ããã«ã¡ã¯ïŒ æè¿ãDocker ã€ã¡ãŒãžã®æ§ç¯ãš Kubernetes ãžã®ãããã€ã¡ã³ãã®äž¡æ¹ã®ããã«ãå€ãã®åªããèªååããŒã«ããªãªãŒã¹ãããŸããã ãã®ç¹ã§ãç§ã¯ GitLab ãè©ŠããŠã¿ãŠããã®æ©èœã培åºçã«ç 究ãããããŠãã¡ãããã€ãã©ã€ã³ãã»ããã¢ããããããšã«ããŸããã
ãã®äœåã¯ãŠã§ããµã€ãããã€ã³ã¹ãã¬ãŒã·ã§ã³ãåŸãŠå¶äœãããŸãã
ç§ãåæ§ã®ããã»ã¹ããŒãããæ§ç¯ããããšããŸããããå®å šã« Gitlab CI ãšãã¢ããªã±ãŒã·ã§ã³ã Kubernetes ã«ãããã€ããããã«äœ¿ãæ £ããŠããç¡æããŒã«ã«åºã¥ããŠæ§ç¯ãããŸããã ä»æ¥ã¯ãããããããã«ã€ããŠè©³ããã話ããŸãã
ãã®èšäºã§ã¯ã次ã®ãããªããŒã«ã«ã€ããŠèª¬æããŸãã
ãã¥ãŒãŽãŒ, ã±ããã¯, ãã«ã, git-crypt О GitLab CI åçãªç°å¢ãäœæããŸãã
ã³ã³ãã³ã
ãã¥ãŒãŽã«äŒã Dockerfileã®æºå ã«ãã³ãšã®åºäŒã ãã¥ãŒããã¯ãç¥ã Kubernetes-executor 㧠Gitlab-runner ãè©Šã qbec ã䜿çšãã Helm ãã£ãŒãã®ããã〠git-crypt ã®çŽ¹ä» ããŒã«ããã¯ã¹ã€ã¡ãŒãžã®äœæ æåã®ãã€ãã©ã€ã³ãšã¿ã°ã«ããç»åã®ã¢ã»ã³ã㪠å°å ¥ã®èªåå ãã¹ã¿ãŒã«ããã·ã¥ããéã®ã¢ãŒãã£ãã¡ã¯ããšã¢ã»ã³ã㪠åçãªç°å¢ ã¢ããªã確èªãã
1. ãã¥ãŒãŽã«ã€ããŠç¥ã
ç§ãã¡ã®ãããžã§ã¯ãã®äŸãšããŠãHugo äžã«æ§ç¯ãããããã¥ã¡ã³ãå ¬éãµã€ããäœæããŠã¿ãŸãã Hugo ã¯éçã³ã³ãã³ã ãžã§ãã¬ãŒã¿ãŒã§ãã
éé»æ°çºçåšã«ã€ããŠè©³ãããªãæ¹ã®ããã«ãéé»æ°çºçåšã«ã€ããŠããå°ã詳ãã説æããŸãã ãŠãŒã¶ãŒã®ãªã¯ãšã¹ãã«å¿ããŠãã®å Žã§ããŒãžãçæãããããŒã¿ããŒã¹ãšäžéšã® PHP ãåããåŸæ¥ã® Web ãµã€ã ãšã³ãžã³ãšã¯ç°ãªããéçãžã§ãã¬ãŒã¿ãŒã¯å°ãç°ãªãèšèšã«ãªã£ãŠããŸãã ãããã䜿çšãããšããœãŒã¹ (éåžžã¯ããŒã¯ããŠã³ ããŒã¯ã¢ãããšããŒã ãã³ãã¬ãŒãå ã®äžé£ã®ãã¡ã€ã«) ãååŸããããããã³ã³ãã€ã«ããŠå®å šã«å®æãã Web ãµã€ããäœæã§ããŸãã
ã€ãŸããçµæãšããŠããã£ã¬ã¯ããªæ§é ãšçæããã HTML ãã¡ã€ã«ã®ã»ãããåãåãããããå®äŸ¡ãªãã¹ãã£ã³ã°ã«ã¢ããããŒãããã ãã§ãæ©èœãã Web ãµã€ããååŸã§ããŸãã
Hugo ãããŒã«ã«ã«ã€ã³ã¹ããŒã«ããŠè©ŠããŠã¿ãããšãã§ããŸãã
æ°ãããµã€ãã®åæå:
hugo new site docs.example.org
ãããŠåæã« git ãªããžããª:
cd docs.example.org
git init
ãããŸã§ã®ãšãããç§ãã¡ã®ãµã€ãã¯æã€ããã®ç¶æ ã§ãããããã«äœãã衚瀺ããã«ã¯ããŸãããŒããæ¥ç¶ããå¿ èŠããããŸããããŒããšã¯ããµã€ããçæããããã®ãã³ãã¬ãŒããšæå®ãããã«ãŒã«ã®ã»ããã«ãããŸããã
ä»å䜿çšããããŒããšããŠã¯ã
ããŒã ãã¡ã€ã«ããããžã§ã¯ã ãªããžããªã«ä¿åããå¿ èŠã¯ãªãã代ããã«æ¬¡ã䜿çšããŠç°¡åã«æ¥ç¶ã§ãããšããäºå®ã«ç¹ã«æ³šæãæããããšæããŸãã gitãµãã¢ãžã¥ãŒã«:
git submodule add https://github.com/matcornic/hugo-theme-learn themes/learn
ãããã£ãŠããªããžããªã«ã¯ãããžã§ã¯ãã«çŽæ¥é¢é£ãããã¡ã€ã«ã®ã¿ãå«ãŸããæ¥ç¶ãããããŒãã¯ç¹å®ã®ãªããžããªãžã®ãªã³ã¯ãšãã®ãªããžããªå ã®ã³ããããšããŠæ®ããŸããã€ãŸãããã€ã§ãå ã®ãœãŒã¹ããååŸã§ããå¿é ããå¿ èŠã¯ãããŸãããäºææ§ã®ãªãå€æŽã
èšå®ãä¿®æ£ããŸããã config.toml:
baseURL = "http://docs.example.org/"
languageCode = "en-us"
title = "My Docs Site"
theme = "learn"
ãã§ã«ãã®æ®µéã§ä»¥äžãå®è¡ã§ããŸãã
hugo server
ãããŠãã®ã¢ãã¬ã¹ã§ã¯
ã§è¡šçŽãäœã£ãŠã¿ãŸããã ã³ã³ãã³ã/_index.md:
# My docs site
## Welcome to the docs!
You will be very smart :-)
æ°ããäœæãããããŒãžã®ã¹ã¯ãªãŒã³ã·ã§ãã
ãµã€ããçæããã«ã¯ã次ãå®è¡ããã ãã§ãã
hugo
ãã£ã¬ã¯ããªã®å
容 å
¬è¡/ ãããŠããªãã®ãŠã§ããµã€ãã«ãªããŸãã
ã¯ãããšããã§ãæ©éè¿œå ããŠã¿ãŸããã .gitignore:
echo /public > .gitignore
å€æŽãã³ãããããããšãå¿ããªãã§ãã ããã
git add .
git commit -m "New site created"
2. Dockerfileã®æºå
ãªããžããªã®æ§é ãå®çŸ©ããŸãã ç§ã¯é垞次ã®ãããªãã®ã䜿çšããŸã:
.
