Mhoro! Munguva pfupi yapfuura, akawanda anotonhorera otomatiki maturusi akaburitswa ese ekuvaka Docker mifananidzo uye yekuendeswa kuKubernetes. Panyaya iyi, ndakafunga kutamba neGitLab, kunyatsodzidza kugona kwayo uye, hongu, kumisa pombi.
Basa iri rakafemerwa nesaiti , iyo inogadzirwa kubva otomatiki, uye pachikumbiro chega chega chedziva chinotumirwa, robhoti inogadzira otomatiki vhezheni yesaiti ine shanduko dzako uye inopa chinongedzo chekutarisa.
Ndakaedza kuvaka maitiro akafanana kubva pakutanga, asi akavakirwa zvachose paGitlab CI uye emahara maturusi andinowanzo shandisa kuendesa zvikumbiro kuKubernetes. Nhasi ini pakupedzisira ndichakuudza zvimwe pamusoro pavo.
Chinyorwa chichakurukura nezvezvishandiso zvakaita se:
Hugo, qbec, kaniko, git-crypt и GitLab CI nekugadzirwa kwenzvimbo dzine simba.
Zvemukati
1. Kuzivana naHugo
Semuenzaniso wepurojekiti yedu, tichaedza kugadzira saiti yekudhinda zvinyorwa yakavakirwa paHugo. Hugo is static content jenareta.
Kune avo vasingajairane nema static jenareta, ini ndichakuudza zvishoma nezvavo. Kusiyana neyakajairwa webhusaiti injini ine dhatabhesi uye imwe PHP, iyo, kana yakumbirwa nemushandisi, inoburitsa mapeji panhunzi, static jenareta akagadzirwa zvishoma zvakasiyana. Ivo vanokutendera kuti utore masosi, kazhinji seti yemafaira muMarkdown markup uye theme matemplate, wobva waaunganidza muwebhusaiti yakapera.
Ndokunge, semhedzisiro, iwe uchagamuchira dhairekitori chimiro uye seti yeyakagadzirwa HTML mafaera, ayo iwe aunogona kungoisa kune chero yakachipa yekutambira uye uwane webhusaiti inoshanda.
Unogona kuisa Hugo munharaunda uye edza kunze:
Kutanga saiti itsva:
hugo new site docs.example.orgUye panguva imwe chete iyo git repository:
cd docs.example.org
git initParizvino, saiti yedu ndeye pristine uye kuitira kuti chimwe chinhu chioneke pairi, isu chekutanga tinoda kubatanidza dingindira; dingindira rinongori seti yematemplate uye yakatarwa mitemo inogadzirwa nayo saiti yedu.
Kumusoro watichashandisa , iyo, mumaonero angu, inonyatsokodzera nzvimbo yezvinyorwa.
Ndinoda kutarisisa kune chokwadi chekuti isu hatifanire kuchengetedza iwo theme mafaera mune yedu purojekiti repository; pachinzvimbo, isu tinogona kungoibatanidza tichishandisa. git submodule:
git submodule add https://github.com/matcornic/hugo-theme-learn themes/learnNenzira iyi, yedu repository inongove nemafaira ane hukama nepurojekiti yedu, uye dingindira rakabatana rinoramba riri chinongedzo kune chaiyo repository uye kuzvipira mairi, ndiko kuti, inogona kugara ichidhonzwa kubva kumavambo sosi uye usatya. yekuchinja kusingaenderani.
Ngatigadzirise config config.toml:
baseURL = "http://docs.example.org/"
languageCode = "en-us"
title = "My Docs Site"
theme = "learn"Parizvino padanho rino unogona kumhanya:
hugo serverUye pakero tarisa webhusaiti yedu ichangobva kugadzirwa, shanduko dzese dzakaitwa mudhairekitori dzinogadzirisa otomatiki peji rakavhurika mubrowser, iri nyore kwazvo!
Ngatiedzei kugadzira peji rekuvhara mukati content/_index.md:
# My docs site
## Welcome to the docs!
You will be very smart :-)Mufananidzo wepeji richangogadzirwa
Kugadzira saiti, ingomhanya:
hugoDhairekitori zviri mukati ruzhinji/ uye ichava webhusaiti yako.
Hongu, nenzira, ngatiwedzerei pakarepo .gitignore:
echo /public > .gitignoreUsakanganwa kuita shanduko dzedu:
git add .
git commit -m "New site created"2. Kugadzirira Dockerfile
Yave nguva yekutsanangura chimiro chedura redu. Ini kazhinji ndinoshandisa chimwe chinhu chakadai:
.
├── deploy
│ ├── app1
│ └── app2
└── dockerfiles
├── image1
└── image2- dockerfiles/ - ine madhairekitori ane Dockerfiles uye zvese zvinodiwa pakuvaka yedu Docker mifananidzo.
- tumira/ - ine madhairekitori ekutumira maapplication edu kuKubernetes
Nekudaro, isu tichagadzira yedu yekutanga Dockerfile munzira dockerfiles/website/Dockerfile
FROM alpine:3.11 as builder
ARG HUGO_VERSION=0.62.0
RUN wget -O- https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_${HUGO_VERSION}_linux-64bit.tar.gz | tar -xz -C /usr/local/bin
ADD . /src
RUN hugo -s /src
FROM alpine:3.11
RUN apk add --no-cache darkhttpd
COPY --from=builder /src/public /var/www
ENTRYPOINT [ "/usr/bin/darkhttpd" ]
CMD [ "/var/www" ]Sezvauri kuona, iyo Dockerfile ine maviri KUBVA, mukana uyu unonzi uye inokutendera iwe kusabvisa zvese zvisina basa kubva pamufananidzo wekupedzisira weDocker.
