Sawubona! Muva nje, kukhululwe amathuluzi amaningi apholile wokuzenzakalela wokwakha izithombe ze-Docker futhi azothunyelwa ku-Kubernetes. Mayelana nalokhu, nginqume ukudlala nge-GitLab, ngifunde kahle amakhono ayo futhi, vele, ngamisa ipayipi.
Lo msebenzi ugqugquzelwe yiwebhusayithi , okukhiqizwa kusuka ngokuzenzakalelayo, futhi esicelweni ngasinye sokubhukuda esithunyelwayo, irobhothi likhiqiza ngokuzenzakalelayo inguqulo yokubuka kuqala yesayithi ngezinguquko zakho futhi linikeze isixhumanisi sokubuka.
Ngizamile ukwakha inqubo efanayo kusukela ekuqaleni, kodwa yakhelwe ngokuphelele ku-Gitlab CI namathuluzi wamahhala engijwayele ukuwasebenzisa ukuze ngithumele izinhlelo zokusebenza ku-Kubernetes. Namuhla ekugcineni ngizokutshela kabanzi ngabo.
Isihloko sizoxoxa ngamathuluzi afana nalawa:
Hugo, qbec, kaniko, i-git-crypt и IGitLab CI ngokudalwa kwezindawo eziguquguqukayo.
Okuqukethwe
1. Ukujwayelana noHugo
Njengesibonelo sephrojekthi yethu, sizozama ukwakha isiza sokushicilela imibhalo esakhiwe ku-Hugo. U-Hugo ungumkhiqizi wokuqukethwe omile.
Kulabo abangawazi amajeneretha amile, ngizokutshela okwengeziwe ngawo. Ngokungafani nezinjini ezijwayelekile zewebhusayithi ezinesizindalwazi kanye ne-PHP ethile, okuthi, lapho icelwa umsebenzisi, ikhiqize amakhasi ngokuhamba kwesikhathi, amajeneretha amile aklanywe ngendlela ehlukile kancane. Zikuvumela ukuthi uthathe imithombo, imvamisa isethi yamafayela kumakhaphu ye-Markdown nezifanekiso zetimu, bese uzihlanganisela kuwebhusayithi eqedwe ngokuphelele.
Okusho ukuthi, ngenxa yalokho, uzothola isakhiwo senkomba kanye nesethi yamafayela e-HTML akhiqiziwe, ongayilayisha kalula kunoma yikuphi ukusingathwa okushibhile futhi uthole iwebhusayithi esebenzayo.
Ungakwazi ukufaka u-Hugo endaweni bese uyizama:
Ukuqala isayithi elisha:
hugo new site docs.example.orgFuthi ngesikhathi esifanayo inqolobane ye-git:
cd docs.example.org
git initKuze kube manje, isiza sethu sihlanzekile futhi ukuze kuvele okuthile kuso, sidinga kuqala ukuxhuma itimu; itimu imane nje iyisethi yezifanekiso nemithetho ecacisiwe lapho isayithi lethu likhiqizwa khona.
Ngetimu esizoyisebenzisa , okuyinto, ngokubona kwami, ifaneleka ngokuphelele indawo yemibhalo.
Ngingathanda ukunaka ngokukhethekile iqiniso lokuthi asidingi ukulondoloza amafayela etimu endaweni yethu yokugcina iphrojekthi; esikhundleni salokho, singamane siyixhume sisebenzisa. git submodule:
git submodule add https://github.com/matcornic/hugo-theme-learn themes/learnNgakho-ke, inqolobane yethu izoqukatha kuphela amafayela ahlobene ngokuqondile nephrojekthi yethu, futhi itimu exhunyiwe izohlala njengesixhumanisi senqolobane ethile kanye nokuzibophezela kuyo, okungukuthi, ingadonswa njalo emthonjeni wokuqala futhi ingesabi. izinguquko ezingahambisani.
Masilungise ukulungiselelwa config.toml:
baseURL = "http://docs.example.org/"
languageCode = "en-us"
title = "My Docs Site"
theme = "learn"Kakade kulesi sigaba ungagijima:
hugo serverFuthi ekhelini hlola iwebhusayithi yethu esanda kwakhiwa, zonke izinguquko ezenziwe kumkhombandlela zibuyekeza ngokuzenzakalelayo ikhasi elivuliwe esipheqululini, kulula kakhulu!
Ake sizame ukwakha ikhasi lekhava kulo okuqukethwe/_index.md:
# My docs site
## Welcome to the docs!
You will be very smart :-)Isithombe-skrini sekhasi elisanda kwakhiwa
Ukuze wakhe isayithi, vele uqalise:
hugoOkuqukethwe ohlwini lwemibhalo umphakathi/ futhi kuzoba iwebhusayithi yakho.
Yebo, ngendlela, masikwengeze kuyo ngokushesha .ukulele:
echo /public > .gitignoreUngakhohlwa ukwenza izinguquko zethu:
git add .
git commit -m "New site created"2. Ukulungiselela i-Dockerfile
Isikhathi sokuchaza ukwakheka kwendawo yethu yokugcina. Ngivame ukusebenzisa into efana nale:
.
├── deploy
│ ├── app1
│ └── app2
└── dockerfiles
├── image1
└── image2- ama-dockerfiles/ - Aqukethe izinkomba ezinama-Dockerfiles nakho konke okudingekayo ekwakheni izithombe zethu ze-Docker.
- sebenzisa/ - iqukethe uhla lwemibhalo lokuthumela izicelo zethu ku-Kubernetes
Ngakho-ke, sizodala i-Dockerfile yethu yokuqala endleleni dockerfiles/website/Dockerfile
FROM alpine:3.11 as builder
ARG HUGO_VERSION=0.62.0
RUN wget -O- https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_${HUGO_VERSION}_linux-64bit.tar.gz | tar -xz -C /usr/local/bin
ADD . /src
RUN hugo -s /src
FROM alpine:3.11
RUN apk add --no-cache darkhttpd
COPY --from=builder /src/public /var/www
ENTRYPOINT [ "/usr/bin/darkhttpd" ]
CMD [ "/var/www" ]Njengoba ubona, i-Dockerfile iqukethe ezimbili KUPHELA, leli thuba libizwa futhi ikuvumela ukuthi ukhiphe yonke into engadingekile esithombeni sokugcina sedokhi.