âââ deploy
â âââ app1
â âââ app2
âââ dockerfiles
âââ image1
âââ image2
- ããã«ãŒãã¡ã€ã«/ â Dockerfile ãå«ããã£ã¬ã¯ããªãšãDocker ã€ã¡ãŒãžã®æ§ç¯ã«å¿ èŠãªãã®ããã¹ãŠå«ãŸããŠããŸãã
- å±éãã/ â ã¢ããªã±ãŒã·ã§ã³ã Kubernetes ã«ãããã€ããããã®ãã£ã¬ã¯ããªãå«ãŸããŠããŸã
ãããã£ãŠããã¹ã«æ²¿ã£ãŠæåã® Dockerfile ãäœæããŸãã dockerfiles/ãŠã§ããµã€ã/Dockerfile
FROM alpine:3.11 as builder
ARG HUGO_VERSION=0.62.0
RUN wget -O- https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_${HUGO_VERSION}_linux-64bit.tar.gz | tar -xz -C /usr/local/bin
ADD . /src
RUN hugo -s /src
FROM alpine:3.11
RUN apk add --no-cache darkhttpd
COPY --from=builder /src/public /var/www
ENTRYPOINT [ "/usr/bin/darkhttpd" ]
CMD [ "/var/www" ]
ã芧ã®ãšãããDockerfile ã«ã¯ XNUMX ã€ã®ãã¡ã€ã«ãå«ãŸããŠããŸãã FROMããã®æ©èœã¯ãšåŒã°ããŸã
ãããã£ãŠãæçµçãªç»åã«ã¯ã ããŒã¯httpd (軜éã®HTTPãµãŒããŒ)ããã³ å
¬è¡/ â éçã«çæããã Web ãµã€ãã®ã³ã³ãã³ãã
å€æŽãã³ãããããããšãå¿ããªãã§ãã ããã
git add dockerfiles/website
git commit -m "Add Dockerfile for website"
3. ã«ãã³ãç¥ã
Dockerã€ã¡ãŒãžãã«ããŒãšããŠãç§ã¯äœ¿çšããããšã«ããŸãã
ã€ã¡ãŒãžããã«ãããã«ã¯ã次ã®ããã«ã³ã³ãããå®è¡ããŸãã ã«ãã³å·è¡è ãããŠãçŸåšã®ãã«ã ã³ã³ããã¹ããæž¡ããŸããããã¯ãdocker ãä»ããŠããŒã«ã«ã§å®è¡ããããšãã§ããŸãã
docker run -ti --rm
-v $PWD:/workspace
-v ~/.docker/config.json:/kaniko/.docker/config.json:ro
gcr.io/kaniko-project/executor:v0.15.0
--cache
--dockerfile=dockerfiles/website/Dockerfile
--destination=registry.gitlab.com/kvaps/docs.example.org/website:v0.0.1
ã©ã registry.gitlab.com/kvaps/docs.example.org/website â Docker ã€ã¡ãŒãžã®ååããã«ãåŸãDocker ã¬ãžã¹ããªã«èªåçã«èµ·åãããŸãã
ãã©ã¡ãŒã¿ãŒ - ãã£ãã·ã¥ ã¬ã€ã€ãŒã Docker ã¬ãžã¹ããªã«ãã£ãã·ã¥ã§ããŸãããã®äŸã§ã¯ãã¬ã€ã€ãŒã¯æ¬¡ã®å Žæã«ä¿åãããŸãã registry.gitlab.com/kvaps/docs.example.org/website/cacheãã ãããã©ã¡ãŒã¿ã䜿çšããŠå¥ã®ãã¹ãæå®ããããšãã§ããŸã --ãã£ãã·ã¥ãªããžããª.
docker-registry ã®ã¹ã¯ãªãŒã³ã·ã§ãã
4. qbec ã«ã€ããŠç¥ã
ããã¯ãç°ãªããã©ã¡ãŒã¿ãŒã䜿çšããŠè€æ°ã®ã¯ã©ã¹ã¿ãŒã«ã¢ããªã±ãŒã·ã§ã³ããããã€ããå¿ èŠãããããããã Git ã§å®£èšçã«èšè¿°ãããå Žåã«ç¹ã«åœãŠã¯ãŸããŸãã
Qbec ã§ã¯ãå¿ èŠãªãã©ã¡ãŒã¿ãŒãæž¡ã㊠Helm ãã£ãŒããã¬ã³ããªã³ã°ããéåžžã®ãããã§ã¹ããšåãæ¹æ³ã§æäœããããšãã§ããŸããããã«ã¯ãããŸããŸãªãã¥ãŒããŒã·ã§ã³ãé©çšããããšãã§ããŸããããã«ããã次ã®å¿ èŠæ§ãåãé€ãããšãã§ããŸãããã£ãŒããã¥ãŒãžã¢ã ãå©çšããŸãã ã€ãŸããã°ã©ããå±ãã git ããçŽæ¥ãã°ã©ããä¿åããŠã¬ã³ããªã³ã°ã§ããŸãã
åã«è¿°ã¹ãããã«ããã¹ãŠã®ãããã€ã¡ã³ãã¯ãã£ã¬ã¯ããªã«ä¿åãããŸãã å±éãã/:
mkdir deploy
cd deploy
æåã®ã¢ããªã±ãŒã·ã§ã³ãåæåããŸãããã
qbec init website
cd website
ã¢ããªã±ãŒã·ã§ã³ã®æ§é ã¯æ¬¡ã®ããã«ãªããŸãã
.
âââ components
âââ environments
â âââ base.libsonnet
â âââ default.libsonnet
âââ params.libsonnet
âââ qbec.yaml
ãã¡ã€ã«ãèŠãŠã¿ãŸããã qbec.yaml:
apiVersion: qbec.io/v1alpha1
kind: App
metadata:
name: website
spec:
environments:
default:
defaultNamespace: docs
server: https://kubernetes.example.org:8443
vars: {}
ããã§ç§ãã¡ãäž»ã«èå³ãããã®ã¯ã ä»æ§ç°å¢, qbec ã¯ãã§ã«ããã©ã«ãç°å¢ãäœæããŠãããçŸåšã® kubeconfig ãããµãŒã㌠ã¢ãã¬ã¹ãšåå空éãååŸããŠããŸãã
ããã§ãããã€ãããšãã«ã ããã©ã«ã ãã®ç°å¢ã§ã¯ãqbec ã¯åžžã«æå®ããã Kubernetes ã¯ã©ã¹ã¿ãŒãšæå®ãããåå空éã«ã®ã¿ãããã€ãããŸããã€ãŸãããããã€ã¡ã³ããå®è¡ããããã«ã³ã³ããã¹ããšåå空éãåãæ¿ããå¿
èŠã¯ãªããªããŸããã
å¿
èŠã«å¿ããŠããã®ãã¡ã€ã«ã®èšå®ããã€ã§ãæŽæ°ã§ããŸãã
ãã¹ãŠã®ç°å¢ã«ã€ããŠã¯ã qbec.yamlããã¡ã€ã«å params.libsonnetãããã«ã¯ãã©ã¡ãŒã¿ãååŸããå ŽæãèšèŒãããŠããŸãã
次㫠XNUMX ã€ã®ãã£ã¬ã¯ããªã衚瀺ãããŸãã
