Sannu! Kwanan nan, an fitar da kayan aikin sarrafa kayan sanyi da yawa duka don gina hotunan Docker da kuma turawa zuwa Kubernetes. Dangane da wannan, na yanke shawarar yin wasa tare da GitLab, nayi nazari sosai akan iyawar sa kuma, ba shakka, saita bututun.
Wannan aikin ya samo asali ne daga gidan yanar gizon , wanda aka samo asali daga ta atomatik, kuma ga kowane buƙatun tafkin da aka aiko, robot ɗin ta atomatik yana haifar da sigar samfoti na rukunin yanar gizon tare da canje-canjenku kuma yana ba da hanyar haɗi don kallo.
Na yi ƙoƙarin gina irin wannan tsari daga karce, amma gaba ɗaya an gina shi akan Gitlab CI da kayan aikin kyauta waɗanda na saba amfani da su don tura aikace-aikace zuwa Kubernetes. A yau daga karshe zan yi muku karin bayani game da su.
Labarin zai tattauna kayan aiki kamar:
Hugo, qbec, kaniko, git-crypt и GitLab CI tare da ƙirƙirar yanayi mai ƙarfi.
Abun ciki
1. Sanin Hugo
A matsayin misalin aikinmu, za mu yi ƙoƙarin ƙirƙirar wurin buga takardu da aka gina akan Hugo. Hugo babban janareta abun ciki ne.
Ga wadanda ba su da masaniya da janareta na tsaye, zan ba ku ƙarin bayani game da su. Ba kamar injunan gidan yanar gizo na al'ada tare da bayanan bayanai da wasu PHP ba, wanda, lokacin da mai amfani ya buƙaci, yana samar da shafuka akan tashi, an ƙirƙira masu janareta a ɗan bambanta. Suna ba ku damar ɗaukar tushe, yawanci saitin fayiloli a cikin Markdown markup da samfuran jigogi, sannan ku haɗa su zuwa gidan yanar gizon da aka gama gabaɗaya.
Wato, a sakamakon haka, za ku sami tsarin kundin adireshi da saitin fayilolin HTML da aka ƙirƙira, waɗanda kawai za ku iya loda zuwa kowane arha hosting kuma ku sami gidan yanar gizon aiki.
Kuna iya shigar da Hugo a gida kuma gwada shi:
Ƙaddamar da sabon shafi:
hugo new site docs.example.orgKuma a lokaci guda ma'ajiyar git:
cd docs.example.org
git initYa zuwa yanzu, rukunin yanar gizon mu yana da tsabta kuma don wani abu ya bayyana akansa, da farko muna buƙatar haɗa jigo; jigo kawai saitin samfuri ne da ƙayyadaddun ƙayyadaddun ƙa'idodi waɗanda aka samar da rukunin yanar gizon mu.
Don jigon da za mu yi amfani da shi , wanda, a ganina, ya dace daidai da shafin yanar gizon.
Ina so in ba da kulawa ta musamman ga gaskiyar cewa ba ma buƙatar adana fayilolin jigo a cikin ma'ajiyar aikin mu; maimakon haka, za mu iya haɗa ta ta amfani da kawai. git submodule:
git submodule add https://github.com/matcornic/hugo-theme-learn themes/learnDon haka, ma'ajiyar mu zai ƙunshi fayiloli ne kawai da ke da alaƙa da aikinmu, kuma jigon da aka haɗa zai kasance a matsayin hanyar haɗi zuwa takamaiman ma'ajiyar da aikatawa a cikinsa, wato, koyaushe ana iya ciro shi daga tushen asali kuma kada a ji tsoro. canje-canje marasa jituwa.
Mu gyara saitin config.toml:
baseURL = "http://docs.example.org/"
languageCode = "en-us"
title = "My Docs Site"
theme = "learn"Tuni a wannan matakin za ku iya gudu:
hugo serverKuma a adireshin duba sabon gidan yanar gizon mu da aka ƙirƙira, duk canje-canjen da aka yi a cikin kundin adireshi ta atomatik sabunta buɗaɗɗen shafi a cikin mai lilo, dacewa sosai!
Bari mu yi ƙoƙarin ƙirƙirar shafi a ciki abun ciki/_index.md:
# My docs site
## Welcome to the docs!
You will be very smart :-)Hoton hoton sabon shafin da aka kirkira
Don ƙirƙirar rukunin yanar gizo, kawai gudu:
hugoAbubuwan da ke cikin kundin adireshi jama'a/ kuma zai zama gidan yanar gizon ku.
Ee, Af, bari mu ƙara shi nan da nan .gitarinka:
echo /public > .gitignoreKar a manta da yin canje-canjenmu:
git add .
git commit -m "New site created"2. Ana Shirya Dockerfile
Lokaci yayi da za a ayyana tsarin ma'ajiyar mu. Yawancin lokaci ina amfani da wani abu kamar:
.
├── deploy
│ ├── app1
│ └── app2
└── dockerfiles
├── image1
└── image2- dockerfiles/ - ƙunshi kundayen adireshi tare da Dockerfiles da duk abin da ake buƙata don gina hotunan Docker ɗin mu.
