网站抓取诊断ip出错,苏州seo网站公司,建站方案书,汕头关键词优化平台整体实施方案概述
创建命名空间#xff08;Namespace#xff09;#xff1a;创建一个专用于 CI/CD 的命名空间 cicd。配置 Secrets#xff1a; Git SSH 密钥#xff08;分别为 Maven 和 npm 项目#xff09;Docker Registry 凭证#xff08;Kaniko#xff09;SMTP 凭证…整体实施方案概述
创建命名空间Namespace创建一个专用于 CI/CD 的命名空间 cicd。配置 Secrets Git SSH 密钥分别为 Maven 和 npm 项目Docker Registry 凭证KanikoSMTP 凭证邮件通知 创建 PersistentVolumeClaimPVC用于存储工作空间数据。创建 ServiceAccount 和权限绑定确保 Tekton Pipelines 有足够的权限。创建 Tekton Tasks 初始化环境任务分别为 Maven 和 npm拉取代码任务分别为 Maven 和 npm运行 dockerContext.sh 脚本任务构建并推送镜像任务使用 Kaniko部署到 Kubernetes 任务发送邮件通知任务 创建 Tekton Pipelines Maven 流水线npm 流水线 创建 dockerContext.sh 脚本应用所有 Tekton 资源测试与运行常见问题排查 详细实施步骤
步骤 1创建命名空间
如果尚未创建创建一个专用于 CI/CD 的命名空间 cicd。
kubectl create namespace cicd验证命名空间创建成功
kubectl get namespaces步骤 2配置 Git SSH 密钥
2.1 生成 SSH 密钥 为 Maven 项目生成 SSH 密钥如果尚未有 ssh-keygen -t rsa -b 4096 -C maven_emailexample.com -f ~/maven_id_rsa为 npm 项目生成 SSH 密钥如果尚未有 ssh-keygen -t rsa -b 4096 -C npm_emailexample.com -f ~/npm_id_rsa将公钥添加到各自 Git 仓库的部署密钥中以便允许 CI/CD 系统访问私有仓库。
2.2 创建 Kubernetes Secrets 存储 Git SSH 私钥
保存 Maven Git SSH Secret 为 git-ssh-secret-maven.yaml
apiVersion: v1
kind: Secret
metadata:name: git-ssh-key-mavennamespace: cicd
type: kubernetes.io/ssh-auth
data:ssh-privatekey: BASE64_ENCODED_MAVEN_ID_RSA保存 npm Git SSH Secret 为 git-ssh-secret-npm.yaml
apiVersion: v1
kind: Secret
metadata:name: git-ssh-key-npmnamespace: cicd
type: kubernetes.io/ssh-auth
data:ssh-privatekey: BASE64_ENCODED_NPM_ID_RSA生成 Base64 编码的私钥
# 对 Maven 私钥进行编码
cat ~/maven_id_rsa | base64 -w0# 对 npm 私钥进行编码
cat ~/npm_id_rsa | base64 -w0将编码后的字符串替换到 BASE64_ENCODED_MAVEN_ID_RSA 和 BASE64_ENCODED_NPM_ID_RSA 中。
应用 Secrets
kubectl apply -f git-ssh-secret-maven.yaml
kubectl apply -f git-ssh-secret-npm.yaml验证 Secrets 创建成功
kubectl get secrets -n cicd步骤 3配置 Docker Registry 认证使用 Kaniko
3.1 准备 Docker Registry 凭证
确保您有镜像仓库的服务器地址、用户名、密码和邮箱。
3.2 创建 Docker Registry Secret
保存为 kaniko-secret.yaml
apiVersion: v1
kind: Secret
metadata:name: kaniko-secretnamespace: cicd
type: kubernetes.io/dockerconfigjson
data:.dockerconfigjson: BASE64_ENCODED_DOCKER_CONFIG_JSON生成 .dockerconfigjson 的方法
您可以使用以下命令自动生成
kubectl create secret docker-registry kaniko-secret \--namespacecicd \--docker-serverYOUR_DOCKER_REGISTRY_SERVER \--docker-usernameYOUR_USERNAME \--docker-passwordYOUR_PASSWORD \--docker-emailYOUR_EMAIL \--dry-runclient -o jsonpath{.data.\.dockerconfigjson} | base64 -w0将输出结果替换到 kaniko-secret.yaml 中的 BASE64_ENCODED_DOCKER_CONFIG_JSON。
应用 Secret
kubectl apply -f kaniko-secret.yaml验证 Secret 创建成功
kubectl get secrets -n cicd步骤 4创建 SMTP Secret
用于邮件通知。
保存为 smtp-secret.yaml
apiVersion: v1
kind: Secret
metadata:name: smtp-secretnamespace: cicd
type: Opaque
data:smtp-server: BASE64_ENCODED_SMTP_SERVERsmtp-port: BASE64_ENCODED_SMTP_PORTsmtp-username: BASE64_ENCODED_SMTP_USERNAMEsmtp-password: BASE64_ENCODED_SMTP_PASSWORDfrom-email: BASE64_ENCODED_FROM_EMAILto-email: BASE64_ENCODED_TO_EMAIL将各字段值进行 Base64 编码
echo -n smtp.gmail.com | base64 -w0
echo -n 587 | base64 -w0
echo -n usergmail.com | base64 -w0
echo -n password123 | base64 -w0
echo -n usergmail.com | base64 -w0
echo -n adminexample.com | base64 -w0示例
apiVersion: v1
kind: Secret
metadata:name: smtp-secretnamespace: cicd
type: Opaque
data:smtp-server: c210cC5nbWFpbC5jb20 # smtp.gmail.comsmtp-port: NTg3 # 587smtp-username: dXNlckBnbWFpbC5jb20 # usergmail.comsmtp-password: cGFzc3dvcmQxMjM # password123from-email: dXNlckBnbWFpbC5jb20 # usergmail.comto-email: YWRtaW5AZXhhbXBsZS5jb20 # adminexample.com应用 Secret
kubectl apply -f smtp-secret.yaml验证 Secret 创建成功
kubectl get secrets -n cicd步骤 5创建 PersistentVolumeClaimPVC
Tekton 需要持久化存储来存放工作空间数据。
保存为 workspace-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: workspace-pvcnamespace: cicd
spec:accessModes:- ReadWriteOnceresources:requests:storage: 5Gi应用 PVC
kubectl apply -f workspace-pvc.yaml验证 PVC 状态
kubectl get pvc -n cicd步骤 6创建 ServiceAccount 和权限绑定
确保 Tekton Pipelines 有足够的权限访问 Kubernetes API 和相关资源。
保存为 tekton-sa.yaml
apiVersion: v1
kind: ServiceAccount
metadata:name: tekton-sanamespace: cicd应用 ServiceAccount
kubectl apply -f tekton-sa.yaml绑定权限示例赋予 edit 权限
kubectl create rolebinding tekton-sa-edit \--clusterroleedit \--serviceaccountcicd:tekton-sa \--namespacecicd说明
edit ClusterRole 赋予了在命名空间内编辑资源的权限。根据实际需求可以调整权限。
步骤 7创建 Tekton Tasks
我们将为 Maven 和 npm 项目分别创建初始化任务和代码拉取任务。构建、推送镜像、部署和发送邮件的任务可以共用。
7.1 初始化环境任务
7.1.1 初始化 Maven 环境任务 (init-maven.yaml)
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: init-mavennamespace: cicd
spec:steps:- name: setup-mavenimage: maven:3.8.6-jdk-11script: |#!/bin/shset -eecho 初始化 Maven 环境...mvn --version# 在此处添加任何 Maven 相关的初始化步骤例如下载依赖7.1.2 初始化 npm 环境任务 (init-npm.yaml)
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: init-npmnamespace: cicd
