docker-build.yaml - CI&CD

####需要根据实际修改以下参数
	
	- image：构建之后的目标镜像
	- insecure_registry：harbor ip及端口
	
	claimName: pvc-fb6f35c2e4   这个要根据实际情况填写，因为volumeClaimTemplate模板中创建的pvc名称是随机的

---
	vim docker-build.yaml
---
    apiVersion: tekton.dev/v1beta1
    kind: Task
    metadata:
      name: docker-build
      labels:
        app.kubernetes.io/version: "0.1"
      annotations:
        tekton.dev/pipelines.minVersion: "0.12.1"
        tekton.dev/categories: Image Build
        tekton.dev/tags: docker, build-image, push-image, dind
        tekton.dev/displayName: docker-build
        tekton.dev/platforms: "linux/amd64"
    spec:
      description: >-
        This task will build and push an image using docker.
        The task will build an out image out of a Dockerfile.
        This image will be pushed to an image registry.
        The image will be built and pushed using a dind sidecar over TCP+TLS.
      params:
      - name: image
        description: Reference of the image docker will produce.
      - name: builder_image
        description: The location of the docker builder image.
        default: docker:latest
      - name: dind_image
        description: The location of the docker-in-docker image.
        default: docker:dind
      - name: dockerfile
        description: Path to the Dockerfile to build.
        default: ./Dockerfile
      - name: context
        description: Path to the directory to use as context.
        default: ./
      - name: build_extra_args
        description: Extra parameters passed for the build command when building images.
        default: ""
      - name: push_extra_args
        description: Extra parameters passed for the push command when pushing images.
        default: ""
      - name: insecure_registry
        description: Allows the user to push to an insecure registry that has been specified
        default: ""
      workspaces:
      - name: source
      results:
      - name: IMAGE_DIGEST
        description: Digest of the image just built.
      steps:
      - name: docker-build
        image: $(params.builder_image)
        env:
        # Connect to the sidecar over TCP, with TLS.
        - name: DOCKER_HOST
          value: tcp://localhost:2376
        # Verify TLS.
        - name: DOCKER_TLS_VERIFY
          value: '1'
        # Use the certs generated by the sidecar daemon.
        - name: DOCKER_CERT_PATH
          value: /certs/client
        - name: DOCKER_USERNAME
          value: admin
        - name: DOCKER_PASSWORD
          value: Harbor12345
        workingDir: $(workspaces.source.path)
        script: |
          docker login $(params.insecure_registry) -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
          docker build --no-cache -f ./Dockerfile -t $(params.image) .
          #docker build \             
          #  --no-cache \
          #  -f $(params.dockerfile) -t $(params.image) .
        volumeMounts:
          - mountPath: /certs/client
            name: dind-certs
      - name: docker-push
        image: $(params.builder_image)
        env:
        # Connect to the sidecar over TCP, with TLS.
        - name: DOCKER_HOST
          value: tcp://localhost:2376
        # Verify TLS.
        - name: DOCKER_TLS_VERIFY
          value: '1'
        # Use the certs generated by the sidecar daemon.
        - name: DOCKER_CERT_PATH
          value: /certs/client
        workingDir: $(workspaces.source.path)
        script: |
          docker push $(params.push_extra_args) $(params.image)
        volumeMounts:
          - mountPath: /certs/client
            name: dind-certs
      sidecars:
      - image: $(params.dind_image)
        name: server
        args:
          - --storage-driver=vfs
          - --userland-proxy=false
          - --debug
          - --insecure-registry=$(params.insecure_registry)
        securityContext:
          privileged: true
        env:
        # Write generated certs to the path shared with the client.
        - name: DOCKER_TLS_CERTDIR
          value: /certs
        volumeMounts:
        - mountPath: /certs/client
          name: dind-certs
        # Wait for the dind daemon to generate the certs it will share with the
        # client.
        readinessProbe:
          periodSeconds: 1
          exec:
            command: ['ls', '/certs/client/ca.pem']
      volumes:
      - name: dind-certs
        emptyDir: {}
    
    
---
##Taskrun
	vim docker-build-task-run.yaml

---
    apiVersion: tekton.dev/v1beta1
    kind: TaskRun
    metadata:
      name: docker-build-task-run
      namespace: default
    spec:
      params:
      - name: image
        value: 192.168.31.49:81/library/test-nginx:1.0.0
      - name: insecure_registry
        value: 192.168.31.49:81
    #  - name: registry_url
    #    value: 192.168.31.49:81
      resources: {}
      serviceAccountName: default
      taskRef:
        kind: Task
        name: docker-build
      timeout: 1h0m0s
      workspaces:
      - name: source
        persistentVolumeClaim:
          claimName: pvc-fb6f35c2e4     #这个要根据实际情况填写，因为volumeClaimTemplate模板中创建的pvc名称是随机的