- tura/ - ya ƙunshi kundayen adireshi don tura aikace-aikacen mu zuwa Kubernetes
Don haka, za mu ƙirƙiri Dockerfile na farko a kan hanya dockerfiles/website/Dockerfile
FROM alpine:3.11 as builder
ARG HUGO_VERSION=0.62.0
RUN wget -O- https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_${HUGO_VERSION}_linux-64bit.tar.gz | tar -xz -C /usr/local/bin
ADD . /src
RUN hugo -s /src
FROM alpine:3.11
RUN apk add --no-cache darkhttpd
COPY --from=builder /src/public /var/www
ENTRYPOINT [ "/usr/bin/darkhttpd" ]
CMD [ "/var/www" ]Kamar yadda kake gani, Dockerfile ya ƙunshi guda biyu DAGA, ana kiran wannan damar kuma yana ba ku damar ware duk abin da ba dole ba daga hoton Docker na ƙarshe.
Don haka, hoton ƙarshe zai ƙunshi kawai duhuhttpd (Sabar HTTP mara nauyi) da jama'a/ - abun ciki na gidan yanar gizon mu da aka ƙirƙira.
Kar a manta da yin canje-canjenmu:
git add dockerfiles/website
git commit -m "Add Dockerfile for website"3. Sanin kaniko
A matsayin maginin hoto na docker, na yanke shawarar yin amfani da shi , tunda aikinsa baya buƙatar docker daemon, kuma ginin da kansa ana iya aiwatar da shi akan kowace na'ura kuma ana iya adana cache ɗin kai tsaye a cikin wurin yin rajista, ta hanyar kawar da buƙatar samun cikakken ma'auni na dindindin.
Don gina hoton, kawai gudanar da akwati da kaniko executor kuma ku wuce shi mahallin ginin yanzu; ana iya yin wannan a gida, ta hanyar docker:
docker run -ti --rm
-v $PWD:/workspace
-v ~/.docker/config.json:/kaniko/.docker/config.json:ro
gcr.io/kaniko-project/executor:v0.15.0
--cache
--dockerfile=dockerfiles/website/Dockerfile
--destination=registry.gitlab.com/kvaps/docs.example.org/website:v0.0.1Inda registry.gitlab.com/kvaps/docs.example.org/website - sunan hoton docker ɗin ku; bayan ginawa, za a ƙaddamar da shi ta atomatik zuwa cikin rajistar docker.
Alamar -- cache yana ba ku damar cache Layers a cikin rajistar docker; ga misalin da aka bayar, za a adana su a ciki registry.gitlab.com/kvaps/docs.example.org/website/cache, amma zaka iya ƙayyade wata hanya ta amfani da siga --cache-repo.
Hoton hoto na docker-registry
4. Sanin qbec
kayan aiki ne na turawa wanda ke ba ku damar bayyana bayanan aikace-aikacen ku da tura su zuwa Kubernetes. Yin amfani da Jsonnet azaman babban haɗin gwiwa yana ba ku damar sauƙaƙe bayanin bambance-bambance a cikin mahalli da yawa, kuma kusan gaba ɗaya yana kawar da maimaita lambar.
Wannan na iya zama gaskiya musamman a lokuttan da kuke buƙatar tura aikace-aikacen zuwa gungu da yawa tare da sigogi daban-daban kuma kuna son bayyana su a cikin Git.
Qbec kuma yana ba ku damar yin ginshiƙi na Helm ta hanyar wuce su da ma'aunin da ake buƙata sannan ku yi aiki da su kamar yadda ake nuna alamun yau da kullun, gami da za ku iya amfani da maye gurbi daban-daban a gare su, kuma wannan, bi da bi, yana ba ku damar kawar da buƙatun. amfani da ChartMuseum. Wato, zaku iya adanawa da sanya sigogi kai tsaye daga git, inda suke.
Kamar yadda na fada a baya, za mu adana duk abubuwan da aka tura a cikin kundin adireshi tura/:
mkdir deploy
cd deployBari mu fara aikace-aikacen mu na farko:
qbec init website
cd websiteYanzu tsarin aikace-aikacen mu yayi kama da haka:
.
├── components
├── environments
│ ├── base.libsonnet
│ └── default.libsonnet
├── params.libsonnet
└── qbec.yamlmu duba fayil din qbec.yaml:
apiVersion: qbec.io/v1alpha1
kind: App
metadata:
name: website
spec:
environments:
default:
defaultNamespace: docs
server: https://kubernetes.example.org:8443
vars: {}A nan mun fi sha'awar ƙayyadaddun yanayi, qbec ya riga ya ƙirƙiri yanayin tsoho a gare mu kuma ya ɗauki adireshin uwar garke, da kuma sararin suna daga kubeconfig na yanzu.
Yanzu lokacin turawa zuwa tsoho muhalli, qbec koyaushe zai tura kawai zuwa ga ƙayyadadden gungu na Kubernetes da kuma ƙayyadadden suna, wato, ba za ku ƙara canzawa tsakanin mahallin da wuraren suna ba don aiwatar da turawa.
Idan ya cancanta, koyaushe kuna iya sabunta saitunan wannan fayil ɗin.
An bayyana duk mahallin ku a ciki qbec.yaml, kuma a cikin fayil params.libsonnet, inda ya ce inda za a samu ma'auni a gare su.
Na gaba za mu ga kundin adireshi guda biyu:
- abubuwa/ - duk bayanan aikace-aikacenmu za a adana su anan; ana iya siffanta su duka a cikin jsonnet da fayilolin yaml na yau da kullun
- muhalli/ - a nan za mu bayyana duk masu canji (parameters) don mahallin mu.