- ã³ã³ããŒãã³ã/ â ã¢ããªã±ãŒã·ã§ã³ã®ãã¹ãŠã®ãããã§ã¹ãã¯ããã«ä¿åãããjsonnet ãã¡ã€ã«ãšéåžžã® yaml ãã¡ã€ã«ã®äž¡æ¹ã§èšè¿°ã§ããŸãã
- ç°å¢/ â ããã§ã¯ãç°å¢ã®ãã¹ãŠã®å€æ° (ãã©ã¡ãŒã¿ãŒ) ã«ã€ããŠèª¬æããŸãã
ããã©ã«ãã§ã¯ã次㮠XNUMX ã€ã®ãã¡ã€ã«ããããŸãã
- ç°å¢/base.libsonnet - ãã¹ãŠã®ç°å¢ã«å ±éã®ãã©ã¡ãŒã¿ãå«ãŸããŸã
- ç°å¢/default.libsonnet â ç°å¢ã«å¯ŸããŠãªãŒããŒã©ã€ãããããã©ã¡ãŒã¿ãå«ãŸããŠããŸã ããã©ã«ã
éããŸããã ç°å¢/base.libsonnet ããã«æåã®ã³ã³ããŒãã³ãã®ãã©ã¡ãŒã¿ãè¿œå ããŸãã
{
components: {
website: {
name: 'example-docs',
image: 'registry.gitlab.com/kvaps/docs.example.org/website:v0.0.1',
replicas: 1,
containerPort: 80,
servicePort: 80,
nodeSelector: {},
tolerations: [],
ingressClass: 'nginx',
domain: 'docs.example.org',
},
},
}
æåã®ã³ã³ããŒãã³ããäœæããŸããã ã³ã³ããŒãã³ã/website.jsonnet:
local env = {
name: std.extVar('qbec.io/env'),
namespace: std.extVar('qbec.io/defaultNs'),
};
local p = import '../params.libsonnet';
local params = p.components.website;
[
{
apiVersion: 'apps/v1',
kind: 'Deployment',
metadata: {
labels: { app: params.name },
name: params.name,
},
spec: {
replicas: params.replicas,
selector: {
matchLabels: {
app: params.name,
},
},
template: {
metadata: {
labels: { app: params.name },
},
spec: {
containers: [
{
name: 'darkhttpd',
image: params.image,
ports: [
{
containerPort: params.containerPort,
},
],
},
],
nodeSelector: params.nodeSelector,
tolerations: params.tolerations,
imagePullSecrets: [{ name: 'regsecret' }],
},
},
},
},
{
apiVersion: 'v1',
kind: 'Service',
metadata: {
labels: { app: params.name },
name: params.name,
},
spec: {
selector: {
app: params.name,
},
ports: [
{
port: params.servicePort,
targetPort: params.containerPort,
},
],
},
},
{
apiVersion: 'extensions/v1beta1',
kind: 'Ingress',
metadata: {
annotations: {
'kubernetes.io/ingress.class': params.ingressClass,
},
labels: { app: params.name },
name: params.name,
},
spec: {
rules: [
{
host: params.domain,
http: {
paths: [
{
backend: {
serviceName: params.name,
servicePort: params.servicePort,
},
},
],
},
},
],
},
},
]
ãã®ãã¡ã€ã«ã§ã¯ã次㮠XNUMX ã€ã® Kubernetes ãšã³ãã£ãã£ãäžåºŠã«èª¬æããŸããã å±é, ã«ã¹ã¿ããŒãµãŒã㹠О é²å ¥ã å¿ èŠã«å¿ããŠãããããå¥ã®ã³ã³ããŒãã³ãã«å«ããããšãã§ããŸããããã®æ®µéã§ã¯ XNUMX ã€ã§ååã§ãã
æ§æ ãžã§ãœããã éåžžã® json ãšéåžžã«ãã䌌ãŠããŸããååãšããŠãéåžžã® json ã¯ãã§ã«æå¹ãª jsonnet ã§ãããããæåã¯æ¬¡ã®ãããªãªã³ã©ã€ã³ ãµãŒãã¹ã䜿çšããæ¹ãç°¡åãããããŸããã yaml2json éåžžã® yaml ã json ã«å€æããããã³ã³ããŒãã³ãã«å€æ°ãå«ãŸããŠããªãå Žåã¯ãéåžžã® yaml ã®åœ¢åŒã§èšè¿°ããããšãã§ããŸãã
ã§äœæ¥ãããšã ãžã§ãœããã ãšãã£ã¿çšã®ãã©ã°ã€ã³ãã€ã³ã¹ããŒã«ããããšã匷ããå§ãããŸã
ããšãã°ãvim çšã®ãã©ã°ã€ã³ããããŸãã vim-jsonnetãæ§æã®åŒ·èª¿è¡šç€ºããªã³ã«ããèªåçã«å®è¡ããŸãã jsonnet fmt ä¿åãããã³ã« (jsonnet ãã€ã³ã¹ããŒã«ãããŠããå¿ èŠããããŸã)ã
ãã¹ãŠã®æºåãæŽã£ãã®ã§ããããã€ãéå§ã§ããŸãã
çµæã確èªããã«ã¯ã次ãå®è¡ããŠã¿ãŸãããã
qbec show default
åºåã«ã¯ãããã©ã«ãã®ã¯ã©ã¹ã¿ãŒã«é©çšãããã¬ã³ããªã³ã°ããã yaml ãããã§ã¹ãã衚瀺ãããŸãã
ããããŸãããä»ãããç³ã蟌ã¿ãã ãã:
qbec apply default
åºåã§ã¯ãã¯ã©ã¹ã¿ãŒå ã§äœãè¡ãããããåžžã«è¡šç€ºãããŸããqbec ã¯ã次ã®ããã«å ¥åããŠå€æŽã«åæããããæ±ããŸãã y èªåã®ææã確èªã§ããããã«ãªããŸãã
ã¢ããªã±ãŒã·ã§ã³ã®æºåãå®äºãããããã€ãããŸããã
å€æŽãå ããå Žåã¯ããã€ã§ã次ã®ããšãã§ããŸãã
qbec diff default
ãããã®å€æŽãçŸåšã®å±éã«ã©ã®ãããªåœ±é¿ãäžãããã確èªããã«ã¯
å€æŽãã³ãããããããšãå¿ããªãã§ãã ããã
cd ../..
