1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

apiVersion: v1
kind: Secret
metadata:
  name: gitlab-basic-auth
  annotations:
    tekton.dev/git-0: http://gitlab.cloudnative.cn:8081
    tekton.dev/git-1: http://github.cloudnative.cn:8081
type: kubernetes.io/basic-auth
stringData:
  username: xxx
  password: xxx

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

apiVersion: v1
kind: Secret
metadata:
  name: gitlab-ssh-key
  annotations:
    tekton.dev/git-0: gitlab.cloudnative.cn
type: kubernetes.io/ssh-auth
stringData:
  ssh-privatekey: |-
    -----BEGIN RSA PRIVATE KEY-----
    xxx
    -----END RSA PRIVATE KEY-----    
  known_hosts: xxx

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

   apiVersion: v1
   kind: Secret
   metadata:
     name: docker-basic-auth
     annotations:
       tekton.dev/docker-0: https://registry.cn-hangzhou.aliyuncs.com
   type: kubernetes.io/basic-auth
   stringData:
     username: xxx
     password: xxx

1
2
3
4
5
6
7
8

apiVersion: v1
kind: ServiceAccount
metadata:
  name: tekton-pipelines
secrets:
  - name: gitlab-basic-auth
  - name: gitlab-ssh-key
  - name: docker-basic-auth

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: git-clone
spec:
  params:
    - name: url
      description: git repository to clone
      type: string
      default: ""
    - name: revision
      description: git revision to checkout (branch, tag, sha, ref…)
      type: string
      default: ""
    - name: refspec
      description: (optional) git refspec to fetch before checking out revision
      default: ""
    - name: submodules
      description: defines if the resource should initialize and fetch the submodules
      type: string
      default: "true"
    - name: depth
      description: performs a shallow clone where only the most recent commit(s) will be fetched
      type: string
      default: "1"
    - name: sslVerify
      description: defines if http.sslVerify should be set to true or false in the global git config
      type: string
      default: "true"
    - name: subdirectory
      description: subdirectory inside the "output" workspace to clone the git repo into
      type: string
      default: ""
    - name: deleteExisting
      description: clean out the contents of the repo's destination directory (if it already exists) before trying to clone the repo there
      type: string
      default: "true"
    - name: httpProxy
      description: git HTTP proxy server for non-SSL requests
      type: string
      default: ""
    - name: httpsProxy
      description: git HTTPS proxy server for SSL requests
      type: string
      default: ""
    - name: noProxy
      description: git no proxy - opt out of proxying HTTP/HTTPS requests
      type: string
      default: ""
    - name: verbose
      description: log the commands used during execution
      type: string
      default: "true"
    - name: gitInitImage
      description: the image used where the git-init binary is
      type: string
      default: "registry.cn-hangzhou.aliyuncs.com/docker-0518/duanyu/git-init:v0.18.1"
  results:
    - name: commit
      description: The precise commit SHA that was fetched by this Task
    - name: url
      description: The precise URL that was fetched by this Task
  workspaces:
  - name: share
    optional: true
    mountPath: /workspace
  steps:  
    - name: clone
      image: $(params.gitInitImage)
      imagePullPolicy: IfNotPresent
      script: |
        #!/bin/sh
        set -eu -o pipefail
        if [[ "$(params.verbose)" == "true" ]] ; then
          set -x
        fi
        CHECKOUT_DIR="/workspace/$(params.subdirectory)"
        cleandir() {
          # Delete any existing contents of the repo directory if it exists.
          #
          # We don't just "rm -rf $CHECKOUT_DIR" because $CHECKOUT_DIR might be "/"
          # or the root of a mounted volume.
          if [[ -d "$CHECKOUT_DIR" ]] ; then
            # Delete non-hidden files and directories
            rm -rf "$CHECKOUT_DIR"/*
            # Delete files and directories starting with . but excluding ..
            rm -rf "$CHECKOUT_DIR"/.[!.]*
            # Delete files and directories starting with .. plus any other character
            rm -rf "$CHECKOUT_DIR"/..?*
          fi
        }
        if [[ "$(params.deleteExisting)" == "true" ]] ; then
          cleandir
        fi
        test -z "$(params.httpProxy)" || export HTTP_PROXY=$(params.httpProxy)
        test -z "$(params.httpsProxy)" || export HTTPS_PROXY=$(params.httpsProxy)
        test -z "$(params.noProxy)" || export NO_PROXY=$(params.noProxy)
        /ko-app/git-init \
          -url "$(params.url)" \
          -revision "$(params.revision)" \
          -refspec "$(params.refspec)" \
          -path "$CHECKOUT_DIR" \
          -sslVerify="$(params.sslVerify)" \
          -submodules="$(params.submodules)" \
          -depth="$(params.depth)"
        cd "$CHECKOUT_DIR"
        RESULT_SHA="$(git rev-parse HEAD)"
        EXIT_CODE="$?"
        if [ "$EXIT_CODE" != 0 ] ; then
          exit $EXIT_CODE
        fi
        # ensure we don't add a trailing newline to the result
        echo -n "$RESULT_SHA" > $(results.commit.path)
        echo -n "$(params.url)" > $(results.url.path)        