Ngakho, isithombe sokugcina sizoqukatha kuphela mnyamahttpd (iseva ye-HTTP engasindi) kanye umphakathi/ - okuqukethwe kuwebhusayithi yethu ekhiqizwe ngokwezibalo.
Ungakhohlwa ukwenza izinguquko zethu:
git add dockerfiles/website
git commit -m "Add Dockerfile for website"3. Ukwazi kaniko
Njengomakhi wesithombe se-docker, nginqume ukusebenzisa , njengoba ukusebenza kwayo akudingi i-daemon ye-docker, futhi ukwakha ngokwayo kungenziwa kunoma yimuphi umshini futhi inqolobane ingagcinwa ngokuqondile kurejista, ngaleyo ndlela isuse isidingo sokuba nesitoreji esigcwele esiqhubekayo.
Ukuze wakhe isithombe, vele usebenzise isiqukathi kaniko executor futhi udlulise umongo wokwakha wamanje; lokhu kungenziwa futhi endaweni, nge-docker:
docker run -ti --rm
-v $PWD:/workspace
-v ~/.docker/config.json:/kaniko/.docker/config.json:ro
gcr.io/kaniko-project/executor:v0.15.0
--cache
--dockerfile=dockerfiles/website/Dockerfile
--destination=registry.gitlab.com/kvaps/docs.example.org/website:v0.0.1Kuphi registry.gitlab.com/kvaps/docs.example.org/website - igama lesithombe sakho sedokhu; ngemuva kokwakha, izokwethulwa ngokuzenzakalelayo kurejista ye-docker.
Ipharamitha --inqolobane ikuvumela ukuthi ulondoloze izendlalelo kubhalisi ye-docker; ngokwesibonelo esinikeziwe, zizogcinwa ku registry.gitlab.com/kvaps/docs.example.org/website/cache, kodwa ungacacisa enye indlela usebenzisa ipharamitha --cache-repo.
Isithombe-skrini se-docker-registry
4. Ukwazi i-qbec
iyithuluzi lokuphakela elikuvumela ukuthi uchaze ngokudabukisayo izinhlelo zakho zokusebenza futhi uzithumele ku-Kubernetes. Ukusebenzisa i-Jsonnet njenge-syntax eyinhloko ikuvumela ukuba wenze lula kakhulu incazelo yomehluko ezindaweni eziningi, futhi kucishe kukuqede ngokuphelele ukuphindaphinda kwekhodi.
Lokhu kungaba yiqiniso ikakhulukazi ezimeni lapho udinga ukuphakela uhlelo lokusebenza kumaqoqo amaningana anamapharamitha ahlukene futhi ufuna ukuwachaza ngokumemezela ku-Git.
I-Qbec iphinde ikuvumela ukuthi unikeze amashadi e-Helm ngokuwadlulisela imingcele edingekayo bese uwasebenzisa ngendlela efanayo nokubonakaliswa okujwayelekile, okubandakanya ungasebenzisa ukuguqulwa okuhlukahlukene kuwo, futhi lokhu, kukuvumela ukuthi ukhiphe isidingo sebenzisa i-ChartMuseum. Okusho ukuthi, ungagcina futhi unikeze amashadi ngokuqondile ku-git, lapho ehlala khona.
Njengoba ngishilo ekuqaleni, sizogcina konke ukuthunyelwa kuhla lwemibhalo sebenzisa/:
mkdir deploy
cd deployAke siqalise uhlelo lwethu lokusebenza lokuqala:
qbec init website
cd websiteManje ukwakheka kohlelo lwethu lokusebenza kubukeka kanjena:
.
├── components
├── environments
│ ├── base.libsonnet
│ └── default.libsonnet
├── params.libsonnet
└── qbec.yamlasibheke ifayela qbec.yaml:
apiVersion: qbec.io/v1alpha1
kind: App
metadata:
name: website
spec:
environments:
default:
defaultNamespace: docs
server: https://kubernetes.example.org:8443
vars: {}Lapha sinentshisekelo kakhulu kuyo spec.imvelo, i-qbec isivele isidalele indawo ezenzakalelayo futhi yathatha ikheli leseva, kanye nendawo yegama ku-kubeconfig yethu yamanje.
Manje uma kuthunyelwa ku ezenzakalelayo imvelo, i-qbec izohlala isebenzisa kuphela iqoqo le-Kubernetes elishiwo kanye nendawo yegama eshiwo, okungukuthi, akusadingeki ushintshe phakathi kokuqukethwe nezikhala zamagama ukuze wenze ukusetshenziswa.
Uma kudingeka, ungakwazi njalo ukubuyekeza izilungiselelo kuleli fayela.
Zonke izindawo zakho zichazwe kuyo qbec.yaml, nakufayela params.libsonnet, lapho isho khona ukuthi uzowatholela kuphi amapharamitha.
Okulandelayo sibona izinkomba ezimbili:
- izingxenye/ - zonke izibonisi zohlelo lwethu lokusebenza zizogcinwa lapha; zingachazwa kokubili kumafayela we-jsonnet kanye navamile we-yaml
- izindawo/ - lapha sizochaza zonke izinto eziguquguqukayo (imingcele) yendawo yethu.
