Tekton Operator 简介
Tekton Operator 是一个 Kubernetes 扩展,用于在任何 Kubernetes 集群上安装、升级和管理 TektonCD Pipelines, Dashboard, Triggers(和其他组件)。
官方文档:https://tekton.dev/docs/operator/
项目地址:https://github.com/tektoncd/operator
Tekton Operator 定义了以下实体:
| 实体 | 描述 |
|---|---|
TektonConfig | 配置要安装和管理的 Tekton 组件。 |
TektonPipeline | 配置要安装和管理的 Tekton Pipeline 组件。 |
TektonTrigger | 配置要安装和管理的 Tekton Trigger 组件。 |
TektonDashboard | 配置要安装和管理的 Tekton Dashboard 组件。 |
TektonResult | 配置要安装和管理的 Tekton Result 组件。 |
TektonChain | 配置要安装和管理的 Tekton Chain 组件。 |
OpenShiftPipelinesAsCode | 配置要安装和管理的 Pipelines as Code 组件。 |
TektonAddon | 配置要安装和管理的插件。 |
安装 Tekton Operator
下载release.yaml文件,安装指定版本
wget https://storage.googleapis.com/tekton-releases/operator/previous/v0.69.1/release.yaml
由于网络原因无法直接拉取官方提供的gcr.io镜像,因此需要提前准备好镜像并push到私有仓库。
同步镜像
依赖哪些镜像可以通过初次部署tekton-operator确认,镜像版本可以通过components.yaml确认。
假设已准备能够访问谷歌 gcr.io 的特殊节点(否则可以考虑使用github action获取镜像),并且该节点能够将镜像推送到本地私有仓库http://registry.zot.com:5000,使用以下脚本通过skopeo镜像同步工具直接推送镜像到本地私有镜像仓库。
$ cat tekton_image_sync.sh
#!/bin/bash
dest_registry="registry.zot.com:5000"images=(
gcr.io/tekton-releases/github.com/tektoncd/operator/cmd/kubernetes/operator:v0.69.1
gcr.io/tekton-releases/github.com/tektoncd/operator/cmd/kubernetes/webhook:v0.69.1
gcr.io/tekton-releases/github.com/tektoncd/operator/cmd/kubernetes/proxy-webhook:v0.69.1
gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.53.3
gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/events:v0.53.3
gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/resolvers:v0.53.3
gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.53.3
gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.53.3
gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.53.3
gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/sidecarlogresults:v0.53.3
gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/workingdirinit:v0.53.3
gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/controller:v0.25.3
gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/interceptors:v0.25.3
gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/webhook:v0.25.3
gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/eventlistenersink:v0.25.3
gcr.io/tekton-releases/github.com/tektoncd/chains/cmd/controller:v0.19.0
gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard:v0.41.0
gcr.io/tekton-releases/dogfooding/tkn:latest
)for image in "${images[@]}"
doskopeo copy --dest-tls-verify=false docker://${image} docker://${dest_registry}/${image#*/}
done
执行脚本
bash tekton_image_sync.sh
这里以zotregistry为例,确认镜像同步完成。也可以使用docker registry代替。
手动替换release.yaml中的operator镜像
查看release.yaml依赖的operator自身镜像
root@node1:~# cat release.yaml | grep image: | sort -uimage: gcr.io/tekton-releases/github.com/tektoncd/operator/cmd/kubernetes/operator:v0.69.1@sha256:142c59f97aac2fba714e928012b5576476313c7cd4394b568df656b0693dbea0image: gcr.io/tekton-releases/github.com/tektoncd/operator/cmd/kubernetes/webhook:v0.69.1@sha256:6e56a9a25b74c3758fd9d2f57aa9e2984a0a41477b1a4cde63e4e20160d02800
使用sed命令进行替换
sed -i 's|gcr.io/tekton-releases/github.com/tektoncd/operator/cmd/kubernetes/operator:.*|registry.zot.com:5000/tekton-releases/github.com/tektoncd/operator/cmd/kubernetes/operator:v0.69.1|g' release.yaml
sed -i 's|gcr.io/tekton-releases/github.com/tektoncd/operator/cmd/kubernetes/webhook:.*|registry.zot.com:5000/tekton-releases/github.com/tektoncd/operator/cmd/kubernetes/webhook:v0.69.1|g' release.yaml
替换tekton组件镜像
需要要替换掉release.yaml里所有的gcr.io的镜像,找到release.yaml里的tekton-operator-lifecycle容器,在环境变量里添加如下内容。支持的环境变量官方文档暂未记录,可以从项目文件config.yaml中查看。
$ vim release.yaml
apiVersion: apps/v1
kind: Deployment
metadata:name: tekton-operatornamespace: tekton-operator
