0

我们有一个 Tekton 管道,并且想要替换image我们的标签内容deployment.yml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: microservice-api-spring-boot
spec:
  replicas: 3
  revisionHistoryLimit: 3
  selector:
    matchLabels:
      app: microservice-api-spring-boot
  template:
    metadata:
      labels:
        app: microservice-api-spring-boot
    spec:
      containers:
        - image: registry.gitlab.com/jonashackt/microservice-api-spring-boot@sha256:5d8a03755d3c45a3d79d32ab22987ef571a65517d0edbcb8e828a4e6952f9bcd
          name: microservice-api-spring-boot
          ports:
            - containerPort: 8098
      imagePullSecrets:
        - name: gitlab-container-registry

我们的 Tekton 管道使用来自 Tekton Hub 的 yq 任务将 替换为.spec.template.spec.containers[0].image如下"$(params.IMAGE):$(params.SOURCE_REVISION)"名称:

- name: substitute-config-image-name
  taskRef:
    name: yq
  runAfter:
    - fetch-config-repository
  workspaces:
    - name: source
      workspace: config-workspace
  params:
    - name: files
      value:
      - "./deployment/deployment.yml"
    - name: expression
      value: .spec.template.spec.containers[0].image = \"$(params.IMAGE)\":\"$(params.SOURCE_REVISION)\"

遗憾的是 yq Task 似乎不起作用,它产生一个绿色 Step completed successfully,但显示以下错误:

16:50:43 safelyRenameFile [ERRO] Failed copying from /tmp/temp3555913516 to /workspace/source/deployment/deployment.yml
16:50:43 safelyRenameFile [ERRO] open /workspace/source/deployment/deployment.yml: permission denied

这也是我们 Tekton Dashboard 的屏幕截图:

在此处输入图像描述

关于如何解决错误的任何想法?

4

1 回答 1

1

该问题似乎与 https://github.com/mikefarah/yq 的 Dockerfile 现在处理文件权限的方式有关(例如修复程序等)。Tekton yq Task的版本使用产生错误的图像https://hub.docker.com/layers/mikefarah/yq/4.16.2/images/sha256-c6ef1bc27dd9cee57fa635d9306ce43ca6805edcdab41b047905f7835c174005 。0.3

该问题的一种解决方法可能是使用 yq Task 版本0.2,您可以通过以下方式应用:

kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/main/task/yq/0.2/yq.yaml

这个使用较旧的docker.io/mikefarah/yq:4@sha256:34f1d11ad51dc4639fc6d8dd5ade019fe57cf6084bb6a99a2f11ea522906033b并且可以正常工作。

或者,您可以简单地创建自己的基于 yq 的任务,不会出现这样的问题:

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: replace-image-name-with-yq
spec:
  workspaces:
    - name: source
      description: A workspace that contains the file which need to be dumped.
  params:
    - name: IMAGE_NAME
      description: The image name to substitute
    - name: FILE_PATH
      description: The file path relative to the workspace dir.
    - name: YQ_VERSION
      description: Version of https://github.com/mikefarah/yq
      default: v4.2.0
  steps:
    - name: substitute-with-yq
      image: alpine
      workingDir: $(workspaces.source.path)
      command:
        - /bin/sh
      args:
        - '-c'
        - |
          set -ex
          echo "--- Download yq & add to path"
          wget https://github.com/mikefarah/yq/releases/download/$(params.YQ_VERSION)/yq_linux_amd64 -O /usr/bin/yq &&\
              chmod +x /usr/bin/yq
          echo "--- Run yq expression"
          yq e ".spec.template.spec.containers[0].image = \"$(params.IMAGE_NAME)\"" -i $(params.FILE_PATH)
          echo "--- Show file with replacement"
          cat $(params.FILE_PATH)
      resources: {}

这个自定义任务简单使用alpine图像作为基础,并使用下载安装 yq 。Plain binary wget此外,它的使用yq方式与您在本地命令行上的使用方式完全相同,这使您的表达式开发变得更加容易!

作为奖励,它会输出文件内容,因此您可以直接在 Tekton 管道中检查替换结果!

你需要应用它

kubectl apply -f tekton-ci-config/replace-image-name-with-yq.yml

现在应该可以像这样使用它了:

- name: replace-config-image-name
  taskRef:
    name: replace-image-name-with-yq
  runAfter:
    - dump-contents
  workspaces:
    - name: source
      workspace: config-workspace
  params:
    - name: IMAGE_NAME
      value: "$(params.IMAGE):$(params.SOURCE_REVISION)"
    - name: FILE_PATH
      value: "./deployment/deployment.yml"

在 Tekton 仪表板内部,它看起来像这样并输出处理后的文件:

在此处输入图像描述

于 2022-02-01T16:28:36.290 回答