Mholo! Kutshanje, izixhobo ezininzi ezizenzekelayo ezizenzekelayo zikhutshiwe zombini zokwakha imifanekiso yeDocker kunye nokuthunyelwa kwi-Kubernetes. Ngokubhekiselele koku, ndaye ndagqiba ekubeni ndidlale kunye ne-GitLab, ndifunde ngokucokisekileyo amandla ayo kwaye, ewe, ndimise umbhobho.
Lo msebenzi uphefumlelwe yiwebhusayithi , eveliswa kwi ngokuzenzekelayo, kunye nesicelo ngasinye se-pool esithunyelwe, i-robot ivelisa ngokuzenzekelayo uguqulelo lwe-preview yesayithi kunye neenguqu zakho kwaye ibonelela ngekhonkco lokujonga.
Ndizamile ukwakha inkqubo efanayo ukusuka ekuqaleni, kodwa yakhiwe ngokupheleleyo kwi-Gitlab CI kunye nezixhobo zasimahla endiqhele ukuzisebenzisa ukuhambisa izicelo kwi-Kubernetes. Namhlanje ndiza kukuxelela ngakumbi ngabo.
Inqaku liza kuxoxa ngezixhobo ezifana nezi:
Hugo, qbec, kaniko, igit-crypt и IGitLab CI ngokudalwa kweemeko-bume eziguquguqukayo.
Umxholo
1. Ukumazi uHugo
Njengomzekelo weprojekthi yethu, siya kuzama ukwenza indawo yokushicilela amaxwebhu eyakhelwe kuHugo. I-Hugo yi-static content generator.
Kwabo bangaqhelananga neejeneretha ezimileyo, ndiza kukuxelela ngakumbi malunga nabo. Ngokungafaniyo neenjini zewebhusayithi eziqhelekileyo ezinesiseko sedatha kunye ne-PHP ethile, ethi, xa icelwa ngumsebenzisi, ivelise amaphepha kwi-fly, iijeneretha ezimileyo zenzelwe ngokwahlukileyo kancinci. Bakuvumela ukuba uthathe imithombo, ngokuqhelekileyo iseti yeefayile kwi-Markdown markup kunye neetemplates zomxholo, emva koko uzihlanganisele kwiwebhusayithi egqitywe ngokupheleleyo.
Oko kukuthi, ngenxa yoko, uya kufumana ulwakhiwo lwesikhokelo kunye neseti yeefayile zeHTML ezenziweyo, onokuthi uzilayishe ngokulula kuyo nayiphi na indawo yokubamba ngexabiso eliphantsi kwaye ufumane iwebhusayithi esebenzayo.
Ungafaka uHugo kwindawo kwaye uzame:
Ukuqala indawo entsha:
hugo new site docs.example.orgKwaye kwangaxeshanye indawo yokugcina igit:
cd docs.example.org
git initUkuza kuthi ga ngoku, indawo yethu icocekile kwaye ukuze kubonakale into ethile kuyo, kufuneka siqale siqhagamshele umxholo; umxholo yiseti yeetemplates kunye nemithetho echaziweyo apho isayithi yethu yenziwe khona.
Ngomxholo esiya kuwusebenzisa , leyo, ngokombono wam, ifaneleke ngokugqibeleleyo kwindawo yamaxwebhu.
Ndingathanda ukunikela ingqalelo ekhethekileyo kwinto yokuba akukho mfuneko yokuba sigcine iifayile zomxholo kwindawo yethu yokugcina iprojekthi; endaweni yoko, sinokuyidibanisa ngokulula sisebenzisa. git submodule:
git submodule add https://github.com/matcornic/hugo-theme-learn themes/learnKe, indawo yethu yokugcina iza kuqulatha kuphela iifayile ezinxulumene ngqo neprojekthi yethu, kwaye umxholo oqhagamshelweyo uya kuhlala njengekhonkco kwindawo ethile yokugcina kunye nokuzibophelela kuyo, oko kukuthi, inokuhlala itsalwa kumthombo wokuqala kwaye ungoyiki. utshintsho olungahambelaniyo.
Masilungise uqwalaselo config.toml:
baseURL = "http://docs.example.org/"
languageCode = "en-us"
title = "My Docs Site"
theme = "learn"Sele ukweli nqanaba ungabaleka:
hugo serverKwaye kwidilesi jonga iwebhusayithi yethu esanda kwenziwa, zonke iinguqu ezenziwe kulawulo zihlaziya ngokuzenzekelayo iphepha elivulekileyo kwibhrawuza, ilunge kakhulu!
Makhe sizame ukwenza iphepha lokugubungela umxholo/_index.md:
# My docs site
## Welcome to the docs!
You will be very smart :-)Umfanekiso weskrini wephepha elitsha elenziwe
Ukwenza indawo, vele ubaleke:
hugoImixholo yoluhlu uluntu/ kwaye iya kuba yiwebhusayithi yakho.
Ewe, ngendlela, masiyongeze ngokukhawuleza kuyo Nguyen:
echo /public > .gitignoreUngalibali ukwenza utshintsho lwethu:
git add .
git commit -m "New site created"2. Ukulungiselela iDockerfile
Lixesha lokuba sichaze ubume bovimba wethu. Ndidla ngokusebenzisa into efana nale:
.
├── deploy
│ ├── app1
│ └── app2
└── dockerfiles
├── image1
└── image2- dockerfiles/ -Ziqulathe abalawuli abaneDockerfiles kunye nayo yonke into eyimfuneko ekwakheni imifanekiso yethu yeDocker.
- sebenzisa/ -Iqulathe abalawuli bokuhambisa izicelo zethu kwi-Kubernetes
Ke, siya kudala iDockerfile yethu yokuqala ecaleni kwendlela dockerfiles/website/Dockerfile
FROM alpine:3.11 as builder
ARG HUGO_VERSION=0.62.0
RUN wget -O- https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_${HUGO_VERSION}_linux-64bit.tar.gz | tar -xz -C /usr/local/bin
ADD . /src
RUN hugo -s /src
FROM alpine:3.11
RUN apk add --no-cache darkhttpd
COPY --from=builder /src/public /var/www
ENTRYPOINT [ "/usr/bin/darkhttpd" ]
CMD [ "/var/www" ]Njengoko ubona, iDockerfile iqulethe ezimbini UKUSUKA, olu phawu lubizwa ngokuba kwaye ikuvumela ukuba ukhuphe yonke into engeyomfuneko kumfanekiso weDocker wokugqibela.
