1. Tekton概述与环境规划
Tekton是一个开源的Kubernetes原生持续集成/持续部署(CI/CD)工具,提供了基于Kubernetes的流水线和任务执行能力。Tekton基于自定义资源定义(CRD),支持多种执行环境和构建策略。更多学习教程www.fgedu.net.cn
1.1 Tekton版本说明
Tekton目前主要版本为0.50.x系列,本教程以Tekton 0.50.0为例进行详细讲解。Tekton 0.50.x版本相比之前版本在性能、稳定性和功能方面都有显著提升,支持更多的CI/CD特性。
$ tkn version
Client version: 0.31.0
Pipeline version: v0.50.0
Triggers version: v0.24.0
Dashboard version: v0.30.0
# 查看Kubernetes版本
$ kubectl version
Client Version: v1.27.0
Server Version: v1.27.0
# 查看系统版本
$ cat /etc/os-release
NAME=”Oracle Linux Server”
VERSION=”8.9″
ID=”ol”
PRETTY_NAME=”Oracle Linux Server 8.9″
# 查看内核版本
$ uname -r
5.4.17-2136.302.7.2.el8uek.x86_64
1.2 环境规划
本次安装环境规划如下:
master01.fgedu.net.cn (192.168.1.51) – 控制平面节点
master02.fgedu.net.cn (192.168.1.52) – 控制平面节点
master03.fgedu.net.cn (192.168.1.53) – 控制平面节点
worker01.fgedu.net.cn (192.168.1.61) – 工作节点
worker02.fgedu.net.cn (192.168.1.62) – 工作节点
Tekton版本:0.50.0
Kubernetes版本:1.27.0
安装方式:使用kubectl
命名空间:tekton-pipelines
2. 硬件环境要求
Tekton作为Kubernetes原生CI/CD工具,对硬件资源要求根据构建任务的复杂度和并发度而定。学习交流加群风哥微信: itpux-com
2.1 物理主机环境要求
– CPU:至少4核
– 内存:至少16GB
– 磁盘:系统盘120GB SSD + 数据盘200GB SSD
# 工作节点要求
– CPU:至少8核
– 内存:至少32GB
– 磁盘:系统盘120GB SSD + 数据盘500GB SSD
# 检查控制平面节点资源
# free -h
total used free shared buff/cache available
Mem: 16G 4.2G 10G 256M 1.8G 11G
Swap: 8G 0B 8G
# 检查工作节点资源
# free -h
total used free shared buff/cache available
Mem: 32G 8.4G 22G 512M 3.6G 23G
# 检查磁盘空间
# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 120G 20G 100G 17% /
/dev/sdb1 200G 50G 150G 25% /var/lib/containers
2.2 vSphere虚拟主机环境要求
– 控制平面节点:
– vCPU:4核
– 内存:16GB
– 磁盘:系统盘120GB SSD + 数据盘200GB SSD
– 网络:VMXNET3网卡,10Gbps网络
– 工作节点:
– vCPU:8核
– 内存:32GB
– 磁盘:系统盘120GB SSD + 数据盘500GB SSD
– 网络:VMXNET3网卡,10Gbps网络
资源池配置:
– CPU预留:控制平面2GHz,工作节点4GHz
– 内存预留:控制平面8GB,工作节点16GB
– 内存限制:控制平面16GB,工作节点32GB
– CPU份额:正常
– 内存份额:正常
2.3 云平台主机环境要求
– 控制平面节点:
– 实例规格:ecs.g6.2xlarge或同等规格
– vCPU:8核
– 内存:32GB
– 系统盘:SSD云盘 120GB
– 数据盘:SSD云盘 200GB
– 网络带宽:10Gbps以上
– 工作节点:
– 实例规格:ecs.g6.4xlarge或同等规格
– vCPU:16核
– 内存:64GB
– 系统盘:SSD云盘 120GB
– 数据盘:SSD云盘 500GB
– 网络带宽:10Gbps以上
存储配置:
– OSS对象存储:用于存储构建产物
– NAS文件存储:用于共享构建资源
– 云盘快照:定期备份集群数据
3. 操作系统环境准备
在安装Tekton之前,需要对操作系统进行必要的配置和优化。
3.1 操作系统版本检查
# cat /etc/os-release
NAME=”Oracle Linux Server”
VERSION=”8.9″
ID=”ol”
PRETTY_NAME=”Oracle Linux Server 8.9″
# 检查内核版本
# uname -r
5.4.17-2136.302.7.2.el8uek.x86_64
# 检查SELinux状态
# getenforce
Enforcing
# 检查防火墙状态
# systemctl status firewalld
● firewalld.service – firewalld – dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running)
3.2 依赖服务安装
# curl -LO “https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl”
# chmod +x kubectl
# mv kubectl /usr/local/bin/
# 安装Tekton CLI
# curl -LO https://github.com/tektoncd/cli/releases/download/v0.31.0/tkn_0.31.0_Linux_x86_64.tar.gz
# tar -xzf tkn_0.31.0_Linux_x86_64.tar.gz
# mv tkn /usr/local/bin/
# 验证依赖安装
# kubectl version
Client Version: v1.27.0
# tkn version
Client version: 0.31.0
3.3 Kubernetes集群准备
# kubectl cluster-info
Kubernetes control plane is running at https://master01.fgedu.net.cn:6443
CoreDNS is running at https://master01.fgedu.net.cn:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
# 检查节点状态
# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master01.fgedu.net.cn Ready control-plane,master 1h v1.27.0
master02.fgedu.net.cn Ready control-plane,master 1h v1.27.0
master03.fgedu.net.cn Ready control-plane,master 1h v1.27.0
worker01.fgedu.net.cn Ready worker 1h v1.27.0
worker02.fgedu.net.cn Ready worker 1h v1.27.0
# 检查集群服务
# kubectl get pods -n kube-system
4. Tekton安装配置
