├── 05-tekton-triggers ├── 02-trigger-taskrun │ ├── README.md │ ├── 01-gitlab-token-secret.yaml │ ├── 03-gitlab-push-binding.yaml │ ├── 05-gitlab-event-listener.yaml │ ├── extera-config-files │ │ └── taskrun-test.yaml │ ├── 04-gitlab-trigger-template.yaml │ └── 02-gitlab-eventlistener-rbac.yaml ├── 03-trigger-pipelinerun-s2i │ ├── 01-gitlab-token-secret.yaml │ ├── 03-pvc-manen-cache.yaml │ ├── README.md │ ├── 06-gitlab-push-binding.yaml │ ├── 08-gitlab-eventlistener-s2i.yaml │ ├── 07-gitlab-triggertemplate-s2i.yaml │ ├── extra-config-files │ │ └── test-pipelinerun.yaml │ ├── 05-pipeline-source-to-image.yaml │ ├── 02-gitlab-eventlistener-rbac.yaml │ └── 04-tasks-source-to-image.yaml ├── 04-trigger-pipelinerun-cicd │ ├── 01-gitlab-token-secret.yaml │ ├── 04-pvc-manen-cache.yaml │ ├── README.md │ ├── 03-task-deploy-to-cluster-rbac.yaml │ ├── 07-gitlab-push-binding.yaml │ ├── 09-gitlab-eventlistener-s2i.yaml │ ├── extra-config-files │ │ └── test-pipelinerun.yaml │ ├── 08-gitlab-triggertemplate-s2i.yaml │ ├── 02-gitlab-eventlistener-rbac.yaml │ ├── 06-pipeline-source-to-image.yaml │ └── 05-tasks-source-to-image.yaml └── 01-trigger-basics │ ├── 02-triggerbinding-demo.yaml │ └── 01-triggertemplate-demo.yaml ├── 02-tekton-basics ├── 01-taskrun-hello.yaml ├── 01-task-hello.yaml ├── 07-pipelinerun-demo.yaml ├── 06-pipeline-demo.yaml ├── 09-pipelinerun-with-params.yaml ├── 03-task-multi-steps.yaml ├── 02-task-with-params.yaml ├── 08-pipeline-with-params.yaml ├── 04-task-step-with-script.yaml ├── 05-task-script-and-parameters.yaml └── 10-pipeline-with-ordered-task.yaml ├── 04-tekton-pipeline-in-practise ├── maven-cache-pvc.yaml ├── 04-s2i-auto-deploy │ ├── 07-rbac.yaml │ ├── 01-task-git-clone.yaml │ ├── 02-task-source-build.yaml │ ├── 03-generate-build-id.yaml │ ├── 08-pipelinerun-source-to-image.yaml │ ├── 05-task-deploy.yaml │ ├── 04-task-build-image.yaml │ ├── README.md │ └── 06-pipeline-source-to-image.yaml ├── 01-s2i-no-push │ ├── README.md │ ├── 01-task-git-clone.yaml │ ├── 02-task-source-build.yaml │ ├── 05-pipelinerun-source-to-image.yaml │ ├── 03-task-build-image.yaml │ └── 04-pipeline-source-to-image.yaml ├── 02-s2i-push-to-dockerhub │ ├── 01-task-git-clone.yaml │ ├── 02-task-source-build.yaml │ ├── 05-pipelinerun-source-to-image.yaml │ ├── 03-task-build-image.yaml │ ├── 04-pipeline-source-to-image.yaml │ └── README.md └── 03-s2i-auto-gen-build-id │ ├── 01-task-git-clone.yaml │ ├── 02-task-source-build.yaml │ ├── 03-generate-build-id.yaml │ ├── 06-pipelinerun-source-to-image.yaml │ ├── 04-task-build-image.yaml │ ├── README.md │ └── 05-pipeline-source-to-image.yaml ├── 01-tekton-dashboard ├── tekton-dashboard-ingress.yaml ├── tekton-dashboard-gateway.yaml ├── README.md └── tekton-dashboard-virtualservice.yaml ├── 06-deploy-argocd ├── argo-rollouts │ ├── argo-rollouts-ingress.yaml │ └── argo-rollouts-dashboard-virtualservice.yaml ├── argocd │ ├── argocd-dashboard-ingress.yaml │ └── argocd-dashboard-virtualservice.yaml └── README.md ├── 03-tekton-advanced ├── 03-pipeline-workspace.yaml ├── README.md ├── pipelinerun-s2p-demo.yaml ├── 02-task-with-workspace.yaml ├── task-source-to-package.yaml ├── 01-task-workspace-demo.yaml ├── 07-results-demo.yaml ├── task-source-to-package-02.yaml ├── pipeline-source-to-package.yaml ├── 04-pipeline-worlspace-02.yaml ├── 05-pipeline-source-to-package.yaml ├── 06-pipeline-source-to-package.yaml └── maven │ └── settings.xml ├── 07-argocd-basics ├── 01-application-helloworld.yaml └── 02-applicationset-demo.yaml ├── 08-argo-rollouts ├── 06-argocd-applicatio-and-argo-rollouts.yaml ├── 04-argo-rollouts-bluegreen-demo.yaml ├── 01-argo-rollouts-demo.yaml ├── 05-argo-rollouts-bluegreen-with-analysis.yaml ├── 02-argo-rollouts-with-istio-traffic-shifting.yaml ├── 03-argo-rollouts-with-analysis.yaml └── README.md ├── README.md ├── 09-rollouts-and-ingress ├── 04-rollouts-bluegreen-demo.yaml ├── 01-basic-rollouts-demo.yaml ├── 02-rollouts-with-ingress-nginx-traffic-shifting.yaml ├── 05-rollouts-bluegreen-with-analysis.yaml └── 03-rollouts-with-prometheus-analysis.yaml └── LICENSE /05-tekton-triggers/02-trigger-taskrun/README.md: -------------------------------------------------------------------------------- 1 | # Tekton Trigger 测试 2 | 3 | 由事件触发Task,基于TriggerTemplate的定义,自动创建TaskRun。 4 | -------------------------------------------------------------------------------- /02-tekton-basics/01-taskrun-hello.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: TaskRun 3 | metadata: 4 | name: hello-run-00001 5 | spec: 6 | taskRef: 7 | kind: Task 8 | name: hello 9 | -------------------------------------------------------------------------------- /02-tekton-basics/01-task-hello.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Task 3 | metadata: 4 | name: hello 5 | spec: 6 | steps: 7 | - name: say-hello 8 | image: alpine:3.20 9 | command: ['/bin/sh'] 10 | args: ['-c', 'echo Hello World'] 11 | -------------------------------------------------------------------------------- /05-tekton-triggers/02-trigger-taskrun/01-gitlab-token-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: gitlab-webhook-token 5 | type: Opaque 6 | stringData: 7 | # Generated by command "openssl rand -base64 12" 8 | webhookToken: "DXeqvozMlTA67aQB" 9 | -------------------------------------------------------------------------------- /05-tekton-triggers/03-trigger-pipelinerun-s2i/01-gitlab-token-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: gitlab-webhook-token 5 | type: Opaque 6 | stringData: 7 | # Generated by command "openssl rand -base64 12" 8 | webhookToken: "DXeqvozMlTA67aQB" 9 | -------------------------------------------------------------------------------- /05-tekton-triggers/04-trigger-pipelinerun-cicd/01-gitlab-token-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: gitlab-webhook-token 5 | type: Opaque 6 | stringData: 7 | # Generated by command "openssl rand -base64 12" 8 | webhookToken: "DXeqvozMlTA67aQB" 9 | -------------------------------------------------------------------------------- /02-tekton-basics/07-pipelinerun-demo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: PipelineRun 3 | metadata: 4 | name: pipeline-demo-run-xxxxx 5 | namespace: default 6 | spec: 7 | pipelineRef: 8 | name: pipeline-demo 9 | serviceAccountName: default 10 | timeout: 1h0m0s 11 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/maven-cache-pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: maven-cache 5 | spec: 6 | storageClassName: openebs-rwx 7 | accessModes: 8 | - ReadWriteMany 9 | resources: 10 | requests: 11 | storage: 5Gi -------------------------------------------------------------------------------- /05-tekton-triggers/02-trigger-taskrun/03-gitlab-push-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1beta1 2 | kind: TriggerBinding 3 | metadata: 4 | name: gitlab-push-binding 5 | spec: 6 | params: 7 | - name: git-revision 8 | value: $(body.checkout_sha) 9 | - name: git-repo-url 10 | value: $(body.repository.git_http_url) 11 | -------------------------------------------------------------------------------- /05-tekton-triggers/03-trigger-pipelinerun-s2i/03-pvc-manen-cache.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: maven-cache-s2i 5 | spec: 6 | accessModes: 7 | - ReadWriteMany 8 | resources: 9 | requests: 10 | storage: 5Gi 11 | storageClassName: openebs-rwx 12 | volumeMode: Filesystem 13 | -------------------------------------------------------------------------------- /05-tekton-triggers/04-trigger-pipelinerun-cicd/04-pvc-manen-cache.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: maven-cache-cicd 5 | spec: 6 | accessModes: 7 | - ReadWriteMany 8 | resources: 9 | requests: 10 | storage: 5Gi 11 | storageClassName: openebs-rwx 12 | volumeMode: Filesystem 13 | -------------------------------------------------------------------------------- /02-tekton-basics/06-pipeline-demo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Pipeline 3 | metadata: 4 | name: pipeline-demo 5 | spec: 6 | tasks: 7 | - name: first-task 8 | taskRef: 9 | name: hello 10 | - name: second-task 11 | taskRef: 12 | name: multiple 13 | runAfter: 14 | - first-task 15 | -------------------------------------------------------------------------------- /05-tekton-triggers/03-trigger-pipelinerun-s2i/README.md: -------------------------------------------------------------------------------- 1 | # S2I示例的自动触发执行 2 | 3 | > 前提: 4 | > 5 | > - 本地部署可用的代码仓库,本示例将使用GitLab;部署方式请参考[该文档](https://github.com/iKubernetes/learning-k8s/tree/master/gitlab); 6 | > - 本地部署可用的Image Registry,例如Harbor,并配置本地容器引擎可以正常访问该Registry;部署方式请参数[该文档](https://github.com/iKubernetes/learning-k8s/tree/master/helm-examples/harbor); 7 | 8 | -------------------------------------------------------------------------------- /05-tekton-triggers/04-trigger-pipelinerun-cicd/README.md: -------------------------------------------------------------------------------- 1 | # S2I示例的自动触发执行 2 | 3 | > 前提: 4 | > 5 | > - 本地部署可用的代码仓库,本示例将使用GitLab;部署方式请参考[该文档](https://github.com/iKubernetes/learning-k8s/tree/master/gitlab); 6 | > - 本地部署可用的Image Registry,例如Harbor,并配置本地容器引擎可以正常访问该Registry;部署方式请参数[该文档](https://github.com/iKubernetes/learning-k8s/tree/master/helm-examples/harbor); 7 | 8 | -------------------------------------------------------------------------------- /02-tekton-basics/09-pipelinerun-with-params.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: PipelineRun 3 | metadata: 4 | name: pipeline-with-params-run-xxxxx 5 | namespace: default 6 | spec: 7 | params: 8 | - name: target 9 | value: "MageEdu CloudNative Course" 10 | - name: text 11 | value: "Something has happened ~~." 12 | pipelineRef: 13 | name: pipeline-with-params 14 | -------------------------------------------------------------------------------- /05-tekton-triggers/01-trigger-basics/02-triggerbinding-demo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1beta1 2 | kind: TriggerBinding 3 | metadata: 4 | name: pipeline-binding-demo 5 | spec: 6 | params: 7 | - name: git-url 8 | value: $(body.head_commit.id) 9 | - name: image-url 10 | value: $(body.repository.url) 11 | - name: version 12 | value: $(header.Content-Type) 13 | -------------------------------------------------------------------------------- /02-tekton-basics/03-task-multi-steps.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Task 3 | metadata: 4 | name: multiple 5 | spec: 6 | steps: 7 | - name: first 8 | image: alpine:3.20 9 | command: 10 | - /bin/sh 11 | args: ['-c', 'echo First Step'] 12 | - name: second 13 | image: alpine:3.20 14 | command: 15 | - /bin/sh 16 | args: ['-c', 'echo Second Step'] 17 | -------------------------------------------------------------------------------- /02-tekton-basics/02-task-with-params.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Task 3 | metadata: 4 | name: hello-params 5 | spec: 6 | params: 7 | - name: target 8 | type: string 9 | description: Name of somebody or something to greet 10 | default: MageEdu.Com 11 | steps: 12 | - name: say-hello 13 | image: alpine:3.20 14 | command: 15 | - /bin/sh 16 | args: ['-c', 'echo Hello $(params.target)'] 17 | -------------------------------------------------------------------------------- /02-tekton-basics/08-pipeline-with-params.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Pipeline 3 | metadata: 4 | name: pipeline-with-params 5 | spec: 6 | params: 7 | - name: text 8 | type: string 9 | tasks: 10 | - name: task-one 11 | taskRef: 12 | name: hello-params 13 | - name: task-two 14 | taskRef: 15 | name: logger 16 | params: 17 | - name: text 18 | value: $(params.text) 19 | -------------------------------------------------------------------------------- /01-tekton-dashboard/tekton-dashboard-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: tekton-dashboard 5 | namespace: tekton-pipelines 6 | spec: 7 | ingressClassName: contour 8 | rules: 9 | - host: tekton.magedu.com 10 | http: 11 | paths: 12 | - backend: 13 | service: 14 | name: tekton-dashboard 15 | port: 16 | number: 9097 17 | path: / 18 | pathType: Prefix 19 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/04-s2i-auto-deploy/07-rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: helloworld-admin 6 | --- 7 | apiVersion: rbac.authorization.k8s.io/v1 8 | kind: ClusterRoleBinding 9 | metadata: 10 | name: helloworld-admin 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: ClusterRole 14 | name: cluster-admin 15 | subjects: 16 | - kind: ServiceAccount 17 | name: helloworld-admin 18 | namespace: default 19 | -------------------------------------------------------------------------------- /05-tekton-triggers/04-trigger-pipelinerun-cicd/03-task-deploy-to-cluster-rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: helloworld-admin 6 | --- 7 | apiVersion: rbac.authorization.k8s.io/v1 8 | kind: ClusterRoleBinding 9 | metadata: 10 | name: helloworld-admin 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: ClusterRole 14 | name: cluster-admin 15 | subjects: 16 | - kind: ServiceAccount 17 | name: helloworld-admin 18 | namespace: default 19 | -------------------------------------------------------------------------------- /06-deploy-argocd/argo-rollouts/argo-rollouts-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: argo-rollouts-dashboard 5 | namespace: argo-rollouts 6 | spec: 7 | ingressClassName: nginx 8 | rules: 9 | - host: argo-rollouts.magedu.com 10 | http: 11 | paths: 12 | - path: / 13 | pathType: Prefix 14 | backend: 15 | service: 16 | name: argo-rollouts-dashboard 17 | port: 18 | number: 3100 -------------------------------------------------------------------------------- /05-tekton-triggers/03-trigger-pipelinerun-s2i/06-gitlab-push-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1beta1 2 | kind: TriggerBinding 3 | metadata: 4 | name: s2i-binding 5 | spec: 6 | params: 7 | - name: git-revision 8 | value: $(body.checkout_sha) 9 | - name: git-repo-url 10 | value: $(body.repository.git_http_url) 11 | - name: image-url 12 | # value: ikubernetes/spring-boot-helloworld 13 | value: registry.magedu.com/ikubernetes/spring-boot-helloworld 14 | - name: version 15 | value: v0.9 16 | -------------------------------------------------------------------------------- /05-tekton-triggers/04-trigger-pipelinerun-cicd/07-gitlab-push-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1beta1 2 | kind: TriggerBinding 3 | metadata: 4 | name: s2i-binding 5 | spec: 6 | params: 7 | - name: git-revision 8 | value: $(body.checkout_sha) 9 | - name: git-repo-url 10 | value: $(body.repository.git_http_url) 11 | - name: image-url 12 | # value: ikubernetes/spring-boot-helloworld 13 | value: registry.magedu.com/ikubernetes/spring-boot-helloworld 14 | - name: version 15 | value: v0.9 16 | -------------------------------------------------------------------------------- /03-tekton-advanced/03-pipeline-workspace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Pipeline 3 | metadata: 4 | name: pipeline-source-lister 5 | spec: 6 | workspaces: 7 | - name: codebase 8 | params: 9 | - name: git-url 10 | type: string 11 | description: Git repository url to be cloned 12 | tasks: 13 | - name: git-clone 14 | taskRef: 15 | name: source-lister 16 | workspaces: 17 | - name: source 18 | workspace: codebase 19 | params: 20 | - name: git-repo 21 | value: $(params.git-url) 22 | -------------------------------------------------------------------------------- /03-tekton-advanced/README.md: -------------------------------------------------------------------------------- 1 | # Pipeline and Task 2 | 3 | 为测试环境准备StorageClass,本示例以OpenEBS项目提供的openebs-hostpath为例。 4 | 5 | ### 部署OpenEBS 3.10.x 6 | 7 | 请参考[这篇文档](https://github.com/iKubernetes/learning-k8s/tree/master/OpenEBS)中的说明。本示例中的maven-cache需要用到“RWX”的访问模式,建议同时部署“OpenEBS Dynamic NFS Provider”。 8 | 9 | ### 部署OpenEBS 4.x 10 | 11 | ```bash 12 | helm install openebs --namespace openebs openebs/openebs --set engines.replicated.mayastor.enabled=false \ 13 | --set engines.local.zfs.enabled=false --create-namespace 14 | ``` 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /01-tekton-dashboard/tekton-dashboard-gateway.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: HTTPRoute 3 | apiVersion: gateway.networking.k8s.io/v1 4 | metadata: 5 | name: tekton-dashboard 6 | namespace: tekton-pipelines 7 | spec: 8 | parentRefs: 9 | - group: gateway.networking.k8s.io 10 | kind: Gateway 11 | name: contour 12 | namespace: projectcontour 13 | hostnames: 14 | - "tekton.magedu.com" 15 | rules: 16 | - matches: 17 | - path: 18 | type: PathPrefix 19 | value: / 20 | backendRefs: 21 | - kind: Service 22 | name: tekton-dashboard 23 | port: 9097 24 | -------------------------------------------------------------------------------- /02-tekton-basics/04-task-step-with-script.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Task 3 | metadata: 4 | name: script 5 | spec: 6 | steps: 7 | - name: step-with-script 8 | image: alpine:3.20 9 | script: | 10 | #!/bin/sh 11 | echo "Step with Script..." 12 | sed -i "s@https://dl-cdn.alpinelinux.org/@https://mirrors.huaweicloud.com/@g" /etc/apk/repositories 13 | echo "Installing necessary tooling" 14 | apk update && apk add curl 15 | curl -s www.magedu.com &> /dev/null && echo "Success" || echo "Fail" 16 | echo "All done!" 17 | -------------------------------------------------------------------------------- /03-tekton-advanced/pipelinerun-s2p-demo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tekton.dev/v1 3 | kind: PipelineRun 4 | metadata: 5 | name: s2p-demo-run-00001 6 | spec: 7 | pipelineRef: 8 | name: s2p-demo 9 | params: 10 | - name: git-repo-url 11 | value: https://gitee.com/mageedu/spring-boot-helloWorld.git 12 | workspaces: 13 | - name: source 14 | volumeClaimTemplate: 15 | spec: 16 | accessModes: 17 | - ReadWriteOnce 18 | resources: 19 | requests: 20 | storage: 1Gi 21 | storageClassName: openebs-hostpath 22 | -------------------------------------------------------------------------------- /03-tekton-advanced/02-task-with-workspace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Task 3 | metadata: 4 | name: source-lister 5 | spec: 6 | params: 7 | - name: git-repo 8 | type: string 9 | description: Git repository to be cloned 10 | workspaces: 11 | - name: source 12 | steps: 13 | - name: git-clone 14 | image: alpine/git:v2.45.2 15 | script: git clone -v $(params.git-repo) $(workspaces.source.path)/source 16 | - name: list-files 17 | image: alpine:3.20 18 | command: 19 | - /bin/sh 20 | args: 21 | - '-c' 22 | - 'ls $(workspaces.source.path)/source' 23 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/01-s2i-no-push/README.md: -------------------------------------------------------------------------------- 1 | # Pipeline案例环境说明 2 | 3 | 示例中的用到的[项目](https://gitee.com/mageedu/spring-boot-helloWorld.git),其Dockerfile用到的Image需要从Dockerhub中拉取,建议将其修改为国内便于访问的地址,例如本地部署的Harbor上的镜像,这样也便于在后续的步骤中进行Image Push的测试。 4 | 5 | 另外,在运行本示例中的代码之前,依赖于事先存在的名为maven-cache的PVC,若不存在,可基于类似如下的配置创建。 6 | 7 | ```yaml 8 | apiVersion: v1 9 | kind: PersistentVolumeClaim 10 | metadata: 11 | name: maven-cache 12 | spec: 13 | # 指定的StorageClass,需要事先存在 14 | storageClassName: openebs-rwx 15 | accessModes: 16 | - ReadWriteMany 17 | resources: 18 | requests: 19 | storage: 5Gi 20 | ``` 21 | 22 | -------------------------------------------------------------------------------- /02-tekton-basics/05-task-script-and-parameters.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Task 3 | metadata: 4 | name: logger 5 | spec: 6 | params: 7 | - name: text 8 | type: string 9 | description: something to log 10 | default: "-" 11 | steps: 12 | - name: log 13 | image: alpine:3.20 14 | script: | 15 | sed -i "s@https://dl-cdn.alpinelinux.org/@https://mirrors.huaweicloud.com/@g" /etc/apk/repositories 16 | apk update && apk add -q tzdata 17 | cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime 18 | DATETIME=$(date "+%F %T") 19 | echo [$DATETIME] - $(params.text) 20 | -------------------------------------------------------------------------------- /05-tekton-triggers/02-trigger-taskrun/05-gitlab-event-listener.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1beta1 2 | kind: EventListener 3 | metadata: 4 | name: gitlab-event-listener 5 | spec: 6 | serviceAccountName: tekton-triggers-gitlab-sa 7 | triggers: 8 | - name: gitlab-push-events-trigger 9 | interceptors: 10 | - ref: 11 | name: "gitlab" 12 | params: 13 | - name: "secretRef" 14 | value: 15 | secretName: gitlab-webhook-token 16 | secretKey: webhookToken 17 | - name: "eventTypes" 18 | value: ["Push Hook"] 19 | bindings: 20 | - ref: gitlab-push-binding 21 | template: 22 | ref: gitlab-trigger-template 23 | -------------------------------------------------------------------------------- /05-tekton-triggers/03-trigger-pipelinerun-s2i/08-gitlab-eventlistener-s2i.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1beta1 2 | kind: EventListener 3 | metadata: 4 | name: s2i-listener 5 | spec: 6 | serviceAccountName: tekton-triggers-gitlab-sa 7 | triggers: 8 | - name: gitlab-push-events-trigger 9 | interceptors: 10 | - ref: 11 | name: "gitlab" 12 | params: 13 | - name: "secretRef" 14 | value: 15 | secretName: gitlab-webhook-token 16 | secretKey: webhookToken 17 | - name: "eventTypes" 18 | value: 19 | - "Push Hook" 20 | - "Tag Push Hook" 21 | - "Merge Request Hook" 22 | bindings: 23 | - ref: s2i-binding 24 | template: 25 | ref: s2i-tt 26 | -------------------------------------------------------------------------------- /05-tekton-triggers/04-trigger-pipelinerun-cicd/09-gitlab-eventlistener-s2i.