git add deploy/website
git commit -m "Add deploy for website"
5. Kubernetes-executor 㧠Gitlab-runner ãè©Šã
æè¿ãŸã§ã¬ã®ã¥ã©ãŒãã䜿ã£ãŠãªãã£ã gitlab ã©ã³ã㌠ã·ã§ã«ãŸã㯠docker-executor ãåããäºåã«æºåããããã·ã³ (LXC ã³ã³ãããŒ) äžã§ã åœåãgitlab ã§ãã®ãããªã©ã³ããŒãããã€ãã°ããŒãã«ã«å®çŸ©ããŠããŸããã 圌ãã¯ãã¹ãŠã®ãããžã§ã¯ãã® Docker ã€ã¡ãŒãžãåéããŸããã
ããããå®è·µã瀺ããŠããããã«ããã®ãªãã·ã§ã³ã¯å®çšæ§ãšå®å šæ§ã®äž¡æ¹ã®ç¹ã§æãçæ³çã§ã¯ãããŸããã ãããžã§ã¯ãããšãããã«ã¯ç°å¢ããšã«åå¥ã®ã©ã³ããŒããããã€ããæ¹ãã¯ããã«åªããŠãããã€ããªãã®ãŒçã«ãããæ£ç¢ºã§ãã
幞ããªããšã«ãããã¯ãŸã£ããåé¡ã§ã¯ãããŸããããããããããã€ããããã§ãã gitlab ã©ã³ã㌠Kubernetes ã®ãããžã§ã¯ãã®äžéšãšããŠçŽæ¥ã
Gitlab ã¯ãgitlab-runner ã Kubernetes ã«ãããã€ããããã®æ¢è£œã® Helm ãã£ãŒããæäŸããŸãã ã ããããªããããªããã°ãªããªãã®ã¯ãããèŠã€ããããšã ãã§ã ç»é²ããŒã¯ã³ ç§ãã¡ã®ãããžã§ã¯ãã®ããã« èšå® -> CI / CD -> ã©ã³ã㌠ãããŠããããã«ã ã«æž¡ããŸãã
helm repo add gitlab https://charts.gitlab.io
helm install gitlab-runner
--set gitlabUrl=https://gitlab.com
--set runnerRegistrationToken=yga8y-jdCusVDn_t4Wxc
--set rbac.create=true
gitlab/gitlab-runner
ããã§ïŒ
https://gitlab.com â Gitlab ãµãŒããŒã®ã¢ãã¬ã¹ã- yga8y-jdCusVDn_t4Wxc â ãããžã§ã¯ãã®ç»é²ããŒã¯ã³ã
- rbac.create=true â kubernetes-executor ã䜿çšããŠã¿ã¹ã¯ãå®è¡ããããã®ããããäœæã§ããããã«ããããã«å¿ èŠãªéã®æš©éãã©ã³ããŒã«æäŸããŸãã
ãã¹ãŠãæ£ããå®äºãããšãã»ã¯ã·ã§ã³ã«ç»é²æžã¿ã®ã©ã³ããŒã衚瀺ãããã¯ãã§ãã ã©ã³ããŒããããžã§ã¯ãèšå®ã§ã
è¿œå ãããã©ã³ããŒã®ã¹ã¯ãªãŒã³ã·ã§ãã
ãããªã«ç°¡åã§ããïŒ - ã¯ãããšãŠãç°¡åã§ã! ã©ã³ããŒãæåã§ç»é²ããæéã¯ãããªããªããã©ã³ããŒã¯èªåçã«äœæããã³ç Žæ£ãããŸãã
6. QBEC ã䜿çšã㊠Helm ãã£ãŒãããããã€ãã
æ€èšããããšã«ããã®ã§ã gitlab ã©ã³ã㌠ãããžã§ã¯ãã®äžéšãªã®ã§ãGit ãªããžããªã«èšè¿°ããŸãã
å¥ã®ã³ã³ããŒãã³ããšããŠèª¬æããããšãã§ããŸã ãŠã§ããµã€ããã ããå°æ¥çã«ã¯å¥ã®ã³ããŒãå±éããäºå®ã§ãã ãŠã§ããµã€ã ãšã¯ç°ãªããéåžžã«é »ç¹ã« gitlab ã©ã³ããŒããã¯ãKubernetes ã¯ã©ã¹ã¿ãŒããšã« XNUMX åã ããããã€ãããŸãã ããã§ãããçšã«å¥ã®ã¢ããªã±ãŒã·ã§ã³ãåæåããŸãããã
cd deploy
qbec init gitlab-runner
cd gitlab-runner
ä»åã¯ãKubernetes ãšã³ãã£ãã£ãæåã§èšè¿°ããã®ã§ã¯ãªããæ¢è£œã® Helm ãã£ãŒãã䜿çšããŸãã qbec ã®å©ç¹ã® XNUMX ã€ã¯ãGit ãªããžããªãã Helm ãã£ãŒããçŽæ¥ã¬ã³ããªã³ã°ã§ããããšã§ãã
git ãµãã¢ãžã¥ãŒã«ã䜿çšããŠæ¥ç¶ããŸãããã
git submodule add https://gitlab.com/gitlab-org/charts/gitlab-runner vendor/gitlab-runner
ããã§ãã£ã¬ã¯ããªã¯ ãã³ããŒ/gitlab-runner gitlab-runner ã®ãã£ãŒããå«ããªããžããªããããŸãã
åæ§ã®æ¹æ³ã§ãä»ã®ãªããžããªãããšãã°ãªããžããªå šäœãå ¬åŒãã£ãŒãã«æ¥ç¶ã§ããŸãã
https://github.com/helm/charts
ã³ã³ããŒãã³ãã説æããŸããã ã³ã³ããŒãã³ã/gitlab-runner.jsonnet:
local env = {
name: std.extVar('qbec.io/env'),
namespace: std.extVar('qbec.io/defaultNs'),
};
local p = import '../params.libsonnet';
local params = p.components.gitlabRunner;
std.native('expandHelmTemplate')(
'../vendor/gitlab-runner',
params.values,
{
nameTemplate: params.name,
namespace: env.namespace,
thisFile: std.thisFile,
verbose: true,
}
)
æåã®åŒæ°ã¯ ExpandHelmTemplate ãã£ãŒããžã®ãã¹ãæž¡ããŸãã params.valuesãç°å¢ãã©ã¡ãŒã¿ããååŸãããªããžã§ã¯ãã«ä»å±ããŸãã
- ååãã³ãã¬ãŒã â ãªãªãŒã¹å
- åå空é â åå空éã Helm ã«è»¢éãããŸãã
- ãã®ãã¡ã€ã« â çŸåšã®ãã¡ã€ã«ãžã®ãã¹ãæž¡ãå¿ é ãã©ã¡ãŒã¿
- 詳现 - ã³ãã³ãã瀺ããŸã ãã«ã ãã³ãã¬ãŒã ãã£ãŒããã¬ã³ããªã³ã°ãããšãã«ãã¹ãŠã®åŒæ°ã䜿çšããŠ
次ã«ãã³ã³ããŒãã³ãã®ãã©ã¡ãŒã¿ã説æããŸãããã ç°å¢/base.libsonnet:
local secrets = import '../secrets/base.libsonnet';
{
components: {
gitlabRunner: {
name: 'gitlab-runner',
values: {
gitlabUrl: 'https://gitlab.com/',
rbac: {
create: true,
},
runnerRegistrationToken: secrets.runnerRegistrationToken,
},
},
},
}
泚æ ã©ã³ããŒç»é²ããŒã¯ã³ å€éšãã¡ã€ã«ããååŸããŸã ã·ãŒã¯ã¬ãã/base.libsonnetãäœæããŸãããã
{
runnerRegistrationToken: 'yga8y-jdCusVDn_t4Wxc',
}
ãã¹ãŠãæ©èœãããã©ããã確èªããŠã¿ãŸãããã
qbec show default
ãã¹ãŠãæ£åžžã§ããã°ãHelm çµç±ã§ä»¥åã«ãããã€ãããªãªãŒã¹ãåé€ã§ããŸãã
helm uninstall gitlab-runner
åãæ¹æ³ã§ããã ã qbec ãä»ããŠãããã€ããŸãã
qbec apply default
7. git-crypt ã®æŠèŠ
çŸæç¹ã§ã¯ãgitlab-runner ã®ãã£ã¬ã¯ããªæ§é ã¯æ¬¡ã®ããã«ãªããŸãã
.
âââ components
â âââ gitlab-runner.jsonnet
âââ environments
â âââ base.libsonnet
â âââ default.libsonnet
âââ params.libsonnet
âââ qbec.yaml
âââ secrets
â âââ base.libsonnet
âââ vendor
âââ gitlab-runner (submodule)
ããããGit ã«ã·ãŒã¯ã¬ãããä¿åããã®ã¯å®å šã§ã¯ãããŸããã ãããã£ãŠãããããé©åã«æå·åããå¿ èŠããããŸãã
éåžžãXNUMX ã€ã®å€æ°ã®å Žåãããã¯åžžã«æå³ãããããã§ã¯ãããŸããã ã·ãŒã¯ã¬ããã転éã§ããã®ã¯ã ã±ãã㯠CI ã·ã¹ãã ã®ç°å¢å€æ°ãä»ããŠã
ãã ããããã«å€ãã®ã·ãŒã¯ã¬ãããå«ãå¯èœæ§ã®ããããè€éãªãããžã§ã¯ããååšããããšã¯æ³šç®ã«å€ããŸããç°å¢å€æ°ãä»ããŠããããã¹ãŠã転éããã®ã¯éåžžã«å°é£ã§ããããã«ããã®å Žåã次ã®ãããªçŽ æŽãããããŒã«ã«ã€ããŠèª¬æããããšã¯ã§ããŸããã git-crypt.