Saka, mufananidzo wekupedzisira uchange uine chete rimahttpd (yakareruka HTTP server) uye ruzhinji/ - zviri mukati mewebhusaiti yedu yakagadzirwa.
Usakanganwa kuita shanduko dzedu:
git add dockerfiles/website
git commit -m "Add Dockerfile for website"3. Kuziva kaniko
Semugadziri wemufananidzo we docker, ndakafunga kushandisa , sezvo kushanda kwayo kusingadi docker daemon, uye chivakwa pachacho chinogona kuitwa pane chero muchina uye cache inogona kuchengetwa zvakananga mu registry, nokudaro kubvisa kudiwa kwekuve ne-full-fledged inopfuurira kuchengetedza.
Kuti ugadzire mufananidzo, ingo mhanyisa mudziyo ne kaniko executor uye ipfuure iyo yazvino kuvaka mamiriro; izvi zvinogona zvakare kuitwa munharaunda, kuburikidza ne docker:
docker run -ti --rm
-v $PWD:/workspace
-v ~/.docker/config.json:/kaniko/.docker/config.json:ro
gcr.io/kaniko-project/executor:v0.15.0
--cache
--dockerfile=dockerfiles/website/Dockerfile
--destination=registry.gitlab.com/kvaps/docs.example.org/website:v0.0.1Kupi registry.gitlab.com/kvaps/docs.example.org/website -zita remufananidzo wako wedocker; mushure mekuvaka, inozoiswa otomatiki mune docker registry.
Parameter --cache inokutendera iwe kuti uchengete maseru mune docker registry; semuenzaniso wakapihwa, ivo vanochengetedzwa mukati registry.gitlab.com/kvaps/docs.example.org/website/cache, asi unogona kutsanangura imwe nzira uchishandisa parameter --cache-repo.
Mufananidzo we docker-registry
4. Kusvika pakuziva qbec
chishandiso chekuendesa chinokutendera kuti utsanangure zvinoratidzira application yako uye woiendesa kuKubernetes. Kushandisa Jsonnet seyakanyanya syntax inokubvumira kurerutsa tsananguro yemusiyano munzvimbo dzakawanda, uye zvakare inopedza zvachose kudzokorora kodhi.
Izvi zvinogona kunyanya kuitika mumamiriro ezvinhu apo iwe unofanirwa kuendesa chikumbiro kune akati wandei masumbu ane akasiyana paramita uye uchida kutsanangura nenzira inotsanangura muGit.
Qbec zvakare inobvumidza iwe kuti upe Helm machati nekuapfuudza iwo anodiwa paramita uye wobva waashandisa nenzira imwechete seyakajairwa kuratidza, kusanganisira iwe unogona kuisa akasiyana machinjiro kwavari, uye izvi, zvakare, zvinokutendera iwe kuti ubvise kudiwa shandisa ChartMuseum. Ndokunge, iwe unogona kuchengeta uye kupa machati zvakananga kubva git, kwaanogara.
Sezvandambotaura, isu tichachengeta zvese deployments mune dhairekitori tumira/:
mkdir deploy
cd deployNgatitangei application yedu yekutanga:
qbec init website
cd websiteIye zvino chimiro chekushandisa kwedu chinotaridzika seizvi:
.
├── components
├── environments
│ ├── base.libsonnet
│ └── default.libsonnet
├── params.libsonnet
└── qbec.yamlngatitarise faira qbec.yaml:
apiVersion: qbec.io/v1alpha1
kind: App
metadata:
name: website
spec:
environments:
default:
defaultNamespace: docs
server: https://kubernetes.example.org:8443
vars: {}Pano isu tiri kunyanya kufarira spec.environments, qbec yakatogadzira nzvimbo yakasarudzika kwatiri uye yakatora kero yeseva, pamwe nenzvimbo yezita kubva kune yedu yazvino kubeconfig.
Zvino pakuendesa ku Default nharaunda, qbec inogara ichiendesa chete kune yakatsanangurwa Kubernetes cluster uye kune yakatsanangurwa namespace, kureva kuti, hauchafanirwa kushandura pakati pezvimiro nenzvimbo dzemazita kuitira kuti uite deployment.
Kana zvichidikanwa, unogona kugara uchivandudza marongero ari mufaira iri.
Mamiriro ako ese anotsanangurwa mukati qbec.yaml, uye mufaira params.libsonnet, parinotaura kuti vowana kupi maparameter avo.
Tevere tinoona madhairekitori maviri:
- zvikamu / - zvese zvinoratidzira zvekushandisa kwedu zvichachengetwa pano; zvinogona kutsanangurwa zvese mujsonnet uye yenguva dzose yaml mafaera
- nharaunda/ - pano tichatsanangura ese akasiyana (maparamita) enzvimbo dzedu.