完成环境准备后,开始安装Tekton。
4.1 安装Tekton Pipelines
# kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
# 验证安装
# kubectl get pods -n tekton-pipelines
NAME READY STATUS RESTARTS AGE
tekton-pipelines-controller-1234567890-abcde 1/1 Running 0 5m
tekton-pipelines-webhook-1234567890-abcde 1/1 Running 0 5m
# 查看Tekton服务
# kubectl get services -n tekton-pipelines
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
tekton-pipelines-controller ClusterIP 10.96.0.100
tekton-pipelines-webhook ClusterIP 10.96.0.101
4.2 安装Tekton Triggers
# kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml
# 验证安装
# kubectl get pods -n tekton-pipelines
NAME READY STATUS RESTARTS AGE
tekton-pipelines-controller-1234567890-abcde 1/1 Running 0 10m
tekton-pipelines-webhook-1234567890-abcde 1/1 Running 0 10m
tekton-triggers-controller-1234567890-abcde 1/1 Running 0 5m
tekton-triggers-webhook-1234567890-abcde 1/1 Running 0 5m
4.3 安装Tekton Dashboard
# kubectl apply -f https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml
# 验证安装
# kubectl get pods -n tekton-pipelines
NAME READY STATUS RESTARTS AGE
tekton-pipelines-controller-1234567890-abcde 1/1 Running 0 15m
tekton-pipelines-webhook-1234567890-abcde 1/1 Running 0 15m
tekton-triggers-controller-1234567890-abcde 1/1 Running 0 10m
tekton-triggers-webhook-1234567890-abcde 1/1 Running 0 10m
tekton-dashboard-1234567890-abcde 1/1 Running 0 5m
# 暴露Dashboard服务
# kubectl patch service tekton-dashboard -n tekton-pipelines -p ‘{“spec”:{“type”:”LoadBalancer”}}’
# 获取Dashboard服务IP
# kubectl get services -n tekton-pipelines tekton-dashboard
5. Tekton配置优化
为了提高Tekton的性能和稳定性,需要进行一些配置优化。
5.1 资源配置优化
# vi tekton-controller-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: config-defaults
namespace: tekton-pipelines
data:
default-timeout-minutes: “60”
default-service-account: “tekton-pipelines”
default-managed-by-label-value: “tekton-pipelines”
default-pod-template:
spec:
containers:
– name: build
resources:
requests:
cpu: “1”
memory: “2Gi”
limits:
cpu: “2”
memory: “4Gi”
# 应用配置
# kubectl apply -f tekton-controller-config.yaml
# 验证配置
# kubectl get cm config-defaults -n tekton-pipelines -o yaml
5.2 高可用配置
# kubectl edit deployment tekton-pipelines-controller -n tekton-pipelines
# 修改副本数
replicas: 3
# 应用配置
# kubectl apply -f tekton-controller-deployment.yaml
# 验证配置
# kubectl get deployments -n tekton-pipelines
5.3 存储配置
# vi tekton-storage-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: config-artifact-bucket
namespace: tekton-pipelines
data:
location: “s3://tekton-artifacts”
bucket.service.account.field: “aws-credentials”
bucket.service.account.secret.name: “aws-credentials”
# 应用配置
# kubectl apply -f tekton-storage-config.yaml
# 验证配置
# kubectl get cm config-artifact-bucket -n tekton-pipelines -o yaml
6. Tekton流水线配置
Tekton通过Pipeline、Task、TaskRun等自定义资源定义流水线。
6.1 创建任务
# vi task.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: build-and-test
namespace: default
spec:
params:
– name: repo-url
type: string
steps:
– name: git-clone
image: alpine/git
script: |
git clone $(params.repo-url) /workspace/repo
cd /workspace/repo
– name: build
image: maven:3.8.8
script: |
cd /workspace/repo
mvn clean package -DskipTests
– name: test
image: maven:3.8.8
script: |
cd /workspace/repo
mvn test
# 应用配置
# kubectl apply -f task.yaml
# 查看Task
# tkn task list
6.2 创建流水线
# vi pipeline.yaml
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: demo-pipeline
namespace: default
spec:
params:
– name: repo-url
type: string
tasks:
– name: build-and-test
taskRef:
name: build-and-test
params:
– name: repo-url
value: $(params.repo-url)
# 应用配置
# kubectl apply -f pipeline.yaml
# 查看Pipeline
# tkn pipeline list
6.3 运行流水线
# tkn pipeline start demo-pipeline –param repo-url=https://github.com/fgedu/demo-project.git
# 查看PipelineRun
# tkn pipelinerun list
# 查看PipelineRun日志
# tkn pipelinerun logs
7. Tekton任务管理
Tekton通过Task和TaskRun管理构建任务。
7.1 任务管理
# tkn task list
# 查看Task详情
# tkn task describe
# 删除Task
# tkn task delete
# 运行Task
# tkn task start
# 查看TaskRun
# tkn taskrun list
7.2 任务配置示例
# vi docker-build-task.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: docker-build
namespace: default
spec:
params:
– name: image
type: string
steps:
– name: build
image: docker:20.10
script: |
docker build -t $(params.image) .
docker push $(params.image)
# 应用配置
# kubectl apply -f docker-build-task.yaml
# 运行Task
# tkn task start docker-build –param image=my-registry/demo:latest
8. Tekton安全配置
Tekton提供了多种安全功能,包括服务账户、RBAC权限控制、密钥管理等。
8.1 服务账户配置
# vi service-account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: tekton-build-sa
namespace: default
secrets:
– name: docker-registry
# 应用配置
# kubectl apply -f service-account.yaml
# 查看服务账户
# kubectl get serviceaccount tekton-build-sa -n default
8.2 RBAC配置
# vi tekton-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: tekton-build-role
namespace: default
rules:
– apiGroups: [“tekton.dev”]
resources: [“tasks”, “taskruns”, “pipelines”, “pipelineruns”]
verbs: [“create”, “get”, “list”, “watch”]
—
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: tekton-build-rolebinding
namespace: default
subjects:
– kind: ServiceAccount
name: tekton-build-sa
namespace: default
roleRef:
kind: Role
name: tekton-build-role
apiGroup: rbac.authorization.k8s.io
# 应用配置
# kubectl apply -f tekton-rbac.yaml
# 验证配置
# kubectl get role tekton-build-role -n default
8.3 密钥管理
# kubectl create secret docker-registry docker-registry –docker-server=docker.io –docker-username=user –docker-password=password –docker-email=user@example.com
# 查看密钥
# kubectl get secrets docker-registry
# 关联密钥到服务账户
# kubectl patch serviceaccount tekton-build-sa -n default -p ‘{“imagePullSecrets”: [{“name”: “docker-registry”}]}’
9. Tekton性能优化
在生产环境中,需要对Tekton进行性能优化以提高构建效率。from:www.itpux.com
9.1 资源配置优化
# vi tekton-performance-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: config-defaults
namespace: tekton-pipelines
data:
default-timeout-minutes: “60”
default-service-account: “tekton-pipelines”
default-managed-by-label-value: “tekton-pipelines”
default-pod-template:
spec:
containers:
– name: build
resources:
requests:
cpu: “2”
memory: “4Gi”
limits:
cpu: “4”
memory: “8Gi”
# 应用配置
# kubectl apply -f tekton-performance-config.yaml
# 验证配置
# kubectl get cm config-defaults -n tekton-pipelines -o yaml
9.2 缓存配置
# vi cache-volume.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: maven-cache
namespace: default
spec:
accessModes:
– ReadWriteOnce
resources:
requests:
storage: 50Gi
storageClassName: managed-nfs-storage
# 应用配置
# kubectl apply -f cache-volume.yaml
# 在Task中使用缓存
# vi maven-task.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: maven-build
namespace: default
spec:
workspaces:
– name: maven-cache
steps:
– name: build
image: maven:3.8.8
script: |
mvn clean package -DskipTests
volumeMounts:
– name: maven-cache
mountPath: /root/.m2
volumes:
– name: maven-cache
persistentVolumeClaim:
claimName: maven-cache
# 应用配置
# kubectl apply -f maven-task.yaml
9.3 并行构建
# vi parallel-pipeline.yaml
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: parallel-pipeline