Ta tsohuwa muna da fayiloli guda biyu:
- muhalli/base.libsonnet - zai ƙunshi sigogi gama gari don duk mahalli
- muhalli/default.libsonnet - ya ƙunshi sigogi da aka soke don muhalli tsoho
mu bude muhalli/base.libsonnet kuma ƙara sigogi don bangarenmu na farko a can:
{
components: {
website: {
name: 'example-docs',
image: 'registry.gitlab.com/kvaps/docs.example.org/website:v0.0.1',
replicas: 1,
containerPort: 80,
servicePort: 80,
nodeSelector: {},
tolerations: [],
ingressClass: 'nginx',
domain: 'docs.example.org',
},
},
}Mu kuma kirkiro bangaren mu na farko components/website.jsonnet:
local env = {
name: std.extVar('qbec.io/env'),
namespace: std.extVar('qbec.io/defaultNs'),
};
local p = import '../params.libsonnet';
local params = p.components.website;
[
{
apiVersion: 'apps/v1',
kind: 'Deployment',
metadata: {
labels: { app: params.name },
name: params.name,
},
spec: {
replicas: params.replicas,
selector: {
matchLabels: {
app: params.name,
},
},
template: {
metadata: {
labels: { app: params.name },
},
spec: {
containers: [
{
name: 'darkhttpd',
image: params.image,
ports: [
{
containerPort: params.containerPort,
},
],
},
],
nodeSelector: params.nodeSelector,
tolerations: params.tolerations,
imagePullSecrets: [{ name: 'regsecret' }],
},
},
},
},
{
apiVersion: 'v1',
kind: 'Service',
metadata: {
labels: { app: params.name },
name: params.name,
},
spec: {
selector: {
app: params.name,
},
ports: [
{
port: params.servicePort,
targetPort: params.containerPort,
},
],
},
},
{
apiVersion: 'extensions/v1beta1',
kind: 'Ingress',
metadata: {
annotations: {
'kubernetes.io/ingress.class': params.ingressClass,
},
labels: { app: params.name },
name: params.name,
},
spec: {
rules: [
{
host: params.domain,
http: {
paths: [
{
backend: {
serviceName: params.name,
servicePort: params.servicePort,
},
},
],
},
},
],
},
},
]A cikin wannan fayil mun bayyana abubuwan Kubernetes guda uku a lokaci ɗaya, waɗannan sune: girke, Service и Ingress. Idan muna so, za mu iya sanya su cikin sassa daban-daban, amma a wannan mataki daya zai ishe mu.
ginin kalma jsonnet yayi kama da json na yau da kullun, bisa ƙa'ida, json na yau da kullun ya riga ya inganta jsonnet, don haka da farko yana iya zama da sauƙi a gare ku don amfani da sabis na kan layi kamar yaml2json don canza yaml ɗinku na yau da kullun zuwa json, ko, idan kayan aikinku ba su ƙunshi kowane canji ba, to ana iya siffanta su ta hanyar yaml na yau da kullun.
Lokacin aiki tare jsonnet Ina ba da shawarar shigar da plugin don editan ku
Misali, akwai plugin don vim vim-jsonnet, wanda ke kunna alamar syntax kuma yana aiki ta atomatik jsonnet fmt duk lokacin da ka ajiye (yana buƙatar shigar jsonnet).
Komai yana shirye, yanzu zamu iya fara turawa:
Don ganin abin da muka samu, bari mu gudu:
qbec show defaultA wurin fitarwa, zaku ga alamun yaml da aka yi waɗanda za'a yi amfani da su zuwa gungu na asali.
Mai girma, yanzu nema:
qbec apply defaultA fitowar za ku ga ko da yaushe abin da za a yi a cikin gungu, qbec zai tambaye ku yarda da canje-canje ta hanyar bugawa. y za ku iya tabbatar da manufar ku.
Aikace-aikacenmu yana shirye kuma an tura shi!
Idan kun yi canje-canje, koyaushe kuna iya yin:
qbec diff defaultdon ganin yadda waɗannan canje-canjen za su shafi aikin turawa na yanzu
Kar a manta da yin canje-canjenmu:
cd ../..
git add deploy/website
git commit -m "Add deploy for website"5. Gwada Gitlab-mai gudu tare da Kubernetes-executor
Har kwanan nan na yi amfani da na yau da kullum gitlab-mai gudu a kan injin da aka riga aka shirya (kwandon LXC) tare da harsashi ko docker-executor. Da farko, muna da irin waɗannan masu gudu da yawa a duniya da aka ayyana su a cikin gitlab ɗin mu. Sun tattara hotunan docker don duk ayyukan.
Amma kamar yadda aikin ya nuna, wannan zaɓin ba shine mafi dacewa ba, duka dangane da aiki da aminci. Yana da kyau kuma a akida mafi daidai a sami masu gudu dabam dabam don kowane aiki, ko ma na kowane yanayi.
Abin farin ciki, wannan ba matsala ko kadan, tunda yanzu za mu tura gitlab-mai gudu kai tsaye a matsayin wani ɓangare na aikin mu a Kubernetes.
Gitlab yana ba da ginshiƙi na shirye don tura gitlab-mai gudu zuwa Kubernetes. Don haka duk abin da kuke buƙatar yi shine ganowa alamar rajista don aikin mu a Saituna -> CI / CD -> Masu gudu kuma mika shi zuwa ga helm:
helm repo add gitlab https://charts.gitlab.io
helm install gitlab-runner
--set gitlabUrl=https://gitlab.com
--set runnerRegistrationToken=yga8y-jdCusVDn_t4Wxc
--set rbac.create=true
gitlab/gitlab-runnerInda:
- - adireshin sabar Gitlab ɗin ku.
- yga8y-jdCusVDn_t4Wxc - alamar rajista don aikin ku.