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1beta1 2 | kind: EventListener 3 | metadata: 4 | name: cicd-listener 5 | spec: 6 | serviceAccountName: tekton-triggers-gitlab-sa 7 | triggers: 8 | - name: gitlab-push-events-trigger 9 | interceptors: 10 | - ref: 11 | name: "gitlab" 12 | params: 13 | - name: "secretRef" 14 | value: 15 | secretName: gitlab-webhook-token 16 | secretKey: webhookToken 17 | - name: "eventTypes" 18 | value: 19 | - "Push Hook" 20 | - "Tag Push Hook" 21 | - "Merge Request Hook" 22 | bindings: 23 | - ref: s2i-binding 24 | template: 25 | ref: s2i-tt 26 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/01-s2i-no-push/01-task-git-clone.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Task 3 | metadata: 4 | name: git-clone 5 | spec: 6 | description: Clone the code repository to the workspace. 7 | params: 8 | - name: url 9 | type: string 10 | description: git url to clone 11 | default: "" 12 | - name: branch 13 | type: string 14 | description: git branch to checkout 15 | default: "main" 16 | workspaces: 17 | - name: source 18 | description: The git repo will be cloned onto the volume backing this workspace 19 | steps: 20 | - name: git-clone 21 | image: alpine/git:v2.45.2 22 | script: git clone -b $(params.branch) -v $(params.url) $(workspaces.source.path)/source 23 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/04-s2i-auto-deploy/01-task-git-clone.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Task 3 | metadata: 4 | name: git-clone 5 | spec: 6 | description: Clone the code repository to the workspace. 7 | params: 8 | - name: url 9 | type: string 10 | description: git url to clone 11 | default: "" 12 | - name: branch 13 | type: string 14 | description: git branch to checkout 15 | default: "main" 16 | workspaces: 17 | - name: source 18 | description: The git repo will be cloned onto the volume backing this workspace 19 | steps: 20 | - name: git-clone 21 | image: alpine/git:v2.45.2 22 | script: git clone -b $(params.branch) -v $(params.url) $(workspaces.source.path)/source 23 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/02-s2i-push-to-dockerhub/01-task-git-clone.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Task 3 | metadata: 4 | name: git-clone 5 | spec: 6 | description: Clone the code repository to the workspace. 7 | params: 8 | - name: url 9 | type: string 10 | description: git url to clone 11 | default: "" 12 | - name: branch 13 | type: string 14 | description: git branch to checkout 15 | default: "main" 16 | workspaces: 17 | - name: source 18 | description: The git repo will be cloned onto the volume backing this workspace 19 | steps: 20 | - name: git-clone 21 | image: alpine/git:v2.45.2 22 | script: git clone -b $(params.branch) -v $(params.url) $(workspaces.source.path)/source 23 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/03-s2i-auto-gen-build-id/01-task-git-clone.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Task 3 | metadata: 4 | name: git-clone 5 | spec: 6 | description: Clone the code repository to the workspace. 7 | params: 8 | - name: url 9 | type: string 10 | description: git url to clone 11 | default: "" 12 | - name: branch 13 | type: string 14 | description: git branch to checkout 15 | default: "main" 16 | workspaces: 17 | - name: source 18 | description: The git repo will be cloned onto the volume backing this workspace 19 | steps: 20 | - name: git-clone 21 | image: alpine/git:v2.45.2 22 | script: git clone -b $(params.branch) -v $(params.url) $(workspaces.source.path)/source 23 | -------------------------------------------------------------------------------- /03-tekton-advanced/task-source-to-package.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Task 3 | metadata: 4 | name: source-to-package 5 | spec: 6 | params: 7 | - name: git-repo-url 8 | type: string 9 | workspaces: 10 | - name: source 11 | description: code storage 12 | steps: 13 | - name: fetch-from-source 14 | image: alpine/git:v2.45.2 15 | script: | 16 | git clone $(params.git-repo-url) $(workspaces.source.path)/source 17 | - name: build-to-package 18 | image: maven:3.8.7-eclipse-temurin-11-alpine 19 | workingDir: $(workspaces.source.path)/source 20 | script: | 21 | curl -sL https://gitee.com/mageedu/spring-boot-helloWorld/raw/main/maven/settings.xml -o /usr/share/maven/conf/settings.xml 22 | mvn clean install 23 | -------------------------------------------------------------------------------- /07-argocd-basics/01-application-helloworld.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: spring-boot-helloworld 5 | namespace: argocd 6 | spec: 7 | project: default 8 | source: 9 | repoURL: https://gitee.com/mageedu/spring-boot-helloworld-deployment.git 10 | targetRevision: HEAD 11 | path: deploy/kubernetes 12 | destination: 13 | server: https://kubernetes.default.svc 14 | namespace: helloworld 15 | syncPolicy: 16 | automated: 17 | prune: true 18 | selfHeal: true 19 | allowEmpty: false 20 | syncOptions: 21 | - Validate=false 22 | - CreateNamespace=true 23 | - PrunePropagationPolicy=foreground 24 | - PruneLast=true 25 | retry: 26 | limit: 5 27 | backoff: 28 | duration: 5s 29 | factor: 2 30 | maxDuration: 3m 31 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/01-s2i-no-push/02-task-source-build.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Task 3 | metadata: 4 | name: build-to-package 5 | spec: 6 | description: build application and package the files to image 7 | workspaces: 8 | - name: source 9 | description: The git repo that cloned onto the volume backing this workspace 10 | steps: 11 | - name: build 12 | image: maven:3.8.7-eclipse-temurin-11-alpine 13 | workingDir: $(workspaces.source.path)/source 14 | volumeMounts: 15 | - name: m2 16 | mountPath: /root/.m2 17 | script: | 18 | curl -sL https://gitee.com/mageedu/spring-boot-helloWorld/raw/main/maven/settings.xml -o /usr/share/maven/conf/settings.xml 19 | mvn clean install 20 | volumes: 21 | - name: m2 22 | persistentVolumeClaim: 23 | claimName: maven-cache 24 | -------------------------------------------------------------------------------- /02-tekton-basics/10-pipeline-with-ordered-task.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Pipeline 3 | metadata: 4 | name: pipeline-task-ordering 5 | spec: 6 | tasks: 7 | - name: task-a 8 | taskRef: 9 | name: logger 10 | params: 11 | - name: text 12 | value: "task-A executed" 13 | - name: task-b 14 | taskRef: 15 | name: logger 16 | params: 17 | - name: text 18 | value: "Executed after task-A" 19 | runAfter: ["task-a"] 20 | - name: task-c 21 | taskRef: 22 | name: logger 23 | params: 24 | - name: text 25 | value: "Executed after task-A" 26 | runAfter: ["task-a"] 27 | - name: task-d 28 | taskRef: 29 | name: logger 30 | params: 31 | - name: text 32 | value: "Executed after task-B and task-C" 33 | runAfter: ["task-b", "task-c"] 34 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/02-s2i-push-to-dockerhub/02-task-source-build.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Task 3 | metadata: 4 | name: build-to-package 5 | spec: 6 | description: build application and package the files to image 7 | workspaces: 8 | - name: source 9 | description: The git repo that cloned onto the volume backing this workspace 10 | steps: 11 | - name: build 12 | image: maven:3.8.7-eclipse-temurin-11-alpine 13 | workingDir: $(workspaces.source.path)/source 14 | volumeMounts: 15 | - name: m2 16 | mountPath: /root/.m2 17 | script: | 18 | curl -sL https://gitee.com/mageedu/spring-boot-helloWorld/raw/main/maven/settings.xml -o /usr/share/maven/conf/settings.xml 19 | mvn clean install 20 | volumes: 21 | - name: m2 22 | persistentVolumeClaim: 23 | claimName: maven-cache 24 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/01-s2i-no-push/05-pipelinerun-source-to-image.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: PipelineRun 3 | metadata: 4 | name: s2i-no-push-run-00001 5 | spec: 6 | pipelineRef: 7 | name: source-to-image 8 | params: 9 | - name: git-url 10 | #value: https://gitee.com/mageedu/spring-boot-helloWorld.git 11 | # 从本地仓库克隆代码,其Dockerfile中引用的Image修改为可访问的位置 12 | value: http://code.gitlab.svc.cluster.local/root/spring-boot-helloWorld.git 13 | - name: image-url 14 | value: ikubernetes/spring-boot-helloworld 15 | - name: image-tag 16 | value: latest 17 | workspaces: 18 | - name: codebase 19 | volumeClaimTemplate: 20 | spec: 21 | accessModes: 22 | - ReadWriteOnce 23 | resources: 24 | requests: 25 | storage: 1Gi 26 | storageClassName: openebs-hostpath 27 | -------------------------------------------------------------------------------- /06-deploy-argocd/argocd/argocd-dashboard-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: argocd-server-ingress 5 | namespace: argocd 6 | annotations: 7 | nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 8 | nginx.ingress.kubernetes.io/ssl-passthrough: "true" 9 | nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" 10 | #ingress.cilium.io/loadbalancer-mode: 'shared' 11 | #ingress.cilium.io/service-type: 'LoadBalancer' 12 | #ingress.cilium.io/tls-passthrough: 'enabled' 13 | #ingress.cilium.io/force-https: 'enabled' 14 | spec: 15 | ingressClassName: nginx 16 | rules: 17 | - host: argocd.magedu.com 18 | http: 19 | paths: 20 | - path: / 21 | pathType: Prefix 22 | backend: 23 | service: 24 | name: argocd-server 25 | port: 26 | name: https -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/04-s2i-auto-deploy/02-task-source-build.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Task 3 | metadata: 4 | name: build-to-package 5 | spec: 6 | description: build application and package the files to image 7 | workspaces: 8 | - name: source 9 | description: The git repo that cloned onto the volume backing this workspace 10 | steps: 11 | - name: build 12 | #image: maven:3.8-openjdk-11-slim 13 | image: maven:3.8.7-eclipse-temurin-11-alpine 14 | workingDir: $(workspaces.source.path)/source 15 | volumeMounts: 16 | - name: m2 17 | mountPath: /root/.m2 18 | script: | 19 | curl -sL https://gitee.com/mageedu/spring-boot-helloWorld/raw/main/maven/settings.xml -o /usr/share/maven/conf/settings.xml 20 | mvn clean install 21 | volumes: 22 | - name: m2 23 | persistentVolumeClaim: 24 | claimName: maven-cache 25 | -------------------------------------------------------------------------------- /05-tekton-triggers/02-trigger-taskrun/extera-config-files/taskrun-test.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: TaskRun 3 | metadata: 4 | name: gitlab-run-00001 # TaskRun 名称前缀 5 | spec: 6 | serviceAccountName: tekton-triggers-gitlab-sa 7 | params: 8 | - name: git-revision 9 | value: main 10 | - name: git-repo-url 11 | value: http://code.gitlab.svc.cluster.local/root/spring-boot-helloworld.git 12 | workspaces: 13 | - name: source 14 | emptyDir: {} 15 | taskSpec: 16 | params: 17 | - name: git-revision 18 | - name: git-repo-url 19 | workspaces: 20 | - name: source 21 | steps: 22 | - name: fetch-from-git-repo 23 | image: alpine/git:v2.45.2 24 | script: git clone -v $(params.git-repo-url) $(workspaces.source.path)/source 25 | - name: list-files 26 | image: alpine:3.20 27 | script: ls -la $(workspaces.source.path)/source 28 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/03-s2i-auto-gen-build-id/02-task-source-build.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Task 3 | metadata: 4 | name: build-to-package 5 | spec: 6 | description: build application and package the files to image 7 | workspaces: 8 | - name: source 9 | description: The git repo that cloned onto the volume backing this workspace 10 | steps: 11 | - name: build 12 | #image: maven:3.8-openjdk-11-slim 13 | image: maven:3.8.7-eclipse-temurin-11-alpine 14 | workingDir: $(workspaces.source.path)/source 15 | volumeMounts: 16 | - name: m2 17 | mountPath: /root/.m2 18 | script: | 19 | curl -sL https://gitee.com/mageedu/spring-boot-helloWorld/raw/main/maven/settings.xml -o /usr/share/maven/conf/settings.xml 20 | mvn clean install 21 | volumes: 22 | - name: m2 23 | persistentVolumeClaim: 24 | claimName: maven-cache 25 | -------------------------------------------------------------------------------- /03-tekton-advanced/01-task-workspace-demo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Task 3 | metadata: 4 | name: workspace-demo 5 | spec: 6 | params: 7 | - name: target 8 | type: string 9 | default: MageEdu 10 | steps: 11 | - name: write-message 12 | image: alpine:3.20 13 | script: | 14 | #!/bin/sh 15 | set -xe 16 | if [ "$(workspaces.messages.bound)" == "true" ] ; then 17 | echo "Hello $(params.target)" > $(workspaces.messages.path)/message 18 | cat $(workspaces.messages.path)/message 19 | fi 20 | echo "Mount Path: $(workspaces.messages.path)" 21 | echo "Volume Name: $(workspaces.messages.volume)" 22 | workspaces: 23 | - name: messages 24 | description: | 25 | The folder where we write the message to. If no workspace 26 | is provided then the message will not be written. 27 | optional: true 28 | mountPath: /data 29 | -------------------------------------------------------------------------------- /03-tekton-advanced/07-results-demo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Task 3 | metadata: 4 | name: generate-buildid 5 | spec: 6 | params: 7 | - name: version 8 | description: The version of the application 9 | type: string 10 | default: "v0.9" 11 | results: 12 | - name: datetime 13 | description: The current date and time 14 | - name: buildId 15 | description: The build ID 16 | steps: 17 | - name: generate-datetime 18 | image: ikubernetes/admin-box:v1.2 19 | script: | 20 | #!/usr/bin/env bash 21 | datetime=`date +%Y%m%d-%H%M%S` 22 | echo -n ${datetime} | tee $(results.datetime.path) 23 | - name: generate-buildid 24 | image: ikubernetes/admin-box:v1.2 25 | script: | 26 | #!/usr/bin/env bash 27 | buildDatetime=`cat $(results.datetime.path)` 28 | buildId=$(params.version)-${buildDatetime} 29 | echo -n ${buildId} | tee $(results.buildId.path) 30 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/04-s2i-auto-deploy/03-generate-build-id.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Task 3 | metadata: 4 | name: generate-build-id 5 | spec: 6 | params: 7 | - name: version 8 | description: The version of the application 9 | type: string 10 | results: 11 | - name: datetime 12 | description: The current date and time 13 | - name: buildId 14 | description: The build ID 15 | steps: 16 | - name: generate-datetime 17 | image: ikubernetes/admin-box:v1.2 18 | script: | 19 | #!/usr/bin/env bash 20 | datetime=`date +%Y%m%d-%H%M%S` 21 | echo -n ${datetime} | tee $(results.datetime.path) 22 | - name: generate-buildid 23 | image: ikubernetes/admin-box:v1.2 24 | script: | 25 | #!/usr/bin/env bash 26 | buildDatetime=`cat $(results.datetime.path)` 27 | buildId=$(params.version)-${buildDatetime} 28 | echo -n ${buildId} | tee $(results.buildId.path) 29 | -------------------------------------------------------------------------------- /03-tekton-advanced/task-source-to-package-02.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Task 3 | metadata: 4 | name: source-to-package 5 | spec: 6 | params: 7 | - name: git-repo-url 8 | type: string 9 | workspaces: 10 | - name: source 11 | description: code storage 12 | steps: 13 | - name: fetch-from-source 14 | image: alpine/git:v2.45.2 15 | script: | 16 | git clone $(params.git-repo-url) $(workspaces.source.path)/source 17 | - name: build-to-package 18 | image: maven:3.8.7-eclipse-temurin-11-alpine 19 | workingDir: $(workspaces.source.path)/source 20 | script: | 21 | curl -sL https://gitee.com/mageedu/spring-boot-helloWorld/raw/main/maven/settings.xml -o /usr/share/maven/conf/settings.xml 22 | mvn clean install 23 | volumeMounts: 24 | - name: maven-cache 25 | mountPath: /root/.m2 26 | volumes: 27 | - name: maven-cache 28 | persistentVolumeClaim: 29 | claimName: maven-cache 30 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/03-s2i-auto-gen-build-id/03-generate-build-id.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Task 3 | metadata: 4 | name: generate-build-id 5 | spec: 6 | params: 7 | - name: version 8 | description: The version of the application 9 | type: string 10 | results: 11 | - name: datetime 12 | description: The current date and time 13 | - name: buildId 14 | description: The build ID 15 | steps: 16 | - name: generate-datetime 17 | image: ikubernetes/admin-box:v1.2 18 | script: | 19 | #!/usr/bin/env bash 20 | datetime=`date +%Y%m%d-%H%M%S` 21 | echo -n ${datetime} | tee $(results.datetime.path) 22 | - name: generate-buildid 23 | image: ikubernetes/admin-box:v1.2 24 | script: | 25 | #!/usr/bin/env bash 26 | buildDatetime=`cat $(results.datetime.path)` 27 | buildId=$(params.version)-${buildDatetime} 28 | echo -n ${buildId} | tee $(results.buildId.path) 29 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/03-s2i-auto-gen-build-id/06-pipelinerun-source-to-image.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: PipelineRun 3 | metadata: 4 | name: s2i-buildid-run-00001 5 | spec: 6 | pipelineRef: 7 | name: source-to-image 8 | params: 9 | - name: git-url 10 | #value: https://gitee.com/mageedu/spring-boot-helloWorld.git 11 | value: http://code.gitlab.svc.cluster.local/root/spring-boot-helloWorld.git 12 | - name: image-url 13 | #value: ikubernetes/spring-boot-helloworld 14 | value: registry.magedu.com/ikubernetes/spring-boot-helloworld 15 | - name: version 16 | value: v0.9.4 17 | workspaces: 18 | - name: codebase 19 | volumeClaimTemplate: 20 | spec: 21 | accessModes: 22 | - ReadWriteOnce 23 | resources: 24 | requests: 25 | storage: 1Gi 26 | storageClassName: openebs-hostpath 27 | - name: docker-config 28 | secret: 29 | secretName: registry-credential 30 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/02-s2i-push-to-dockerhub/05-pipelinerun-source-to-image.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: PipelineRun 3 | metadata: 4 | name: s2i-image-push-run-00001 5 | spec: 6 | pipelineRef: 7 | name: source-to-image 8 | params: 9 | - name: git-url 10 | #value: https://gitee.com/mageedu/spring-boot-helloWorld.git 11 | value: http://code.gitlab.svc.cluster.local/root/spring-boot-helloWorld.git 12 | - name: image-url 13 | #value: ikubernetes/spring-boot-helloworld 14 | value: registry.magedu.com/ikubernetes/spring-boot-helloworld 15 | - name: image-tag 16 | value: v0.9.3 17 | workspaces: 18 | - name: codebase 19 | volumeClaimTemplate: 20 | spec: 21 | accessModes: 22 | - ReadWriteOnce 23 | resources: 24 | requests: 25 | storage: 1Gi 26 | storageClassName: openebs-hostpath 27 | - name: docker-config 28 | secret: 29 | secretName: registry-credential 30 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/04-s2i-auto-deploy/08-pipelinerun-source-to-image.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: PipelineRun 3 | metadata: 4 | name: s2i-buildid-run-00002 5 | spec: 6 | taskRunSpecs: 7 | - pipelineTaskName: deploy-to-cluster 8 | serviceAccountName: helloworld-admin 9 | pipelineRef: 10 | name: source-to-image 11 | params: 12 | - name: git-url 13 | #value: https://gitee.com/mageedu/spring-boot-helloWorld.git 14 | value: http://code.gitlab.svc.cluster.local/root/spring-boot-helloWorld.git 15 | - name: image-url 16 | value: registry.magedu.com/ikubernetes/spring-boot-helloworld 17 | - name: version 18 | value: v0.9 19 | workspaces: 20 | - name: codebase 21 | volumeClaimTemplate: 22 | spec: 23 | accessModes: 24 | - ReadWriteOnce 25 | resources: 26 | requests: 27 | storage: 1Gi 28 | storageClassName: openebs-hostpath 29 | - name: docker-config 30 | secret: 31 | secretName: registry-credential 32 | -------------------------------------------------------------------------------- /01-tekton-dashboard/README.md: -------------------------------------------------------------------------------- 1 | # 部署Tekton Pipelines和Dashboard 2 | 3 | 4 | 5 | > 前提: 6 | > 7 | > 1. 首先根据Tekton的文档,部署Tekton Pipelines和Tekton Dashboard; 8 | > 9 | > ``` 10 | > # Tekton Pipelines 11 | > kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml 12 | > 13 | > # Tekton Dashboard 14 | > kubectl apply --filename https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml 15 | > ``` 16 | > 17 | > 18 | > 19 | > 2. 根据Project Contour的文档,部署Contour,并启用Gateway API,文档地址如下(这里以v1.30版本为例); 20 | > 21 | > ``` 22 | > https://projectcontour.io/docs/1.30/guides/gateway-api/ 23 | > ``` 24 | > 25 | > 根据文档提示,在Contour Gateway API的两种部署选项中选择其中一种即可。 26 | 27 | 28 | 29 | 本目录中的示例提供了三种暴露Tekton Dashboard至集群外部的方式,根据需要选择其中之一即可。 30 | 31 | - 基于Ingress:默认使用的是Contour Ingress Class,依赖于部署的ProjectContour 32 | - 基于Kubernetes Gateway:默认使用的是Contour Gateway,依赖于部署的ProjectContour 33 | - 基于Istio Gateway:依赖于部署的Istio 34 | 35 | 36 | 37 | 另外,获取Tekton CLI的地址为https://github.com/tektoncd/cli/blob/main/README.md。 38 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/04-s2i-auto-deploy/05-task-deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Task 3 | metadata: 4 | name: deploy-using-kubectl 5 | spec: 6 | workspaces: 7 | - name: source 8 | description: The git repo 9 | params: 10 | - name: deploy-config-file 11 | description: The path to the yaml file to deploy within the git source 12 | - name: image-url 13 | description: Image name including repository 14 | - name: image-tag 15 | description: Image tag 16 | steps: 17 | - name: update-yaml 18 | image: alpine:3.20 19 | command: ["sed"] 20 | args: 21 | - "-i" 22 | - "-e" 23 | - "s@__IMAGE__@$(params.image-url):$(params.image-tag)@g" 24 | - "$(workspaces.source.path)/source/deploy/$(params.deploy-config-file)" 25 | - name: run-kubectl 26 | #image: lachlanevenson/k8s-kubectl 27 | image: bitnami/kubectl 28 | command: ["kubectl"] 29 | args: 30 | - "apply" 31 | - "-f" 32 | - "$(workspaces.source.path)/source/deploy/$(params.deploy-config-file)" 33 | -------------------------------------------------------------------------------- /08-argo-rollouts/06-argocd-applicatio-and-argo-rollouts.