从 Alauda DevOps Tekton v3 迁移到 Alauda DevOps Pipelines
NOTE
- 本指南专门针对从
Alauda DevOps Tekton v3 迁移到 Alauda DevOps Pipelines。 若需升级 Alauda DevOps Pipelines 版本,请参阅 Pipelines 升级文档。
本指南提供了从 Alauda DevOps Tekton v3 平滑迁移到 Alauda DevOps Pipelines 的详细步骤。升级过程设计为无缝迁移,确保您现有的 CI/CD 流水线不受影响。
目录
迁移步骤
1. 卸载现有 Tekton Pipeline 实例和 Alauda DevOps Tekton v3
在开始升级前,您需要卸载现有的 Tekton 组件。请按照以下步骤操作:
重要提示: 卸载过程不会影响您现有的 Task、TaskRun、Pipeline 和 PipelineRun 资源。这些资源在升级完成后将保持不变。
-
删除 Pipeline 实例
$ kubectl delete tektonpipelines.operator.tekton.dev pipeline
-
确认 Pipeline 实例已删除
$ kubectl get tektonpipelines.operator.tekton.dev pipeline
确认命令无资源返回,表示删除成功。
-
卸载 Tekton Operator
$ kubectl delete subscriptions.operators.coreos.com tekton-operator -n tekton-operator
-
确认 Operator 已卸载
$ kubectl get subscriptions.operators.coreos.com -A | grep tekton
确认命令无结果返回,表示卸载成功。
2. 部署 Alauda DevOps Pipelines
-
进入您的集群的 Administrator -> Application Market Management -> OperatorHub 页面
-
搜索并选择 Alauda DevOps Pipelines
-
选择合适的 Channel
-
按照页面提示完成部署
-
等待 Alauda DevOps Pipelines Operator 就绪
Alauda DevOps Pipelines Operator 部署完成后,会自动部署相关组件如 Pipelines。您可以使用以下命令检查组件状态:
$ kubectl get tektonconfigs.operator.tekton.dev config
$ kubectl get tektonpipelines.operator.tekton.dev pipeline
等待两个资源均显示 Ready 状态后,再继续下一步。
NOTE
- 如果您之前仅在
Alauda Container Platform Builds 中使用过 Tekton,可以跳过以下步骤,直接使用 Alauda DevOps Pipelines 的默认配置。
3. 配置 TektonConfig
NOTE
- 如果您之前仅在
Alauda Container Platform Builds 中使用过 Tekton,可以跳过以下步骤,直接使用 Alauda DevOps Pipelines 的默认配置。
在 Alauda DevOps Pipelines Operator 部署完成后,您需要配置 TektonConfig 资源以确保与现有系统兼容:
最佳实践: 建议仅修改 spec.pipeline 部分配置,以保持系统稳定。
apiVersion: operator.tekton.dev/v1alpha1
kind: TektonConfig
metadata:
name: config
spec:
pipeline:
await-sidecar-readiness: true
disable-creds-init: false
enable-bundles-resolver: true
enable-cluster-resolver: true
enable-custom-tasks: true
enable-git-resolver: true
enable-hub-resolver: true
enable-provenance-in-status: true
enable-step-actions: true
enforce-nonfalsifiability: none
keep-pod-on-cancel: false
metrics.count.enable-reason: false
metrics.pipelinerun.duration-type: histogram
metrics.pipelinerun.level: pipeline
metrics.taskrun.duration-type: histogram
metrics.taskrun.level: task
performance:
disable-ha: false
require-git-ssh-secret-known-hosts: false
running-in-environment-with-injected-sidecars: true
send-cloudevents-for-runs: false
set-security-context: false
trusted-resources-verification-no-match-policy: ignore
# Tekton Operator 兼容性配置
coschedule: workspaces
disable-affinity-assistant: true
enable-api-fields: alpha
enable-cel-in-whenexpression: true
enable-param-enum: true
max-result-size: 8192
results-from: sidecar-logs
options:
disabled: false
configMaps:
# 修改默认配置:init 容器配额、runAsUser、镜像拉取超时
config-defaults:
data:
# 容器配置
default-imagepullbackoff-timeout: 5m
default-pod-template: |
securityContext:
runAsUser: 0
# 资源配额配置
default-container-resource-requirements: |
place-scripts: # 更新 'place-scripts' 容器资源请求和限制
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
prepare: # 更新 'prepare' 容器资源请求和限制
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "256Mi"
cpu: "100m"
working-dir-initializer: # 更新 'working-dir-initializer' 容器资源请求和限制
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "512Mi"
cpu: "100m"
prefix-scripts: # 更新以 'scripts-' 开头容器资源请求和限制
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
prefix-sidecar-scripts: # 更新以 'sidecar-scripts-' 开头容器资源请求和限制
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
sidecar-tekton-log-results: # 更新 'sidecar-tekton-log-results' 容器资源请求和限制
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
addon: {}
chain:
artifacts.oci.format: simplesigning
artifacts.oci.storage: oci
artifacts.pipelinerun.format: in-toto
artifacts.pipelinerun.storage: oci
artifacts.taskrun.format: in-toto
artifacts.taskrun.storage: oci
disabled: false
options: {}
config: {}
dashboard:
options: {}
readonly: false
hub:
options: {}
platforms:
openshift: {}
profile: all
pruner:
disabled: false
keep: 100
resources:
- pipelinerun
schedule: 0 8 * * *
targetNamespace: tekton-pipelines
trigger:
enable-api-fields: stable
options: {}
4. 配置日志访问权限
NOTE
- 如果您之前仅在
Alauda Container Platform Builds 中使用过 Tekton,可以跳过以下步骤,直接使用 Alauda DevOps Pipelines 的默认配置。
由于启用了 results-from: sidecar-logs 功能,您需要为 controller 配置日志访问权限:
技术说明: 该配置允许 controller 从 Pod 日志中获取结果信息。详情请参阅 Tekton 官方文档。
kubectl apply -f - <<EOF
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tekton-pipelines-controller-pod-log-access
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines
rules:
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tekton-pipelines-controller-pod-log-access
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines
subjects:
- kind: ServiceAccount
name: tekton-pipelines-controller
namespace: tekton-pipelines
roleRef:
kind: ClusterRole
name: tekton-pipelines-controller-pod-log-access
apiGroup: rbac.authorization.k8s.io
EOF
迁移完成
完成以上步骤后,您已成功从 Alauda DevOps Tekton v3 迁移到 Alauda DevOps Pipelines。新版本提供了:
- 更加稳定的系统
- 更丰富的功能集
- 更优的性能表现
- 更灵活的配置选项
建议您查阅 Alauda DevOps Pipelines 文档,了解新版本的全部功能,充分发挥其能力。
