Nyob zoo! Tsis ntev los no, ntau cov cuab yeej automation txias tau raug tso tawm ob qho tib si rau tsim Docker dluab thiab xa mus rau Kubernetes. Hauv qhov no, kuv txiav txim siab ua si nrog GitLab, ua tib zoo kawm nws lub peev xwm thiab, tau kawg, teeb tsa lub raj xa dej.
Txoj haujlwm no tau tshwm sim los ntawm lub vev xaib , uas yog generated los ntawm tau, thiab rau txhua qhov kev thov pas dej ua ke, tus neeg hlau cia li tsim ib qho kev saib ua ntej ntawm lub xaib nrog koj cov kev hloov pauv thiab muab qhov txuas rau saib.
Kuv sim tsim cov txheej txheem zoo sib xws los ntawm kos, tab sis tag nrho ua rau Gitlab CI thiab cov cuab yeej pub dawb uas kuv tau siv los siv los xa cov ntawv thov rau Kubernetes. Hnub no thaum kawg kuv yuav qhia koj ntxiv txog lawv.
Kab lus yuav tham txog cov cuab yeej xws li:
Hugo, qbec ib, kaniko ua, git-crypt и GitLab CI nrog rau cov creation ntawm dynamic ib puag ncig.
Cov ntsiab lus
1. Tau paub Hugo
Raws li ib qho piv txwv ntawm peb qhov project, peb yuav sim tsim cov ntaub ntawv tshaj tawm qhov chaw tsim los ntawm Hugo. Hugo yog tus tsim cov ntsiab lus zoo li qub.
Rau cov neeg uas tsis paub txog cov tshuab hluav taws xob zoo li qub, kuv yuav qhia koj me ntsis ntxiv txog lawv. Tsis zoo li cov qauv siv lub vev xaib nrog cov ntaub ntawv thiab qee qhov PHP, uas, thaum thov los ntawm tus neeg siv, tsim cov nplooj ntawv ya, cov tshuab hluav taws xob zoo li qub tau tsim txawv me ntsis. Lawv tso cai rau koj los nqa cov peev txheej, feem ntau yog txheej txheej ntawm cov ntaub ntawv hauv Markdown markup thiab cov ntsiab lus, tom qab ntawd muab tso rau hauv lub vev xaib ua tiav.
Ntawd yog, yog li ntawd, koj yuav tau txais cov qauv sau npe thiab cov txheej txheem tsim cov ntaub ntawv HTML, uas koj tuaj yeem yooj yim upload rau ib qho pheej yig hosting thiab tau txais lub vev xaib ua haujlwm.
Koj tuaj yeem nruab Hugo hauv zos thiab sim nws:
Pib qhov chaw tshiab:
hugo new site docs.example.orgThiab tib lub sijhawm git repository:
cd docs.example.org
git initTxog tam sim no, peb lub xaib yog pristine thiab txhawm rau kom muaj qee yam tshwm sim rau nws, peb yuav tsum xub txuas lub ntsiab lus; lub ntsiab lus tsuas yog ib txheej ntawm cov qauv thiab cov cai teev tseg uas peb lub xaib tsim tawm.
Rau lub ntsiab lus peb yuav siv , uas, nyob rau hauv kuv lub tswv yim, yog zoo kawg nkaus haum rau cov ntaub ntawv chaw.
Kuv xav them tshwj xeeb rau qhov tseeb tias peb tsis tas yuav txuag cov ntsiab lus hauv peb qhov project repository; hloov, peb tuaj yeem txuas nws yooj yim siv. git submodule:
git submodule add https://github.com/matcornic/hugo-theme-learn themes/learnYog li, peb lub chaw cia khoom yuav tsuas muaj cov ntaub ntawv ncaj qha ntsig txog peb qhov project, thiab cov ntsiab lus txuas nrog yuav nyob twj ywm raws li qhov txuas mus rau qhov chaw cia khoom tshwj xeeb thiab kev cog lus hauv nws, uas yog, nws tuaj yeem rub tawm los ntawm qhov qub thiab tsis txhob ntshai. kev hloov tsis sib xws.
Cia peb kho qhov config config.toml:
baseURL = "http://docs.example.org/"
languageCode = "en-us"
title = "My Docs Site"
theme = "learn"Twb tau nyob rau theem no koj tuaj yeem khiav:
hugo serverThiab ntawm qhov chaw nyob tshawb xyuas peb lub vev xaib tshiab tsim, txhua qhov kev hloov pauv hauv cov npe tau hloov kho nplooj ntawv qhib hauv browser, yooj yim heev!
Wb sim tsim ib nplooj ntawv npog hauv content/_index.md:
# My docs site
## Welcome to the docs!
You will be very smart :-)Screenshot ntawm nplooj ntawv tshiab tsim
Txhawm rau tsim ib lub xaib, tsuas yog khiav:
hugoCov ntsiab lus ntawm phau ntawv pej xeem/ thiab yuav yog koj lub vev xaib.
Yog, los ntawm txoj kev, cia tam sim ntawd ntxiv rau .gitignore:
echo /public > .gitignoreTsis txhob hnov qab ua raws li peb cov kev hloov pauv:
git add .
git commit -m "New site created"2. Npaj Dockerfile
Nws yog lub sij hawm los txhais cov qauv ntawm peb lub repository. Kuv feem ntau siv qee yam xws li:
.
├── deploy
│ ├── app1
│ └── app2
└── dockerfiles
├── image1
└── image2- dockerfiles/ - muaj cov npe nrog Dockerfiles thiab txhua yam tsim nyog los tsim peb cov duab Docker.
- xa mus / - muaj cov npe rau kev xa tawm peb cov ntawv thov rau Kubernetes
Yog li, peb yuav tsim peb thawj Dockerfile raws txoj kev dockerfiles/website/Dockerfile
FROM alpine:3.11 as builder
ARG HUGO_VERSION=0.62.0
RUN wget -O- https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_${HUGO_VERSION}_linux-64bit.tar.gz | tar -xz -C /usr/local/bin
ADD . /src
RUN hugo -s /src
FROM alpine:3.11
RUN apk add --no-cache darkhttpd
COPY --from=builder /src/public /var/www
ENTRYPOINT [ "/usr/bin/darkhttpd" ]
CMD [ "/var/www" ]Raws li koj tuaj yeem pom, Dockerfile muaj ob LOS NTAWM, lub sijhawm no hu ua thiab tso cai rau koj tshem tawm txhua yam tsis tsim nyog los ntawm daim duab docker zaum kawg.