namespace: default
spec:
tasks:
– name: build-java
taskRef:
name: maven-build
– name: build-node
taskRef:
name: npm-build
– name: deploy
taskRef:
name: deploy
runAfter:
– build-java
– build-node
# 应用配置
# kubectl apply -f parallel-pipeline.yaml
# 运行Pipeline
# tkn pipeline start parallel-pipeline
10. Tekton升级迁移
本节介绍Tekton的版本升级和数据迁移方法。
10.1 Tekton版本升级
# kubectl get all -n tekton-pipelines -o yaml > /backup/tekton-all.yaml
# 升级Tekton Pipelines
# kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
# 升级Tekton Triggers
# kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml
# 升级Tekton Dashboard
# kubectl apply -f https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml
# 验证升级
# tkn version
Client version: 0.31.0
Pipeline version: v0.50.1
Triggers version: v0.24.1
Dashboard version: v0.30.1
# 访问Tekton Dashboard
# 打开浏览器访问 http://
10.2 Tekton配置迁移
# kubectl get all -n tekton-pipelines -o yaml > /backup/tekton-all.yaml
# 在新集群上导入配置
# kubectl apply -f /backup/tekton-all.yaml
# 验证配置
# kubectl get pods -n tekton-pipelines
11. Tekton备份恢复
本节介绍Tekton的备份和恢复方法。
11.1 Tekton备份
# kubectl get all -n tekton-pipelines -o yaml > /backup/tekton-all.yaml
# kubectl get cm -n tekton-pipelines -o yaml > /backup/tekton-configmaps.yaml
# kubectl get secrets -n tekton-pipelines -o yaml > /backup/tekton-secrets.yaml
# 验证备份
# ls -la /backup/
11.2 Tekton恢复
# kubectl delete namespace tekton-pipelines
# 重新创建命名空间
# kubectl create namespace tekton-pipelines
# 恢复Tekton配置
# kubectl apply -f /backup/tekton-all.yaml
# kubectl apply -f /backup/tekton-configmaps.yaml
# kubectl apply -f /backup/tekton-secrets.yaml
# 验证恢复
# kubectl get pods -n tekton-pipelines
# 打开浏览器访问 http://
11.3 Tekton监控脚本
# vi /data/tekton/scripts/tekton_monitor.sh
#!/bin/bash
LOG_FILE=”/var/log/tekton_monitor.log”
ALERT_EMAIL=”admin@fgedu.net.cn”
check_tekton_status() {
echo “$(date): Checking tekton status…” >> $LOG_FILE
pods=$(kubectl get pods -n tekton-pipelines | grep -v STATUS | wc -l)
running_pods=$(kubectl get pods -n tekton-pipelines | grep Running | wc -l)
echo “$(date): Total pods: $pods, Running pods: $running_pods” >> $LOG_FILE
if [ “$pods” -ne “$running_pods” ]; then
echo “$(date): Not all tekton pods are running” >> $LOG_FILE
echo “Not all tekton pods are running: $running_pods/$pods” | mail -s “Tekton Alert” $ALERT_EMAIL
fi
}
check_tekton_web() {
echo “$(date): Checking tekton dashboard…” >> $LOG_FILE
status=$(curl -s -o /dev/null -w “%{http_code}” http://
if [ “$status” = “200” ]; then
echo “$(date): Tekton dashboard: OK” >> $LOG_FILE
else
echo “$(date): Tekton dashboard: FAILED” >> $LOG_FILE
echo “Tekton dashboard failed” | mail -s “Tekton Alert” $ALERT_EMAIL
fi
}
check_taskruns() {
echo “$(date): Checking taskruns…” >> $LOG_FILE
taskruns=$(tkn taskrun list | grep -v NAME | wc -l)
failed_taskruns=$(tkn taskrun list | grep Failed | wc -l)
echo “$(date): Total taskruns: $taskruns, Failed taskruns: $failed_taskruns” >> $LOG_FILE
if [ “$failed_taskruns” -gt 0 ]; then
echo “$(date): Some taskruns failed” >> $LOG_FILE
echo “Some taskruns failed: $failed_taskruns” | mail -s “Tekton Alert” $ALERT_EMAIL
fi
}
main() {
check_tekton_status
check_tekton_web
check_taskruns
}
main
# 添加执行权限
# chmod +x /data/tekton/scripts/tekton_monitor.sh
# 添加定时任务
# crontab -e
*/15 * * * * /data/tekton/scripts/tekton_monitor.sh
通过以上步骤,Tekton安装配置、性能优化、升级迁移、备份恢复等内容已全部完成。Tekton作为Kubernetes原生CI/CD工具,能够高效地自动化构建、测试和部署流程,是DevOps实践的重要组成部分。
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
