Moni! Posachedwa, zida zambiri zodzipangira zokha zatulutsidwa zonse zomanga zithunzi za Docker komanso zotumizidwa ku Kubernetes. Pachifukwa ichi, ndinaganiza zosewera ndi GitLab, ndikuphunzira bwino zomwe angathe kuchita ndipo, ndithudi, ndikukhazikitsa payipi.
Ntchitoyi idalimbikitsidwa ndi tsamba lawebusayiti , yomwe imapangidwa kuchokera ku zokha, ndi pempho lililonse la dziwe lomwe latumizidwa, loboti imangopanga mawonekedwe owonera tsambalo ndi zosintha zanu ndikupereka ulalo wowonera.
Ndinayesa kupanga njira yofananayo kuyambira pachiyambi, koma yomangidwa kwathunthu pa Gitlab CI ndi zida zaulere zomwe ndimagwiritsa ntchito potumiza mapulogalamu ku Kubernetes. Lero ndidzakuuzani zambiri za iwo.
Nkhaniyi ifotokoza zida monga:
Hugo, qbec, kodi, git-crypt и GitLab CI ndi kupanga malo osinthika.
Zokhutira
1. Kudziwana ndi Hugo
Monga chitsanzo cha polojekiti yathu, tidzayesa kupanga malo osindikizira zolemba omangidwa pa Hugo. Hugo ndi static content generator.
Kwa iwo omwe sadziwa majenereta osasunthika, ndikuwuzani zambiri za iwo. Mosiyana ndi ma injini wamba omwe ali ndi database ndi PHP, omwe, akafunsidwa ndi wogwiritsa ntchito, amapanga masamba pa ntchentche, majenereta osasunthika amapangidwa mosiyana. Amakulolani kuti mutenge magwero, nthawi zambiri mafayilo omwe ali mu Markdown markup ndi ma tempuleti amutu, kenako ndikuwaphatikiza kukhala tsamba lomalizidwa kwathunthu.
Izi zikutanthauza kuti, chifukwa chake, mudzalandira chikwatu ndi seti yamafayilo opangidwa ndi HTML, omwe mutha kungowayika ku hosting iliyonse yotsika mtengo ndikupeza tsamba logwira ntchito.
Mutha kukhazikitsa Hugo kwanuko ndikuyesa:
Kuyambitsa tsamba latsopano:
hugo new site docs.example.orgNdipo nthawi yomweyo git repository:
cd docs.example.org
git initPakadali pano, tsamba lathu ndilabwino ndipo kuti china chake chiwonekere pamenepo, choyamba tiyenera kulumikiza mutuwo; mutu umangokhala ma templates ndi malamulo odziwika omwe tsamba lathu limapangidwira.
Pamutuwu tidzagwiritsa ntchito , yomwe, mwa lingaliro langa, ili yoyenera kwambiri pa malo olembedwa.
Ndikufuna kusamala kwambiri kuti sitiyenera kusunga mafayilo amutu munkhokwe yathu ya polojekiti; m'malo mwake, titha kulumikiza pogwiritsa ntchito git submodule:
git submodule add https://github.com/matcornic/hugo-theme-learn themes/learnChifukwa chake, chosungira chathu chizikhala ndi mafayilo okhawo okhudzana ndi polojekiti yathu, ndipo mutu wolumikizidwa ukhalabe ngati cholumikizira kunkhokwe inayake ndikudzipereka momwemo, ndiye kuti, imatha kukokedwa nthawi zonse kuchokera kugwero loyambirira ndipo osachita mantha. zosintha zosagwirizana.
Tiyeni tikonze config config.toml:
baseURL = "http://docs.example.org/"
languageCode = "en-us"
title = "My Docs Site"
theme = "learn"Pakali pano mutha kuthamanga:
hugo serverNdipo pa adilesi yang'anani tsamba lathu lomwe lapangidwa kumene, zosintha zonse zomwe zasinthidwa m'ndandanda zimangosintha tsamba lotseguka mu msakatuli, ndizosavuta!
Tiyeni tiyese kupanga tsamba loyamba content/_index.md:
# My docs site
## Welcome to the docs!
You will be very smart :-)Chithunzi cha tsamba lomwe langopangidwa kumene
Kuti mupange tsamba, ingothamangani:
hugoZomwe zili m'ndandanda pagulu/ ndipo idzakhala tsamba lanu.
Inde, mwa njira, tiyeni tiwonjezere nthawi yomweyo @alirezatalischioriginal:
echo /public > .gitignoreMusaiwale kupanga zosintha zathu:
git add .
git commit -m "New site created"2. Kukonzekera Dockerfile
Yakwana nthawi yoti tifotokoze kapangidwe ka malo athu. Nthawi zambiri ndimagwiritsa ntchito zinthu monga:
.
├── deploy
│ ├── app1
│ └── app2
└── dockerfiles
├── image1
└── image2- dockerfiles/ - Muli ndi maulalo okhala ndi ma Dockerfiles ndi chilichonse chofunikira kuti mupange zithunzi zathu za Docker.
- tumiza/ - ili ndi zolemba zotumizira mapulogalamu athu ku Kubernetes
Chifukwa chake, tipanga Dockerfile yathu yoyamba panjira dockerfiles/website/Dockerfile
FROM alpine:3.11 as builder
ARG HUGO_VERSION=0.62.0
RUN wget -O- https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_${HUGO_VERSION}_linux-64bit.tar.gz | tar -xz -C /usr/local/bin
ADD . /src
RUN hugo -s /src
FROM alpine:3.11
RUN apk add --no-cache darkhttpd
COPY --from=builder /src/public /var/www
ENTRYPOINT [ "/usr/bin/darkhttpd" ]
CMD [ "/var/www" ]Monga mukuwonera, Dockerfile ili ndi ziwiri Kuchokera, mbali iyi imatchedwa ndikukulolani kuti muchotse chilichonse chosafunikira pa chithunzi chomaliza cha Docker.
