精通istio系列-06-http-match-配置路由不只是vs
不懂envoyfilter也敢说精通istio系列-07-负载均衡配置不止是dr
不懂envoyfilter也敢说精通istio系列-08-连接池和断路器
不懂envoyfilter也敢说精通istio系列-09-http-route filter
不懂envoyfilter也敢说精通istio系列-network filter-redis proxy
不懂envoyfilter也敢说精通istio系列-network filter-HttpConnectionManager
不懂envoyfilter也敢说精通istio系列-ratelimit-istio ratelimit完全手册
tekton新课发布:ci/cd之tekton实战--其他视频教程-系统/网络/运维-
什么是task
A Task is a collection of Steps that you define and arrange in a specific order of execution as part of your continuous integration flow. A Task executes as a Pod on your Kubernetes cluster. A Task is available within a specific namespace, while a ClusterTask is available across the entire cluster.
A Task declaration includes the following elements:
资源详解
steps
name
task/steps/task-name.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: hello
spec:
steps:
- name: hello
image: ubuntu
command:
- echo
args:
- "Hello World!"
tkn task start -f task-name.yaml -n tekton
image
task/steps/task-name.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: hello
spec:
steps:
- name: hello
image: ubuntu
command:
- echo
args:
- "Hello World!"
tkn task start -f task-name.yaml -n tekton
script
task/steps/task-script-shell.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: script
spec:
steps:
- image: ubuntu
script: |
#!/usr/bin/env bash
echo "Hello from Bash!"
task/steps/task-script-python.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: script
spec:
steps:
- image: python # contains python
script: |
#!/usr/bin/env python3
print("Hello from Python!")
task/steps/task-script-node.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: script
spec:
steps:
- image: node # contains node
script: |
#!/usr/bin/env node
console.log("Hello from Node!")
resources
task/steps/task-resources.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: resources
spec:
steps:
- name: step-with-limts
image: ubuntu
command:
- echo
args:
- "Hello World!"
resources:
requests:
memory: 100Mi
cpu: 10m
limits:
memory: 100Mi
cpu: 10m
timeout
task/steps/task-timeout.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: timeout
spec:
steps:
- name: sleep-then-timeout
image: ubuntu
script: |
#!/usr/bin/env bash
echo "I am supposed to sleep for 60 seconds!"
sleep 60
timeout: 5s
args
task/steps/task-name.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: hello
spec:
steps:
- name: hello
image: ubuntu
command:
- echo
args:
- "Hello World!"
command
task/steps/task-name.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: hello
spec:
steps:
- name: hello
image: ubuntu
command:
- echo
args:
- "Hello World!"
env
plain
task/steps/task-env.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: env
spec:
steps:
- image: ubuntu
command: [echo]
args: ["FOO is $(FOO)"]
env:
- name: "FOO"
value: "baz"
secret-env
secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
username: YWRtaW4=
task/steps/task-env-secret.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: env
spec:
steps:
- image: ubuntu
command: [echo]
args: ["FOO is $(FOO)"]
env:
- name: "FOO"
valueFrom:
secretKeyRef:
name: mysecret
key: username
volumeMounts
task/steps/task-volumeMounts.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: volumemounts
spec:
steps:
- image: docker:20.10.5
name: client
script: |
#!/usr/bin/env sh
cat > Dockerfile << EOF
FROM ubuntu
RUN apt-get update
ENTRYPOINT ["echo", "hello"]
EOF
docker build -t hello . && docker run hello
docker images
volumeMounts:
- mountPath: /var/run/docker.sock
name: docker-socket
volumes:
- name: docker-socket
hostPath:
path: /var/run/docker.sock
type: Socket
workingDir
task/steps/task-workingDir.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: workingdir
spec:
steps:
- image: ubuntu
command: [pwd]
workingDir: /workspace/src/
securityContext
task/steps/task-securityContext.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: securitycontext
spec:
steps:
- image: ubuntu
command: [id]
securityContext:
runAsUser: 2000
imagePullPolicy
task/steps/task-imagePullPolicy .yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: imagepullpolicy
spec:
steps:
- image: ubuntu
command: [echo]
args:
- hello
imagePullPolicy: IfNotPresent
workspaces
description
task/task-description.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: description
spec:
description: this is a test task
steps:
- image: ubuntu
command: [echo]
args:
- hello
imagePullPolicy: IfNotPresent
params
array
task/task-params-array.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: params-array
spec:
params:
- name: array-param
type: array
default:
- a
- b
- c
steps:
- image: ubuntu
command: [echo]
args:
- "$(params.array-param[*])"
imagePullPolicy: IfNotPresent
string
task/task-params-string.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: params-string
spec:
params:
- name: directory
type: string
description: The directory containing the build context.
