searchusermenu
  • 发布文章
  • 消息中心
点赞
收藏
评论
分享
原创

基于tekton和kaniko完成镜像构建推送

2024-02-22 08:16:39
32
0

背景

在k8s环境,不依赖docker,基于tekton和kaniko完成镜像构建推送

前置条件

1:安装k8s 1.25以上版本

2:安装tekton,可以参考我的文章《minukube下离线安装tekton》

3:制作kaniko工具镜像,可以参考我的文章《基于kaniko镜像自定义镜像》

4:具有一个可用的harbor

制作tekton task和taskrun

要求是先用wget下载代码制品,然后基于写好的docker进行构建镜像,和推送到指定harbor

1:制作harbor凭证

假设harbor 域名为myharbor.com 账号user 密码passwd

echo -n 'user:passwd' | base64
dXNlcjpwYWFzd2Q=

生成配置文件config.json

{
  "auths": {
    "myharbor.com": {
        "auth": "dXNlcjpwYWFzd2Q="
    }
  }   
}

把配置文件转base64

cat config.json |base64 -w0

创建秘钥凭证 kaniko-secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: kaniko-secret
data:
  config.json: {config.json的base64编码文本}

执行 kubectl apply -f kaniko-secret.yaml生效,放在default的namespace

 

2:制作tekton task任务

这里需要根据tekton官网文档进行,可以直接参考我的task yaml

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: download-build-push-one
spec:
  params:
    - name: code-url
      description: URL to download code.zip
      type: string
    - name: dockerfile
      description: Dockerfilen content
      type: string
    - name: image-name-version
      description: Image name and version (e.g., imageName:version)
      type: string
    - name: registry-url
      description: The registry url(default is myharbor.com)
      default: myharbor.com
    - name: registry-http
      description: use http push to registry
      default: true
    
  workspaces:
    - name: tmpspace
    - name: dockerconfig
      description: Includes a docker `config.json`
      optional: true
      mountPath: /kaniko/.docker
  results:
    - name: IMAGE_DIGEST
      description: Digest of the image just built.
    - name: IMAGE_URL
      description: URL of the image just built.
  steps:
    - name: dowload-build-push
      image: myharbor.com/kaniko-tool:v1.0
      command:
        - sh
        - -c
      args:
        - wget '$(inputs.params.code-url)' -O $(workspaces.tmpspace.path)/code.zip && echo '$(inputs.params.dockerfile)' | base64 -d > $(workspaces.tmpspace.path)/Dockerfile && /kaniko/executor --context=$(workspaces.tmpspace.path) --dockerfile=$(workspaces.tmpspace.path)/Dockerfile --destination=$(params.registry-url)/$(params.image-name-version) --digest-file=$(results.IMAGE_DIGEST.path) --insecure=$(params.registry-http) --insecure-pull=$(params.registry-http) --skip-tls-verify=$(params.registry-http)

保存为 download-build-push-one.yaml

kubectl apply -f download-build-push-one.yaml生效,放在default的namespace

这里是先用wget下载代码,然后把dockerfile 用base64编码的入参,解码保存为dockerfile文件,然后用kaniko执行,并推送到harbor,凭证用secret方式加载

 

以下为对应的task run.yaml

apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
  name: download-build-push-one-run
spec:
  taskRef:
    name: download-build-push-one
  workspaces:
  - name: tmpspace
    emptyDir: {}
  - name: dockerconfig
    secret:
      secretName: kaniko-secret
  params:
    - name: code-url
      value: "文件下载地址"
    - name: dockerfile
      value: "dockerfile base 64编码文本"
    - name: image-name-version
      value: faas/funTest:1
    - name: registry-url
      value: myhabor.com
    - name: registry-http
      value: true

保存为 download-build-push-run.yaml

kubectl apply -f download-build-push-run.yaml 即可运行,可以看日志看是否生效

可以用 kubectl get taskrun 命令查看全部taskrun任务状态

可以用 kubectl describe taskrun {任务名} 命令查看具体taskrun任务详情

 