Motero, chithunzi chomaliza chidzakhala ndi mdimahttpd (seva ya HTTP yopepuka) ndi pagulu/ - zomwe zili patsamba lathu lopangidwa mokhazikika.
Musaiwale kupanga zosintha zathu:
git add dockerfiles/website
git commit -m "Add Dockerfile for website"3. Kudziwa kaniko
Monga wopanga zithunzi za docker, ndinaganiza zogwiritsa ntchito , popeza ntchito yake sikutanthauza docker daemon, ndi kumanga palokha akhoza kuchitidwa pa makina aliwonse ndi posungira akhoza kusungidwa mwachindunji mu kaundula, potero kuchotsa kufunika kosungira zonse mosalekeza.
Kuti mupange chithunzicho, ingoyendetsani chidebecho ndi kaniko executor ndikuupereka zomwe zikuchitika pano; izi zitha kuchitikanso kwanuko, kudzera pa docker:
docker run -ti --rm
-v $PWD:/workspace
-v ~/.docker/config.json:/kaniko/.docker/config.json:ro
gcr.io/kaniko-project/executor:v0.15.0
--cache
--dockerfile=dockerfiles/website/Dockerfile
--destination=registry.gitlab.com/kvaps/docs.example.org/website:v0.0.1Kumeneko registry.gitlab.com/kvaps/docs.example.org/website - dzina lachithunzi chanu cha docker; mukamanga, idzakhazikitsidwa yokha ku registry ya docker.
chizindikiro --cache amakulolani kuti musungitse zigawo mu registry ya docker; mwachitsanzo, adzapulumutsidwa registry.gitlab.com/kvaps/docs.example.org/website/cache, koma mutha kufotokoza njira ina pogwiritsa ntchito parameter --cache-repo.
Chithunzi cha docker-registry
4. Kudziwana ndi qbec
ndi chida chotumizira chomwe chimakupatsani mwayi wofotokozera momveka bwino zowonetsera zanu ndikuzitumiza ku Kubernetes. Kugwiritsira ntchito Jsonnet monga mawu akuluakulu amakulolani kuti muchepetse kufotokozera kusiyana pakati pa malo angapo, komanso kuthetseratu kubwereza kachidindo.
Izi zitha kukhala zowona makamaka pakafunika kuyika pulogalamu kumagulu angapo okhala ndi magawo osiyanasiyana ndipo mukufuna kufotokoza momveka bwino mu Git.
Qbec imakupatsaninso mwayi kuti mupereke ma chart a Helm powadutsa magawo ofunikira ndikuzigwiritsa ntchito mofanana ndi mawonetsedwe anthawi zonse, kuphatikiza mutha kugwiritsa ntchito masinthidwe osiyanasiyana kwa iwo, ndipo izi, zimakupatsani mwayi wochotsa kufunikira gwiritsani ntchito ChartMuseum. Ndiye kuti, mutha kusunga ndikupereka ma chart molunjika kuchokera ku git, komwe ali.
Monga ndanenera kale, tidzasunga zonse zotumizidwa mu bukhu tumiza/:
mkdir deploy
cd deployTiyeni tiyambitse pulogalamu yathu yoyamba:
qbec init website
cd websiteTsopano kapangidwe ka ntchito yathu ikuwoneka motere:
.
├── components
├── environments
│ ├── base.libsonnet
│ └── default.libsonnet
├── params.libsonnet
└── qbec.yamltiyeni tiwone fayilo qbec.yaml:
apiVersion: qbec.io/v1alpha1
kind: App
metadata:
name: website
spec:
environments:
default:
defaultNamespace: docs
server: https://kubernetes.example.org:8443
vars: {}Apa timakonda kwambiri spec.environments, qbec yatipangira kale malo osasinthika ndipo idatenga adilesi ya seva, komanso malo a mayina kuchokera ku kubeconfig yathu yamakono.
Tsopano potumiza ku chosasintha chilengedwe, qbec nthawi zonse idzatumizidwa ku gulu la Kubernetes lotchulidwa ndi malo omwe atchulidwa, ndiye kuti, simukuyeneranso kusinthana pakati pa zochitika ndi malo a mayina kuti mugwiritse ntchito.
Ngati ndi kotheka, mutha kusintha zosintha mufayiloyi nthawi zonse.
Malo anu onse akufotokozedwa qbec.yaml, ndi mu fayilo params.libsonnet, pomwe pakunena komwe angawapezere magawo awo.
Kenako tikuwona mitundu iwiri:
- zigawo/ - zowonetsera zonse za pulogalamu yathu zidzasungidwa pano; zitha kufotokozedwa mu jsonnet ndi mafayilo aml wamba
- malo/ - apa tifotokoza zosintha zonse (magawo) am'malo athu.