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: spring-boot-helloworld 5 | namespace: argocd 6 | spec: 7 | project: default 8 | source: 9 | repoURL: https://gitee.com/mageedu/spring-boot-helloworld-deployment.git 10 | targetRevision: HEAD 11 | path: rollouts/helloworld-canary-with-analysis 12 | destination: 13 | server: https://kubernetes.default.svc 14 | # This sample must run in demo namespace. 15 | namespace: demo 16 | syncPolicy: 17 | automated: 18 | prune: true 19 | selfHeal: true 20 | allowEmpty: false 21 | syncOptions: 22 | - Validate=false 23 | - CreateNamespace=true 24 | - PrunePropagationPolicy=foreground 25 | - PruneLast=true 26 | - ApplyOutOfSyncOnly=true 27 | retry: 28 | limit: 5 29 | backoff: 30 | duration: 5s 31 | factor: 2 32 | maxDuration: 3m 33 | ignoreDifferences: 34 | - group: networking.istio.io 35 | kind: VirtualService 36 | jsonPointers: 37 | - /spec/http/0 38 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/01-s2i-no-push/03-task-build-image.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Task 3 | metadata: 4 | name: image-build 5 | spec: 6 | description: package the application files to image 7 | params: 8 | - name: dockerfile 9 | description: The path to the dockerfile to build (relative to the context) 10 | default: Dockerfile 11 | - name: image-url 12 | description: Url of image repository 13 | - name: image-tag 14 | description: Tag to apply to the built image 15 | default: latest 16 | workspaces: 17 | - name: source 18 | steps: 19 | - name: build-and-push-image 20 | #image: gcr.io/kaniko-project/executor:debug 21 | image: gcr.io/kaniko-project/executor:v1.23.2 22 | securityContext: 23 | runAsUser: 0 24 | command: 25 | - /kaniko/executor 26 | args: 27 | - --dockerfile=$(params.dockerfile) 28 | - --context=$(workspaces.source.path)/source 29 | - --insecure 30 | - --insecure-pull 31 | - --skip-tls-verify 32 | - --skip-tls-verify-pull 33 | - --no-push 34 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # GitOps-in-Practise 2 | 3 | 本项目是[马哥教育](http://www.magedu.com)的GitOps进阶实践专题课程的实践代码库。 4 | 5 | ## iKubernetes公众号 6 | 7 | ![ikubernetes公众号二维码](https://github.com/iKubernetes/Kubernetes_Advanced_Practical_2rd/raw/main/imgs/iKubernetes%E5%85%AC%E4%BC%97%E5%8F%B7%E4%BA%8C%E7%BB%B4%E7%A0%81.jpg) 8 | 9 | ## 《Kubernetes进阶实战第2版》 10 | 11 | - [淘宝直达](https://s.taobao.com/search?q=kubernetes%E8%BF%9B%E9%98%B6%E5%AE%9E%E6%88%98%E7%AC%AC2%E7%89%88&imgfile=&commend=all&ssid=s5-e&search_type=item&sourceId=tb.index&spm=a21bo.2017.201856-taobao-item.1&ie=utf8&initiative_id=tbindexz_20170306) 12 | - [京东商城直达](https://search.jd.com/Search?keyword=kubernetes%E8%BF%9B%E9%98%B6%E5%AE%9E%E6%88%98%E7%AC%AC2%E7%89%88&enc=utf-8&suggest=2.def.0.base&wq=kubernetes%E8%BF%9B%E9%98%B6%E5%AE%9E%E6%88%98&pvid=286ff777931e4075a762f321a0fb1139) 13 | - [当当直达](http://search.dangdang.com/?key=kubernetes%BD%F8%BD%D7%CA%B5%D5%BD%B5%DA%B6%FE%B0%E6&act=input) 14 | 15 | ![图书封面](https://github.com/iKubernetes/Kubernetes_Advanced_Practical_2rd/raw/main/imgs/book.jpg) 16 | 17 | ## 版权声明 18 | 19 | 本文档由[马哥教育](http://www.magedu.com)开发,允许自由转载,但必须保留马哥教育及相关的一切标识。另外,商用需要征得马哥教育的书面同意。 20 | -------------------------------------------------------------------------------- /06-deploy-argocd/argocd/argocd-dashboard-virtualservice.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1beta1 2 | kind: Gateway 3 | metadata: 4 | name: argocd-dashboard-gateway 5 | namespace: istio-system 6 | spec: 7 | selector: 8 | app: istio-ingressgateway 9 | servers: 10 | - hosts: 11 | - "argocd.magedu.com" 12 | port: 13 | number: 80 14 | name: http 15 | protocol: HTTP 16 | tls: 17 | httpsRedirect: true 18 | - hosts: 19 | - "argocd.magedu.com" 20 | port: 21 | number: 443 22 | name: https 23 | protocol: HTTPS 24 | tls: 25 | mode: PASSTHROUGH 26 | --- 27 | apiVersion: networking.istio.io/v1beta1 28 | kind: VirtualService 29 | metadata: 30 | name: argocd-dashboard-virtualservice 31 | namespace: argocd 32 | spec: 33 | hosts: 34 | - "argocd.magedu.com" 35 | gateways: 36 | - istio-system/argocd-dashboard-gateway 37 | tls: 38 | - match: 39 | - port: 443 40 | sniHosts: 41 | - argocd.magedu.com 42 | route: 43 | - destination: 44 | host: argocd-server 45 | port: 46 | number: 443 47 | -------------------------------------------------------------------------------- /01-tekton-dashboard/tekton-dashboard-virtualservice.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1beta1 3 | kind: DestinationRule 4 | metadata: 5 | name: tekton-dashboard 6 | namespace: tekton-pipelines 7 | spec: 8 | host: tekton-dashboard 9 | trafficPolicy: 10 | tls: 11 | mode: DISABLE 12 | --- 13 | apiVersion: networking.istio.io/v1beta1 14 | kind: Gateway 15 | metadata: 16 | name: tekton-dashboard-gateway 17 | namespace: istio-system 18 | spec: 19 | selector: 20 | app: istio-ingressgateway 21 | servers: 22 | - port: 23 | number: 80 24 | name: http 25 | protocol: HTTP 26 | hosts: 27 | - "tekton.magedu.com" 28 | - "ci.magedu.com" 29 | --- 30 | apiVersion: networking.istio.io/v1beta1 31 | kind: VirtualService 32 | metadata: 33 | name: tekton-dashboard-virtualservice 34 | namespace: tekton-pipelines 35 | spec: 36 | hosts: 37 | - "tekton.magedu.com" 38 | - "ci.magedu.com" 39 | gateways: 40 | - istio-system/tekton-dashboard-gateway 41 | http: 42 | - match: 43 | - uri: 44 | prefix: / 45 | route: 46 | - destination: 47 | host: tekton-dashboard 48 | port: 49 | number: 9097 50 | --- 51 | -------------------------------------------------------------------------------- /07-argocd-basics/02-applicationset-demo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: ApplicationSet 3 | metadata: 4 | name: helloworld 5 | namespace: argocd 6 | spec: 7 | generators: 8 | - list: 9 | elements: 10 | - environment: dev 11 | - environment: staging 12 | - environment: prod 13 | template: 14 | metadata: 15 | name: '{{environment}}-guestbook' 16 | spec: 17 | project: default 18 | source: 19 | repoURL: https://gitee.com/mageedu/spring-boot-helloworld-deployment.git 20 | targetRevision: HEAD 21 | path: helloworld/{{environment}} 22 | destination: 23 | server: https://kubernetes.default.svc 24 | namespace: '{{environment}}' 25 | syncPolicy: 26 | automated: 27 | prune: true 28 | selfHeal: true 29 | allowEmpty: false 30 | syncOptions: 31 | - Validate=false 32 | - CreateNamespace=true 33 | - PrunePropagationPolicy=foreground 34 | - PruneLast=true 35 | retry: 36 | limit: 5 37 | backoff: 38 | duration: 5s 39 | factor: 2 40 | maxDuration: 3m 41 | syncPolicy: 42 | preserveResourcesOnDeletion: false 43 | -------------------------------------------------------------------------------- /08-argo-rollouts/04-argo-rollouts-bluegreen-demo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Rollout 3 | metadata: 4 | name: rollout-helloworld-bluegreen 5 | spec: 6 | replicas: 3 7 | revisionHistoryLimit: 5 8 | selector: 9 | matchLabels: 10 | app: rollout-helloworld-bluegreen 11 | template: 12 | metadata: 13 | labels: 14 | app: rollout-helloworld-bluegreen 15 | spec: 16 | containers: 17 | - name: spring-boot-helloworld 18 | image: ikubernetes/spring-boot-helloworld:v0.9.2 19 | ports: 20 | - containerPort: 80 21 | strategy: 22 | blueGreen: 23 | activeService: spring-boot-helloworld 24 | previewService: spring-boot-helloworld-preview 25 | autoPromotionEnabled: false 26 | --- 27 | kind: Service 28 | apiVersion: v1 29 | metadata: 30 | name: spring-boot-helloworld 31 | spec: 32 | selector: 33 | app: rollout-helloworld-bluegreen 34 | ports: 35 | - protocol: TCP 36 | port: 80 37 | targetPort: 80 38 | 39 | --- 40 | kind: Service 41 | apiVersion: v1 42 | metadata: 43 | name: spring-boot-helloworld-preview 44 | spec: 45 | selector: 46 | app: rollout-helloworld-bluegreen 47 | ports: 48 | - protocol: TCP 49 | port: 80 50 | targetPort: 80 51 | -------------------------------------------------------------------------------- /06-deploy-argocd/argo-rollouts/argo-rollouts-dashboard-virtualservice.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1beta1 3 | kind: DestinationRule 4 | metadata: 5 | name: argo-rollouts-dashboard 6 | namespace: argo-rollouts 7 | spec: 8 | host: argo-rollouts-dashboard 9 | trafficPolicy: 10 | tls: 11 | mode: DISABLE 12 | --- 13 | apiVersion: networking.istio.io/v1beta1 14 | kind: Gateway 15 | metadata: 16 | name: argo-rollouts-dashboard-gateway 17 | namespace: istio-system 18 | spec: 19 | selector: 20 | app: istio-ingressgateway 21 | servers: 22 | - port: 23 | number: 80 24 | name: http 25 | protocol: HTTP 26 | hosts: 27 | - "argo-rollouts.magedu.com" 28 | - "rollouts.magedu.com" 29 | --- 30 | apiVersion: networking.istio.io/v1beta1 31 | kind: VirtualService 32 | metadata: 33 | name: argo-rollouts-dashboard-virtualservice 34 | namespace: argo-rollouts 35 | spec: 36 | hosts: 37 | - "argo-rollouts.magedu.com" 38 | - "rollouts.magedu.com" 39 | gateways: 40 | - istio-system/argo-rollouts-dashboard-gateway 41 | http: 42 | - match: 43 | - uri: 44 | prefix: / 45 | route: 46 | - destination: 47 | host: argo-rollouts-dashboard 48 | port: 49 | number: 3100 50 | --- 51 | -------------------------------------------------------------------------------- /03-tekton-advanced/pipeline-source-to-package.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Task 3 | metadata: 4 | name: source-to-package 5 | spec: 6 | params: 7 | - name: git-repo-url 8 | type: string 9 | workspaces: 10 | - name: source 11 | description: code storage 12 | steps: 13 | - name: fetch-from-source 14 | image: alpine/git:v2.45.2 15 | script: | 16 | git clone $(params.git-repo-url) $(workspaces.source.path)/source 17 | - name: build-to-package 18 | image: maven:3.8.7-eclipse-temurin-11-alpine 19 | workingDir: $(workspaces.source.path)/source 20 | script: | 21 | curl -sL https://gitee.com/mageedu/spring-boot-helloWorld/raw/main/maven/settings.xml -o /usr/share/maven/conf/settings.xml 22 | mvn clean install 23 | --- 24 | apiVersion: tekton.dev/v1 25 | kind: Pipeline 26 | metadata: 27 | name: s2p-demo 28 | spec: 29 | params: 30 | - name: git-repo-url 31 | type: string 32 | workspaces: 33 | - name: source 34 | tasks: 35 | - name: source-to-package 36 | params: 37 | - name: git-repo-url 38 | value: $(params.git-repo-url) 39 | workspaces: 40 | - name: source 41 | workspace: source 42 | taskRef: 43 | name: source-to-package 44 | -------------------------------------------------------------------------------- /05-tekton-triggers/03-trigger-pipelinerun-s2i/07-gitlab-triggertemplate-s2i.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1beta1 2 | kind: TriggerTemplate 3 | metadata: 4 | name: s2i-tt 5 | spec: 6 | params: # 定义参数 7 | - name: git-revision 8 | - name: git-repo-url 9 | - name: image-url 10 | - name: version 11 | resourcetemplates: 12 | - apiVersion: tekton.dev/v1 13 | kind: PipelineRun 14 | metadata: 15 | generateName: s2i-trigger-run- # TaskRun 名称前缀 16 | spec: 17 | pipelineRef: 18 | name: source-to-image 19 | params: 20 | - name: git-repo-url 21 | value: $(tt.params.git-repo-url) 22 | - name: git-revision 23 | value: $(tt.params.git-revision) 24 | - name: image-url 25 | value: $(tt.params.image-url) 26 | - name: version 27 | value: $(tt.params.version) 28 | workspaces: 29 | - name: codebase 30 | volumeClaimTemplate: 31 | spec: 32 | accessModes: 33 | - ReadWriteOnce 34 | resources: 35 | requests: 36 | storage: 1Gi 37 | storageClassName: openebs-hostpath 38 | - name: docker-config 39 | secret: 40 | secretName: registry-credential 41 | -------------------------------------------------------------------------------- /05-tekton-triggers/03-trigger-pipelinerun-s2i/extra-config-files/test-pipelinerun.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: PipelineRun 3 | metadata: 4 | name: s2i-buildid-run-10001 5 | spec: 6 | serviceAccountName: default 7 | #serviceAccountNames: 8 | # - taskName: deploy-to-cluster 9 | # serviceAccountName: helloworld-admin 10 | pipelineRef: 11 | name: source-to-image 12 | taskRunSpecs: 13 | - pipelineTaskName: deploy-to-cluster 14 | taskServiceAccountName: helloworld-admin 15 | # taskPodTemplate: 16 | # nodeSelector: 17 | # disktype: ssd 18 | params: 19 | - name: git-repo-url 20 | value: http://code.gitlab.svc.cluster.local/root/spring-boot-helloworld.git 21 | - name: git-revision 22 | value: main 23 | - name: image-url 24 | value: ikubernetes/spring-boot-helloworld 25 | #value: registry.magedu.com/ikubernetes/spring-boot-helloworld 26 | - name: version 27 | value: v0.9 28 | workspaces: 29 | - name: codebase 30 | volumeClaimTemplate: 31 | spec: 32 | accessModes: 33 | - ReadWriteOnce 34 | resources: 35 | requests: 36 | storage: 1Gi 37 | storageClassName: openebs-hostpath 38 | - name: docker-config 39 | secret: 40 | secretName: registry-credential 41 | -------------------------------------------------------------------------------- /05-tekton-triggers/04-trigger-pipelinerun-cicd/extra-config-files/test-pipelinerun.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: PipelineRun 3 | metadata: 4 | name: s2i-buildid-run-00001 5 | spec: 6 | serviceAccountName: default 7 | #serviceAccountNames: 8 | # - taskName: deploy-to-cluster 9 | # serviceAccountName: helloworld-admin 10 | pipelineRef: 11 | name: source-to-image 12 | taskRunSpecs: 13 | - pipelineTaskName: deploy-to-cluster 14 | taskServiceAccountName: helloworld-admin 15 | # taskPodTemplate: 16 | # nodeSelector: 17 | # disktype: ssd 18 | params: 19 | - name: git-repo-url 20 | value: http://code.gitlab.svc.cluster.local/root/spring-boot-helloworld.git 21 | - name: git-revision 22 | value: main 23 | - name: image-url 24 | #value: registry.magedu.com/ikubernetes/spring-boot-helloworld 25 | value: ikubernetes/spring-boot-helloworld 26 | - name: version 27 | value: v0.9 28 | workspaces: 29 | - name: codebase 30 | volumeClaimTemplate: 31 | spec: 32 | accessModes: 33 | - ReadWriteOnce 34 | resources: 35 | requests: 36 | storage: 1Gi 37 | storageClassName: openebs-hostpath 38 | - name: docker-config 39 | secret: 40 | secretName: registry-credential 41 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/04-s2i-auto-deploy/04-task-build-image.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Task 3 | metadata: 4 | name: image-build-and-push 5 | spec: 6 | description: package the application files to image 7 | params: 8 | - name: dockerfile 9 | description: The path to the dockerfile to build (relative to the context) 10 | default: Dockerfile 11 | - name: image-url 12 | description: Url of image repository 13 | - name: image-tag 14 | description: Tag to apply to the built image 15 | workspaces: 16 | - name: source 17 | - name: dockerconfig 18 | mountPath: /kaniko/.docker 19 | steps: 20 | - name: image-build-and-push 21 | #image: gcr.io/kaniko-project/executor:debug 22 | image: gcr.io/kaniko-project/executor:v1.23.2 23 | securityContext: 24 | runAsUser: 0 25 | env: 26 | - name: DOCKER_CONFIG 27 | value: /kaniko/.docker 28 | command: 29 | - /kaniko/executor 30 | args: 31 | - --dockerfile=$(params.dockerfile) 32 | - --context=$(workspaces.source.path)/source 33 | - --insecure 34 | - --insecure-pull 35 | - --skip-tls-verify 36 | - --skip-tls-verify-pull 37 | - --skip-push-permission-check 38 | - --destination=$(params.image-url):$(params.image-tag) 39 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/03-s2i-auto-gen-build-id/04-task-build-image.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Task 3 | metadata: 4 | name: image-build-and-push 5 | spec: 6 | description: package the application files to image 7 | params: 8 | - name: dockerfile 9 | description: The path to the dockerfile to build (relative to the context) 10 | default: Dockerfile 11 | - name: image-url 12 | description: Url of image repository 13 | - name: image-tag 14 | description: Tag to apply to the built image 15 | workspaces: 16 | - name: source 17 | - name: dockerconfig 18 | mountPath: /kaniko/.docker 19 | steps: 20 | - name: image-build-and-push 21 | #image: gcr.io/kaniko-project/executor:debug 22 | image: gcr.io/kaniko-project/executor:v1.23.2 23 | securityContext: 24 | runAsUser: 0 25 | env: 26 | - name: DOCKER_CONFIG 27 | value: /kaniko/.docker 28 | command: 29 | - /kaniko/executor 30 | args: 31 | - --dockerfile=$(params.dockerfile) 32 | - --context=$(workspaces.source.path)/source 33 | - --insecure 34 | - --insecure-pull 35 | - --skip-tls-verify 36 | - --skip-tls-verify-pull 37 | - --skip-push-permission-check 38 | - --destination=$(params.image-url):$(params.image-tag) 39 | -------------------------------------------------------------------------------- /05-tekton-triggers/02-trigger-taskrun/04-gitlab-trigger-template.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1beta1 2 | kind: TriggerTemplate 3 | metadata: 4 | name: gitlab-trigger-template 5 | spec: 6 | params: # 定义参数 7 | - name: git-revision 8 | - name: git-repo-url 9 | resourcetemplates: 10 | - apiVersion: tekton.dev/v1 11 | kind: TaskRun 12 | metadata: 13 | generateName: gitlab-trigger-run- # TaskRun 名称前缀 14 | spec: 15 | serviceAccountName: tekton-triggers-gitlab-sa 16 | params: 17 | - name: git-revision 18 | value: $(tt.params.git-revision) 19 | - name: git-repo-url 20 | value: $(tt.params.git-repo-url) 21 | workspaces: 22 | - name: source 23 | emptyDir: {} 24 | taskSpec: 25 | workspaces: 26 | - name: source 27 | params: 28 | - name: git-revision 29 | - name: git-repo-url 30 | steps: 31 | - name: fetch-from-git-repo 32 | image: alpine/git:v2.45.2 33 | script: | 34 | git clone -v $(params.git-repo-url) $(workspaces.source.path)/source 35 | cd $(workspaces.source.path)/source && git reset --hard $(params.git-revision) 36 | - name: list-files 37 | image: alpine:3.20 38 | script: ls -la $(workspaces.source.path)/source 39 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/01-s2i-no-push/04-pipeline-source-to-image.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Pipeline 3 | metadata: 4 | name: source-to-image 5 | spec: 6 | params: 7 | - name: git-url 8 | - name: pathToContext 9 | description: The path to the build context, used by Kaniko - within the workspace 10 | default: . 11 | - name: image-url 12 | description: Url of image repository 13 | - name: image-tag 14 | description: Tag to apply to the built image 15 | workspaces: 16 | - name: codebase 17 | tasks: 18 | - name: git-clone 19 | taskRef: 20 | name: git-clone 21 | params: 22 | - name: url 23 | value: "$(params.git-url)" 24 | workspaces: 25 | - name: source 26 | workspace: codebase 27 | - name: build-to-package 28 | taskRef: 29 | name: build-to-package 30 | workspaces: 31 | - name: source 32 | workspace: codebase 33 | runAfter: 34 | - git-clone 35 | - name: image-build 36 | taskRef: 37 | name: image-build 38 | params: 39 | - name: image-url 40 | value: "$(params.image-url)" 41 | - name: image-tag 42 | value: "$(params.image-tag)" 43 | workspaces: 44 | - name: source 45 | workspace: codebase 46 | runAfter: 47 | - build-to-package 48 | -------------------------------------------------------------------------------- /05-tekton-triggers/04-trigger-pipelinerun-cicd/08-gitlab-triggertemplate-s2i.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1beta1 2 | kind: TriggerTemplate 3 | metadata: 4 | name: s2i-tt 5 | spec: 6 | params: # 定义参数 7 | - name: git-revision 8 | - name: git-repo-url 9 | - name: image-url 10 | - name: version 11 | resourcetemplates: 12 | - apiVersion: tekton.dev/v1 13 | kind: PipelineRun 14 | metadata: 15 | generateName: s2i-trigger-run- # TaskRun 名称前缀 16 | spec: 17 | pipelineRef: 18 | name: source-to-image 19 | taskRunSpecs: 20 | - pipelineTaskName: deploy-to-cluster 21 | serviceAccountName: helloworld-admin 22 | params: 23 | - name: git-repo-url 24 | value: $(tt.params.git-repo-url) 25 | - name: git-revision 26 | value: $(tt.params.git-revision) 27 | - name: image-url 28 | value: $(tt.params.image-url) 29 | - name: version 30 | value: $(tt.params.version) 31 | workspaces: 32 | - name: codebase 33 | volumeClaimTemplate: 34 | spec: 35 | accessModes: 36 | - ReadWriteOnce 37 | resources: 38 | requests: 39 | storage: 1Gi 40 | storageClassName: openebs-hostpath 41 | - name: docker-config 42 | secret: 43 | secretName: registry-credential 44 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/02-s2i-push-to-dockerhub/03-task-build-image.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Task 3 | metadata: 4 | name: image-build-and-push 5 | spec: 6 | description: package the application files to image 7 | params: 8 | - name: dockerfile 9 | description: The path to the dockerfile to build (relative to the context) 10 | default: Dockerfile 11 | - name: image-url 12 | description: Url of image repository 13 | - name: image-tag 14 | description: Tag to apply to the built image 15 | default: latest 16 | workspaces: 17 | - name: source 18 | - name: dockerconfig 19 | # Secret resource which contains identity to image registry 20 | mountPath: /kaniko/.docker 21 | steps: 22 | - name: image-build-and-push 23 | image: gcr.io/kaniko-project/executor:debug 24 | #image: gcr.io/kaniko-project/executor:v1.23.2 25 | securityContext: 26 | runAsUser: 0 27 | env: 28 | - name: DOCKER_CONFIG 29 | value: /kaniko/.docker 30 | command: 31 | - /kaniko/executor 32 | args: 33 | - --dockerfile=$(params.dockerfile) 34 | - --context=$(workspaces.source.path)/source 35 | - --insecure 36 | - --insecure-pull 37 | - --skip-tls-verify 38 | - --skip-tls-verify-pull 39 | - --skip-push-permission-check 40 | - --destination=$(params.image-url):$(params.image-tag) 41 | -------------------------------------------------------------------------------- /05-tekton-triggers/01-trigger-basics/01-triggertemplate-demo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1beta1 2 | kind: TriggerTemplate 3 | metadata: 4 | name: pipeline-template-demo 5 | spec: 6 | params: 7 | - name: image-url 8 | default: ikubernetes/spring-boot-helloworld 9 | - name: git-revision 10 | description: The git revision (SHA) 11 | default: master 12 | - name: git-url 13 | description: The git repository url ("https://github.com/foo/bar.git") 14 | - name: version 15 | description: The version of application 16 | resourcetemplates: 17 | - apiVersion: tekton.dev/v1 18 | kind: PipelineRun 19 | metadata: 20 | generateName: pipeline-run- 21 | spec: 22 | pipelineRef: 23 | name: source-to-image 24 | params: 25 | - name: git-url 26 | value: $(tt.params.git-url) 27 | - name: image-url 28 | value: $(tt.params.image-url) 29 | - name: version 30 | value: $(tt.params.version) 31 | workspaces: 32 | - name: codebase 33 | volumeClaimTemplate: 34 | spec: 35 | accessModes: 36 | - ReadWriteOnce 37 | resources: 38 | requests: 39 | storage: 1Gi 40 | storageClassName: openebs-hostpath 41 | - name: docker-config 42 | secret: 43 | secretName: registry-credential 44 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/02-s2i-push-to-dockerhub/04-pipeline-source-to-image.