[OK!] Chapter 13. Building a Deployment Pipeline
Делаю:
2025.12.13
// Использую
$ LATEST_KUBERNETES_VERSION=v1.32.2
Let’s think about what operations are needed every time you perform a commit on your source code:
- Clone the repository.
- Install the required libraries.
- Test the code.
- Lint the code.
- Build and push the image.
- Deploy the application.
Using the task catalog
https://hub.tekton.dev/
$ {
tkn hub install task git-clone
tkn hub install task npm
tkn hub install task kubernetes-actions
}
$ kubectl get task npm -o yaml > npm-task.yaml
$ vi npm-task.yaml
default: docker.io/library/node:18-alpine
$ kubectl apply -f npm-task.yaml
Adding an additional task
Можно попробовать использовать task “docker build task”. Но требуется обращение к Docker демону по сокету (или как-то так) и не работает во всех окружениях.
Предлагают использовать Buildah
https://buildah.io/
$ cat << 'EOF' | kubectl apply -f -
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: build-push
spec:
params:
- name: image
- name: username
- name: password
workspaces:
- name: source
steps:
- name: build-image
image: quay.io/buildah/stable:v1.23.3
securityContext:
privileged: true
script: |
cd $(workspaces.source.path)
buildah bud --layers -t $(params.image) .
buildah login -u $(params.username) -p $(params.password) docker.io
buildah push $(params.image)
EOF
Creating the pipeline
$ cat << 'EOF' | kubectl apply -f -
apiVersion: tekton.dev/v1
kind: Pipeline
metadata:
name: tekton-deploy
spec:
params:
- name: repo-url
- name: deployment-name
- name: image
- name: docker-username
- name: docker-password
workspaces:
- name: source
tasks:
- name: clone
taskRef:
name: git-clone
params:
- name: url
value: $(params.repo-url)
workspaces:
- name: output
workspace: source
- name: install
taskRef:
name: npm
params:
- name: ARGS
value:
- install
workspaces:
- name: source
workspace: source
runAfter:
- clone
- name: lint
taskRef:
name: npm
params:
- name: ARGS
value:
- run
- lint
workspaces:
- name: source
workspace: source
runAfter:
- install
- name: test
taskRef:
name: npm
params:
- name: ARGS
value:
- run
- test
workspaces:
- name: source
workspace: source
runAfter:
- install
- name: build-push
taskRef:
name: build-push
params:
- name: image
value: $(params.image)
- name: username
value: $(params.docker-username)
- name: password
value: $(params.docker-password)
workspaces:
- name: source
workspace: source
runAfter:
- test
- lint
- name: deploy
taskRef:
name: kubernetes-actions
params:
- name: args
value:
- rollout
- restart
- deployment/$(params.deployment-name)
runAfter:
- build-push
EOF
Creating the trigger
$ export TEKTON_SECRET_TOKEN=$(head -c 24 /dev/random | base64)
$ echo ${TEKTON_SECRET_TOKEN}
$ kubectl create secret generic git-secret --from-literal=secretToken=${TEKTON_SECRET_TOKEN}
**Нужно не забыть заменить
$ cat << 'EOF' | envsubst | kubectl apply -f -
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:
name: commit-tt
spec:
params:
- name: gitrepositoryurl
description: The git repository url
resourcetemplates:
- apiVersion: tekton.dev/v1
kind: PipelineRun
metadata:
generateName: tekton-deploy-
spec:
pipelineRef:
name: tekton-deploy
params:
- name: repo-url
value: $(tt.params.gitrepositoryurl)
- name: deployment-name
value: tekton-deployment
- name: image
value: ${DOCKER_USERNAME}/tekton-lab-app
- name: docker-username
value: ${DOCKER_USERNAME}
- name: docker-password
value: <DOCKER_PASSWORD>
workspaces:
- name: source
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
EOF
$ cat << 'EOF' | kubectl apply -f -
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerBinding
metadata:
name: event-binding
spec:
params:
- name: gitrepositoryurl
value: $(body.repository.clone_url)
EOF
$ cat << 'EOF' | kubectl apply -f -
apiVersion: triggers.tekton.dev/v1alpha1
kind: EventListener
metadata:
name: listener
spec:
serviceAccountName: tekton-triggers-example-sa
triggers:
- name: trigger
bindings:
- ref: event-binding
template:
ref: commit-tt
interceptors:
- github:
secretRef:
secretName: git-secret
secretKey: secretToken
eventTypes:
- push
EOF
$ kubectl port-forward svc/el-listener 8080
$ kubectl create clusterrolebinding \
serviceaccounts-cluster-admin \
--clusterrole=cluster-admin \
--group=system:serviceaccounts
Нужно развернуть приложение
// Поправить
$ cat << 'EOF' | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
name: tekton-deployment
spec:
selector:
matchLabels:
app: trigger-demo
template:
metadata:
labels:
app: trigger-demo
spec:
containers:
- name: tekton-pod
image: <YOUR_USERNAME>/tekton-lab-app
ports:
- containerPort: 3000
---
apiVersion: v1
kind: Service
metadata:
name: tekton-svc
spec:
selector:
app: trigger-demo
ports:
- port: 3000
protocol: TCP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tekton-ingress
spec:
rules:
- http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: tekton-svc
port:
number: 3000
EOF
Устанавливаю ngrok
$ ngrok http 8080
Forwarding https://b26d9bc503c7.ngrok-free.app -> http://localhost:8080
Fork -> https://github.com/PacktPublishing/tekton-book-app
Github -> MyProject -> Settings -> Webhooks -> Add webhook
• Payload URL: This is your ngrok URL. (https://b26d9bc503c7.ngrok-free.app) • Content type: application/json. • Secret: Use the secret token you created earlier. You can view your token with the echo ${TEKTON_SECRET_TOKEN} command.
Which events would you like to trigger this webhook?
- Just the push event
Add Webhook
Вносим изменения в исходный код.
https://github.com/
change: "here"
Меняем на
change: "the end"
Commit changes
$ tkn pipelineruns ls tekton-deploy
NAME STARTED DURATION STATUS
tekton-deploy-69n84 4 minutes ago 4m37s Succeeded
$ tkn pipelinerun logs tekton-deploy-l8kqh
****
[deploy : kubectl] deployment.apps/tekton-deployment restarted
// Убеждаемся, что значение профиля установлено
$ echo ${PROFILE}
$ curl $(minikube --profile ${PROFILE} ip)
response:
{"message":"Hello","change":"the end"}