Ke, umfanekiso wokugqibela uya kuqulatha kuphela mnyamahttpd (i-HTTP iseva ekhaphukhaphu) kunye uluntu/ - umxholo wewebhusayithi yethu eyenziwe ngokwestatically.
Ungalibali ukwenza utshintsho lwethu:
git add dockerfiles/website
git commit -m "Add Dockerfile for website"3. Ukwazi kaniko
Njengomakhi womfanekiso we-docker, ndaye ndagqiba ekubeni ndisebenzise , ekubeni ukusebenza kwayo akufuni i-daemon ye-docker, kwaye ukwakhiwa ngokwayo kunokwenziwa kuwo nawuphi na umatshini kunye ne-cache inokugcinwa ngokuthe ngqo kwirejista, ngaloo ndlela isusa isidingo sokuba nesigxina esipheleleyo esiqhubekayo.
Ukwakha umfanekiso, sebenzisa nje isikhongozeli nge kaniko umenzi kwaye ugqithise umxholo wokwakha wangoku; oku kunokwenziwa ekuhlaleni, ngedocker:
docker run -ti --rm
-v $PWD:/workspace
-v ~/.docker/config.json:/kaniko/.docker/config.json:ro
gcr.io/kaniko-project/executor:v0.15.0
--cache
--dockerfile=dockerfiles/website/Dockerfile
--destination=registry.gitlab.com/kvaps/docs.example.org/website:v0.0.1Kuphi registry.gitlab.com/kvaps/docs.example.org/website -igama lomfanekiso wakho we-docker; emva kokwakha, iya kwaziswa ngokuzenzekelayo kwirejista ye-docker.
IParamu --cache ikuvumela ukuba ugcine i-cache kwirejistri ye-docker; umzekelo onikiweyo, baya kugcinwa kuwo registry.gitlab.com/kvaps/docs.example.org/website/cache, kodwa ungakhankanya enye indlela usebenzisa iparameter --cache-repo.
Umfanekiso weskrini we-docker-registry
4. Ukwazi qbec
sisixhobo sokusasaza esikuvumela ukuba uchaze ngokucacileyo isicelo sakho sibonisa kwaye ubathumele ku-Kubernetes. Ukusebenzisa i-Jsonnet njenge-syntax engundoqo ikuvumela ukuba wenze lula kakhulu inkcazo yeeyantlukwano kwiindawo ezininzi, kwaye phantse kuphelisa ngokupheleleyo ukuphindaphinda kwekhowudi.
Oku kunokuba yinyani ngakumbi kwiimeko apho ufuna ukubeka isicelo kumaqela amaninzi aneeparamitha ezahlukeneyo kwaye ufuna ukuzichaza ngokuzichazayo kwiGit.
I-Qbec ikuvumela ukuba unikeze iitshathi zeHelm ngokuzigqithisa iiparameters eziyimfuneko kwaye emva koko uzisebenzise ngendlela efanayo nezibonakalisa rhoqo, kubandakanywa unokusebenzisa iinguqulelo ezahlukeneyo kuzo, kwaye oku, kukuvumela ukuba ukhuphe imfuno sebenzisa iChartMuseum. Oko kukuthi, unokugcina kwaye unike iitshathi ngokuthe ngqo kwi-git, apho zikhoyo.
Njengoko benditshilo ngaphambili, siya kugcina konke ukuthunyelwa kuluhlu sebenzisa/:
mkdir deploy
cd deployMasiqalise isicelo sethu sokuqala:
qbec init website
cd websiteNgoku ulwakhiwo lwesicelo sethu lujongeka ngolu hlobo:
.
├── components
├── environments
│ ├── base.libsonnet
│ └── default.libsonnet
├── params.libsonnet
└── qbec.yamlmakhe sijonge ifayile qbec.yaml:
apiVersion: qbec.io/v1alpha1
kind: App
metadata:
name: website
spec:
environments:
default:
defaultNamespace: docs
server: https://kubernetes.example.org:8443
vars: {}Apha sinomdla kakhulu spec.indalo, i-qbec sele isenze indawo engagqibekanga kwaye yathatha idilesi yomncedisi, kunye nesithuba segama kwikubeconfig yethu yangoku.
Ngoku xa kuthunyelwa kwi Engagqibekanga imeko-bume, i-qbec iyakuhlala ihambisa kuphela kwiqela elikhankanyiweyo leKubernetes nakwisithuba segama esikhankanyiweyo, oko kukuthi, akusafuneki utshintshe phakathi kwemixholo kunye nezithuba zamagama ukuze usetyenziswe.
Ukuba kuyimfuneko, unokuhlala uhlaziya izicwangciso kule fayile.
Zonke iimeko-bume zakho zichazwe kuyo qbec.yaml, kwaye kwifayile params.libsonnet, apho ithi mazifumane phi iiparamitha kubo.
Okulandelayo sibona abalawuli ababini:
- amalungu/ - Zonke iziboniso zesicelo sethu ziza kugcinwa apha, zingachazwa zombini kwi-jsonnet kunye neefayile ze-yaml eziqhelekileyo
- imo engqongileyo/ - Apha siza kuchaza zonke izinto eziguquguqukayo (iiparamitha) zommandla wethu.