Yog li, daim duab kawg yuav tsuas muaj tsaus httpd (lub teeb yuag HTTP server) thiab pej xeem/ - cov ntsiab lus ntawm peb lub vev xaib tsim tawm statically.
Tsis txhob hnov qab ua raws li peb cov kev hloov pauv:
git add dockerfiles/website
git commit -m "Add Dockerfile for website"3. Tau paub kaniko
Raws li tus tsim duab docker, kuv txiav txim siab siv , txij li nws txoj haujlwm tsis tas yuav tsum muaj lub docker daemon, thiab kev tsim nws tus kheej tuaj yeem nqa tawm ntawm txhua lub tshuab thiab cache tuaj yeem khaws cia ncaj qha rau hauv daim ntawv teev npe, yog li tshem tawm qhov xav tau kom muaj kev cia siab tas li.
Txhawm rau tsim cov duab, tsuas yog khiav lub thawv nrog kev executor thiab dhau nws cov ntsiab lus tsim tam sim no; qhov no tuaj yeem ua tiav hauv zos, ntawm docker:
docker run -ti --rm
-v $PWD:/workspace
-v ~/.docker/config.json:/kaniko/.docker/config.json:ro
gcr.io/kaniko-project/executor:v0.15.0
--cache
--dockerfile=dockerfiles/website/Dockerfile
--destination=registry.gitlab.com/kvaps/docs.example.org/website:v0.0.1Qhov twg registry.gitlab.com/kvaps/docs.example.org/website - lub npe ntawm koj daim duab docker; tom qab lub tsev, nws yuav cia li tso rau hauv docker npe.
Parameter --cache tso cai rau koj cache txheej hauv docker npe; piv txwv li muab, lawv yuav raug cawm hauv registry.gitlab.com/kvaps/docs.example.org/website/cache, tab sis koj tuaj yeem hais qhia lwm txoj hauv kev siv qhov ntsuas --cache-repo.
Screenshot ntawm docker-registry
4. Paub qbec
yog ib lub cuab yeej xa tawm uas tso cai rau koj tshaj tawm piav qhia koj daim ntawv thov tshwm sim thiab xa mus rau Kubernetes. Siv Jsonnet ua cov ntsiab lus tseem ceeb tso cai rau koj kom yooj yim heev rau cov lus piav qhia ntawm qhov sib txawv ntawm ntau qhov chaw, thiab tseem yuav luag tag nrho tshem tawm cov lej rov ua dua.
Qhov no tuaj yeem muaj tseeb tshwj xeeb yog tias koj yuav tsum xa daim ntawv thov mus rau ntau pawg nrog qhov sib txawv thiab xav piav qhia lawv hauv Git.
Qbec kuj tso cai rau koj los ua Helm kab kos los ntawm kev dhau lawv qhov tsim nyog tsis tau thiab tom qab ntawd ua haujlwm tib yam li kev tshwm sim tsis tu ncua, suav nrog koj tuaj yeem siv ntau yam kev hloov pauv rau lawv, thiab qhov no, dhau los, tso cai rau koj tshem tawm qhov xav tau. siv ChartMuseum. Ntawd yog, koj tuaj yeem khaws thiab xa cov kab kos ncaj qha los ntawm git, qhov chaw lawv nyob.
Raws li kuv tau hais ua ntej, peb yuav khaws tag nrho cov kev xa mus rau hauv ib daim ntawv teev npe xa mus /:
mkdir deploy
cd deployCia peb pib peb thawj daim ntawv thov:
qbec init website
cd websiteTam sim no tus qauv ntawm peb daim ntawv thov zoo li no:
.
├── components
├── environments
│ ├── base.libsonnet
│ └── default.libsonnet
├── params.libsonnet
└── qbec.yamlcia peb saib cov ntaub ntawv qbec yam:
apiVersion: qbec.io/v1alpha1
kind: App
metadata:
name: website
spec:
environments:
default:
defaultNamespace: docs
server: https://kubernetes.example.org:8443
vars: {}Ntawm no peb feem ntau txaus siab rau spec.ib puag ncig, qbec twb tau tsim ib puag ncig lub neej ntawd rau peb thiab coj qhov chaw nyob server, nrog rau namespace los ntawm peb kubeconfig tam sim no.
Tam sim no thaum xa mus rau ua ntej ib puag ncig, qbec yuav ib txwm xa mus rau qhov tshwj xeeb Kubernetes pawg thiab mus rau qhov chaw teev npe, uas yog, koj tsis tas yuav hloov pauv ntawm cov ntsiab lus thiab cov npe chaw nyob rau hauv thiaj li yuav ua tiav kev xa tawm.
Yog tias tsim nyog, koj tuaj yeem hloov kho cov chaw hauv cov ntaub ntawv no ib txwm.
Txhua yam koj ib puag ncig tau piav qhia hauv qbec yam, thiab hauv cov ntaub ntawv params.libsonnet, qhov twg nws hais tias qhov twg yuav tau txais cov parameter rau lawv.
Tom ntej no peb pom ob phau ntawv qhia:
- Cheebtsam / - txhua qhov manifests rau peb daim ntawv thov yuav muab khaws cia ntawm no; lawv tuaj yeem piav qhia ob qho tib si hauv jsonnet thiab cov ntaub ntawv yaml li niaj zaus
- ib puag ncig/ - Ntawm no peb yuav piav qhia txhua qhov sib txawv (tsis muaj) rau peb ib puag ncig.