spec:steps:- name: setup-npmimage: node:16script: |#!/bin/shset -eecho 初始化 NPM 环境...node --versionnpm --version# 在此处添加任何 NPM 相关的初始化步骤例如安装全局包应用初始化任务
kubectl apply -f init-maven.yaml
kubectl apply -f init-npm.yaml7.2 拉取代码任务
7.2.1 拉取 Maven 项目代码任务 (clone-repo-maven.yaml)
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: clone-repo-mavennamespace: cicd
spec:params:- name: repo-urldescription: Git 仓库地址type: string- name: revisiondescription: Git 分支或标签type: stringworkspaces:- name: sourcedescription: 存放拉取代码的工作空间steps:- name: clone-maven-repoimage: alpine/gitscript: |#!/bin/shset -eecho 从 $(params.repo-url) 克隆 Maven 仓库...git clone $(params.repo-url) $(workspaces.source.path)cd $(workspaces.source.path)git checkout $(params.revision)volumeMounts:- name: ssh-credentials-mavenmountPath: /root/.sshvolumes:- name: ssh-credentials-mavensecret:secretName: git-ssh-key-maven7.2.2 拉取 npm 项目代码任务 (clone-repo-npm.yaml)
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: clone-repo-npmnamespace: cicd
spec:params:- name: repo-urldescription: Git 仓库地址type: string- name: revisiondescription: Git 分支或标签type: stringworkspaces:- name: sourcedescription: 存放拉取代码的工作空间steps:- name: clone-npm-repoimage: alpine/gitscript: |#!/bin/shset -eecho 从 $(params.repo-url) 克隆 npm 仓库...git clone $(params.repo-url) $(workspaces.source.path)cd $(workspaces.source.path)git checkout $(params.revision)volumeMounts:- name: ssh-credentials-npmmountPath: /root/.sshvolumes:- name: ssh-credentials-npmsecret:secretName: git-ssh-key-npm应用拉取代码任务
kubectl apply -f clone-repo-maven.yaml
kubectl apply -f clone-repo-npm.yaml7.3 运行 dockerContext.sh 任务 (run-docker-context.yaml)
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: run-docker-contextnamespace: cicd
spec:workspaces:- name: sourcedescription: 存放代码和构建上下文的工作空间steps:- name: run-scriptimage: bash:latestscript: |#!/bin/shset -ecd $(workspaces.source.path)if [ -f .manifest/dockerContext.sh ]; thenecho 运行 dockerContext.sh 脚本...chmod x .manifest/dockerContext.sh./.manifest/dockerContext.sh || echo dockerContext.sh 执行失败跳过...elseecho 未找到 dockerContext.sh 脚本跳过...fi应用任务
kubectl apply -f run-docker-context.yaml7.4 构建并推送镜像任务使用 Kaniko (build-and-push-kaniko.yaml)
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: build-and-push-kanikonamespace: cicd
spec:params:- name: imagedescription: Docker 镜像名称type: string- name: dockerfiledescription: Dockerfile 的路径default: ./Dockerfiletype: string- name: contextdescription: 构建上下文路径default: .type: stringworkspaces:- name: sourcedescription: 存放代码和构建上下文的工作空间steps:- name: kanikoimage: gcr.io/kaniko-project/executor:latestcommand:- /kaniko/executorargs:- --context$(workspaces.source.path)/$(params.context)- --dockerfile$(workspaces.source.path)/$(params.dockerfile)- --destination$(params.image)- --oci-layout-path/kaniko/oci- --cachetrue- --cache-repo$(params.image)env:- name: DOCKER_CONFIGvalue: /kaniko/.docker/volumeMounts:- name: kaniko-secretmountPath: /kaniko/.docker/volumes:- name: kaniko-secretsecret:secretName: kaniko-secret应用任务
kubectl apply -f build-and-push-kaniko.yaml7.5 部署到 Kubernetes 任务 (deploy-to-kubernetes.yaml)
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: deploy-to-kubernetesnamespace: cicd
spec:params:- name: namespacedescription: Kubernetes 命名空间type: string- name: deployment-namedescription: Kubernetes Deployment 名称type: string- name: imagedescription: 要部署的镜像type: stringsteps:- name: deployimage: bitnami/kubectlscript: |#!/bin/shset -eecho 将镜像 $(params.image) 部署到命名空间 $(params.namespace)...kubectl set image deployment/$(params.deployment-name) app$(params.image) -n $(params.namespace)- name: set-statusimage: alpinescript: |#!/bin/shecho succeeded /tekton/results/statusresults:- name: statusdescription: 部署状态应用任务
kubectl apply -f deploy-to-kubernetes.yaml7.6 发送邮件通知任务 (send-email.yaml)
已在上文提供此处重复以方便参考
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: send-emailnamespace: cicd
spec:params:- name: subjecttype: stringdescription: 邮件主题- name: bodytype: stringdescription: 邮件正文steps:- name: send-emailimage: curlimages/curl:7.83.1script: |#!/bin/shset -eSMTP_SERVER$(cat /var/secrets/smtp/smtp-server)SMTP_PORT$(cat /var/secrets/smtp/smtp-port)SMTP_USERNAME$(cat /var/secrets/smtp/smtp-username)SMTP_PASSWORD$(cat /var/secrets/smtp/smtp-password)FROM_EMAIL$(cat /var/secrets/smtp/from-email)TO_EMAIL$(cat /var/secrets/smtp/to-email)SUBJECT$(params.subject)BODY$(params.body)echo 正在通过 $SMTP_SERVER:$SMTP_PORT 发送邮件到 $TO_EMAIL...echo -e Subject: $SUBJECT\n\n$BODY | \curl --url smtp://$SMTP_SERVER:$SMTP_PORT \--ssl-reqd \--mail-from $FROM_EMAIL \--mail-rcpt $TO_EMAIL \--user $SMTP_USERNAME:$SMTP_PASSWORD \-T -volumes:- name: smtp-secretssecret:secretName: smtp-secret应用任务
