1、部署GitLab(3分)
将GitLab部署到Kubernetes集群中,设置GitLab服务root用户的密码,使用Service暴露服务,并将提供的项目包导入到GitLab中。
在Kubernetes集群中新建命名空间gitlab-ci,将GitLab部署到该命名空间下,Deployment和Service名称均为gitlab,以NodePort方式将80端口对外暴露为30880,设置GitLab服务root用户的密码为admin@123,将项目包demo-2048.tar.gz导入到GitLab中并命名为demo-2048。(需要用到的软件包:CICD-Runners-demo2048.tar.gz)
# 上传解压文件
tar -zxvf Gitlab-CI.tar.gz
# 导入镜像
ctr -n k8s.io image import gitlab-ci/images/images.tar
docker load < gitlab-ci/images/images.tar
# 新建空间
kubectl create ns gitlab-ci
# 进入命名空间
cd gitlab-ci
# 部署GitLab
vi gitlab-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitlab
namespace: gitlab-ci
labels:
name: gitlab
spec:
selector:
matchLabels:
name: gitlab
template:
metadata:
name: gitlab
labels:
name: gitlab
spec:
containers:
- name: gitlab
image: gitlab/gitlab-ce:latest
imagePullPolicy: IfNotPresent
env:
- name: GITLAB_ROOT_PASSWORD
value: Abc@1234
- name: GITLAB_ROOT_EMAIL
value: 123456@qq.com
ports:
- name: http
containerPort: 80
volumeMounts:
- name: gitlab-config
mountPath: /etc/gitlab
- name: gitlab-logs
mountPath: /var/log/gitlab
- name: gitlab-data
mountPath: /var/opt/gitlab
volumes:
- name: gitlab-config
hostPath:
path: /home/gitlab/conf
- name: gitlab-logs
hostPath:
path: /home/gitlab/logs
- name: gitlab-data
hostPath:
path: /home/gitlab/data
# 创建server服务释放端口
vi gitlab-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: gitlab
namespace: gitlab-ci
labels:
name: gitlab
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: http
nodePort: 30880
selector:
name: gitlab
# 执行yaml创建
kubectl apply -f gitlab-deploy.yaml
kubectl apply -f gitlab-svc.yaml
# 查看pod
kubectl -n gitlab-ci get pods
# 查看GitLab Pod的IP地址
kubectl -n gitlab-ci get pods -owide
# 在集群中自定义hosts添加gitlab Pod的解析
kubectl edit configmap coredns -n kube-system
........
apiVersion: v1
data:
Corefile: |
.:53 {
errors
health {
lameduck 5s
}
ready
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
}
## 添加以下字段
hosts {
10.244.1.43 gitlab-7b54df755-6ljtp
fallthrough
}
prometheus :9153
##删除以下三行字段
forward . /etc/resolv.conf {
max_concurrent 1000
}
cache 30
loop
reload
loadbalance
}
........
# 执行
kubectl -n kube-system rollout restart deploy coredns
# 进入gitlab pod中
kubectl exec -ti -n gitlab-ci gitlab-7b54df755-6ljtp bash
# 在首行添加(ip为pod IP地址)
external_url 'http://10.244.1.43:80'
# 重启
reboot
# 退出
exit
# 查看service
kubectl -n gitlab-ci get svc
# 通过http://10.24.2.14:30880访问GitLab,用户名123456@qq.com,密码Abc@1234,
# 点击“Create a project”按钮
# 点击“Create blank project”创建项目demo-2048,可见等级选择“Public”
# 点击“Create project”,进入项目
# 将源代码推送到项目中
# 进入demo-2048
cd /root/gitlab-ci/demo-2048
# 配置用户名
git config --global user.name "administrator"
# 配置邮箱
git config --global user.email "admin@example.com"
# 移除原远程仓库
git remote remove origin
# 添加新的远程仓库
git remote add origin http://10.24.2.14:30880/root/demo-2048.git
# 将当前目录添加入缓存区
git add .