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Pipeline 3 | metadata: 4 | name: source-to-image 5 | spec: 6 | params: 7 | - name: git-url 8 | - name: pathToContext 9 | description: The path to the build context, used by Kaniko - within the workspace 10 | default: . 11 | - name: image-url 12 | description: Url of image repository 13 | - name: image-tag 14 | description: Tag to apply to the built image 15 | workspaces: 16 | - name: codebase 17 | - name: docker-config 18 | tasks: 19 | - name: git-clone 20 | taskRef: 21 | name: git-clone 22 | params: 23 | - name: url 24 | value: "$(params.git-url)" 25 | workspaces: 26 | - name: source 27 | workspace: codebase 28 | - name: build-to-package 29 | taskRef: 30 | name: build-to-package 31 | workspaces: 32 | - name: source 33 | workspace: codebase 34 | runAfter: 35 | - git-clone 36 | - name: image-build-and-push 37 | taskRef: 38 | name: image-build-and-push 39 | params: 40 | - name: image-url 41 | value: "$(params.image-url)" 42 | - name: image-tag 43 | value: "$(params.image-tag)" 44 | workspaces: 45 | - name: source 46 | workspace: codebase 47 | - name: dockerconfig 48 | workspace: docker-config 49 | runAfter: 50 | - build-to-package 51 | -------------------------------------------------------------------------------- /09-rollouts-and-ingress/04-rollouts-bluegreen-demo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Rollout 3 | metadata: 4 | name: rollout-helloworld-bluegreen 5 | spec: 6 | replicas: 3 7 | revisionHistoryLimit: 5 8 | selector: 9 | matchLabels: 10 | app: rollout-helloworld-bluegreen 11 | template: 12 | metadata: 13 | labels: 14 | app: rollout-helloworld-bluegreen 15 | spec: 16 | containers: 17 | - name: spring-boot-helloworld 18 | image: ikubernetes/spring-boot-helloworld:v0.9.2 19 | ports: 20 | - containerPort: 80 21 | strategy: 22 | blueGreen: 23 | activeService: spring-boot-helloworld 24 | previewService: spring-boot-helloworld-preview 25 | autoPromotionEnabled: false 26 | --- 27 | kind: Service 28 | apiVersion: v1 29 | metadata: 30 | name: spring-boot-helloworld 31 | spec: 32 | selector: 33 | app: rollout-helloworld-bluegreen 34 | ports: 35 | - protocol: TCP 36 | port: 80 37 | targetPort: 80 38 | 39 | --- 40 | kind: Service 41 | apiVersion: v1 42 | metadata: 43 | name: spring-boot-helloworld-preview 44 | spec: 45 | selector: 46 | app: rollout-helloworld-bluegreen 47 | ports: 48 | - protocol: TCP 49 | port: 80 50 | targetPort: 80 51 | --- 52 | apiVersion: networking.k8s.io/v1 53 | kind: Ingress 54 | metadata: 55 | name: spring-boot-helloworld 56 | spec: 57 | ingressClassName: "nginx" 58 | rules: 59 | - host: hello.magedu.com 60 | http: 61 | paths: 62 | - path: / 63 | pathType: Prefix 64 | backend: 65 | service: 66 | name: spring-boot-helloworld 67 | port: 68 | number: 80 69 | --- 70 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/04-s2i-auto-deploy/README.md: -------------------------------------------------------------------------------- 1 | # Source to Image 2 | 3 | ### Kaniko 4 | 5 | ![kaniko logo](https://github.com/GoogleContainerTools/kaniko/blob/main/logo/Kaniko-Logo.png) 6 | 7 | kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. 8 | 9 | kaniko doesn't depend on a Docker daemon and executes each command within a Dockerfile completely in userspace. 10 | This enables building container images in environments that can't easily or securely run a Docker daemon, such as a standard Kubernetes cluster. 11 | 12 | kaniko is meant to be run as an image: `gcr.io/kaniko-project/executor`. 13 | 14 | #### Pushing to Docker Hub 15 | 16 | Get your docker registry user and password encoded in base64 17 | 18 | echo -n USER:PASSWORD | base64 19 | 20 | Create a `config.json` file with your Docker registry url and the previous generated base64 string 21 | 22 | > 注意:此处的文件名将作为Secret中的key,其挂载后代表的文件名要求必须为config.json,因此,若使用了其它的文件名,则必须要在创建Secret对象时,将其key明确定义为config.json。 23 | 24 | **Note:** 如果是Docker Hub,Please use v1 endpoint,如果是自行部署的私有Registry,例如Harbor,可直接使用服务器地址,形如“https://registry.magedu.com/”即可。 25 | 26 | ``` 27 | { 28 | "auths": { 29 | "https://index.docker.io/v1/": { 30 | "auth": "xxxxxxxxxxxxxxx" 31 | } 32 | } 33 | } 34 | ``` 35 | 36 | Configure credentials 37 | 38 | You can create a Kubernetes secret for your `~/.docker/config.json` file so that credentials can be accessed within the cluster. 39 | To create the secret, run: 40 | ```shell 41 | kubectl create secret generic registry-credential --from-file=config.json= 42 | ``` 43 | 44 | 注意: Secret的类型必须为“generic”,一定不能使用“docker-registry”。 45 | 46 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/02-s2i-push-to-dockerhub/README.md: -------------------------------------------------------------------------------- 1 | # Source to Image 2 | 3 | ### Kaniko 4 | 5 | ![kaniko logo](https://github.com/GoogleContainerTools/kaniko/blob/main/logo/Kaniko-Logo.png) 6 | 7 | kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. 8 | 9 | kaniko doesn't depend on a Docker daemon and executes each command within a Dockerfile completely in userspace. 10 | This enables building container images in environments that can't easily or securely run a Docker daemon, such as a standard Kubernetes cluster. 11 | 12 | kaniko is meant to be run as an image: `gcr.io/kaniko-project/executor`. 13 | 14 | #### Pushing to Docker Hub 15 | 16 | Get your docker registry user and password encoded in base64 17 | 18 | echo -n USER:PASSWORD | base64 19 | 20 | Create a `config.json` file with your Docker registry url and the previous generated base64 string 21 | 22 | > 注意:此处的文件名将作为Secret中的key,其挂载后代表的文件名要求必须为config.json,因此,若使用了其它的文件名,则必须要在创建Secret对象时,将其key明确定义为config.json。 23 | 24 | **Note:** 如果是Docker Hub,Please use v1 endpoint,如果是自行部署的私有Registry,例如Harbor,可直接使用服务器地址,形如“https://registry.magedu.com/”即可。 25 | 26 | ``` 27 | { 28 | "auths": { 29 | "https://index.docker.io/v1/": { 30 | "auth": "xxxxxxxxxxxxxxx" 31 | } 32 | } 33 | } 34 | ``` 35 | 36 | Configure credentials 37 | 38 | You can create a Kubernetes secret for your `~/.docker/config.json` file so that credentials can be accessed within the cluster. 39 | To create the secret, run: 40 | ```shell 41 | kubectl create secret generic registry-credential --from-file=config.json= 42 | ``` 43 | 44 | 注意: Secret的类型必须为“generic”,一定不能使用“docker-registry”。 45 | 46 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/03-s2i-auto-gen-build-id/README.md: -------------------------------------------------------------------------------- 1 | # Source to Image 2 | 3 | ### Kaniko 4 | 5 | ![kaniko logo](https://github.com/GoogleContainerTools/kaniko/blob/main/logo/Kaniko-Logo.png) 6 | 7 | kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. 8 | 9 | kaniko doesn't depend on a Docker daemon and executes each command within a Dockerfile completely in userspace. 10 | This enables building container images in environments that can't easily or securely run a Docker daemon, such as a standard Kubernetes cluster. 11 | 12 | kaniko is meant to be run as an image: `gcr.io/kaniko-project/executor`. 13 | 14 | #### Pushing to Docker Hub 15 | 16 | Get your docker registry user and password encoded in base64 17 | 18 | echo -n USER:PASSWORD | base64 19 | 20 | Create a `config.json` file with your Docker registry url and the previous generated base64 string 21 | 22 | > 注意:此处的文件名将作为Secret中的key,其挂载后代表的文件名要求必须为config.json,因此,若使用了其它的文件名,则必须要在创建Secret对象时,将其key明确定义为config.json。 23 | 24 | **Note:** 如果是Docker Hub,Please use v1 endpoint,如果是自行部署的私有Registry,例如Harbor,可直接使用服务器地址,形如“https://registry.magedu.com/”即可。 25 | 26 | ``` 27 | { 28 | "auths": { 29 | "https://index.docker.io/v1/": { 30 | "auth": "xxxxxxxxxxxxxxx" 31 | } 32 | } 33 | } 34 | ``` 35 | 36 | Configure credentials 37 | 38 | You can create a Kubernetes secret for your `~/.docker/config.json` file so that credentials can be accessed within the cluster. 39 | To create the secret, run: 40 | ```shell 41 | kubectl create secret generic registry-credential --from-file=config.json= 42 | ``` 43 | 44 | 注意: Secret的类型必须为“generic”,一定不能使用“docker-registry”。 45 | 46 | -------------------------------------------------------------------------------- /08-argo-rollouts/01-argo-rollouts-demo.yaml: -------------------------------------------------------------------------------- 1 | # CopyRight: MageEdu 2 | apiVersion: argoproj.io/v1alpha1 3 | kind: Rollout 4 | metadata: 5 | name: rollouts-spring-boot-helloworld 6 | spec: 7 | replicas: 10 8 | strategy: 9 | canary: 10 | steps: 11 | - setWeight: 10 12 | - pause: {} 13 | - setWeight: 20 14 | - pause: {duration: 20} 15 | - setWeight: 30 16 | - pause: {duration: 20} 17 | - setWeight: 40 18 | - pause: {duration: 20} 19 | - setWeight: 60 20 | - pause: {duration: 20} 21 | - setWeight: 80 22 | - pause: {duration: 20} 23 | revisionHistoryLimit: 5 24 | selector: 25 | matchLabels: 26 | app: spring-boot-helloworld 27 | template: 28 | metadata: 29 | labels: 30 | app: spring-boot-helloworld 31 | spec: 32 | containers: 33 | - name: spring-boot-helloworld 34 | image: ikubernetes/spring-boot-helloworld:v0.9.2 35 | ports: 36 | - name: http 37 | containerPort: 80 38 | protocol: TCP 39 | resources: 40 | requests: 41 | memory: 32Mi 42 | cpu: 50m 43 | livenessProbe: 44 | httpGet: 45 | path: '/' 46 | port: 80 47 | scheme: HTTP 48 | initialDelaySeconds: 3 49 | readinessProbe: 50 | httpGet: 51 | path: '/' 52 | port: 80 53 | scheme: HTTP 54 | initialDelaySeconds: 5 55 | --- 56 | apiVersion: v1 57 | kind: Service 58 | metadata: 59 | name: spring-boot-helloworld 60 | spec: 61 | ports: 62 | - port: 80 63 | targetPort: http 64 | protocol: TCP 65 | name: http 66 | selector: 67 | app: spring-boot-helloworld 68 | -------------------------------------------------------------------------------- /03-tekton-advanced/04-pipeline-worlspace-02.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Pipeline 3 | metadata: 4 | name: volume-share 5 | spec: 6 | params: 7 | - name: git-url 8 | type: string 9 | workspaces: 10 | - name: codebase 11 | tasks: 12 | - name: fetch-from-source 13 | params: 14 | - name: url 15 | value: $(params.git-url) 16 | taskSpec: 17 | workspaces: 18 | - name: source 19 | params: 20 | - name: url 21 | steps: 22 | - name: git-clone 23 | image: alpine/git:v2.45.2 24 | script: git clone -v $(params.url) $(workspaces.source.path)/source 25 | workspaces: 26 | - name: source 27 | workspace: codebase 28 | - name: source-lister 29 | runAfter: 30 | - fetch-from-source 31 | taskSpec: 32 | steps: 33 | - name: list-files 34 | image: alpine:3.20 35 | script: ls $(workspaces.source.path)/source 36 | workspaces: 37 | - name: source 38 | workspaces: 39 | - name: source 40 | workspace: codebase 41 | --- 42 | apiVersion: tekton.dev/v1 43 | kind: PipelineRun 44 | metadata: 45 | name: volume-share-run-xxxx 46 | spec: 47 | pipelineRef: 48 | name: volume-share 49 | params: 50 | - name: git-url 51 | value: https://gitee.com/mageedu/spring-boot-helloWorld.git 52 | #value: http://code.gitlab.svc/root/spring-boot-helloWorld.git 53 | workspaces: 54 | - name: codebase 55 | volumeClaimTemplate: 56 | spec: 57 | accessModes: 58 | - ReadWriteOnce 59 | resources: 60 | requests: 61 | storage: 1Gi 62 | storageClassName: openebs-hostpath 63 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/03-s2i-auto-gen-build-id/05-pipeline-source-to-image.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Pipeline 3 | metadata: 4 | name: source-to-image 5 | spec: 6 | params: 7 | - name: git-url 8 | - name: pathToContext 9 | description: The path to the build context, used by Kaniko - within the workspace 10 | default: . 11 | - name: image-url 12 | description: Url of image repository 13 | - name: version 14 | description: The version of the application 15 | type: string 16 | default: "v0.9" 17 | #results: 18 | # - name: datetime 19 | # description: The current date and time 20 | # - name: buildId 21 | # description: The build ID 22 | workspaces: 23 | - name: codebase 24 | - name: docker-config 25 | tasks: 26 | - name: git-clone 27 | taskRef: 28 | name: git-clone 29 | params: 30 | - name: url 31 | value: "$(params.git-url)" 32 | workspaces: 33 | - name: source 34 | workspace: codebase 35 | - name: build-to-package 36 | taskRef: 37 | name: build-to-package 38 | workspaces: 39 | - name: source 40 | workspace: codebase 41 | runAfter: 42 | - git-clone 43 | - name: generate-build-id 44 | taskRef: 45 | name: generate-build-id 46 | params: 47 | - name: version 48 | value: "$(params.version)" 49 | runAfter: 50 | - git-clone 51 | - name: image-build-and-push 52 | taskRef: 53 | name: image-build-and-push 54 | params: 55 | - name: image-url 56 | value: "$(params.image-url)" 57 | - name: image-tag 58 | value: "$(tasks.generate-build-id.results.buildId)" 59 | workspaces: 60 | - name: source 61 | workspace: codebase 62 | - name: dockerconfig 63 | workspace: docker-config 64 | runAfter: 65 | - generate-build-id 66 | - build-to-package 67 | -------------------------------------------------------------------------------- /03-tekton-advanced/05-pipeline-source-to-package.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Pipeline 3 | metadata: 4 | name: source-2-package 5 | spec: 6 | params: 7 | - name: git-url 8 | type: string 9 | workspaces: 10 | - name: codebase 11 | tasks: 12 | - name: fetch-from-source 13 | params: 14 | - name: url 15 | value: $(params.git-url) 16 | taskSpec: 17 | workspaces: 18 | - name: source 19 | params: 20 | - name: url 21 | steps: 22 | - name: git-clone 23 | image: alpine/git:v2.45.2 24 | script: git clone -v $(params.url) $(workspaces.source.path)/source 25 | workspaces: 26 | - name: source 27 | workspace: codebase 28 | - name: build-package 29 | runAfter: 30 | - fetch-from-source 31 | taskSpec: 32 | steps: 33 | - name: build 34 | #image: maven:3.8-openjdk-11-slim 35 | image: maven:3.8.7-eclipse-temurin-11-alpine 36 | workingDir: $(workspaces.source.path)/source 37 | script: | 38 | #curl -sL https://gitee.com/mageedu/spring-boot-helloWorld/raw/main/maven/settings.xml -o /usr/share/maven/conf/settings.xml 39 | cat maven/settings.xml > /usr/share/maven/conf/settings.xml 40 | mvn clean install 41 | workspaces: 42 | - name: source 43 | workspaces: 44 | - name: source 45 | workspace: codebase 46 | --- 47 | apiVersion: tekton.dev/v1 48 | kind: PipelineRun 49 | metadata: 50 | name: source-2-package-run-001 51 | spec: 52 | pipelineRef: 53 | name: source-2-package 54 | params: 55 | - name: git-url 56 | value: https://gitee.com/mageedu/spring-boot-helloWorld.git 57 | #value: http://code.gitlab.svc.cluster.local/root/spring-boot-helloWorld.git 58 | workspaces: 59 | - name: codebase 60 | volumeClaimTemplate: 61 | spec: 62 | accessModes: 63 | - ReadWriteOnce 64 | resources: 65 | requests: 66 | storage: 1Gi 67 | storageClassName: openebs-hostpath 68 | -------------------------------------------------------------------------------- /09-rollouts-and-ingress/01-basic-rollouts-demo.yaml: -------------------------------------------------------------------------------- 1 | # CopyRight: MageEdu 2 | # 3 | --- 4 | apiVersion: argoproj.io/v1alpha1 5 | kind: Rollout 6 | metadata: 7 | name: rollouts-spring-boot-helloworld 8 | spec: 9 | replicas: 10 10 | strategy: 11 | canary: 12 | steps: 13 | - setWeight: 10 14 | - pause: {} 15 | - setWeight: 20 16 | - pause: {duration: 20} 17 | - setWeight: 30 18 | - pause: {duration: 20} 19 | - setWeight: 40 20 | - pause: {duration: 20} 21 | - setWeight: 60 22 | - pause: {duration: 20} 23 | - setWeight: 80 24 | - pause: {duration: 20} 25 | revisionHistoryLimit: 5 26 | selector: 27 | matchLabels: 28 | app: spring-boot-helloworld 29 | template: 30 | metadata: 31 | labels: 32 | app: spring-boot-helloworld 33 | spec: 34 | containers: 35 | - name: spring-boot-helloworld 36 | image: ikubernetes/spring-boot-helloworld:v0.9.2 37 | ports: 38 | - name: http 39 | containerPort: 80 40 | protocol: TCP 41 | resources: 42 | requests: 43 | memory: 32Mi 44 | cpu: 50m 45 | livenessProbe: 46 | httpGet: 47 | path: '/' 48 | port: 80 49 | scheme: HTTP 50 | initialDelaySeconds: 3 51 | readinessProbe: 52 | httpGet: 53 | path: '/' 54 | port: 80 55 | scheme: HTTP 56 | initialDelaySeconds: 5 57 | --- 58 | apiVersion: v1 59 | kind: Service 60 | metadata: 61 | name: spring-boot-helloworld 62 | spec: 63 | ports: 64 | - port: 80 65 | targetPort: http 66 | protocol: TCP 67 | name: http 68 | selector: 69 | app: spring-boot-helloworld 70 | --- 71 | apiVersion: networking.k8s.io/v1 72 | kind: Ingress 73 | metadata: 74 | name: spring-boot-helloworld 75 | spec: 76 | ingressClassName: "nginx" 77 | rules: 78 | - host: hello.magedu.com 79 | http: 80 | paths: 81 | - path: / 82 | pathType: Prefix 83 | backend: 84 | service: 85 | name: spring-boot-helloworld 86 | port: 87 | number: 80 88 | --- 89 | -------------------------------------------------------------------------------- /05-tekton-triggers/03-trigger-pipelinerun-s2i/05-pipeline-source-to-image.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Pipeline 3 | metadata: 4 | name: source-to-image 5 | spec: 6 | params: 7 | - name: git-repo-url 8 | type: string 9 | description: git repository url to clone 10 | - name: git-revision 11 | type: string 12 | description: git revision to checkout (branch, tag, sha, ref) 13 | default: main 14 | - name: image-build-context 15 | description: The path to the build context, used by Kaniko - within the workspace 16 | default: . 17 | - name: image-url 18 | description: Url of image repository 19 | - name: version 20 | description: The version of the application 21 | type: string 22 | default: "v0.9" 23 | #results: 24 | # - name: datetime 25 | # description: The current date and time 26 | # - name: buildId 27 | # description: The build ID 28 | workspaces: 29 | - name: codebase 30 | - name: docker-config 31 | tasks: 32 | - name: git-clone 33 | taskRef: 34 | name: git-clone 35 | params: 36 | - name: git-repo-url 37 | value: "$(params.git-repo-url)" 38 | - name: git-revision 39 | value: "$(params.git-revision)" 40 | workspaces: 41 | - name: source 42 | workspace: codebase 43 | - name: build-to-package 44 | taskRef: 45 | name: build-to-package 46 | workspaces: 47 | - name: source 48 | workspace: codebase 49 | runAfter: 50 | - git-clone 51 | - name: generate-build-id 52 | taskRef: 53 | name: generate-build-id 54 | params: 55 | - name: version 56 | value: "$(params.version)" 57 | runAfter: 58 | - git-clone 59 | - name: image-build-and-push 60 | taskRef: 61 | name: image-build-and-push 62 | params: 63 | - name: image-url 64 | value: "$(params.image-url)" 65 | - name: image-tag 66 | value: "$(tasks.generate-build-id.results.buildId)" 67 | workspaces: 68 | - name: source 69 | workspace: codebase 70 | - name: dockerconfig 71 | workspace: docker-config 72 | runAfter: 73 | - generate-build-id 74 | - build-to-package 75 | -------------------------------------------------------------------------------- /08-argo-rollouts/05-argo-rollouts-bluegreen-with-analysis.yaml: -------------------------------------------------------------------------------- 1 | # CopyRight: MageEdu 2 | --- 3 | apiVersion: argoproj.io/v1alpha1 4 | kind: AnalysisTemplate 5 | metadata: 6 | name: success-rate 7 | spec: 8 | args: 9 | - name: service-name 10 | metrics: 11 | - name: success-rate 12 | successCondition: result[0] >= 0.95 13 | interval: 20s 14 | count: 5 15 | failureLimit: 5 16 | provider: 17 | prometheus: 18 | address: http://prometheus.istio-system.svc.cluster.local:9090 19 | query: | 20 | sum(irate( 21 | istio_requests_total{reporter="source",destination_service=~"{{args.service-name}}",response_code!~"5.