git-crypt ãŸããGit ã®å Žåãšåãæ¹æ³ã§ãã·ãŒã¯ã¬ããã®å±¥æŽå šäœãä¿åããããæ¯èŒãããŒãžã競åã解決ãããã§ãããšããç¹ã§ã䟿å©ã§ãã
ã€ã³ã¹ããŒã«åŸã®æåã®ããš git-crypt ãªããžããªã®ããŒãçæããå¿ èŠããããŸãã
git crypt init
PGP ããŒããæã¡ã®å Žåã¯ãèªåèªèº«ããã®ãããžã§ã¯ãã®å ±åå¶äœè ãšããŠããã«è¿œå ã§ããŸãã
git-crypt add-gpg-user [email protected]
ããããããšã§ããã€ã§ãç§å¯ããŒã䜿çšããŠãã®ãªããžããªã埩å·åã§ããŸãã
PGP ããŒãæã£ãŠãããããããæåŸ ããŠããªãå Žåã¯ãå¥ã®æ¹æ³ã§ãããžã§ã¯ã ããŒããšã¯ã¹ããŒãã§ããŸãã
git crypt export-key /path/to/keyfile
ãããã£ãŠã茞åºããããã®ãæã£ãŠãã人ã¯èª°ã§ãã ããŒãã¡ã€ã« ãªããžããªã埩å·åã§ããããã«ãªããŸãã
æåã®ç§å¯ãèšå®ããæãæ¥ãŸããã
ãŸã ãã£ã¬ã¯ããªå
ã«ããããšãæãåºãããŠãã ãã ãããã€/gitlab-runner/ããã£ã¬ã¯ããªããããŸã ç§å¯/ããã®äžã®ãã¹ãŠã®ãã¡ã€ã«ãæå·åããŸãããããã®ããã«ãã¡ã€ã«ãäœæããŸã ã·ãŒã¯ã¬ãã/.gitattributes 次ã®å
容ã§:
* filter=git-crypt diff=git-crypt
.gitattributes !filter !diff
å 容ãããããããã«ããã¹ãŠã®ãã¡ã€ã«ããã¹ã¯ãããŠããŸã * éãæããããã ãã git-cryptãã»ãšãã©ãé€ã㊠.gitå±æ§
ããã¯ã次ã®ã³ãã³ããå®è¡ããŠç¢ºèªã§ããŸãã
git crypt status -e
åºåã¯ãæå·åãæå¹ã«ãªã£ãŠãããªããžããªå ã®ãã¹ãŠã®ãã¡ã€ã«ã®ãªã¹ãã«ãªããŸãã
以äžã§ãå€æŽãå®å šã«ã³ãããã§ããããã«ãªããŸããã
cd ../..
git add .
git commit -m "Add deploy for gitlab-runner"
ãªããžããªããããã¯ããã«ã¯ã次ãå®è¡ããã ãã§ãã
git crypt lock
ãããšãããã«ãã¹ãŠã®æå·åããããã¡ã€ã«ããã€ããªã«å€ãããèªã¿åãããšãã§ããªããªããŸãã
ãªããžããªã埩å·åããã«ã¯ã次ãå®è¡ããŸãã
git crypt unlock
8. ããŒã«ããã¯ã¹ã€ã¡ãŒãžã®äœæ
ããŒã«ããã¯ã¹ ã€ã¡ãŒãžã¯ããããžã§ã¯ãã®ãããã€ã«äœ¿çšãããã¹ãŠã®ããŒã«ãå«ãã€ã¡ãŒãžã§ãã ããã¯ãGitlab ã©ã³ããŒãäžè¬çãªãããã€ã¡ã³ã ã¿ã¹ã¯ãå®è¡ããããã«äœ¿çšãããŸãã
ããã§ã¯ãã¹ãŠãç°¡åã§ããæ°ãããã®ãäœæããŸããã dockerfiles/ããŒã«ããã¯ã¹/Dockerfile 次ã®å 容ã§:
FROM alpine:3.11
RUN apk add --no-cache git git-crypt
RUN QBEC_VER=0.10.3
&& wget -O- https://github.com/splunk/qbec/releases/download/v${QBEC_VER}/qbec-linux-amd64.tar.gz
| tar -C /tmp -xzf -
&& mv /tmp/qbec /tmp/jsonnet-qbec /usr/local/bin/
RUN KUBECTL_VER=1.17.0
&& wget -O /usr/local/bin/kubectl
https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VER}/bin/linux/amd64/kubectl
&& chmod +x /usr/local/bin/kubectl
RUN HELM_VER=3.0.2
&& wget -O- https://get.helm.sh/helm-v${HELM_VER}-linux-amd64.tar.gz
| tar -C /tmp -zxf -
&& mv /tmp/linux-amd64/helm /usr/local/bin/helm
ã芧ã®ãšããããã®ã€ã¡ãŒãžã§ã¯ãã¢ããªã±ãŒã·ã§ã³ã®ãããã€ã«äœ¿çšãããã¹ãŠã®ãŠãŒãã£ãªãã£ãã€ã³ã¹ããŒã«ããŸãã ããã§ãªãéããããã§ã¯å¿ èŠãããŸãã ãã¥ãŒãã¯ã«, ãã ãããã€ãã©ã€ã³ã®ã»ããã¢ãã段éã§è©ŠããŠã¿ããšããã§ãããã
ãŸããKubernetes ãšéä¿¡ããŠãããã€ã§ããããã«ããã«ã¯ãgitlab-runner ã«ãã£ãŠçæããããããã®ããŒã«ãæ§æããå¿ èŠããããŸãã
ãããè¡ãã«ã¯ãgitlab-runner ã®ãããã£ã¬ã¯ããªã«ç§»åããŸãããã
cd deploy/gitlab-runner
æ°ããã³ã³ããŒãã³ããè¿œå ããŸã ã³ã³ããŒãã³ã/rbac.jsonnet:
local env = {
name: std.extVar('qbec.io/env'),
namespace: std.extVar('qbec.io/defaultNs'),
};
local p = import '../params.libsonnet';
local params = p.components.rbac;
[
{
apiVersion: 'v1',
kind: 'ServiceAccount',
metadata: {
labels: {
app: params.name,
},
name: params.name,
},
},
{
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'Role',
metadata: {
labels: {
app: params.name,
},
name: params.name,
},
rules: [
{
apiGroups: [
'*',
],
resources: [
'*',
],
verbs: [
'*',
],
},
],
},
{
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'RoleBinding',
metadata: {
labels: {
app: params.name,
},
name: params.name,
},
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'Role',
name: params.name,
},
subjects: [
{
kind: 'ServiceAccount',
name: params.name,
namespace: env.namespace,
},
],
},
]
æ°ãããã©ã¡ãŒã¿ã«ã€ããŠã説æããŸãã ç°å¢/base.libsonnetããã¯æ¬¡ã®ããã«ãªããŸãã
local secrets = import '../secrets/base.libsonnet';
{
components: {
gitlabRunner: {
name: 'gitlab-runner',
values: {
gitlabUrl: 'https://gitlab.com/',
rbac: {
create: true,
},
runnerRegistrationToken: secrets.runnerRegistrationToken,
runners: {
serviceAccountName: $.components.rbac.name,
image: 'registry.gitlab.com/kvaps/docs.example.org/toolbox:v0.0.1',
},
},
},
rbac: {
name: 'gitlab-runner-deploy',
},
},
}
泚æ $.components.rbac.name ãæããŸã å ã³ã³ããŒãã³ãçš rbac
äœãå€ãã£ãã®ãã確èªããŠã¿ãŸããã:
qbec diff default
ãããŠå€æŽã Kubernetes ã«é©çšããŸãã
qbec apply default
ãŸããå€æŽã git ã«ã³ãããããããšãå¿ããªãã§ãã ããã
cd ../..
