Kia ora! Ina tata nei, he maha nga taputapu miihini hauhautanga kua tukuna mo te hanga whakaahua Docker me te tuku ki Kubernetes. I runga i tenei kaupapa, i whakatau ahau ki te takaro ki a GitLab, kia ata ako i ona kaha, me te mea, me whakarite te paipa.

I whakaaweahia tenei mahi e te paetukutuku kubernetes.io, ka puta mai i waehere puna aunoa, a mo ia tono poka wai ka tukuna, ka whakaputa aunoatia e te karetao he putanga arokite o te pae me o huringa me te tuku hononga mo te tiro.

I ngana ahau ki te hanga i tetahi tukanga rite mai i te wahanga, engari i hangaia katoa i runga i te Gitlab CI me nga taputapu kore utu e whakamahia ana e au ki te tuku tono ki a Kubernetes. I tenei ra ka korero atu ahau ki a koe mo ratou.

Ka matapakihia e te tuhinga nga taputapu penei:
Hugo, qbec, kaniko, git-crypt и GitLab CI me te hanganga o nga taiao hihiri.

Ihirangi

1. Tutaki ki a Hugo
2. Te whakarite i te Dockerfile
3. Te mohio ki te kaniko
4. Te mohio ki qbec
5. E ngana ana ki a Gitlab-runner me Kubernetes-executor
6. Te whakatakoto tūtohi Helm me qbec
7. Te whakauru git-crypt
8. Te hanga pikitia pouaka taputapu
9. Ko ta maatau paipa tuatahi me te huihuinga o nga whakaahua ma nga tohu
10. Aunoatanga tuku
11. Nga toi me te huihuinga i te wa e pana ana ki te rangatira
12. Nga taiao hihiri
13. Arotake Taupānga

1. Te mohio ki a Hugo

Hei tauira mo ta matou kaupapa, ka ngana matou ki te hanga i tetahi waahi whakaputa tuhinga i hangaia ki Hugo. Ko Hugo he kaihanga ihirangi pateko.

Mo te hunga kaore i te mohio ki nga kaihanga pateko, ka korero atu ahau ki a koe mo etahi atu korero mo ratou. Kaore i rite ki nga miihini paetukutuku tikanga me te papaa raraunga me etahi PHP, ka tonohia e te kaiwhakamahi, ka whakaputa i nga wharangi i runga i te rere, he rereke te hoahoa o nga kaihanga pateko. Ka taea e koe te tango i nga punawai, he huinga konae kei roto i te tohu Markdown me nga tauira kaupapa, katahi ka whakahiato ki te paetukutuku kua oti katoa.

Arā, ko te hua, ka whiwhi koe i te hanganga whaiaronga me te huinga o nga konae HTML kua hangaia, ka taea e koe te tuku noa ki tetahi manaaki iti ka whiwhi paetukutuku mahi.

Ka taea e koe te whakauru a Hugo ki te rohe ka whakamatau:

Te timata i te pae hou:

hugo new site docs.example.org

A i te wa ano ko te putunga git:

cd docs.example.org
git init

I tenei wa, he maamaa tonu to maatau papaanga, a kia puta mai ai tetahi mea ki runga, me hono tatou i tetahi kaupapa; ko te kaupapa he huinga tauira me nga ture kua tohua e hangaia ai to maatau papaanga.

Mo te kaupapa ka whakamahia e matou ako, ki taku whakaaro, he mea tino pai mo te waahi tuhinga.

E hiahia ana ahau ki te aro nui ki te meka kaore e tika kia tiakina nga konae kaupapa i roto i ta maatau putunga kaupapa; engari, ka taea e taatau te hono atu ma te whakamahi git kōwaeroto:

git submodule add https://github.com/matcornic/hugo-theme-learn themes/learn

Ma tenei ara, ka mau noa nga konae e pa ana ki ta maatau kaupapa, ko te kaupapa hono ka noho tonu hei hono ki tetahi putunga motuhake me te tuunga ki roto, ara, ka taea te kumea mai i te puna taketake me te kore e mataku. o nga huringa hotokore.

Me whakatika te whirihora config.toml:

baseURL = "http://docs.example.org/"
languageCode = "en-us"
title = "My Docs Site"
theme = "learn"

I tenei wa ka taea e koe te whakahaere:

hugo server

A i te wahitau http://localhost:1313/ tirohia to maatau paetukutuku hou i hangaia, nga huringa katoa i mahia i roto i te raarangi ka whakahou aunoa i te wharangi tuwhera i roto i te tirotiro, tino watea!

Me ngana ki te hanga i tetahi wharangi uhi ki roto ihirangi/_index.md:

# My docs site

## Welcome to the docs!

You will be very smart :-)

Whakaahuatanga o te wharangi katahi ano ka hangaia

Ki te hanga pae, rere noa:

hugo

Nga ihirangi whaiaronga tūmatanui/ a ka waiho to paetukutuku.
Ae, ma te ara, me whakauru tonu atu ki .giignore:

echo /public > .gitignore

Kaua e wareware ki te tuku i a maatau huringa:

git add .
git commit -m "New site created"

2. Te whakarite i te Dockerfile

Kua tae ki te wa ki te tautuhi i te hanganga o to maatau putunga. Ka whakamahia e au tetahi mea penei:

.
├── deploy
│   ├── app1
│   └── app2
└── dockerfiles
    ├── image1
    └── image2

• dockerfiles/ - kei roto nga raarangi me nga Dockerfiles me nga mea katoa e tika ana mo te hanga i o maatau whakaahua Docker.
• horahia/ — kei roto nga raarangi mo te tuku i a maatau tono ki a Kubernetes

No reira, ka hangahia e maatau to Dockerfile tuatahi i te huarahi dockerfiles/paetukutuku/Dockerfiles

FROM alpine:3.11 as builder
ARG HUGO_VERSION=0.62.0
RUN wget -O- https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_${HUGO_VERSION}_linux-64bit.tar.gz | tar -xz -C /usr/local/bin
ADD . /src
RUN hugo -s /src

FROM alpine:3.11
RUN apk add --no-cache darkhttpd
COPY --from=builder /src/public /var/www
ENTRYPOINT [ "/usr/bin/darkhttpd" ]
CMD [ "/var/www" ]

Ka kite koe, e rua nga konae Dockerfile MEI, ka kiia tenei ahuatanga hanga maha-waahanga ka taea e koe te whakakore i nga mea katoa e kore e tika mai i te ahua Docker whakamutunga.
No reira, ko te ahua whakamutunga ka mau anake pourihttpd (tūmau HTTP mama) me tūmatanui/ — te ihirangi o ta maatau paetukutuku i hangaia.