Nekusagadzikana tine mafaera maviri:
- environments/base.libsonnet - ichave iine zvakajairika paramita kune ese nharaunda
- environments/default.libsonnet - ine ma parameter akadhindwa kune nharaunda Default
ngativhure environments/base.libsonnet uye wedzera ma parameter echikamu chedu chekutanga ipapo:
{
components: {
website: {
name: 'example-docs',
image: 'registry.gitlab.com/kvaps/docs.example.org/website:v0.0.1',
replicas: 1,
containerPort: 80,
servicePort: 80,
nodeSelector: {},
tolerations: [],
ingressClass: 'nginx',
domain: 'docs.example.org',
},
},
}Ngatigadzirireiwo chikamu chedu chekutanga zvikamu/website.jsonnet:
local env = {
name: std.extVar('qbec.io/env'),
namespace: std.extVar('qbec.io/defaultNs'),
};
local p = import '../params.libsonnet';
local params = p.components.website;
[
{
apiVersion: 'apps/v1',
kind: 'Deployment',
metadata: {
labels: { app: params.name },
name: params.name,
},
spec: {
replicas: params.replicas,
selector: {
matchLabels: {
app: params.name,
},
},
template: {
metadata: {
labels: { app: params.name },
},
spec: {
containers: [
{
name: 'darkhttpd',
image: params.image,
ports: [
{
containerPort: params.containerPort,
},
],
},
],
nodeSelector: params.nodeSelector,
tolerations: params.tolerations,
imagePullSecrets: [{ name: 'regsecret' }],
},
},
},
},
{
apiVersion: 'v1',
kind: 'Service',
metadata: {
labels: { app: params.name },
name: params.name,
},
spec: {
selector: {
app: params.name,
},
ports: [
{
port: params.servicePort,
targetPort: params.containerPort,
},
],
},
},
{
apiVersion: 'extensions/v1beta1',
kind: 'Ingress',
metadata: {
annotations: {
'kubernetes.io/ingress.class': params.ingressClass,
},
labels: { app: params.name },
name: params.name,
},
spec: {
rules: [
{
host: params.domain,
http: {
paths: [
{
backend: {
serviceName: params.name,
servicePort: params.servicePort,
},
},
],
},
},
],
},
},
]Mune iri faira takatsanangura matatu Kubernetes masangano kamwechete, aya ndeaya: Deployment, sevhisi и Ingress. Kana taida, taigona kuzviisa muzvikamu zvakasiyana, asi panguva ino imwe ichatikwanira.
nemarongerwo jsonnet yakafanana neyakajairika json, musimboti, yenguva dzose json yatove inoshanda jsonnet, saka pakutanga zvingave nyore kwauri kushandisa online masevhisi senge. yaml2json kushandura yaml yako yakajairika kuita json, kana, kana zvinhu zvako zvisina chero zvinosiyana, zvino zvinogona kutsanangurwa nenzira yenguva dzose yaml.
Paunenge uchishanda na jsonnet Ini ndinokurudzira zvikuru kuisa plugin yemupepeti wako
Semuenzaniso, kune plugin ye vim vim-jsonnet, iyo inobatidza syntax kuratidza uye inozviita otomatiki jsonnet fmt pese paunochengeta (inoda jsonnet kuiswa).
Zvese zvakagadzirira, ikozvino tinogona kutanga kutumira:
Kuti tione zvatinazvo, ngatimhanyei:
qbec show defaultPakubuda, iwe uchaona yakashandurwa yaml inoratidzira iyo ichaiswa kune iyo default cluster.
Zvakanaka, ikozvino shandisa:
qbec apply defaultPazvinobuda iwe unogara uchiona zvichaitwa musumbu rako, qbec inokukumbira kuti ubvumirane neshanduko nekunyora. y uchakwanisa kusimbisa zvinangwa zvako.
Yedu application yakagadzirira uye yakaiswa!
Kana iwe ukaita shanduko, iwe unogona nguva dzose kuita:
qbec diff defaultkuona kuti shanduko idzi dzichakanganisa sei kutumirwa kwazvino
Usakanganwa kuita shanduko dzedu:
cd ../..
git add deploy/website
git commit -m "Add deploy for website"5. Kuedza Gitlab-runner neKubernetes-executor
Kusvikira munguva pfupi yapfuura ndaingoshandisa nguva dzose gitlab-runner pamushini wakafanogadzirirwa (LXC mudziyo) une shell kana docker-executor. Pakutanga, takanga tine vamhanyi vakati wandei vakatsanangurwa pasi rose mune yedu gitlab. Vakaunganidza docker mifananidzo yemapurojekiti ese.
Asi sezvakaratidzwa nemaitiro, iyi sarudzo haisi iyo yakanyanya kunaka, zvose maererano nekuita uye kuchengeteka. Zviri nani uye zvine hunyanzvi zvakanyanya kuve nevamhanyi vakasiyana vakaisirwa purojekiti yega yega, kana kunyangwe nharaunda yega yega.
Neraki, iri harisi dambudziko zvachose, sezvo ikozvino isu tichaendesa gitlab-runner zvakananga sechikamu chepurojekiti yedu muKubernetes.
Gitlab inopa yakagadzirira-yakagadzirwa helm chati yekuendesa gitlab-runner kuKubernetes. Saka chaunofanira kuita chete kuziva chiratidzo chekunyoresa kune chirongwa chedu mu Zvirongwa -> CI / CD -> Vanomhanya woripfuudza kumubati;
helm repo add gitlab https://charts.gitlab.io
helm install gitlab-runner
--set gitlabUrl=https://gitlab.com
--set runnerRegistrationToken=yga8y-jdCusVDn_t4Wxc
--set rbac.create=true
gitlab/gitlab-runnerKupi:
- - kero yeGitlab server yako.
- yga8y-jdCusVDn_t4Wxc - chiratidzo chekunyoresa chepurojekiti yako.
- rbac.create=true - inopa mumhanyi huwandu hunodiwa hwemaropafadzo ekukwanisa kugadzira mapodhi kuita mabasa edu tichishandisa kubernetes-executor.