git add dockerfiles/toolbox
git commit -m "Add Dockerfile for toolbox"
git add deploy/gitlab-runner
git commit -m "Configure gitlab-runner to use toolbox"
9. æåã®ãã€ãã©ã€ã³ãšã¿ã°ã«ããç»åã®ã¢ã»ã³ããª
ãããžã§ã¯ãã®ã«ãŒãã«äœæããŸã .gitlab-ci.yml 次ã®å 容ã§:
.build_docker_image:
stage: build
image:
name: gcr.io/kaniko-project/executor:debug-v0.15.0
entrypoint: [""]
before_script:
- echo "{"auths":{"$CI_REGISTRY":{"username":"$CI_REGISTRY_USER","password":"$CI_REGISTRY_PASSWORD"}}}" > /kaniko/.docker/config.json
build_toolbox:
extends: .build_docker_image
script:
- /kaniko/executor --cache --context $CI_PROJECT_DIR/dockerfiles/toolbox --dockerfile $CI_PROJECT_DIR/dockerfiles/toolbox/Dockerfile --destination $CI_REGISTRY_IMAGE/toolbox:$CI_COMMIT_TAG
only:
refs:
- tags
build_website:
extends: .build_docker_image
variables:
GIT_SUBMODULE_STRATEGY: normal
script:
- /kaniko/executor --cache --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dockerfiles/website/Dockerfile --destination $CI_REGISTRY_IMAGE/website:$CI_COMMIT_TAG
only:
refs:
- tags
ãäºæ¿ãã ããã GIT_SUBMODULE_STRATEGY: éåžž å®è¡åã«ãµãã¢ãžã¥ãŒã«ãæ瀺çã«åæåããå¿ èŠããããžã§ãã®å Žåã
å€æŽãã³ãããããããšãå¿ããªãã§ãã ããã
git add .gitlab-ci.yml
git commit -m "Automate docker build"
ããã¯ããŒãžã§ã³ãšåŒãã§ãå·®ãæ¯ããªããšæããŸã v0.0.1 ãããŠã¿ã°ãè¿œå ããŸã:
git tag v0.0.1
æ°ããããŒãžã§ã³ããªãªãŒã¹ããå¿ èŠãããå Žåã¯åžžã«ã¿ã°ãè¿œå ããŸãã Docker ã€ã¡ãŒãžå ã®ã¿ã°ã¯ Git ã¿ã°ã«é¢é£ä»ããããŸãã æ°ããã¿ã°ã䜿çšããŠããã·ã¥ãããã³ã«ããã®ã¿ã°ã䜿çšããŠã€ã¡ãŒãžã®ãã«ããåæåãããŸãã
ãããŸããã git Push --tagsã§ã¯ãæåã®ãã€ãã©ã€ã³ãèŠãŠã¿ãŸãããã
æåã®ãã€ãã©ã€ã³ã®ã¹ã¯ãªãŒã³ã·ã§ãã
ã¿ã°ã«ããã¢ã»ã³ããªã¯ Docker ã€ã¡ãŒãžã®æ§ç¯ã«ã¯é©ããŠããŸãããKubernetes ãžã®ã¢ããªã±ãŒã·ã§ã³ã®ãããã€ã«ã¯é©ããŠããªããšããäºå®ã«æ³šæãæã䟡å€ããããŸãã æ°ããã¿ã°ã¯å€ãã³ãããã«å²ãåœãŠãããšãã§ããããããã®å Žåããããã®ã¿ã°ã®ãã€ãã©ã€ã³ãåæåãããšãå€ãããŒãžã§ã³ããããã€ãããŸãã
ãã®åé¡ã解決ããã«ã¯ãéåžžãDocker ã€ã¡ãŒãžã®ãã«ããã¿ã°ã«é¢é£ä»ããã¢ããªã±ãŒã·ã§ã³ããã©ã³ãã«ãããã€ããŸãã ãã¹ã¿ãŒãåéãããã€ã¡ãŒãžã®ããŒãžã§ã³ãããŒãã³ãŒãã£ã³ã°ãããŠããŸãã ããã§ãåçŽãªå ã«æ»ãããšã§ããŒã«ããã¯ãåæåã§ããŸãã ãã¹ã¿ãŒ-æã
10. å°å
¥ã®èªåå
Gitlab-runner ãã·ãŒã¯ã¬ããã埩å·åããã«ã¯ããªããžã㪠ããŒããšã¯ã¹ããŒãããããã CI ç°å¢å€æ°ã«è¿œå ããå¿ èŠããããŸãã
git crypt export-key /tmp/docs-repo.key
base64 -w0 /tmp/docs-repo.key; echo
çµæã®è¡ã Gitlab ã«ä¿åããŸãããããè¡ãã«ã¯ããããžã§ã¯ãèšå®ã«ç§»åããŸãããã
èšå® -> CI / CD -> å€æ°
ãããŠãæ°ããå€æ°ãäœæããŸãããã
ã¿ã€ã
ããŒ
å€
ä¿è·ãããŸãã
ä»®é¢
察象é å
File
GITCRYPT_KEY
<your string>
true
ïŒãã¬ãŒãã³ã°äžã«ã§ããããšã¯ã false
)
true
All environments
è¿œå ãããå€æ°ã®ã¹ã¯ãªãŒã³ã·ã§ãã
ããã§ã¯ãæŽæ°ããŠã¿ãŸããã .gitlab-ci.yml ããã«å ããŠïŒ
.deploy_qbec_app:
stage: deploy
only:
refs:
- master
deploy_gitlab_runner:
extends: .deploy_qbec_app
variables:
GIT_SUBMODULE_STRATEGY: normal
before_script:
- base64 -d "$GITCRYPT_KEY" | git-crypt unlock -
script:
- qbec apply default --root deploy/gitlab-runner --force:k8s-context __incluster__ --wait --yes
deploy_website:
extends: .deploy_qbec_app
script:
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yes
ããã§ã¯ãqbec ã®ããã€ãã®æ°ãããªãã·ã§ã³ãæå¹ã«ããŸããã
- --root some/app â ç¹å®ã®ã¢ããªã±ãŒã·ã§ã³ã®ãã£ã¬ã¯ããªãç¹å®ã§ããŸãã
- --force:k8s-context __incluster__ - ããã¯ãgtilab-runner ãå®è¡ãããŠããã®ãšåãã¯ã©ã¹ã¿ãŒã§ãããã€ã¡ã³ããè¡ãããããšã瀺ãããžãã¯å€æ°ã§ãã ãããå¿ èŠãªã®ã¯ãããããªããš qbec ã kubeconfig ã§é©å㪠Kubernetes ãµãŒããŒãèŠã€ããããšããããã§ãã
- - åŸ ã£ãŠ â qbec ã¯ãäœæãããªãœãŒã¹ã Ready ç¶æ ã«ãªããŸã§åŸ æ©ãããã®åŸãæåããçµäºã³ãŒãã§çµäºããŸãã
- -ã¯ã - ã€ã³ã¿ã©ã¯ãã£ãã·ã§ã«ãç¡å¹ã«ããã ãã§ã æ¬æ°ã§ããïŒ å°å ¥æã
å€æŽãã³ãããããããšãå¿ããªãã§ãã ããã
git add .gitlab-ci.yml
git commit -m "Automate deploy"
ãããŠãã®åŸ git push ã¢ããªã±ãŒã·ã§ã³ãã©ã®ããã«ãããã€ãããŠããããèŠãŠã¿ãŸãããã
XNUMX çªç®ã®ãã€ãã©ã€ã³ã®ã¹ã¯ãªãŒã³ã·ã§ãã
11. ãã¹ã¿ãŒã«ããã·ã¥ããéã®ã¢ãŒãã£ãã¡ã¯ããšã¢ã»ã³ããª
éåžžãäžèšã®æé ã§ã»ãŒãã¹ãŠã®ãã€ã¯ããµãŒãã¹ãæ§ç¯ããŠé ä¿¡ã§ããŸããããµã€ããæŽæ°ããå¿ èŠããããã³ã«ã¿ã°ãè¿œå ããå¿ èŠã¯ãããŸããã ãããã£ãŠãããåçãªã«ãŒããéžæããmaster ãã©ã³ãã«ãã€ãžã§ã¹ã ãããã€ã¡ã³ããã»ããã¢ããããŸãã