kubectl apply -f send-email.yaml步骤 8创建 Tekton Pipelines
为 Maven 和 npm 项目分别创建独立的流水线。
8.1 Maven 流水线 (maven-pipeline.yaml)
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:name: maven-pipelinenamespace: cicd
spec:params:- name: repo-urltype: stringdescription: Git 仓库地址- name: branchtype: stringdescription: Git 分支名称- name: imagetype: stringdescription: Docker 镜像名称- name: namespacetype: stringdescription: Kubernetes 命名空间- name: deployment-nametype: stringdescription: Kubernetes Deployment 名称workspaces:- name: sourcedescription: 存放代码和构建上下文的工作空间tasks:- name: init-maventaskRef:name: init-mavenrunAfter: []- name: clone-reporunAfter:- init-maventaskRef:name: clone-repo-mavenparams:- name: repo-urlvalue: $(params.repo-url)- name: revisionvalue: $(params.branch)workspaces:- name: sourceworkspace: source- name: run-docker-contextrunAfter:- clone-repotaskRef:name: run-docker-contextworkspaces:- name: sourceworkspace: source- name: build-and-pushrunAfter:- run-docker-contexttaskRef:name: build-and-push-kanikoparams:- name: imagevalue: $(params.image)- name: dockerfilevalue: ./Dockerfile- name: contextvalue: .workspaces:- name: sourceworkspace: source- name: deployrunAfter:- build-and-pushtaskRef:name: deploy-to-kubernetesparams:- name: namespacevalue: $(params.namespace)- name: deployment-namevalue: $(params.deployment-name)- name: imagevalue: $(params.image)finally:- name: notifytaskRef:name: send-emailparams:- name: subjectvalue: Maven 流水线 $(params.deployment-name) - $(tasks.deploy.results.status)- name: bodyvalue: |流水线 **Maven 流水线** 已完成。- **仓库**: $(params.repo-url)- **分支**: $(params.branch)- **镜像**: $(params.image)- **命名空间**: $(params.namespace)- **部署名称**: $(params.deployment-name)**状态**: $(tasks.deploy.results.status)workspaces:- name: sourceworkspace: source8.2 npm 流水线 (npm-pipeline.yaml)
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:name: npm-pipelinenamespace: cicd
spec:params:- name: repo-urltype: stringdescription: Git 仓库地址- name: branchtype: stringdescription: Git 分支名称- name: imagetype: stringdescription: Docker 镜像名称- name: namespacetype: stringdescription: Kubernetes 命名空间- name: deployment-nametype: stringdescription: Kubernetes Deployment 名称workspaces:- name: sourcedescription: 存放代码和构建上下文的工作空间tasks:- name: init-npmtaskRef:name: init-npmrunAfter: []- name: clone-reporunAfter:- init-npmtaskRef:name: clone-repo-npmparams:- name: repo-urlvalue: $(params.repo-url)- name: revisionvalue: $(params.branch)workspaces:- name: sourceworkspace: source- name: run-docker-contextrunAfter:- clone-repotaskRef:name: run-docker-contextworkspaces:- name: sourceworkspace: source- name: build-and-pushrunAfter:- run-docker-contexttaskRef:name: build-and-push-kanikoparams:- name: imagevalue: $(params.image)- name: dockerfilevalue: ./Dockerfile- name: contextvalue: .workspaces:- name: sourceworkspace: source- name: deployrunAfter:- build-and-pushtaskRef:name: deploy-to-kubernetesparams:- name: namespacevalue: $(params.namespace)- name: deployment-namevalue: $(params.deployment-name)- name: imagevalue: $(params.image)finally:- name: notifytaskRef:name: send-emailparams:- name: subjectvalue: NPM 流水线 $(params.deployment-name) - $(tasks.deploy.results.status)- name: bodyvalue: |流水线 **NPM 流水线** 已完成。- **仓库**: $(params.repo-url)- **分支**: $(params.branch)- **镜像**: $(params.image)- **命名空间**: $(params.namespace)- **部署名称**: $(params.deployment-name)**状态**: $(tasks.deploy.results.status)workspaces:- name: sourceworkspace: source说明
Maven 和 npm 流水线结构类似但各自引用不同的初始化和代码拉取任务。finally 部分确保无论前面的任务成功还是失败都会执行 send-email 任务发送通知。
应用流水线
kubectl apply -f maven-pipeline.yaml
kubectl apply -f npm-pipeline.yaml验证流水线创建成功
kubectl get pipelines -n cicd步骤 9创建 dockerContext.sh 脚本
dockerContext.sh 是一个用于处理特定上下文操作的脚本。根据您的需求您可以在此脚本中添加自定义逻辑。以下是一个示例脚本
创建 dockerContext.sh 文件
#!/bin/sh
set -eecho 执行 dockerContext.sh 脚本...# 示例操作生成 Docker 镜像标签
TIMESTAMP$(date %Y%m%d%H%M%S)
echo 生成的时间戳标签$TIMESTAMP# 您可以在此处添加更多自定义操作例如修改配置文件、生成额外文件等。echo dockerContext.sh 脚本执行完成。说明
功能此脚本用于执行构建前的自定义操作例如生成镜像标签、修改配置文件等。位置将此脚本放置在项目的 .manifest/ 目录下即 .manifest/dockerContext.sh。
确保脚本具有执行权限
chmod x .manifest/dockerContext.sh步骤 10应用所有 Tekton 资源
按照以下顺序依次应用所有 Tekton 任务和流水线配置文件
kubectl apply -f init-maven.yaml
kubectl apply -f init-npm.yaml
kubectl apply -f clone-repo-maven.yaml
kubectl apply -f clone-repo-npm.yaml
kubectl apply -f run-docker-context.yaml
kubectl apply -f build-and-push-kaniko.yaml
kubectl apply -f deploy-to-kubernetes.yaml
kubectl apply -f send-email.yaml
kubectl apply -f maven-pipeline.yaml
kubectl apply -f npm-pipeline.yaml
kubectl apply -f workspace-pvc.yaml
kubectl apply -f kaniko-secret.yaml
kubectl apply -f smtp-secret.yaml
kubectl apply -f tekton-sa.yaml验证资源创建成功
kubectl get tasks,pipelines -n cicd
kubectl get pvc -n cicd