Mwachikhazikitso tili ndi mafayilo awiri:
- chilengedwe/base.libsonnet - idzakhala ndi magawo ofanana m'malo onse
- Environments/default.libsonnet - ili ndi magawo omwe amachotsedwa pa chilengedwe chosasintha
tiyeni titsegule chilengedwe/base.libsonnet ndikuwonjezera magawo a gawo lathu loyamba pamenepo:
{
components: {
website: {
name: 'example-docs',
image: 'registry.gitlab.com/kvaps/docs.example.org/website:v0.0.1',
replicas: 1,
containerPort: 80,
servicePort: 80,
nodeSelector: {},
tolerations: [],
ingressClass: 'nginx',
domain: 'docs.example.org',
},
},
}Tiyeni tipangenso gawo lathu loyamba zigawo/website.jsonnet:
local env = {
name: std.extVar('qbec.io/env'),
namespace: std.extVar('qbec.io/defaultNs'),
};
local p = import '../params.libsonnet';
local params = p.components.website;
[
{
apiVersion: 'apps/v1',
kind: 'Deployment',
metadata: {
labels: { app: params.name },
name: params.name,
},
spec: {
replicas: params.replicas,
selector: {
matchLabels: {
app: params.name,
},
},
template: {
metadata: {
labels: { app: params.name },
},
spec: {
containers: [
{
name: 'darkhttpd',
image: params.image,
ports: [
{
containerPort: params.containerPort,
},
],
},
],
nodeSelector: params.nodeSelector,
tolerations: params.tolerations,
imagePullSecrets: [{ name: 'regsecret' }],
},
},
},
},
{
apiVersion: 'v1',
kind: 'Service',
metadata: {
labels: { app: params.name },
name: params.name,
},
spec: {
selector: {
app: params.name,
},
ports: [
{
port: params.servicePort,
targetPort: params.containerPort,
},
],
},
},
{
apiVersion: 'extensions/v1beta1',
kind: 'Ingress',
metadata: {
annotations: {
'kubernetes.io/ingress.class': params.ingressClass,
},
labels: { app: params.name },
name: params.name,
},
spec: {
rules: [
{
host: params.domain,
http: {
paths: [
{
backend: {
serviceName: params.name,
servicePort: params.servicePort,
},
},
],
},
},
],
},
},
]Mufayilo iyi tidafotokozera mabungwe atatu a Kubernetes nthawi imodzi, awa ndi: Kutumizidwa, Service и Ingress. Ngati tifuna, titha kuziyika m'zigawo zosiyanasiyana, koma panthawiyi imodzi ikhala yokwanira kwa ife.
malembedwe jsonnet ndizofanana kwambiri ndi json wamba, kwenikweni, json wokhazikika ndi jsonnet yovomerezeka, kotero poyamba zingakhale zosavuta kuti mugwiritse ntchito ntchito zapaintaneti ngati yaml2json kuti musinthe yaml yanu yanthawi zonse kukhala json, kapena, ngati zigawo zanu zilibe zosintha zilizonse, ndiye kuti zitha kufotokozedwa ngati yaml wamba.
Mukamagwira ntchito ndi jsonnet Ndikupangira kukhazikitsa pulogalamu yowonjezera ya mkonzi wanu
Mwachitsanzo, pali pulogalamu yowonjezera ya vim vim-jsonnet, yomwe imayatsa kuwunikira kwa mawu ndikuchita zokha jsonnet fmt nthawi iliyonse mukasunga (imafuna kuyika kwa jsonnet).
Zonse zakonzeka, tsopano titha kuyamba kutumiza:
Kuti tiwone zomwe tili nazo, tiyeni tithawe:
qbec show defaultPazotulutsa, muwona zowonetsera zaml zomwe zidzagwiritsidwe ntchito pagulu losasintha.
Zabwino, tsopano gwiritsani ntchito:
qbec apply defaultPazotulutsa nthawi zonse mudzawona zomwe zidzachitike mgulu lanu, qbec idzakufunsani kuti muvomereze zosinthazo polemba. y mudzatha kutsimikizira zolinga zanu.
Ntchito yathu ndi yokonzeka ndipo yatumizidwa!
Ngati musintha, mutha kuchita izi nthawi zonse:
qbec diff defaultkuti muwone momwe kusinthaku kudzakhudzire ntchito yomwe ilipo
Musaiwale kupanga zosintha zathu:
cd ../..
git add deploy/website
git commit -m "Add deploy for website"5. Kuyesa Gitlab-runner ndi Kubernetes-executor
Mpaka posachedwa ndimangogwiritsa ntchito nthawi zonse gitlab-wothamanga pa makina okonzekeratu (chidebe cha LXC) chokhala ndi chipolopolo kapena docker-executor. Poyambirira, tinali ndi othamanga angapo otere omwe amafotokozedwa padziko lonse lapansi mu gitlab yathu. Adasonkhanitsa zithunzi za docker pama projekiti onse.
Koma monga momwe zasonyezera, njirayi si yabwino kwambiri, ponseponse pokhudzana ndi zochitika ndi chitetezo. Ndikwabwinoko komanso kolondola kwambiri kukhala ndi othamanga osiyana pa projekiti iliyonse, kapenanso malo aliwonse.
Mwamwayi, ili si vuto konse, popeza tsopano titumiza gitlab-wothamanga molunjika ngati gawo la polojekiti yathu ku Kubernetes.
Gitlab imapereka tchati cha helm chokonzekera kutumiza gitlab-runner ku Kubernetes. Ndiye zomwe muyenera kuchita ndikupeza chizindikiro cholembetsa kwa polojekiti yathu Zokonda -> CI / CD -> Othamanga ndi kuchipereka kwa wotsogolera:
helm repo add gitlab https://charts.gitlab.io
helm install gitlab-runner
--set gitlabUrl=https://gitlab.com
--set runnerRegistrationToken=yga8y-jdCusVDn_t4Wxc
--set rbac.create=true
gitlab/gitlab-runnerKumeneko:
- - adilesi ya seva yanu ya Gitlab.
- yga8y-jdCusVDn_t4Wxc - chizindikiro cholembetsa cha polojekiti yanu.
- rbac.create=zoona - imapatsa wothamanga mwayi wokwanira kuti athe kupanga ma pod kuti agwire ntchito zathu pogwiritsa ntchito kubernetes-executor.