Los ntawm lub neej ntawd peb muaj ob cov ntaub ntawv:
- environments/base.libsonnet - nws yuav muaj qhov tsis sib xws rau txhua qhov chaw ib puag ncig
- environments/default.libsonnet - muaj cov tsis muaj overridden rau ib puag ncig ua ntej
cia qhib environments/base.libsonnet thiab ntxiv parameters rau peb thawj feem nyob rau hauv:
{
components: {
website: {
name: 'example-docs',
image: 'registry.gitlab.com/kvaps/docs.example.org/website:v0.0.1',
replicas: 1,
containerPort: 80,
servicePort: 80,
nodeSelector: {},
tolerations: [],
ingressClass: 'nginx',
domain: 'docs.example.org',
},
},
}Wb kuj tsim peb cov thawj feem components/website.jsonnet:
local env = {
name: std.extVar('qbec.io/env'),
namespace: std.extVar('qbec.io/defaultNs'),
};
local p = import '../params.libsonnet';
local params = p.components.website;
[
{
apiVersion: 'apps/v1',
kind: 'Deployment',
metadata: {
labels: { app: params.name },
name: params.name,
},
spec: {
replicas: params.replicas,
selector: {
matchLabels: {
app: params.name,
},
},
template: {
metadata: {
labels: { app: params.name },
},
spec: {
containers: [
{
name: 'darkhttpd',
image: params.image,
ports: [
{
containerPort: params.containerPort,
},
],
},
],
nodeSelector: params.nodeSelector,
tolerations: params.tolerations,
imagePullSecrets: [{ name: 'regsecret' }],
},
},
},
},
{
apiVersion: 'v1',
kind: 'Service',
metadata: {
labels: { app: params.name },
name: params.name,
},
spec: {
selector: {
app: params.name,
},
ports: [
{
port: params.servicePort,
targetPort: params.containerPort,
},
],
},
},
{
apiVersion: 'extensions/v1beta1',
kind: 'Ingress',
metadata: {
annotations: {
'kubernetes.io/ingress.class': params.ingressClass,
},
labels: { app: params.name },
name: params.name,
},
spec: {
rules: [
{
host: params.domain,
http: {
paths: [
{
backend: {
serviceName: params.name,
servicePort: params.servicePort,
},
},
],
},
},
],
},
},
]Hauv cov ntaub ntawv no peb tau piav qhia peb lub Kubernetes ib zaug, cov no yog: txiag, Service и Ingress. Yog tias peb xav tau, peb tuaj yeem muab tso rau hauv cov khoom sib txawv, tab sis nyob rau theem no ib qho yuav txaus rau peb.
syntax jsonnet zoo ib yam li json li niaj zaus, hauv txoj cai, json li niaj zaus twb siv tau jsonnet, yog li thaum xub thawj nws yuav yooj yim dua rau koj siv cov kev pabcuam online xws li yam 2j los hloov koj yaml ib txwm ua rau json, lossis, yog tias koj cov khoom tsis muaj qhov hloov pauv, ces lawv tuaj yeem piav qhia hauv daim ntawv ntawm yaml li niaj zaus.
Thaum ua haujlwm nrog jsonnet Kuv pom zoo kom txhim kho lub plugin rau koj tus editor
Piv txwv li, muaj plugin rau vim vim jsonnet, uas tig rau ntawm syntax highlighting thiab cia li executes yus fmt txhua zaus koj txuag (yuav tsum tau nruab jsonnet).
Txhua yam yog npaj txhij, tam sim no peb tuaj yeem pib xa tawm:
Txhawm rau saib seb peb tau txais dab tsi, cia peb khiav:
qbec show defaultNtawm qhov tso zis, koj yuav pom rendered yaml manifests uas yuav siv rau lub neej ntawd pawg.
Zoo heev, tam sim no siv:
qbec apply defaultNtawm qhov tso zis koj yuav pom txhua yam yuav ua tiav hauv koj pawg, qbec yuav hais kom koj pom zoo rau cov kev hloov pauv los ntawm kev ntaus y koj yuav muaj peev xwm paub meej tias koj lub hom phiaj.
Peb daim ntawv thov yog npaj txhij thiab xa mus!
Yog tias koj hloov pauv, koj tuaj yeem ua txhua yam:
qbec diff defaultsaib seb cov kev hloov pauv no yuav cuam tshuam li cas rau kev xa tawm tam sim no
Tsis txhob hnov qab ua raws li peb cov kev hloov pauv:
cd ../..
git add deploy/website
git commit -m "Add deploy for website"5. Sim Gitlab-khiav nrog Kubernetes-executor
Txog rau tam sim no kuv tsuas yog siv tsis tu ncua gitlab-khiav ntawm lub tshuab ua ntej npaj (LXC ntim) nrog lub plhaub lossis docker-executor. Thaum pib, peb muaj ob peb tus neeg khiav dej num thoob ntiaj teb tau teev tseg hauv peb gitlab. Lawv sau cov duab docker rau txhua qhov haujlwm.
Tab sis raws li kev xyaum tau pom, qhov kev xaiv no tsis yog qhov zoo tshaj plaws, ob qho tib si ntawm kev ua tau zoo thiab kev nyab xeeb. Nws yog qhov zoo dua thiab muaj tswv yim zoo dua kom muaj cov neeg khiav dej num sib cais rau txhua qhov haujlwm, lossis txawm rau txhua qhov chaw.
Hmoov zoo, qhov no tsis yog teeb meem txhua, txij li tam sim no peb yuav xa mus gitlab-khiav ncaj qha raws li ib feem ntawm peb txoj haujlwm txoj cai hauv Kubernetes.
Gitlab muab ib daim ntawv npaj npaj ua rau kev siv gitlab-khiav mus rau Kubernetes. Yog li txhua yam koj yuav tsum ua yog nrhiav kom paub sau npe token rau peb qhov project hauv Chaw -> CI / CD -> Runners thiab hla nws mus rau tus thawj tswj hwm:
helm repo add gitlab https://charts.gitlab.io
helm install gitlab-runner
--set gitlabUrl=https://gitlab.com
--set runnerRegistrationToken=yga8y-jdCusVDn_t4Wxc
--set rbac.create=true
gitlab/gitlab-runnerQhov twg:
- - qhov chaw nyob ntawm koj Gitlab server.
- yga8y-jdCusVDn_t4Wxc - sau npe token rau koj qhov project.
- rbac.create= yog - muab cov neeg khiav nrog qhov tsim nyog ntawm cov cai kom muaj peev xwm tsim cov pods los ua peb cov dej num siv kubernetes-executor.
Yog tias txhua yam ua tiav yog lawm, koj yuav tsum pom tus neeg khiav dej num hauv ntu Runners, hauv koj qhov project nqis.