Kaua e wareware ki te tuku i a maatau huringa:

git add dockerfiles/website
git commit -m "Add Dockerfile for website"

3. Te mohio ki te kaniko

Hei kaihanga whakaahua docker, i whakatau ahau ki te whakamahi kaniko, na te mea kaore e hiahiatia he daemon docker, ka taea te hanga i runga i tetahi miihini ka taea te penapena i te keteroki ki roto i te rehitatanga, na reira ka whakakorehia te hiahia kia mau tonu te rokiroki.

Hei hanga i te ahua, whakahaere noa i te ipu kaniko executor ka tukuna te horopaki hanga o naianei; ka taea hoki tenei ki te rohe, ma te docker:

docker run -ti --rm 
  -v $PWD:/workspace 
  -v ~/.docker/config.json:/kaniko/.docker/config.json:ro 
  gcr.io/kaniko-project/executor:v0.15.0 
  --cache 
  --dockerfile=dockerfiles/website/Dockerfile 
  --destination=registry.gitlab.com/kvaps/docs.example.org/website:v0.0.1

Kei hea registry.gitlab.com/kvaps/docs.example.org/paetukutuku — te ingoa o to ahua docker; i muri i te hanga, ka tukuna aunoatia ki te rehita docker.

Taumahi --keteroki ka taea e koe te keteroki i nga paparanga kei roto i te rehita docker; mo te tauira kua homai, ka tiakina ki roto registry.gitlab.com/kvaps/docs.example.org/website/cache, engari ka taea e koe te tautuhi i tetahi atu ara ma te whakamahi i te tawhā --cache-repo.

Whakaahuatanga o te rehita docker

4. Te mohio ki qbec

Qbec he taputapu tukunga e taea ai e koe te whakamaarama i o whakaaturanga tono me te tuku ki a Kubernetes. Ma te whakamahi i a Jsonnet hei wetereo matua ka taea e koe te whakamaarama i te whakaahuatanga o nga rereketanga puta noa i nga taiao maha, me te tino whakakore i te tukurua waehere.

Ka tino pono tenei ki nga keehi ka hiahia koe ki te tuku tono ki nga tautau maha me nga tawhā rereke me te hiahia ki te whakaahua i a raatau ki a Git.

Ka taea hoki e Qbec te tuku i nga tūtohi Helm ma te tuku i nga tawhā e tika ana, katahi ka whakahaere i a raatau kia rite ki nga whakaaturanga o ia ra, tae atu ki a koe ka taea e koe te whakamahi i nga rereke rereke ki a raatau, na tenei, ka taea e koe te whakakore i te hiahia whakamahi ChartMuseum. Arā, ka taea e koe te penapena me te whakaputa tūtohi mai i te git, kei hea.

Ka rite ki taku korero i mua, ka penapenahia e matou nga waahanga katoa ki roto i te raarangi horahia/:

mkdir deploy
cd deploy

Me arawhiti taatau tono tuatahi:

qbec init website
cd website

Inaianei te ahua o ta maatau tono penei:

.
├── components
├── environments
│   ├── base.libsonnet
│   └── default.libsonnet
├── params.libsonnet
└── qbec.yaml

kia titiro tatou ki te kōnae qbec.yaml:

apiVersion: qbec.io/v1alpha1
kind: App
metadata:
  name: website
spec:
  environments:
    default:
      defaultNamespace: docs
      server: https://kubernetes.example.org:8443
  vars: {}

I konei ka aro nui tatou spec.taiao, kua hanga kē e qbec he taiao taunoa mo tatou, ka tango i te wahitau tūmau, me te mokowāingoa mai i tā mātou kubeconfig o nāianei.
Inaianei ka tukuna ki Taunoa taiao, ka toha tonu a qbec ki te kahui Kubernetes kua tohua me te mokowāingoa kua tohua, ara, karekau koe e huri i waenga i nga horopaki me nga mokowāingoa kia taea ai te tuku.
Mena e tika ana, ka taea e koe te whakahou i nga tautuhinga i tenei konae.

Kei te whakaahuahia o taiao katoa qbec.yaml, me te konae params.libsonnet, kei reira e kii ana kei hea te tiki i nga tawhā mo ratou.

I muri ka kite tatou e rua nga whaiaronga:

• wāhanga/ - Ko nga whakaaturanga katoa mo ta maatau tono ka rongoa ki konei; ka taea te whakaahua i roto i nga konae jsonnet me nga konae yaml
• taiao/ — i konei ka whakaahuahia nga taurangi katoa (tawhā) mo o tatou taiao.