- rbac.create=gaskiya - yana ba mai gudu tare da adadin gata da ake buƙata don samun damar ƙirƙirar kwasfan fayiloli don aiwatar da ayyukanmu ta amfani da kubernetes-executor.
Idan an yi komai daidai, ya kamata ku ga mai gudu mai rijista a cikin sashin Masu gudu, a cikin saitunan aikin ku.
Hoton hoto na ƙara mai gudu
Shin hakan mai sauki ne? - a, yana da sauƙi! Babu sauran matsala tare da yin rijistar masu gudu da hannu, daga yanzu za a ƙirƙiri masu gudu kuma a lalata su ta atomatik.
6. Sanya sigogi na Helm tare da QBEC
Tun da mun yanke shawarar yin la'akari gitlab-mai gudu wani ɓangare na aikinmu, lokaci yayi da za mu kwatanta shi a cikin ma'ajin Git ɗin mu.
Za mu iya kwatanta shi a matsayin wani bangare daban yanar, amma nan gaba muna shirin tura kwafi daban-daban yanar sau da yawa, sabanin gitlab-mai gudu, wanda za a tura sau ɗaya kawai a kowane gungu na Kubernetes. Don haka bari mu fara masa wani application daban:
cd deploy
qbec init gitlab-runner
cd gitlab-runnerA wannan lokacin ba za mu bayyana abubuwan Kubernetes da hannu ba, amma za mu ɗauki taswirar Helm da aka yi da aka shirya. Ɗaya daga cikin fa'idodin qbec shine ikon yin sigogin Helm kai tsaye daga ma'ajin Git.
Bari mu haɗa shi ta amfani da git submodule:
git submodule add https://gitlab.com/gitlab-org/charts/gitlab-runner vendor/gitlab-runnerYanzu directory mai sayarwa/gitlab-mai gudu Muna da wurin ajiya tare da ginshiƙi don gitlab-mai gudu.
Hakazalika, zaku iya haɗa sauran wuraren ajiya, alal misali, ma'ajiyar duka tare da sigogi na hukuma
Bari mu kwatanta bangaren components/gitlab-runner.jsonnet:
local env = {
name: std.extVar('qbec.io/env'),
namespace: std.extVar('qbec.io/defaultNs'),
};
local p = import '../params.libsonnet';
local params = p.components.gitlabRunner;
std.native('expandHelmTemplate')(
'../vendor/gitlab-runner',
params.values,
{
nameTemplate: params.name,
namespace: env.namespace,
thisFile: std.thisFile,
verbose: true,
}
)Hujja ta farko zuwa fadada HelmTemplate mu wuce hanya zuwa ginshiƙi, to params.daraja, wanda muke ɗauka daga sigogin yanayi, sannan ya zo da abu da
- sunan Samfura - sunan saki
- namespace - sunan sararin samaniya canjawa wuri zuwa helm
- wannan Fayil - siga da ake buƙata wanda ke wuce hanyar zuwa fayil ɗin yanzu
- magana - yana nuna umarnin samfurin kwalkwali tare da duk gardama lokacin yin ginshiƙi
Yanzu bari mu bayyana sigogi don bangaren mu a ciki muhalli/base.libsonnet:
local secrets = import '../secrets/base.libsonnet';
{
components: {
gitlabRunner: {
name: 'gitlab-runner',
values: {
gitlabUrl: 'https://gitlab.com/',
rbac: {
create: true,
},
runnerRegistrationToken: secrets.runnerRegistrationToken,
},
},
},
}Kula runnerRegistrationToken muna ɗauka daga fayil na waje sirri/base.libsonnet, bari mu ƙirƙira shi:
{
runnerRegistrationToken: 'yga8y-jdCusVDn_t4Wxc',
}Bari mu duba idan komai yana aiki:
qbec show defaultidan komai yana cikin tsari, to zamu iya share sakin mu da aka tura a baya ta hanyar Helm:
helm uninstall gitlab-runnerkuma aika shi ta hanya guda, amma ta hanyar qbec:
qbec apply default7. Gabatarwa zuwa git-crypt
kayan aiki ne da ke ba ku damar saita ɓoye ɓoyewa don ma'ajiyar ku.
A halin yanzu, tsarin tsarin mu na gitlab-runner yayi kama da haka:
.
├── components
│ ├── gitlab-runner.jsonnet
├── environments
│ ├── base.libsonnet
│ └── default.libsonnet
├── params.libsonnet
├── qbec.yaml
├── secrets
│ └── base.libsonnet
└── vendor
└── gitlab-runner (submodule)Amma adana sirrin a Git ba shi da aminci, ko? Don haka muna buƙatar ɓoye su da kyau.
Yawancin lokaci, saboda mai canzawa ɗaya, wannan ba koyaushe yana da ma'ana ba. Kuna iya canja wurin sirri zuwa qbec kuma ta hanyar masu canjin yanayi na tsarin CI ku.
Amma yana da kyau a lura cewa akwai kuma ayyuka masu rikitarwa waɗanda za su iya ƙunsar asirin da yawa; canja wurin su duka ta hanyar masu canjin yanayi zai yi matukar wahala.Bugu da ƙari, a cikin wannan yanayin ba zan iya gaya muku game da irin wannan kayan aiki mai ban mamaki kamar git-crypt.
git-crypt Hakanan ya dace da cewa yana ba ku damar adana duk tarihin asirin, da kwatantawa, haɗawa da warware rikice-rikice kamar yadda muka saba yi a cikin lamarin Git.