Ngokungagqibekanga sinefayile ezimbini:
- imekobume/base.libsonnet -Iza kuqulatha iiparameters eziqhelekileyo kuzo zonke iimeko-bume
- imekobume/default.libsonnet — iqulethe iiparamitha ezingaphaya kokusingqongileyo Engagqibekanga
masivule imekobume/base.libsonnet kwaye yongeza iiparamitha zecandelo lethu lokuqala apho:
{
components: {
website: {
name: 'example-docs',
image: 'registry.gitlab.com/kvaps/docs.example.org/website:v0.0.1',
replicas: 1,
containerPort: 80,
servicePort: 80,
nodeSelector: {},
tolerations: [],
ingressClass: 'nginx',
domain: 'docs.example.org',
},
},
}Masenze kwakhona icandelo lethu lokuqala amalungu/iwebhusayithi.jsonnet:
local env = {
name: std.extVar('qbec.io/env'),
namespace: std.extVar('qbec.io/defaultNs'),
};
local p = import '../params.libsonnet';
local params = p.components.website;
[
{
apiVersion: 'apps/v1',
kind: 'Deployment',
metadata: {
labels: { app: params.name },
name: params.name,
},
spec: {
replicas: params.replicas,
selector: {
matchLabels: {
app: params.name,
},
},
template: {
metadata: {
labels: { app: params.name },
},
spec: {
containers: [
{
name: 'darkhttpd',
image: params.image,
ports: [
{
containerPort: params.containerPort,
},
],
},
],
nodeSelector: params.nodeSelector,
tolerations: params.tolerations,
imagePullSecrets: [{ name: 'regsecret' }],
},
},
},
},
{
apiVersion: 'v1',
kind: 'Service',
metadata: {
labels: { app: params.name },
name: params.name,
},
spec: {
selector: {
app: params.name,
},
ports: [
{
port: params.servicePort,
targetPort: params.containerPort,
},
],
},
},
{
apiVersion: 'extensions/v1beta1',
kind: 'Ingress',
metadata: {
annotations: {
'kubernetes.io/ingress.class': params.ingressClass,
},
labels: { app: params.name },
name: params.name,
},
spec: {
rules: [
{
host: params.domain,
http: {
paths: [
{
backend: {
serviceName: params.name,
servicePort: params.servicePort,
},
},
],
},
},
],
},
},
]Kule fayile sichaze izinto ezintathu zeKubernetes ngaxeshanye, zezi: Ukuthunyelwa, inkonzo и Ingress. Ukuba besifuna, singazifaka kumacandelo ahlukeneyo, kodwa kweli nqanaba elinye liyakwanela.
I-Syntax ijsonnet ifana kakhulu ne-json eqhelekileyo, ngokomgaqo, i-json eqhelekileyo sele ilungile i-jsonnet, ngoko ekuqaleni kunokuba lula kuwe ukusebenzisa iinkonzo ze-intanethi ezifana yaml2json ukuguqula i-yaml yakho yesiqhelo ibe yi-json, okanye, ukuba amalungu akho awaqulathanga naziphi na izinto eziguquguqukayo, ngoko zinokuchazwa ngokohlobo lwe-yaml eqhelekileyo.
Xa usebenza ijsonnet Ndincoma kakhulu ukufaka iplagin yomhleli wakho
Ngokomzekelo, kukho iplagin ye-vim vim-jsonnet, evula ukuqaqambisa isivakalisi kwaye iphumeze ngokuzenzekelayo jsonnet fmt ngalo lonke ixesha ugcina (ifuna i-jsonnet efakiweyo).
Yonke into ilungile, ngoku sinokuqalisa ukuhambisa:
Ukubona into esinayo, masibaleke:
qbec show defaultKwimveliso, uya kubona i-yaml enikezelweyo ebonakalisayo eya kusetyenziswa kwiqela elihlala lihleli.
Kulungile, sebenzisa ngoku:
qbec apply defaultKwimveliso uyakuhlala ubona okuya kwenziwa kwiqela lakho, qbec izakucela ukuba uvumelane notshintsho ngokuchwetheza. y uya kukwazi ukuqinisekisa iinjongo zakho.
Isicelo sethu silungile kwaye sisetyenziswa!
Ukuba wenza utshintsho, unokuhlala usenza:
qbec diff defaultukubona ukuba olu tshintsho luyakuchaphazela njani ukuthunyelwa kwangoku
Ungalibali ukwenza utshintsho lwethu:
cd ../..
git add deploy/website
git commit -m "Add deploy for website"5. Ukuzama i-Gitlab-runner kunye ne-Kubernetes-executor
Ukuza kuthi ga ngoku bendisebenzisa rhoqo gitlab-imbaleki kumatshini olungiselelwe kwangaphambili (isikhongozeli se-LXC) kunye neqokobhe okanye i-docker-executor. Ekuqaleni, sineembaleki ezininzi ezichazwe kwihlabathi jikelele kwigitlab yethu. Baqokelele imifanekiso ye-docker kuzo zonke iiprojekthi.
Kodwa njengoko uqheliselo lubonisile, olu khetho alulona lufanelekileyo, zombini ngokusebenza kunye nokhuseleko. Kungcono kwaye ngokwembono ichanekile ngakumbi ukuba kubekho iimbaleki ezahlukileyo ezibekwe kwiprojekthi nganye, okanye kwindawo nganye.
Ngethamsanqa, oku akuyongxaki kwaphela, kuba ngoku siza kuhambisa gitlab-imbaleki ngqo njengenxalenye yeprojekthi yethu eKubernetes.
I-Gitlab ibonelela ngetshathi yehelm esele ilungile yokuhambisa i-gitlab-runner kwi-Kubernetes. Ngoko konke okufuneka ukwenze kukufumanisa uphawu lokubhalisa kwiprojekthi yethu kwi Izicwangciso -> CI / CD -> Iimbaleki kwaye uyigqithisele kumphathi.
helm repo add gitlab https://charts.gitlab.io
helm install gitlab-runner
--set gitlabUrl=https://gitlab.com
--set runnerRegistrationToken=yga8y-jdCusVDn_t4Wxc
--set rbac.create=true
gitlab/gitlab-runnerKuphi:
- — idilesi yomncedisi wakho weGitlab.
- yga8y-jdCusVDn_t4Wxc - ithokheni yokubhalisa yeprojekthi yakho.