Ma te taunoa e rua nga konae:

• environments/base.libsonnet - ka mau i nga tawhā noa mo nga taiao katoa
• environments/default.libsonnet — kei roto nga tawhā kua whakakorehia mo te taiao Taunoa

kia tuwhera environments/base.libsonnet me te taapiri i nga taapiri mo ta maatau waahanga tuatahi ki reira:

{
  components: {
    website: {
      name: 'example-docs',
      image: 'registry.gitlab.com/kvaps/docs.example.org/website:v0.0.1',
      replicas: 1,
      containerPort: 80,
      servicePort: 80,
      nodeSelector: {},
      tolerations: [],
      ingressClass: 'nginx',
      domain: 'docs.example.org',
    },
  },
}

Me hanga ano ta tatou waahanga tuatahi components/website.jsonnet:

local env = {
  name: std.extVar('qbec.io/env'),
  namespace: std.extVar('qbec.io/defaultNs'),
};
local p = import '../params.libsonnet';
local params = p.components.website;

[
  {
    apiVersion: 'apps/v1',
    kind: 'Deployment',
    metadata: {
      labels: { app: params.name },
      name: params.name,
    },
    spec: {
      replicas: params.replicas,
      selector: {
        matchLabels: {
          app: params.name,
        },
      },
      template: {
        metadata: {
          labels: { app: params.name },
        },
        spec: {
          containers: [
            {
              name: 'darkhttpd',
              image: params.image,
              ports: [
                {
                  containerPort: params.containerPort,
                },
              ],
            },
          ],
          nodeSelector: params.nodeSelector,
          tolerations: params.tolerations,
          imagePullSecrets: [{ name: 'regsecret' }],
        },
      },
    },
  },
  {
    apiVersion: 'v1',
    kind: 'Service',
    metadata: {
      labels: { app: params.name },
      name: params.name,
    },
    spec: {
      selector: {
        app: params.name,
      },
      ports: [
        {
          port: params.servicePort,
          targetPort: params.containerPort,
        },
      ],
    },
  },
  {
    apiVersion: 'extensions/v1beta1',
    kind: 'Ingress',
    metadata: {
      annotations: {
        'kubernetes.io/ingress.class': params.ingressClass,
      },
      labels: { app: params.name },
      name: params.name,
    },
    spec: {
      rules: [
        {
          host: params.domain,
          http: {
            paths: [
              {
                backend: {
                  serviceName: params.name,
                  servicePort: params.servicePort,
                },
              },
            ],
          },
        },
      ],
    },
  },
]

I roto i tenei kōnae i whakaahuatia e matou nga hinonga Kubernetes e toru i te wa kotahi, ko enei: whakamahinga, ratonga и Ingoa. Mena e hiahia ana matou, ka taea e matou te whakauru ki roto i nga waahanga rereke, engari i tenei waahanga ka ranea tetahi ma matou.

wetereo jsonnet he tino rite ki te json auau, i roto i te maapono, ko te jsonnet noa te jsonnet, na i te tuatahi ka ngawari ake ki a koe te whakamahi i nga ratonga ipurangi penei yaml2json ki te huri i to yaml o mua ki te json, mena karekau he taurangi o o wahanga, katahi ka taea te whakaahua ki te ahua o te yaml auau.

Ka mahi ana jsonnet Ka tino tūtohu ahau ki te whakauru i tetahi mono mo to kaiwhakatika

Hei tauira, he mono mo te vim vim-jsonnet, ka whakakao te wetereo miramira me te mahi aunoa jsonnet fmt i nga wa katoa ka penapena koe (me whakauru jsonnet).

Kua rite nga mea katoa, inaianei ka taea e taatau te whakamahi:

Hei kite i nga mea i riro mai, me oma tatou:

qbec show default

I te putanga, ka kite koe i nga whakaaturanga yaml kua tukuna ka tukuna ki te tautau taunoa.

Pai, tono inaianei:

qbec apply default

I te putanga ka kite tonu koe he aha nga mahi i roto i to roopu, ka tono a qbec kia whakaae koe ki nga huringa ma te pato y ka taea e koe te whakau i o whakaaro.

Kua rite ta maatau tono ka tukuna!

Mena ka huri koe, ka taea e koe te mahi i nga wa katoa:

qbec diff default

kia kite me pehea e pa ai enei huringa ki te tukunga o naianei

Kaua e wareware ki te tuku i a maatau huringa:

cd ../..
git add deploy/website
git commit -m "Add deploy for website"

5. E ngana ana ki a Gitlab-runner me Kubernetes-executor

Tae noa ki tata nei ka whakamahia noa e au gitlab-runner i runga i te miihini kua oti te whakarite (putea LXC) me te anga, te kai-whakahaere ranei. I te timatanga, he maha nga momo kaiwhai i te ao kua tautuhia i roto i ta maatau gitlab. I kohia e ratou nga whakaahua docker mo nga kaupapa katoa.

Engari kia rite ki nga mahi kua whakaatuhia, ehara tenei waahanga i te mea tino pai, mo te whaihua me te haumaru. He pai ake, he tika ake te whakaaro ki te whakatakoto i nga kaiwhaiwhai motuhake mo ia kaupapa, mo ia taiao ranei.

Waimarie, ehara tenei i te raru, na te mea ka tukuna e matou gitlab-runner tika hei waahanga o ta maatau kaupapa i Kubernetes.

Ka whakarato a Gitlab i te tūtohi urungi kua rite mo te tuku gitlab-runner ki Kubernetes. Na ko nga mea katoa e hiahia ana koe ki te rapu tohu rēhita mo ta matou kaupapa i roto Tautuhinga -> CI / CD -> Kaiwhaiwhai ka tuku ki te urungi.

helm repo add gitlab https://charts.gitlab.io

helm install gitlab-runner 
  --set gitlabUrl=https://gitlab.com 
  --set runnerRegistrationToken=yga8y-jdCusVDn_t4Wxc 
  --set rbac.create=true 
  gitlab/gitlab-runner

Kei hea:

• https://gitlab.com — te wāhitau o tō tūmau Gitlab.
• yga8y-jdCusVDn_t4Wxc — tohu rehita mo to kaupapa.
• rbac.create=pono — ka whakawhiwhia ki te kaikawe te nui o nga painga kia taea ai e ia te hanga poti hei mahi i a maatau mahi ma te whakamahi i te kubernetes-executor.

Mena kua tika nga mea katoa, me kite koe i tetahi kaiwhai kua rehitatia i te waahanga Tuhinga, i o tautuhinga kaupapa.