kubectl get secrets -n cicd
kubectl get serviceaccounts -n cicd步骤 11测试与运行
11.1 手动触发 Maven 流水线
创建并应用 Maven PipelineRun (maven-pipelinerun.yaml)
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:name: maven-pipelinerun-$(date %s)namespace: cicd
spec:pipelineRef:name: maven-pipelineparams:- name: repo-urlvalue: https://github.com/example/maven-app.git- name: branchvalue: main- name: imagevalue: docker.io/example/maven-app:latest- name: namespacevalue: dev- name: deployment-namevalue: maven-appworkspaces:- name: sourcepersistentVolumeClaim:claimName: workspace-pvcserviceAccountName: tekton-sa应用 PipelineRun
kubectl apply -f maven-pipelinerun.yaml11.2 手动触发 npm 流水线
创建并应用 npm PipelineRun (npm-pipelinerun.yaml)
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:name: npm-pipelinerun-$(date %s)namespace: cicd
spec:pipelineRef:name: npm-pipelineparams:- name: repo-urlvalue: https://github.com/example/npm-app.git- name: branchvalue: main- name: imagevalue: docker.io/example/npm-app:latest- name: namespacevalue: dev- name: deployment-namevalue: npm-appworkspaces:- name: sourcepersistentVolumeClaim:claimName: workspace-pvcserviceAccountName: tekton-sa应用 PipelineRun
kubectl apply -f npm-pipelinerun.yaml或者您也可以使用 tkn CLI 触发 Pipeline
# 触发 Maven 流水线
tkn pipeline start maven-pipeline \-p repo-urlhttps://github.com/example/maven-app.git \-p branchmain \-p imagedocker.io/example/maven-app:latest \-p namespacedev \-p deployment-namemaven-app \-w namesource,claimNameworkspace-pvc \--serviceaccounttekton-sa# 触发 npm 流水线
tkn pipeline start npm-pipeline \-p repo-urlhttps://github.com/example/npm-app.git \-p branchmain \-p imagedocker.io/example/npm-app:latest \-p namespacedev \-p deployment-namenpm-app \-w namesource,claimNameworkspace-pvc \--serviceaccounttekton-sa11.3 监控流水线运行状态
# 查看流水线列表
kubectl get pipelines -n cicd# 查看 PipelineRun 列表
kubectl get pipelineruns -n cicd# 查看特定 PipelineRun 的日志
tkn pipelinerun logs pipelinerun-name -f -n cicd将 pipelinerun-name 替换为实际的 PipelineRun 名称。
步骤 12验证邮件通知功能
触发流水线按照上述步骤 11.1 或 11.2 触发 Maven 或 npm 流水线。检查邮件确认指定的 to-email 收到相应的通知邮件。排查问题 如果邮件未收到请检查 smtp-secret 是否正确配置确保所有字段都已正确 Base64 编码。SMTP 服务器是否允许通过 API 或外部应用发送邮件例如Gmail 可能需要启用“应用专用密码”。查看 send-email 任务的日志确认 curl 命令是否执行成功。 关键 YAML 文件汇总
1. 初始化环境任务
1.1 Maven 初始化任务 (init-maven.yaml)
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: init-mavennamespace: cicd
spec:steps:- name: setup-mavenimage: maven:3.8.6-jdk-11script: |#!/bin/shset -eecho 初始化 Maven 环境...mvn --version# 在此处添加任何 Maven 相关的初始化步骤例如下载依赖1.2 npm 初始化任务 (init-npm.yaml)
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: init-npmnamespace: cicd
spec:steps:- name: setup-npmimage: node:16script: |#!/bin/shset -eecho 初始化 NPM 环境...node --versionnpm --version# 在此处添加任何 NPM 相关的初始化步骤例如安装全局包2. 拉取代码任务
2.1 拉取 Maven 项目代码任务 (clone-repo-maven.yaml)
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: clone-repo-mavennamespace: cicd
spec:params:- name: repo-urldescription: Git 仓库地址type: string- name: revisiondescription: Git 分支或标签type: stringworkspaces:- name: sourcedescription: 存放拉取代码的工作空间steps:- name: clone-maven-repoimage: alpine/gitscript: |#!/bin/shset -eecho 从 $(params.repo-url) 克隆 Maven 仓库...git clone $(params.repo-url) $(workspaces.source.path)cd $(workspaces.source.path)git checkout $(params.revision)volumeMounts:- name: ssh-credentials-mavenmountPath: /root/.sshvolumes:- name: ssh-credentials-mavensecret:secretName: git-ssh-key-maven2.2 拉取 npm 项目代码任务 (clone-repo-npm.yaml)
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: clone-repo-npmnamespace: cicd
spec:params:- name: repo-urldescription: Git 仓库地址type: string- name: revisiondescription: Git 分支或标签type: stringworkspaces:- name: sourcedescription: 存放拉取代码的工作空间steps:- name: clone-npm-repoimage: alpine/gitscript: |#!/bin/shset -eecho 从 $(params.repo-url) 克隆 npm 仓库...git clone $(params.repo-url) $(workspaces.source.path)cd $(workspaces.source.path)git checkout $(params.revision)volumeMounts:- name: ssh-credentials-npmmountPath: /root/.sshvolumes:- name: ssh-credentials-npmsecret:secretName: git-ssh-key-npm3. 运行 dockerContext.sh 任务 (run-docker-context.yaml)
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: run-docker-contextnamespace: cicd
spec:workspaces:- name: sourcedescription: 存放代码和构建上下文的工作空间steps:- name: run-scriptimage: bash:latestscript: |#!/bin/shset -ecd $(workspaces.source.path)if [ -f .manifest/dockerContext.sh ]; thenecho 运行 dockerContext.sh 脚本...chmod x .manifest/dockerContext.sh./.manifest/dockerContext.sh || echo dockerContext.sh 执行失败跳过...elseecho 未找到 dockerContext.sh 脚本跳过...fi4. 构建并推送镜像任务使用 Kaniko (build-and-push-kaniko.yaml)
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: build-and-push-kanikonamespace: cicd
