1 条件准备
- 正常运行的K8s集群(我这里演示的集群版本是1.28)
- 能正常动态创建sc的存储(我这里创建的存储是nfs存储)
- 拥有一个github账户,并且创建了一个repository用于测试
tekton官方文档: tekton参考文档
2 git 仓库配置
此篇文档仅演示github . ssh-auth 认证
[root@master-01 Tasks]# ssh-keygen -t rsa
[root@master-01 Tasks]# cat ~/.ssh/id_rsa.pub #拷贝输出的内容
ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx root@master-01
打开自己的github项目.点击右上角头像. settings -> SSH -> NEW SSH key
Paste your pub key here and save.
#下面随便创建一个目录git clone 一下测试
[root@master-01 gitdir]# mkdir git_20250910
[root@master-01 gitdir]# cd git_20250910/
[root@master-01 git_20250910]# git init .
初始化空的 Git 版本库于 /data/gitdir/git_20250910/.git/
[root@master-01 git_20250910]# git clone git@github.com:qq772819554/git_data.git
正克隆到 'git_data'...
remote: Enumerating objects: 27, done.
remote: Counting objects: 100% (27/27), done.
remote: Compressing objects: 100% (13/13), done.
remote: Total 27 (delta 9), reused 17 (delta 6), pack-reused 0 (from 0)
接收对象中: 100% (27/27), done.
处理 delta 中: 100% (9/9), done.
可以看到能正常拉取到git project.
3 git credentials创建
cat ~/.ssh/id_rsa | base64 -w0 #获取本地id_rsa base64编码
cat ~/.ssh/known_hosts | base64 -w0 #获取本地known_hosts base64编码
下面是git credential的模版
[root@master-01 20250909]# cat github-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: git-credentials
data:
id_rsa: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdURFOXliL1N3WDZsYVNySkZjNHhmNUp5Q2g3K0V5dEprcklXeDlaL000M2VUa3U5CkQwQ29BQW9OdGVHSHh5NXk0UUMwdzZ1SjRIU1hJLys3SmJPUnp0N3pYM1lScWJFcTNQOXFEL296NVFrOUU3ejEKYWpPRXE3UFFNWWl4a3NTdzJaVzZsNGVHZ21PdHBsK1hheERmMWJxQ3pXcUw5bVhFMEpoN1UxSnQvNDRjbFVUSAppZDJrQTgvVGx2bXorckxHeWg1YkczcGhtMlA0Wi8wKzFKQnZRbmlZdVZhVXdzbWemQKTG56ZzFjRWNScDlTbUc4dTRxQitpaG1pUTVqeWZycUJkKzRrUDZqcTdXcUkxSW1DZjVqQUNFSWxaSno3U1dtMgovMzNQa2VjR1M0S1VDdmJQUXlwK1Y3N2pLbHlYa3FJeUZ4VEZBcDFxckZONHhzcTBZR1hFN2ZncW9MZkJSRXJhClB5VTExeUZJWVhWaFBBcVl5Y1FrQ3VYS1pQaXNwWnhIK25PQlpTRU9xVm5lbnNYRmFYNmdITnBVRlg4dk9DMGgKWlV2ejFSYkJBb0dCQU84ZDVoS1U4YTNEY3pTWEdlTFpxR2dhNDVLd0pnMXE0dFZ6ajZDcTZMME8wS0Z2NW1DVQovVng4YjMxalFEOXVTVjdjeUNNQnE5YWpSSmM3YWdJeGs2NkErREdhbm8vN2ViNnFQMmU4eU54M1dSQUFtRFk2CnJLN3RxV0NYMitqZ09mTDgrVEduY3BxczdEMlVpUkRPQktZeDlLVGN0cFlJbW56bmZTcWtXQjZWQW9HQkFNVXkKa1g3em5PTjFnVjFCaU41R1pCRURWUlVhYkpHbHNSUlptLzFzRkFGYkJjSERYMk1jS1lNbFBkOSs3WnNtTktHTwpqUjlTZnk2ekRuc2VEYjR6eEE5QmdvTExXdE1OSGZ1ZUVhN0lXS2grc0hSV1FMZklsNGdKSGdtZnlUeEgyc2pqCks1OEhRSTJZdVBXNGljOWJzT2dIc3ZMUVlablMxN0VnS1V2VkQzQXhBb0dCQU1OS1F2N0lJTDZQRTRkUEpUZ3UKRmltNFZFY1lrR3VDOFhIdGFNK0s1bnlLSGdETG1IY25GK295UXdoQVNGZkY1aXlRMnZBa1RFa0huVng2alBEdgp0ckxkNkZieTlpK1g3bTIzTkFPd25zZll2YWVoSksrZHFpMVFNM2FOY0hDNHVQdG9lc2wvL2N5d0VGMlc4MzhECkU2Nzh1OWJ0NEQyWEZ6Mk4vcDhXREZZbEFvR0FKOHNaa3ozRDFoNjdPVDlsU0QxNktmaTdMYVFFYnF1NS9UcE0KQVNyVEtxYmNsWXBBY0hhWlplNlkrc1haV3VxdHlrQkMrQ1FrcUI3WCtENUxWYXVLaisyUFVhZUpyM2RCS3FwdQpOUkFXM0FHY3lBMHp5Q0tCZWFFbFg1blArUXNpK2xEbFY1VVdFTHpWN2pnTUR6MFlpT29zMFZUOXJSWGdFczFECnFCclpuN0VDZ1lBMXFjcWNhQng0MFBuZzI3Wm1LTlNYKzFDVjk5ai9BemFFdHE1dVRvWWE0dGZacHhNUlFDU1cKVGljei9WUXlnTnRxNFMzcnVEUU8xdWEyZHBjRDA0dEk1TDFWdnppUEN3T0MrNGo2RjV5SHZTT0xQdkNGVnpQUApPVGNkTzRFeUxLU3MveHZKem9FbWlGZkdIcmFzMkxsMmM4d1lDWnJEYjZUV29OL0p6U1Z5dEE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
