IK.AM

@making's tech note


TektonでTestcontainersを使うメモ (要privileged)

🗃 {Dev/CI/Tekton}
🏷 Kubernetes 🏷 Tekton 🏷 Testcontainers 
🗓 Updated at 2022-09-15T09:06:33Z  🗓 Created at 2022-07-05T07:16:50Z {✒️️ Edit  ⏰ History  🗑 Delete}  🌎 Translation by Google

Tektonで実行したいテストコードがTestcontainersを使っているため、TektonでTestcontainersを試しました。

Docker-in-Docker (DinD)以外に実現する方法がわかりませんでした。 KubernetesでDinDを使うにはprivileged: trueの設定が必要なので、セキュリティ観点でイマイチですが、実行した方法をメモします。

こちらのサンプルを参考にしました。

Pipelineの定義

cat <<'EOF' > unit-test.yaml
---
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: unit-test
spec:
  workspaces:
  - name: cache
  tasks:
  - name: mvn-test
    workspaces:
    - name: cache
      workspace: cache
    taskSpec:
      volumes:
      - name: dind-storage
        emptyDir: { }
      - name: dind-socket
        emptyDir: { }
      workspaces:
      - name: cache
      sidecars:
      - name: docker
        image: docker:20.10-dind
        securityContext:
          privileged: true
        volumeMounts:
        - mountPath: /var/lib/docker
          name: dind-storage
        - mountPath: /var/run/
          name: dind-socket
      steps:
      - name: git-clone
        image: alpine/git
        workingDir: /workspace
        script: |
          #!/usr/bin/env sh
          git clone https://github.com/categolj/blog-api 
      - name: mvn-test
        image: eclipse-temurin:17
        workingDir: /workspace
        volumeMounts:
        - mountPath: /var/run/
          name: dind-socket
        script: |
          #!/bin/bash
          set -ex
          cd blog-api
          rm -rf ~/.m2
          mkdir -p $(workspaces.cache.path)/.m2
          ln -fs $(workspaces.cache.path)/.m2 ~/.m2          
          ./mvnw test -V
EOF

キャッシュ用のPVC

cat <<'EOF' > unit-test-pipeline-cache.yaml
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: unit-test-pipeline-cache
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
EOF

PipelineRunの定義

cat <<'EOF' > unit-test-run.yaml
---
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
  generateName: unit-test-run-
spec:
  pipelineRef:
    name: unit-test
  workspaces:
  - name: cache
    persistentVolumeClaim:
      claimName: unit-test-pipeline-cache
EOF

実行方法

kubectl apply -f unit-test.yaml
kubectl apply -f unit-test-pipeline-cache.yaml
kubectl create -f unit-test-run.yaml