Abu na farko bayan shigarwa git-crypt muna buƙatar samar da maɓalli don ma'ajiyar mu:
git crypt initIdan kuna da maɓallin PGP, to zaku iya ƙara kanku nan da nan azaman mai haɗin gwiwa don wannan aikin:
git-crypt add-gpg-user [email protected]Ta wannan hanyar koyaushe zaku iya ɓoye wannan ma'ajiyar ta amfani da maɓallin keɓaɓɓen ku.
Idan ba ku da maɓallin PGP kuma ba ku yi tsammaninsa ba, to kuna iya zuwa wata hanya kuma ku fitar da maɓallin aikin:
git crypt export-key /path/to/keyfileDon haka, duk wanda ke da abin da aka fitar keyfile zai iya ɓata ma'ajiyar ku.
Lokaci yayi da zamu kafa sirrin mu na farko.
Bari in tunatar da ku cewa har yanzu muna cikin directory tura /gitlab-mai gudu/, inda muke da directory sirrin/, bari mu ɓoye duk fayilolin da ke cikinsa, don wannan za mu ƙirƙiri fayil sirri / .gitattributes tare da abun ciki mai zuwa:
* filter=git-crypt diff=git-crypt
.gitattributes !filter !diffKamar yadda ake iya gani daga abun ciki, duk fayiloli an rufe su * za a kore ta git-crypt, sai dai mafi yawa .gitattributes
Za mu iya duba wannan ta hanyar gudu:
git crypt status -eFitowar za ta kasance jerin duk fayilolin da ke cikin ma'adanar da aka kunna ɓoyayyen su
Wannan ke nan, yanzu za mu iya aiwatar da canje-canjenmu cikin aminci:
cd ../..
git add .
git commit -m "Add deploy for gitlab-runner"Don toshe wurin ajiya, kawai gudu:
git crypt lockkuma nan da nan duk fayilolin da aka ɓoye za su juya zuwa wani abu na binary, ba zai yiwu a karanta su ba.
Don warware ma'ajiyar, gudu:
git crypt unlock8. Ƙirƙiri hoton akwatin kayan aiki
Hoton akwatin kayan aiki hoto ne mai duk kayan aikin da za mu yi amfani da su don tura aikinmu. Mai gudu Gitlab zai yi amfani da shi don aiwatar da ayyuka na yau da kullun.
Komai yana da sauƙi a nan, bari mu ƙirƙiri wani sabo dockerfiles/akwatin kayan aiki/Dockerfile tare da abun ciki mai zuwa:
FROM alpine:3.11
RUN apk add --no-cache git git-crypt
RUN QBEC_VER=0.10.3
&& wget -O- https://github.com/splunk/qbec/releases/download/v${QBEC_VER}/qbec-linux-amd64.tar.gz
| tar -C /tmp -xzf -
&& mv /tmp/qbec /tmp/jsonnet-qbec /usr/local/bin/
RUN KUBECTL_VER=1.17.0
&& wget -O /usr/local/bin/kubectl
https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VER}/bin/linux/amd64/kubectl
&& chmod +x /usr/local/bin/kubectl
RUN HELM_VER=3.0.2
&& wget -O- https://get.helm.sh/helm-v${HELM_VER}-linux-amd64.tar.gz
| tar -C /tmp -zxf -
&& mv /tmp/linux-amd64/helm /usr/local/bin/helmKamar yadda kuke gani, a wannan hoton mun shigar da dukkan kayan aikin da muka yi amfani da su wajen tura aikace-aikacen mu. Ba ma bukata a nan sai dai kubectl, amma kuna iya yin wasa tare da shi yayin lokacin saitin bututun.
Hakanan, don samun damar sadarwa tare da Kubernetes da tura shi, muna buƙatar saita rawar don kwas ɗin da gitlab-mai gudu ya haifar.
Don yin wannan, bari mu je zuwa directory tare da gitlab-runner:
cd deploy/gitlab-runnerkuma ƙara sabon sashi components/rbac.jsonnet:
local env = {
name: std.extVar('qbec.io/env'),
namespace: std.extVar('qbec.io/defaultNs'),
};
local p = import '../params.libsonnet';
local params = p.components.rbac;
[
{
apiVersion: 'v1',
kind: 'ServiceAccount',
metadata: {
labels: {
app: params.name,
},
name: params.name,
},
},
{
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'Role',
metadata: {
labels: {
app: params.name,
},
name: params.name,
},
rules: [
{
apiGroups: [
'*',
],
resources: [
'*',
],
verbs: [
'*',
],
},
],
},
{
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'RoleBinding',
metadata: {
labels: {
app: params.name,
},
name: params.name,
},
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'Role',
name: params.name,
},
subjects: [
{
kind: 'ServiceAccount',
name: params.name,
namespace: env.namespace,
},
],
},
]Za mu kuma bayyana sabbin sigogi a cikin muhalli/base.libsonnet, wanda yanzu yayi kama da haka:
local secrets = import '../secrets/base.libsonnet';
{
components: {
gitlabRunner: {
name: 'gitlab-runner',
values: {
gitlabUrl: 'https://gitlab.com/',
rbac: {
create: true,
},
runnerRegistrationToken: secrets.runnerRegistrationToken,
runners: {
serviceAccountName: $.components.rbac.name,
image: 'registry.gitlab.com/kvaps/docs.example.org/toolbox:v0.0.1',
},
},
},
rbac: {
name: 'gitlab-runner-deploy',
},
},
}Kula $.components.rbac.name yana nufin sunan domin bangaren rbac
Bari mu duba abin da ya canza:
qbec diff defaultkuma yi amfani da canje-canjen mu zuwa Kubernetes:
qbec apply defaultHakanan, kar a manta da yin canje-canjen mu zuwa git:
cd ../..