- rbac.dala=yinyaniso - inika imbaleki isixa esifunekayo samalungelo ukuze sikwazi ukwenza iipod ukwenza imisebenzi yethu usebenzisa i-kubernetes-executor.
Ukuba yonke into yenziwe ngokuchanekileyo, kufuneka ubone umgijimi obhalisiweyo kwicandelo Iimbaleki, kwiisetingi zeprojekthi yakho.
Umfanekiso wekhusi wembaleki eyongeziweyo
Ngaba ilula ngolo hlobo? - ewe, ilula ngolo hlobo! Akusayi kubakho nkathazo ngokubhalisa iimbaleki ngesandla, ukusukela ngoku iimbaleki ziya kwenziwa kwaye zitshatyalaliswe ngokuzenzekelayo.
6. Sebenzisa iitshathi zeHelm kunye ne-QBEC
Ekubeni sigqibe ekubeni siqwalasele gitlab-imbaleki inxalenye yeprojekthi yethu, lixesha lokuyichaza kwindawo yethu yokugcina iGit.
Sinokuyichaza njengecandelo elahlukileyo website, kodwa kwixesha elizayo siceba ukuthumela iikopi ezahlukeneyo website rhoqo kakhulu, ngokungafaniyo gitlab-imbaleki, eya kuthunyelwa kube kanye kuphela kwiqela leKubernetes. Ngoko masiqalise isicelo esahlukileyo sayo:
cd deploy
qbec init gitlab-runner
cd gitlab-runnerNgeli xesha asiyi kuchaza amaqumrhu e-Kubernetes ngesandla, kodwa siya kuthatha itshathi yeHelm esele yenziwe. Enye yeenzuzo ze-qbec kukukwazi ukwenza iitshathi zeHelm ngokuthe ngqo kwindawo yokugcina iGit.
Masiyidibanise sisebenzisa i-git submodule:
git submodule add https://gitlab.com/gitlab-org/charts/gitlab-runner vendor/gitlab-runnerNgoku ulawulo umthengisi/gitlab-imbaleki Sinendawo yokugcina enetshathi yegitlab-runner.
Ngendlela efanayo, unokudibanisa ezinye iindawo zokugcina, umzekelo, yonke indawo yokugcina kunye neetshathi ezisemthethweni
Makhe sichaze icandelo components/gitlab-runner.jsonnet:
local env = {
name: std.extVar('qbec.io/env'),
namespace: std.extVar('qbec.io/defaultNs'),
};
local p = import '../params.libsonnet';
local params = p.components.gitlabRunner;
std.native('expandHelmTemplate')(
'../vendor/gitlab-runner',
params.values,
{
nameTemplate: params.name,
namespace: env.namespace,
thisFile: std.thisFile,
verbose: true,
}
)Ingxoxo yokuqala ukuya expandHelmTemplate sidlula indlela eya kwitshathi, ngoko params.amaxabiso, esithatha kwiparameters zemo engqongileyo, emva koko kuza into nayo
- igamaItemplate - igama lokukhululwa
- indawo yegama - indawo yamagama idluliselwe kwihelm
- leFayile — iparameter efunekayo edlula indlela eya kwifayile yangoku
- Isenzi - ibonisa umyalelo itemplate yehelm nazo zonke iingxoxo xa kusenziwa itshathi
Ngoku makhe sichaze iiparameters zecandelo lethu kwi imekobume/base.libsonnet:
local secrets = import '../secrets/base.libsonnet';
{
components: {
gitlabRunner: {
name: 'gitlab-runner',
values: {
gitlabUrl: 'https://gitlab.com/',
rbac: {
create: true,
},
runnerRegistrationToken: secrets.runnerRegistrationToken,
},
},
},
}Nika ingqalelo umgijimiRegistrationToken sithatha kwifayile yangaphandle iimfihlo/base.libsonnet, masiyidale:
{
runnerRegistrationToken: 'yga8y-jdCusVDn_t4Wxc',
}Makhe sijonge ukuba yonke into iyasebenza:
qbec show defaultukuba yonke into ilungile, ngoko sinokucima ukukhululwa kwethu kwangaphambili ngeHelm:
helm uninstall gitlab-runnerkwaye uyisebenzise ngendlela efanayo, kodwa nge-qbec:
qbec apply default7. Intshayelelo kwi-git-crypt
sisixhobo esikuvumela ukuba ucwangcise ufihlo olungafihlwayo lwendawo yakho yokugcina.
Okwangoku, ulwakhiwo lwethu lwe-gitlab-runner lujongeka ngolu hlobo:
.
├── components
│ ├── gitlab-runner.jsonnet
├── environments
│ ├── base.libsonnet
│ └── default.libsonnet
├── params.libsonnet
├── qbec.yaml
├── secrets
│ └── base.libsonnet
└── vendor
└── gitlab-runner (submodule)Kodwa ukugcina iimfihlo kwi-Git akukhuselekanga, akunjalo? Ngoko ke kufuneka sizifihle ngokufanelekileyo.
Ngokuqhelekileyo, ngenxa yenguqu enye, oku akusoloko kunengqiqo. Ungadlulisela iimfihlo ku qbec kwaye ngokusebenzisa imo eguquguqukayo yenkqubo yakho yeCI.
Kodwa kubalulekile ukuqaphela ukuba kukho iiprojekthi ezintsonkothileyo ngakumbi ezinokuqulatha iimfihlo ezininzi; ukuzidlulisela zonke ngoguquguquko lokusingqongileyo kuya kuba nzima kakhulu.Ngaphezu koko, kule meko andinakukwazi ukukuxelela malunga nesixhobo esimangalisayo njenge igit-crypt.
igit-crypt Ikwaluncedo kuba ikuvumela ukuba ugcine yonke imbali yeemfihlo, kunye nokuthelekisa, ukudibanisa kunye nokusombulula iingxabano ngendlela efanayo njengoko siqhele ukwenza kwimeko yeGit.