Ngokuzenzakalelayo sinamafayela amabili:
- izindawo/base.libsonnet - izoqukatha imingcele evamile yazo zonke izindawo
- environments/default.libsonnet - iqukethe amapharamitha akhishwe endaweni ezenzakalelayo
asivule izindawo/base.libsonnet bese wengeza amapharamitha engxenye yethu yokuqala lapho:
{
components: {
website: {
name: 'example-docs',
image: 'registry.gitlab.com/kvaps/docs.example.org/website:v0.0.1',
replicas: 1,
containerPort: 80,
servicePort: 80,
nodeSelector: {},
tolerations: [],
ingressClass: 'nginx',
domain: 'docs.example.org',
},
},
}Masiphinde sakhe ingxenye yethu yokuqala izingxenye/website.jsonnet:
local env = {
name: std.extVar('qbec.io/env'),
namespace: std.extVar('qbec.io/defaultNs'),
};
local p = import '../params.libsonnet';
local params = p.components.website;
[
{
apiVersion: 'apps/v1',
kind: 'Deployment',
metadata: {
labels: { app: params.name },
name: params.name,
},
spec: {
replicas: params.replicas,
selector: {
matchLabels: {
app: params.name,
},
},
template: {
metadata: {
labels: { app: params.name },
},
spec: {
containers: [
{
name: 'darkhttpd',
image: params.image,
ports: [
{
containerPort: params.containerPort,
},
],
},
],
nodeSelector: params.nodeSelector,
tolerations: params.tolerations,
imagePullSecrets: [{ name: 'regsecret' }],
},
},
},
},
{
apiVersion: 'v1',
kind: 'Service',
metadata: {
labels: { app: params.name },
name: params.name,
},
spec: {
selector: {
app: params.name,
},
ports: [
{
port: params.servicePort,
targetPort: params.containerPort,
},
],
},
},
{
apiVersion: 'extensions/v1beta1',
kind: 'Ingress',
metadata: {
annotations: {
'kubernetes.io/ingress.class': params.ingressClass,
},
labels: { app: params.name },
name: params.name,
},
spec: {
rules: [
{
host: params.domain,
http: {
paths: [
{
backend: {
serviceName: params.name,
servicePort: params.servicePort,
},
},
],
},
},
],
},
},
]Kuleli fayela sichaze izinhlangano ezintathu ze-Kubernetes ngesikhathi esisodwa, lezi yizi: Ukuthunyelwa, Izikhungo и Ingress. Uma sithanda, singazifaka ezingxenyeni ezahlukene, kodwa kulesi sigaba eyodwa izosanela.
I-syntax jsonnet ifana kakhulu ne-json evamile, empeleni, i-json evamile isivele ivumelekile i-jsonnet, ngakho-ke ekuqaleni kungase kube lula kuwe ukusebenzisa izinsizakalo ze-intanethi ezifana yaml2json ukuguqula i-yaml yakho evamile ibe yi-json, noma, uma izingxenye zakho zingaqukethe okuguquguqukayo, lapho-ke zingachazwa ngendlela ye-yaml evamile.
Lapho usebenza ne- jsonnet Ngincoma kakhulu ukufaka i-plugin yomhleli wakho
Isibonelo, kukhona i-plugin ye-vim vim-jsonnet, evula ukugqamisa kwe-syntax futhi isebenzise ngokuzenzakalelayo jsonnet fmt ngaso sonke isikhathi uma ulondoloza (idinga ukufakwa kwe-jsonnet).
Konke sekumi ngomumo, manje singaqala ukuphakela:
Ukuze sibone ukuthi yini esinayo, asigijime:
qbec show defaultKokukhiphayo, uzobona i-yaml manifest enikeziwe ezosetshenziswa kuqoqo elizenzakalelayo.
Kuhle, manje sebenzisa:
qbec apply defaultKokukhiphayo uzohlala ubona ukuthi kuzokwenziwani kuqoqo lakho, i-qbec izokucela ukuthi uvumelane nezinguquko ngokuthayipha y uzokwazi ukuqinisekisa izinhloso zakho.
Isicelo sethu silungile futhi sisetshenzisiwe!
Uma wenza izinguquko, ungakwazi njalo ukwenza:
qbec diff defaultukuze ubone ukuthi lezi zinguquko zizothinta kanjani ukusetshenziswa kwamanje
Ungakhohlwa ukwenza izinguquko zethu:
cd ../..
git add deploy/website
git commit -m "Add deploy for website"5. Izama i-Gitlab-runner nge-Kubernetes-executor
Kuze kube muva nje bengisebenzisa okuvamile gitlab-runner emshinini olungiselelwe kusengaphambili (isitsha se-LXC) esinegobolondo noma umenzi we-docker. Ekuqaleni, besinabagijimi abanjalo abambalwa abachazwe emhlabeni jikelele ku-gitlab yethu. Baqoqe izithombe ze-docker kuwo wonke amaphrojekthi.
Kodwa njengoba umkhuba ubonisile, le nketho ayiyona into enhle kakhulu, kokubili ngokusebenza nokuphepha. Kungcono kakhulu futhi kulunge ngokwemibono ukuthi kube nabagijimi abahlukene batshalwe kuphrojekthi ngayinye, noma endaweni ngayinye.
Ngenhlanhla, lokhu akuyona inkinga nhlobo, njengoba manje sizofaka gitlab-runner ngqo njengengxenye yephrojekthi yethu eKubernetes.
I-Gitlab ihlinzeka ngeshadi le-helm elenziwe ngomumo ukuze kuthunyelwe i-gitlab-runner ku-Kubernetes. Ngakho-ke okudingeka ukwenze ukuthola ithokheni yokubhalisa kuphrojekthi yethu ku Izilungiselelo -> CI/CD -> Abagijimi futhi uyidlulisele enqoleni;
helm repo add gitlab https://charts.gitlab.io
helm install gitlab-runner
--set gitlabUrl=https://gitlab.com
--set runnerRegistrationToken=yga8y-jdCusVDn_t4Wxc
--set rbac.create=true
gitlab/gitlab-runnerKuphi:
- - ikheli leseva yakho ye-Gitlab.
- yga8y-jdCusVDn_t4Wxc - ithokheni yokubhalisa yephrojekthi yakho.