git add dockerfiles/toolbox
git commit -m "Add Dockerfile for toolbox"
git add deploy/gitlab-runner
git commit -m "Configure gitlab-runner to use toolbox"9. Bututunmu na farko da taro na hotuna ta tags
A tushen aikin za mu ƙirƙira .gitlab-ci.yml tare da abun ciki mai zuwa:
.build_docker_image:
stage: build
image:
name: gcr.io/kaniko-project/executor:debug-v0.15.0
entrypoint: [""]
before_script:
- echo "{"auths":{"$CI_REGISTRY":{"username":"$CI_REGISTRY_USER","password":"$CI_REGISTRY_PASSWORD"}}}" > /kaniko/.docker/config.json
build_toolbox:
extends: .build_docker_image
script:
- /kaniko/executor --cache --context $CI_PROJECT_DIR/dockerfiles/toolbox --dockerfile $CI_PROJECT_DIR/dockerfiles/toolbox/Dockerfile --destination $CI_REGISTRY_IMAGE/toolbox:$CI_COMMIT_TAG
only:
refs:
- tags
build_website:
extends: .build_docker_image
variables:
GIT_SUBMODULE_STRATEGY: normal
script:
- /kaniko/executor --cache --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dockerfiles/website/Dockerfile --destination $CI_REGISTRY_IMAGE/website:$CI_COMMIT_TAG
only:
refs:
- tagsDa fatan za a kula muna amfani GIT_SUBMODULE_STRATEGY: na al'ada ga waɗancan ayyukan da kuke buƙatar fara fara submodules a sarari kafin kisa.
Kar a manta da yin canje-canjenmu:
git add .gitlab-ci.yml
git commit -m "Automate docker build"Ina tsammanin za mu iya kiran wannan siga lafiya v0.0.1 kuma ƙara alamar:
git tag v0.0.1Za mu ƙara tags a duk lokacin da muke buƙatar sakin sabon sigar. Tags a cikin hotunan Docker za a ɗaure su da alamun Git. Kowane tura tare da sabon tag zai fara gina hotuna tare da wannan alamar.
Mu yi git tura --tags, kuma bari mu kalli bututunmu na farko:
Hoton hoton bututun farko
Yana da daraja jawo hankalin ku ga gaskiyar cewa taro ta tags ya dace don gina hotunan docker, amma bai dace da tura aikace-aikacen zuwa Kubernetes ba. Tun da za a iya sanya sabbin tags ga tsofaffin ayyukan, a cikin wannan yanayin, fara bututun bututu don su zai haifar da ƙaddamar da tsohuwar sigar.
Don magance wannan matsalar, yawanci ginin hotunan docker yana ɗaure da tags, da tura aikace-aikacen zuwa reshe. master, a cikin waɗanne nau'ikan hotunan da aka tattara suna hardcoded. Wannan shine inda zaku iya fara jujjuyawa tare da juyawa mai sauƙi master- rassan.
10. Automation na turawa
Domin Gitlab-mai gudu ya toshe asirin mu, za mu buƙaci fitar da maɓallin ma'ajiyar mu kuma ƙara shi zuwa masu canjin yanayin mu na CI:
git crypt export-key /tmp/docs-repo.key
base64 -w0 /tmp/docs-repo.key; echoZa mu ajiye sakamakon da aka samu a Gitlab; don yin wannan, bari mu je saitunan aikin mu:
Saituna -> CI / CD -> Masu canji
Kuma bari mu ƙirƙiri sabon canji:
type
key
darajar
kariya
masked
Zangon
File
GITCRYPT_KEY
<your string>
true (a lokacin horo zaka iya false)
true
All environments
Hoton hoton da aka ƙara
Yanzu bari mu sabunta namu .gitlab-ci.yml kara da shi:
.deploy_qbec_app:
stage: deploy
only:
refs:
- master
deploy_gitlab_runner:
extends: .deploy_qbec_app
variables:
GIT_SUBMODULE_STRATEGY: normal
before_script:
- base64 -d "$GITCRYPT_KEY" | git-crypt unlock -
script:
- qbec apply default --root deploy/gitlab-runner --force:k8s-context __incluster__ --wait --yes
deploy_website:
extends: .deploy_qbec_app
script:
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yesAnan mun kunna sabbin zaɓuɓɓuka da yawa don qbec:
- --tushen wasu/app - yana ba ku damar ƙayyade jagorar takamaiman aikace-aikacen
- --force: k8s-context __incluster__ - wannan wani nau'in sihiri ne wanda ya ce ƙaddamarwa zai faru a cikin gungu ɗaya wanda gtilab-gudu ke gudana. Wannan ya zama dole saboda in ba haka ba qbec zai yi ƙoƙarin nemo sabar Kubernetes mai dacewa a cikin kubeconfig ɗin ku
- --dakata - tilasta qbec ya jira har sai albarkatun da ya ƙirƙira su shiga cikin jihar Shirye sannan kawai fita tare da nasarar lambar fita.
- - iya - kawai yana kashe harsashi mai mu'amala Kin tabbata? lokacin turawa.
Kar a manta da yin canje-canjenmu:
git add .gitlab-ci.yml
git commit -m "Automate deploy"Kuma bayan git tura za mu ga yadda aka tura aikace-aikacen mu:
Hoton hoto na bututun na biyu
11. Artifacts da taro lokacin turawa zuwa gwaninta
Yawanci, matakan da aka bayyana a sama sun isa don ginawa da isar da kusan kowane microservice, amma ba ma son ƙara alama a duk lokacin da muke buƙatar sabunta shafin. Don haka, za mu ɗauki hanya mai ƙarfi kuma za mu saita jigilar narke a cikin babban reshe.