Into yokuqala emva kofakelo igit-crypt kufuneka senze izitshixo kwindawo yethu yokugcina:
git crypt initUkuba une PGP isitshixo, ngoko ungazongeza ngoko nangoko njengomdibanisi wale projekthi:
git-crypt add-gpg-user [email protected]Ngale ndlela ungasoloko ususa ukuntsonkotha kovimba usebenzisa isitshixo sakho sabucala.
Ukuba awunasitshixo sePGP kwaye ungayilindelanga, ungaya ngenye indlela kwaye uthumele isitshixo seprojekthi:
git crypt export-key /path/to/keyfileNgoko ke, nabani na othe wathunyelwa ngaphandle ifayile yesitshixo izakukwazi ukususa uguqulelo oluntsonkothileyo kwindawo yakho yokugcina.
Lixesha lokuba simise imfihlo yethu yokuqala.
Makhe ndikukhumbuze ukuba sisekuluhlu deploy/gitlab-runner/, apho sinoluhlu iimfihlo/, masibhale ngokuntsonkothileyo zonke iifayile ezikuyo, kuba oku sizakwenza ifayile iimfihlo/.gitattributes ngomxholo olandelayo:
* filter=git-crypt diff=git-crypt
.gitattributes !filter !diffNjengoko kunokubonwa kumxholo, zonke iifayile zifihliwe * iya kuqhutywa igit-crypt, ngaphandle kwezona zininzi .gitattributes
Singajonga oku ngokuqhuba:
git crypt status -eImveliso iya kuba luluhlu lwazo zonke iifayile kwindawo yokugcina apho ufihlo lwenziwe lwasebenza
Kuphelele apho, ngoku singenza ngokukhuselekileyo utshintsho lwethu:
cd ../..
git add .
git commit -m "Add deploy for gitlab-runner"Ukuvala indawo yokugcina, vele ubaleke:
git crypt lockkwaye ngokukhawuleza zonke iifayile ezifihliweyo ziya kujika zibe yinto yokubini, ayizukwenzeka ukuzifunda.
Ukususa ukuntsonkotha kwendawo yokugcina, sebenzisa:
git crypt unlock8. Yenza umfanekiso webhokisi yesixhobo
Umfanekiso webhokisi yezixhobo ngumfanekiso onazo zonke izixhobo esiya kuzisebenzisa ukuhambisa iprojekthi yethu. Iya kusetyenziswa yimbaleki yeGitlab ukwenza imisebenzi eqhelekileyo yokuhambisa.
Yonke into ilula apha, masidale entsha dockerfiles/toolbox/Dockerfile ngomxholo olandelayo:
FROM alpine:3.11
RUN apk add --no-cache git git-crypt
RUN QBEC_VER=0.10.3
&& wget -O- https://github.com/splunk/qbec/releases/download/v${QBEC_VER}/qbec-linux-amd64.tar.gz
| tar -C /tmp -xzf -
&& mv /tmp/qbec /tmp/jsonnet-qbec /usr/local/bin/
RUN KUBECTL_VER=1.17.0
&& wget -O /usr/local/bin/kubectl
https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VER}/bin/linux/amd64/kubectl
&& chmod +x /usr/local/bin/kubectl
RUN HELM_VER=3.0.2
&& wget -O- https://get.helm.sh/helm-v${HELM_VER}-linux-amd64.tar.gz
| tar -C /tmp -zxf -
&& mv /tmp/linux-amd64/helm /usr/local/bin/helmNjengoko ubona, kulo mfanekiso sifaka zonke izinto esizisebenzisayo ukuhambisa usetyenziso lwethu. Asiyifuni apha ngaphandle kokuba kubectl, kodwa ungafuna ukudlala ngayo ngexesha lesigaba sokumisela umbhobho.
Kwakhona, ukuze sikwazi ukunxibelelana ne-Kubernetes kwaye sisebenzise kuyo, kufuneka siqwalasele indima yeepods ezenziwe yi-gitlab-runner.
Ukwenza oku, masiye kuluhlu lwe-gitlab-runner:
cd deploy/gitlab-runnerkwaye wongeze inxalenye entsha amalungu/rbac.jsonnet:
local env = {
name: std.extVar('qbec.io/env'),
namespace: std.extVar('qbec.io/defaultNs'),
};
local p = import '../params.libsonnet';
local params = p.components.rbac;
[
{
apiVersion: 'v1',
kind: 'ServiceAccount',
metadata: {
labels: {
app: params.name,
},
name: params.name,
},
},
{
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'Role',
metadata: {
labels: {
app: params.name,
},
name: params.name,
},
rules: [
{
apiGroups: [
'*',
],
resources: [
'*',
],
verbs: [
'*',
],
},
],
},
{
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'RoleBinding',
metadata: {
labels: {
app: params.name,
},
name: params.name,
},
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'Role',
name: params.name,
},
subjects: [
{
kind: 'ServiceAccount',
name: params.name,
namespace: env.namespace,
},
],
},
]Siza kuchaza kwakhona iiparamitha ezintsha kwi imekobume/base.libsonnet, ekhangeleka ngolu hlobo ngoku:
local secrets = import '../secrets/base.libsonnet';
{
components: {
gitlabRunner: {
name: 'gitlab-runner',
values: {
gitlabUrl: 'https://gitlab.com/',
rbac: {
create: true,
},
runnerRegistrationToken: secrets.runnerRegistrationToken,
runners: {
serviceAccountName: $.components.rbac.name,
image: 'registry.gitlab.com/kvaps/docs.example.org/toolbox:v0.0.1',
},
},
},
rbac: {
name: 'gitlab-runner-deploy',
},
},
}Nika ingqalelo $.components.rbac.name ibhekisele kwi igama yecandelo rbac
Makhe sijonge ukuba yintoni etshintshileyo:
qbec diff defaultkwaye sisebenzise utshintsho lwethu kwi-Kubernetes:
qbec apply defaultKwakhona, ungalibali ukwenza utshintsho lwethu kwi-git:
cd ../..
