本文基于Google的GKE搭建的kubernetes集群，因此不存在墙的问题。java

本地使用WSL2安装gcloud工具访问GKE。git

远程镜像仓库采用华为云的SWR服务。github

我的博客原文地址docker

使用buildpacks实现基于代码自动构建镜像并推送至远程仓库

本章使用tekton构建工做流，使用Buildpacks无需Dockerfile从源码构建镜像，并将镜像推送至华为云SWR镜像仓库。api

安装tekton

# 安装tekton
kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml

# 安装tekton CLI
# 能够去github下载安装 https://github.com/tektoncd/cli/releases

# 安装tekton dashboard
kubectl apply --filename https://github.com/tektoncd/dashboard/releases/latest/download/tekton-dashboard-release.yaml

# 对外暴露tekton dashboard
# 本地浏览器访问`loaclhost:9097`便可访问tekton dashboard
kubectl --namespace tekton-pipelines port-forward svc/tekton-dashboard 9097:9097
复制代码

Task

Task是一个任务执行模板，task定义中能够包含变量，能够由taskrun传入。Task的steps字段表示有哪些步骤，每个步骤就是基于镜像启动一个container执行一些操做，container的启动参数能够经过task的入参进行配置。浏览器

# 部署buildpacks task
# Buildpacks task使用Cloud Native Buildpacks可以将源码构建成镜像并推送到仓库。
kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/task/buildpacks/0.1/buildpacks.yaml

# 部署git-clone task
# git-clone task用来ckone repository
kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/task/git-clone/0.2/git-clone.yaml
复制代码

建立文件buildpacks_vpc.yaml定义buildpacks须要的pvc，一个用来放源码，一个做为构建镜像时的缓存缓存

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: buildpacks-source-pvc
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 500Mi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: buildpacks-cache-pvc
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 500Mi
复制代码

Authorization

若是使用本地镜像仓库，则不须要受权bash

建立文件swr_auth.yaml，定义须要的secret和samarkdown

apiVersion: v1
kind: Secret
metadata:
    name: basic-user-pass
    annotations:
        tekton.dev/docker-0: swr.cn-north-1.myhuaweicloud.com
type: kubernetes.io/basic-auth
stringData:
    username: <USERNAME> 
    password: <PASSWORD>
---
apiVersion: v1
kind: ServiceAccount
metadata:
    name: buildpacks-service-account
secrets:
    - name: basic-user-pass
复制代码

Pipeline

Pipeline能够编排多个task，pipeline的params声明了执行时的入参，spec.tasks定义了须要编排的task，经过runAfter能够定义task执行的顺序。在编排task的时候在spec.tasks.params中能够指定传入task的参数。建立文件buildpacks_pipeline.yaml，PipelineResource是用来在task之间共享资源的，这里把image的url放在PipelineResource里，这样全部的task就能够共享这些信息了。app

apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
  name: buildpacks-app-image 
spec:
  type: image
  params:
    - name: url
      value: swr.cn-north-1.myhuaweicloud.com/zhf/demo-go #This defines the name of output image
---
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: buildpacks-test-pipeline
spec:
  workspaces:
  - name: shared-workspace
  resources:
  - name: build-image
    type: image
  tasks:
  - name: fetch-repository # This task fetches a repository from github, using the `git-clone` task we installed
    taskRef:
      name: git-clone
    workspaces:
    - name: output
      workspace: shared-workspace
    params:
    - name: url
      value: https://github.com/Myrat92/sample-go
    - name: subdirectory
      value: ""
    - name: deleteExisting
      value: "true"
  - name: buildpacks # This task uses the `buildpacks` task to build the application
    taskRef:
      name: buildpacks
    runAfter:
    - fetch-repository
    workspaces:
    - name: source
      workspace: shared-workspace
    params:
    - name: SOURCE_SUBPATH
      value: 'apps/java-maven' # This is the path within our samples repo we want to build
    - name: BUILDER_IMAGE
      value: 'paketobuildpacks/builder:base' # This is the builder we want the task to use
    - name: CACHE
      value: buildpacks-cache
    resources:
      outputs:
      - name: image
        resource: build-image
复制代码

使用kubectl应用这些配置

kubectl apply -f buildpacks_vpc.yaml swr_auth.yaml buildpacks_pipeline.yaml
复制代码

PipelineRun

Task和Pipeline都是一些模板，真正执行须要PipelineRun。PipelineRun能够给Pipeline传参，并执行Pipeline。建立文件buildpacks_pipelinerun.yaml，spec.pipelineRef.name指定了要执行的Pipeline：buildpacks-test-pipeline。

apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
  name: buildpacks-test-pipeline-run
spec:
  serviceAccountName: buildpacks-service-account # Only needed if you set up authorization
  pipelineRef:
    name: buildpacks-test-pipeline
  workspaces:
  - name: shared-workspace
    persistentvolumeclaim:
      claimName: buildpacks-source-pvc
  resources:
  - name: build-image
    resourceRef:
      name: buildpacks-app-image
  podTemplate:
    volumes:
    - name: buildpacks-cache
      persistentVolumeClaim:
        claimName: buildpacks-cache-pvc
复制代码

使用kubectl应用配置

kubectl apply -f run.yml
复制代码

查看运行日志

使用kubectl命令能够查看PipelineRun的日志

kubectl describe pipelinerun buildpacks-test-pipeline-run
复制代码

也能够本地浏览器访问http://localhost:9097/#/namespaces/default/pipelineruns 在tekton dashboard上查看日志

参考连接

buildpacks.io/docs/tools/…