Kana zvese zvikaitwa nemazvo, unofanirwa kuona mumhanyi akanyoreswa muchikamu Vanomhanya, muzvirongwa zvepurojekiti yako.
Screenshot yemumhanyi akawedzerwa
Zviri nyore here? - hongu, zviri nyore! Hapasisina kunetseka nekunyoresa vamhanyi nemaoko, kubva zvino zvichienda mberi vamhanyi vachagadzirwa uye kuparadzwa otomatiki.
6. Shandisa Helm machati neQBEC
Sezvo takasarudza kufunga gitlab-runner chikamu chepurojekiti yedu, yave nguva yekuitsanangura mune yedu Git repository.
Tinogona kuzvitsanangura sechikamu chakasiyana Website, asi mune ramangwana tinoronga kutumira makopi akasiyana Website kazhinji, zvakasiyana gitlab-runner, iyo inozoiswa kamwe chete paKubernetes cluster. Saka ngatitangei imwe yakasarudzika application yayo:
cd deploy
qbec init gitlab-runner
cd gitlab-runnerPanguva ino hatisi kuzotsanangura Kubernetes masangano pamaoko, asi tichatora yakagadzirira-yakagadzirwa Helm chati. Imwe yemabhenefiti eqbec kugona kupa Helm machati zvakananga kubva kuGit repository.
Ngatiibatanidzei tichishandisa git submodule:
git submodule add https://gitlab.com/gitlab-org/charts/gitlab-runner vendor/gitlab-runnerIye zvino dhairekitori mutengesi/gitlab-runner Isu tine repository ine chati yegitlab-runner.
Nenzira imwecheteyo, iwe unogona kubatanidza mamwe matura, semuenzaniso, iyo yese repository nemachati epamutemo
Ngatitsanangure chikamu zvikamu/gitlab-runner.jsonnet:
local env = {
name: std.extVar('qbec.io/env'),
namespace: std.extVar('qbec.io/defaultNs'),
};
local p = import '../params.libsonnet';
local params = p.components.gitlabRunner;
std.native('expandHelmTemplate')(
'../vendor/gitlab-runner',
params.values,
{
nameTemplate: params.name,
namespace: env.namespace,
thisFile: std.thisFile,
verbose: true,
}
)Nharo yekutanga ku expandHelmTemplate isu tinopfuura nzira kuenda kune chati, ipapo params.values, iyo yatinotora kubva kune zvakatipoteredza parameters, zvino inouya chinhu nacho
- nameTemplate - zita rekuburitsa
- namespace - namespace yakaendeswa kune helm
- thisFile - parameter inodiwa inopfuudza nzira kune faira razvino
- verbose - inoratidza murairo helm template nenharo dzose pakupa chati
Zvino ngatitsanangurirei maparameter echikamu chedu mukati environments/base.libsonnet:
local secrets = import '../secrets/base.libsonnet';
{
components: {
gitlabRunner: {
name: 'gitlab-runner',
values: {
gitlabUrl: 'https://gitlab.com/',
rbac: {
create: true,
},
runnerRegistrationToken: secrets.runnerRegistrationToken,
},
},
},
}Ngwarira mumhanyiRegistrationToken tinotora kubva kune yekunze faira zvakavanzika/base.libsonnet, ngatizvigadzire:
{
runnerRegistrationToken: 'yga8y-jdCusVDn_t4Wxc',
}Ngatitarisei kana zvese zvinoshanda:
qbec show defaultkana zvese zvakarongeka, saka tinogona kudzima kuburitswa kwedu kwakambotumirwa kuburikidza neHelm:
helm uninstall gitlab-runneruye woiisa nenzira imwechete, asi kuburikidza neqbec:
qbec apply default7. Nhanganyaya kune git-crypt
chishandiso chinokutendera kuti umise yakajeka encryption kune yako repository.
Parizvino, yedu dhairekitori chimiro chegitlab-runner inoita seizvi:
.
├── components
│ ├── gitlab-runner.jsonnet
├── environments
│ ├── base.libsonnet
│ └── default.libsonnet
├── params.libsonnet
├── qbec.yaml
├── secrets
│ └── base.libsonnet
└── vendor
└── gitlab-runner (submodule)Asi kuchengeta zvakavanzika muGit hakuna kuchengeteka, ndizvo here? Saka tinofanira kuvanyora nemazvo.
Kazhinji, nekuda kweimwe shanduko, izvi hazvisi nguva dzose zvine musoro. Unogona kuendesa zvakavanzika kune qbec uye kuburikidza nemamiriro ekunze akasiyana eCI system yako.
Asi zvakakosha kucherechedza kuti kune zvakare mapurojekiti akaomarara anogona kuve nezvakawanda zvimwe zvakavanzika; kuamisa ese kuburikidza nemamiriro ekunze anozonetsa zvakanyanya.Uyezve, mune iyi kesi ini handingakwanise kukuudza nezve chishandiso chinoshamisa kudaro git-crypt.
git-crypt Izvo zvakare zviri nyore mukuti zvinokutendera iwe kuchengetedza iyo nhoroondo yese yezvakavanzika, pamwe nekuenzanisa, kubatanidza uye kugadzirisa kusawirirana nenzira imwechete sezvatakajaira kuita mune yeGit.
Chinhu chekutanga mushure mekuiswa git-crypt isu tinofanirwa kugadzira makiyi erepository yedu:
git crypt initKana iwe uine kiyi yePGP, saka unogona kuzviwedzera nekukurumidza semubatsiri wechirongwa ichi:
git-crypt add-gpg-user [email protected]Nenzira iyi iwe unogona kugara uchidhirodha iyi repository uchishandisa yako yakavanzika kiyi.