- rbac.create=true - inikeza umgijimi inani elidingekayo lamalungelo ukuze akwazi ukudala ama-pods ukuze enze imisebenzi yethu esebenzisa i-kubernetes-executor.
Uma konke kwenziwa ngendlela efanele, kufanele ubone umgijimi obhalisiwe esigabeni Abagijimi, kuzilungiselelo zephrojekthi yakho.
Isithombe-skrini somgijimi owengeziwe
Ingabe kulula kanjalo? - yebo, kulula kanjalo! Ngeke kusaba nenkinga ngokubhalisa abagijimi ngesandla, kusukela manje kuqhubeke abagijimi bazokwakhiwa futhi babhujiswe ngokuzenzakalelayo.
6. Faka amashadi e-Helm nge-QBEC
Njengoba sinqume ukucabangela gitlab-runner ingxenye yephrojekthi yethu, yisikhathi sokuyichaza endaweni yethu yokugcina ye-Git.
Singakuchaza njengengxenye ehlukile iwebhusayithi, kodwa esikhathini esizayo sihlela ukuthumela amakhophi ahlukahlukene iwebhusayithi kaningi, ngokungafani gitlab-runner, ezosetshenziswa kanye kuphela ngeqoqo le-Kubernetes. Ngakho-ke ake siqalise isicelo esihlukile sayo:
cd deploy
qbec init gitlab-runner
cd gitlab-runnerKulokhu ngeke sichaze izinhlangano ze-Kubernetes mathupha, kodwa sizothatha ishadi le-Helm elenziwe ngomumo. Enye yezinzuzo ze-qbec yikhono lokunikeza amashadi e-Helm ngokuqondile endaweni ye-Git.
Masiyixhume sisebenzisa i-git submodule:
git submodule add https://gitlab.com/gitlab-org/charts/gitlab-runner vendor/gitlab-runnerManje inkomba umthengisi/gitlab-runner Sinendawo yokugcina eneshadi le-gitlab-runner.
Ngendlela efanayo, ungaxhuma ezinye izinqolobane, isibonelo, yonke inqolobane ngamashadi asemthethweni
Ake sichaze ingxenye izingxenye/gitlab-runner.jsonnet:
local env = {
name: std.extVar('qbec.io/env'),
namespace: std.extVar('qbec.io/defaultNs'),
};
local p = import '../params.libsonnet';
local params = p.components.gitlabRunner;
std.native('expandHelmTemplate')(
'../vendor/gitlab-runner',
params.values,
{
nameTemplate: params.name,
namespace: env.namespace,
thisFile: std.thisFile,
verbose: true,
}
)Ingxabano yokuqala ku expandHelmTemplate sidlula indlela eya eshadini, ke params.values, esiyithatha kumapharamitha emvelo, bese iza into nayo
- igamaIsifanekiso - igama lokukhipha
- indawo yamagama - indawo yegama idluliselwe ku-helm
- leFile — ipharamitha edingekayo edlula indlela eya efayeleni lamanje
- verbose - ibonisa umyalo isifanekiso se-helm nazo zonke izimpikiswano lapho unikeza ishadi
Manje ake sichaze amapharamitha wengxenye yethu ku izindawo/base.libsonnet:
local secrets = import '../secrets/base.libsonnet';
{
components: {
gitlabRunner: {
name: 'gitlab-runner',
values: {
gitlabUrl: 'https://gitlab.com/',
rbac: {
create: true,
},
runnerRegistrationToken: secrets.runnerRegistrationToken,
},
},
},
}Nakani i-runnerRegistrationToken sithatha efayeleni langaphandle izimfihlo/base.libsonnet, masiyidale:
{
runnerRegistrationToken: 'yga8y-jdCusVDn_t4Wxc',
}Ake sihlole ukuthi konke kuyasebenza yini:
qbec show defaultuma konke kuhamba ngohlelo, singasusa ukukhululwa kwethu okwasetshenziswa ngaphambilini nge-Helm:
helm uninstall gitlab-runnerfuthi uyisebenzise ngendlela efanayo, kodwa nge-qbec:
qbec apply default7. Sethula i-git-crypt
iyithuluzi elikuvumela ukuthi usethe ukubethela okusobala kwendawo yakho yokugcina.
Okwamanje, uhlaka lwethu lwemibhalo ye-gitlab-runner lubukeka kanje:
.
├── components
│ ├── gitlab-runner.jsonnet
├── environments
│ ├── base.libsonnet
│ └── default.libsonnet
├── params.libsonnet
├── qbec.yaml
├── secrets
│ └── base.libsonnet
└── vendor
└── gitlab-runner (submodule)Kodwa ukugcina izimfihlo ku-Git akuphephile, akunjalo? Ngakho-ke kudingeka siwabhale ngemfihlo ngendlela efanele.
Ngokuvamile, ngenxa yokuguquguquka okukodwa, lokhu akwenzi umqondo ngaso sonke isikhathi. Ungadlulisela izimfihlo ku qbec nangokuguquguquka kwemvelo kohlelo lwakho lwe-CI.
Kodwa kubalulekile ukuqaphela ukuthi kukhona namaphrojekthi ayinkimbinkimbi kakhulu angaqukatha izimfihlo eziningi; ukuwadlulisela wonke ngokusebenzisa okuguquguqukayo kwemvelo kuzoba nzima kakhulu.Ngaphezu kwalokho, kulokhu ngeke ngikwazi ukukutshela mayelana nethuluzi elimangalisayo njenge i-git-crypt.
i-git-crypt Kuwusizo futhi ngoba ikuvumela ukuthi ulondoloze wonke umlando wezimfihlo, futhi uqhathanise, uhlanganise futhi uxazulule izingxabano ngendlela efanayo naleyo esijwayele ukwenza ngayo endabeni ye-Git.
Into yokuqala ngemva kokufakwa i-git-crypt sidinga ukukhiqiza okhiye benqolobane yethu:
git crypt initUma unokhiye we-PGP, ungazengeza ngokushesha njengomhlanganyeli wale phrojekthi:
git-crypt add-gpg-user [email protected]Ngale ndlela ungakwazi njalo ukususa ukubethela leli gumbi usebenzisa ukhiye wakho oyimfihlo.