*"}[1m] 22 | )) / 23 | sum(irate( 24 | istio_requests_total{reporter="source",destination_service=~"{{args.service-name}}"}[1m] 25 | )) 26 | --- 27 | apiVersion: argoproj.io/v1alpha1 28 | kind: Rollout 29 | metadata: 30 | name: rollout-helloworld-bluegreen-with-analysis 31 | spec: 32 | replicas: 3 33 | revisionHistoryLimit: 5 34 | selector: 35 | matchLabels: 36 | app: rollout-helloworld-bluegreen 37 | template: 38 | metadata: 39 | labels: 40 | app: rollout-helloworld-bluegreen 41 | spec: 42 | containers: 43 | - name: spring-boot-helloworld 44 | image: ikubernetes/spring-boot-helloworld:v0.9.2 45 | ports: 46 | - containerPort: 80 47 | strategy: 48 | blueGreen: 49 | activeService: spring-boot-helloworld 50 | previewService: spring-boot-helloworld-preview 51 | prePromotionAnalysis: 52 | templates: 53 | - templateName: success-rate 54 | args: 55 | - name: service-name 56 | value: spring-boot-helloworld.demo.svc.cluster.local 57 | postPromotionAnalysis: 58 | templates: 59 | - templateName: success-rate 60 | args: 61 | - name: service-name 62 | value: spring-boot-helloworld.demo.svc.cluster.local 63 | autoPromotionEnabled: true 64 | --- 65 | kind: Service 66 | apiVersion: v1 67 | metadata: 68 | name: spring-boot-helloworld 69 | spec: 70 | selector: 71 | app: rollout-helloworld-bluegreen 72 | ports: 73 | - protocol: TCP 74 | port: 80 75 | targetPort: 80 76 | --- 77 | kind: Service 78 | apiVersion: v1 79 | metadata: 80 | name: spring-boot-helloworld-preview 81 | spec: 82 | selector: 83 | app: rollout-helloworld-bluegreen 84 | ports: 85 | - protocol: TCP 86 | port: 80 87 | targetPort: 80 88 | -------------------------------------------------------------------------------- /05-tekton-triggers/02-trigger-taskrun/02-gitlab-eventlistener-rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: tekton-triggers-gitlab-sa 5 | secrets: 6 | - name: gitlab-webhook-token 7 | --- 8 | kind: Role 9 | apiVersion: rbac.authorization.k8s.io/v1 10 | metadata: 11 | name: tekton-triggers-gitlab-minimal 12 | rules: 13 | # Permissions for every EventListener deployment to function 14 | - apiGroups: ["triggers.tekton.dev"] 15 | resources: 16 | - eventlisteners 17 | - triggerbindings 18 | - interceptors 19 | - triggertemplates 20 | - triggers 21 | verbs: 22 | - get 23 | - list 24 | - watch 25 | - apiGroups: [""] 26 | # secrets are only needed for Github/Gitlab interceptors, serviceaccounts only for per trigger authorization 27 | resources: 28 | - "configmaps" 29 | - "secrets" 30 | verbs: 31 | - get 32 | - list 33 | - watch 34 | - apiGroups: 35 | - "" 36 | resources: 37 | - serviceaccounts 38 | verbs: 39 | - impersonate 40 | - apiGroups: 41 | - "" 42 | resources: 43 | - events 44 | verbs: 45 | - create 46 | - patch 47 | # Permissions to create resources in associated TriggerTemplates 48 | - apiGroups: ["tekton.dev"] 49 | resources: 50 | - pipelineruns 51 | - pipelineresources 52 | - taskruns 53 | verbs: ["create"] 54 | --- 55 | apiVersion: rbac.authorization.k8s.io/v1 56 | kind: RoleBinding 57 | metadata: 58 | name: tekton-triggers-gitlab-binding 59 | subjects: 60 | - kind: ServiceAccount 61 | name: tekton-triggers-gitlab-sa 62 | roleRef: 63 | apiGroup: rbac.authorization.k8s.io 64 | kind: Role 65 | name: tekton-triggers-gitlab-minimal 66 | --- 67 | kind: ClusterRole 68 | apiVersion: rbac.authorization.k8s.io/v1 69 | metadata: 70 | name: tekton-triggers-gitlab-minimal 71 | rules: 72 | - apiGroups: 73 | - triggers.tekton.dev 74 | resources: 75 | - clustertriggerbindings 76 | - clusterinterceptors 77 | verbs: 78 | - get 79 | - list 80 | - watch 81 | - apiGroups: 82 | - "" 83 | resources: 84 | - secrets 85 | verbs: 86 | - get 87 | - list 88 | - watch 89 | --- 90 | apiVersion: rbac.authorization.k8s.io/v1 91 | kind: ClusterRoleBinding 92 | metadata: 93 | name: tekton-triggers-gitlab-binding 94 | subjects: 95 | - kind: ServiceAccount 96 | name: tekton-triggers-gitlab-sa 97 | namespace: default 98 | roleRef: 99 | apiGroup: rbac.authorization.k8s.io 100 | kind: ClusterRole 101 | name: tekton-triggers-gitlab-minimal 102 | -------------------------------------------------------------------------------- /05-tekton-triggers/03-trigger-pipelinerun-s2i/02-gitlab-eventlistener-rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: tekton-triggers-gitlab-sa 5 | secrets: 6 | - name: gitlab-webhook-token 7 | --- 8 | kind: Role 9 | apiVersion: rbac.authorization.k8s.io/v1 10 | metadata: 11 | name: tekton-triggers-gitlab-minimal 12 | rules: 13 | # Permissions for every EventListener deployment to function 14 | - apiGroups: ["triggers.tekton.dev"] 15 | resources: 16 | - eventlisteners 17 | - triggerbindings 18 | - interceptors 19 | - triggertemplates 20 | - triggers 21 | verbs: 22 | - get 23 | - list 24 | - watch 25 | - apiGroups: [""] 26 | # secrets are only needed for Github/Gitlab interceptors, serviceaccounts only for per trigger authorization 27 | resources: 28 | - "configmaps" 29 | - "secrets" 30 | verbs: 31 | - get 32 | - list 33 | - watch 34 | - apiGroups: 35 | - "" 36 | resources: 37 | - serviceaccounts 38 | verbs: 39 | - impersonate 40 | - apiGroups: 41 | - "" 42 | resources: 43 | - events 44 | verbs: 45 | - create 46 | - patch 47 | # Permissions to create resources in associated TriggerTemplates 48 | - apiGroups: ["tekton.dev"] 49 | resources: 50 | - pipelineruns 51 | - pipelineresources 52 | - taskruns 53 | verbs: ["create"] 54 | --- 55 | apiVersion: rbac.authorization.k8s.io/v1 56 | kind: RoleBinding 57 | metadata: 58 | name: tekton-triggers-gitlab-binding 59 | subjects: 60 | - kind: ServiceAccount 61 | name: tekton-triggers-gitlab-sa 62 | roleRef: 63 | apiGroup: rbac.authorization.k8s.io 64 | kind: Role 65 | name: tekton-triggers-gitlab-minimal 66 | --- 67 | kind: ClusterRole 68 | apiVersion: rbac.authorization.k8s.io/v1 69 | metadata: 70 | name: tekton-triggers-gitlab-minimal 71 | rules: 72 | - apiGroups: 73 | - triggers.tekton.dev 74 | resources: 75 | - clustertriggerbindings 76 | - clusterinterceptors 77 | verbs: 78 | - get 79 | - list 80 | - watch 81 | - apiGroups: 82 | - "" 83 | resources: 84 | - secrets 85 | verbs: 86 | - get 87 | - list 88 | - watch 89 | --- 90 | apiVersion: rbac.authorization.k8s.io/v1 91 | kind: ClusterRoleBinding 92 | metadata: 93 | name: tekton-triggers-gitlab-binding 94 | subjects: 95 | - kind: ServiceAccount 96 | name: tekton-triggers-gitlab-sa 97 | namespace: default 98 | roleRef: 99 | apiGroup: rbac.authorization.k8s.io 100 | kind: ClusterRole 101 | name: tekton-triggers-gitlab-minimal 102 | -------------------------------------------------------------------------------- /05-tekton-triggers/04-trigger-pipelinerun-cicd/02-gitlab-eventlistener-rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: tekton-triggers-gitlab-sa 5 | secrets: 6 | - name: gitlab-webhook-token 7 | --- 8 | kind: Role 9 | apiVersion: rbac.authorization.k8s.io/v1 10 | metadata: 11 | name: tekton-triggers-gitlab-minimal 12 | rules: 13 | # Permissions for every EventListener deployment to function 14 | - apiGroups: ["triggers.tekton.dev"] 15 | resources: 16 | - eventlisteners 17 | - triggerbindings 18 | - interceptors 19 | - triggertemplates 20 | - triggers 21 | verbs: 22 | - get 23 | - list 24 | - watch 25 | - apiGroups: [""] 26 | # secrets are only needed for Github/Gitlab interceptors, serviceaccounts only for per trigger authorization 27 | resources: 28 | - "configmaps" 29 | - "secrets" 30 | verbs: 31 | - get 32 | - list 33 | - watch 34 | - apiGroups: 35 | - "" 36 | resources: 37 | - serviceaccounts 38 | verbs: 39 | - impersonate 40 | - apiGroups: 41 | - "" 42 | resources: 43 | - events 44 | verbs: 45 | - create 46 | - patch 47 | # Permissions to create resources in associated TriggerTemplates 48 | - apiGroups: ["tekton.dev"] 49 | resources: 50 | - pipelineruns 51 | - pipelineresources 52 | - taskruns 53 | verbs: ["create"] 54 | --- 55 | apiVersion: rbac.authorization.k8s.io/v1 56 | kind: RoleBinding 57 | metadata: 58 | name: tekton-triggers-gitlab-binding 59 | subjects: 60 | - kind: ServiceAccount 61 | name: tekton-triggers-gitlab-sa 62 | roleRef: 63 | apiGroup: rbac.authorization.k8s.io 64 | kind: Role 65 | name: tekton-triggers-gitlab-minimal 66 | --- 67 | kind: ClusterRole 68 | apiVersion: rbac.authorization.k8s.io/v1 69 | metadata: 70 | name: tekton-triggers-gitlab-minimal 71 | rules: 72 | - apiGroups: 73 | - triggers.tekton.dev 74 | resources: 75 | - clustertriggerbindings 76 | - clusterinterceptors 77 | verbs: 78 | - get 79 | - list 80 | - watch 81 | - apiGroups: 82 | - "" 83 | resources: 84 | - secrets 85 | verbs: 86 | - get 87 | - list 88 | - watch 89 | --- 90 | apiVersion: rbac.authorization.k8s.io/v1 91 | kind: ClusterRoleBinding 92 | metadata: 93 | name: tekton-triggers-gitlab-binding 94 | subjects: 95 | - kind: ServiceAccount 96 | name: tekton-triggers-gitlab-sa 97 | namespace: default 98 | roleRef: 99 | apiGroup: rbac.authorization.k8s.io 100 | kind: ClusterRole 101 | name: tekton-triggers-gitlab-minimal 102 | -------------------------------------------------------------------------------- /03-tekton-advanced/06-pipeline-source-to-package.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: maven-cache 5 | spec: 6 | storageClassName: openebs-rwx 7 | accessModes: 8 | - ReadWriteMany 9 | resources: 10 | requests: 11 | storage: 5Gi 12 | --- 13 | apiVersion: tekton.dev/v1 14 | kind: Pipeline 15 | metadata: 16 | name: source-2-package 17 | spec: 18 | params: 19 | - name: git-url 20 | type: string 21 | workspaces: 22 | - name: codebase 23 | tasks: 24 | - name: fetch-from-source 25 | params: 26 | - name: url 27 | value: $(params.git-url) 28 | taskSpec: 29 | workspaces: 30 | - name: source 31 | params: 32 | - name: url 33 | steps: 34 | - name: git-clone 35 | image: alpine/git:v2.45.2 36 | script: git clone -v $(params.url) $(workspaces.source.path)/source 37 | workspaces: 38 | - name: source 39 | workspace: codebase 40 | - name: build-package 41 | runAfter: 42 | - fetch-from-source 43 | taskSpec: 44 | steps: 45 | - name: build 46 | #image: maven:3.8-openjdk-11-slim 47 | image: maven:3.8.7-eclipse-temurin-11-alpine 48 | workingDir: $(workspaces.source.path)/source 49 | volumeMounts: 50 | - name: m2 51 | mountPath: /root/.m2 52 | script: | 53 | curl -sL https://gitee.com/mageedu/spring-boot-helloWorld/raw/main/maven/settings.xml -o /usr/share/maven/conf/settings.xml 54 | #cat maven/settings.xml > /usr/share/maven/conf/settings.xml 55 | mvn clean install 56 | workspaces: 57 | - name: source 58 | volumes: 59 | - name: m2 60 | persistentVolumeClaim: 61 | claimName: maven-cache 62 | workspaces: 63 | - name: source 64 | workspace: codebase 65 | --- 66 | apiVersion: tekton.dev/v1 67 | kind: PipelineRun 68 | metadata: 69 | name: source-2-package-run-002 70 | spec: 71 | pipelineRef: 72 | name: source-2-package 73 | params: 74 | - name: git-url 75 | value: https://gitee.com/mageedu/spring-boot-helloWorld.git 76 | #value: http://code.gitlab.svc.cluster.local/root/spring-boot-helloWorld.git 77 | workspaces: 78 | - name: codebase 79 | volumeClaimTemplate: 80 | spec: 81 | accessModes: 82 | - ReadWriteOnce 83 | resources: 84 | requests: 85 | storage: 1Gi 86 | storageClassName: openebs-hostpath 87 | -------------------------------------------------------------------------------- /04-tekton-pipeline-in-practise/04-s2i-auto-deploy/06-pipeline-source-to-image.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Pipeline 3 | metadata: 4 | name: source-to-image 5 | spec: 6 | params: 7 | - name: git-url 8 | - name: pathToContext 9 | description: The path to the build context, used by Kaniko - within the workspace 10 | default: . 11 | - name: image-url 12 | description: Url of image repository 13 | - name: deploy-config-file 14 | description: The path to the yaml file to deploy within the git source 15 | default: all-in-one.yaml 16 | - name: version 17 | description: The version of the application 18 | type: string 19 | default: "v0.9" 20 | #results: 21 | # - name: datetime 22 | # description: The current date and time 23 | # - name: buildId 24 | # description: The build ID 25 | workspaces: 26 | - name: codebase 27 | - name: docker-config 28 | tasks: 29 | - name: git-clone 30 | taskRef: 31 | name: git-clone 32 | params: 33 | - name: url 34 | value: "$(params.git-url)" 35 | workspaces: 36 | - name: source 37 | workspace: codebase 38 | - name: build-to-package 39 | taskRef: 40 | name: build-to-package 41 | workspaces: 42 | - name: source 43 | workspace: codebase 44 | runAfter: 45 | - git-clone 46 | - name: generate-build-id 47 | taskRef: 48 | name: generate-build-id 49 | params: 50 | - name: version 51 | value: "$(params.version)" 52 | runAfter: 53 | - git-clone 54 | - name: image-build-and-push 55 | taskRef: 56 | name: image-build-and-push 57 | params: 58 | - name: image-url 59 | value: "$(params.image-url)" 60 | - name: image-tag 61 | value: "$(tasks.generate-build-id.results.buildId)" 62 | workspaces: 63 | - name: source 64 | workspace: codebase 65 | - name: dockerconfig 66 | workspace: docker-config 67 | runAfter: 68 | - generate-build-id 69 | - build-to-package 70 | - name: deploy-to-cluster 71 | taskRef: 72 | name: deploy-using-kubectl 73 | workspaces: 74 | - name: source 75 | workspace: codebase 76 | params: 77 | - name: deploy-config-file 78 | value: $(params.deploy-config-file) 79 | - name: image-url 80 | value: $(params.image-url) 81 | - name: image-tag 82 | value: "$(tasks.generate-build-id.results.buildId)" 83 | runAfter: 84 | - image-build-and-push 85 | -------------------------------------------------------------------------------- /09-rollouts-and-ingress/02-rollouts-with-ingress-nginx-traffic-shifting.yaml: -------------------------------------------------------------------------------- 1 | # CopyRight: MageEdu 2 | --- 3 | apiVersion: argoproj.io/v1alpha1 4 | kind: Rollout 5 | metadata: 6 | name: rollouts-helloworld-with-traffic-shifting 7 | spec: 8 | replicas: 10 9 | strategy: 10 | canary: 11 | canaryService: spring-boot-helloworld-canary 12 | stableService: spring-boot-helloworld 13 | trafficRouting: 14 | nginx: 15 | stableIngress: spring-boot-helloworld 16 | steps: 17 | - setCanaryScale: 18 | matchTrafficWeight: true 19 | - setWeight: 5 20 | - pause: {duration: 1m} 21 | - setWeight: 10 22 | - pause: {duration: 1m} 23 | - pause: {duration: 20} 24 | - setWeight: 20 25 | - pause: {duration: 40} 26 | - setWeight: 40 27 | - pause: {duration: 20} 28 | - setWeight: 60 29 | - pause: {duration: 20} 30 | - setWeight: 80 31 | - pause: {duration: 20} 32 | revisionHistoryLimit: 5 33 | selector: 34 | matchLabels: 35 | app: spring-boot-helloworld 36 | template: 37 | metadata: 38 | labels: 39 | app: spring-boot-helloworld 40 | spec: 41 | containers: 42 | - name: spring-boot-helloworld 43 | image: ikubernetes/spring-boot-helloworld:v0.9.2 44 | ports: 45 | - name: http 46 | containerPort: 80 47 | protocol: TCP 48 | resources: 49 | requests: 50 | memory: 32Mi 51 | cpu: 50m 52 | livenessProbe: 53 | httpGet: 54 | path: '/' 55 | port: 80 56 | scheme: HTTP 57 | initialDelaySeconds: 3 58 | readinessProbe: 59 | httpGet: 60 | path: '/' 61 | port: 80 62 | scheme: HTTP 63 | initialDelaySeconds: 5 64 | --- 65 | apiVersion: v1 66 | kind: Service 67 | metadata: 68 | name: spring-boot-helloworld 69 | spec: 70 | ports: 71 | - port: 80 72 | targetPort: http 73 | protocol: TCP 74 | name: http 75 | selector: 76 | app: spring-boot-helloworld 77 | --- 78 | apiVersion: v1 79 | kind: Service 80 | metadata: 81 | name: spring-boot-helloworld-canary 82 | spec: 83 | ports: 84 | - port: 80 85 | targetPort: http 86 | protocol: TCP 87 | name: http 88 | selector: 89 | app: spring-boot-helloworld 90 | --- 91 | apiVersion: networking.k8s.io/v1 92 | kind: Ingress 93 | metadata: 94 | name: spring-boot-helloworld 95 | spec: 96 | ingressClassName: "nginx" 97 | rules: 98 | - host: hello.magedu.com 99 | http: 100 | paths: 101 | - path: / 102 | pathType: Prefix 103 | backend: 104 | service: 105 | name: spring-boot-helloworld 106 | port: 107 | number: 80 108 | --- 109 | -------------------------------------------------------------------------------- /05-tekton-triggers/04-trigger-pipelinerun-cicd/06-pipeline-source-to-image.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1 2 | kind: Pipeline 3 | metadata: 4 | name: source-to-image 5 | spec: 6 | params: 7 | - name: git-repo-url 8 | type: string 9 | description: git repository url to clone 10 | - name: git-revision 11 | type: string 12 | description: git revision to checkout (branch, tag, sha, ref) 13 | default: main 14 | - name: image-build-context 15 | description: The path to the build context, used by Kaniko - within the workspace 16 | default: . 17 | - name: image-url 18 | description: Url of image repository 19 | - name: version 20 | description: The version of the application 21 | type: string 22 | default: "v0.9" 23 | - name: deploy-config-file 24 | description: The path to the yaml file to deploy within the git source 25 | default: all-in-one.yaml 26 | #results: 27 | # - name: datetime 28 | # description: The current date and time 29 | # - name: buildId 30 | # description: The build ID 31 | workspaces: 32 | - name: codebase 33 | - name: docker-config 34 | tasks: 35 | - name: git-clone 36 | taskRef: 37 | name: git-clone 38 | params: 39 | - name: git-repo-url 40 | value: "$(params.git-repo-url)" 41 | - name: git-revision 42 | value: "$(params.git-revision)" 43 | workspaces: 44 | - name: source 45 | workspace: codebase 46 | - name: build-to-package 47 | taskRef: 48 | name: build-to-package 49 | workspaces: 50 | - name: source 51 | workspace: codebase 52 | runAfter: 53 | - git-clone 54 | - name: generate-build-id 55 | taskRef: 56 | name: generate-build-id 57 | params: 58 | - name: version 59 | value: "$(params.version)" 60 | runAfter: 61 | - git-clone 62 | - name: image-build-and-push 63 | taskRef: 64 | name: image-build-and-push 65 | params: 66 | - name: image-url 67 | value: "$(params.image-url)" 68 | - name: image-tag 69 | value: "$(tasks.generate-build-id.results.buildId)" 70 | workspaces: 71 | - name: source 72 | workspace: codebase 73 | - name: dockerconfig 74 | workspace: docker-config 75 | runAfter: 76 | - generate-build-id 77 | - build-to-package 78 | - name: deploy-to-cluster 79 | taskRef: 80 | name: deploy-using-kubectl 81 | workspaces: 82 | - name: source 83 | workspace: codebase 84 | params: 85 | - name: deploy-config-file 86 | value: $(params.deploy-config-file) 87 | - name: image-url 88 | value: $(params.image-url) 89 | - name: image-tag 90 | value: "$(tasks.generate-build-id.results.buildId)" 91 | runAfter: 92 | - image-build-and-push 93 | -------------------------------------------------------------------------------- /09-rollouts-and-ingress/05-rollouts-bluegreen-with-analysis.yaml: -------------------------------------------------------------------------------- 1 | # CopyRight: MageEdu 2 | --- 3 | apiVersion: argoproj.io/v1alpha1 4 | kind: AnalysisTemplate 5 | metadata: 6 | name: success-rate 7 | spec: 8 | args: 9 | - name: service-name 10 | - name: namespace 11 | metrics: 12 | - name: success-rate 13 | # NOTE: prometheus queries return results in the form of a vector. 14 | # So it is common to access the index 0 of the returned array to obtain the value 15 | successCondition: result[0] >= 0.95 16 | interval: 20s 17 | count: 3 18 | failureLimit: 3 19 | provider: 20 | prometheus: 21 | address: http://prometheus.prom.svc.cluster.local:9090 22 | query: | 23 | sum(irate(nginx_ingress_controller_requests{service=~"{{args.service-name}}",namespace=~"{{args.namespace}}",status!~"[4-5].*"}[1m])) / 24 | sum(irate(nginx_ingress_controller_requests{service=~"{{args.service-name}}",namespace=~"{{args.namespace}}"}[1m])) 25 | --- 26 | apiVersion: argoproj.io/v1alpha1 27 | kind: Rollout 28 | metadata: 29 | name: rollout-helloworld-bluegreen-with-analysis 30 | spec: 31 | replicas: 3 32 | revisionHistoryLimit: 5 33 | selector: 34 | matchLabels: 35 | app: rollout-helloworld-bluegreen 36 | template: 37 | metadata: 38 | labels: 39 | app: rollout-helloworld-bluegreen 40 | spec: 41 | containers: 42 | - name: spring-boot-helloworld 43 | image: ikubernetes/spring-boot-helloworld:v0.9.2 44 | ports: 45 | - containerPort: 80 46 | strategy: 47 | blueGreen: 48 | activeService: spring-boot-helloworld 49 | previewService: spring-boot-helloworld-preview 50 | prePromotionAnalysis: 51 | templates: 52 | - templateName: success-rate 53 | args: 54 | - name: service-name 55 | value: spring-boot-helloworld 56 | - name: namespace 57 | value: default 58 | postPromotionAnalysis: 59 | templates: 60 | - templateName: success-rate 61 | args: 62 | - name: service-name 63 | value: spring-boot-helloworld 64 | - name: namespace 65 | value: default 66 | autoPromotionEnabled: true 67 | --- 68 | kind: Service 69 | apiVersion: v1 70 | metadata: 71 | name: spring-boot-helloworld 72 | spec: 73 | selector: 74 | app: rollout-helloworld-bluegreen 75 | ports: 76 | - protocol: TCP 77 | port: 80 78 | targetPort: 80 79 | --- 80 | kind: Service 81 | apiVersion: v1 82 | metadata: 83 | name: spring-boot-helloworld-preview 84 | spec: 85 | selector: 86 | app: rollout-helloworld-bluegreen 87 | ports: 88 | - protocol: TCP 89 | port: 80 90 | targetPort: 80 91 | --- 92 | apiVersion: networking.k8s.io/v1 93 | kind: Ingress 94 | metadata: 95 | name: spring-boot-helloworld 96 | spec: 97 | ingressClassName: "nginx" 98 | rules: 99 | - host: hello.magedu.com 100 | http: 101 | paths: 102 | - path: / 103 | pathType: Prefix 104 | backend: 105 | service: 106 | name: spring-boot-helloworld 107 | port: 108 | number: 80 109 | --- 110 | -------------------------------------------------------------------------------- /08-argo-rollouts/02-argo-rollouts-with-istio-traffic-shifting.yaml: -------------------------------------------------------------------------------- 1 | # CopyRight: MageEdu 2 | --- 3 | apiVersion: argoproj.io/v1alpha1 4 | kind: Rollout 5 | metadata: 6 | name: rollouts-helloworld-with-traffic-shifting 7 | spec: 8 | replicas: 10 9 | strategy: 10 | canary: 11 | trafficRouting: 12 | istio: 13 | virtualService: 14 | name: helloworld-rollout-vsvc # required 15 | routes: 16 | - primary # optional if there is a single route in VirtualService, required otherwise 17 | destinationRule: 18 | name: helloworld-rollout-destrule # required 19 | canarySubsetName: canary # required 20 | stableSubsetName: stable # required 21 | steps: 22 | - setCanaryScale: 23 | matchTrafficWeight: true 24 | - setWeight: 5 25 | - pause: {duration: 1m} 26 | - setWeight: 10 27 | - pause: {duration: 1m} 28 | - pause: {duration: 20} 29 | - setWeight: 20 30 | - pause: {duration: 40} 31 | - setWeight: 40 32 | - pause: {duration: 20} 33 | - setWeight: 60 34 | - pause: {duration: 20} 35 | - setWeight: 80 36 | - pause: {duration: 20} 37 | revisionHistoryLimit: 5 38 | selector: 39 | matchLabels: 40 | app: spring-boot-helloworld 41 | template: 42 | metadata: 43 | labels: 44 | app: spring-boot-helloworld 45 | spec: 46 | containers: 47 | - name: spring-boot-helloworld 48 | image: ikubernetes/spring-boot-helloworld:v0.9.2 49 | ports: 50 | - name: http 51 | containerPort: 80 52 | protocol: TCP 53 | resources: 54 | requests: 55 | memory: 32Mi 56 | cpu: 50m 57 | livenessProbe: 58 | httpGet: 59 | path: '/' 60 | port: 80 61 | scheme: HTTP 62 | initialDelaySeconds: 3 63 | readinessProbe: 64 | httpGet: 65 | path: '/' 66 | port: 80 67 | scheme: HTTP 68 | initialDelaySeconds: 5 69 | --- 70 | apiVersion: v1 71 | kind: Service 72 | metadata: 73 | name: spring-boot-helloworld 74 | spec: 75 | ports: 76 | - port: 80 77 | targetPort: http 78 | protocol: TCP 79 | name: http 80 | selector: 81 | app: spring-boot-helloworld 82 | --- 83 | apiVersion: networking.istio.io/v1beta1 84 | kind: VirtualService 85 | metadata: 86 | name: helloworld-rollout-vsvc 87 | spec: 88 | #gateways: 89 | #- istio-rollout-gateway 90 | hosts: 91 | - spring-boot-helloworld 92 | http: 93 | - name: primary # referenced in canary.trafficRouting.istio.virtualService.routes 94 | route: 95 | - destination: 96 | host: spring-boot-helloworld 97 | subset: stable # referenced in canary.trafficRouting.istio.destinationRule.stableSubsetName 98 | weight: 100 99 | - destination: 100 | host: spring-boot-helloworld 101 | subset: canary # referenced in canary.trafficRouting.istio.destinationRule.canarySubsetName 102 | weight: 0 103 | --- 104 | apiVersion: networking.istio.io/v1beta1 105 | kind: DestinationRule 106 | metadata: 107 | name: helloworld-rollout-destrule 108 | spec: 109 | host: spring-boot-helloworld 110 | subsets: 111 | - name: canary # referenced in canary.trafficRouting.istio.destinationRule.canarySubsetName 112 | labels: # labels will be injected with canary rollouts-pod-template-hash value 113 | app: spring-boot-helloworld 114 | - name: stable # referenced in canary.trafficRouting.istio.destinationRule.stableSubsetName 115 | labels: # labels will be injected with stable rollouts-pod-template-hash value 116 | app: spring-boot-helloworld 117 | --- 118 | -------------------------------------------------------------------------------- /06-deploy-argocd/README.md: -------------------------------------------------------------------------------- 1 | # ArgoCD and ArgoCD Rollouts 2 | 3 | Argo CD是面向Kubernetes的声明式GitOps持续交付(CD)工具。 