在 Tekton 中如何实现审批功能

云计算 2023-01-04 泡泡 手机阅读

1. CICD 平台的基本功能

2.1 runAfter

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

- name: test-app
  taskRef:
    name: make-test
  resources:
    inputs:
      - name: workspace
        resource: my-repo
- name: build-app
  taskRef:
    name: kaniko-build
  runAfter:
    - test-app
  resources:
    inputs:
      - name: workspace
        resource: my-repo

通过 runAfter 关键字可以控制任务的执行顺序,上面的示例中 build-app 会在 test-app 执行完成之后执行。使用 runAfter 可以实现对流程的编排。

2.2 conditions

这里首先创建一个 Condition 对象,检查代码仓库中是否存在指定文件。

相关推荐
云计算 2023-07-10 泡泡
云计算 2023-01-04 泡泡
云计算 2023-07-09 泡泡
云计算 2023-07-10 泡泡
云计算 2023-12-12 泡泡

站点声明:本站部分内容转载自网络,作品版权归原作者及来源网站所有,任何内容转载、商业用途等均须联系原作者并注明来源。

相关侵权、举报、投诉及建议等,请发邮件至E-mail:service@mryunwei.com

Copyright 每日运维  浙ICP备2022017665号-3 基于WordPress | 由七牛云提供 CDN 加速
回到顶部
 1
2
3
4
5
6
7
8
9
10
11
12
13

apiVersion: tekton.dev/v1alpha1
kind: Condition
metadata:
  name: file-exists
spec:
  params:
    - name: "path"
  resources:
    - name: workspace
      type: git
  check:
    image: alpine
    script: 'test -f $(resources.workspace.path)/$(params.path)'

apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: conditional-pipeline
spec:
  resources:
    - name: source-repo
      type: git
  params:
    - name: "path"
      default: "README.md"
  tasks:
    - name: if-condition-then-run
      conditions:
        - conditionRef: "file-exists"
          params:
            - name: "path"
              value: "$(params.path)"
          resources:
            - name: workspace
              resource: source-repo
      taskRef:
        name: my-task

kubectl get pipelineruns.tekton.dev

NAME                                     SUCCEEDED   REASON               STARTTIME   COMPLETIONTIME
cancel-pipelinerun-r-67qsr               Unknown     Running              51m

kubectl patch PipelineRun cancel-pipelinerun-r-67qsr --type=merge -p '{"spec":{"status":"PipelineRunCancelled"}}'

kubectl get pipelineruns.tekton.dev

NAME                                     SUCCEEDED   REASON                 STARTTIME   COMPLETIONTIME
cancel-pipelinerun-r-67qsr               False       PipelineRunCancelled   52m         3s

---
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
  name: pending-pipelinerun
spec:
  params:
  - name: pl-param-x
    value: "100"
  - name: pl-param-y
    value: "500"
  pipelineRef:
    name: pending-pipeline
  status: "PipelineRunPending"

kubectl get pipelineruns.tekton.dev

NAME                                     SUCCEEDED   REASON                 STARTTIME   COMPLETIONTIME
pending-pipelinerun                      Unknown     PipelineRunPending

kubectl patch PipelineRun pending-pipelinerun --type=merge -p '{"spec":{"status":""}}'

kubectl get pipelineruns.tekton.dev

NAME                                     SUCCEEDED   REASON                 STARTTIME   COMPLETIONTIME
pending-pipelinerun                      Unknown     Running                4s

kubectl get pipelineruns.tekton.dev

NAME                                     SUCCEEDED   REASON               STARTTIME   COMPLETIONTIME
cancel-pipelinerun                       Unknown     Running              9s

kubectl patch PipelineRun cancel-pipelinerun --type=merge -p '{"spec":{"status":"PipelineRunPending"}}'

Error from server (BadRequest): admission webhook "validation.webhook.pipeline.tekton.dev" denied the request: validation failed: invalid value: PipelineRun cannot be Pending after it is started: spec.status

apiVersion: v1
kind: ConfigMap
metadata:
  name: approve-cm
data:
  status: init

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: approve-task
spec:
  workspaces:
  - name: data
  params:
  - name: timeout
    description: The max seconds to approve
    type: string
    default: "86400"
  steps:
  - name: sleep-a-while
    image: bash:latest
    script: |
      #!/usr/bin/env bash

      end=$((SECONDS+$(params.timeout)))
      while [ $SECONDS -lt $end ]; do
        name=$(cat "$(workspaces.data.path)"/status)
        if [ "$name" = "success" ]
        then
          echo "approved!"
          exit 0
        elif [ "$name" = "refused" ]
        then
          echo "refused!"
          exit 1
        fi
        sleep 2
        echo "waiting"
      done
      echo "too long not to approve"
      exit 1      

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: something
  annotations:
    description: |
            A simple task that do something
spec:
  steps:
  - name: do-something
    image: bash:latest
    script: |
      #!/usr/bin/env bash
      uname -a      
---
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: approve-pipeline
spec:
  workspaces:
  - name: workspace
  tasks:
  - name: wait-for-approve
    workspaces:
    - name: data
      workspace: workspace
    taskRef:
      name: approve-task
  - name: do-something
    taskRef:
      name: something
    runAfter:
      - wait-for-approve
---
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
  name: approve-pipelinerun
spec:
  workspaces:
  - name: workspace
    configmap:
      name: approve-cm
  pipelineRef:
    name: approve-pipeline

kubectl patch ConfigMap approve-cm --type=merge -p '{"data":{"status":"success"}}'