Screenshot ntawm tus ntxiv khiav
Puas yog nws yooj yim? - Yog, nws yog qhov yooj yim! Tsis muaj teeb meem ntxiv nrog rau kev sau npe cov neeg khiav dej num manually, txij li tam sim no rau cov neeg khiav dej num yuav raug tsim thiab rhuav tshem tau.
6. Siv cov kab kos Helm nrog QBEC
Txij li thaum peb txiav txim siab los xav txog gitlab-khiav ib feem ntawm peb qhov project, nws yog lub sijhawm los piav qhia nws hauv peb qhov chaw khaws cia Git.
Peb tuaj yeem piav qhia nws ua ib qho kev sib cais website, tab sis yav tom ntej peb npaj yuav xa cov ntawv luam sib txawv website feem ntau, tsis zoo li gitlab-khiav, uas yuav raug xa tawm ib zaug rau Kubernetes pawg. Yog li cia peb pib ib daim ntawv thov cais rau nws:
cd deploy
qbec init gitlab-runner
cd gitlab-runnerLub sijhawm no peb yuav tsis piav txog Kubernetes cov chaw ua haujlwm ntawm tes, tab sis yuav siv daim ntawv npaj ua Helm. Ib qho zoo ntawm qbec yog lub peev xwm los ua Helm kab kos ncaj qha los ntawm Git repository.
Cia peb txuas nws nrog git submodule:
git submodule add https://gitlab.com/gitlab-org/charts/gitlab-runner vendor/gitlab-runnerTam sim no lub directory vendor/gitlab-runner Peb muaj lub chaw cia khoom nrog daim ntawv qhia rau gitlab-khiav.
Ib yam li ntawd, koj tuaj yeem txuas rau lwm qhov chaw cia khoom, piv txwv li, tag nrho cov chaw cia khoom nrog cov kab kos npe
Cia peb piav qhia txog lub ntsiab lus components/gitlab-runner.jsonnet:
local env = {
name: std.extVar('qbec.io/env'),
namespace: std.extVar('qbec.io/defaultNs'),
};
local p = import '../params.libsonnet';
local params = p.components.gitlabRunner;
std.native('expandHelmTemplate')(
'../vendor/gitlab-runner',
params.values,
{
nameTemplate: params.name,
namespace: env.namespace,
thisFile: std.thisFile,
verbose: true,
}
)Thawj qhov kev sib cav rau expandHelmTemplate peb dhau txoj kev mus rau daim ntawv, ces params.values, uas peb coj los ntawm ib puag ncig tsis, ces tuaj cov khoom nrog
- npe Template — tso npe
- npe - lub npe tau pauv mus rau tus thawj tswj hwm
- thisFile - qhov yuav tsum tau ua kom dhau txoj kev mus rau cov ntaub ntawv tam sim no
- lus - qhia cov lus txib kaus mom hlau template nrog tag nrho cov lus sib cav thaum ua daim ntawv qhia
Tam sim no cia peb piav qhia txog qhov tsis haum rau peb cov khoom hauv environments/base.libsonnet:
local secrets = import '../secrets/base.libsonnet';
{
components: {
gitlabRunner: {
name: 'gitlab-runner',
values: {
gitlabUrl: 'https://gitlab.com/',
rbac: {
create: true,
},
runnerRegistrationToken: secrets.runnerRegistrationToken,
},
},
},
}Tshem nyiaj RunnerRegistrationToken peb muab los ntawm cov ntaub ntawv sab nraud secrets/base.libsonnet, cia peb tsim nws:
{
runnerRegistrationToken: 'yga8y-jdCusVDn_t4Wxc',
}Cia peb xyuas yog tias txhua yam ua haujlwm:
qbec show defaultYog tias txhua yam nyob rau hauv kev txiav txim, ces peb tuaj yeem rho tawm peb qhov kev tso tawm yav dhau los ntawm Helm:
helm uninstall gitlab-runnerthiab xa nws tib txoj kev, tab sis los ntawm qbec:
qbec apply default7. Taw qhia rau git-crypt
yog lub cuab yeej uas tso cai rau koj los teeb tsa pob tshab encryption rau koj qhov chaw cia khoom.
Tam sim no, peb cov qauv kev qhia rau gitlab-khiav zoo li no:
.
├── components
│ ├── gitlab-runner.jsonnet
├── environments
│ ├── base.libsonnet
│ └── default.libsonnet
├── params.libsonnet
├── qbec.yaml
├── secrets
│ └── base.libsonnet
└── vendor
└── gitlab-runner (submodule)Tab sis khaws cov zais cia hauv Git tsis muaj kev nyab xeeb, puas yog? Yog li peb yuav tsum tau encrypt lawv kom raug.
Feem ntau, rau lub hom phiaj ntawm ib qho kev sib txawv, qhov no tsis yog ib txwm ua rau kev nkag siab. Koj tuaj yeem hloov cov secrets rau qbec ib thiab los ntawm ib puag ncig hloov pauv ntawm koj qhov CI system.
Tab sis nws tsim nyog sau cia tias tseem muaj ntau txoj haujlwm nyuaj uas tuaj yeem muaj ntau yam zais cia; hloov lawv tag nrho los ntawm ib puag ncig hloov pauv yuav nyuaj heev.Ntxiv mus, nyob rau hauv cov ntaub ntawv no kuv yuav tsis muaj peev xwm qhia rau koj txog xws li ib tug zoo kawg nkaus cuab tam li git-crypt.
git-crypt Nws kuj yog qhov yooj yim uas nws tso cai rau koj khaws tag nrho cov keeb kwm ntawm kev zais cia, nrog rau kev sib piv, sib koom ua ke thiab daws qhov tsis sib haum xeeb tib yam li peb tau siv los ua hauv Git.
Thawj qhov tom qab kev teeb tsa git-crypt peb yuav tsum tsim cov yuam sij rau peb qhov chaw cia khoom:
git crypt initYog tias koj muaj tus yuam sij PGP, koj tuaj yeem ntxiv koj tus kheej tam sim ntawd ua tus neeg koom tes rau qhov project no:
git-crypt add-gpg-user [email protected]Txoj kev no koj tuaj yeem decrypt lub chaw khaws cia txhua lub sijhawm siv koj tus lej ntiag tug.