Tunanin yana da sauƙi: yanzu siffar mu yanar za a sake ginawa duk lokacin da kuka tura cikin master, sannan tura ta atomatik zuwa Kubernetes.
Bari mu sabunta waɗannan ayyuka biyu a cikin namu .gitlab-ci.yml:
build_website:
extends: .build_docker_image
variables:
GIT_SUBMODULE_STRATEGY: normal
script:
- mkdir -p $CI_PROJECT_DIR/artifacts
- /kaniko/executor --cache --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dockerfiles/website/Dockerfile --destination $CI_REGISTRY_IMAGE/website:$CI_COMMIT_REF_NAME --digest-file $CI_PROJECT_DIR/artifacts/website.digest
artifacts:
paths:
- artifacts/
only:
refs:
- master
- tags
deploy_website:
extends: .deploy_qbec_app
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST"Da fatan za a lura mun ƙara zare master к maimaitawa don ayyuka gina gidan yanar gizon kuma yanzu muna amfani $CI_COMMIT_REF_NAME maimakon $CI_COMMIT_TAG, wato, an cire mu daga tags a Git kuma yanzu za mu tura hoto tare da sunan reshe na ƙaddamarwa wanda ya fara bututun. Yana da mahimmanci a lura cewa wannan kuma zai yi aiki tare da tags, wanda zai ba mu damar adana hotuna na rukunin yanar gizo tare da takamaiman sigar a cikin docker-registry.
Lokacin da sunan docker don sabon sigar rukunin yanar gizon na iya canzawa, har yanzu dole ne mu bayyana canje-canje zuwa Kubernetes, in ba haka ba kawai ba zai sake yin amfani da aikace-aikacen daga sabon hoton ba, tunda ba zai lura da kowane canje-canje a cikin bayyani na turawa.
Zaɓi —vm:ext-str digest=”$DIGEST” don qbec - yana ba ku damar wuce canjin waje zuwa jsonnet. Muna son a sake tura shi cikin gungu tare da kowane sakin aikace-aikacen mu. Ba za mu iya ƙara amfani da sunan tag ba, wanda yanzu ba zai iya canzawa ba, tunda muna buƙatar ɗaure mu da takamaiman sigar hoton kuma mu jawo tura lokacin da ya canza.
Anan za a taimaka mana ta ikon Kaniko don adana hoto mai narkewa zuwa fayil (zaɓi --digest-fayil)
Sa'an nan za mu canja wurin wannan fayil kuma karanta shi a lokacin turawa.
Bari mu sabunta sigogi don namu tura/website/environments/base.libsonnet wanda yanzu zai yi kama da haka:
{
components: {
website: {
name: 'example-docs',
image: 'registry.gitlab.com/kvaps/docs.example.org/website@' + std.extVar('digest'),
replicas: 1,
containerPort: 80,
servicePort: 80,
nodeSelector: {},
tolerations: [],
ingressClass: 'nginx',
domain: 'docs.example.org',
},
},
}An gama, yanzu kowane ƙaddamarwa master ya fara gina hoton docker don yanar, sannan tura shi zuwa Kubernetes.
Kar a manta da yin canje-canjenmu:
git add .
git commit -m "Configure dynamic build"Za mu duba daga baya git tura ya kamata mu ga wani abu kamar haka:
Hoton hoto na bututun maigidan
A ka'ida, ba ma buƙatar sake yin amfani da gitlab-gudu tare da kowane turawa, sai dai idan, ba shakka, babu abin da ya canza a cikin tsarin sa, bari mu gyara shi a ciki. .gitlab-ci.yml:
deploy_gitlab_runner:
extends: .deploy_qbec_app
variables:
GIT_SUBMODULE_STRATEGY: normal
before_script:
- base64 -d "$GITCRYPT_KEY" | git-crypt unlock -
script:
- qbec apply default --root deploy/gitlab-runner --force:k8s-context __incluster__ --wait --yes
only:
changes:
- deploy/gitlab-runner/**/*canje-canje zai baka damar saka idanu canje-canje a ciki tura /gitlab-mai gudu/ kuma zai fara aikin mu kawai idan akwai wasu
Kar a manta da yin canje-canjenmu:
git add .gitlab-ci.yml
git commit -m "Reduce gitlab-runner deploy"git tura, hakan yafi:
Hoton hoto na bututun da aka sabunta
12. Matsaloli masu ƙarfi
Lokaci ya yi da za mu haɓaka bututunmu tare da yanayi mai ƙarfi.
Da farko, bari mu sabunta aikin gina gidan yanar gizon a cikin mu .gitlab-ci.yml, cire toshe daga gare ta kawai, wanda zai tilasta Gitlab ya jawo shi akan kowane sadaukarwa ga kowane reshe:
build_website:
extends: .build_docker_image
variables:
GIT_SUBMODULE_STRATEGY: normal
script:
- mkdir -p $CI_PROJECT_DIR/artifacts
- /kaniko/executor --cache --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dockerfiles/website/Dockerfile --destination $CI_REGISTRY_IMAGE/website:$CI_COMMIT_REF_NAME --digest-file $CI_PROJECT_DIR/artifacts/website.digest
artifacts:
paths:
- artifacts/Sannan sabunta aikin deploy_website, ƙara shinge a can yanayi:
deploy_website:
extends: .deploy_qbec_app
environment:
name: prod
url: https://docs.example.org
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST"Wannan zai ba da damar Gitlab don haɗa aikin tare da prod yanayi da kuma nuna madaidaicin hanyar haɗi zuwa gare shi.