4 | 5 | ## Argo CD 6 | 7 | ### 部署Argo CD 8 | 9 | 部署前,先要获取最新的稳定版本号,其结果是为形如“2.12.2”一类的版本标识。 10 | 11 | ``` 12 | VERSION=$(curl -L -s https://raw.githubusercontent.com/argoproj/argo-cd/stable/VERSION) 13 | ``` 14 | 15 | 而后,部署Argo CD有HA和非HA两种模式,选其一即可。 16 | 17 | #### 非HA模式部署: 18 | 19 | ``` 20 | kubectl create namespace argocd 21 | kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v${VERSION}/manifests/install.yaml 22 | ``` 23 | 24 | #### HA模式部署: 25 | 26 | ``` 27 | kubectl create namespace argocd 28 | kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v${VERSION}/manifests/ha/install.yaml 29 | ``` 30 | 31 | ### 开放Dashboard 32 | 33 | 以下两种方式选其一即可。 34 | 35 | #### LoadBalancer Service 36 | 37 | ``` 38 | kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}' 39 | ``` 40 | 41 | #### Ingress (Ingress Nginx) 42 | 43 | ``` 44 | apiVersion: networking.k8s.io/v1 45 | kind: Ingress 46 | metadata: 47 | name: argocd-server-ingress 48 | namespace: argocd 49 | annotations: 50 | nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 51 | nginx.ingress.kubernetes.io/ssl-passthrough: "true" 52 | nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" 53 | #ingress.cilium.io/loadbalancer-mode: 'shared' 54 | #ingress.cilium.io/service-type: 'LoadBalancer' 55 | #ingress.cilium.io/tls-passthrough: 'enabled' 56 | #ingress.cilium.io/force-https: 'enabled' 57 | spec: 58 | ingressClassName: nginx 59 | rules: 60 | - host: argocd.magedu.com 61 | http: 62 | paths: 63 | - path: / 64 | pathType: Prefix 65 | backend: 66 | service: 67 | name: argocd-server 68 | port: 69 | name: https 70 | ``` 71 | 72 | ### 部署Argo CD CLI 73 | 74 | 运行如下命令,即可获取、安装最新的稳定版本的argocd cli,注意其中的变量“VERSION”来自于前面获取最新稳定版本标识的命令。 75 | 76 | ``` 77 | curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/download/v$VERSION/argocd-linux-amd64 78 | sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd 79 | rm argocd-linux-amd64 80 | ``` 81 | 82 | 83 | 84 | ### 管理员密码 85 | 86 | 获取部署过程初始化生成的密码。 87 | 88 | ```bash 89 | argocd admin initial-password -n argocd 90 | ``` 91 | 92 | 命令行登录到Argo CD。 93 | 94 | ```bash 95 | argocd login 96 | ``` 97 | 98 | 如有需要,可修改密码。 99 | 100 | ```bash 101 | argocd account update-password 102 | ``` 103 | 104 | 105 | 106 | ## Argo Rollouts 107 | 108 | ### 部署Rollouts 109 | 110 | 运行如下命令,即可部署Argo Rollouts。 111 | 112 | ``` 113 | kubectl create namespace argo-rollouts 114 | kubectl apply -n argo-rollouts -f https://github.com/argoproj/argo-rollouts/releases/latest/download/install.yaml 115 | ``` 116 | 117 | 运行如下命令,可部署Argo Rollouts Dashboard。 118 | 119 | ```bash 120 | kubectl apply -n argo-rollouts -f https://github.com/argoproj/argo-rollouts/releases/latest/download/dashboard-install.yaml 121 | ``` 122 | 123 | #### 开放Rollouts Dashboard 124 | 125 | 下面命令,会基于Ingress Nginx创建一个ingress资源对象来开放rollout,其使用的主机名为“argo-rollouts.magedu.com”。 126 | 127 | ```bash 128 | kubectl apply -f https://raw.githubusercontent.com/iKubernetes/tekton-and-argocd-in-practise/main/06-deploy-argocd/argo-rollouts/argo-rollouts-ingress.yaml 129 | ``` 130 | 131 | > 提示:访问Rollouts Dashboard时,若要管理指定名称空间下的Rollout,可以在访问的路径上使用“/rollouts/”。 132 | 133 | 134 | 135 | ### 安装kubectl argo rollout插件 136 | 137 | 运行如下命令,即可安装最新稳定版本的kubectl argo rollout插件。 138 | 139 | ```bash 140 | curl -LO https://github.com/argoproj/argo-rollouts/releases/download/v1.7.2/kubectl-argo-rollouts-linux-amd64 141 | sudo install -m 555 kubectl-argo-rollouts-linux-amd64 /usr/local/bin/kubectl-argo-rollouts 142 | rm kubectl-argo-rollouts-linux-amd64 143 | ``` 144 | 145 | 运行命令进行测试。 146 | 147 | ```bash 148 | kubectl argo rollouts version 149 | ``` 150 | 151 | -------------------------------------------------------------------------------- /09-rollouts-and-ingress/03-rollouts-with-prometheus-analysis.yaml: -------------------------------------------------------------------------------- 1 | # CopyRight: MageEdu 2 | # 3 | --- 4 | apiVersion: argoproj.io/v1alpha1 5 | kind: AnalysisTemplate 6 | metadata: 7 | name: success-rate 8 | spec: 9 | args: 10 | - name: service-name 11 | - name: namespace 12 | metrics: 13 | - name: success-rate 14 | # NOTE: prometheus queries return results in the form of a vector. 15 | # So it is common to access the index 0 of the returned array to obtain the value 16 | successCondition: result[0] >= 0.95 17 | interval: 20s 18 | count: 5 19 | failureLimit: 3 20 | provider: 21 | prometheus: 22 | address: http://prometheus-server.monitoring.svc.cluster.local:9090 23 | query: | 24 | sum(irate(nginx_ingress_controller_requests{service=~"{{args.service-name}}",namespace=~"{{args.namespace}}",status!~"[4-5].*"}[2m])) / 25 | sum(irate(nginx_ingress_controller_requests{service=~"{{args.service-name}}",namespace=~"{{args.namespace}}"}[2m])) 26 | --- 27 | apiVersion: argoproj.io/v1alpha1 28 | kind: Rollout 29 | metadata: 30 | name: rollouts-helloworld-with-analysis 31 | spec: 32 | replicas: 10 33 | strategy: 34 | canary: 35 | analysis: 36 | templates: 37 | - templateName: success-rate 38 | args: 39 | - name: service-name 40 | value: spring-boot-helloworld 41 | - name: namespace 42 | value: hello 43 | canaryService: spring-boot-helloworld-canary 44 | stableService: spring-boot-helloworld 45 | trafficRouting: 46 | nginx: 47 | stableIngress: spring-boot-helloworld 48 | steps: 49 | - setCanaryScale: 50 | matchTrafficWeight: true 51 | - setWeight: 5 52 | - pause: {duration: 2m} 53 | - setWeight: 10 54 | - pause: {duration: 1m} 55 | - setWeight: 20 56 | - pause: {duration: 40} 57 | - setWeight: 40 58 | - pause: {duration: 20} 59 | - setWeight: 60 60 | - pause: {duration: 20} 61 | - setWeight: 80 62 | - pause: {duration: 20} 63 | revisionHistoryLimit: 5 64 | selector: 65 | matchLabels: 66 | app: spring-boot-helloworld 67 | template: 68 | metadata: 69 | labels: 70 | app: spring-boot-helloworld 71 | spec: 72 | containers: 73 | - name: spring-boot-helloworld 74 | image: ikubernetes/spring-boot-helloworld:v0.9.2 75 | ports: 76 | - name: http 77 | containerPort: 80 78 | protocol: TCP 79 | resources: 80 | requests: 81 | memory: 32Mi 82 | cpu: 50m 83 | livenessProbe: 84 | httpGet: 85 | path: '/' 86 | port: 80 87 | scheme: HTTP 88 | initialDelaySeconds: 3 89 | readinessProbe: 90 | httpGet: 91 | path: '/' 92 | port: 80 93 | scheme: HTTP 94 | initialDelaySeconds: 5 95 | --- 96 | apiVersion: v1 97 | kind: Service 98 | metadata: 99 | name: spring-boot-helloworld 100 | spec: 101 | ports: 102 | - port: 80 103 | targetPort: http 104 | protocol: TCP 105 | name: http 106 | selector: 107 | app: spring-boot-helloworld 108 | --- 109 | apiVersion: v1 110 | kind: Service 111 | metadata: 112 | name: spring-boot-helloworld-canary 113 | spec: 114 | ports: 115 | - port: 80 116 | targetPort: http 117 | protocol: TCP 118 | name: http 119 | selector: 120 | app: spring-boot-helloworld 121 | --- 122 | apiVersion: networking.k8s.io/v1 123 | kind: Ingress 124 | metadata: 125 | name: spring-boot-helloworld 126 | spec: 127 | ingressClassName: "nginx" 128 | rules: 129 | - host: hello.magedu.com 130 | http: 131 | paths: 132 | - path: / 133 | pathType: Prefix 134 | backend: 135 | service: 136 | name: spring-boot-helloworld 137 | port: 138 | number: 80 139 | --- 140 | -------------------------------------------------------------------------------- /05-tekton-triggers/03-trigger-pipelinerun-s2i/04-tasks-source-to-image.yaml: -------------------------------------------------------------------------------- 1 | # Maintainer: MageEdu "" 2 | # Version: v1.0.1 3 | --- 4 | apiVersion: tekton.dev/v1 5 | kind: Task 6 | metadata: 7 | name: git-clone 8 | spec: 9 | description: Clone the code repository to the workspace. 10 | params: 11 | - name: git-repo-url 12 | type: string 13 | description: git repository url to clone 14 | - name: git-revision 15 | type: string 16 | description: git revision to checkout (branch, tag, sha, ref) 17 | workspaces: 18 | - name: source 19 | description: The git repo will be cloned onto the volume backing this workspace 20 | steps: 21 | - name: git-clone 22 | image: alpine/git:v2.45.2 23 | script: | 24 | git clone -v $(params.git-repo-url) $(workspaces.source.path)/source 25 | cd $(workspaces.source.path)/source && git reset --hard $(params.git-revision) 26 | --- 27 | apiVersion: tekton.dev/v1 28 | kind: Task 29 | metadata: 30 | name: build-to-package 31 | spec: 32 | description: build application and package the files to image 33 | workspaces: 34 | - name: source 35 | description: The git repo that cloned onto the volume backing this workspace 36 | steps: 37 | - name: build 38 | #image: maven:3.8-openjdk-11-slim 39 | image: maven:3.8.7-eclipse-temurin-11-alpine 40 | workingDir: $(workspaces.source.path)/source 41 | volumeMounts: 42 | - name: m2 43 | mountPath: /root/.m2 44 | script: | 45 | curl -sL https://gitee.com/mageedu/spring-boot-helloWorld/raw/main/maven/settings.xml -o /usr/share/maven/conf/settings.xml 46 | mvn clean install 47 | volumes: 48 | - name: m2 49 | persistentVolumeClaim: 50 | claimName: maven-cache-s2i 51 | --- 52 | apiVersion: tekton.dev/v1 53 | kind: Task 54 | metadata: 55 | name: generate-build-id 56 | spec: 57 | params: 58 | - name: version 59 | description: The version of the application 60 | type: string 61 | results: 62 | - name: datetime 63 | description: The current date and time 64 | - name: buildId 65 | description: The build ID 66 | steps: 67 | - name: generate-datetime 68 | image: ikubernetes/admin-box:v1.2 69 | script: | 70 | #!/usr/bin/env bash 71 | datetime=`date +%Y%m%d-%H%M%S` 72 | echo -n ${datetime} | tee $(results.datetime.path) 73 | - name: generate-buildid 74 | image: ikubernetes/admin-box:v1.2 75 | script: | 76 | #!/usr/bin/env bash 77 | buildDatetime=`cat $(results.datetime.path)` 78 | buildId=$(params.version)-${buildDatetime} 79 | echo -n ${buildId} | tee $(results.buildId.path) 80 | --- 81 | apiVersion: tekton.dev/v1 82 | kind: Task 83 | metadata: 84 | name: image-build-and-push 85 | spec: 86 | description: package the application files to image 87 | params: 88 | - name: dockerfile 89 | description: The path to the dockerfile to build (relative to the context) 90 | default: Dockerfile 91 | - name: image-url 92 | description: Url of image repository 93 | - name: image-tag 94 | description: Tag to apply to the built image 95 | workspaces: 96 | - name: source 97 | - name: dockerconfig 98 | mountPath: /kaniko/.docker 99 | steps: 100 | - name: image-build-and-push 101 | #image: gcr.io/kaniko-project/executor:debug 102 | image: gcr.io/kaniko-project/executor:v1.23.2 103 | securityContext: 104 | runAsUser: 0 105 | env: 106 | - name: DOCKER_CONFIG 107 | value: /kaniko/.docker 108 | command: 109 | - /kaniko/executor 110 | args: 111 | - --dockerfile=$(params.dockerfile) 112 | - --context=$(workspaces.source.path)/source 113 | - --insecure 114 | - --insecure-pull 115 | - --skip-tls-verify 116 | - --skip-tls-verify-pull 117 | - --skip-push-permission-check 118 | - --destination=$(params.image-url):$(params.image-tag) 119 | --- 120 | -------------------------------------------------------------------------------- /08-argo-rollouts/03-argo-rollouts-with-analysis.yaml: -------------------------------------------------------------------------------- 1 | # CopyRight: MageEdu 2 | --- 3 | apiVersion: argoproj.io/v1alpha1 4 | kind: AnalysisTemplate 5 | metadata: 6 | name: success-rate 7 | spec: 8 | args: 9 | - name: service-name 10 | metrics: 11 | - name: success-rate 12 | # NOTE: prometheus queries return results in the form of a vector. 13 | # So it is common to access the index 0 of the returned array to obtain the value 14 | successCondition: result[0] >= 0.95 15 | interval: 20s 16 | count: 3 17 | failureLimit: 3 18 | provider: 19 | prometheus: 20 | address: http://prometheus.istio-system.svc.cluster.local:9090 21 | query: | 22 | sum(irate( 23 | istio_requests_total{reporter="source",destination_service=~"{{args.service-name}}",response_code!~"5.*"}[1m] 24 | )) / 25 | sum(irate( 26 | istio_requests_total{reporter="source",destination_service=~"{{args.service-name}}"}[1m] 27 | )) 28 | --- 29 | apiVersion: argoproj.io/v1alpha1 30 | kind: Rollout 31 | metadata: 32 | name: rollouts-helloworld-with-analysis 33 | spec: 34 | replicas: 10 35 | strategy: 36 | canary: 37 | trafficRouting: 38 | istio: 39 | virtualService: 40 | name: helloworld-rollout-vsvc 41 | routes: 42 | - primary 43 | destinationRule: 44 | name: helloworld-rollout-destrule 45 | canarySubsetName: canary 46 | stableSubsetName: stable 47 | analysis: 48 | templates: 49 | - templateName: success-rate 50 | args: 51 | - name: service-name 52 | # change this value to your service name 53 | value: spring-boot-helloworld.demo.svc.cluster.local 54 | startingStep: 2 55 | steps: 56 | - setWeight: 5 57 | - pause: {duration: 1m} 58 | - setWeight: 10 59 | - pause: {duration: 1m} 60 | - setWeight: 30 61 | - pause: {duration: 1m} 62 | - setWeight: 60 63 | - pause: {duration: 1m} 64 | revisionHistoryLimit: 5 65 | selector: 66 | matchLabels: 67 | app: spring-boot-helloworld 68 | template: 69 | metadata: 70 | labels: 71 | app: spring-boot-helloworld 72 | spec: 73 | containers: 74 | - name: spring-boot-helloworld 75 | image: ikubernetes/spring-boot-helloworld:v0.9.2 76 | ports: 77 | - name: http 78 | containerPort: 80 79 | protocol: TCP 80 | resources: 81 | requests: 82 | memory: 32Mi 83 | cpu: 50m 84 | livenessProbe: 85 | httpGet: 86 | path: '/' 87 | port: 80 88 | scheme: HTTP 89 | readinessProbe: 90 | httpGet: 91 | path: '/' 92 | port: 80 93 | scheme: HTTP 94 | initialDelaySeconds: 5 95 | --- 96 | apiVersion: v1 97 | kind: Service 98 | metadata: 99 | name: spring-boot-helloworld 100 | spec: 101 | ports: 102 | - port: 80 103 | targetPort: http 104 | protocol: TCP 105 | name: http 106 | selector: 107 | app: spring-boot-helloworld 108 | --- 109 | apiVersion: networking.istio.io/v1beta1 110 | kind: VirtualService 111 | metadata: 112 | name: helloworld-rollout-vsvc 113 | spec: 114 | #gateways: 115 | #- istio-rollout-gateway 116 | hosts: 117 | - spring-boot-helloworld 118 | http: 119 | - name: primary 120 | route: 121 | - destination: 122 | host: spring-boot-helloworld 123 | subset: stable 124 | weight: 100 125 | - destination: 126 | host: spring-boot-helloworld 127 | subset: canary 128 | weight: 0 129 | --- 130 | apiVersion: networking.istio.io/v1beta1 131 | kind: DestinationRule 132 | metadata: 133 | name: helloworld-rollout-destrule 134 | spec: 135 | host: spring-boot-helloworld 136 | subsets: 137 | - name: canary 138 | labels: 139 | app: spring-boot-helloworld 140 | - name: stable 141 | labels: 142 | app: spring-boot-helloworld 143 | --- 144 | -------------------------------------------------------------------------------- /08-argo-rollouts/README.md: -------------------------------------------------------------------------------- 1 | # Argo Rollouts Examples. 2 | 3 | ### 01-argo-rollouts-demo.yaml 4 | 5 | ```bash 6 | kubectl create namespace demo 7 | kubectl apply -f 01-argo-rollouts-demo.yaml -n demo 8 | ``` 9 | 10 | #### client 11 | 12 | ```bash 13 | kubectl run client-$RANDOM --image ikubernetes/admin-box:v1.2 --rm -it --restart=Never --command -- /bin/bash 14 | ``` 15 | 16 | send requests... 17 | ```bash 18 | while true; do curl http://spring-boot-helloworld.demo.svc.cluster.local; echo; sleep 1; done 19 | ``` 20 | 21 | #### rollout 22 | 23 | ```bash 24 | kubectl argo rollouts set image rollouts-spring-boot-helloworld spring-boot-helloworld=ikubernetes/spring-boot-helloworld:v0.9.6 -n demo 25 | ``` 26 | 27 | #### watch 28 | 29 | ```bash 30 | kubectl argo rollouts get rollout rollouts-spring-boot-helloworld --watch -n demo 31 | ``` 32 | 33 | #### Promote 34 | 35 | ```bash 36 | kubectl argo rollouts promote rollouts-spring-boot-helloworld -n demo 37 | ``` 38 | 39 | ### 02-argo-rollouts-with-istio-traffic-shifting.yaml 40 | 41 | **Dependicies**: Istio 42 | 43 | ```bash 44 | kubectl create namespace demo 45 | kubectl label namespace demo istio-injection=enabled 46 | kubectl apply -f 02-argo-rollouts-with-istio-traffic-shifting.yaml -n demo 47 | ``` 48 | 49 | #### Client 50 | Install a client, and send request to http://spring-boot-helloworld.demo.svc 51 | 52 | ```bash 53 | export ISTIO_DIR=/usr/local/istio/ 54 | kubectl apply -f ${ISTIO_DIR}/samples/sleep/sleep.yaml 55 | export SLEEP=$(kubectl get pods -l app=sleep -o jsonpath='{.items[0].metadata.name}') 56 | kubectl exec -it $SLEEP -- /bin/sh 57 | ``` 58 | 59 | send requests... 60 | ```bash 61 | while true; do curl http://spring-boot-helloworld.demo.svc.cluster.local; echo; sleep 1; done 62 | ``` 63 | 64 | #### Rollout 65 | 66 | ```bash 67 | kubectl argo rollouts set image rollouts-helloworld-with-traffic-shifting spring-boot-helloworld=ikubernetes/spring-boot-helloworld:v0.9.6 -n demo 68 | ``` 69 | 70 | ### 03-argo-rollouts-with-analysis.yaml 71 | 72 | **Dependicies**: Istio and Prometheus 73 | 74 | ```bash 75 | kubectl create namespace demo 76 | kubectl label namespace demo istio-injection=enabled 77 | kubectl apply -f 03-argo-rollouts-with-analysis.yaml -n demo 78 | ``` 79 | #### client 80 | 81 | ```bash 82 | export ISTIO_DIR=/usr/local/istio/ 83 | kubectl apply -f ${ISTIO_DIR}/samples/sleep/sleep.yaml 84 | export SLEEP=$(kubectl get pods -l app=sleep -o jsonpath='{.items[0].metadata.name}') 85 | kubectl exec -it $SLEEP -- /bin/sh 86 | ``` 87 | 88 | ```bash 89 | while true; do curl http://spring-boot-helloworld.demo.svc.cluster.local; echo; sleep 1; done 90 | ``` 91 | 92 | #### Prometheus Metrics 93 | 94 | ``` 95 | irate of requests that the response code not 5xx: sum(irate(istio_requests_total{reporter="source",destination_service="spring-boot-helloworld.default.svc.cluster.local",response_code!~"5.*"}[1m])) 96 | ``` 97 | 98 | ``` 99 | irate of all requests: irate(istio_requests_total{reporter="source",destination_service="spring-boot-helloworld.default.svc.cluster.local"}[1m]) 100 | ``` 101 | 102 | Successful Rate: 103 | 104 | ``` 105 | sum(irate(istio_requests_total{reporter="source",destination_service="spring-boot-helloworld.default.svc.cluster.local",response_code!~"5.*"}[1m]))/sum(irate(istio_requests_total{reporter="source",destination_service="spring-boot-helloworld.default.svc.cluster.local"}[1m])) 106 | ``` 107 | 108 | 109 | #### Rollout 110 | 111 | ```bash 112 | kubectl argo rollouts set image rollouts-helloworld-with-analysis spring-boot-helloworld=ikubernetes/spring-boot-helloworld:v0.9.6 -n demo 113 | ``` 114 | 115 | ### Blue Green Rollout 116 | 117 | #### Deploy 118 | 119 | ```bash 120 | kubectl apply -f 05-argo-rollouts-bluegreen-demo.yaml -n demo 121 | ``` 122 | 123 | #### client 124 | 125 | ```bash 126 | kubectl run client-$RANDOM --image ikubernetes/admin-box:v1.2 --rm -it --restart=Never --command -- /bin/bash 127 | ``` 128 | 129 | send requests... 