Uma ungenawo ukhiye we-PGP futhi ungawulindele, ungahamba ngenye indlela futhi uthumele ukhiye wephrojekthi:
git crypt export-key /path/to/keyfileNgakho, noma ubani has a ezithunyelwa ngaphandle ifayela elingukhiye izokwazi ukususa ukubethela inqolobane yakho.
Isikhathi sokusetha imfihlo yethu yokuqala.
Ake nginikhumbuze ukuthi sisesohlwini lwemibhalo sebenzisa/i-gitlab-runner/, lapho sinohla lwemibhalo izimfihlo/, ake sibhale ngemfihlo wonke amafayela akuwo, kulokhu sizokwakha ifayela izimfihlo/.gitattributes nokuqukethwe okulandelayo:
* filter=git-crypt diff=git-crypt
.gitattributes !filter !diffNjengoba kungabonwa kokuqukethwe, wonke amafayela amboziwe * izoshayelwa i-git-crypt, ngaphandle kokuningi .gitattributes
Singakuhlola lokhu ngokuqalisa:
git crypt status -eOkukhiphayo kuzoba uhlu lwawo wonke amafayela endaweni lapho ukubethela kuvulwe khona amandla
Yilokho kuphela, manje singazibophezela ngokuphephile izinguquko zethu:
cd ../..
git add .
git commit -m "Add deploy for gitlab-runner"Ukuze uvimbele indawo yokugcina, vele uqalise:
git crypt lockfuthi ngokushesha wonke amafayela abethelwe azophenduka okuthile kanambambili, ngeke ukwazi ukuwafunda.
Ukuze ususe ukubethela inqolobane, sebenzisa:
git crypt unlock8. Dala isithombe sebhokisi lamathuluzi
Isithombe sebhokisi lamathuluzi yisithombe esinawo wonke amathuluzi esizowasebenzisa ukuze sikhiphe iphrojekthi yethu. Izosetshenziswa umgijimi we-Gitlab ukwenza imisebenzi evamile yokuthunyelwa.
Konke kulula lapha, masidale entsha dockerfiles/toolbox/Dockerfile nokuqukethwe okulandelayo:
FROM alpine:3.11
RUN apk add --no-cache git git-crypt
RUN QBEC_VER=0.10.3
&& wget -O- https://github.com/splunk/qbec/releases/download/v${QBEC_VER}/qbec-linux-amd64.tar.gz
| tar -C /tmp -xzf -
&& mv /tmp/qbec /tmp/jsonnet-qbec /usr/local/bin/
RUN KUBECTL_VER=1.17.0
&& wget -O /usr/local/bin/kubectl
https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VER}/bin/linux/amd64/kubectl
&& chmod +x /usr/local/bin/kubectl
RUN HELM_VER=3.0.2
&& wget -O- https://get.helm.sh/helm-v${HELM_VER}-linux-amd64.tar.gz
| tar -C /tmp -zxf -
&& mv /tmp/linux-amd64/helm /usr/local/bin/helmNjengoba ubona, kulesi sithombe sifaka zonke izinsiza ebesizisebenzisa ukusabalalisa uhlelo lwethu lokusebenza. Asiyidingi lapha ngaphandle uma kubctl, kodwa ungase ufune ukudlala ngaso sonke isikhathi phakathi nesigaba sokusetha ipayipi.
Futhi, ukuze sikwazi ukuxhumana ne-Kubernetes futhi sithumele kuyo, sidinga ukumisa indima yama-pods akhiqizwa i-gitlab-runner.
Ukwenza lokhu, ake siye kusiqondisi nge-gitlab-runner:
cd deploy/gitlab-runnerbese wengeza ingxenye entsha izingxenye/rbac.jsonnet:
local env = {
name: std.extVar('qbec.io/env'),
namespace: std.extVar('qbec.io/defaultNs'),
};
local p = import '../params.libsonnet';
local params = p.components.rbac;
[
{
apiVersion: 'v1',
kind: 'ServiceAccount',
metadata: {
labels: {
app: params.name,
},
name: params.name,
},
},
{
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'Role',
metadata: {
labels: {
app: params.name,
},
name: params.name,
},
rules: [
{
apiGroups: [
'*',
],
resources: [
'*',
],
verbs: [
'*',
],
},
],
},
{
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'RoleBinding',
metadata: {
labels: {
app: params.name,
},
name: params.name,
},
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'Role',
name: params.name,
},
subjects: [
{
kind: 'ServiceAccount',
name: params.name,
namespace: env.namespace,
},
],
},
]Sizophinde sichaze amapharamitha amasha ku izindawo/base.libsonnet, manje okubukeka kanje:
local secrets = import '../secrets/base.libsonnet';
{
components: {
gitlabRunner: {
name: 'gitlab-runner',
values: {
gitlabUrl: 'https://gitlab.com/',
rbac: {
create: true,
},
runnerRegistrationToken: secrets.runnerRegistrationToken,
runners: {
serviceAccountName: $.components.rbac.name,
image: 'registry.gitlab.com/kvaps/docs.example.org/toolbox:v0.0.1',
},
},
},
rbac: {
name: 'gitlab-runner-deploy',
},
},
}Nakani $.components.rbac.name libhekisela ku Igama okwengxenye rbac
Ake sihlole ukuthi yini eshintshile:
qbec diff defaultfuthi sisebenzise izinguquko zethu ku-Kubernetes:
qbec apply defaultFuthi, ungakhohlwa ukwenza izinguquko zethu ku-git:
cd ../..