Yog tias koj tsis muaj tus yuam sij PGP thiab tsis xav kom nws, ces koj tuaj yeem mus rau lwm txoj hauv kev thiab xa tawm qhov project key:
git crypt export-key /path/to/keyfileYog li, leej twg muaj exported keyfile yuav muaj peev xwm decrypt koj repository.
Nws yog lub sijhawm los teeb tsa peb thawj qhov zais cia.
Cia kuv ceeb toom koj tias peb tseem nyob hauv phau ntawv teev npe deploy/gitlab-runner/, qhov twg peb muaj ib tug directory zais cia /, cia peb encrypt tag nrho cov ntaub ntawv nyob rau hauv nws, rau qhov no peb yuav tsim ib cov ntaub ntawv secrets/.gitattributes nrog cov ntsiab lus hauv qab no:
* filter=git-crypt diff=git-crypt
.gitattributes !filter !diffRaws li tuaj yeem pom los ntawm cov ntsiab lus, tag nrho cov ntaub ntawv tau npog * yuav tau tsav los ntawm git-crypt, tsuas yog rau feem ntau .gitattributes
Peb tuaj yeem tshawb xyuas qhov no los ntawm kev khiav:
git crypt status -eCov zis yuav yog ib daim ntawv teev tag nrho cov ntaub ntawv nyob rau hauv lub repository uas encryption enabled
Ntawd yog tag nrho, tam sim no peb tuaj yeem ua raws li peb cov kev hloov pauv yam nyab xeeb:
cd ../..
git add .
git commit -m "Add deploy for gitlab-runner"Txhawm rau thaiv qhov chaw cia khoom, tsuas yog khiav:
git crypt lockthiab tam sim ntawd tag nrho cov ntaub ntawv encrypted yuav tig mus rau hauv binary ib yam dab tsi, nws yuav tsis yooj yim sua kom nyeem lawv.
Txhawm rau decrypt lub repository, khiav:
git crypt unlock8. Tsim ib daim duab toolbox
Daim duab toolbox yog ib daim duab nrog tag nrho cov cuab yeej uas peb yuav siv los deploy peb qhov project. Nws yuav siv los ntawm Gitlab khiav los ua cov haujlwm raug xa mus.
Txhua yam yooj yim ntawm no, cia peb tsim ib qho tshiab dockerfiles/toolbox/Dockerfile nrog cov ntsiab lus hauv qab no:
FROM alpine:3.11
RUN apk add --no-cache git git-crypt
RUN QBEC_VER=0.10.3
&& wget -O- https://github.com/splunk/qbec/releases/download/v${QBEC_VER}/qbec-linux-amd64.tar.gz
| tar -C /tmp -xzf -
&& mv /tmp/qbec /tmp/jsonnet-qbec /usr/local/bin/
RUN KUBECTL_VER=1.17.0
&& wget -O /usr/local/bin/kubectl
https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VER}/bin/linux/amd64/kubectl
&& chmod +x /usr/local/bin/kubectl
RUN HELM_VER=3.0.2
&& wget -O- https://get.helm.sh/helm-v${HELM_VER}-linux-amd64.tar.gz
| tar -C /tmp -zxf -
&& mv /tmp/linux-amd64/helm /usr/local/bin/helmRaws li koj tuaj yeem pom, hauv daim duab no peb nruab tag nrho cov khoom siv hluav taws xob uas peb tau siv los xa peb daim ntawv thov. Peb tsis xav tau ntawm no tshwj tsis yog kubtl ua, tab sis tej zaum koj yuav xav ua si nrog nws thaum lub sij hawm teeb tsa cov kav dej.
Tsis tas li ntawd, txhawm rau kom muaj peev xwm sib txuas lus nrog Kubernetes thiab xa mus rau nws, peb yuav tsum teeb tsa lub luag haujlwm rau cov pods tsim los ntawm gitlab-khiav.
Txhawm rau ua qhov no, cia peb mus rau cov npe nrog gitlab-khiav:
cd deploy/gitlab-runnerthiab ntxiv ib qho tshiab components/rbac.jsonnet:
local env = {
name: std.extVar('qbec.io/env'),
namespace: std.extVar('qbec.io/defaultNs'),
};
local p = import '../params.libsonnet';
local params = p.components.rbac;
[
{
apiVersion: 'v1',
kind: 'ServiceAccount',
metadata: {
labels: {
app: params.name,
},
name: params.name,
},
},
{
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'Role',
metadata: {
labels: {
app: params.name,
},
name: params.name,
},
rules: [
{
apiGroups: [
'*',
],
resources: [
'*',
],
verbs: [
'*',
],
},
],
},
{
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'RoleBinding',
metadata: {
labels: {
app: params.name,
},
name: params.name,
},
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'Role',
name: params.name,
},
subjects: [
{
kind: 'ServiceAccount',
name: params.name,
namespace: env.namespace,
},
],
},
]Peb tseem yuav piav qhia txog cov kev txwv tshiab hauv environments/base.libsonnet, uas tam sim no zoo li no:
local secrets = import '../secrets/base.libsonnet';
{
components: {
gitlabRunner: {
name: 'gitlab-runner',
values: {
gitlabUrl: 'https://gitlab.com/',
rbac: {
create: true,
},
runnerRegistrationToken: secrets.runnerRegistrationToken,
runners: {
serviceAccountName: $.components.rbac.name,
image: 'registry.gitlab.com/kvaps/docs.example.org/toolbox:v0.0.1',
},
},
},
rbac: {
name: 'gitlab-runner-deploy',
},
},
}Tshem nyiaj $.components.rbac.name hais txog lub npe rau feem rbac ua
Cia peb txheeb xyuas qhov hloov pauv li cas:
qbec diff defaultthiab siv peb cov kev hloov pauv rau Kubernetes:
qbec apply defaultTsis tas li ntawd, tsis txhob hnov qab ua peb cov kev hloov pauv rau git:
cd ../..