Ngati zonse zachitika molondola, muyenera kuwona wothamanga wolembetsedwa pagawolo Othamanga, muzikhazikiko za polojekiti yanu.
Chithunzi chojambula cha wothamanga wowonjezera
Kodi ndizosavuta? - inde, ndizosavuta! Palibenso zovuta ndikulembetsa othamanga pamanja, kuyambira pano othamanga adzapangidwa ndikuwonongeka basi.
6. Ikani ma chart a Helm ndi QBEC
Popeza tinaganiza zoganizira gitlab-wothamanga gawo la polojekiti yathu, yakwana nthawi yoti tifotokoze m'nkhokwe yathu ya Git.
Titha kuzifotokoza ngati chigawo chosiyana webusaiti, koma mtsogolomu tikukonza zotumiza makope osiyanasiyana webusaiti nthawi zambiri, mosiyana gitlab-wothamanga, yomwe idzatumizidwa kamodzi kokha pa gulu la Kubernetes. Chifukwa chake tiyeni tiyambitse pulogalamu ina yake:
cd deploy
qbec init gitlab-runner
cd gitlab-runnerNthawi ino sitidzafotokozera mabungwe a Kubernetes pamanja, koma titenga tchati cha Helm chokonzekera. Chimodzi mwazabwino za qbec ndikutha kupereka ma chart a Helm mwachindunji kuchokera kunkhokwe ya Git.
Tiyeni tilumikizane ndi git submodule:
git submodule add https://gitlab.com/gitlab-org/charts/gitlab-runner vendor/gitlab-runnerTsopano chikwatu wogulitsa/gitlab-runner Tili ndi malo okhala ndi tchati cha gitlab-runner.
Momwemonso, mutha kulumikiza nkhokwe zina, mwachitsanzo, malo onse okhala ndi ma chart ovomerezeka
Tiyeni tifotokoze chigawocho zigawo/gitlab-runner.jsonnet:
local env = {
name: std.extVar('qbec.io/env'),
namespace: std.extVar('qbec.io/defaultNs'),
};
local p = import '../params.libsonnet';
local params = p.components.gitlabRunner;
std.native('expandHelmTemplate')(
'../vendor/gitlab-runner',
params.values,
{
nameTemplate: params.name,
namespace: env.namespace,
thisFile: std.thisFile,
verbose: true,
}
)Mtsutso woyamba ku expandHelmTemplate timadutsa njira yopita ku tchati, ndiye params.values, zomwe timatenga kuchokera kuzinthu zachilengedwe, kenako zimabwera ndi chinthucho
- nameTemplate - dzina lomasulidwa
- malo okhala - namespace anasamutsidwa kwa helm
- iyiFile - gawo lofunikira lomwe limadutsa njira yopita ku fayilo yomwe ilipo
- mawu - amasonyeza lamulo helm template ndi mfundo zonse popereka tchati
Tsopano tiyeni tifotokoze magawo a gawo lathu mu chilengedwe/base.libsonnet:
local secrets = import '../secrets/base.libsonnet';
{
components: {
gitlabRunner: {
name: 'gitlab-runner',
values: {
gitlabUrl: 'https://gitlab.com/',
rbac: {
create: true,
},
runnerRegistrationToken: secrets.runnerRegistrationToken,
},
},
},
}Samalani RunnerRegistrationToken timatenga kuchokera ku fayilo yakunja zinsinsi/base.libsonnet, tiyeni tipange:
{
runnerRegistrationToken: 'yga8y-jdCusVDn_t4Wxc',
}Tiyeni tiwone ngati zonse zikuyenda:
qbec show defaultngati zonse zili bwino, ndiye kuti titha kufufuta kumasulidwa kwathu komwe kudatumizidwa kale kudzera pa Helm:
helm uninstall gitlab-runnerndikuyiyika mwanjira yomweyo, koma kudzera pa qbec:
qbec apply default7. Chiyambi cha git-crypt
ndi chida chomwe chimakulolani kuti muyike kubisa kowonekera kwa malo anu.
Pakadali pano, mawonekedwe athu a gitlab-runner akuwoneka motere:
.
├── components
│ ├── gitlab-runner.jsonnet
├── environments
│ ├── base.libsonnet
│ └── default.libsonnet
├── params.libsonnet
├── qbec.yaml
├── secrets
│ └── base.libsonnet
└── vendor
└── gitlab-runner (submodule)Koma kusunga zinsinsi ku Git sikuli bwino, sichoncho? Choncho tiyenera encrypt iwo moyenera.
Kawirikawiri, chifukwa cha kusintha kumodzi, izi sizikhala zomveka nthawi zonse. Mutha kusamutsa zinsinsi ku qbec komanso kudzera mumitundu yosiyanasiyana ya CI system yanu.
Koma ndikofunikira kudziwa kuti palinso ma projekiti ovuta kwambiri omwe angakhale ndi zinsinsi zambiri; kusamutsa onse kudzera mumitundu yosiyanasiyana kumakhala kovuta kwambiri.Komanso, munkhaniyi sindingathe kukuuzani za chida chodabwitsa ngati git-crypt.
git-crypt Zimakhalanso zosavuta chifukwa zimakulolani kusunga mbiri yonse ya zinsinsi, komanso kufananiza, kuphatikiza ndi kuthetsa mikangano monga momwe timachitira pa Git.
Chinthu choyamba pambuyo unsembe git-crypt tifunika kupanga makiyi ankhokwe yathu:
git crypt initNgati muli ndi kiyi ya PGP, mutha kudziwonjeza nokha ngati othandizira polojekitiyi:
git-crypt add-gpg-user [email protected]Mwanjira iyi mutha kubisa chosungirachi pogwiritsa ntchito kiyi yanu yachinsinsi.