git add dockerfiles/toolbox
git commit -m "Add Dockerfile for toolbox"
git add deploy/gitlab-runner
git commit -m "Configure gitlab-runner to use toolbox"9. Ipayipi lethu lokuqala kanye nokuhlanganiswa kwezithombe ngamathegi
Emsuka wephrojekthi esizoyidala .gitlab-ci.yml nokuqukethwe okulandelayo:
.build_docker_image:
stage: build
image:
name: gcr.io/kaniko-project/executor:debug-v0.15.0
entrypoint: [""]
before_script:
- echo "{"auths":{"$CI_REGISTRY":{"username":"$CI_REGISTRY_USER","password":"$CI_REGISTRY_PASSWORD"}}}" > /kaniko/.docker/config.json
build_toolbox:
extends: .build_docker_image
script:
- /kaniko/executor --cache --context $CI_PROJECT_DIR/dockerfiles/toolbox --dockerfile $CI_PROJECT_DIR/dockerfiles/toolbox/Dockerfile --destination $CI_REGISTRY_IMAGE/toolbox:$CI_COMMIT_TAG
only:
refs:
- tags
build_website:
extends: .build_docker_image
variables:
GIT_SUBMODULE_STRATEGY: normal
script:
- /kaniko/executor --cache --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dockerfiles/website/Dockerfile --destination $CI_REGISTRY_IMAGE/website:$CI_COMMIT_TAG
only:
refs:
- tagsSicela uqaphele sisebenzisa GIT_SUBMODULE_STRATEGY: evamile kuleyo misebenzi lapho udinga ukuqalisa ngokusobala amamojula ngaphambi kokwenza.
Ungakhohlwa ukwenza izinguquko zethu:
git add .gitlab-ci.yml
git commit -m "Automate docker build"Ngicabanga ukuthi singayibiza ngokuphephile le nguqulo v0.0.1 bese wengeza ithegi:
git tag v0.0.1Sizongeza omaka noma nini lapho sidinga ukukhipha inguqulo entsha. Omaka ezithombeni ze-Docker bazoboshelwa kumathegi e-Git. Ukuphusha ngakunye okunomaka omusha kuzoqalisa ukwakhiwa kwezithombe ngalo thegi.
Asikwenze git push --tags, futhi ake sibheke ipayipi lethu lokuqala:
Isithombe-skrini somugqa wokuqala
Kuyafaneleka ukudonsela ukunaka kwakho eqinisweni lokuthi ukuhlanganiswa ngamathegi kulungele ukwakha izithombe ze-docker, kodwa akufanelekile ukuthunyelwa kwesicelo ku-Kubernetes. Njengoba amathegi amasha angabelwa emisebenzini endala, kulokhu, ukuqalisa ipayipi kubo kuzoholela ekusetshenzisweni kwenguqulo endala.
Ukuxazulula le nkinga, ngokuvamile ukwakhiwa kwezithombe ze-docker kuboshelwe kumathegi, futhi ukuthunyelwa kwesicelo egatsheni. master, lapho izinguqulo zezithombe eziqoqiwe zinekhodi eqinile. Lapha yilapho ungakwazi ukuqalisa ukubuyisela emuva ngokubuyisela okulula master-amagatsha.
10. Automation of deployment
Ukuze umgijimi we-Gitlab asuse ukubhala phansi izimfihlo zethu, sizodinga ukuthekelisa ukhiye wekhosombe futhi siwungeze kokuguquguqukayo kwemvelo yethu ye-CI:
git crypt export-key /tmp/docs-repo.key
base64 -w0 /tmp/docs-repo.key; echoSizogcina umugqa owumphumela ku-Gitlab; ukwenza lokhu, ake siye kuzilungiselelo zethu zephrojekthi:
Izilungiselelo -> CI/CD -> Okuguquguqukayo
Futhi masidale okuhlukile okusha:
Uhlobo
Key
Value
Oluvikelwe
Kufihlwe
Scope
File
GITCRYPT_KEY
<your string>
true (ngesikhathi sokuqeqeshwa ungakwazi false)
true
All environments
Isithombe-skrini sokuhluka okungeziwe
Manje ake sibuyekeze yethu .gitlab-ci.yml ukwengeza kukho:
.deploy_qbec_app:
stage: deploy
only:
refs:
- master
deploy_gitlab_runner:
extends: .deploy_qbec_app
variables:
GIT_SUBMODULE_STRATEGY: normal
before_script:
- base64 -d "$GITCRYPT_KEY" | git-crypt unlock -
script:
- qbec apply default --root deploy/gitlab-runner --force:k8s-context __incluster__ --wait --yes
deploy_website:
extends: .deploy_qbec_app
script:
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yesLapha sinikeze amandla izinketho ezintsha ezimbalwa ze-qbec:
- --root ezinye/app - ikuvumela ukuthi unqume uhla lwemibhalo lohlelo oluthile
- --force:k8s-context __incluster__ - lokhu ukuhlukahluka komlingo okusho ukuthi ukuthunyelwa kuzokwenzeka kuqoqo elifanayo lapho i-gtilab-runner isebenza khona. Lokhu kuyadingeka ngoba uma kungenjalo i-qbec izozama ukuthola iseva efanelekile ye-Kubernetes ku-kubeconfig yakho
- --linda - iphoqa i-qbec ukuthi ilinde kuze kube yilapho izinsiza ezidalayo zingena esimweni Sokulungela bese iphuma ngekhodi yokuphuma ephumelelayo.
- - yebo - ivele ikhubaze igobolondo elisebenzisanayo Uqinisekile? uma isetshenziswa.
Ungakhohlwa ukwenza izinguquko zethu:
git add .gitlab-ci.yml
git commit -m "Automate deploy"Futhi ngemva git ukusunduza sizobona ukuthi izicelo zethu zisetshenziswe kanjani:
Isithombe-skrini somugqa wesibili
11. Ama-artifacts kanye nokuhlanganiswa lapho kuphushwa ukuze kube yingcweti
Ngokuvamile, izinyathelo ezichazwe ngenhla zanele ukwakha nokuletha cishe noma iyiphi isevisi encane, kodwa asifuni ukungeza umaka ngaso sonke isikhathi lapho sidinga ukubuyekeza isayithi. Ngakho-ke, sizothatha umzila onamandla futhi simise ukuthunyelwa kwe-digest egatsheni eliyinhloko.