spec:template:spec:containers:- name: tekton-operator-lifecycleimage: registry.zot.com:5000/tekton-releases/github.com/tektoncd/operator/cmd/kubernetes/operator:v0.69.1env:- name: IMAGE_PIPELINES_PROXYvalue: registry.zot.com:5000/tekton-releases/github.com/tektoncd/operator/cmd/kubernetes/proxy-webhook:v0.69.1- name: IMAGE_PIPELINES_TEKTON_EVENTS_CONTROLLERvalue: registry.zot.com:5000/tekton-releases/github.com/tektoncd/pipeline/cmd/events:v0.53.3- name: IMAGE_PIPELINES_WEBHOOKvalue: registry.zot.com:5000/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.53.3- name: IMAGE_PIPELINES_TEKTON_PIPELINES_CONTROLLERvalue: registry.zot.com:5000/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.53.3- name: IMAGE_PIPELINES_CONTROLLERvalue: registry.zot.com:5000/tekton-releases/github.com/tektoncd/pipeline/cmd/resolvers:v0.53.3- name: IMAGE_PIPELINES_ARG__ENTRYPOINT_IMAGEvalue: registry.zot.com:5000/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.53.3- name: IMAGE_TRIGGERS_TEKTON_TRIGGERS_CORE_INTERCEPTORSvalue: registry.zot.com:5000/tekton-releases/github.com/tektoncd/triggers/cmd/interceptors:v0.25.3- name: IMAGE_TRIGGERS_TEKTON_TRIGGERS_CONTROLLERvalue: registry.zot.com:5000/tekton-releases/github.com/tektoncd/triggers/cmd/controller:v0.25.3- name: IMAGE_TRIGGERS_WEBHOOKvalue: registry.zot.com:5000/tekton-releases/github.com/tektoncd/triggers/cmd/webhook:v0.25.3- name: IMAGE_CHAINS_TEKTON_CHAINS_CONTROLLERvalue: registry.zot.com:5000/tekton-releases/github.com/tektoncd/chains/cmd/controller:v0.19.0- name: IMAGE_JOB_PRUNER_TKNvalue: registry.zot.com:5000/tekton-releases/dogfooding/tkn:latest
确认是否自动安装组件(这里保持默认)
另外,在配置文件中,有如下配置。AUTOINSTALL_COMPONENTS控制tekton-operator在部署完成是否自动部署tekton组件。DEFAULT_TARGET_NAMESPACE指定组件所属命名空间。
apiVersion: v1
data:AUTOINSTALL_COMPONENTS: "true"DEFAULT_TARGET_NAMESPACE: tekton-pipelines
kind: ConfigMap
metadata:labels:operator.tekton.dev/release: develname: tekton-config-defaultsnamespace: tekton-operator
默认AUTOINSTALL_COMPONENTS为true,自动部署所有tekton组件,如果AUTOINSTALL_COMPONENTS配置为false,在operator部署成功后,可以手动触发tekton组件的部署。
在tekton-operator中有个TektonConfig的自定义资源,创建其他组件的顶级 CRD。
当我们创建自己所需的 TektonConfig 对象后,operator会根据配置中的profile字段帮助我们安装相应的其他组件。
Tekton Operator 内置了 3 个 profile:lite、all、basic。
安装组件(使用installation profiles: lite 、 all 、 basic )
| Profile 轮廓 | Installed Component | Platform |
|---|---|---|
| lite | Pipeline | Kubernetes, Openshift Kubernetes、Openshift |
| basic | Pipeline, Trigger | Kubernetes, Openshift Kubernetes、Openshift |
| all | Pipeline, Trigger, Dashboard | Kubernetes |
| Pipeline, Trigger, Addons, Pipelines as Code | Openshift |
安装pipelines、triggers和dashboard,使用 profile all
# To install pipelines, triggers, chains and dashboard (use profile 'all')
kubectl apply -f https://raw.githubusercontent.com/tektoncd/operator/main/config/crs/kubernetes/config/all/operator_v1alpha1_config_cr.yaml
示例配置
apiVersion: operator.tekton.dev/v1alpha1
kind: TektonConfig
metadata:name: config
spec:profile: all targetNamespace: tekton-pipelines # 指定命名空间pruner:resources: # 指定可以自动清理的资源- pipelinerun- taskrunkeep: 100 # 清理时要保留的最大资源数schedule: "0 8 * * *" # 清理资源的频率
部署tekton operator
kubectl apply -f release.yaml
替换dashboard镜像
因为环境变量里还不支持dashboard的镜像替换,这里需要手动更改。
$ kubectl get TektonInstallerSet
编辑dashboard-main-deployment-xrlc2,替换镜像
$ kubectl edit TektonInstallerSet dashboard-main-deployment-xrlc2#image: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard:v0.41.0image: registry.zot.com:5000/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard:v0.41.0
查看创建的pods
root@node1:~# kubectl -n tekton-operator get pods
NAME READY STATUS RESTARTS AGE
tekton-operator-57bfb7cf9-6sv49 2/2 Running 0 6m42s
tekton-operator-webhook-77cb6d65f-fbqhl 1/1 Running 0 51mroot@node1:~# kubectl -n tekton-pipelines get pods
NAME READY STATUS RESTARTS AGE
tekton-chains-controller-797b4b7db5-wvfhx 1/1 Running 0 3m43s
tekton-dashboard-6685748fd7-4zfk8 1/1 Running 0 89s
tekton-events-controller-c7b7db8d7-cdb48 1/1 Running 0 4m16s
tekton-operator-proxy-webhook-554b69d9b6-8cvbv 1/1 Running 0 4m11s
tekton-pipelines-controller-6b8d99dd9b-fdzj4 1/1 Running 0 4m16s
tekton-pipelines-remote-resolvers-86bccb68cc-zqq4p 1/1 Running 0 4m14s
tekton-pipelines-webhook-7745484f8d-bn4md 1/1 Running 0 4m16s
tekton-triggers-controller-7cf7696878-cclfz 1/1 Running 0 3m55s
tekton-triggers-core-interceptors-6d964f57d9-v4dpp 1/1 Running 0 3m54s
tekton-triggers-webhook-566dfd4fb7-xnddh 1/1 Running 0 3m54s
Tekton Operator卸载
删除CRD
kubectl get crd | grep tekton |awk '{print $1}' | xargs kubectl delete crd
删除operator
kubectl delete -f release.yaml