git add dockerfiles/toolbox
git commit -m "Add Dockerfile for toolbox"
git add deploy/gitlab-runner
git commit -m "Configure gitlab-runner to use toolbox"9. Peb thawj cov kav dej thiab sib dhos ntawm cov duab los ntawm cov cim npe
Ntawm lub hauv paus ntawm qhov project peb yuav tsim .gitlab-ci.yml nrog cov ntsiab lus hauv qab no:
.build_docker_image:
stage: build
image:
name: gcr.io/kaniko-project/executor:debug-v0.15.0
entrypoint: [""]
before_script:
- echo "{"auths":{"$CI_REGISTRY":{"username":"$CI_REGISTRY_USER","password":"$CI_REGISTRY_PASSWORD"}}}" > /kaniko/.docker/config.json
build_toolbox:
extends: .build_docker_image
script:
- /kaniko/executor --cache --context $CI_PROJECT_DIR/dockerfiles/toolbox --dockerfile $CI_PROJECT_DIR/dockerfiles/toolbox/Dockerfile --destination $CI_REGISTRY_IMAGE/toolbox:$CI_COMMIT_TAG
only:
refs:
- tags
build_website:
extends: .build_docker_image
variables:
GIT_SUBMODULE_STRATEGY: normal
script:
- /kaniko/executor --cache --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dockerfiles/website/Dockerfile --destination $CI_REGISTRY_IMAGE/website:$CI_COMMIT_TAG
only:
refs:
- tagsThov nco ntsoov peb siv GIT_SUBMODULE_STRATEGY: ib txwm rau cov hauj lwm uas koj yuav tsum tau qhia meej meej pib submodules ua ntej ua tiav.
Tsis txhob hnov qab ua raws li peb cov kev hloov pauv:
git add .gitlab-ci.yml
git commit -m "Automate docker build"Kuv xav tias peb tuaj yeem hu ua qhov no yog version v0.0.1 thiab ntxiv tag:
git tag v0.0.1Peb yuav ntxiv cov cim npe thaum twg peb xav tau tso tawm ib qho tshiab. Cim npe hauv Docker cov duab yuav raug khi rau Git tags. Txhua lub laub nrog lub cim tshiab yuav pib tsim cov duab nrog daim ntawv no.
Cia peb ua git push --tags, thiab cia saib peb lub raj xa dej thawj zaug:
Screenshot ntawm thawj lub raj xa dej
Nws tsim nyog kos koj cov xim rau qhov tseeb tias kev sib dhos los ntawm cov cim npe tsim nyog rau kev tsim cov duab docker, tab sis tsis tsim nyog rau kev xa ib daim ntawv thov rau Kubernetes. Txij li cov cim npe tshiab tuaj yeem raug xa mus rau cov kev cog lus qub, qhov no, kev pib lub raj xa dej rau lawv yuav ua rau kev xa mus rau qhov qub version.
Txhawm rau daws qhov teeb meem no, feem ntau yog tsim cov duab docker yog khi rau cov cim npe, thiab kev xa tawm ntawm daim ntawv thov mus rau ib ceg. tswv, nyob rau hauv uas versions ntawm cov dluab sau yog hardcoded. Qhov no yog qhov uas koj tuaj yeem pib rollback nrog ib qho yooj yim revert tswv- ceg.
10. Automation ntawm kev xa tawm
Yuav kom Gitlab-khiav mus decrypt peb cov lus zais, peb yuav tsum tau xa tawm tus yuam sij repository thiab ntxiv rau peb qhov hloov pauv ib puag ncig CI:
git crypt export-key /tmp/docs-repo.key
base64 -w0 /tmp/docs-repo.key; echoPeb yuav txuag tau cov kab hauv Gitlab; ua qhov no, cia peb mus rau peb qhov project nqis:
Chaw -> CI / CD -> Variables
Thiab cia peb tsim qhov hloov pauv tshiab:
hom
Ntsiab
Tus nqi
Muaj Kev Tiv Thaiv
Masked
Scope
File
GITCRYPT_KEY
<your string>
true (thaum lub sijhawm cob qhia koj tuaj yeem ua tau false)
true
All environments
Screenshot ntawm qhov sib txawv ntxiv
Tam sim no cia peb hloov kho peb .gitlab-ci.yml ntxiv rau nws:
.deploy_qbec_app:
stage: deploy
only:
refs:
- master
deploy_gitlab_runner:
extends: .deploy_qbec_app
variables:
GIT_SUBMODULE_STRATEGY: normal
before_script:
- base64 -d "$GITCRYPT_KEY" | git-crypt unlock -
script:
- qbec apply default --root deploy/gitlab-runner --force:k8s-context __incluster__ --wait --yes
deploy_website:
extends: .deploy_qbec_app
script:
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yesNtawm no peb tau qhib ntau qhov kev xaiv tshiab rau qbec:
- --root ib co/app - tso cai rau koj los txiav txim cov npe ntawm ib daim ntawv thov tshwj xeeb
- --force:k8s-context __incluster__ - qhov no yog qhov txawv txav uas hais tias kev xa mus yuav tshwm sim hauv tib pawg uas gtilab-khiav khiav. Qhov no yog qhov tsim nyog vim tias txwv tsis pub qbec yuav sim nrhiav qhov tsim nyog Kubernetes server hauv koj kubeconfig
- --tos - yuam qbec tos kom txog thaum cov peev txheej uas nws tsim tau nkag mus rau hauv Lub Xeev Npaj thiab tsuas yog tom qab ntawd tawm nrog kev ua tiav kev tawm-code.
- -yog - tsuas yog lov tes taw kev sib tham sib plhaub Koj puas paub tseeb? thaum siv.
Tsis txhob hnov qab ua raws li peb cov kev hloov pauv:
git add .gitlab-ci.yml
git commit -m "Automate deploy"Thiab tom qab git laub Peb yuav pom tias peb cov ntawv thov tau siv li cas:
Screenshot ntawm lub kav dej thib ob
11. Cov khoom qub thiab kev sib dhos thaum thawb mus rau tus tswv
Feem ntau, cov kauj ruam tau piav qhia saum toj no txaus los tsim thiab xa yuav luag txhua qhov kev pabcuam microservice, tab sis peb tsis xav ntxiv tag txhua zaus peb yuav tsum hloov kho lub xaib. Yog li ntawd, peb yuav coj txoj kev muaj zog ntau dua thiab teeb tsa kev xa tawm hauv lub tswv yim.