Umqondo ulula: manje isithombe sethu iwebhusayithi izokwakhiwa kabusha njalo uma ungena master, bese uphakela ngokuzenzakalelayo ku-Kubernetes.
Ake sibuyekeze le misebenzi emibili kweyethu .gitlab-ci.yml:
build_website:
extends: .build_docker_image
variables:
GIT_SUBMODULE_STRATEGY: normal
script:
- mkdir -p $CI_PROJECT_DIR/artifacts
- /kaniko/executor --cache --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dockerfiles/website/Dockerfile --destination $CI_REGISTRY_IMAGE/website:$CI_COMMIT_REF_NAME --digest-file $CI_PROJECT_DIR/artifacts/website.digest
artifacts:
paths:
- artifacts/
only:
refs:
- master
- tags
deploy_website:
extends: .deploy_qbec_app
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST"Sicela uqaphele ukuthi sengeze uchungechunge master к ama-Ref okwemisebenzi build_website futhi manje sisebenzisa $CI_COMMIT_REF_NAME esikhundleni salokho $CI_COMMIT_TAG, okusho ukuthi, sikhululiwe kumathegi ku-Git futhi manje sizophusha isithombe esinegama legatsha lesibopho eliqalise ipayipi. Kuyaqapheleka ukuthi lokhu kuzophinde kusebenze namathegi, okuzosivumela ukuthi silondoloze izifinyezo zesayithi ngenguqulo ethile ku-docker-registry.
Lapho igama lethegi ye-docker yenguqulo entsha yesayithi lingashintshwa, kusafanele sichaze izinguquko ku-Kubernetes, ngaphandle kwalokho ngeke iphinde ikhiphe uhlelo lokusebenza kusuka esithombeni esisha, ngoba ngeke ibone noma yiziphi izinguquko i-manifest yokusebenzisa.
Inketho —vm:ext-str digest=”$DIGEST” ye-qbec - ikuvumela ukuthi udlulise okuguquguqukayo kwangaphandle ku-jsonnet. Sifuna ukuthi isetshenziswe kabusha ku-cluster ngokukhishwa ngakunye kohlelo lwethu lokusebenza. Ngeke sisakwazi ukusebenzisa igama lomaka, manje elingakwazi ukushintsheka, njengoba sidinga ukuboshelwa enguqulweni ethile yesithombe futhi sicuphe ukusetshenziswa uma sishintsha.
Lapha sizosizwa ikhono lika-Kaniko lokulondoloza isithombe sokugaya efayelini (inketho --digest-file)
Bese sizodlulisela leli fayela futhi silifunde ngesikhathi sokuthunyelwa.
Ake sibuyekeze amapharamitha wethu deploy/website/environments/base.libsonnet manje kuzobukeka kanje:
{
components: {
website: {
name: 'example-docs',
image: 'registry.gitlab.com/kvaps/docs.example.org/website@' + std.extVar('digest'),
replicas: 1,
containerPort: 80,
servicePort: 80,
nodeSelector: {},
tolerations: [],
ingressClass: 'nginx',
domain: 'docs.example.org',
},
},
}Kwenziwe, manje noma yikuphi ukuzibophezela master iqala ukwakhiwa kwesithombe sedokhu iwebhusayithi, bese uyithumela ku-Kubernetes.
Ungakhohlwa ukwenza izinguquko zethu:
git add .
git commit -m "Configure dynamic build"Sizohlola kamuva git ukusunduza kufanele sibone into enjengale:
Isithombe-skrini sephayiphi le-master
Empeleni, asikho isidingo sokuphinda sitshale kabusha i-gitlab-runner ngokucindezela ngakunye, ngaphandle uma, vele, akukho okushintshile ekucushweni kwayo, masiyilungise .gitlab-ci.yml:
deploy_gitlab_runner:
extends: .deploy_qbec_app
variables:
GIT_SUBMODULE_STRATEGY: normal
before_script:
- base64 -d "$GITCRYPT_KEY" | git-crypt unlock -
script:
- qbec apply default --root deploy/gitlab-runner --force:k8s-context __incluster__ --wait --yes
only:
changes:
- deploy/gitlab-runner/**/*izinguquko izokuvumela ukuthi ugade izinguquko ku sebenzisa/i-gitlab-runner/ futhi sizovula umsebenzi wethu kuphela uma kukhona
Ungakhohlwa ukwenza izinguquko zethu:
git add .gitlab-ci.yml
git commit -m "Reduce gitlab-runner deploy"git ukusunduza, lokho kungcono:
Isithombe-skrini sepayipi elibuyekeziwe
12. Izindawo ezinamandla
Isikhathi sokuhlukanisa ipayipi lethu ngezimo eziguqukayo.
Okokuqala, ake sibuyekeze umsebenzi build_website kwezethu .gitlab-ci.yml, esusa ibhlokhi kuyo kuphela, okuzophoqa i-Gitlab ukuthi iyiqalise kunoma yikuphi ukuzibophezela kunoma yiliphi igatsha:
build_website:
extends: .build_docker_image
variables:
GIT_SUBMODULE_STRATEGY: normal
script:
- mkdir -p $CI_PROJECT_DIR/artifacts
- /kaniko/executor --cache --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dockerfiles/website/Dockerfile --destination $CI_REGISTRY_IMAGE/website:$CI_COMMIT_REF_NAME --digest-file $CI_PROJECT_DIR/artifacts/website.digest
artifacts:
paths:
- artifacts/Bese ubuyekeza umsebenzi deploy_website, engeza ibhulokhi lapho imvelo:
deploy_website:
extends: .deploy_qbec_app
environment:
name: prod
url: https://docs.example.org
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST"Lokhu kuzovumela i-Gitlab ukuthi ihlobanise umsebenzi nawo prod imvelo futhi ubonise isixhumanisi esifanele kuso.