Ngati mulibe kiyi ya PGP ndipo simumayembekezera, mutha kupita njira ina ndikutumiza kiyi ya projekiti:
git crypt export-key /path/to/keyfileChoncho, aliyense amene ali ndi katundu kunja keyfile azitha kutsitsa nkhokwe yanu.
Yakwana nthawi yoti tikhazikitse chinsinsi chathu choyamba.
Ndiloleni ndikukumbutseni kuti tidakali m'ndandanda tumizani/gitlab-wothamanga/, komwe tili ndi chikwatu zinsinsi/, tiyeni tilembe mafayilo onse omwe ali mmenemo, chifukwa cha izi tidzapanga fayilo zinsinsi/.gitattributes ndi izi:
* filter=git-crypt diff=git-crypt
.gitattributes !filter !diffMonga momwe zikuwonekera pazomwe zili, mafayilo onse amabisika * adzapititsidwa git-crypt, kupatulapo ambiri .gitattributes
Titha kuwona izi poyendetsa:
git crypt status -eZotsatira zake zidzakhala mndandanda wamafayilo onse omwe ali munkhokwe yomwe kubisa kumayatsidwa
Ndizo zonse, tsopano titha kupanga zosintha zathu motetezeka:
cd ../..
git add .
git commit -m "Add deploy for gitlab-runner"Kuti mutseke chosungira, ingothamangani:
git crypt lockndipo nthawi yomweyo mafayilo onse obisidwa adzasandulika kukhala china chake, sizingakhale zotheka kuwawerenga.
Kuti mutsegule chosungira, yesani:
git crypt unlock8. Pangani chithunzi cha bokosi la zida
Chithunzi cha bokosi lazida ndi chithunzi chokhala ndi zida zonse zomwe tidzagwiritse ntchito potumiza polojekiti yathu. Idzagwiritsidwa ntchito ndi wothamanga wa Gitlab kuti achite ntchito zofananira.
Zonse ndi zophweka apa, tiyeni tipange chatsopano dockerfiles/Toolbox/Dockerfile ndi izi:
FROM alpine:3.11
RUN apk add --no-cache git git-crypt
RUN QBEC_VER=0.10.3
&& wget -O- https://github.com/splunk/qbec/releases/download/v${QBEC_VER}/qbec-linux-amd64.tar.gz
| tar -C /tmp -xzf -
&& mv /tmp/qbec /tmp/jsonnet-qbec /usr/local/bin/
RUN KUBECTL_VER=1.17.0
&& wget -O /usr/local/bin/kubectl
https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VER}/bin/linux/amd64/kubectl
&& chmod +x /usr/local/bin/kubectl
RUN HELM_VER=3.0.2
&& wget -O- https://get.helm.sh/helm-v${HELM_VER}-linux-amd64.tar.gz
| tar -C /tmp -zxf -
&& mv /tmp/linux-amd64/helm /usr/local/bin/helmMonga mukuwonera, pachithunzichi timayika zida zonse zomwe timagwiritsa ntchito kugwiritsa ntchito pulogalamu yathu. Sitikuzifuna pano pokhapokha kubctl, koma mungafune kusewera nayo panthawi yokonza mapaipi.
Komanso, kuti tithe kuyankhulana ndi Kubernetes ndikutumiza kwa izo, tiyenera kukonza gawo la pods zopangidwa ndi gitlab-runner.
Kuti tichite izi, tiyeni tipite ku chikwatu ndi gitlab-runner:
cd deploy/gitlab-runnerndi kuwonjezera gawo latsopano zigawo/rbac.jsonnet:
local env = {
name: std.extVar('qbec.io/env'),
namespace: std.extVar('qbec.io/defaultNs'),
};
local p = import '../params.libsonnet';
local params = p.components.rbac;
[
{
apiVersion: 'v1',
kind: 'ServiceAccount',
metadata: {
labels: {
app: params.name,
},
name: params.name,
},
},
{
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'Role',
metadata: {
labels: {
app: params.name,
},
name: params.name,
},
rules: [
{
apiGroups: [
'*',
],
resources: [
'*',
],
verbs: [
'*',
],
},
],
},
{
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'RoleBinding',
metadata: {
labels: {
app: params.name,
},
name: params.name,
},
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'Role',
name: params.name,
},
subjects: [
{
kind: 'ServiceAccount',
name: params.name,
namespace: env.namespace,
},
],
},
]Tidzafotokozeranso magawo atsopano mu chilengedwe/base.libsonnet, zomwe tsopano zikuwoneka motere:
local secrets = import '../secrets/base.libsonnet';
{
components: {
gitlabRunner: {
name: 'gitlab-runner',
values: {
gitlabUrl: 'https://gitlab.com/',
rbac: {
create: true,
},
runnerRegistrationToken: secrets.runnerRegistrationToken,
runners: {
serviceAccountName: $.components.rbac.name,
image: 'registry.gitlab.com/kvaps/docs.example.org/toolbox:v0.0.1',
},
},
},
rbac: {
name: 'gitlab-runner-deploy',
},
},
}Samalani $.components.rbac.name amanena za dzina kwa gawo rbac
Tiyeni tiwone zomwe zasintha:
qbec diff defaultndikugwiritsa ntchito zosintha zathu ku Kubernetes:
qbec apply defaultKomanso, musaiwale kupanga zosintha zathu ku git:
cd ../..