ã¢ã€ãã¢ã¯ã·ã³ãã«ã§ããä»ãç§ãã¡ã®ã€ã¡ãŒãžã ãŠã§ããµã€ã æŒã蟌ããã³ã«åæ§ç¯ãããŸã ãã¹ã¿ãŒããã®åŸãèªåçã« Kubernetes ã«ãããã€ãããŸãã
ããã XNUMX ã€ã®ãžã§ããæŽæ°ããŸããã .gitlab-ci.yml:
build_website:
extends: .build_docker_image
variables:
GIT_SUBMODULE_STRATEGY: normal
script:
- mkdir -p $CI_PROJECT_DIR/artifacts
- /kaniko/executor --cache --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dockerfiles/website/Dockerfile --destination $CI_REGISTRY_IMAGE/website:$CI_COMMIT_REF_NAME --digest-file $CI_PROJECT_DIR/artifacts/website.digest
artifacts:
paths:
- artifacts/
only:
refs:
- master
- tags
deploy_website:
extends: .deploy_qbec_app
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST"
ã¹ã¬ãããè¿œå ããŸããã®ã§ãäºæ¿ãã ãã ãã¹ã¿ãŒ к ãã³ã ä»äºã®ããã« ãã«ããŠã§ããµã€ã ãããŠç§ãã¡ã¯ä»äœ¿çšããŠããŸã $CI_COMMIT_REF_NAME 代ããã« $CI_COMMIT_TAGã€ãŸããGit ã®ã¿ã°ãã解æŸããããã€ãã©ã€ã³ãåæåããã³ããã ãã©ã³ãã®ååãæã€ã€ã¡ãŒãžãããã·ã¥ããŸãã ããã¯ã¿ã°ã§ãæ©èœããã®ã§ãç¹å®ã®ããŒãžã§ã³ã®ãµã€ãã®ã¹ãããã·ã§ããã docker ã¬ãžã¹ããªã«ä¿åã§ããããšã¯æ³šç®ã«å€ããŸãã
ãµã€ãã®æ°ããããŒãžã§ã³ã® docker ã¿ã°ã®ååãå€æŽãããªãå Žåã§ããå€æŽã Kubernetes ã«èšè¿°ããå¿ èŠããããŸããããããªããšããã¡ã€ã«å ã®å€æŽã«æ°ä»ããªããããæ°ããã€ã¡ãŒãžããã¢ããªã±ãŒã·ã§ã³ãåãããã€ãããŸãããå±éãããã§ã¹ãã
ãªãã·ã§ã³ âvm:ext-str ãã€ãžã§ã¹ã=â$DIGESTâ qbec ã®å Žå - å€éšå€æ°ã jsonnet ã«æž¡ãããšãã§ããŸãã ã¢ããªã±ãŒã·ã§ã³ã®ãªãªãŒã¹ããšã«ã¯ã©ã¹ã¿ãŒã«åãããã€ãããããã«ããããšèããŠããŸãã ã¿ã°åã¯äœ¿çšã§ããªããªããã€ã¡ãŒãžã®ç¹å®ã®ããŒãžã§ã³ã«é¢é£ä»ããŠãå€æŽæã«ãããã€ã¡ã³ããããªã¬ãŒããå¿ èŠããããããã¿ã°åã¯å€æŽã§ããªããªããŸããã
ããã§ã¯ãKaniko ã®ãã€ãžã§ã¹ãç»åããã¡ã€ã«ã«ä¿åããæ©èœãå©çšããŸã (ãªãã·ã§ã³) --ãã€ãžã§ã¹ããã¡ã€ã«)
次ã«ããã®ãã¡ã€ã«ã転éããŠããããã€ã¡ã³ãæã«èªã¿åããŸãã
ãã©ã¡ãŒã¿ãæŽæ°ããŸããã ãããã€/ãŠã§ããµã€ã/ç°å¢/base.libsonnet ããã¯æ¬¡ã®ããã«ãªããŸã:
{
components: {
website: {
name: 'example-docs',
image: 'registry.gitlab.com/kvaps/docs.example.org/website@' + std.extVar('digest'),
replicas: 1,
containerPort: 80,
servicePort: 80,
nodeSelector: {},
tolerations: [],
ingressClass: 'nginx',
domain: 'docs.example.org',
},
},
}
å®äºããŸãããã³ããããå®äºããŸããã ãã¹ã¿ãŒ ã® Docker ã€ã¡ãŒãžã®ãã«ããåæåããŸãã ãŠã§ããµã€ããäœæããããã Kubernetes ã«ãããã€ããŸãã
å€æŽãã³ãããããããšãå¿ããªãã§ãã ããã
git add .
git commit -m "Configure dynamic build"
åŸã§ç¢ºèªããŸã git push 次ã®ãããªãã®ã衚瀺ãããã¯ãã§ãã
ãã¹ã¿ãŒã®ãã€ãã©ã€ã³ã®ã¹ã¯ãªãŒã³ã·ã§ãã
ååãšããŠãèšå®ã«äœãå€æŽããªãéããããã·ã¥ãããã³ã« gitlab-runner ãåãããã€ããå¿ èŠã¯ãããŸãããèšå®ãä¿®æ£ããŸãããã .gitlab-ci.yml:
deploy_gitlab_runner:
extends: .deploy_qbec_app
variables:
GIT_SUBMODULE_STRATEGY: normal
before_script:
- base64 -d "$GITCRYPT_KEY" | git-crypt unlock -
script:
- qbec apply default --root deploy/gitlab-runner --force:k8s-context __incluster__ --wait --yes
only:
changes:
- deploy/gitlab-runner/**/*
å€æŽ ã®å€åãç£èŠã§ããããã«ãªããŸã ãããã€/gitlab-runner/ ãããå Žåã«ã®ã¿ãžã§ããããªã¬ãŒããŸã
å€æŽãã³ãããããããšãå¿ããªãã§ãã ããã
git add .gitlab-ci.yml
git commit -m "Reduce gitlab-runner deploy"
git pushããã®æ¹ãè¯ãã§ã:
æŽæ°ããããã€ãã©ã€ã³ã®ã¹ã¯ãªãŒã³ã·ã§ãã
12. åçç°å¢
åçãªç°å¢ã§ãã€ãã©ã€ã³ãå€æ§åããææãæ¥ãŠããŸãã
ãŸãããžã§ããæŽæ°ããŸããã ãã«ããŠã§ããµã€ã ç§ãã¡ã®äžã« .gitlab-ci.ymlããããããããã¯ãåé€ããŸã ã®ããã«ãããGitlab ã¯ãã©ã³ããžã®ã³ãããæã«ããªã¬ãŒã匷å¶ãããŸãã
build_website:
extends: .build_docker_image
variables:
GIT_SUBMODULE_STRATEGY: normal
script:
- mkdir -p $CI_PROJECT_DIR/artifacts
- /kaniko/executor --cache --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dockerfiles/website/Dockerfile --destination $CI_REGISTRY_IMAGE/website:$CI_COMMIT_REF_NAME --digest-file $CI_PROJECT_DIR/artifacts/website.digest
artifacts:
paths:
- artifacts/
次ã«ããžã§ããæŽæ°ããŸã ãããã€ãŠã§ããµã€ããããã«ãããã¯ãè¿œå ããŸã ç°å¢:
deploy_website:
extends: .deploy_qbec_app
environment:
name: prod
url: https://docs.example.org
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST"
ããã«ãããGitlab ããžã§ãã çªã ç°å¢ãä¿®æ£ãããã®ç°å¢ãžã®æ£ãããªã³ã¯ã衚瀺ããŸãã
次ã«ãããã« XNUMX ã€ã®ãžã§ããè¿œå ããŸãããã
deploy_website:
extends: .deploy_qbec_app
environment:
name: prod