Whakaahuamata o te kaiwhaiwhai taapiri

He ngawari noa iho? - Ae, he ngawari noa! Kare he raruraru ki te rehita-a-ringa i nga kaiwhaiwhai, mai i tenei wa ka hangaia nga kaihoroi ka whakangaromia aunoatia.

6. Hoatu nga tūtohi Helm me QBEC

I te mea kua whakatau matou ki te whakaaro gitlab-runner he waahanga o ta maatau kaupapa, kua tae ki te waa ki te whakaahua i roto i ta maatau putunga putunga Git.

Ka taea e taatau te whakaahua he waahanga motuhake paetukutuku, engari i te wa kei te heke mai ka whakamahere matou ki te tuku kape rereke paetukutuku tino maha, rereke gitlab-runner, ka tukuna kia kotahi anake mo ia huinga Kubernetes. Na kia arawhitia he tono motuhake mo taua mea:

cd deploy
qbec init gitlab-runner
cd gitlab-runner

I tenei wa kaore matou e whakaahua a-ringa i nga hinonga Kubernetes, engari ka tangohia he tūtohi Helm kua rite. Ko tetahi o nga painga o te qbec ko te kaha ki te whakaputa tika i nga tūtohi Helm mai i te putunga Git.

Me hono ma te whakamahi i te git submodule:

git submodule add https://gitlab.com/gitlab-org/charts/gitlab-runner vendor/gitlab-runner

Na te whaiaronga kaihoko/gitlab-runner Kei a matou he putunga me te tūtohi mo te gitlab-runner.

He pera ano, ka taea e koe te hono atu i etahi atu putunga, hei tauira, te katoa o te putunga me nga mahere mana https://github.com/helm/charts

Kia whakaahuahia te waahanga wāhanga/gitlab-runner.jsonnet:

local env = {
  name: std.extVar('qbec.io/env'),
  namespace: std.extVar('qbec.io/defaultNs'),
};
local p = import '../params.libsonnet';
local params = p.components.gitlabRunner;

std.native('expandHelmTemplate')(
  '../vendor/gitlab-runner',
  params.values,
  {
    nameTemplate: params.name,
    namespace: env.namespace,
    thisFile: std.thisFile,
    verbose: true,
  }
)

Ko te tohenga tuatahi ki expandHelmTemplate haere tatou i te ara ki te tūtohi, ka params.uara, ka tangohia mai i nga tawhā taiao, ka tae mai te ahanoa

• ingoaTemplate — taitara tuku
• ingoa mokowā — kua whakawhitia te mokowā ingoa ki te urungi
• tenei Kōnae — he tawhā e hiahiatia ana hei whakawhiti i te ara ki te konae o naianei
• kupu korero - whakaatu i te whakahau tauira urungi me nga tohenga katoa i te wa e whakaatu ana i te tūtohi

Inaianei ka whakaahuahia nga tawhā mo ta tatou waahanga i roto environments/base.libsonnet:

local secrets = import '../secrets/base.libsonnet';

{
  components: {
    gitlabRunner: {
      name: 'gitlab-runner',
      values: {
        gitlabUrl: 'https://gitlab.com/',
        rbac: {
          create: true,
        },
        runnerRegistrationToken: secrets.runnerRegistrationToken,
      },
    },
  },
}

Kia tupato kaiwhaiRegistrationToken tango tatou i te kōnae waho ngaro/base.libsonnet, me hanga e tatou:

{
  runnerRegistrationToken: 'yga8y-jdCusVDn_t4Wxc',
}

Kia tirohia mena ka pai nga mea katoa:

qbec show default

mena kei te pai nga mea katoa, katahi ka taea e taatau te whakakore i ta maatau tuku i tukuna i mua ma te Helm:

helm uninstall gitlab-runner

me te tohatoha i te ara ano, engari ma te qbec:

qbec apply default

7. Whakataki ki te git-crypt

Git-crypt he taputapu ka taea e koe te whakarite whakamunatanga marama mo to putunga.

I tenei wa, ko ta matou hanganga whaiaronga mo te gitlab-runner te ahua penei:

.
├── components
│   ├── gitlab-runner.jsonnet
├── environments
│   ├── base.libsonnet
│   └── default.libsonnet
├── params.libsonnet
├── qbec.yaml
├── secrets
│   └── base.libsonnet
└── vendor
    └── gitlab-runner (submodule)

Engari ko te penapena mea ngaro i roto i te Git kaore i te haumaru, he? Na me whakamuna tika tatou.

I te nuinga o te wa, mo te whakaaro o te taurangi kotahi, kaore tenei e whai tikanga i nga wa katoa. Ka taea e koe te whakawhiti mea ngaro ki qbec me nga huringa taiao o to punaha CI.
Engari me mahara he maha atu ano nga kaupapa uaua ka nui atu nga mea ngaro; ko te whakawhiti i a raatau katoa ma nga taurangi taiao ka tino uaua.

I tua atu, i tenei keehi kaore e taea e au te korero ki a koe mo tetahi taputapu whakamiharo penei git-crypt.

git-crypt He watea ano hoki na te mea ka taea e koe te penapena i nga hitori katoa o nga mea ngaro, me te whakataurite, te hanumi me te whakatau i nga tautohetohe kia rite ki ta maatau e mahi i roto i te keehi o Git.

Ko te mea tuatahi i muri i te whakaurunga git-crypt me whakaputa e tatou nga taviri mo ta tatou putunga:

git crypt init

Mena he taviri PGP koe, katahi ka taea e koe te taapiri i a koe ano hei hoa mahi mo tenei kaupapa:

git-crypt add-gpg-user [email protected]

Ma tenei ka taea e koe te wetewete i tenei putunga ma te whakamahi i to kii motuhake.