spec:params:- name: imagedescription: Docker 镜像名称type: string- name: dockerfiledescription: Dockerfile 的路径default: ./Dockerfiletype: string- name: contextdescription: 构建上下文路径default: .type: stringworkspaces:- name: sourcedescription: 存放代码和构建上下文的工作空间steps:- name: kanikoimage: gcr.io/kaniko-project/executor:latestcommand:- /kaniko/executorargs:- --context$(workspaces.source.path)/$(params.context)- --dockerfile$(workspaces.source.path)/$(params.dockerfile)- --destination$(params.image)- --oci-layout-path/kaniko/oci- --cachetrue- --cache-repo$(params.image)env:- name: DOCKER_CONFIGvalue: /kaniko/.docker/volumeMounts:- name: kaniko-secretmountPath: /kaniko/.docker/volumes:- name: kaniko-secretsecret:secretName: kaniko-secret5. 部署到 Kubernetes 任务 (deploy-to-kubernetes.yaml)
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: deploy-to-kubernetesnamespace: cicd
spec:params:- name: namespacedescription: Kubernetes 命名空间type: string- name: deployment-namedescription: Kubernetes Deployment 名称type: string- name: imagedescription: 要部署的镜像type: stringsteps:- name: deployimage: bitnami/kubectlscript: |#!/bin/shset -eecho 将镜像 $(params.image) 部署到命名空间 $(params.namespace)...kubectl set image deployment/$(params.deployment-name) app$(params.image) -n $(params.namespace)- name: set-statusimage: alpinescript: |#!/bin/shecho succeeded /tekton/results/statusresults:- name: statusdescription: 部署状态6. 发送邮件通知任务 (send-email.yaml)
已在上文提供此处重复以方便参考
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: send-emailnamespace: cicd
spec:params:- name: subjecttype: stringdescription: 邮件主题- name: bodytype: stringdescription: 邮件正文steps:- name: send-emailimage: curlimages/curl:7.83.1script: |#!/bin/shset -eSMTP_SERVER$(cat /var/secrets/smtp/smtp-server)SMTP_PORT$(cat /var/secrets/smtp/smtp-port)SMTP_USERNAME$(cat /var/secrets/smtp/smtp-username)SMTP_PASSWORD$(cat /var/secrets/smtp/smtp-password)FROM_EMAIL$(cat /var/secrets/smtp/from-email)TO_EMAIL$(cat /var/secrets/smtp/to-email)SUBJECT$(params.subject)BODY$(params.body)echo 正在通过 $SMTP_SERVER:$SMTP_PORT 发送邮件到 $TO_EMAIL...echo -e Subject: $SUBJECT\n\n$BODY | \curl --url smtp://$SMTP_SERVER:$SMTP_PORT \--ssl-reqd \--mail-from $FROM_EMAIL \--mail-rcpt $TO_EMAIL \--user $SMTP_USERNAME:$SMTP_PASSWORD \-T -volumes:- name: smtp-secretssecret:secretName: smtp-secret应用任务
kubectl apply -f send-email.yaml步骤 7创建 Tekton Pipelines
7.1 Maven 流水线 (maven-pipeline.yaml)
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:name: maven-pipelinenamespace: cicd
spec:params:- name: repo-urltype: stringdescription: Git 仓库地址- name: branchtype: stringdescription: Git 分支名称- name: imagetype: stringdescription: Docker 镜像名称- name: namespacetype: stringdescription: Kubernetes 命名空间- name: deployment-nametype: stringdescription: Kubernetes Deployment 名称workspaces:- name: sourcedescription: 存放代码和构建上下文的工作空间tasks:- name: init-maventaskRef:name: init-mavenrunAfter: []- name: clone-reporunAfter:- init-maventaskRef:name: clone-repo-mavenparams:- name: repo-urlvalue: $(params.repo-url)- name: revisionvalue: $(params.branch)workspaces:- name: sourceworkspace: source- name: run-docker-contextrunAfter:- clone-repotaskRef:name: run-docker-contextworkspaces:- name: sourceworkspace: source- name: build-and-pushrunAfter:- run-docker-contexttaskRef:name: build-and-push-kanikoparams:- name: imagevalue: $(params.image)- name: dockerfilevalue: ./Dockerfile- name: contextvalue: .workspaces:- name: sourceworkspace: source- name: deployrunAfter:- build-and-pushtaskRef:name: deploy-to-kubernetesparams:- name: namespacevalue: $(params.namespace)- name: deployment-namevalue: $(params.deployment-name)- name: imagevalue: $(params.image)finally:- name: notifytaskRef:name: send-emailparams:- name: subjectvalue: Maven 流水线 $(params.deployment-name) - $(tasks.deploy.results.status)- name: bodyvalue: |流水线 **Maven 流水线** 已完成。- **仓库**: $(params.repo-url)- **分支**: $(params.branch)- **镜像**: $(params.image)- **命名空间**: $(params.namespace)- **部署名称**: $(params.deployment-name)**状态**: $(tasks.deploy.results.status)workspaces:- name: sourceworkspace: source7.2 npm 流水线 (npm-pipeline.yaml)
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:name: npm-pipelinenamespace: cicd
