526互联

Tekton TaskRun 基础

发布时间 2023-12-04 15:32:10作者: 小吉猫

TaskRun 概述

TaskRun允许您在集群上实例化和执行Task。任务指定执行容器映像的一个或多个Steps,每个容器映像执行特定的构建工作。TaskRun按照指定的顺序执行任务中的Steps,直到所有Steps执行成功或失败。

TaskRun 配置清单

apiVersion: tekton.dev/v1   # 指定 API 版本。
kind: TaskRun                  # 将此资源对象标识为一个Task对象。
metadata:                   # 指定唯一标识 TaskRun资源对象的元数据。例如,一个name.
  name: hello
  namespace: tekton
  generateName: show-run-   # 自动生成name后缀
spec:                       # 指定该资源对象Task的配置信息
  serviceAccountName:       # 为运行各TaskRun的Pod指定要使用ServiceAccount
  serviceAccountNames:     # 分别为每个TaskRun的Pod单独指定要使用的ServiceAccount,map型数据
  workspaces:
  params:
  podTemplate:              # pod 模板信息
    schedulerName: volcano
    securityContext:
      runAsNonRoot: true
      runAsUser: 1001
  taskRef:                  # 通过Task的名称引用
    name: read-task         # Task名称
  taskSpec:                 # 直接定义要运行自有的Task
    workspaces:
      - name: signals         # 必选字段,该Workspace的唯一标识符
        description:          # 描述信息,通常标明其使用目的
        mountPath:            # 在各Step中的挂载路径,默认为“/workspace/<name>”,其中<name>是当前Workspace的名称
        readOnly:             # 是否为只读,默认为false
        optional:             # 是否为可选,默认为false
    steps:                   # 定义Task steps
      - name:
        ...

TaskRun 示例

内联 Task

apiVersion: tekton.dev/v1 # or tekton.dev/v1beta1
kind: TaskRun
metadata:
  name: build-push-task-run-2
spec:
  workspaces:
  - name: source
    persistentVolumeClaim:
      claimName: my-pvc
  taskSpec:
    workspaces:
    - name: source
    steps:
      - name: build-and-push
        image: gcr.io/kaniko-project/executor:v0.17.1
        workingDir: $(workspaces.source.path)
        # specifying DOCKER_CONFIG is required to allow kaniko to detect docker credential
        env:
          - name: "DOCKER_CONFIG"
            value: "/tekton/home/.docker/"
        command:
          - /kaniko/executor
        args:
          - --destination=gcr.io/my-project/gohelloworld

外联 Task

apiVersion: tekton.dev/v1 # or tekton.dev/v1beta1
kind: Task
metadata:
  name: read-task
spec:
  workspaces:
  - name: input
  steps:
    - name: readme
      image: ubuntu
      script: cat $(workspaces.input.path)/README.md
---
apiVersion: tekton.dev/v1 # or tekton.dev/v1beta1
kind: TaskRun
metadata:
  name: test-task-with-serviceaccount-git-ssh
spec:
  serviceAccountName: test-task-robot-git-ssh
  workspaces:
  - name: source
    persistentVolumeClaim:
      claimName: repo-pvc
  - name: ssh-creds
    secret:
      secretName: test-git-ssh
  params:
    - name: url
      value: https://github.com/tektoncd/pipeline.git
  taskRef:
    name: read-task

参考文档

https://tekton.dev/docs/pipelines/taskruns/