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: build
spec:
  workspaces:
  - name: share
    optional: true
    mountPath: /workspace
  steps:  
    - name: build
      image: golang:1.13
      imagePullPolicy: IfNotPresent
      env:
        - name: GOPROXY
          value: "https://goproxy.cn"
        - name: GO111MODULE
          value: "on"
      script: |
        #!/bin/bash -x
        set -eu -o pipefail
        go mod download
        CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go        
      volumeMounts:
        - name: cache
          mountPath: /go/pkg
  volumes:
    - name: cache
      persistentVolumeClaim:
        claimName: gopkg-cache

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: build-images
spec:
  params:
    - name: server-name
      description: The server name
      type: string
      default: ""
    - name: commit-id
      type: string
      description: The git commit id
      default: ""
  workspaces:
  - name: share
    optional: true
    mountPath: /workspace
  steps:  
    - name: build-images
      image: registry.cn-hangzhou.aliyuncs.com/docker-0518/kaniko-executor:v1.5.1
      imagePullPolicy: IfNotPresent
      env:
        - name: "DOCKER_CONFIG"
          value: "/tekton/home/.docker/"
      volumeMounts:
        - name: secret
          mountPath: /tekton/home/.docker/
        - name: kaniko-cache
          mountPath: /cache
      command:
        - /kaniko/executor
      args:
        - --dockerfile=Dockerfile
        - --destination=registry.cn-hangzhou.aliyuncs.com/docker-0518/duanyu/$(params.server-name):$(params.commit-id)
        - --cache=true
        - --cache-dir=/cache
  volumes:
    - name: secret
      secret:
        secretName: aliyun
    - name: kaniko-cache
      persistentVolumeClaim:
        claimName: kaniko-cache

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: kubernetes-pipeline
spec:
  workspaces:
    - name: share
  params:
  - name: git-url
  - name: git-revision
  - name: server-name
  - name: commit-id
  tasks:
  - name: git-clone
    taskRef:
      name: git-clone
    workspaces:
      - name: share
        workspace: share
    params:
    - name: url
      value: $(params.git-url)
    - name: revision
      value: $(params.git-revision)
  - name: build
    taskRef:
      name: build
    workspaces:
      - name: share
        workspace: share
    runAfter:
      - git-clone
  - name: build-images
    taskRef:
      name: build-images
    workspaces:
      - name: share
        workspace: share
    params:
    - name: server-name
      value: $(params.server-name)
    - name: commit-id
      value: $(params.commit-id)
    runAfter:
      - build