spec:params:- name: repo-urltype: stringdescription: Git 仓库地址- name: branchtype: stringdescription: Git 分支名称- name: imagetype: stringdescription: Docker 镜像名称- name: namespacetype: stringdescription: Kubernetes 命名空间- name: deployment-nametype: stringdescription: Kubernetes Deployment 名称workspaces:- name: sourcedescription: 存放代码和构建上下文的工作空间tasks:- name: init-npmtaskRef:name: init-npmrunAfter: []- name: clone-reporunAfter:- init-npmtaskRef:name: clone-repo-npmparams:- name: repo-urlvalue: $(params.repo-url)- name: revisionvalue: $(params.branch)workspaces:- name: sourceworkspace: source- name: run-docker-contextrunAfter:- clone-repotaskRef:name: run-docker-contextworkspaces:- name: sourceworkspace: source- name: build-and-pushrunAfter:- run-docker-contexttaskRef:name: build-and-push-kanikoparams:- name: imagevalue: $(params.image)- name: dockerfilevalue: ./Dockerfile- name: contextvalue: .workspaces:- name: sourceworkspace: source- name: deployrunAfter:- build-and-pushtaskRef:name: deploy-to-kubernetesparams:- name: namespacevalue: $(params.namespace)- name: deployment-namevalue: $(params.deployment-name)- name: imagevalue: $(params.image)finally:- name: notifytaskRef:name: send-emailparams:- name: subjectvalue: NPM 流水线 $(params.deployment-name) - $(tasks.deploy.results.status)- name: bodyvalue: |流水线 **NPM 流水线** 已完成。- **仓库**: $(params.repo-url)- **分支**: $(params.branch)- **镜像**: $(params.image)- **命名空间**: $(params.namespace)- **部署名称**: $(params.deployment-name)**状态**: $(tasks.deploy.results.status)workspaces:- name: sourceworkspace: source说明
Maven 和 npm 流水线结构类似但各自引用不同的初始化和代码拉取任务。finally 部分确保无论前面的任务成功还是失败都会执行 send-email 任务发送通知。
应用流水线
kubectl apply -f maven-pipeline.yaml
kubectl apply -f npm-pipeline.yaml步骤 10创建 dockerContext.sh 脚本
dockerContext.sh 是一个用于处理特定上下文操作的脚本。根据您的需求您可以在此脚本中添加自定义逻辑。以下是一个示例脚本
创建 dockerContext.sh 文件
将以下内容保存为项目中的 .manifest/dockerContext.sh 文件
#!/bin/sh
set -eecho 执行 dockerContext.sh 脚本...# 示例操作生成 Docker 镜像标签
TIMESTAMP$(date %Y%m%d%H%M%S)
echo 生成的时间戳标签$TIMESTAMP# 您可以在此处添加更多自定义操作例如修改配置文件、生成额外文件等。echo dockerContext.sh 脚本执行完成。说明
功能此脚本用于执行构建前的自定义操作例如生成镜像标签、修改配置文件等。位置将此脚本放置在项目的 .manifest/ 目录下即 .manifest/dockerContext.sh。
确保脚本具有执行权限
chmod x .manifest/dockerContext.sh步骤 11应用所有 Tekton 资源
按照以下顺序依次应用所有 Tekton 任务和流水线配置文件
kubectl apply -f init-maven.yaml
kubectl apply -f init-npm.yaml
kubectl apply -f clone-repo-maven.yaml
kubectl apply -f clone-repo-npm.yaml
kubectl apply -f run-docker-context.yaml
kubectl apply -f build-and-push-kaniko.yaml
kubectl apply -f deploy-to-kubernetes.yaml
kubectl apply -f send-email.yaml
kubectl apply -f maven-pipeline.yaml
kubectl apply -f npm-pipeline.yaml
kubectl apply -f workspace-pvc.yaml
kubectl apply -f kaniko-secret.yaml
kubectl apply -f smtp-secret.yaml
kubectl apply -f tekton-sa.yaml验证资源创建成功
kubectl get tasks,pipelines -n cicd
kubectl get pvc -n cicd
kubectl get secrets -n cicd
kubectl get serviceaccounts -n cicd步骤 12测试与运行
12.1 手动触发 Maven 流水线
创建并应用 Maven PipelineRun (maven-pipelinerun.yaml)
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:name: maven-pipelinerun-$(date %s)namespace: cicd
spec:pipelineRef:name: maven-pipelineparams:- name: repo-urlvalue: https://github.com/example/maven-app.git- name: branchvalue: main- name: imagevalue: docker.io/example/maven-app:latest- name: namespacevalue: dev- name: deployment-namevalue: maven-appworkspaces:- name: sourcepersistentVolumeClaim:claimName: workspace-pvcserviceAccountName: tekton-sa应用 PipelineRun
kubectl apply -f maven-pipelinerun.yaml12.2 手动触发 npm 流水线
创建并应用 npm PipelineRun (npm-pipelinerun.yaml)
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:name: npm-pipelinerun-$(date %s)namespace: cicd
spec:pipelineRef:name: npm-pipelineparams:- name: repo-urlvalue: https://github.com/example/npm-app.git- name: branchvalue: main- name: imagevalue: docker.io/example/npm-app:latest- name: namespacevalue: dev- name: deployment-namevalue: npm-appworkspaces:- name: sourcepersistentVolumeClaim:claimName: workspace-pvcserviceAccountName: tekton-sa应用 PipelineRun
kubectl apply -f npm-pipelinerun.yaml或者您也可以使用 tkn CLI 触发 Pipeline
# 触发 Maven 流水线
tkn pipeline start maven-pipeline \-p repo-urlhttps://github.com/example/maven-app.git \-p branchmain \-p imagedocker.io/example/maven-app:latest \-p namespacedev \-p deployment-namemaven-app \-w namesource,claimNameworkspace-pvc \--serviceaccounttekton-sa# 触发 npm 流水线
tkn pipeline start npm-pipeline \-p repo-urlhttps://github.com/example/npm-app.git \-p branchmain \-p imagedocker.io/example/npm-app:latest \-p namespacedev \-p deployment-namenpm-app \-w namesource,claimNameworkspace-pvc \--serviceaccounttekton-sa12.3 监控流水线运行状态
# 查看流水线列表
kubectl get pipelines -n cicd# 查看 PipelineRun 列表
kubectl get pipelineruns -n cicd# 查看特定 PipelineRun 的日志
tkn pipelinerun logs pipelinerun-name -f -n cicd将 pipelinerun-name 替换为实际的 PipelineRun 名称。
步骤 13验证邮件通知功能
触发流水线按照上述步骤 12.1 或 12.2 触发 Maven 或 npm 流水线。检查邮件确认指定的 to-email 收到相应的通知邮件。排查问题 如果邮件未收到请检查 smtp-secret 是否正确配置确保所有字段都已正确 Base64 编码。SMTP 服务器是否允许通过 API 或外部应用发送邮件例如Gmail 可能需要启用“应用专用密码”。查看 send-email 任务的日志确认 curl 命令是否执行成功。 关键 YAML 文件汇总
以下是所有关键 YAML 文件的汇总供参考
1. 初始化环境任务
1.1 Maven 初始化任务 (init-maven.yaml)
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: init-mavennamespace: cicd