Kana iwe usina kiyi yePGP uye usingaitarisira, saka unogona kuenda neimwe nzira uye kutumira kiyi yeprojekiti:
git crypt export-key /path/to/keyfileSaka, chero munhu ane kunze kwenyika keyfile inozokwanisa kudzima repository yako.
Yave nguva yekumisa chakavanzika chedu chekutanga.
Rega ndikuyeuchidze kuti tichiri mudhairekitori deploy/gitlab-runner/, kwatine dhairekitori zvakavanzika/, ngatinyorei mafaera ese arimo, nekuda kweizvi tichagadzira faira zvakavanzika/.gitattributes nezvinotevera zvirimo:
* filter=git-crypt diff=git-crypt
.gitattributes !filter !diffSezvinoonekwa kubva pane zviri mukati, mafaera ese akafukidzwa * ichafambiswa nepakati git-crypt, kunze kwevakawanda .gitattributes
Tinogona kutarisa izvi nekumhanya:
git crypt status -eIyo inobuda ichave runyorwa rweese mafaera mune repository ayo encryption inogoneswa
Ndizvo chete, ikozvino tinogona kuchengetedza shanduko dzedu:
cd ../..
git add .
git commit -m "Add deploy for gitlab-runner"Kuti uvhare repository, ingomhanya:
git crypt lockuye nekukasira mafaera ese akavharidzirwa anoshanduka kuita bhinari chimwe chinhu, hazvigoneke kuaverenga.
Kuti ubvise repository, mhanya:
git crypt unlock8. Gadzira mufananidzo webhokisi rekushandisa
Mufananidzo webhokisi rematurusi mufananidzo une zvese zvishandiso zvatichashandisa kuendesa purojekiti yedu. Ichashandiswa neGitlab mumhanyi kuita zvakajairwa kuendesa mabasa.
Zvese zviri nyore pano, ngatigadzire imwe nyowani dockerfiles/Toolbox/Dockerfile nezvinotevera zvirimo:
FROM alpine:3.11
RUN apk add --no-cache git git-crypt
RUN QBEC_VER=0.10.3
&& wget -O- https://github.com/splunk/qbec/releases/download/v${QBEC_VER}/qbec-linux-amd64.tar.gz
| tar -C /tmp -xzf -
&& mv /tmp/qbec /tmp/jsonnet-qbec /usr/local/bin/
RUN KUBECTL_VER=1.17.0
&& wget -O /usr/local/bin/kubectl
https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VER}/bin/linux/amd64/kubectl
&& chmod +x /usr/local/bin/kubectl
RUN HELM_VER=3.0.2
&& wget -O- https://get.helm.sh/helm-v${HELM_VER}-linux-amd64.tar.gz
| tar -C /tmp -zxf -
&& mv /tmp/linux-amd64/helm /usr/local/bin/helmSezvauri kuona, mumufananidzo uyu tinoisa zvese zvinoshandiswa zvataishandisa kuendesa application yedu. Hatidi pano kunze kwekunge kubectl, asi ungangoda kutamba nayo panguva yekuseta pombi.
Zvakare, kuti tikwanise kutaurirana naKubernetes uye kuendesa kwairi, isu tinofanirwa kugadzirisa basa remapods anogadzirwa negitlab-runner.
Kuti uite izvi, ngatiende kune dhairekitori negitlab-runner:
cd deploy/gitlab-runneruye wedzera chinhu chitsva zvikamu/rbac.jsonnet:
local env = {
name: std.extVar('qbec.io/env'),
namespace: std.extVar('qbec.io/defaultNs'),
};
local p = import '../params.libsonnet';
local params = p.components.rbac;
[
{
apiVersion: 'v1',
kind: 'ServiceAccount',
metadata: {
labels: {
app: params.name,
},
name: params.name,
},
},
{
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'Role',
metadata: {
labels: {
app: params.name,
},
name: params.name,
},
rules: [
{
apiGroups: [
'*',
],
resources: [
'*',
],
verbs: [
'*',
],
},
],
},
{
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'RoleBinding',
metadata: {
labels: {
app: params.name,
},
name: params.name,
},
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'Role',
name: params.name,
},
subjects: [
{
kind: 'ServiceAccount',
name: params.name,
namespace: env.namespace,
},
],
},
]Isu tichatsanangurawo ma parameter matsva mukati environments/base.libsonnet, izvo zvino zvinoita seizvi:
local secrets = import '../secrets/base.libsonnet';
{
components: {
gitlabRunner: {
name: 'gitlab-runner',
values: {
gitlabUrl: 'https://gitlab.com/',
rbac: {
create: true,
},
runnerRegistrationToken: secrets.runnerRegistrationToken,
runners: {
serviceAccountName: $.components.rbac.name,
image: 'registry.gitlab.com/kvaps/docs.example.org/toolbox:v0.0.1',
},
},
},
rbac: {
name: 'gitlab-runner-deploy',
},
},
}Ngwarira $.components.rbac.name zvinoreva zita chechikamu rbac
Ngatitarisei zvachinja:
qbec diff defaultuye shandisa shanduko dzedu kuKubernetes:
qbec apply defaultZvakare, usakanganwa kuita shanduko dzedu kugit:
cd ../..