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
  name: cloudnative
spec:
  params:
  - name: git-url
    value: "git@git.timevale.cn:duanyu/cloudnative.git"
  - name: git-revision
    value: "master"
  - name: server-name
    value: "cloudnative"
  - name: commit-id
    value: "42fb230"
  pipelineRef:
    name: kubernetes-pipeline
  workspaces:
    - name: share
      volumeClaimTemplate:
        spec:
          accessModes:
            - ReadWriteOnce
          storageClassName: "my-storage-class"
          resources:
            requests:
              storage: 1Gi

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: git-clone
spec:
  params:
    - name: url
      description: git repository to clone
      type: string
      default: ""
    - name: revision
      description: git revision to checkout (branch, tag, sha, ref…)
      type: string
      default: ""
    - name: server-name
      description: The server name
      type: string
      default: ""
    - name: commit-id
      type: string
      description: The git commit id
      default: ""
    - name: refspec
      description: (optional) git refspec to fetch before checking out revision
      default: ""
    - name: submodules
      description: defines if the resource should initialize and fetch the submodules
      type: string
      default: "true"
    - name: depth
      description: performs a shallow clone where only the most recent commit(s) will be fetched
      type: string
      default: "1"
    - name: sslVerify
      description: defines if http.sslVerify should be set to true or false in the global git config
      type: string
      default: "true"
    - name: subdirectory
      description: subdirectory inside the "output" workspace to clone the git repo into
      type: string
      default: ""
    - name: deleteExisting
      description: clean out the contents of the repo's destination directory (if it already exists) before trying to clone the repo there
      type: string
      default: "true"
    - name: httpProxy
      description: git HTTP proxy server for non-SSL requests
      type: string
      default: ""
    - name: httpsProxy
      description: git HTTPS proxy server for SSL requests
      type: string
      default: ""
    - name: noProxy
      description: git no proxy - opt out of proxying HTTP/HTTPS requests
      type: string
      default: ""
    - name: verbose
      description: log the commands used during execution
      type: string
      default: "true"
    - name: gitInitImage
      description: the image used where the git-init binary is
      type: string
      default: "registry.cn-hangzhou.aliyuncs.com/docker-0518/duanyu/git-init:v0.18.1"
  results:
    - name: commit
      description: The precise commit SHA that was fetched by this Task
    - name: url
      description: The precise URL that was fetched by this Task
  workspaces:
  - name: share
    optional: true
    mountPath: /workspace
  steps:  
    - name: clone
      image: $(params.gitInitImage)
      imagePullPolicy: IfNotPresent
      script: |
        #!/bin/sh
        set -eu -o pipefail
        if [[ "$(params.verbose)" == "true" ]] ; then
          set -x
        fi
        CHECKOUT_DIR="/workspace/$(params.subdirectory)"
        cleandir() {
          # Delete any existing contents of the repo directory if it exists.
          #
          # We don't just "rm -rf $CHECKOUT_DIR" because $CHECKOUT_DIR might be "/"
          # or the root of a mounted volume.
          if [[ -d "$CHECKOUT_DIR" ]] ; then
            # Delete non-hidden files and directories
            rm -rf "$CHECKOUT_DIR"/*
            # Delete files and directories starting with . but excluding ..
            rm -rf "$CHECKOUT_DIR"/.[!.]*
            # Delete files and directories starting with .. plus any other character
            rm -rf "$CHECKOUT_DIR"/..?*
          fi
        }
        if [[ "$(params.deleteExisting)" == "true" ]] ; then
          cleandir
        fi
        test -z "$(params.httpProxy)" || export HTTP_PROXY=$(params.httpProxy)
        test -z "$(params.httpsProxy)" || export HTTPS_PROXY=$(params.httpsProxy)
        test -z "$(params.noProxy)" || export NO_PROXY=$(params.noProxy)
        /ko-app/git-init \
          -url "$(params.url)" \
          -revision "$(params.revision)" \
          -refspec "$(params.refspec)" \
          -path "$CHECKOUT_DIR" \
          -sslVerify="$(params.sslVerify)" \
          -submodules="$(params.submodules)" \
          -depth="$(params.depth)"
        cd "$CHECKOUT_DIR"
        RESULT_SHA="$(git rev-parse HEAD)"
        EXIT_CODE="$?"
        if [ "$EXIT_CODE" != 0 ] ; then
          exit $EXIT_CODE
        fi
        # ensure we don't add a trailing newline to the result
        echo -n "$RESULT_SHA" > $(results.commit.path)
        echo -n "$(params.url)" > $(results.url.path)        
    - name: build
      image: golang:1.13
      imagePullPolicy: IfNotPresent
      env:
        - name: GOPROXY
          value: "https://goproxy.cn"
        - name: GO111MODULE
          value: "on"
      script: |
        #!/bin/bash -x
        set -eu -o pipefail
        go mod download
        CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go        
      volumeMounts:
        - name: cache
          mountPath: /go/pkg
    - name: build-images
      image: registry.cn-hangzhou.aliyuncs.com/docker-0518/kaniko-executor:v1.5.1
      imagePullPolicy: IfNotPresent
      env:
        - name: "DOCKER_CONFIG"
          value: "/tekton/home/.docker/"
      volumeMounts:
        - name: secret
          mountPath: /tekton/home/.docker/
        - name: kaniko-cache
          mountPath: /cache
      command:
        - /kaniko/executor
      args:
        - --dockerfile=Dockerfile
        - --destination=registry.cn-hangzhou.aliyuncs.com/docker-0518/duanyu/$(params.server-name):$(params.commit-id)
        - --cache=true
        - --cache-dir=/cache
  volumes:
    - name: secret
      secret:
        secretName: aliyun
    - name: kaniko-cache
      persistentVolumeClaim:
        claimName: kaniko-cache
    - name: cache
      persistentVolumeClaim:
        claimName: gopkg-cache
---
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: kubernetes-pipeline
spec:
  params:
  - name: git-url
  - name: git-revision
  - name: server-name
  - name: commit-id
  tasks:
  - name: kubernetes-pipeline
    taskRef:
      name: git-clone
    params:
    - name: url
      value: $(params.git-url)
    - name: revision
      value: $(params.git-revision)
    - name: server-name
      value: $(params.server-name)
    - name: commit-id
      value: $(params.commit-id)
---
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
  name: cloudnative
spec:
  params:
  - name: git-url
    value: "git@git.timevale.cn:duanyu/cloudnative.git"
  - name: git-revision
    value: "master"
  - name: server-name
    value: "cloudnative"
  - name: commit-id
    value: "42fb230"
  pipelineRef:
    name: kubernetes-pipeline

