安装GitLab环境
在Kubernetes.集群中新建命名空间kube-ops,,将GitLab 部署到该命名空间下,Deployment和Service名称均为gitlab,以NodePort方式将80端口对外暴露为30880,设置GitLab服务root用户的密码为admin123456。
上传镜像
[root@k8s-master-node1 cicd-runner]# docker load -i images/image.tar
[root@k8s-master-node1 cicd-runner]# kubectl create namespace kube-ops
namespace/kube-ops created
a[root@k8s-master-node1 cicd-runner]# cat gitlab.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitlab
namespace: kube-ops
spec:
selector:
matchLabels:
app: gitlab
replicas: 1
template:
metadata:
labels:
app: gitlab
spec:
containers:
- name: gitlab
image: yidaoyun/gitlab-ce:v1.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
env:
- name: GITLAB_ROOT_PASSWORD
value: "admin123456"
---
apiVersion: v1
kind: Service
metadata:
name: gitlab
namespace: kube-ops
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
nodePort: 30880
selector:
app: gitlab
[root@k8s-master-node1 cicd-runner]# kubectl apply -f gitlab.yaml
deployment.apps/gitlab created
service/gitlab created
查看暴露的端口
[root@k8s-master-node1 cicd-runner]# kubectl get svc -n kube-ops
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
gitlab NodePort 10.96.215.60 <none> 80:30880/TCP 84s
浏览器访问
部署GitLab Runner
在Kubernetes集群kube-ops命名空间下使用StatefulSet资源对象完成GitLab Runner的部署,StatefulSet名称为gitlabcirunner,副本数为2,并完成GitLab Runner在GitLab中的注册。
为了完成 GitLab Runner 在 GitLab 中的注册,您需要在 GitLab 界面上创建一个项目,并获取该项目的注册令牌。将此令牌更新到 YAML 文件中的 REGISTRATION_TOKEN 环境变量中,以便在 GitLab Runner 容器启动时自动注册
查看runner注册令牌
将token转码
[root@k8s-master-node1 manifests]# echo L8fN7CCZD4Vo9PWjFdpo | base64 -w0
TDhmTjdDQ1pENFZvOVBXakZkcG8K[root@k8s-master-node1 manifests]#
[root@k8s-master-node1 manifests]# cat gitlab-ci-token-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: gitlab-ci-token
namespace: kube-ops
labels:
app: gitlab-ci-runner
data:
GITLAB_CI_TOKEN: TDhmTjdDQ1pENFZvOVBXakZkcG8K
修改资源清单配置文件,CI_SERVER_URL对应的值需要指向我们的 Gitlab 实例的 URL,且需要手动添加
[root@k8s-master-node1 manifests]# cat runner-configmap.yaml
apiVersion: v1
data:
REGISTER_NON_INTERACTIVE: "true"
REGISTER_LOCKED: "false"
METRICS_SERVER: "0.0.0.0:9100"
CI_SERVER_URL: "http://192.168.200.44:30880/"
RUNNER_REQUEST_CONCURRENCY: "4"
RUNNER_EXECUTOR: "kubernetes"
KUBERNETES_NAMESPACE: "kube-ops"
KUBERNETES_PRIVILEGED: "true"
KUBERNETES_CPU_LIMIT: "1"
KUBERNETES_CPU_REQUEST: "500m"
KUBERNETES_MEMORY_LIMIT: "1Gi"
KUBERNETES_SERVICE_CPU_LIMIT: "1"
KUBERNETES_SERVICE_MEMORY_LIMIT: "1Gi"
KUBERNETES_HELPER_CPU_LIMIT: "500m"
KUBERNETES_HELPER_MEMORY_LIMIT: "100Mi"
KUBERNETES_PULL_POLICY: "if-not-present"
KUBERNETES_TERMINATIONGRACEPERIODSECONDS: "10"
KUBERNETES_POLL_INTERVAL: "5"
KUBERNETES_POLL_TIMEOUT: "360"
kind: ConfigMap
metadata:
labels:
app: gitlab-ci-runner
name: gitlab-ci-runner-cm
namespace: kube-ops
此脚本文件不需要修改
[root@k8s-master-node1 manifests]# cat runner-scripts-configmap.yaml
apiVersion: v1
data:
run.sh: |
#!/bin/bash
unregister() {
kill %1
echo "Unregistering runner ${RUNNER_NAME} ..."
/usr/bin/gitlab-ci-multi-runner unregister -t "$(/usr/bin/gitlab-ci-multi-runner list 2>&1 | tail -n1 | awk '{print $4}' | cut -d'=' -f2)" -n ${RUNNER_NAME}
exit $?
}
trap 'unregister' EXIT HUP INT QUIT PIPE TERM
echo "Registering runner ${RUNNER_NAME} ..."
/usr/bin/gitlab-ci-multi-runner register -r ${GITLAB_CI_TOKEN}
sed -i 's/^concurrent.*/concurrent = '"${RUNNER_REQUEST_CONCURRENCY}"'/' /home/gitlab-runner/.gitlab-runner/config.toml
echo "Starting runner ${RUNNER_NAME} ..."