git add dockerfiles/toolbox
git commit -m "Add Dockerfile for toolbox"
git add deploy/gitlab-runner
git commit -m "Configure gitlab-runner to use toolbox"9. Yedu yekutanga pombi uye kuungana kwemifananidzo nema tags
Pamudzi wepurojekiti yatichagadzira .gitlab-ci.yml nezvinotevera zvirimo:
.build_docker_image:
stage: build
image:
name: gcr.io/kaniko-project/executor:debug-v0.15.0
entrypoint: [""]
before_script:
- echo "{"auths":{"$CI_REGISTRY":{"username":"$CI_REGISTRY_USER","password":"$CI_REGISTRY_PASSWORD"}}}" > /kaniko/.docker/config.json
build_toolbox:
extends: .build_docker_image
script:
- /kaniko/executor --cache --context $CI_PROJECT_DIR/dockerfiles/toolbox --dockerfile $CI_PROJECT_DIR/dockerfiles/toolbox/Dockerfile --destination $CI_REGISTRY_IMAGE/toolbox:$CI_COMMIT_TAG
only:
refs:
- tags
build_website:
extends: .build_docker_image
variables:
GIT_SUBMODULE_STRATEGY: normal
script:
- /kaniko/executor --cache --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dockerfiles/website/Dockerfile --destination $CI_REGISTRY_IMAGE/website:$CI_COMMIT_TAG
only:
refs:
- tagsNdapota cherechedza isu tinoshandisa GIT_SUBMODULE_STRATEGY: zvakajairika kune aya mabasa kwaunoda kunyatso tanga submodules usati waitwa.
Usakanganwa kuita shanduko dzedu:
git add .gitlab-ci.yml
git commit -m "Automate docker build"Ndinofunga tinogona kudana iyi shanduro zvakachengeteka v0.0.1 uye wedzera iyo tag:
git tag v0.0.1Isu tichawedzera tags pese patinoda kuburitsa vhezheni itsva. Mategi muDocker mifananidzo anosungirirwa kuGit tags. Imwe neimwe yekusundidzira ine tag nyowani ichatanga kuvakwa kwemifananidzo neiyi tag.
Ngatizviite git push --tags, uye ngatitarisei pombi yedu yekutanga:
Screenshot yepipeline yekutanga
Zvakakodzera kukwevera pfungwa dzako kune chokwadi chekuti kuungana nema tag kwakakodzera kuvaka docker mifananidzo, asi haina kukodzera kuendesa application kuKubernetes. Sezvo ma tag matsva achigona kupihwa kune ekare ekuita, mune iyi kesi, kutanga pombi kwavari kunotungamira mukutumirwa kweiyo yekare vhezheni.
Kugadzirisa dambudziko iri, kazhinji kuvakwa kwemifananidzo yedocker kunosungirirwa kuma tag, uye kuendesa kwechikumbiro kubazi. tenzi, umo mavhezheni emifananidzo yakaunganidzwa akaomeswa. Apa ndipo paunogona kutanga kudzoreredza nerevert revert tenzi- mapazi.
10. Automation yekuendesa
Kuti Gitlab-mumhanyi abvise zvakavanzika zvedu, isu tichada kutumira kunze kiyi repository uye toiwedzera kune yedu CI nharaunda zvinosiyana:
git crypt export-key /tmp/docs-repo.key
base64 -w0 /tmp/docs-repo.key; echoIsu tichachengetedza mutsara unoguma muGitlab; kuita izvi, ngatiende kune yedu purojekiti marongero:
Settings -> CI / CD -> Variables
Uye ngatigadzire shanduko itsva:
mhando
Key
ukoshi
kudzivirirwa
Masked
Makuriro
File
GITCRYPT_KEY
<your string>
true (panguva yekudzidziswa iwe unogona false)
true
All environments
Screenshot yeakawedzera chinja
Zvino ngatigadzirise yedu .gitlab-ci.yml kuwedzera kwairi:
.deploy_qbec_app:
stage: deploy
only:
refs:
- master
deploy_gitlab_runner:
extends: .deploy_qbec_app
variables:
GIT_SUBMODULE_STRATEGY: normal
before_script:
- base64 -d "$GITCRYPT_KEY" | git-crypt unlock -
script:
- qbec apply default --root deploy/gitlab-runner --force:k8s-context __incluster__ --wait --yes
deploy_website:
extends: .deploy_qbec_app
script:
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yesPano takagonesa sarudzo dzinoverengeka dzeqbec:
- --midzi imwe / app - inokutendera iwe kuti uone dhairekitori reimwe application
- --force:k8s-context __incluster__ - iyi ishanduko yemashiripiti inotaura kuti kutumirwa kuchaitika mune imwechete cluster umo gtilab-runner iri kushanda. Izvi zvinodikanwa nekuti neimwe nzira qbec inoedza kutsvaga yakakodzera Kubernetes server mune yako kubeconfig
- --kumirira - inomanikidza qbec kumirira kusvika zviwanikwa zvainogadzira zvapinda muReady state uye zvobva zvangobuda nekodhi yakabudirira yekubuda.
- -Ehe - inongodzima iyo inopindirana shell Une chokwadi here? kana yaiswa.
Usakanganwa kuita shanduko dzedu:
git add .gitlab-ci.yml
git commit -m "Automate deploy"Uye mushure git Push tichaona kuti zvikumbiro zvedu zvakafambiswa sei:
Screenshot yechipiri pipeline
11. Zvigadzirwa uye gungano paunenge uchisundira kugona
Kazhinji, matanho atsanangurwa pamusoro akakwana kuvaka uye kuendesa chero chero microservice, asi isu hatidi kuwedzera tag pese patinoda kugadzirisa saiti. Naizvozvo, isu tichatora yakawedzera simba nzira uye kumisikidza digest deployment mu master bazi.