Lub tswv yim yog yooj yim: tam sim no cov duab ntawm peb website yuav rov tsim dua txhua zaus koj thawb mus tswv, thiab tom qab ntawd cia li xa mus rau Kubernetes.
Cia peb hloov kho ob txoj haujlwm no hauv peb .gitlab-ci.yml:
build_website:
extends: .build_docker_image
variables:
GIT_SUBMODULE_STRATEGY: normal
script:
- mkdir -p $CI_PROJECT_DIR/artifacts
- /kaniko/executor --cache --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dockerfiles/website/Dockerfile --destination $CI_REGISTRY_IMAGE/website:$CI_COMMIT_REF_NAME --digest-file $CI_PROJECT_DIR/artifacts/website.digest
artifacts:
paths:
- artifacts/
only:
refs:
- master
- tags
deploy_website:
extends: .deploy_qbec_app
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST"Thov nco ntsoov peb tau ntxiv ib txoj xov tswv к refs rau txoj haujlwm build_website thiab tam sim no peb siv $CI_COMMIT_REF_NAME es tsis txhob $CI_COMMIT_TAG, uas yog, peb tau untied los ntawm cov cim npe hauv Git thiab tam sim no peb yuav thawb ib daim duab nrog lub npe ntawm ceg cog lus uas pib lub raj xa dej. Nws yog ib qho tsim nyog sau cia tias qhov no tseem yuav ua haujlwm nrog cov cim npe, uas yuav tso cai rau peb txuag snapshots ntawm lub vev xaib nrog cov ntawv tshwj xeeb hauv docker-registry.
Thaum lub npe ntawm docker tag rau lub vev xaib tshiab tuaj yeem hloov pauv tsis tau, peb tseem yuav tau piav qhia txog cov kev hloov pauv rau Kubernetes, txwv tsis pub nws tsuas yog yuav tsis rov siv dua daim ntawv thov los ntawm cov duab tshiab, vim nws yuav tsis pom muaj kev hloov pauv hauv lub kev xa tawm manifest.
Xaiv —vm:ext-str digest=”$DIGEST” rau qbec - tso cai rau koj dhau qhov hloov pauv sab nraud rau jsonnet. Peb xav kom nws rov ua haujlwm dua hauv pawg nrog txhua qhov kev tso tawm ntawm peb daim ntawv thov. Peb tsis tuaj yeem siv lub npe tag lawm, uas tam sim no tuaj yeem hloov tsis tau, vim peb yuav tsum tau khi rau ib qho tshwj xeeb ntawm daim duab thiab ua rau kev xa tawm thaum nws hloov.
Ntawm no peb yuav tau txais kev pab los ntawm Kaniko lub peev xwm los khaws cov duab digest rau ib cov ntaub ntawv (kev xaiv --digest-file)
Tom qab ntawd peb yuav hloov cov ntaub ntawv no thiab nyeem nws thaum lub sijhawm xa tawm.
Cia peb hloov kho cov kev txwv rau peb deploy/website/environments/base.libsonnet uas tam sim no yuav zoo li no:
{
components: {
website: {
name: 'example-docs',
image: 'registry.gitlab.com/kvaps/docs.example.org/website@' + std.extVar('digest'),
replicas: 1,
containerPort: 80,
servicePort: 80,
nodeSelector: {},
tolerations: [],
ingressClass: 'nginx',
domain: 'docs.example.org',
},
},
}Ua tiav, tam sim no ib qho kev cog lus hauv tswv pib tsim cov duab docker rau website, thiab tom qab ntawd xa mus rau Kubernetes.
Tsis txhob hnov qab ua raws li peb cov kev hloov pauv:
git add .
git commit -m "Configure dynamic build"Peb mam li kuaj tom qab git laub peb yuav tsum pom tej yam zoo li no:
Screenshot ntawm pipeline rau tus tswv
Hauv txoj ntsiab cai, peb tsis tas yuav rov ua haujlwm gitlab-khiav nrog txhua lub laub, tshwj tsis yog, tau kawg, tsis muaj dab tsi tau hloov pauv hauv nws qhov kev teeb tsa, cia peb kho nws hauv .gitlab-ci.yml:
deploy_gitlab_runner:
extends: .deploy_qbec_app
variables:
GIT_SUBMODULE_STRATEGY: normal
before_script:
- base64 -d "$GITCRYPT_KEY" | git-crypt unlock -
script:
- qbec apply default --root deploy/gitlab-runner --force:k8s-context __incluster__ --wait --yes
only:
changes:
- deploy/gitlab-runner/**/*kev hloov yuav tso cai rau koj saib xyuas cov kev hloov hauv deploy/gitlab-runner/ thiab yuav ua rau peb txoj haujlwm tsuas yog muaj
Tsis txhob hnov qab ua raws li peb cov kev hloov pauv:
git add .gitlab-ci.yml
git commit -m "Reduce gitlab-runner deploy"git laub, zoo dua:
Screenshot ntawm qhov hloov tshiab pipeline
12. Ib puag ncig zoo
Nws yog lub sijhawm los nthuav peb cov raj xa dej nrog qhov chaw muaj zog.
Ua ntej, cia peb hloov txoj haujlwm build_website hauv peb .gitlab-ci.yml, tshem tawm qhov thaiv ntawm nws tsuas, uas yuav yuam Gitlab los ua nws ntawm kev cog lus rau txhua ceg:
build_website:
extends: .build_docker_image
variables:
GIT_SUBMODULE_STRATEGY: normal
script:
- mkdir -p $CI_PROJECT_DIR/artifacts
- /kaniko/executor --cache --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dockerfiles/website/Dockerfile --destination $CI_REGISTRY_IMAGE/website:$CI_COMMIT_REF_NAME --digest-file $CI_PROJECT_DIR/artifacts/website.digest
artifacts:
paths:
- artifacts/Tom qab ntawd hloov txoj haujlwm deploy_website, ntxiv ib qho thaiv muaj ib puag ncig:
deploy_website:
extends: .deploy_qbec_app
environment:
name: prod
url: https://docs.example.org
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST"Qhov no yuav cia Gitlab koom nrog txoj haujlwm nrog khoom ib puag ncig thiab tso saib qhov txuas kom raug rau nws.