default: /workspace
steps:
- image: ubuntu
command: [pwd]
workingDir: "$(params.directory)"
imagePullPolicy: IfNotPresent
tkn task start -f task-params-string.yaml --param=directory=/test -n tekton
resources
task/resources/sa.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: test-task-robot-git-ssh
secrets:
- name: registry-secret
kubectl create secret docker-registry registry-secret \
--docker-server=registry.cn-beijing.aliyuncs.com \
[email protected] \
--docker-password=123456 -n tekton
task/resources/res-dockerfile-examples.yaml
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: dockerfile-examples
spec:
type: git
params:
- name: url
value: https://github.com/13567436138/tekton.git
- name: revision
value: main
task/resources/res-my-app-image.yaml
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: my-app-image
spec:
type: image
params:
- name: url
value: registry.cn-beijing.aliyuncs.com/hxpdocker/tekton-test
task/resources/task-example-task.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: example-task
spec:
params:
- name: pathToDockerFile
type: string
description: The path to the dockerfile to build
default: /workspace/workspace/
resources:
inputs:
- name: workspace
type: git
outputs:
- name: builtImage
type: image
steps:
- image: docker:20.10.5
command: ["docker"]
imagePullPolicy: IfNotPresent
args:
- build
- --tag
- $(resources.outputs.builtImage.url)
- $(params.pathToDockerFile)
volumeMounts:
- name: docker-socket
mountPath: /var/run/docker.sock
- name: dockerfile-pushexample
image: docker:20.10.5
imagePullPolicy: IfNotPresent
command: ["docker"]
args: ["push","$(resources.outputs.builtImage.url)"]
volumeMounts:
- name: docker-socket
mountPath: /var/run/docker.sock
task/resources/taskrun-mytaskrun.yaml
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
generateName: mytaskrun-
spec:
serviceAccountName: test-task-robot-git-ssh
taskRef:
name: example-task
resources:
inputs:
- name: workspace
resourceRef:
name: dockerfile-examples
outputs:
- name: builtImage
resourceRef:
name: my-app-image
podTemplate:
volumes:
- name: docker-socket
hostPath:
path: /var/run/docker.sock
type: Socket
workspaces
task/task-workspaces.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: workspaces
spec:
steps:
- name: write-message
image: ubuntu
script: |
#!/usr/bin/env bash
set -xe
if [ "$(workspaces.messages.bound)" == "true" ] ; then
echo hello! > $(workspaces.messages.path)/message
cat $(workspaces.messages.path)/message
fi
workspaces:
- name: messages
description: |
The folder where we write the message to. If no workspace
is provided then the message will not be written.
optional: true
mountPath: /test
task/taskrun-workspaces.yaml
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
generateName: workspaces-
spec:
taskRef:
name: workspaces
workspaces:
- name: messages
emptyDir: {}
results
task/task-results.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: print-date
annotations:
description: |
A simple task that prints the date
spec:
results:
- name: current-date-unix-timestamp
description: The current date in unix timestamp format
- name: current-date-human-readable
description: The current date in human readable format
steps:
- name: print-date-unix-timestamp
image: bash:latest
script: |
#!/usr/bin/env bash
date +%s | tee $(results.current-date-unix-timestamp.path)
- name: print-date-human-readable
image: bash:latest
script: |
#!/usr/bin/env bash
date | tee $(results.current-date-human-readable.path)
- name: message
image: ubuntu
script: |
#!/usr/bin/env bash
set -xe
ls /tekton/results
volumes
task/task-volumes.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: volumes
spec:
steps:
- image: docker:20.10.5
name: client
script: |
#!/usr/bin/env sh
cat > Dockerfile << EOF
FROM ubuntu
ENTRYPOINT ["echo", "hello"]
EOF
chmod 777 Dockerfile
docker build -t hello .
securityContext:
privileged: true
volumeMounts:
- mountPath: /var/run/docker.sock
name: docker-socket
volumes:
- name: docker-socket
hostPath:
path: /var/run/docker.sock
type: Socket
stepTemplate
task/task-stepTemplate.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: steptemplate
spec:
stepTemplate:
env:
- name: "FOO"
value: "bar"
steps:
- image: ubuntu
command: [echo]
args: ["FOO is $(FOO)"]
- image: ubuntu
command: [echo]
args: ["FOO is $(FOO)"]
env:
- name: "FOO"
value: "baz"
sidecars
task/task-sidecars.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: sidecars
spec:
steps:
- image: docker
name: client
workingDir: /context
script: |
#!/usr/bin/env sh
cat > Dockerfile << EOF
FROM ubuntu
ENTRYPOINT ["echo", "hello"]
EOF
docker build -t hello . && docker run hello
securityContext:
privileged: true
volumeMounts:
- mountPath: /var/run/
name: dind-socket
- mountPath: /context
name: context
sidecars:
- image: docker:18.05-dind
name: server
securityContext:
privileged: true
volumeMounts:
- mountPath: /var/lib/docker
name: dind-storage
- mountPath: /var/run/
name: dind-socket
- mountPath: /context
name: context
volumes:
- name: dind-storage
emptyDir: {}
- name: dind-socket
- name: context
emptyDir: {}
ClusterTask
task/clustertask/task-deploy.yaml
apiVersion: tekton.dev/v1beta1
kind: ClusterTask
metadata:
name: kubectl-deploy
namespace: default
spec:
resources:
inputs:
- name: workspace
type: git
steps:
- name: kubectl-deploy
image: registry.cn-shanghai.aliyuncs.com/hxpdocker/kubectl:latest
script: |
#!/bin/sh
kubectl apply -f /workspace/workspace/deployment.yaml
task/clustertask/pipeline-my.yaml
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: mypipeline
spec:
tasks:
- name: deploy-app
taskRef:
name: kubectl-deploy
kind: ClusterTask
resources:
inputs:
- name: workspace
resource: workspace
resources:
- name: workspace
type: git
task/clustertask/pipelinerun-my.yaml
apiVersion: tekton.dev/v1beta1标签:task,name,image,tekton,yamlapiVersion,steps,资源 From: https://blog.51cto.com/u_11979904/5948169
kind: PipelineRun
metadata:
generateName: mypipeline-run
spec:
serviceAccountName: test-task-robot-git-ssh
pipelineRef:
name: mypipeline
resources:
- name: workspace
resourceRef:
name: workspace