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

    - name: commit
      image: alpine/git:v2.30.0
      imagePullPolicy: IfNotPresent
      env:
        - name: "HOME"
          value: "/root/"
      script: |
        #!/bin/sh -x
        set -eu -o pipefail
        VERSION=`echo "$(params.message)" | awk '{print \$NF}'`
        if [ "$VERSION" == "prod" ]
        then

        git clone -b $VERSION git@git.cloudnative.cn:k8s-ops/config.git

        elif [ "$VERSION" == "pre" ]
        then

        git clone -b $VERSION git@git.cloudnative.cn:k8s-ops/config.git

        elif [ "$VERSION" == "test" ]
        then

        git clone -b $VERSION git@git.cloudnative.cn:k8s-ops/config.git

        else

        git clone -b dev git@git.cloudnative.cn:k8s-ops/config.git
        fi

        cd ./config/$(params.server-name)
        git config --global user.name  "duanyu"
        git config --global user.email "duanyu@cloudnative.cn"

        IMAGE_VERSION=`less  Chart.yaml   | grep appVersion | awk '{print \$NF}'`
        if [ "$IMAGE_VERSION" == "$(params.commit-id)" ]
        then
          echo "nothing to commit, images_version=$(params.commit-id)"
        else
          sed -i s/`less  Chart.yaml   | grep appVersion | awk '{print \$NF}'`/$(params.commit-id)/g  Chart.yaml
          git add .
          git commit -m " update images tag $(params.commit-id) "
          git push
        fi