可以用 kubectl logs  {任务名}-pod 命令查看具体taskrun任务日志

0条评论
0 / 1000
张****钏
15文章数
1粉丝数
张****钏
15 文章 | 1 粉丝
原创

基于tekton和kaniko完成镜像构建推送

2024-02-22 08:16:39
32
0

背景

在k8s环境,不依赖docker,基于tekton和kaniko完成镜像构建推送

前置条件

1:安装k8s 1.25以上版本

2:安装tekton,可以参考我的文章《minukube下离线安装tekton》

3:制作kaniko工具镜像,可以参考我的文章《基于kaniko镜像自定义镜像》

4:具有一个可用的harbor

制作tekton task和taskrun

要求是先用wget下载代码制品,然后基于写好的docker进行构建镜像,和推送到指定harbor

1:制作harbor凭证

假设harbor 域名为myharbor.com 账号user 密码passwd

echo -n 'user:passwd' | base64
dXNlcjpwYWFzd2Q=

生成配置文件config.json

{
  "auths": {
    "myharbor.com": {
        "auth": "dXNlcjpwYWFzd2Q="
    }
  }   
}

把配置文件转base64

cat config.json |base64 -w0

创建秘钥凭证 kaniko-secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: kaniko-secret
data:
  config.json: {config.json的base64编码文本}

执行 kubectl apply -f kaniko-secret.yaml生效,放在default的namespace

 

2:制作tekton task任务

这里需要根据tekton官网文档进行,可以直接参考我的task yaml

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: download-build-push-one
spec:
  params:
    - name: code-url
      description: URL to download code.zip
      type: string
    - name: dockerfile
      description: Dockerfilen content
      type: string
    - name: image-name-version
      description: Image name and version (e.g., imageName:version)
      type: string
    - name: registry-url
      description: The registry url(default is myharbor.com)
      default: myharbor.com
    - name: registry-http
      description: use http push to registry
      default: true
    
  workspaces:
    - name: tmpspace
    - name: dockerconfig
      description: Includes a docker `config.json`
      optional: true
      mountPath: /kaniko/.docker
  results:
    - name: IMAGE_DIGEST
      description: Digest of the image just built.
    - name: IMAGE_URL
      description: URL of the image just built.
  steps:
    - name: dowload-build-push
      image: myharbor.com/kaniko-tool:v1.0
      command:
        - sh
        - -c
      args:
        - wget '$(inputs.params.code-url)' -O $(workspaces.tmpspace.path)/code.zip && echo '$(inputs.params.dockerfile)' | base64 -d > $(workspaces.tmpspace.path)/Dockerfile && /kaniko/executor --context=$(workspaces.tmpspace.path) --dockerfile=$(workspaces.tmpspace.path)/Dockerfile --destination=$(params.registry-url)/$(params.image-name-version) --digest-file=$(results.IMAGE_DIGEST.path) --insecure=$(params.registry-http) --insecure-pull=$(params.registry-http) --skip-tls-verify=$(params.registry-http)

保存为 download-build-push-one.yaml

kubectl apply -f download-build-push-one.yaml生效,放在default的namespace

这里是先用wget下载代码,然后把dockerfile 用base64编码的入参,解码保存为dockerfile文件,然后用kaniko执行,并推送到harbor,凭证用secret方式加载

 

以下为对应的task run.yaml

apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
  name: download-build-push-one-run
spec:
  taskRef:
    name: download-build-push-one
  workspaces:
  - name: tmpspace
    emptyDir: {}
  - name: dockerconfig
    secret:
      secretName: kaniko-secret
  params:
    - name: code-url
      value: "文件下载地址"
    - name: dockerfile
      value: "dockerfile base 64编码文本"
    - name: image-name-version
      value: faas/funTest:1
    - name: registry-url
      value: myhabor.com
    - name: registry-http
      value: true

保存为 download-build-push-run.yaml

kubectl apply -f download-build-push-run.yaml 即可运行,可以看日志看是否生效

可以用 kubectl get taskrun 命令查看全部taskrun任务状态

可以用 kubectl describe taskrun {任务名} 命令查看具体taskrun任务详情

 

可以用 kubectl logs  {任务名}-pod 命令查看具体taskrun任务日志

文章来自个人专栏
函数计算
9 文章 | 1 订阅
0条评论
0 / 1000
请输入你的评论
0
0