Mena karekau he taviri PGP kaore koe e tumanako, katahi ka taea e koe te haere ki tetahi atu huarahi ka kaweake i te kii kaupapa:

git crypt export-key /path/to/keyfile

No reira, ko te tangata kua kaweake kōnae matua ka taea ki te wetemuna i to putunga.

Kua tae ki te wa ki te whakarite i ta tatou mea ngaro tuatahi.
Kia maumahara ahau kei roto tonu tatou i te raarangi tohatoha/gitlab-runner/, kei a matou he whaiaronga mea ngaro/, kia whakamunatia nga konae katoa kei roto, mo tenei ka hanga he konae mea ngaro/.gitattributes me nga ihirangi e whai ake nei:

* filter=git-crypt diff=git-crypt
.gitattributes !filter !diff

Ka kitea mai i te ihirangi, he huna nga konae katoa * ka peia atu git-crypt, haunga te nuinga .gitattributes

Ka taea e tatou te tirotiro i tenei ma te whakahaere:

git crypt status -e

Ko te putanga he rarangi o nga konae katoa kei roto i te putunga e taea ai te whakamunatanga

Heoi ano, inaianei ka taea e taatau te whakarite i a maatau huringa:

cd ../..
git add .
git commit -m "Add deploy for gitlab-runner"

Hei aukati i tetahi putunga, whakahaere noa:

git crypt lock

a ka huri nga konae whakamuna katoa hei mea-rua, kare e taea te panui.
Hei wetewete i te putunga, whakahaere:

git crypt unlock

8. Waihangahia he whakaahua pouaka taputapu

Ko te ahua pouaka taputapu he ahua me nga taputapu katoa ka whakamahia e matou ki te tuku i to maatau kaupapa. Ka whakamahia e te Kaiwhaiwhai Gitlab ki te mahi i nga mahi tuku noa.

He ngawari nga mea katoa i konei, me hanga he mea hou dockerfiles/toolbox/Dockerfiles me nga ihirangi e whai ake nei:

FROM alpine:3.11

RUN apk add --no-cache git git-crypt

RUN QBEC_VER=0.10.3 
 && wget -O- https://github.com/splunk/qbec/releases/download/v${QBEC_VER}/qbec-linux-amd64.tar.gz 
     | tar -C /tmp -xzf - 
 && mv /tmp/qbec /tmp/jsonnet-qbec /usr/local/bin/

RUN KUBECTL_VER=1.17.0 
 && wget -O /usr/local/bin/kubectl 
      https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VER}/bin/linux/amd64/kubectl 
 && chmod +x /usr/local/bin/kubectl

RUN HELM_VER=3.0.2 
 && wget -O- https://get.helm.sh/helm-v${HELM_VER}-linux-amd64.tar.gz 
     | tar -C /tmp -zxf - 
 && mv /tmp/linux-amd64/helm /usr/local/bin/helm

Ka taea e koe te kite, i tenei ahua ka whakauruhia e matou nga taputapu katoa i whakamahia e matou ki te tuku i ta maatau tono. Kaore matou e hiahia ana ki konei engari mena kubectl, engari ka hiahia pea koe ki te takaro i a koe i roto i te wahanga tatūnga paipa.

Ano hoki, kia taea ai te korero ki a Kubernetes me te tuku atu ki a ia, me whirihora he mahi mo nga pods i hangaia e gitlab-runner.

Ki te mahi i tenei, me haere ki te raarangi me te gitlab-runner:

cd deploy/gitlab-runner

me te taapiri i tetahi waahanga hou wāhanga/rbac.jsonnet:

local env = {
  name: std.extVar('qbec.io/env'),
  namespace: std.extVar('qbec.io/defaultNs'),
};
local p = import '../params.libsonnet';
local params = p.components.rbac;

[
  {
    apiVersion: 'v1',
    kind: 'ServiceAccount',
    metadata: {
      labels: {
        app: params.name,
      },
      name: params.name,
    },
  },
  {
    apiVersion: 'rbac.authorization.k8s.io/v1',
    kind: 'Role',
    metadata: {
      labels: {
        app: params.name,
      },
      name: params.name,
    },
    rules: [
      {
        apiGroups: [
          '*',
        ],
        resources: [
          '*',
        ],
        verbs: [
          '*',
        ],
      },
    ],
  },
  {
    apiVersion: 'rbac.authorization.k8s.io/v1',
    kind: 'RoleBinding',
    metadata: {
      labels: {
        app: params.name,
      },
      name: params.name,
    },
    roleRef: {
      apiGroup: 'rbac.authorization.k8s.io',
      kind: 'Role',
      name: params.name,
    },
    subjects: [
      {
        kind: 'ServiceAccount',
        name: params.name,
        namespace: env.namespace,
      },
    ],
  },
]

Ka whakaahuahia ano e matou nga tawhā hou i roto environments/base.libsonnet, e penei ana te ahua inaianei:

local secrets = import '../secrets/base.libsonnet';

{
  components: {
    gitlabRunner: {
      name: 'gitlab-runner',
      values: {
        gitlabUrl: 'https://gitlab.com/',
        rbac: {
          create: true,
        },
        runnerRegistrationToken: secrets.runnerRegistrationToken,
        runners: {
          serviceAccountName: $.components.rbac.name,
          image: 'registry.gitlab.com/kvaps/docs.example.org/toolbox:v0.0.1',
        },
      },
    },
    rbac: {
      name: 'gitlab-runner-deploy',
    },
  },
}

Kia tupato $.components.rbac.ingoa e tohu ana ki ingoa mo te waahanga rbac

Kia tirohia nga mea kua huri:

qbec diff default

ka whakamahi i a maatau huringa ki nga Kubernetes:

qbec apply default

Ano, kaua e wareware ki te tuku i a maatau huringa ki te git:

cd ../..
git add dockerfiles/toolbox
git commit -m "Add Dockerfile for toolbox"
git add deploy/gitlab-runner
git commit -m "Configure gitlab-runner to use toolbox"