git add dockerfiles/toolbox
git commit -m "Add Dockerfile for toolbox"
git add deploy/gitlab-runner
git commit -m "Configure gitlab-runner to use toolbox"9. Umbhobho wethu wokuqala kunye nendibano yemifanekiso ngamathegi
Kwingcambu yeprojekthi esiya kuyidala .gitlab-ci.yml ngomxholo olandelayo:
.build_docker_image:
stage: build
image:
name: gcr.io/kaniko-project/executor:debug-v0.15.0
entrypoint: [""]
before_script:
- echo "{"auths":{"$CI_REGISTRY":{"username":"$CI_REGISTRY_USER","password":"$CI_REGISTRY_PASSWORD"}}}" > /kaniko/.docker/config.json
build_toolbox:
extends: .build_docker_image
script:
- /kaniko/executor --cache --context $CI_PROJECT_DIR/dockerfiles/toolbox --dockerfile $CI_PROJECT_DIR/dockerfiles/toolbox/Dockerfile --destination $CI_REGISTRY_IMAGE/toolbox:$CI_COMMIT_TAG
only:
refs:
- tags
build_website:
extends: .build_docker_image
variables:
GIT_SUBMODULE_STRATEGY: normal
script:
- /kaniko/executor --cache --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dockerfiles/website/Dockerfile --destination $CI_REGISTRY_IMAGE/website:$CI_COMMIT_TAG
only:
refs:
- tagsNceda uqaphele sisebenzisa GIT_SUBMODULE_STRATEGY: eqhelekileyo yaloo misebenzi apho kufuneka uqalise ngokuthe gca iimodyuli ezisezantsi phambi kokuphunyezwa.
Ungalibali ukwenza utshintsho lwethu:
git add .gitlab-ci.yml
git commit -m "Automate docker build"Ndicinga ukuba singayibiza ngokukhuselekileyo le nguqulelo v0.0.1 kwaye yongeza ithegi:
git tag v0.0.1Siya kongeza iithegi nanini na xa sifuna ukukhulula inguqulelo entsha. Iithegi kwimifanekiso yeDocker ziya kubotshelelwa kwiithegi zeGit. Utyhala ngalunye olunethegi entsha luya kuqalisa ukwakhiwa kwemifanekiso ngale thegi.
Masiyenze git push --tags, kwaye makhe sijonge umbhobho wethu wokuqala:
Umfanekiso weskrini wombhobho wokuqala
Kufanelekile ukutsala ingqalelo yakho kwinto yokuba indibano ngamathegi ifanelekile ukwakha imifanekiso ye-docker, kodwa ayifanelekanga ukuhambisa isicelo kwi-Kubernetes. Ekubeni amathegi amatsha anokwabelwa kwizibophelelo ezindala, kulo mzekelo, ukuqalisa umbhobho kubo kuya kukhokelela ekusasazweni koguqulelo oludala.
Ukusombulula le ngxaki, ngokuqhelekileyo ukwakhiwa kwemifanekiso yedocker ibotshelelwa kwiithegi, kunye nokusasazwa kwesicelo kwisebe. inkosi, apho iinguqulelo zemifanekiso eqokelelweyo zifakwe iikhowudi. Apha kulapho ungaqalisa khona ukubuyisela umva ngobuyiselo olulula inkosi-amasebe.
10. Ukuzenzekela kokusasazwa
Ukuze i-Gitlab-runner ikhuphe iimfihlo zethu, kuya kufuneka sithumele ngaphandle isitshixo sogcino kwaye songeze kwizinto eziguquguqukayo ze-CI:
git crypt export-key /tmp/docs-repo.key
base64 -w0 /tmp/docs-repo.key; echoSiza kugcina umgca wesiphumo kwiGitlab; ukwenza oku, masiye kuseto lweprojekthi yethu:
Izicwangciso -> CI / CD -> Izinto eziguquguqukayo
Kwaye makhe senze utshintsho olutsha:
uhlobo
isitshixo
ixabiso
Khuselwe
Zifihliwe
umda
File
GITCRYPT_KEY
<your string>
true (ngexesha loqeqesho unako false)
true
All environments
Umfanekiso weskrini wenguqu eyongeziweyo
Ngoku makhe sihlaziye wethu .gitlab-ci.yml yongeza kuyo:
.deploy_qbec_app:
stage: deploy
only:
refs:
- master
deploy_gitlab_runner:
extends: .deploy_qbec_app
variables:
GIT_SUBMODULE_STRATEGY: normal
before_script:
- base64 -d "$GITCRYPT_KEY" | git-crypt unlock -
script:
- qbec apply default --root deploy/gitlab-runner --force:k8s-context __incluster__ --wait --yes
deploy_website:
extends: .deploy_qbec_app
script:
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yesApha senze iinketho ezininzi ezintsha ze-qbec:
- --neengcambu ezinye / app — ikuvumela ukuba umisele uvimba weefayili wesicelo esithile
- --force:k8s-context __incluster__ - oku kuguquguquka komlingo othi ukusasazwa kuya kwenzeka kwiqela elinye apho i-gtilab-runner isebenza khona. Oku kuyimfuneko kuba kungenjalo i-qbec iza kuzama ukufumana i Kubernetes umncedisi ofanelekileyo kwikubeconfig yakho
- --yima — inyanzela i-qbec ukuba ilinde de izixhobo ezizidalayo zingene kwindawo eLungileyo kwaye emva koko uphume ngekhowudi yokuphuma eyimpumelelo.
- -Ewe - ikhubaza ngokulula iqokobhe elisebenzisanayo Ingaba uqinisekile? xa isetyenzisiwe.
Ungalibali ukwenza utshintsho lwethu:
git add .gitlab-ci.yml
git commit -m "Automate deploy"Kwaye emva koko git Push siza kubona ukuba izicelo zethu zisetyenziswe njani:
Umfanekiso weskrini wombhobho wesibini
11. I-Artifacts kunye nendibano xa utyhalela ekuqhubeni phambili
Ngokuqhelekileyo, amanyathelo achazwe ngasentla anele ukwakha kunye nokuhambisa phantse nayiphi na i-microservice, kodwa asifuni ukongeza ithegi ngalo lonke ixesha sifuna ukuhlaziya isayithi. Ngoko ke, siya kuthatha indlela eguquguqukayo ngakumbi kwaye simise ukuhanjiswa kwedigest kwi-master branch.