spec:steps:- name: setup-mavenimage: maven:3.8.6-jdk-11script: |#!/bin/shset -eecho 初始化 Maven 环境...mvn --version# 在此处添加任何 Maven 相关的初始化步骤例如下载依赖1.2 npm 初始化任务 (init-npm.yaml)
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: init-npmnamespace: cicd
spec:steps:- name: setup-npmimage: node:16script: |#!/bin/shset -eecho 初始化 NPM 环境...node --versionnpm --version# 在此处添加任何 NPM 相关的初始化步骤例如安装全局包2. 拉取代码任务
2.1 拉取 Maven 项目代码任务 (clone-repo-maven.yaml)
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: clone-repo-mavennamespace: cicd
spec:params:- name: repo-urldescription: Git 仓库地址type: string- name: revisiondescription: Git 分支或标签type: stringworkspaces:- name: sourcedescription: 存放拉取代码的工作空间steps:- name: clone-maven-repoimage: alpine/gitscript: |#!/bin/shset -eecho 从 $(params.repo-url) 克隆 Maven 仓库...git clone $(params.repo-url) $(workspaces.source.path)cd $(workspaces.source.path)git checkout $(params.revision)volumeMounts:- name: ssh-credentials-mavenmountPath: /root/.sshvolumes:- name: ssh-credentials-mavensecret:secretName: git-ssh-key-maven2.2 拉取 npm 项目代码任务 (clone-repo-npm.yaml)
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: clone-repo-npmnamespace: cicd
spec:params:- name: repo-urldescription: Git 仓库地址type: string- name: revisiondescription: Git 分支或标签type: stringworkspaces:- name: sourcedescription: 存放拉取代码的工作空间steps:- name: clone-npm-repoimage: alpine/gitscript: |#!/bin/shset -eecho 从 $(params.repo-url) 克隆 npm 仓库...git clone $(params.repo-url) $(workspaces.source.path)cd $(workspaces.source.path)git checkout $(params.revision)volumeMounts:- name: ssh-credentials-npmmountPath: /root/.sshvolumes:- name: ssh-credentials-npmsecret:secretName: git-ssh-key-npm3. 运行 dockerContext.sh 任务 (run-docker-context.yaml)
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: run-docker-contextnamespace: cicd
spec:workspaces:- name: sourcedescription: 存放代码和构建上下文的工作空间steps:- name: run-scriptimage: bash:latestscript: |#!/bin/shset -ecd $(workspaces.source.path)if [ -f .manifest/dockerContext.sh ]; thenecho 运行 dockerContext.sh 脚本...chmod x .manifest/dockerContext.sh./.manifest/dockerContext.sh || echo dockerContext.sh 执行失败跳过...elseecho 未找到 dockerContext.sh 脚本跳过...fi4. 构建并推送镜像任务使用 Kaniko (build-and-push-kaniko.yaml)
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: build-and-push-kanikonamespace: cicd
spec:params:- name: imagedescription: Docker 镜像名称type: string- name: dockerfiledescription: Dockerfile 的路径default: ./Dockerfiletype: string- name: contextdescription: 构建上下文路径default: .type: stringworkspaces:- name: sourcedescription: 存放代码和构建上下文的工作空间steps:- name: kanikoimage: gcr.io/kaniko-project/executor:latestcommand:- /kaniko/executorargs:- --context$(workspaces.source.path)/$(params.context)- --dockerfile$(workspaces.source.path)/$(params.dockerfile)- --destination$(params.image)- --oci-layout-path/kaniko/oci- --cachetrue- --cache-repo$(params.image)env:- name: DOCKER_CONFIGvalue: /kaniko/.docker/volumeMounts:- name: kaniko-secretmountPath: /kaniko/.docker/volumes:- name: kaniko-secretsecret:secretName: kaniko-secret5. 部署到 Kubernetes 任务 (deploy-to-kubernetes.yaml)
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: deploy-to-kubernetesnamespace: cicd
spec:params:- name: namespacedescription: Kubernetes 命名空间type: string- name: deployment-namedescription: Kubernetes Deployment 名称type: string- name: imagedescription: 要部署的镜像type: stringsteps:- name: deployimage: bitnami/kubectlscript: |#!/bin/shset -eecho 将镜像 $(params.image) 部署到命名空间 $(params.namespace)...kubectl set image deployment/$(params.deployment-name) app$(params.image) -n $(params.namespace)- name: set-statusimage: alpinescript: |#!/bin/shecho succeeded /tekton/results/statusresults:- name: statusdescription: 部署状态6. 发送邮件通知任务 (send-email.yaml)
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: send-emailnamespace: cicd
spec:params:- name: subjecttype: stringdescription: 邮件主题- name: bodytype: stringdescription: 邮件正文steps:- name: send-emailimage: curlimages/curl:7.83.1script: |#!/bin/shset -eSMTP_SERVER$(cat /var/secrets/smtp/smtp-server)SMTP_PORT$(cat /var/secrets/smtp/smtp-port)SMTP_USERNAME$(cat /var/secrets/smtp/smtp-username)SMTP_PASSWORD$(cat /var/secrets/smtp/smtp-password)FROM_EMAIL$(cat /var/secrets/smtp/from-email)TO_EMAIL$(cat /var/secrets/smtp/to-email)SUBJECT$(params.subject)BODY$(params.body)echo 正在通过 $SMTP_SERVER:$SMTP_PORT 发送邮件到 $TO_EMAIL...echo -e Subject: $SUBJECT\n\n$BODY | \curl --url smtp://$SMTP_SERVER:$SMTP_PORT \--ssl-reqd \--mail-from $FROM_EMAIL \--mail-rcpt $TO_EMAIL \--user $SMTP_USERNAME:$SMTP_PASSWORD \-T -volumes:- name: smtp-secretssecret:secretName: smtp-secret应用任务
kubectl apply -f send-email.yaml7. Tekton Pipelines
7.1 Maven 流水线 (maven-pipeline.yaml)
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:name: maven-pipelinenamespace: cicd