/usr/bin/gitlab-ci-multi-runner run -n ${RUNNER_NAME} &
wait
kind: ConfigMap
metadata:
labels:
app: gitlab-ci-runner
name: gitlab-ci-runner-scripts
namespace: kube-ops
使用envFrom来指定Secrets和ConfigMaps来用作环境变量,对应的资源清单文件如下:(runner-statefulset.yaml)
[root@k8s-master-node1 manifests]# cat runner-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: gitlab-ci-runner
namespace: kube-ops
labels:
app: gitlab-ci-runner
spec:
selector:
matchLabels:
app: gitlab-ci-runner
updateStrategy:
type: RollingUpdate
replicas: 2
serviceName: gitlab-ci-runner
template:
metadata:
labels:
app: gitlab-ci-runner
spec:
volumes:
- name: gitlab-ci-runner-scripts
projected:
sources:
- configMap:
name: gitlab-ci-runner-scripts
items:
- key: run.sh
path: run.sh
mode: 0755
serviceAccountName: gitlab-ci
securityContext:
runAsNonRoot: true
runAsUser: 999
supplementalGroups: [999]
containers:
- image: gitlab/gitlab-runner:latest
name: gitlab-ci-runner
command:
- /scripts/run.sh
envFrom:
- configMapRef:
name: gitlab-ci-runner-cm
- secretRef:
name: gitlab-ci-token
env:
- name: RUNNER_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
ports:
- containerPort: 9100
name: http-metrics
protocol: TCP
volumeMounts:
- name: gitlab-ci-runner-scripts
mountPath: "/scripts"
readOnly: true
restartPolicy: Always
[root@k8s-master-node1 manifests]#
[root@k8s-master-node1 manifests]# cat runner-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: gitlab-ci
namespace: kube-ops
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: gitlab-ci
namespace: kube-ops
rules:
- apiGroups: [""]
resources: ["*"]
verbs: ["*"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: gitlab-ci
namespace: kube-ops
subjects:
- kind: ServiceAccount
name: gitlab-ci
namespace: kube-ops
roleRef:
kind: Role
name: gitlab-ci
apiGroup: rbac.authorization.k8s.io
[root@k8s-master-node1 manifests]# ls
gitlab-ci-token-secret.yaml runner-rbac.yaml runner-statefulset.yaml
runner-configmap.yaml runner-scripts-configmap.yaml
[root@k8s-master-node1 manifests]# kubectl apply -f .
secret/gitlab-ci-token unchanged
configmap/gitlab-ci-runner-cm unchanged
serviceaccount/gitlab-ci unchanged
role.rbac.authorization.k8s.io/gitlab-ci unchanged
rolebinding.rbac.authorization.k8s.io/gitlab-ci unchanged
configmap/gitlab-ci-runner-scripts unchanged
statefulset.apps/gitlab-ci-runner unchanged
[root@k8s-master-node1 manifests]# kubectl get pod -n kube-ops
NAME READY STATUS RESTARTS AGE
gitlab-6b5c9dd9bc-pvzdb 1/1 Running 1 (3h23m ago) 13h
gitlab-ci-runner-0 1/1 Running 0 173m
gitlab-ci-runner-1 1/1 Running 0 172m
界面验证
配置GitLab
在GitLab中新建公开项目springcloud,然后将Kubemetes集群添加到GitLab中,项目命名空间选择kube-ops。
查看集群api地址
[root@k8s-master-node1 cicd-runner]# kubectl cluster-info
Kubernetes control plane is running at https://apiserver.cluster.local:6443
CoreDNS is running at https://apiserver.cluster.local:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
查看集群ca证书命令
[root@k8s-master-node1 cicd-runner]# kubectl config view --raw -o json | jq -r '.clusters[] | select(.name == "kubernetes") | .cluster."certificate-authority-data"' | base64 --decode
-----BEGIN CERTIFICATE-----
MIIC/jCCAeagAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl
cm5ldGVzMB4XDTIzMDQwODEzMDAzOFoXDTMzMDQwNTEzMDAzOFowFTETMBEGA1UE
AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL6s
SEDhofKKKmmpepRlfdZvEhahRjBBMZfGwgBdufRd2Bfn8ShuW3GFG11NcQaKLp+W
S+X2Mi2kwM4vmYLJyaFhpsICu6n8p5QduZF9DX7dpoHTIXqnZu1xnuK7o/AaB8Rt
yBLVQnqRD77ycvuJBwIyxIwu4aYNwEVvGA3pSevhZw7hGHXzVwoPtjRnqqx/GrLU
CYTFBMChyzwBTC2UyR1e5bYrE6DXEgM5KhqPNPKY96J/slENRGLbdPy9sSLMoIz9
Du6BKe4i/6bjtAcbYMyg8bLiLT4ReIryP+/pfXuP6cuS66P+W2NhnwMP7/D/3srB
eFyixpF9wRXghEJFCPECAwEAAaNZMFcwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB
/wQFMAMBAf8wHQYDVR0OBBYEFN1GWdadKcduIifNv6Fop8gqLpC0MBUGA1UdEQQO
MAyCCmt1YmVybmV0ZXMwDQYJKoZIhvcNAQELBQADggEBABnGMNphZPreqgJ38jXp
dPEKKqekpEVTKROyjosKb9Yk1KQkHL6iIr0bxlb+XUhYx1O5gLqS6QWkC5nP1Xsa
V4HD3BBxedMZFkEPvW07FCQHwY77AgkfERS41Qfm739SO3soaq442rzqwbJQa3u9
26mWLoGvhy8tqj89gN2zXEZbHZvwJU78AbOG6tc62/5UuHm9TK/D0TePTU5db5IH
HCP+3n1jWajobRG6YvMlbxEIAt1Dq4ui25cEYmQ6Et2Tgt5AHlHoU/fYvYs3nPG1
hpSsjfg2pkoSrFgyvZZF8ZyooZZC0k81nVVj71Z3HJx/au6LiCff/pNi0v+TKsGX
R/I=
-----END CERTIFICATE-----
查看令牌
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep gitlab | awk '{print $1}')
kubernetes集群设置
创建集群
集群添加成功
构建CICD
将提供的代码推送到GilLab项目springcloud中,编写流水线脚本, gitlab-ci. yml触发自动构建,要求完成构建代码、构建镜像springcloud:master、推送镜像到library项目并发布服务到gitlab命名空间下
扫一扫
2230
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