9. Ko ta maatau paipa tuatahi me te huihuinga o nga whakaahua ma nga tohu

I te putake o te kaupapa ka hanga e matou .gitlab-ci.yml me nga ihirangi e whai ake nei:

.build_docker_image:
  stage: build
  image:
    name: gcr.io/kaniko-project/executor:debug-v0.15.0
    entrypoint: [""]
  before_script:
    - echo "{"auths":{"$CI_REGISTRY":{"username":"$CI_REGISTRY_USER","password":"$CI_REGISTRY_PASSWORD"}}}" > /kaniko/.docker/config.json

build_toolbox:
  extends: .build_docker_image
  script:
    - /kaniko/executor --cache --context $CI_PROJECT_DIR/dockerfiles/toolbox --dockerfile $CI_PROJECT_DIR/dockerfiles/toolbox/Dockerfile --destination $CI_REGISTRY_IMAGE/toolbox:$CI_COMMIT_TAG
  only:
    refs:
      - tags

build_website:
  extends: .build_docker_image
  variables:
    GIT_SUBMODULE_STRATEGY: normal
  script:
    - /kaniko/executor --cache --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dockerfiles/website/Dockerfile --destination $CI_REGISTRY_IMAGE/website:$CI_COMMIT_TAG
  only:
    refs:
      - tags

Kia mahara ka whakamahia e matou GIT_SUBMODULE_STRATEGY: noa mo era mahi e hiahia ana koe ki te arawhiti i nga waahanga iti i mua i te mahi.

Kaua e wareware ki te tuku i a maatau huringa:

git add .gitlab-ci.yml
git commit -m "Automate docker build"

Ki taku whakaaro ka taea e taatau te karanga he putanga tenei v0.0.1 me te taapiri i te tohu:

git tag v0.0.1

Ka taapirihia e matou nga tohu i nga wa e hiahia ana matou ki te tuku i tetahi putanga hou. Ko nga tohu kei roto i nga whakaahua Docker ka herea ki nga tohu Git. Ko ia pana me te tohu hou ka arawhiti i te hanga whakaahua me tenei tohu.

Kia mahia e tatou git pana --tags, a ka titiro tatou ki to tatou paipa tuatahi:

Whakaahuamata o te paipa tuatahi

He pai ki te aro ki te meka ko te huihuinga ma nga tohu he pai mo te hanga whakaahua docker, engari kaore e pai mo te tuku tono ki a Kubernetes. I te mea ka taea te tautapa nga tohu hou ki nga mahi tawhito, i tenei keehi, ko te tiimata i te paipa mo ratou ka arahi ki te tuku i te putanga tawhito.

Hei whakaoti i tenei raru, ko te tikanga ka herea te hanga o nga whakaahua docker ki nga tohu, me te tuku tono ki tetahi peka. ariki, kei roto nei nga momo ahua o nga whakaahua kua kohia e whakamarohia ana. Koinei te waahi ka taea e koe te arawhiti i te hokinga mai me te whakahoki ngawari ariki-manga.

10. Aunoatanga o te horahanga

Kia taea ai e Gitlab-runner te wetewete i a tatou mea ngaro, me kawe e tatou te kii putunga me te taapiri atu ki o taatau huringa taiao CI:

git crypt export-key /tmp/docs-repo.key
base64 -w0 /tmp/docs-repo.key; echo

Ka tiakina e matou te raina hua i Gitlab; ki te mahi i tenei, me haere ki o maatau kaupapa:
Tautuhinga -> CI / CD -> Taurangi

A me hanga he taurangi hou:

momo
Key
uara
Kua tiakina
Ka whakamutua
Scope

File
GITCRYPT_KEY
<your string>
true (i te wa whakangungu ka taea e koe false)
true
All environments

Whakaahuamata o te taurangi taapiri

Inaianei me whakahou i ta maatau .gitlab-ci.yml te taapiri atu:

.deploy_qbec_app:
  stage: deploy
  only:
    refs:
      - master

deploy_gitlab_runner:
  extends: .deploy_qbec_app
  variables:
    GIT_SUBMODULE_STRATEGY: normal
  before_script:
    - base64 -d "$GITCRYPT_KEY" | git-crypt unlock -
  script:
    - qbec apply default --root deploy/gitlab-runner --force:k8s-context __incluster__ --wait --yes

deploy_website:
  extends: .deploy_qbec_app
  script:
    - qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yes

I konei kua whakahohea e matou etahi whiringa hou mo qbec:

• --pakiaka etahi/taupānga — ka taea e koe te whakatau i te raarangi o tetahi tono motuhake
• --kaha:k8s-horopaki __incluster__ - he taurangi makutu tenei e kii ana ka puta te tukunga ki roto i te roopu kotahi e rere ana a gtilab-runner. Me tika tenei na te mea ka ngana a qbec ki te kimi i tetahi tūmau Kubernetes e tika ana i to kubeconfig
• --tatari — ka akiaki i a qbec kia tatari kia uru atu nga rauemi ka hangaia ki te ahua Riri katahi ka puta me te tohu-whakaputa angitu.
• —ae - ka mono noa i te anga tauwhitiwhiti Ka rohi? ina horahia.

Kaua e wareware ki te tuku i a maatau huringa:

git add .gitlab-ci.yml
git commit -m "Automate deploy"

A muri iho git ka kite tatou me pehea te tohatoha o a maatau tono:

Whakaahuamata o te paipa tuarua

11. Taonga me te huihui i te wa e pana ana ki te rangatira

Ko te tikanga, he ranea nga hikoi e whakaahuatia ana i runga ake nei hei hanga me te tuku tata mo nga ratonga moroiti katoa, engari kaore matou e hiahia ki te taapiri tohu i nga wa katoa e hiahia ana matou ki te whakahou i te waahi. Na reira, ka kaha ake taatau ki te whai i te huarahi hihiri me te whakarite i te tukunga kemu ki te peka matua.