spec:params:- name: repo-urltype: stringdescription: Git 仓库地址- name: branchtype: stringdescription: Git 分支名称- name: imagetype: stringdescription: Docker 镜像名称- name: namespacetype: stringdescription: Kubernetes 命名空间- name: deployment-nametype: stringdescription: Kubernetes Deployment 名称workspaces:- name: sourcedescription: 存放代码和构建上下文的工作空间tasks:- name: init-maventaskRef:name: init-mavenrunAfter: []- name: clone-reporunAfter:- init-maventaskRef:name: clone-repo-mavenparams:- name: repo-urlvalue: $(params.repo-url)- name: revisionvalue: $(params.branch)workspaces:- name: sourceworkspace: source- name: run-docker-contextrunAfter:- clone-repotaskRef:name: run-docker-contextworkspaces:- name: sourceworkspace: source- name: build-and-pushrunAfter:- run-docker-contexttaskRef:name: build-and-push-kanikoparams:- name: imagevalue: $(params.image)- name: dockerfilevalue: ./Dockerfile- name: contextvalue: .workspaces:- name: sourceworkspace: source- name: deployrunAfter:- build-and-pushtaskRef:name: deploy-to-kubernetesparams:- name: namespacevalue: $(params.namespace)- name: deployment-namevalue: $(params.deployment-name)- name: imagevalue: $(params.image)finally:- name: notifytaskRef:name: send-emailparams:- name: subjectvalue: Maven 流水线 $(params.deployment-name) - $(tasks.deploy.results.status)- name: bodyvalue: |流水线 **Maven 流水线** 已完成。- **仓库**: $(params.repo-url)- **分支**: $(params.branch)- **镜像**: $(params.image)- **命名空间**: $(params.namespace)- **部署名称**: $(params.deployment-name)**状态**: $(tasks.deploy.results.status)workspaces:- name: sourceworkspace: source7.2 npm 流水线 (npm-pipeline.yaml)
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:name: npm-pipelinenamespace: cicd
spec:params:- name: repo-urltype: stringdescription: Git 仓库地址- name: branchtype: stringdescription: Git 分支名称- name: imagetype: stringdescription: Docker 镜像名称- name: namespacetype: stringdescription: Kubernetes 命名空间- name: deployment-nametype: stringdescription: Kubernetes Deployment 名称workspaces:- name: sourcedescription: 存放代码和构建上下文的工作空间tasks:- name: init-npmtaskRef:name: init-npmrunAfter: []- name: clone-reporunAfter:- init-npmtaskRef:name: clone-repo-npmparams:- name: repo-urlvalue: $(params.repo-url)- name: revisionvalue: $(params.branch)workspaces:- name: sourceworkspace: source- name: run-docker-contextrunAfter:- clone-repotaskRef:name: run-docker-contextworkspaces:- name: sourceworkspace: source- name: build-and-pushrunAfter:- run-docker-contexttaskRef:name: build-and-push-kanikoparams:- name: imagevalue: $(params.image)- name: dockerfilevalue: ./Dockerfile- name: contextvalue: .workspaces:- name: sourceworkspace: source- name: deployrunAfter:- build-and-pushtaskRef:name: deploy-to-kubernetesparams:- name: namespacevalue: $(params.namespace)- name: deployment-namevalue: $(params.deployment-name)- name: imagevalue: $(params.image)finally:- name: notifytaskRef:name: send-emailparams:- name: subjectvalue: NPM 流水线 $(params.deployment-name) - $(tasks.deploy.results.status)- name: bodyvalue: |流水线 **NPM 流水线** 已完成。- **仓库**: $(params.repo-url)- **分支**: $(params.branch)- **镜像**: $(params.image)- **命名空间**: $(params.namespace)- **部署名称**: $(params.deployment-name)**状态**: $(tasks.deploy.results.status)workspaces:- name: sourceworkspace: source说明
Maven 和 npm 流水线结构类似但各自引用不同的初始化和代码拉取任务。finally 部分确保无论前面的任务成功还是失败都会执行 send-email 任务发送通知。
应用流水线
kubectl apply -f maven-pipeline.yaml
kubectl apply -f npm-pipeline.yaml步骤 14优化与容错
容错机制 在 run-docker-context 任务中已包含对 dockerContext.sh 脚本不存在或执行失败的处理确保流水线不会因该脚本的问题中断。 重试策略 根据需要在 Pipeline 或 Task 中配置重试策略以应对临时性错误。示例在任务定义中添加 retries 字段。spec:retries: 3资源限制 为每个 Task 设置资源请求和限制避免资源争用。resources:requests:memory: 512Micpu: 500mlimits:memory: 1Gicpu: 1日志存储与监控 集成日志收集和监控工具如 Elasticsearch、Prometheus 和 Grafana实时监控流水线的执行状态和性能及时发现并解决问题。 常见问题排查
1. 邮件未发送 检查 SMTP Secret 配置 确保 smtp-secret 中的所有字段smtp-server、smtp-port、smtp-username、smtp-password、from-email、to-email已正确 Base64 编码并填入 smtp-secret.yaml 中。 验证 SMTP 服务器设置 确保 SMTP 服务器地址和端口正确。确认 SMTP 服务器允许通过 API 或外部应用发送邮件。对于 Gmail可能需要启用“应用专用密码”或调整安全设置。 查看 send-email 任务日志 使用以下命令查看发送邮件任务的详细日志确认 curl 命令是否执行成功。 tkn pipelinerun logs pipelinerun-name -f -n cicd将 pipelinerun-name 替换为实际的 PipelineRun 名称。
2. 权限不足 检查 ServiceAccount 权限 确保 tekton-sa ServiceAccount 具有足够的权限访问 Kubernetes API 和相关资源。 验证 RoleBinding 配置 确保 RoleBinding 正确将 tekton-sa 绑定到适当的 ClusterRole例如 edit。 查看 RoleBinding kubectl get rolebinding -n cicd3. 持久化存储问题 验证 PVC 状态 确保 workspace-pvc 已正确创建并处于绑定状态。 kubectl get pvc workspace-pvc -n cicd确认有可用的 PersistentVolume 确保集群中有可用的 PersistentVolume 提供所需的存储。
4. 任务失败 查看失败任务的详细日志 tkn pipelinerun logs pipelinerun-name -f -n cicd将 pipelinerun-name 替换为实际的 PipelineRun 名称。 根据错误信息调整任务脚本或配置 例如如果 Maven 任务失败检查 pom.xml 是否正确依赖是否可用。