Yanzu bari mu ƙara ƙarin ayyuka biyu:
deploy_website:
extends: .deploy_qbec_app
environment:
name: prod
url: https://docs.example.org
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST"
deploy_review:
extends: .deploy_qbec_app
environment:
name: review/$CI_COMMIT_REF_NAME
url: http://$CI_ENVIRONMENT_SLUG.docs.example.org
on_stop: stop_review
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply review --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST" --vm:ext-str subdomain="$CI_ENVIRONMENT_SLUG" --app-tag "$CI_ENVIRONMENT_SLUG"
only:
refs:
- branches
except:
refs:
- master
stop_review:
extends: .deploy_qbec_app
environment:
name: review/$CI_COMMIT_REF_NAME
action: stop
stage: deploy
before_script:
- git clone "$CI_REPOSITORY_URL" master
- cd master
script:
- qbec delete review --root deploy/website --force:k8s-context __incluster__ --yes --vm:ext-str digest="$DIGEST" --vm:ext-str subdomain="$CI_ENVIRONMENT_SLUG" --app-tag "$CI_ENVIRONMENT_SLUG"
variables:
GIT_STRATEGY: none
only:
refs:
- branches
except:
refs:
- master
when: manualZa a kaddamar da su a kan turawa zuwa kowane rassan sai dai masters kuma za su tura samfurin samfoti na shafin.
Muna ganin sabon zaɓi don qbec: --app-tag - yana ba ku damar yiwa nau'ikan aikace-aikacen da aka tura kuma kuyi aiki kawai a cikin wannan alamar; lokacin ƙirƙirar da lalata albarkatu a cikin Kubernetes, qbec zai yi aiki tare da su kawai.
Ta wannan hanyar ba za mu iya ƙirƙirar yanayi daban don kowane bita ba, amma kawai sake amfani da iri ɗaya.
A nan kuma muna amfani qbec amfani review, maimakon qbec amfani da tsoho - wannan shine daidai lokacin da zamuyi ƙoƙarin bayyana bambance-bambancen mahallin mu (bita da tsoho):
Bari mu kara review muhalli a tura/website/qbec.yaml
spec:
environments:
review:
defaultNamespace: docs
server: https://kubernetes.example.org:8443Sa'an nan za mu bayyana shi a ciki deploy/website/params.libsonnet:
local env = std.extVar('qbec.io/env');
local paramsMap = {
_: import './environments/base.libsonnet',
default: import './environments/default.libsonnet',
review: import './environments/review.libsonnet',
};
if std.objectHas(paramsMap, env) then paramsMap[env] else error 'environment ' + env + ' not defined in ' + std.thisFileKuma rubuta sigogi na al'ada don shi a ciki tura/website/muhalli/review.libsonnet:
// this file has the param overrides for the default environment
local base = import './base.libsonnet';
local slug = std.extVar('qbec.io/tag');
local subdomain = std.extVar('subdomain');
base {
components+: {
website+: {
name: 'example-docs-' + slug,
domain: subdomain + '.docs.example.org',
},
},
}Bari kuma mu kalli aikin da kyau tsayawa_bita, za a kunna lokacin da aka share reshe kuma don kada gitlab yayi ƙoƙarin bincika ana amfani dashi. GIT_STRATEGY: babu, daga baya mu clone master- reshe kuma share bita ta hanyar shi.
Yana da ɗan rikicewa, amma ban sami mafi kyawun hanya ba tukuna.
Wani zaɓi shine a tura kowane bita zuwa sararin sunan otal, wanda koyaushe ana iya rushe shi gaba ɗaya.
Kar a manta da yin canje-canjenmu:
git add .
git commit -m "Enable automatic review"git tura, git checkout -b gwajin, git tura asalin gwajin, duba:
Hoton hoton da aka kirkira a Gitlab
Komai yana aiki? - mai girma, share reshen gwajin mu: git wurin biya, git tura asali: gwaji, Mun duba cewa ayyukan share muhalli sun yi aiki ba tare da kurakurai ba.
Anan ina so in bayyana nan da nan cewa duk wani mai haɓakawa a cikin aikin zai iya ƙirƙirar rassa, kuma yana iya canzawa .gitlab-ci.yml fayil da samun dama ga masu canjin sirri.
Sabili da haka, ana ba da shawarar sosai don ba da izinin amfani da su kawai don rassan da aka karewa, misali a cikin master, ko ƙirƙirar keɓaɓɓen saitin masu canji don kowane yanayi.
13. Bitar Apps
Wannan fasalin GitLab ne wanda ke ba ku damar ƙara maɓalli don kowane fayil a cikin ma'ajiyar don duba shi da sauri a cikin wurin da aka tura.
Domin waɗannan maɓallan su bayyana, kuna buƙatar ƙirƙirar fayil .gitlab/route-map.yml da bayyana duk canje-canjen hanyar da ke cikinsa; a cikin yanayinmu zai zama mai sauƙi:
# Indices
- source: /content/(.+?)_index.(md|html)/
public: '1'
# Pages
- source: /content/(.+?).(md|html)/
public: '1/'Kar a manta da yin canje-canjenmu:
git add .gitlab/
git commit -m "Enable review apps"git tura, kuma duba:
Hoton hoto na maɓallin App na Bita
Aiki ya yi!
Tushen aikin:
- na Gitlab:
- na GitHub:
Na gode da kulawar ku, ina fata kuna son shi
source: www.habr.com