He ngawari te whakaaro: inaianei ko te ahua o to maatau paetukutuku ka hanga ano i nga wa katoa ka pana koe ki roto ariki, ka toha aunoa ki nga Kubernetes.

Kia whakahouhia enei mahi e rua i roto i to maatau .gitlab-ci.yml:

build_website:
  extends: .build_docker_image
  variables:
    GIT_SUBMODULE_STRATEGY: normal
  script:
    - mkdir -p $CI_PROJECT_DIR/artifacts
    - /kaniko/executor --cache --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dockerfiles/website/Dockerfile --destination $CI_REGISTRY_IMAGE/website:$CI_COMMIT_REF_NAME --digest-file $CI_PROJECT_DIR/artifacts/website.digest
  artifacts:
    paths:
      - artifacts/
  only:
    refs:
      - master
      - tags

deploy_website:
  extends: .deploy_qbec_app
  script:
    - DIGEST="$(cat artifacts/website.digest)"
    - qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST"

Kia mahara kua taapirihia e matou he miro ariki к Tuhinga mo nga mahi hanga_paetukutuku a ka whakamahia e matou inaianei $CI_COMMIT_REF_NAME Tuhinga o mua $CI_COMMIT_TAG, ara, kua wetewetehia tatou i nga tohu i roto i te Git katahi ka panaia he ahua me te ingoa o te manga commit i arawhiti i te paipa. He mea tika kia mohiohia ka mahi ano tenei me nga tohu, ka taea e maatau te tiaki i nga whakaahua o te waahi me tetahi waahanga motuhake i roto i te rehita-docker.

Ka taea te whakarereke i te ingoa o te tohu docker mo tetahi putanga hou o te papanga, me whakaatu tonu e matou nga huringa ki a Kubernetes, mena ka kore e tukuna ano te tono mai i te ahua hou, na te mea karekau e kite i nga huringa o te whakaaturanga tukunga.

Kōwhiringa —vm:ext-str digest=”$DIGEST” mo qbec - ka taea e koe te tuku i tetahi taurangi o waho ki te jsonnet. Kei te pirangi matou kia tukuna ano i roto i te roopu me ia tukunga o ta maatau tono. Kaore e taea e taatau te whakamahi i te ingoa tohu, kaore e taea te whakarereke, na te mea me herea tatou ki tetahi waahanga motuhake o te ahua me te whakaoho i te tohatoha ina huri ana.

I konei ka awhinatia tatou e te kaha o Kaniko ki te tiaki i tetahi ahua kemu ki tetahi konae (kowhiringa --digest-kōnae)
Na ka whakawhitia e matou tenei konae ka panuihia i te wa e tukuna ana.

Kia whakahouhia nga tawhā mo to maatau deploy/website/environments/base.libsonnet ka penei te ahua inaianei:

{
  components: {
    website: {
      name: 'example-docs',
      image: 'registry.gitlab.com/kvaps/docs.example.org/website@' + std.extVar('digest'),
      replicas: 1,
      containerPort: 80,
      servicePort: 80,
      nodeSelector: {},
      tolerations: [],
      ingressClass: 'nginx',
      domain: 'docs.example.org',
    },
  },
}

Kua oti, inaianei ka uru mai ariki ka arawhiti i te hanga o te ahua docker mo paetukutuku, ka toha ki Kubernetes.

Kaua e wareware ki te tuku i a maatau huringa:

git add .
git commit -m "Configure dynamic build"

Ka tirohia e matou a muri ake nei git me kite tatou i tetahi mea penei:

Whakaahuamata o te paipa mo te rangatira

Ko te tikanga, kaore matou e hiahia ki te whakahou i te gitlab-runner me ia pana, mena, kaore he mea i rereke i tana whirihoranga, me whakatika i roto .gitlab-ci.yml:

deploy_gitlab_runner:
  extends: .deploy_qbec_app
  variables:
    GIT_SUBMODULE_STRATEGY: normal
  before_script:
    - base64 -d "$GITCRYPT_KEY" | git-crypt unlock -
  script:
    - qbec apply default --root deploy/gitlab-runner --force:k8s-context __incluster__ --wait --yes
  only:
    changes:
      - deploy/gitlab-runner/**/*

huringa ka taea e koe te aro turuki i nga huringa tohatoha/gitlab-runner/ a ka timata i a maatau mahi mena kei kona ano

Kaua e wareware ki te tuku i a maatau huringa:

git add .gitlab-ci.yml
git commit -m "Reduce gitlab-runner deploy"

git, he pai ake:

Whakaahuamata o te paipa kua whakahoutia

12. Nga taiao hihiri

Kua tae ki te wa ki te whakarereke i a maatau paipa me nga taiao hihiri.

Tuatahi, kia whakahouhia te mahi hanga_paetukutuku i roto i to tatou .gitlab-ci.yml, te tango i te poraka mai i a ia anake, ka kaha a Gitlab ki te whakaoho i runga i nga mahi ki tetahi peka:

build_website:
  extends: .build_docker_image
  variables:
    GIT_SUBMODULE_STRATEGY: normal
  script:
    - mkdir -p $CI_PROJECT_DIR/artifacts
    - /kaniko/executor --cache --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dockerfiles/website/Dockerfile --destination $CI_REGISTRY_IMAGE/website:$CI_COMMIT_REF_NAME --digest-file $CI_PROJECT_DIR/artifacts/website.digest
  artifacts:
    paths:
      - artifacts/

Na ka whakahou i te mahi deploy_paetukutuku, tāpirihia he poraka ki reira taiao:

deploy_website:
  extends: .deploy_qbec_app
  environment:
    name: prod
    url: https://docs.example.org
  script:
    - DIGEST="$(cat artifacts/website.digest)"
    - qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST"

Ma tenei ka taea e Gitlab te hono i te mahi prod taiao me te whakaatu i te hono tika ki reira.