Tam sim no cia peb ntxiv ob txoj haujlwm ntxiv:
deploy_website:
extends: .deploy_qbec_app
environment:
name: prod
url: https://docs.example.org
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST"
deploy_review:
extends: .deploy_qbec_app
environment:
name: review/$CI_COMMIT_REF_NAME
url: http://$CI_ENVIRONMENT_SLUG.docs.example.org
on_stop: stop_review
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply review --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST" --vm:ext-str subdomain="$CI_ENVIRONMENT_SLUG" --app-tag "$CI_ENVIRONMENT_SLUG"
only:
refs:
- branches
except:
refs:
- master
stop_review:
extends: .deploy_qbec_app
environment:
name: review/$CI_COMMIT_REF_NAME
action: stop
stage: deploy
before_script:
- git clone "$CI_REPOSITORY_URL" master
- cd master
script:
- qbec delete review --root deploy/website --force:k8s-context __incluster__ --yes --vm:ext-str digest="$DIGEST" --vm:ext-str subdomain="$CI_ENVIRONMENT_SLUG" --app-tag "$CI_ENVIRONMENT_SLUG"
variables:
GIT_STRATEGY: none
only:
refs:
- branches
except:
refs:
- master
when: manualLawv yuav raug tso tawm thaum thawb mus rau txhua ceg tshwj tsis yog tus tswv thiab yuav xa cov ntawv saib ua ntej ntawm qhov chaw.
Peb pom qhov kev xaiv tshiab rau qbec: --app-tag - nws tso cai rau koj los sau cov ntawv xa tawm ntawm daim ntawv thov thiab ua haujlwm tsuas yog hauv daim ntawv no; thaum tsim thiab rhuav tshem cov peev txheej hauv Kubernetes, qbec yuav ua haujlwm nrog lawv nkaus xwb.
Txoj kev no peb tsis tuaj yeem tsim qhov chaw sib cais rau txhua qhov kev tshuaj xyuas, tab sis tsuas yog rov qab siv tib qho.
Ntawm no peb kuj siv qbec thov kev tshuaj xyuas, hloov qbec siv default - qhov no yog lub sijhawm uas peb yuav sim piav qhia txog qhov sib txawv rau peb ib puag ncig (saib xyuas thiab ua ntej):
Wb ntxiv xyuas ib puag ncig hauv deploy/website/qbec.yaml
spec:
environments:
review:
defaultNamespace: docs
server: https://kubernetes.example.org:8443Tom qab ntawd peb yuav tshaj tawm nws hauv deploy/website/params.libsonnet:
local env = std.extVar('qbec.io/env');
local paramsMap = {
_: import './environments/base.libsonnet',
default: import './environments/default.libsonnet',
review: import './environments/review.libsonnet',
};
if std.objectHas(paramsMap, env) then paramsMap[env] else error 'environment ' + env + ' not defined in ' + std.thisFileThiab sau cov kev cai parameter rau nws nyob rau hauv deploy/website/environments/review.libsonnet:
// this file has the param overrides for the default environment
local base = import './base.libsonnet';
local slug = std.extVar('qbec.io/tag');
local subdomain = std.extVar('subdomain');
base {
components+: {
website+: {
name: 'example-docs-' + slug,
domain: subdomain + '.docs.example.org',
},
},
}Wb kuj saib ze ze ntawm jobu stop_review, nws yuav tshwm sim thaum cov ceg raug tshem tawm thiab kom gitlab tsis sim kuaj xyuas nws siv GIT_STRATEGY: tsis muaj, tom qab ntawd peb clone tswv- ceg thiab tshem tawm kev tshuaj xyuas los ntawm nws.
Nws yog qhov tsis meej pem me ntsis, tab sis kuv tseem tsis tau pom txoj hauv kev zoo nkauj dua.
Lwm qhov kev xaiv yuav yog siv txhua qhov kev tshuaj xyuas mus rau lub tsev so npe chaw, uas tuaj yeem raug rhuav tshem tag nrho.
Tsis txhob hnov qab ua raws li peb cov kev hloov pauv:
git add .
git commit -m "Enable automatic review"git laub, git checkout -b test, git push origin test, kos:
Screenshot ntawm tsim ib puag ncig hauv Gitlab
Txhua yam ua haujlwm? - Zoo heev, rho tawm peb ceg sim: git checkout master, git push keeb kwm: test, peb xyuas tias cov haujlwm tshem tawm ib puag ncig ua haujlwm yam tsis muaj qhov yuam kev.
Ntawm no kuv xav qhia tam sim ntawd tias txhua tus tsim tawm hauv qhov project tuaj yeem tsim cov ceg ntoo, nws tuaj yeem hloov pauv .gitlab-ci.yml cov ntaub ntawv thiab nkag mus rau cov hloov pauv zais cia.
Yog li ntawd, nws yog qhov pom zoo kom tso cai rau lawv siv tsuas yog rau cov ceg tiv thaiv, piv txwv li hauv tswv, los yog tsim ib qho kev sib txawv ntawm qhov sib txawv rau txhua qhov chaw.
13. Saib xyuas Apps
Qhov no yog GitLab feature uas tso cai rau koj ntxiv ib lub pob rau txhua cov ntaub ntawv hauv qhov chaw khaws cia kom pom sai sai hauv qhov chaw xa tawm.
Txhawm rau kom cov nyees khawm no tshwm sim, koj yuav tsum tsim cov ntaub ntawv .gitlab/route-map.yml thiab piav qhia txog txhua txoj kev hloov pauv hauv nws; hauv peb rooj plaub nws yuav yooj yim heev:
# Indices
- source: /content/(.+?)_index.(md|html)/
public: '1'
# Pages
- source: /content/(.+?).(md|html)/
public: '1/'Tsis txhob hnov qab ua raws li peb cov kev hloov pauv:
git add .gitlab/
git commit -m "Enable review apps"git laub, thiab check:
Screenshot ntawm Review App khawm
Txoj hauj lwm tiav lawm!
Qhov project qhov chaw:
- ntawm Gitlab:
- ntawm GitHub:
Ua tsaug rau koj mloog, kuv vam tias koj yuav nyiam
Tau qhov twg los: www.hab.com