git add dockerfiles/toolbox
git commit -m "Add Dockerfile for toolbox"
git add deploy/gitlab-runner
git commit -m "Configure gitlab-runner to use toolbox"9. Paipi yathu yoyamba ndi kusonkhanitsa zithunzi ndi ma tag
Pachiyambi cha polojekiti yomwe tidzapanga .gitlab-ci.yml ndi izi:
.build_docker_image:
stage: build
image:
name: gcr.io/kaniko-project/executor:debug-v0.15.0
entrypoint: [""]
before_script:
- echo "{"auths":{"$CI_REGISTRY":{"username":"$CI_REGISTRY_USER","password":"$CI_REGISTRY_PASSWORD"}}}" > /kaniko/.docker/config.json
build_toolbox:
extends: .build_docker_image
script:
- /kaniko/executor --cache --context $CI_PROJECT_DIR/dockerfiles/toolbox --dockerfile $CI_PROJECT_DIR/dockerfiles/toolbox/Dockerfile --destination $CI_REGISTRY_IMAGE/toolbox:$CI_COMMIT_TAG
only:
refs:
- tags
build_website:
extends: .build_docker_image
variables:
GIT_SUBMODULE_STRATEGY: normal
script:
- /kaniko/executor --cache --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dockerfiles/website/Dockerfile --destination $CI_REGISTRY_IMAGE/website:$CI_COMMIT_TAG
only:
refs:
- tagsChonde dziwani kuti timagwiritsa ntchito GIT_SUBMODULE_STRATEGY: zabwinobwino kwa ntchito zomwe muyenera kuyambitsa ma submodules musanayambe kuphedwa.
Musaiwale kupanga zosintha zathu:
git add .gitlab-ci.yml
git commit -m "Automate docker build"Ndikuganiza kuti titha kuyitcha kuti mtundu uwu v0.0.1 ndikuwonjezera tag:
git tag v0.0.1Tidzawonjezera ma tag nthawi iliyonse yomwe tikufuna kutulutsa mtundu watsopano. Ma tag muzithunzi za Docker adzamangiriridwa ku ma tag a Git. Kukankha kulikonse komwe kuli ndi tag yatsopano kudzayambitsa kupanga zithunzi ndi tag iyi.
Tiyeni tichite zomwezo git push --tags, ndipo tiyeni tiwone payipi yathu yoyamba:
Chithunzi chojambula choyambirira
Ndikoyenera kukuwonetsani kuti kusonkhana ndi ma tag ndikoyenera kumanga zithunzi za docker, koma sikoyenera kutumiza ku Kubernetes. Popeza ma tag atsopano atha kuperekedwa kwa mabizinesi akale, pakadali pano, kuyambitsa mapaipi awo kudzatsogolera kutumizidwa kwa mtundu wakale.
Kuti athetse vutoli, nthawi zambiri mapangidwe a zithunzi za docker amamangiriridwa ku ma tag, ndipo kutumizidwa kwa ntchito ku nthambi. mbuye, momwe mitundu ya zithunzi zomwe zasonkhanitsidwa ndi hardcode. Apa ndipamene mutha kuyambitsa kubweza ndi kubwereranso kosavuta mbuye-nthambi.
10. Automation ya kutumiza
Kuti Gitlab-runner afotokoze zinsinsi zathu, tidzafunika kutumiza kiyi yosungira ndikuwonjezera pazosintha zathu za CI:
git crypt export-key /tmp/docs-repo.key
base64 -w0 /tmp/docs-repo.key; echoTisunga mzere wotsatira mu Gitlab; kuti tichite izi, tiyeni tipite kumakonzedwe athu a projekiti:
Zokonda -> CI / CD -> Zosintha
Ndipo tiyeni tipange kusintha kwatsopano:
Type
Mfungulo
mtengo
kutetezedwa
Masked
kuchuluka
File
GITCRYPT_KEY
<your string>
true (panthawi yamaphunziro mungathe false)
true
All environments
Chiwonetsero cha kusintha kowonjezera
Tsopano tiyeni tisinthe zathu .gitlab-ci.yml kuwonjezera kwa izo:
.deploy_qbec_app:
stage: deploy
only:
refs:
- master
deploy_gitlab_runner:
extends: .deploy_qbec_app
variables:
GIT_SUBMODULE_STRATEGY: normal
before_script:
- base64 -d "$GITCRYPT_KEY" | git-crypt unlock -
script:
- qbec apply default --root deploy/gitlab-runner --force:k8s-context __incluster__ --wait --yes
deploy_website:
extends: .deploy_qbec_app
script:
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yesApa tatsegula njira zingapo zatsopano za qbec:
- --root ena/app - imakupatsani mwayi wodziwa chikwatu cha pulogalamu inayake
- --force:k8s-context __incluster__ - uku ndikusintha kwamatsenga komwe kumanena kuti kutumizidwa kudzachitika mgulu lomwelo momwe gtilab-runner ikuyenda. Izi ndizofunikira chifukwa apo ayi qbec iyesa kupeza seva yoyenera ya Kubernetes mu kubeconfig yanu
- --dikira - imakakamiza qbec kudikirira mpaka zinthu zomwe imapanga zilowe mu Ready state kenako ndikutuluka ndi code yotuluka bwino.
- —inde - imangoyimitsa chipolopolo cholumikizana Mukutsimikiza? pamene atumizidwa.
Musaiwale kupanga zosintha zathu:
git add .gitlab-ci.yml
git commit -m "Automate deploy"Ndipo pambuyo git kukankha tiwona momwe mapulogalamu athu atumizidwa:
Chithunzi chojambula cha pipeline yachiwiri
11. Zojambula ndi kusonkhanitsa pamene akukankhira kuti adziwe bwino
Nthawi zambiri, masitepe omwe afotokozedwa pamwambapa ndi okwanira kupanga ndikupereka pafupifupi microservice iliyonse, koma sitikufuna kuwonjezera chizindikiro nthawi iliyonse yomwe tikufuna kusintha tsambalo. Chifukwa chake, titenga njira yowonjezereka ndikukhazikitsa digest deployment mu master nthambi.