Inaianei ka taapirihia etahi atu mahi e rua:

deploy_website:
  extends: .deploy_qbec_app
  environment:
    name: prod
    url: https://docs.example.org
  script:
    - DIGEST="$(cat artifacts/website.digest)"
    - qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST"

deploy_review:
  extends: .deploy_qbec_app
  environment:
    name: review/$CI_COMMIT_REF_NAME
    url: http://$CI_ENVIRONMENT_SLUG.docs.example.org
    on_stop: stop_review
  script:
    - DIGEST="$(cat artifacts/website.digest)"
    - qbec apply review --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST" --vm:ext-str subdomain="$CI_ENVIRONMENT_SLUG" --app-tag "$CI_ENVIRONMENT_SLUG"
  only:
    refs:
    - branches
  except:
    refs:
      - master

stop_review:
  extends: .deploy_qbec_app
  environment:
    name: review/$CI_COMMIT_REF_NAME
    action: stop
  stage: deploy
  before_script:
    - git clone "$CI_REPOSITORY_URL" master
    - cd master
  script:
    - qbec delete review --root deploy/website --force:k8s-context __incluster__ --yes --vm:ext-str digest="$DIGEST" --vm:ext-str subdomain="$CI_ENVIRONMENT_SLUG" --app-tag "$CI_ENVIRONMENT_SLUG"
  variables:
    GIT_STRATEGY: none
  only:
    refs:
    - branches
  except:
    refs:
      - master
  when: manual

Ka whakarewahia i runga i te pana ki etahi peka engari ko te rangatira ka tukuna te putanga arokite o te pae.

Ka kite matou i tetahi whiringa hou mo qbec: --taupānga-tag — ka taea e koe te tohu i nga putanga kua tukuna o te tono me te mahi i roto i tenei tohu anake; ina hanga me te whakangaro rauemi i Kubernetes, ka mahi a qbec me ratou anake.
Ma tenei ara e kore e taea e matou te hanga i tetahi taiao motuhake mo ia arotake, engari me whakamahi ano i te mea kotahi.

I konei ka whakamahia ano e matou qbec tono arotake, hei utu mo qbec tono taunoa - koinei tonu te wa ka ngana tatou ki te whakaahua i nga rereketanga mo o tatou taiao (arotake me te taunoa):

Me tapiri atu arotake taiao i roto deploy/website/qbec.yaml

spec:
  environments:
    review:
      defaultNamespace: docs
      server: https://kubernetes.example.org:8443

Katahi ka whakapuakina e matou deploy/website/params.libsonnet:

local env = std.extVar('qbec.io/env');
local paramsMap = {
  _: import './environments/base.libsonnet',
  default: import './environments/default.libsonnet',
  review: import './environments/review.libsonnet',
};

if std.objectHas(paramsMap, env) then paramsMap[env] else error 'environment ' + env + ' not defined in ' + std.thisFile

A tuhia nga tawhā ritenga mo taua mea ki roto deploy/website/environments/review.libsonnet:

// this file has the param overrides for the default environment
local base = import './base.libsonnet';
local slug = std.extVar('qbec.io/tag');
local subdomain = std.extVar('subdomain');

base {
  components+: {
    website+: {
      name: 'example-docs-' + slug,
      domain: subdomain + '.docs.example.org',
    },
  },
}

Kia ata titiro ano tatou ki te jobu mutu_arotake, ka puta i te wa ka mukua te peka kia kore ai a gitlab e ngana ki te tirotiro ka whakamahia GIT_STRATEGY: kore, i muri mai ka kii tatou ariki- manga me te whakakore i te arotake ma roto.
He iti te rangirua, engari kaore ano kia kitea e au tetahi huarahi tino ataahua.
Ko tetahi atu whiringa ko te tuku i ia arotake ki tetahi mokowā ingoa hotera, ka taea te whakakore katoa.

Kaua e wareware ki te tuku i a maatau huringa:

git add .
git commit -m "Enable automatic review"

git, git checkout -b whakamatautau, git pana te whakamatautau takenga, taki:

Whakaahuatanga o nga taiao i hangaia i Gitlab

Kei te mahi nga mea katoa? - pai, whakakorea ta maatau peka whakamatautau: te kaiwhakahaere o te kaitirotiro, git pana takenga mai :test, ka tirohia e matou i mahi nga mahi whakakore taiao me te kore he.

I konei ka hiahia ahau ki te whakamarama tonu ka taea e tetahi kaiwhakawhanake i roto i tetahi kaupapa te hanga manga, ka taea ano e ia te whakarereke .gitlab-ci.yml kōnae me te uru ki nga taurangi ngaro.
Na reira, e tino tūtohutia ana kia whakamahia anake mo nga manga kua tiakina, hei tauira i roto ariki, ka hangaia he huinga taurangi motuhake mo ia taiao.

13. Arotake Apps

Arotake Taupānga He ahuatanga GitLab tenei ka taea e koe te taapiri i tetahi paatene mo ia konae kei roto i te putunga kia tere te tiro ki roto i te taiao kua tohatohahia.

Kia puta mai enei patene, me hanga e koe he konae .gitlab/route-map.yml me te whakaahua i nga huringa ara katoa kei roto; i roto i a maatau ka tino ngawari:

# Indices
- source: /content/(.+?)_index.(md|html)/ 
  public: '1'

# Pages
- source: /content/(.+?).(md|html)/ 
  public: '1/'

Kaua e wareware ki te tuku i a maatau huringa:

git add .gitlab/
git commit -m "Enable review apps"

git, ka tirohia:

Whakaahuamata o te paatene Arotake App

Kua oti te mahi!

Puna kaupapa:

• i runga i Gitlab: https://gitlab.com/kvaps/docs.example.org
• i runga i te GitHub: https://github.com/kvaps/docs.example.org

Mauruuru koe mo to aro, ko taku tumanako i pai ki a koe

Source: will.com