Manje ake sengeze eminye imisebenzi emibili:
deploy_website:
extends: .deploy_qbec_app
environment:
name: prod
url: https://docs.example.org
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply default --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST"
deploy_review:
extends: .deploy_qbec_app
environment:
name: review/$CI_COMMIT_REF_NAME
url: http://$CI_ENVIRONMENT_SLUG.docs.example.org
on_stop: stop_review
script:
- DIGEST="$(cat artifacts/website.digest)"
- qbec apply review --root deploy/website --force:k8s-context __incluster__ --wait --yes --vm:ext-str digest="$DIGEST" --vm:ext-str subdomain="$CI_ENVIRONMENT_SLUG" --app-tag "$CI_ENVIRONMENT_SLUG"
only:
refs:
- branches
except:
refs:
- master
stop_review:
extends: .deploy_qbec_app
environment:
name: review/$CI_COMMIT_REF_NAME
action: stop
stage: deploy
before_script:
- git clone "$CI_REPOSITORY_URL" master
- cd master
script:
- qbec delete review --root deploy/website --force:k8s-context __incluster__ --yes --vm:ext-str digest="$DIGEST" --vm:ext-str subdomain="$CI_ENVIRONMENT_SLUG" --app-tag "$CI_ENVIRONMENT_SLUG"
variables:
GIT_STRATEGY: none
only:
refs:
- branches
except:
refs:
- master
when: manualZizokwethulwa ngokuphushwa kunoma yimaphi amagatsha ngaphandle kwe-master futhi zizosebenzisa inguqulo yokubuka kuqala yesayithi.
Sibona inketho entsha ye-qbec: --app-ithegi - ikuvumela ukuthi umake izinguqulo ezisetshenzisiwe zohlelo lokusebenza futhi usebenze ngaphakathi kwale thegi kuphela; lapho udala futhi ucekela phansi izinsiza ku-Kubernetes, i-qbec izosebenza ngazo kuphela.
Ngale ndlela asikwazi ukudala indawo ehlukile yesibuyekezo ngasinye, kodwa vele sisebenzise efanayo.
Lapha sisebenzisa futhi qbec faka isibuyekezo, esikhundleni se qbec sebenzisa okuzenzakalelayo - lesi yisikhathi lapho sizozama ukuchaza umehluko wendawo yethu (ukubuyekeza nokuzenzakalelayo):
Faka ukubuyekeza imvelo ku deploy/website/qbec.yaml
spec:
environments:
review:
defaultNamespace: docs
server: https://kubernetes.example.org:8443Khona-ke sizokumemezela phakathi deploy/website/params.libsonnet:
local env = std.extVar('qbec.io/env');
local paramsMap = {
_: import './environments/base.libsonnet',
default: import './environments/default.libsonnet',
review: import './environments/review.libsonnet',
};
if std.objectHas(paramsMap, env) then paramsMap[env] else error 'environment ' + env + ' not defined in ' + std.thisFileBese ubhala phansi amapharamitha angokwezifiso kuwo deploy/website/environments/review.libsonnet:
// this file has the param overrides for the default environment
local base = import './base.libsonnet';
local slug = std.extVar('qbec.io/tag');
local subdomain = std.extVar('subdomain');
base {
components+: {
website+: {
name: 'example-docs-' + slug,
domain: subdomain + '.docs.example.org',
},
},
}Ake siphinde sibhekisise i-jobu misa_ukubuyekeza, izoqalwa lapho igatsha lisuswa futhi ukuze i-gitlab ingazami ukuyihlola isetshenziswa GIT_STRATEGY: akukho, kamuva sihlanganisa master-igatsha bese ususa isibuyekezo ngayo.
Kuyadida kancane, kodwa angikakayitholi enye indlela enhle kakhulu.
Enye inketho kungaba ukuhambisa isibuyekezo ngasinye endaweni yamagama yehhotela, engahlala idilizwa ngokuphelele.
Ungakhohlwa ukwenza izinguquko zethu:
git add .
git commit -m "Enable automatic review"git ukusunduza, git checkout -b test, git push origin test, hlola:
Isithombe-skrini sezindawo ezidaliwe ku-Gitlab
Konke kuyasebenza? - kuhle, susa igatsha lethu lokuhlola: git checkout master, git push origin :test, sihlola ukuthi imisebenzi yokususa imvelo isebenze ngaphandle kwamaphutha.
Lapha ngithanda ukucacisa ngokushesha ukuthi noma yimuphi umthuthukisi kuphrojekthi angakha amagatsha, angashintsha futhi .gitlab-ci.yml ifayela kanye nokufinyelela okuguquguqukayo okuyimfihlo.
Ngakho-ke, kunconywa kakhulu ukuvumela ukusetshenziswa kwabo kuphela kumagatsha avikelwe, isibonelo ku master, noma dala isethi ehlukile yokuguquguquka kwendawo ngayinye.
13. Buyekeza Izinhlelo zokusebenza
Lesi isici se-GitLab esikuvumela ukuthi wengeze inkinobho yefayela ngalinye endaweni yokugcina ukuze ulibuke ngokushesha endaweni esetshenzisiwe.
Ukuze lezi zinkinobho zivele, udinga ukudala ifayela .gitlab/route-map.yml futhi uchaze zonke izinguquko zendlela kuyo; esimweni sethu kuzoba lula kakhulu:
# Indices
- source: /content/(.+?)_index.(md|html)/
public: '1'
# Pages
- source: /content/(.+?).(md|html)/
public: '1/'Ungakhohlwa ukwenza izinguquko zethu:
git add .gitlab/
git commit -m "Enable review apps"git ukusunduza, futhi uhlole:
Isithombe-skrini senkinobho yokubuyekeza uhlelo lokusebenza
Umsebenzi uphelile!
Imithombo yephrojekthi:
- ku-Gitlab:
- ku-GitHub:
Ngiyabonga ngokunaka kwakho, ngithemba ukuthi ukuthandile
Source: www.habr.com