Pfungwa iri nyore: ikozvino mufananidzo wedu Website ichavakwazve pese paunosunda mukati tenzi, uye wobva waisa otomatiki kuKubernetes.
Ngatigadzirise mabasa maviri aya mune yedu .gitlab-ci.yml:
build_website:
extends: .build_docker_image
variables:
GIT_SUBMODULE_STRATEGY: normal
script:
- mkdir -p $CI_PROJECT_DIR/artifacts
- /kaniko/executor --cache --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dockerfiles/website/Dockerfile --destination $CI_REGISTRY_IMAGE/website:$CI_COMMIT_REF_NAME --digest-file $CI_PROJECT_DIR/artifacts/website.digest
artifacts:
paths:
- artifacts/
only:
refs:
- master
- tags
deploy_website:
extends: .deploy_qbec_app
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST"Ndapota cherechedza kuti tawedzera thread tenzi к Ref kumabasa kuvaka_webhusaiti uye isu toshandisa zvino $CI_COMMIT_REF_NAME panzvimbo ye $CI_COMMIT_TAG, ndiko kuti, isu takasunungurwa kubva kuma tag muGit uye ikozvino tichasundira mufananidzo une zita rebazi rekuita iro rakatanga pombi. Zvakakosha kucherechedza kuti izvi zvichashandawo nematagi, izvo zvichatibvumira kuchengetedza snapshots yesaiti ine chaiyo vhezheni mune docker-registry.
Kana zita reiyo docker tag yeimwe vhezheni yesaiti inogona kusachinjika, isu tichiri kufanirwa kutsanangura shanduko kuKubernetes, zvikasadaro haingadzore zvakare application kubva pamufananidzo mutsva, sezvo isingazocherechedze chero shanduko mu. deployment manifest.
Sarudzo -vm:ext-str digest=”$DIGEST” yeqbec - inokutendera kuti upfuure shanduko yekunze kune jsonnet. Tinoda kuti ishandiswezve muchikwata nekuburitswa kwega kwega kwekushandisa kwedu. Hatichagoni kushandisa zita retag, iro rinogona kunge risingachinjiki, sezvo isu tichida kusungirirwa kune chaiyo vhezheni yemufananidzo uye kukonzeresa kutumirwa kana yachinja.
Pano isu tichabatsirwa nekugona kwaKaniko kuchengetedza chifananidzo chekudya kune faira (sarudzo --digest-file)
Zvadaro tichaendesa iyi faira uye toiverenga panguva yekutumirwa.
Ngatigadzirise ma parameter edu deploy/website/environments/base.libsonnet iyo zvino ichaita seizvi:
{
components: {
website: {
name: 'example-docs',
image: 'registry.gitlab.com/kvaps/docs.example.org/website@' + std.extVar('digest'),
replicas: 1,
containerPort: 80,
servicePort: 80,
nodeSelector: {},
tolerations: [],
ingressClass: 'nginx',
domain: 'docs.example.org',
},
},
}Wapedza, ikozvino chero zvipira mukati tenzi inotanga kuvakwa kweiyo docker mufananidzo we Website, uye wozoendesa kuKubernetes.
Usakanganwa kuita shanduko dzedu:
git add .
git commit -m "Configure dynamic build"Tichatarisa gare gare git Push tinofanira kuona chimwe chinhu chakadai:
Screenshot yepipeline ye master
Mumusimboti, isu hatidi redeploy gitlab-runner nekusundirwa kwega kwega, kunze kwekunge, chokwadi, hapana chakachinja mukugadziriswa kwayo, ngatigadzirise mukati. .gitlab-ci.yml:
deploy_gitlab_runner:
extends: .deploy_qbec_app
variables:
GIT_SUBMODULE_STRATEGY: normal
before_script:
- base64 -d "$GITCRYPT_KEY" | git-crypt unlock -
script:
- qbec apply default --root deploy/gitlab-runner --force:k8s-context __incluster__ --wait --yes
only:
changes:
- deploy/gitlab-runner/**/*kuchinja ichakubvumidza kuti utarise shanduko mukati deploy/gitlab-runner/ uye ichamutsa basa redu chete kana paine
Usakanganwa kuita shanduko dzedu:
git add .gitlab-ci.yml
git commit -m "Reduce gitlab-runner deploy"git Push, zviri nani:
Screenshot yepipeline yakagadziridzwa
12. Dynamic environments
Yave nguva yekusiyanisa pombi yedu nenzvimbo dzakasimba.
Kutanga, ngatigadzirise basa racho kuvaka_webhusaiti mune zvedu .gitlab-ci.yml, achibvisa block kubva pairi chete, izvo zvinomanikidza Gitlab kuti iite kuti iite pane chero kuzvipira kune chero bazi:
build_website:
extends: .build_docker_image
variables:
GIT_SUBMODULE_STRATEGY: normal
script:
- mkdir -p $CI_PROJECT_DIR/artifacts
- /kaniko/executor --cache --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dockerfiles/website/Dockerfile --destination $CI_REGISTRY_IMAGE/website:$CI_COMMIT_REF_NAME --digest-file $CI_PROJECT_DIR/artifacts/website.digest
artifacts:
paths:
- artifacts/Wobva wagadzirisa basa racho deploy_website, wedzera block ipapo mhepo mvura nenzvimbo:
deploy_website:
extends: .deploy_qbec_app
environment:
name: prod
url: https://docs.example.org
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST"Izvi zvinobvumira Gitlab kubatanidza basa racho production nharaunda uye ratidza chinongedzo chakakodzera kwairi.