Ingcamango ilula: ngoku umfanekiso wethu website iya kuphinda yakhiwe ngalo lonke ixesha ungena inkosi, kwaye emva koko uyisebenzise ngokuzenzekelayo kwi-Kubernetes.
Makhe sihlaziye le misebenzi mibini kweyethu .gitlab-ci.yml:
build_website:
extends: .build_docker_image
variables:
GIT_SUBMODULE_STRATEGY: normal
script:
- mkdir -p $CI_PROJECT_DIR/artifacts
- /kaniko/executor --cache --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dockerfiles/website/Dockerfile --destination $CI_REGISTRY_IMAGE/website:$CI_COMMIT_REF_NAME --digest-file $CI_PROJECT_DIR/artifacts/website.digest
artifacts:
paths:
- artifacts/
only:
refs:
- master
- tags
deploy_website:
extends: .deploy_qbec_app
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST"Nceda uqaphele ukuba songeze umsonto inkosi к Ref ngemisebenzi build_iwebhusayithi kwaye siyisebenzisa ngoku $CI_COMMIT_REF_NAME вместо $CI_COMMIT_TAG, oko kukuthi, sikhululwe kwiithegi kwi-Git kwaye ngoku siza kutyhala umfanekiso onegama lesebe lokuzibophelela eliqalise umbhobho. Kuyafaneleka ukuba uqaphele ukuba oku kuya kusebenza kunye namathegi, okuya kusivumela ukuba sigcine i-snapshots yesayithi kunye nenguqulo ethile kwi-docker-registry.
Xa igama lethegi ye-docker yoguqulelo olutsha lwesiza lingatshintshwa, kusafuneka sichaze utshintsho kwi-Kubernetes, ngaphandle koko ayizukuphinda isebenzise isicelo kumfanekiso omtsha, kuba ayizukubona naluphi na utshintsho kumfanekiso. usasazo olubonakalayo.
Ukhetho —vm:ext-str digest=”$DIGEST” ye qbec - ikuvumela ukuba ugqithise umahluko wangaphandle kwi jsonnet. Sifuna ukuba iphinde isetyenziswe kwi-cluster ngokhupho ngalunye lwesicelo sethu. Asinakuphinda sisebenzise igama lethegi, elinokuthi ngoku lingatshintshi, kuba kufuneka siboshwe kwinguqu ethile yomfanekiso kwaye siqalise ukuthunyelwa xa kutshintsha.
Apha siya kuncedwa kukukwazi kukaKaniko ukugcina umfanekiso wokwetyisa kwifayile (ukhetho --digest-file)
Emva koko siya kudlulisela le fayile kwaye siyifunde ngexesha lokuthunyelwa.
Masihlaziye iiparamitha zethu deploy/website/environments/base.libsonnet ngoku iza kujongeka ngolu hlobo:
{
components: {
website: {
name: 'example-docs',
image: 'registry.gitlab.com/kvaps/docs.example.org/website@' + std.extVar('digest'),
replicas: 1,
containerPort: 80,
servicePort: 80,
nodeSelector: {},
tolerations: [],
ingressClass: 'nginx',
domain: 'docs.example.org',
},
},
}Kwenziwe, ngoku nakuphi na ukuzibophelela inkosi iqala ukwakhiwa komfanekiso wedocker we website, kwaye emva koko uyithumele kwi-Kubernetes.
Ungalibali ukwenza utshintsho lwethu:
git add .
git commit -m "Configure dynamic build"Siza kujonga kamva git Push kufuneka sibone into efana nale:
Umfanekiso wekhusi wombhobho wenkosi
Ngokomgaqo, akufuneki siphinde sisebenzise i-gitlab-runner ngokutyhala ngalunye, ngaphandle kokuba, ewe, akukho nto itshintshileyo kuqwalaselo lwayo, masiyilungise .gitlab-ci.yml:
deploy_gitlab_runner:
extends: .deploy_qbec_app
variables:
GIT_SUBMODULE_STRATEGY: normal
before_script:
- base64 -d "$GITCRYPT_KEY" | git-crypt unlock -
script:
- qbec apply default --root deploy/gitlab-runner --force:k8s-context __incluster__ --wait --yes
only:
changes:
- deploy/gitlab-runner/**/*utshintsho iyakuvumela ukuba ujonge utshintsho kwi deploy/gitlab-runner/ kwaye iya kuvusa umsebenzi wethu kuphela ukuba kukho
Ungalibali ukwenza utshintsho lwethu:
git add .gitlab-ci.yml
git commit -m "Reduce gitlab-runner deploy"git Push, kukngcono Okok:
Umfanekiso weskrini wombhobho ohlaziyiweyo
12. Iimeko ezingqongileyo ezinamandla
Lixesha lokuba sitshintshe imibhobho yethu ngeemekobume eziguquguqukayo.
Okokuqala, masihlaziye umsebenzi build_iwebhusayithi kwethu .gitlab-ci.yml, ukususa ibhloko kuyo kuphela, eya kunyanzela iGitlab ukuba iyivuse nakwesiphi na isibophelelo kulo naliphi na isebe:
build_website:
extends: .build_docker_image
variables:
GIT_SUBMODULE_STRATEGY: normal
script:
- mkdir -p $CI_PROJECT_DIR/artifacts
- /kaniko/executor --cache --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dockerfiles/website/Dockerfile --destination $CI_REGISTRY_IMAGE/website:$CI_COMMIT_REF_NAME --digest-file $CI_PROJECT_DIR/artifacts/website.digest
artifacts:
paths:
- artifacts/Emva koko uhlaziye umsebenzi deploy_website, yongeza ibhloko apho indawo:
deploy_website:
extends: .deploy_qbec_app
environment:
name: prod
url: https://docs.example.org
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST"Oku kuya kuvumela iGitlab ukuba inxulumanise umsebenzi kunye Qhuba indawo kwaye ubonise ikhonkco elichanekileyo kuyo.