url: https://docs.example.org
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST"
deploy_review:
extends: .deploy_qbec_app
environment:
name: review/$CI_COMMIT_REF_NAME
url: http://$CI_ENVIRONMENT_SLUG.docs.example.org
on_stop: stop_review
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply review --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST" --vm:ext-str subdomain="$CI_ENVIRONMENT_SLUG" --app-tag "$CI_ENVIRONMENT_SLUG"
only:
refs:
- branches
except:
refs:
- master
stop_review:
extends: .deploy_qbec_app
environment:
name: review/$CI_COMMIT_REF_NAME
action: stop
stage: deploy
before_script:
- git clone "$CI_REPOSITORY_URL" master
- cd master
script:
- qbec delete review --root deploy/website --force:k8s-context __incluster__ --yes --vm:ext-str digest="$DIGEST" --vm:ext-str subdomain="$CI_ENVIRONMENT_SLUG" --app-tag "$CI_ENVIRONMENT_SLUG"
variables:
GIT_STRATEGY: none
only:
refs:
- branches
except:
refs:
- master
when: manual
ãããã¯ãã¹ã¿ãŒä»¥å€ã®ãã©ã³ãã«ããã·ã¥ãããšèµ·åããããµã€ãã®ãã¬ãã¥ãŒ ããŒãžã§ã³ããããã€ããŸãã
qbec ã®æ°ãããªãã·ã§ã³ã衚瀺ãããŸãã --ã¢ããªã¿ã° â ãããã€ãããã¢ããªã±ãŒã·ã§ã³ã®ããŒãžã§ã³ã«ã¿ã°ãä»ãããã®ã¿ã°å
ã§ã®ã¿äœæ¥ã§ããããã«ããŸããKubernetes ã§ãªãœãŒã¹ãäœæããã³ç Žæ£ããå Žåãqbec ã¯ãããã®ãªãœãŒã¹ã«å¯ŸããŠã®ã¿åäœããŸãã
ãã®æ¹æ³ã§ã¯ãã¬ãã¥ãŒããšã«åå¥ã®ç°å¢ãäœæããå¿
èŠã¯ãªããåãç°å¢ãåå©çšããã ãã§ãã
ããã§ã䜿çšããŸã qbec é©çšã¬ãã¥ãŒä»£ããã« qbec ããã©ã«ããé©çš - ããã¯ãŸãã«ãç§ãã¡ã®ç°å¢ (ã¬ãã¥ãŒãšããã©ã«ã) ã®éãã説æããããšããç¬éã§ãã
è¿œå ãã ã¬ãã¥ãŒ ã®ç°å¢ ãããã€/ãŠã§ããµã€ã/qbec.yaml
spec:
environments:
review:
defaultNamespace: docs
server: https://kubernetes.example.org:8443
次ã«ãããã宣èšããŸã ãããã€/ãŠã§ããµã€ã/params.libsonnet:
local env = std.extVar('qbec.io/env');
local paramsMap = {
_: import './environments/base.libsonnet',
default: import './environments/default.libsonnet',
review: import './environments/review.libsonnet',
};
if std.objectHas(paramsMap, env) then paramsMap[env] else error 'environment ' + env + ' not defined in ' + std.thisFile
ãããŠããã®ã«ã¹ã¿ã ãã©ã¡ãŒã¿ã次ã®å Žæã«æžãçããŸã ãããã€/ãŠã§ããµã€ã/ç°å¢/review.libsonnet:
// this file has the param overrides for the default environment
local base = import './base.libsonnet';
local slug = std.extVar('qbec.io/tag');
local subdomain = std.extVar('subdomain');
base {
components+: {
website+: {
name: 'example-docs-' + slug,
domain: subdomain + '.docs.example.org',
},
},
}
ãžã§ãã«ã€ããŠã詳ããèŠãŠã¿ãŸããã ã¹ãããã¬ãã¥ãŒããã©ã³ããåé€ããããšãã«ããªã¬ãŒãããgitlab ããã§ãã¯ã¢ãŠãããããšããªãããã«äœ¿çšãããŸãã GIT_STRATEGY: ãªããåŸã§ã¯ããŒã³ãäœæããŸã ãã¹ã¿ãŒ-åå²ããŠã¬ãã¥ãŒãåé€ããŸãã
å°ããããããã§ãããããããçŸããæ¹æ³ã¯ãŸã èŠã€ãããŸããã
代æ¿ãªãã·ã§ã³ã¯ãåã¬ãã¥ãŒãããã«ã®åå空éã«ãããã€ããããšã§ããããã¯ãã€ã§ãå®å
šã«ç Žæ£ã§ããŸãã
å€æŽãã³ãããããããšãå¿ããªãã§ãã ããã
git add .
git commit -m "Enable automatic review"
git push, git ãã§ãã¯ã¢ãŠã -b ãã¹ã, gitããã·ã¥ãªãªãžã³ãã¹ãã ãã§ãã¯ïŒ
Gitlab ã§äœæãããç°å¢ã®ã¹ã¯ãªãŒã³ã·ã§ãã
ãã¹ãŠãæ©èœããŠããŸããïŒ - ããããŸããããã¹ã ãã©ã³ããåé€ããŸãã git checkout master, git ããã·ã¥ãªãªãžã³:ãã¹ããç°å¢åé€ãžã§ãããšã©ãŒãªãã§æ©èœããããšã確èªããŸãã
ããã§ããããžã§ã¯ãå ã®éçºè ã¯èª°ã§ããã©ã³ããäœæã§ããå€æŽãã§ããããšãããã«æ確ã«ããããšæããŸãã .gitlab-ci.yml ãã¡ã€ã«ãäœæããã·ãŒã¯ã¬ããå€æ°ã«ã¢ã¯ã»ã¹ããŸãã
ãããã£ãŠãä¿è·ããããã©ã³ãã«å¯ŸããŠã®ã¿äœ¿çšãèš±å¯ããããšã匷ããå§ãããŸãã ãã¹ã¿ãŒãŸãã¯ãç°å¢ããšã«åå¥ã®å€æ°ã»ãããäœæããŸãã
13. ã¢ããªãã¬ãã¥ãŒãã
ãããã®ãã¿ã³ã衚瀺ããã«ã¯ããã¡ã€ã«ãäœæããå¿ èŠããããŸã .gitlab/route-map.yml ãããŠããã®äžã«ãã¹ãŠã®ãã¹å€æãèšè¿°ããŸã; ç§ãã¡ã®å Žåãããã¯éåžžã«åçŽã«ãªããŸã:
# Indices
- source: /content/(.+?)_index.(md|html)/
public: '1'
# Pages
- source: /content/(.+?).(md|html)/
public: '1/'
å€æŽãã³ãããããããšãå¿ããªãã§ãã ããã
git add .gitlab/
git commit -m "Enable review apps"
git pushãéžæãã次ã®ããšã確èªããŸãã
ãã¢ããªã®ã¬ãã¥ãŒããã¿ã³ã®ã¹ã¯ãªãŒã³ã·ã§ãã
ä»äºã¯çµãããŸããïŒ
ãããžã§ã¯ãã®ãœãŒã¹:
- Gitlab äž:
https://gitlab.com/kvaps/docs.example.org - GitHub äž:
https://github.com/kvaps/docs.example.org
ãæž èŽããããšãããããŸããæ°ã«å ¥ã£ãŠããã ããã°å¹žãã§ã
åºæïŒ habr.com