130 | ```bash 131 | while true; do curl http://spring-boot-helloworld.demo.svc.cluster.local; echo; sleep 1; done 132 | ``` 133 | 134 | #### Rollout 135 | 136 | ```bash 137 | kubectl argo rollouts set image rollout-helloworld-bluegreen spring-boot-helloworld=ikubernetes/spring-boot-helloworld:v0.9.6 -n demo 138 | ``` 139 | 140 | #### Promote 141 | 142 | ```bash 143 | kubectl argo rollouts promote rollout-helloworld-bluegreen -n demo 144 | ``` 145 | 146 | ### Blue Green Rollout with Analysis 147 | 148 | #### Deploy 149 | 150 | ```bash 151 | kubectl apply -f 06-argo-rollouts-bluegreen-with-analysis.yaml -n demo 152 | ``` 153 | 154 | #### client 155 | 156 | ```bash 157 | kubectl run client-$RANDOM --image ikubernetes/admin-box:v1.2 --rm -it --restart=Never --command -- /bin/bash 158 | ``` 159 | 160 | send requests... 161 | ```bash 162 | while true; do curl http://spring-boot-helloworld.demo.svc.cluster.local; echo; sleep 1; done 163 | ``` 164 | 165 | #### Rollout 166 | 167 | ```bash 168 | kubectl argo rollouts set image rollout-helloworld-bluegreen-with-analysis spring-boot-helloworld=ikubernetes/spring-boot-helloworld:v0.9.6 -n demo 169 | ``` 170 | -------------------------------------------------------------------------------- /05-tekton-triggers/04-trigger-pipelinerun-cicd/05-tasks-source-to-image.yaml: -------------------------------------------------------------------------------- 1 | # Maintainer: MageEdu "" 2 | # Version: v1.0.1 3 | --- 4 | apiVersion: tekton.dev/v1 5 | kind: Task 6 | metadata: 7 | name: git-clone 8 | spec: 9 | description: Clone the code repository to the workspace. 10 | params: 11 | - name: git-repo-url 12 | type: string 13 | description: git repository url to clone 14 | - name: git-revision 15 | type: string 16 | description: git revision to checkout (branch, tag, sha, ref) 17 | workspaces: 18 | - name: source 19 | description: The git repo will be cloned onto the volume backing this workspace 20 | steps: 21 | - name: git-clone 22 | image: alpine/git:v2.45.2 23 | script: | 24 | git clone -v $(params.git-repo-url) $(workspaces.source.path)/source 25 | cd $(workspaces.source.path)/source && git reset --hard $(params.git-revision) 26 | --- 27 | apiVersion: tekton.dev/v1 28 | kind: Task 29 | metadata: 30 | name: build-to-package 31 | spec: 32 | description: build application and package the files to image 33 | workspaces: 34 | - name: source 35 | description: The git repo that cloned onto the volume backing this workspace 36 | steps: 37 | - name: build 38 | #image: maven:3.8-openjdk-11-slim 39 | image: maven:3.8.7-eclipse-temurin-11-alpine 40 | workingDir: $(workspaces.source.path)/source 41 | volumeMounts: 42 | - name: m2 43 | mountPath: /root/.m2 44 | script: | 45 | curl -sL https://gitee.com/mageedu/spring-boot-helloWorld/raw/main/maven/settings.xml -o /usr/share/maven/conf/settings.xml 46 | mvn clean install 47 | volumes: 48 | - name: m2 49 | persistentVolumeClaim: 50 | claimName: maven-cache-cicd 51 | --- 52 | apiVersion: tekton.dev/v1 53 | kind: Task 54 | metadata: 55 | name: generate-build-id 56 | spec: 57 | params: 58 | - name: version 59 | description: The version of the application 60 | type: string 61 | results: 62 | - name: datetime 63 | description: The current date and time 64 | - name: buildId 65 | description: The build ID 66 | steps: 67 | - name: generate-datetime 68 | image: ikubernetes/admin-box:v1.2 69 | script: | 70 | #!/usr/bin/env bash 71 | datetime=`date +%Y%m%d-%H%M%S` 72 | echo -n ${datetime} | tee $(results.datetime.path) 73 | - name: generate-buildid 74 | image: ikubernetes/admin-box:v1.2 75 | script: | 76 | #!/usr/bin/env bash 77 | buildDatetime=`cat $(results.datetime.path)` 78 | buildId=$(params.version)-${buildDatetime} 79 | echo -n ${buildId} | tee $(results.buildId.path) 80 | --- 81 | apiVersion: tekton.dev/v1 82 | kind: Task 83 | metadata: 84 | name: image-build-and-push 85 | spec: 86 | description: package the application files to image 87 | params: 88 | - name: dockerfile 89 | description: The path to the dockerfile to build (relative to the context) 90 | default: Dockerfile 91 | - name: image-url 92 | description: Url of image repository 93 | - name: image-tag 94 | description: Tag to apply to the built image 95 | workspaces: 96 | - name: source 97 | - name: dockerconfig 98 | mountPath: /kaniko/.docker 99 | steps: 100 | - name: image-build-and-push 101 | #image: gcr.io/kaniko-project/executor:debug 102 | image: gcr.io/kaniko-project/executor:v1.23.2 103 | securityContext: 104 | runAsUser: 0 105 | env: 106 | - name: DOCKER_CONFIG 107 | value: /kaniko/.docker 108 | command: 109 | - /kaniko/executor 110 | args: 111 | - --dockerfile=$(params.dockerfile) 112 | - --context=$(workspaces.source.path)/source 113 | - --insecure 114 | - --insecure-pull 115 | - --skip-tls-verify 116 | - --skip-tls-verify-pull 117 | - --skip-push-permission-check 118 | - --destination=$(params.image-url):$(params.image-tag) 119 | --- 120 | apiVersion: tekton.dev/v1 121 | kind: Task 122 | metadata: 123 | name: deploy-using-kubectl 124 | spec: 125 | workspaces: 126 | - name: source 127 | description: The git repo 128 | params: 129 | - name: deploy-config-file 130 | description: The path to the yaml file to deploy within the git source 131 | - name: image-url 132 | description: Image name including repository 133 | - name: image-tag 134 | description: Image tag 135 | steps: 136 | - name: update-yaml 137 | image: alpine:3.20 138 | command: ["sed"] 139 | args: 140 | - "-i" 141 | - "-e" 142 | - "s@__IMAGE__@$(params.image-url):$(params.image-tag)@g" 143 | - "$(workspaces.source.path)/source/deploy/$(params.deploy-config-file)" 144 | - name: run-kubectl 145 | #image: lachlanevenson/k8s-kubectl 146 | image: bitnami/kubectl 147 | command: ["kubectl"] 148 | args: 149 | - "apply" 150 | - "-f" 151 | - "$(workspaces.source.path)/source/deploy/$(params.deploy-config-file)" 152 | --- 153 | -------------------------------------------------------------------------------- /03-tekton-advanced/maven/settings.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 21 | 22 | 46 | 49 | 55 | 56 | 64 | 65 | 72 | 73 | 78 | 79 | 83 | 84 | 85 | 90 | 91 | 105 | 106 | 107 | 111 | 112 | 125 | 126 | 133 | 134 | 135 | 146 | 147 | 148 | huaweicloud 149 | * 150 | https://mirrors.huaweicloud.com/repository/maven/ 151 | 152 | 153 | 165 | 166 | 167 | 188 | 189 | 218 | 219 | 253 | 254 | 255 | 263 | 264 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU AFFERO GENERAL PUBLIC LICENSE 2 | Version 3, 19 November 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU Affero General Public License is a free, copyleft license for 11 | software and other kinds of works, specifically designed to ensure 12 | cooperation with the community in the case of network server software. 13 | 14 | The licenses for most software and other practical works are designed 15 | to take away your freedom to share and change the works. By contrast, 16 | our General Public Licenses are intended to guarantee your freedom to 17 | share and change all versions of a program--to make sure it remains free 18 | software for all its users. 19 | 20 | When we speak of free software, we are referring to freedom, not 21 | price. Our General Public Licenses are designed to make sure that you 22 | have the freedom to distribute copies of free software (and charge for 23 | them if you wish), that you receive source code or can get it if you 24 | want it, that you can change the software or use pieces of it in new 25 | free programs, and that you know you can do these things. 26 | 27 | Developers that use our General Public Licenses protect your rights 28 | with two steps: (1) assert copyright on the software, and (2) offer 29 | you this License which gives you legal permission to copy, distribute 30 | and/or modify the software. 31 | 32 | A secondary benefit of defending all users' freedom is that 33 | improvements made in alternate versions of the program, if they 34 | receive widespread use, become available for other developers to 35 | incorporate. Many developers of free software are heartened and 36 | encouraged by the resulting cooperation. However, in the case of 37 | software used on network servers, this result may fail to come about. 38 | The GNU General Public License permits making a modified version and 39 | letting the public access it on a server without ever releasing its 40 | source code to the public. 41 | 42 | The GNU Affero General Public License is designed specifically to 43 | ensure that, in such cases, the modified source code becomes available 44 | to the community. It requires the operator of a network server to 45 | provide the source code of the modified version running there to the 46 | users of that server. Therefore, public use of a modified version, on 47 | a publicly accessible server, gives the public access to the source 48 | code of the modified version. 49 | 50 | An older license, called the Affero General Public License and 51 | published by Affero, was designed to accomplish similar goals. This is 52 | a different license, not a version of the Affero GPL, but Affero has 53 | released a new version of the Affero GPL which permits relicensing under 54 | this license. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | TERMS AND CONDITIONS 60 | 61 | 0. Definitions. 62 | 63 | "This License" refers to version 3 of the GNU Affero General Public License. 64 | 65 | "Copyright" also means copyright-like laws that apply to other kinds of 66 | works, such as semiconductor masks. 67 | 68 | "The Program" refers to any copyrightable work licensed under this 69 | License. Each licensee is addressed as "you". "Licensees" and 70 | "recipients" may be individuals or organizations. 71 | 72 | To "modify" a work means to copy from or adapt all or part of the work 73 | in a fashion requiring copyright permission, other than the making of an 74 | exact copy. The resulting work is called a "modified version" of the 75 | earlier work or a work "based on" the earlier work. 76 | 77 | A "covered work" means either the unmodified Program or a work based 78 | on the Program. 79 | 80 | To "propagate" a work means to do anything with it that, without 81 | permission, would make you directly or secondarily liable for 82 | infringement under applicable copyright law, except executing it on a 83 | computer or modifying a private copy. Propagation includes copying, 84 | distribution (with or without modification), making available to the 85 | public, and in some countries other activities as well. 86 | 87 | To "convey" a work means any kind of propagation that enables other 88 | parties to make or receive copies. Mere interaction with a user through 89 | a computer network, with no transfer of a copy, is not conveying. 90 | 91 | An interactive user interface displays "Appropriate Legal Notices" 92 | to the extent that it includes a convenient and prominently visible 93 | feature that (1) displays an appropriate copyright notice, and (2) 94 | tells the user that there is no warranty for the work (except to the 95 | extent that warranties are provided), that licensees may convey the 96 | work under this License, and how to view a copy of this License. If 97 | the interface presents a list of user commands or options, such as a 98 | menu, a prominent item in the list meets this criterion. 99 | 100 | 1. Source Code. 101 | 102 | The "source code" for a work means the preferred form of the work 103 | for making modifications to it. "Object code" means any non-source 104 | form of a work. 105 | 106 | A "Standard Interface" means an interface that either is an official 107 | standard defined by a recognized standards body, or, in the case of 108 | interfaces specified for a particular programming language, one that 109 | is widely used among developers working in that language. 110 | 111 | The "System Libraries" of an executable work include anything, other 112 | than the work as a whole, that (a) is included in the normal form of 113 | packaging a Major Component, but which is not part of that Major 114 | Component, and (b) serves only to enable use of the work with that 115 | Major Component, or to implement a Standard Interface for which an 116 | implementation is available to the public in source code form. A 117 | "Major Component", in this context, means a major essential component 118 | (kernel, window system, and so on) of the specific operating system 119 | (if any) on which the executable work runs, or a compiler used to 120 | produce the work, or an object code interpreter used to run it. 121 | 122 | The "Corresponding Source" for a work in object code form means all 123 | the source code needed to generate, install, and (for an executable 124 | work) run the object code and to modify the work, including scripts to 125 | control those activities. However, it does not include the work's 126 | System Libraries, or general-purpose tools or generally available free 127 | programs which are used unmodified in performing those activities but 128 | which are not part of the work. For example, Corresponding Source 129 | includes interface definition files associated with source files for 130 | the work, and the source code for shared libraries and dynamically 131 | linked subprograms that the work is specifically designed to require, 132 | such as by intimate data communication or control flow between those 133 | subprograms and other parts of the work. 134 | 135 | The Corresponding Source need not include anything that users 136 | can regenerate automatically from other parts of the Corresponding 137 | Source. 138 | 139 | The Corresponding Source for a work in source code form is that 140 | same work. 141 | 142 | 2. Basic Permissions. 143 | 144 | All rights granted under this License are granted for the term of 145 | copyright on the Program, and are irrevocable provided the stated 146 | conditions are met. This License explicitly affirms your unlimited 147 | permission to run the unmodified Program. The output from running a 148 | covered work is covered by this License only if the output, given its 149 | content, constitutes a covered work. This License acknowledges your 150 | rights of fair use or other equivalent, as provided by copyright law. 151 | 152 | You may make, run and propagate covered works that you do not 153 | convey, without conditions so long as your license otherwise remains 154 | in force. You may convey covered works to others for the sole purpose 155 | of having them make modifications exclusively for you, or provide you 156 | with facilities for running those works, provided that you comply with 157 | the terms of this License in conveying all material for which you do 158 | not control copyright. Those thus making or running the covered works 159 | for you must do so exclusively on your behalf, under your direction 160 | and control, on terms that prohibit them from making any copies of 161 | your copyrighted material outside their relationship with you. 162 | 163 | Conveying under any other circumstances is permitted solely under 164 | the conditions stated below. Sublicensing is not allowed; section 10 165 | makes it unnecessary. 166 | 167 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 168 | 169 | No covered work shall be deemed part of an effective technological 170 | measure under any applicable law fulfilling obligations under article 171 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 172 | similar laws prohibiting or restricting circumvention of such 173 | measures. 174 | 175 | When you convey a covered work, you waive any legal power to forbid 176 | circumvention of technological measures to the extent such circumvention 177 | is effected by exercising rights under this License with respect to 178 | the covered work, and you disclaim any intention to limit operation or 179 | modification of the work as a means of enforcing, against the work's 180 | users, your or third parties' legal rights to forbid circumvention of 181 | technological measures. 182 | 183 | 4. Conveying Verbatim Copies. 184 | 185 | You may convey verbatim copies of the Program's source code as you 186 | receive it, in any medium, provided that you conspicuously and 187 | appropriately publish on each copy an appropriate copyright notice; 188 | keep intact all notices stating that this License and any 189 | non-permissive terms added in accord with section 7 apply to the code; 190 | keep intact all notices of the absence of any warranty; and give all 191 | recipients a copy of this License along with the Program. 192 | 193 | You may charge any price or no price for each copy that you convey, 194 | and you may offer support or warranty protection for a fee. 195 | 196 | 5. Conveying Modified Source Versions. 197 | 198 | You may convey a work based on the Program, or the modifications to 199 | produce it from the Program, in the form of source code under the 200 | terms of section 4, provided that you also meet all of these conditions: 201 | 202 | a) The work must carry prominent notices stating that you modified 203 | it, and giving a relevant date. 204 | 205 | b) The work must carry prominent notices stating that it is 206 | released under this License and any conditions added under section 207 | 7. This requirement modifies the requirement in section 4 to 208 | "keep intact all notices". 209 | 210 | c) You must license the entire work, as a whole, under this 211 | License to anyone who comes into possession of a copy. This 212 | License will therefore apply, along with any applicable section 7 213 | additional terms, to the whole of the work, and all its parts, 214 | regardless of how they are packaged. This License gives no 215 | permission to license the work in any other way, but it does not 216 | invalidate such permission if you have separately received it. 217 | 218 | d) If the work has interactive user interfaces, each must display 219 | Appropriate Legal Notices; however, if the Program has interactive 220 | interfaces that do not display Appropriate Legal Notices, your 221 | work need not make them do so. 222 | 223 | A compilation of a covered work with other separate and independent 224 | works, which are not by their nature extensions of the covered work, 225 | and which are not combined with it such as to form a larger program, 226 | in or on a volume of a storage or distribution medium, is called an 227 | "aggregate" if the compilation and its resulting copyright are not 228 | used to limit the access or legal rights of the compilation's users 229 | beyond what the individual works permit. Inclusion of a covered work 230 | in an aggregate does not cause this License to apply to the other 231 | parts of the aggregate. 232 | 233 | 6. Conveying Non-Source Forms. 234 | 235 | You may convey a covered work in object code form under the terms 236 | of sections 4 and 5, provided that you also convey the 237 | machine-readable Corresponding Source under the terms of this License, 238 | in one of these ways: 239 | 240 | a) Convey the object code in, or embodied in, a physical product 241 | (including a physical distribution medium), accompanied by the 242 | Corresponding Source fixed on a durable physical medium 243 | customarily used for software interchange. 244 | 245 | b) Convey the object code in, or embodied in, a physical product 246 | (including a physical distribution medium), accompanied by a 247 | written offer, valid for at least three years and valid for as 248 | long as you offer spare parts or customer support for that product 249 | model, to give anyone who possesses the object code either (1) a 250 | copy of the Corresponding Source for all the software in the 251 | product that is covered by this License, on a durable physical 252 | medium customarily used for software interchange, for a price no 253 | more than your reasonable cost of physically performing this 254 | conveying of source, or (2) access to copy the 255 | Corresponding Source from a network server at no charge. 256 | 257 | c) Convey individual copies of the object code with a copy of the 258 | written offer to provide the Corresponding Source. This 259 | alternative is allowed only occasionally and noncommercially, and 260 | only if you received the object code with such an offer, in accord 261 | with subsection 6b. 262 | 263 | d) Convey the object code by offering access from a designated 264 | place (gratis or for a charge), and offer equivalent access to the 265 | Corresponding Source in the same way through the same place at no 266 | further charge. You need not require recipients to copy the 267 | Corresponding Source along with the object code. If the place to 268 | copy the object code is a network server, the Corresponding Source 269 | may be on a different server (operated by you or a third party) 270 | that supports equivalent copying facilities, provided you maintain 271 | clear directions next to the object code saying where to find the 272 | Corresponding Source. Regardless of what server hosts the 273 | Corresponding Source, you remain obligated to ensure that it is 274 | available for as long as needed to satisfy these requirements. 