Zvino ngatiwedzere mamwe mabasa maviri:
deploy_website:
extends: .deploy_qbec_app
environment:
name: prod
url: https://docs.example.org
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST"
deploy_review:
extends: .deploy_qbec_app
environment:
name: review/$CI_COMMIT_REF_NAME
url: http://$CI_ENVIRONMENT_SLUG.docs.example.org
on_stop: stop_review
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply review --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST" --vm:ext-str subdomain="$CI_ENVIRONMENT_SLUG" --app-tag "$CI_ENVIRONMENT_SLUG"
only:
refs:
- branches
except:
refs:
- master
stop_review:
extends: .deploy_qbec_app
environment:
name: review/$CI_COMMIT_REF_NAME
action: stop
stage: deploy
before_script:
- git clone "$CI_REPOSITORY_URL" master
- cd master
script:
- qbec delete review --root deploy/website --force:k8s-context __incluster__ --yes --vm:ext-str digest="$DIGEST" --vm:ext-str subdomain="$CI_ENVIRONMENT_SLUG" --app-tag "$CI_ENVIRONMENT_SLUG"
variables:
GIT_STRATEGY: none
only:
refs:
- branches
except:
refs:
- master
when: manualIvo vanozotangwa pakusundirwa kune chero matavi kunze kweshe uye vanoendesa iyo yekutarisa vhezheni yesaiti.
Isu tinoona sarudzo nyowani yeqbec: --app-tag -Inokutendera kuti utarise akaiswa shanduro dzechishandiso uye kushanda chete mukati meiyi tag; pakugadzira uye kuparadza zviwanikwa muKubernetes, qbec inoshanda navo chete.
Nenzira iyi isu hatigone kugadzira nharaunda yakaparadzana yeongororo yega yega, asi ingoshandisa zvakare imwechete.
Pano tinoshandisawo qbec shandisa wongororo, panzvimbo ye qbec shandisa default - ino ndiyo nguva chaiyo yatichaedza kutsanangura mutsauko wenzvimbo dzedu (wongororo uye default):
Ngatiwedzere ongorora environment mu deploy/website/qbec.yaml
spec:
environments:
review:
defaultNamespace: docs
server: https://kubernetes.example.org:8443Ipapo tichazvizivisa mukati deploy/website/params.libsonnet:
local env = std.extVar('qbec.io/env');
local paramsMap = {
_: import './environments/base.libsonnet',
default: import './environments/default.libsonnet',
review: import './environments/review.libsonnet',
};
if std.objectHas(paramsMap, env) then paramsMap[env] else error 'environment ' + env + ' not defined in ' + std.thisFileUye nyora pasi tsika parameters yayo mukati deploy/website/environments/review.libsonnet:
// this file has the param overrides for the default environment
local base = import './base.libsonnet';
local slug = std.extVar('qbec.io/tag');
local subdomain = std.extVar('subdomain');
base {
components+: {
website+: {
name: 'example-docs-' + slug,
domain: subdomain + '.docs.example.org',
},
},
}Ngatimbonyatsotarisisai nezve jobu stop_review, inokonzereswa kana bazi radzimwa uye kuti gitlab isaedze kutarisa iyo inoshandiswa. GIT_STRATEGY: hapana, gare gare tinogadzirisa tenzi-bazi uye bvisa ongororo kuburikidza nayo.
Zvinokanganisa zvishoma, asi handisati ndawana imwe nzira yakanaka.
Imwe sarudzo ingave yekuendesa wongororo yega yega kunzvimbo yezita rehotera, iyo inogona kugara yakaputswa zvachose.
Usakanganwa kuita shanduko dzedu:
git add .
git commit -m "Enable automatic review"git Push, git Checkout -b bvunzo, git push origin test, tarisa:
Screenshot yezvakagadzirwa nharaunda muGitlab
Zvese zviri kushanda? - zvakanaka, bvisa bazi redu rekuyedza: git Checkout tenzi, git push origin :test, tinotarisa kuti mabasa ekudzima nharaunda akashanda pasina zvikanganiso.
Pano ndinoda kujekesa pakarepo kuti chero mugadziri wepurojekiti anogona kugadzira matavi, anogonawo kuchinja .gitlab-ci.yml faira uye kuwana zvakavanzika variables.
Nokudaro, zvinokurudzirwa zvakasimba kubvumira kushandiswa kwavo chete kumatavi akadzivirirwa, semuenzaniso mu tenzi, kana kugadzira seti yakaparadzana yezvakasiyana zvenzvimbo yega yega.
13. Ongorora Mapurogiramu
Ichi chinhu cheGitLab chinokutendera kuti uwedzere bhatani refaira rega rega mune repository kuti utarise nekukurumidza munzvimbo yakatumirwa.
Kuti mabhatani aya aoneke, unofanirwa kugadzira faira .gitlab/route-map.yml uye tsanangura shanduko dzese dzenzira mairi; mune yedu zvichave zviri nyore:
# Indices
- source: /content/(.+?)_index.(md|html)/
public: '1'
# Pages
- source: /content/(.+?).(md|html)/
public: '1/'Usakanganwa kuita shanduko dzedu:
git add .gitlab/
git commit -m "Enable review apps"git Push, uye tarisa:
Screenshot yeOngororo App bhatani
Basa raitwa!
Kunobva chirongwa:
- paGitlab:
- paGitHub:
Ndinokutendai nekuteerera kwenyu, ndinovimba makazvifarira
Source: www.habr.com