Lingaliro ndi losavuta: tsopano chithunzi chathu webusaiti idzamangidwanso nthawi iliyonse mukakankhira mbuye, kenako tumizani ku Kubernetes.
Tiyeni tisinthire ntchito ziwiri izi mu zathu .gitlab-ci.yml:
build_website:
extends: .build_docker_image
variables:
GIT_SUBMODULE_STRATEGY: normal
script:
- mkdir -p $CI_PROJECT_DIR/artifacts
- /kaniko/executor --cache --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dockerfiles/website/Dockerfile --destination $CI_REGISTRY_IMAGE/website:$CI_COMMIT_REF_NAME --digest-file $CI_PROJECT_DIR/artifacts/website.digest
artifacts:
paths:
- artifacts/
only:
refs:
- master
- tags
deploy_website:
extends: .deploy_qbec_app
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST"Chonde dziwani kuti tawonjezera ulusi mbuye к refs za ntchito build_website ndipo tikugwiritsa ntchito $CI_COMMIT_REF_NAME mmalo mwa $CI_COMMIT_TAG, ndiye kuti, tamasulidwa ku ma tag ku Git ndipo tsopano tidzakankhira chithunzi chokhala ndi dzina la nthambi yodzipereka yomwe idayambitsa mapaipi. Ndizofunikira kudziwa kuti izi zigwiranso ntchito ndi ma tag, zomwe zitilola kuti tisunge zithunzi za tsamba lomwe lili ndi mtundu wina mu docker-registry.
Pamene dzina la chizindikiro cha docker la mtundu watsopano watsambalo silingasinthidwe, tiyenerabe kufotokoza zosintha za Kubernetes, apo ayi sizidzangoyikanso ntchito kuchokera pachithunzi chatsopano, chifukwa sichidzawona kusintha kulikonse mu chiwonetsero cha kutumiza.
Yankho -vm:ext-str digest=”$DIGEST” kwa qbec - imakulolani kuti mudutse kusintha kwakunja ku jsonnet. Tikufuna kuti pakutulutsidwa kulikonse kwa pulogalamu yathu itumizidwenso mgulu. Sitingathenso kugwiritsa ntchito dzina lachidziwitso, lomwe tsopano lingakhale losasinthika, popeza tifunika kumangirizidwa kumtundu wina wa chithunzicho ndikuyambitsa kutumizidwa kukasintha.
Apa tithandizidwa ndi luso la Kaniko losunga chithunzi cha digest ku fayilo (njira --digest-file)
Kenako tidzasamutsa fayiloyi ndikuyiwerenga panthawi yotumiza.
Tiyeni tisinthe magawo athu deploy/website/environments/base.libsonnet zomwe zidzawoneka motere:
{
components: {
website: {
name: 'example-docs',
image: 'registry.gitlab.com/kvaps/docs.example.org/website@' + std.extVar('digest'),
replicas: 1,
containerPort: 80,
servicePort: 80,
nodeSelector: {},
tolerations: [],
ingressClass: 'nginx',
domain: 'docs.example.org',
},
},
}Mwachita, tsopano perekani chilichonse mbuye imayamba kupanga chithunzi cha docker webusaiti, ndikutumiza ku Kubernetes.
Musaiwale kupanga zosintha zathu:
git add .
git commit -m "Configure dynamic build"Tiwonanso nthawi ina git kukankha tiyenera kuwona chinthu chonga ichi:
Chithunzi chojambula cha pipeline kwa master
M'malo mwake, sitiyenera kuyikanso gitlab-runner ndikukankha kulikonse, pokhapokha, pokhapokha, palibe chomwe chasintha pamasinthidwe ake, tiyeni tikonze. .gitlab-ci.yml:
deploy_gitlab_runner:
extends: .deploy_qbec_app
variables:
GIT_SUBMODULE_STRATEGY: normal
before_script:
- base64 -d "$GITCRYPT_KEY" | git-crypt unlock -
script:
- qbec apply default --root deploy/gitlab-runner --force:k8s-context __incluster__ --wait --yes
only:
changes:
- deploy/gitlab-runner/**/*Kusintha zimakupatsani mwayi wowunika kusintha tumizani/gitlab-wothamanga/ ndipo idzayambitsa ntchito yathu pokhapokha ngati ilipo
Musaiwale kupanga zosintha zathu:
git add .gitlab-ci.yml
git commit -m "Reduce gitlab-runner deploy"git kukankha, ndi bwino:
Chithunzi chojambula chapaipi yosinthidwa
12. Malo amphamvu
Yakwana nthawi yoti tisinthe mapaipi athu ndi madera osinthika.
Choyamba, tiyeni tisinthe ntchito build_website mu wathu .gitlab-ci.yml, kuchotsa chipikacho okha, zomwe zingakakamize Gitlab kuti ayambe kuchita chilichonse kunthambi iliyonse:
build_website:
extends: .build_docker_image
variables:
GIT_SUBMODULE_STRATEGY: normal
script:
- mkdir -p $CI_PROJECT_DIR/artifacts
- /kaniko/executor --cache --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dockerfiles/website/Dockerfile --destination $CI_REGISTRY_IMAGE/website:$CI_COMMIT_REF_NAME --digest-file $CI_PROJECT_DIR/artifacts/website.digest
artifacts:
paths:
- artifacts/Kenako sinthani ntchitoyo deploy_webusaiti, onjezani chipika pamenepo environment:
deploy_website:
extends: .deploy_qbec_app
environment:
name: prod
url: https://docs.example.org
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST"Izi zidzalola Gitlab kugwirizanitsa ntchitoyi kapulidwe chilengedwe ndikuwonetsa ulalo woyenera kwa icho.