known_hosts: Z2l0aHViLmNvbSwxNDADI1NiBBQUFBRTJWalpITmhMWE5vWVRJdGJtbHpkSEF5TlRZQUFBQUlibWx6ZEhBeU5UWUFBQUJCQkVtS1NFTmpRRWV6T214a1pNeTdvcEtnd0ZCOW5rdDVZUnJZTWpOdUc1Tjg3dVJnZzZDTHJibzV3QWRUL3k2djBtS1YwVTJ3MFdaMllCLysrVHBvY2tnPQo=
4 动态存储storageclass创建
需要事先创建动态存储. 我这里创建的是nfs存储 . 如何创建nfs存储请参考我下边的分享文档
[root@master-01 storageclass]# cat forTekton.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: nfs-client
provisioner: cluster.local/nfs-subdir-external-provisioner
parameters:
archiveOnDelete: "false"
Linux下NFS服务器的搭建与配置
密码:lumd
搭建完nfs之后还需要在集群中安装nfs驱动.适当的修改如下参数为你自己的nfs服务器和export 目录
NFS Provisioner是Kubernetes中用于动态提供NFS存储卷的外部控制器,它通过实现Kubernetes的Provisioner接口,能够按需创建和删除基于NFS的PersistentVolume(PV)。
以下是其核心特性和部署要点:
工作原理
NFS Provisioner分为两种工作模式:nfs-client和nfs-server。nfs-client模式通过Kubernetes内置NFS驱动挂载远程NFS服务器到本地目录,并在PVC申请时动态创建子目录作为PV;而nfs-server模式则直接在容器内运行NFS服务,通过ganesha.nfsd导出本地目录。两种模式均需依赖现有NFS服务器提供底层存储
helm install nfs-provisioner nfs-subdir-external-provisioner/nfs-subdir-external-provisioner --set nfs.server=192.168.95.137 --set nfs.path=/data/nfs --set image.repository=registry.k8s.io/sig-storage/nfs-subdir-external-provisioner --set logLevel=5
5 TaskRun配置文件编写
[root@master-01 Tasks]# cat task_04.yaml
apiVersion: tekton.dev/v1
kind: TaskRun
metadata:
generateName: gitpull-
spec:
taskSpec:
steps:
- image: alpine/git
name: gitclient
script: |
#!/usr/bin/env sh
mkdir ~/.ssh
cp $(workspaces.git-credentials.path)/* ~/.ssh/
chmod 700 ~/.ssh
chmod -R 400 ~/.ssh/*
cd $(workspaces.shared-data.path)
mkdir gitdata
git init gitdata
git config --global --add safe.directory $(workspaces.shared-data.path)/gitdata
cd $(workspaces.shared-data.path)/gitdata
git pull git@github.com:qq772819554/git_data.git
sleep 3000
workspaces:
- name: shared-data
- name: git-credentials
workspaces:
- name: shared-data
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: nfs-client
- name: git-credentials
secret:
secretName: git-credentials
#上边taskRun的逻辑我简单说下:
1 id_rsa. knowhosts.这两个文件的内容被写在了secret. 然后挂载到我们自定义的镜像里边. 我这里懒的配置环境了.就直接使用的自带Git工具的alpine/git镜像. 你可以使用任何镜像然后自己安装git工具也可以
2 拷贝ssh-auth文件到镜像的~/.ssh/目录并且修改权限
3 创建了一个pvc. 挂载到Task生成的pod. 然后切到pvc的目录里边也就是$(workspaces.shared-data.path) .然后做一些git init操作
4 在pvc持久化存储里边克隆Git
5 最后我sleep了一下.便于我exec进pod进行调试.不过也可以直接去nfs server. 也能找到创建的这个pvc目录
6 TaskRun运行测试
[root@master-01 Tasks]# kubectl create -f task_04.yaml
taskrun.tekton.dev/gitpull-k88cx created
可以看到pvc已经自动创建出来了
这个Task生成的pod已经Running. 其他他已经完成了git clone任务.但是我用sleep命令强制它hang住了
下面我们看看nfs server
可以看到刚刚生成的这个pvc directory.
这是刚刚拉取下来的git数据
如果不想自己去写命令打镜像去配置git拉取.官方也推荐了一种现成的. 已经写好的git Task.
参考如下链接:
git clone Task official
不过需要你梳理好各种pipeline. pipelineRun之间的各种params参数传递和参数配置. 也需要配置好git credentials. 已经涉及到容器内部的用户权限问题. 我写的文档是简化逻辑后的.
而且本文档只是简单演示的是一个taskRun. 如果你需要完成一套流程,git pull -> build image -> push dockerhub. 我建议你需要拆解我得taskRun. 然后把一些params 具体的value 配置到pipelineRun中.