Ngoku makhe songeze eminye imisebenzi emibini:
deploy_website:
extends: .deploy_qbec_app
environment:
name: prod
url: https://docs.example.org
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST"
deploy_review:
extends: .deploy_qbec_app
environment:
name: review/$CI_COMMIT_REF_NAME
url: http://$CI_ENVIRONMENT_SLUG.docs.example.org
on_stop: stop_review
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply review --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST" --vm:ext-str subdomain="$CI_ENVIRONMENT_SLUG" --app-tag "$CI_ENVIRONMENT_SLUG"
only:
refs:
- branches
except:
refs:
- master
stop_review:
extends: .deploy_qbec_app
environment:
name: review/$CI_COMMIT_REF_NAME
action: stop
stage: deploy
before_script:
- git clone "$CI_REPOSITORY_URL" master
- cd master
script:
- qbec delete review --root deploy/website --force:k8s-context __incluster__ --yes --vm:ext-str digest="$DIGEST" --vm:ext-str subdomain="$CI_ENVIRONMENT_SLUG" --app-tag "$CI_ENVIRONMENT_SLUG"
variables:
GIT_STRATEGY: none
only:
refs:
- branches
except:
refs:
- master
when: manualZiya kuqaliswa ngokutyhala kuwo nawaphi na amasebe ngaphandle kwe-master kwaye ziya kuhambisa uguqulelo lokujonga kwangaphambili lwesiza.
Sibona ukhetho olutsha lwe-qbec: --app-tag - ikuvumela ukuba uthege kwiinguqulelo ezisetyenzisiweyo zesicelo kwaye usebenze kuphela kule thegi; xa usenza kwaye utshabalalisa izixhobo kwi-Kubernetes, i-qbec iya kusebenza nabo kuphela.
Ngale ndlela asinakwenza imeko-bume eyahlukileyo yophononongo ngalunye, kodwa siphinde sisebenzise enye enye.
Apha sisebenzisa kwakhona qbec faka uphononongo, ngaphandle kwe qbec faka ukusilela - Eli lixesha kanye apho siya kuzama ukuchaza umahluko kwimo engqongileyo (uphononongo kunye nokusilela):
Masongeze kwakhona okusingqongileyo kwi deploy/website/qbec.yaml
spec:
environments:
review:
defaultNamespace: docs
server: https://kubernetes.example.org:8443Emva koko siya kubhengeza kuyo deploy/website/params.libsonnet:
local env = std.extVar('qbec.io/env');
local paramsMap = {
_: import './environments/base.libsonnet',
default: import './environments/default.libsonnet',
review: import './environments/review.libsonnet',
};
if std.objectHas(paramsMap, env) then paramsMap[env] else error 'environment ' + env + ' not defined in ' + std.thisFileKwaye ubhale phantsi iiparameters zesiko kuyo deploy/website/environments/review.libsonnet:
// this file has the param overrides for the default environment
local base = import './base.libsonnet';
local slug = std.extVar('qbec.io/tag');
local subdomain = std.extVar('subdomain');
base {
components+: {
website+: {
name: 'example-docs-' + slug,
domain: subdomain + '.docs.example.org',
},
},
}Masikhe siyijonge ngakumbi ijojo stop_review, iyakuqhutywa xa isebe licinyiwe kwaye ukuze igitlab ingazami ukuyijonga isetyenziswa. GIT_STRATEGY: akukho, emva kwethuba siye sidibanise inkosi-isebe kwaye ucime uphononongo ngayo.
Iyabhidisa kancinci, kodwa andikayifumani enye indlela entle ngakumbi.
Olunye ukhetho luya kuba kukubeka uphononongo ngalunye kwindawo yamagama ehotele, enokuhlala idilizwa ngokupheleleyo.
Ungalibali ukwenza utshintsho lwethu:
git add .
git commit -m "Enable automatic review"git Push, git checkout -b uvavanyo, uvavanyo lwemvelaphi ye-git, khangela:
Umfanekiso weskrini osingqongileyo owenziweyo kwi-Gitlab
Yonke into iyasebenza? -kuhle, cima isebe lethu lovavanyo: ukuphuma kwe-git, git push imvelaphi: uvavanyo, sijonga ukuba imisebenzi yokucima indalo isebenze ngaphandle kweempazamo.
Apha ndingathanda ukucacisa ngokukhawuleza ukuba nawuphi na umthuthukisi kwiprojekthi unokudala amasebe, unokutshintsha kwakhona .gitlab-ci.yml ifayile kunye nokufikelela kwiinguqu eziyimfihlo.
Ngoko ke, kucetyiswa ngamandla ukuba bavumele ukusetyenziswa kwabo kuphela kumasebe akhuselweyo, umzekelo kwi inkosi, okanye wenze iseti eyahlukileyo yezinto eziguquguqukayo kwindawo nganye.
13. Hlaziya iiApps
Eli linqaku leGitLab elikuvumela ukuba wongeze iqhosha kwifayile nganye kwindawo yokugcina ukuyijonga ngokukhawuleza kwindawo ebekiweyo.
Ukuze la maqhosha avele, kufuneka wenze ifayile .gitlab/indlela-map.yml kwaye uchaze lonke utshintsho lwendlela kuyo; kwimeko yethu iya kuba lula kakhulu:
# Indices
- source: /content/(.+?)_index.(md|html)/
public: '1'
# Pages
- source: /content/(.+?).(md|html)/
public: '1/'Ungalibali ukwenza utshintsho lwethu:
git add .gitlab/
git commit -m "Enable review apps"git Push, kwaye khangela:
Umfanekiso weskrini weqhosha le-App yokuHlola
Umsebenzi ugqityiwe!
Imithombo yeprojekthi:
- kwiGitlab:
- kwi-GitHub:
Enkosi ngengqalelo yakho, ndiyathemba ukuba uyithandile
umthombo: www.habr.com