275 | 276 | e) Convey the object code using peer-to-peer transmission, provided 277 | you inform other peers where the object code and Corresponding 278 | Source of the work are being offered to the general public at no 279 | charge under subsection 6d. 280 | 281 | A separable portion of the object code, whose source code is excluded 282 | from the Corresponding Source as a System Library, need not be 283 | included in conveying the object code work. 284 | 285 | A "User Product" is either (1) a "consumer product", which means any 286 | tangible personal property which is normally used for personal, family, 287 | or household purposes, or (2) anything designed or sold for incorporation 288 | into a dwelling. In determining whether a product is a consumer product, 289 | doubtful cases shall be resolved in favor of coverage. For a particular 290 | product received by a particular user, "normally used" refers to a 291 | typical or common use of that class of product, regardless of the status 292 | of the particular user or of the way in which the particular user 293 | actually uses, or expects or is expected to use, the product. A product 294 | is a consumer product regardless of whether the product has substantial 295 | commercial, industrial or non-consumer uses, unless such uses represent 296 | the only significant mode of use of the product. 297 | 298 | "Installation Information" for a User Product means any methods, 299 | procedures, authorization keys, or other information required to install 300 | and execute modified versions of a covered work in that User Product from 301 | a modified version of its Corresponding Source. The information must 302 | suffice to ensure that the continued functioning of the modified object 303 | code is in no case prevented or interfered with solely because 304 | modification has been made. 305 | 306 | If you convey an object code work under this section in, or with, or 307 | specifically for use in, a User Product, and the conveying occurs as 308 | part of a transaction in which the right of possession and use of the 309 | User Product is transferred to the recipient in perpetuity or for a 310 | fixed term (regardless of how the transaction is characterized), the 311 | Corresponding Source conveyed under this section must be accompanied 312 | by the Installation Information. But this requirement does not apply 313 | if neither you nor any third party retains the ability to install 314 | modified object code on the User Product (for example, the work has 315 | been installed in ROM). 316 | 317 | The requirement to provide Installation Information does not include a 318 | requirement to continue to provide support service, warranty, or updates 319 | for a work that has been modified or installed by the recipient, or for 320 | the User Product in which it has been modified or installed. Access to a 321 | network may be denied when the modification itself materially and 322 | adversely affects the operation of the network or violates the rules and 323 | protocols for communication across the network. 324 | 325 | Corresponding Source conveyed, and Installation Information provided, 326 | in accord with this section must be in a format that is publicly 327 | documented (and with an implementation available to the public in 328 | source code form), and must require no special password or key for 329 | unpacking, reading or copying. 330 | 331 | 7. Additional Terms. 332 | 333 | "Additional permissions" are terms that supplement the terms of this 334 | License by making exceptions from one or more of its conditions. 335 | Additional permissions that are applicable to the entire Program shall 336 | be treated as though they were included in this License, to the extent 337 | that they are valid under applicable law. If additional permissions 338 | apply only to part of the Program, that part may be used separately 339 | under those permissions, but the entire Program remains governed by 340 | this License without regard to the additional permissions. 341 | 342 | When you convey a copy of a covered work, you may at your option 343 | remove any additional permissions from that copy, or from any part of 344 | it. (Additional permissions may be written to require their own 345 | removal in certain cases when you modify the work.) You may place 346 | additional permissions on material, added by you to a covered work, 347 | for which you have or can give appropriate copyright permission. 348 | 349 | Notwithstanding any other provision of this License, for material you 350 | add to a covered work, you may (if authorized by the copyright holders of 351 | that material) supplement the terms of this License with terms: 352 | 353 | a) Disclaiming warranty or limiting liability differently from the 354 | terms of sections 15 and 16 of this License; or 355 | 356 | b) Requiring preservation of specified reasonable legal notices or 357 | author attributions in that material or in the Appropriate Legal 358 | Notices displayed by works containing it; or 359 | 360 | c) Prohibiting misrepresentation of the origin of that material, or 361 | requiring that modified versions of such material be marked in 362 | reasonable ways as different from the original version; or 363 | 364 | d) Limiting the use for publicity purposes of names of licensors or 365 | authors of the material; or 366 | 367 | e) Declining to grant rights under trademark law for use of some 368 | trade names, trademarks, or service marks; or 369 | 370 | f) Requiring indemnification of licensors and authors of that 371 | material by anyone who conveys the material (or modified versions of 372 | it) with contractual assumptions of liability to the recipient, for 373 | any liability that these contractual assumptions directly impose on 374 | those licensors and authors. 375 | 376 | All other non-permissive additional terms are considered "further 377 | restrictions" within the meaning of section 10. If the Program as you 378 | received it, or any part of it, contains a notice stating that it is 379 | governed by this License along with a term that is a further 380 | restriction, you may remove that term. If a license document contains 381 | a further restriction but permits relicensing or conveying under this 382 | License, you may add to a covered work material governed by the terms 383 | of that license document, provided that the further restriction does 384 | not survive such relicensing or conveying. 385 | 386 | If you add terms to a covered work in accord with this section, you 387 | must place, in the relevant source files, a statement of the 388 | additional terms that apply to those files, or a notice indicating 389 | where to find the applicable terms. 390 | 391 | Additional terms, permissive or non-permissive, may be stated in the 392 | form of a separately written license, or stated as exceptions; 393 | the above requirements apply either way. 394 | 395 | 8. Termination. 396 | 397 | You may not propagate or modify a covered work except as expressly 398 | provided under this License. Any attempt otherwise to propagate or 399 | modify it is void, and will automatically terminate your rights under 400 | this License (including any patent licenses granted under the third 401 | paragraph of section 11). 402 | 403 | However, if you cease all violation of this License, then your 404 | license from a particular copyright holder is reinstated (a) 405 | provisionally, unless and until the copyright holder explicitly and 406 | finally terminates your license, and (b) permanently, if the copyright 407 | holder fails to notify you of the violation by some reasonable means 408 | prior to 60 days after the cessation. 409 | 410 | Moreover, your license from a particular copyright holder is 411 | reinstated permanently if the copyright holder notifies you of the 412 | violation by some reasonable means, this is the first time you have 413 | received notice of violation of this License (for any work) from that 414 | copyright holder, and you cure the violation prior to 30 days after 415 | your receipt of the notice. 416 | 417 | Termination of your rights under this section does not terminate the 418 | licenses of parties who have received copies or rights from you under 419 | this License. If your rights have been terminated and not permanently 420 | reinstated, you do not qualify to receive new licenses for the same 421 | material under section 10. 422 | 423 | 9. Acceptance Not Required for Having Copies. 424 | 425 | You are not required to accept this License in order to receive or 426 | run a copy of the Program. Ancillary propagation of a covered work 427 | occurring solely as a consequence of using peer-to-peer transmission 428 | to receive a copy likewise does not require acceptance. However, 429 | nothing other than this License grants you permission to propagate or 430 | modify any covered work. These actions infringe copyright if you do 431 | not accept this License. Therefore, by modifying or propagating a 432 | covered work, you indicate your acceptance of this License to do so. 433 | 434 | 10. Automatic Licensing of Downstream Recipients. 435 | 436 | Each time you convey a covered work, the recipient automatically 437 | receives a license from the original licensors, to run, modify and 438 | propagate that work, subject to this License. You are not responsible 439 | for enforcing compliance by third parties with this License. 440 | 441 | An "entity transaction" is a transaction transferring control of an 442 | organization, or substantially all assets of one, or subdividing an 443 | organization, or merging organizations. If propagation of a covered 444 | work results from an entity transaction, each party to that 445 | transaction who receives a copy of the work also receives whatever 446 | licenses to the work the party's predecessor in interest had or could 447 | give under the previous paragraph, plus a right to possession of the 448 | Corresponding Source of the work from the predecessor in interest, if 449 | the predecessor has it or can get it with reasonable efforts. 450 | 451 | You may not impose any further restrictions on the exercise of the 452 | rights granted or affirmed under this License. For example, you may 453 | not impose a license fee, royalty, or other charge for exercise of 454 | rights granted under this License, and you may not initiate litigation 455 | (including a cross-claim or counterclaim in a lawsuit) alleging that 456 | any patent claim is infringed by making, using, selling, offering for 457 | sale, or importing the Program or any portion of it. 458 | 459 | 11. Patents. 460 | 461 | A "contributor" is a copyright holder who authorizes use under this 462 | License of the Program or a work on which the Program is based. The 463 | work thus licensed is called the contributor's "contributor version". 464 | 465 | A contributor's "essential patent claims" are all patent claims 466 | owned or controlled by the contributor, whether already acquired or 467 | hereafter acquired, that would be infringed by some manner, permitted 468 | by this License, of making, using, or selling its contributor version, 469 | but do not include claims that would be infringed only as a 470 | consequence of further modification of the contributor version. For 471 | purposes of this definition, "control" includes the right to grant 472 | patent sublicenses in a manner consistent with the requirements of 473 | this License. 474 | 475 | Each contributor grants you a non-exclusive, worldwide, royalty-free 476 | patent license under the contributor's essential patent claims, to 477 | make, use, sell, offer for sale, import and otherwise run, modify and 478 | propagate the contents of its contributor version. 479 | 480 | In the following three paragraphs, a "patent license" is any express 481 | agreement or commitment, however denominated, not to enforce a patent 482 | (such as an express permission to practice a patent or covenant not to 483 | sue for patent infringement). To "grant" such a patent license to a 484 | party means to make such an agreement or commitment not to enforce a 485 | patent against the party. 486 | 487 | If you convey a covered work, knowingly relying on a patent license, 488 | and the Corresponding Source of the work is not available for anyone 489 | to copy, free of charge and under the terms of this License, through a 490 | publicly available network server or other readily accessible means, 491 | then you must either (1) cause the Corresponding Source to be so 492 | available, or (2) arrange to deprive yourself of the benefit of the 493 | patent license for this particular work, or (3) arrange, in a manner 494 | consistent with the requirements of this License, to extend the patent 495 | license to downstream recipients. "Knowingly relying" means you have 496 | actual knowledge that, but for the patent license, your conveying the 497 | covered work in a country, or your recipient's use of the covered work 498 | in a country, would infringe one or more identifiable patents in that 499 | country that you have reason to believe are valid. 500 | 501 | If, pursuant to or in connection with a single transaction or 502 | arrangement, you convey, or propagate by procuring conveyance of, a 503 | covered work, and grant a patent license to some of the parties 504 | receiving the covered work authorizing them to use, propagate, modify 505 | or convey a specific copy of the covered work, then the patent license 506 | you grant is automatically extended to all recipients of the covered 507 | work and works based on it. 508 | 509 | A patent license is "discriminatory" if it does not include within 510 | the scope of its coverage, prohibits the exercise of, or is 511 | conditioned on the non-exercise of one or more of the rights that are 512 | specifically granted under this License. You may not convey a covered 513 | work if you are a party to an arrangement with a third party that is 514 | in the business of distributing software, under which you make payment 515 | to the third party based on the extent of your activity of conveying 516 | the work, and under which the third party grants, to any of the 517 | parties who would receive the covered work from you, a discriminatory 518 | patent license (a) in connection with copies of the covered work 519 | conveyed by you (or copies made from those copies), or (b) primarily 520 | for and in connection with specific products or compilations that 521 | contain the covered work, unless you entered into that arrangement, 522 | or that patent license was granted, prior to 28 March 2007. 523 | 524 | Nothing in this License shall be construed as excluding or limiting 525 | any implied license or other defenses to infringement that may 526 | otherwise be available to you under applicable patent law. 527 | 528 | 12. No Surrender of Others' Freedom. 529 | 530 | If conditions are imposed on you (whether by court order, agreement or 531 | otherwise) that contradict the conditions of this License, they do not 532 | excuse you from the conditions of this License. If you cannot convey a 533 | covered work so as to satisfy simultaneously your obligations under this 534 | License and any other pertinent obligations, then as a consequence you may 535 | not convey it at all. For example, if you agree to terms that obligate you 536 | to collect a royalty for further conveying from those to whom you convey 537 | the Program, the only way you could satisfy both those terms and this 538 | License would be to refrain entirely from conveying the Program. 539 | 540 | 13. Remote Network Interaction; Use with the GNU General Public License. 541 | 542 | Notwithstanding any other provision of this License, if you modify the 543 | Program, your modified version must prominently offer all users 544 | interacting with it remotely through a computer network (if your version 545 | supports such interaction) an opportunity to receive the Corresponding 546 | Source of your version by providing access to the Corresponding Source 547 | from a network server at no charge, through some standard or customary 548 | means of facilitating copying of software. This Corresponding Source 549 | shall include the Corresponding Source for any work covered by version 3 550 | of the GNU General Public License that is incorporated pursuant to the 551 | following paragraph. 552 | 553 | Notwithstanding any other provision of this License, you have 554 | permission to link or combine any covered work with a work licensed 555 | under version 3 of the GNU General Public License into a single 556 | combined work, and to convey the resulting work. The terms of this 557 | License will continue to apply to the part which is the covered work, 558 | but the work with which it is combined will remain governed by version 559 | 3 of the GNU General Public License. 560 | 561 | 14. Revised Versions of this License. 562 | 563 | The Free Software Foundation may publish revised and/or new versions of 564 | the GNU Affero General Public License from time to time. Such new versions 565 | will be similar in spirit to the present version, but may differ in detail to 566 | address new problems or concerns. 567 | 568 | Each version is given a distinguishing version number. If the 569 | Program specifies that a certain numbered version of the GNU Affero General 570 | Public License "or any later version" applies to it, you have the 571 | option of following the terms and conditions either of that numbered 572 | version or of any later version published by the Free Software 573 | Foundation. If the Program does not specify a version number of the 574 | GNU Affero General Public License, you may choose any version ever published 575 | by the Free Software Foundation. 576 | 577 | If the Program specifies that a proxy can decide which future 578 | versions of the GNU Affero General Public License can be used, that proxy's 579 | public statement of acceptance of a version permanently authorizes you 580 | to choose that version for the Program. 581 | 582 | Later license versions may give you additional or different 583 | permissions. However, no additional obligations are imposed on any 584 | author or copyright holder as a result of your choosing to follow a 585 | later version. 586 | 587 | 15. Disclaimer of Warranty. 588 | 589 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 590 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 591 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 592 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 593 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 594 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 595 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 596 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 597 | 598 | 16. Limitation of Liability. 599 | 600 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 601 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 602 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 603 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 604 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 605 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 606 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 607 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 608 | SUCH DAMAGES. 609 | 610 | 17. Interpretation of Sections 15 and 16. 611 | 612 | If the disclaimer of warranty and limitation of liability provided 613 | above cannot be given local legal effect according to their terms, 614 | reviewing courts shall apply local law that most closely approximates 615 | an absolute waiver of all civil liability in connection with the 616 | Program, unless a warranty or assumption of liability accompanies a 617 | copy of the Program in return for a fee. 618 | 619 | END OF TERMS AND CONDITIONS 620 | 621 | How to Apply These Terms to Your New Programs 622 | 623 | If you develop a new program, and you want it to be of the greatest 624 | possible use to the public, the best way to achieve this is to make it 625 | free software which everyone can redistribute and change under these terms. 626 | 627 | To do so, attach the following notices to the program. It is safest 628 | to attach them to the start of each source file to most effectively 629 | state the exclusion of warranty; and each file should have at least 630 | the "copyright" line and a pointer to where the full notice is found. 631 | 632 | 633 | Copyright (C) 634 | 635 | This program is free software: you can redistribute it and/or modify 636 | it under the terms of the GNU Affero General Public License as published 637 | by the Free Software Foundation, either version 3 of the License, or 638 | (at your option) any later version. 639 | 640 | This program is distributed in the hope that it will be useful, 641 | but WITHOUT ANY WARRANTY; without even the implied warranty of 642 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 643 | GNU Affero General Public License for more details. 644 | 645 | You should have received a copy of the GNU Affero General Public License 646 | along with this program. If not, see . 647 | 648 | Also add information on how to contact you by electronic and paper mail. 649 | 650 | If your software can interact with users remotely through a computer 651 | network, you should also make sure that it provides a way for users to 652 | get its source. For example, if your program is a web application, its 653 | interface could display a "Source" link that leads users to an archive 654 | of the code. There are many ways you could offer source, and different 655 | solutions will be better for different programs; see section 13 for the 656 | specific requirements. 657 | 658 | You should also get your employer (if you work as a programmer) or school, 659 | if any, to sign a "copyright disclaimer" for the program, if necessary. 660 | For more information on this, and how to apply and follow the GNU AGPL, see 661 | . 662 | --------------------------------------------------------------------------------