Tsopano tiyeni tiwonjezere ntchito zina ziwiri:
deploy_website:
extends: .deploy_qbec_app
environment:
name: prod
url: https://docs.example.org
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST"
deploy_review:
extends: .deploy_qbec_app
environment:
name: review/$CI_COMMIT_REF_NAME
url: http://$CI_ENVIRONMENT_SLUG.docs.example.org
on_stop: stop_review
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply review --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST" --vm:ext-str subdomain="$CI_ENVIRONMENT_SLUG" --app-tag "$CI_ENVIRONMENT_SLUG"
only:
refs:
- branches
except:
refs:
- master
stop_review:
extends: .deploy_qbec_app
environment:
name: review/$CI_COMMIT_REF_NAME
action: stop
stage: deploy
before_script:
- git clone "$CI_REPOSITORY_URL" master
- cd master
script:
- qbec delete review --root deploy/website --force:k8s-context __incluster__ --yes --vm:ext-str digest="$DIGEST" --vm:ext-str subdomain="$CI_ENVIRONMENT_SLUG" --app-tag "$CI_ENVIRONMENT_SLUG"
variables:
GIT_STRATEGY: none
only:
refs:
- branches
except:
refs:
- master
when: manualAdzakhazikitsidwa pakankhidwira kunthambi zilizonse kupatula master ndipo adzatumiza mawonekedwe owonera tsambalo.
Tikuwona njira yatsopano ya qbec: --app-tag - imakulolani kuti muyike mitundu yomwe yatumizidwa ndikugwira ntchito mkati mwa tag iyi; popanga ndikuwononga zinthu ku Kubernetes, qbec imagwira ntchito ndi iwo okha.
Mwanjira iyi sitingathe kupanga malo osiyana pazowunikira zilizonse, koma kungogwiritsanso ntchito zomwezo.
Apa timagwiritsanso ntchito qbec gwiritsani ntchito ndemanga, m'malo mwa qbec gwiritsani ntchito kusakhazikika - ino ndiyo nthawi yomwe tidzayesa kufotokoza kusiyana kwa malo athu (kuwunika ndi kusasintha):
Onjezani review chilengedwe mu deploy/website/qbec.yaml
spec:
environments:
review:
defaultNamespace: docs
server: https://kubernetes.example.org:8443Ndiye ife tizilengeza izo mu deploy/website/params.libsonnet:
local env = std.extVar('qbec.io/env');
local paramsMap = {
_: import './environments/base.libsonnet',
default: import './environments/default.libsonnet',
review: import './environments/review.libsonnet',
};
if std.objectHas(paramsMap, env) then paramsMap[env] else error 'environment ' + env + ' not defined in ' + std.thisFileNdipo lembani ma parameters okhazikika pa izo deploy/website/environments/review.libsonnet:
// this file has the param overrides for the default environment
local base = import './base.libsonnet';
local slug = std.extVar('qbec.io/tag');
local subdomain = std.extVar('subdomain');
base {
components+: {
website+: {
name: 'example-docs-' + slug,
domain: subdomain + '.docs.example.org',
},
},
}Tiyeninso tione bwinobwino za jobu stop_review, zidzayambika nthambi ikachotsedwa ndipo kuti gitlab isayese kuyesa kuti igwiritsidwe ntchito GIT_STRATEGY: palibe, kenako timapangana mbuye-nthambi ndi kuchotsa ndemanga kudzera izo.
Ndizosokoneza pang'ono, koma sindinapeze njira yokongola kwambiri.
Njira ina ingakhale kutumiza ndemanga iliyonse ku malo a hotelo, omwe angathe kuthetsedwa nthawi zonse.
Musaiwale kupanga zosintha zathu:
git add .
git commit -m "Enable automatic review"git kukankha, git Checkout -b mayeso, git push origin test, onani:
Chithunzi chazithunzi zomwe zidapangidwa ku Gitlab
Zonse zikuyenda? - chabwino, chotsani nthambi yathu yoyesa: git potuluka mbuye, git push origin :test, timayang'ana kuti ntchito zochotsa chilengedwe zinagwira ntchito popanda zolakwika.
Pano ndikufuna kufotokozera nthawi yomweyo kuti wopanga ntchito aliyense akhoza kupanga nthambi, akhoza kusintha .gitlab-ci.yml wapamwamba ndi kupeza zosintha zachinsinsi.
Choncho, tikulimbikitsidwa kuti alole kugwiritsidwa ntchito kwa nthambi zotetezedwa, mwachitsanzo mu mbuye, kapena pangani gulu losiyana la zosinthika za chilengedwe chilichonse.
13. Unikaninso Mapulogalamu
Ichi ndi gawo la GitLab lomwe limakupatsani mwayi wowonjezera batani pafayilo iliyonse yomwe ili munkhokwe kuti muwone mwachangu pamalo omwe atumizidwa.
Kuti mabatani awa awonekere, muyenera kupanga fayilo .gitlab/route-map.yml ndikufotokozerani masinthidwe onse anjira momwemo; kwa ife zikhala zosavuta:
# Indices
- source: /content/(.+?)_index.(md|html)/
public: '1'
# Pages
- source: /content/(.+?).(md|html)/
public: '1/'Musaiwale kupanga zosintha zathu:
git add .gitlab/
git commit -m "Enable review apps"git kukankha, ndi cheke:
Chithunzi cha batani la Review App
Ntchito yatha!
Magwero a polojekiti:
- pa Gitlab:
- pa GitHub:
Zikomo chifukwa cha chidwi chanu, ndikhulupilira mudakonda
Source: www.habr.com