# 上传文件,并添加描述
git commit -m "initial commit"
# 将缓存区文件上传至远程仓库
git push -u origin drone
# 刷新页面
2、部署GitLab Runner(3分)
将GitLab Runner部署到Kubernetes集群中,为GitLab Runner创建持久化构建缓存目录以加速构建速度,并将其注册到GitLab中。
将GitLab Runner部署到gitlab-ci命名空间下,Release名称为gitlab-runner,为GitLab Runner创建持久化构建缓存目录/home/gitlab-runner/ci-build-cache以加速构建速度,并将其注册到GitLab中。(需要用到的软件包:CICD-Runners-demo2048.tar.gz)
# 登录GitLab管理界面(http://10.24.2.14:30880/admin),然后点击左侧菜单栏中的CI/CD下的Runners
# 点击右侧按钮
# 记录下参数Registration token的值,后续注册Runners时会用到该参数。
# 进入gitlab-ci
cd /root/gitlab-ci/
# 首先创建一个名为gitlab-ci的serviceAccount
cat runner-sa.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: gitlab-ci
namespace: gitlab-ci
# 首先创建一个名为gitlab-ci的serviceAccount
cat runner-role.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: gitlab-ci
namespace: gitlab-ci
rules:
- apiGroups: [""]
resources: ["*"]
verbs: ["*"]
# 首先创建一个名为gitlab-ci的serviceAccount
cat runner-rb.yaml
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: gitlab-ci
namespace: gitlab-ci
subjects:
- kind: ServiceAccount
name: gitlab-ci
namespace: gitlab-ci
roleRef:
kind: Role
name: gitlab-ci
apiGroup: rbac.authorization.k8s.io
# 执行剧本
kubectl apply -f runner-sa.yaml
kubectl apply -f runner-role.yaml
kubectl apply -f runner-rb.yaml
# 获取sa信息
kubectl -n gitlab-ci get sa
# 给default用户赋权
vi default.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: default
labels:
k8s-app: gitlab-default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: default
namespace: gitlab-ci
# 执行剧本
kubectl apply -f default.yaml
# 解压文件
tar -zxvf gitlab-runner-0.43.0.tgz
# 修改values.yaml文件
vi gitlab-runner/values.yaml
...
## Use the following Kubernetes Service Account name if RBAC is disabled in this Helm chart (see rbac.create)
##
# serviceAccountName: default
serviceAccountName: gitlab-ci #添加,注意缩进格式
...
## The GitLab Server URL (with protocol) that want to register the runner against
## ref: https://docs.gitlab.com/runner/commands/index.html#gitlab-runner-register
##
# gitlabUrl: http://gitlab.your-domain.com/
gitlabUrl: http://10.24.2.14:30880/ #添加,缩进顶格
...
## The Registration Token for adding new Runners to the GitLab Server. This must
## be retrieved from your GitLab Instance.
## ref: https://docs.gitlab.com/ce/ci/runners/index.html
##
# runnerRegistrationToken: ""
runnerRegistrationToken: "riU8c4D2SNkKAv8GS9q_" #添加,缩进顶格
...
config: |
[[runners]]
[runners.kubernetes]
namespace = "{{.Release.Namespace}}"
image = "ubuntu:16.04"
privileged = true #添加,注意缩进格式
# 创建一个PVC用于挂载到Pod中使用
cat gitlab-runner/templates/pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: ci-build-cache-pv
namespace: gitlab-ci
labels:
type: local
spec:
storageClassName: manual
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/opt/ci-build-cache"
# 创建一个PVC用于挂载到Pod中使用
cat gitlab-runner/templates/pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ci-build-cache-pvc
namespace: gitlab-ci
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
# 编辑values.yaml文件,添加构建缓存信息配置:
vi gitlab-runner/values.yaml
## configure build cache
cibuild:
cache:
pvcName: ci-build-cache-pvc
mountPath: /home/gitlab-runner/ci-build-cache
# 官方提供的runner镜像注册runner
vi gitlab-runner/templates/configmap.yaml
cat >>/home/gitlab-runner/.gitlab-runner/config.toml <<EOF
[[runners.kubernetes.volumes.pvc]]
name = "{{.Values.cibuild.cache.pvcName}}"
mount_path = "{{.Values.cibuild.cache.mountPath}}"
EOF
# Start the runner
exec /entrypoint run --user=gitlab-runner \
--working-directory=/home/gitlab-runner
# 部署GitLab Runner
helm -n gitlab-ci install gitlab-runner gitlab-runner
# 列出所有helm图
helm -n gitlab-ci list
# 查看pods信息
kubectl -n gitlab-ci get pods
2、部署GitLab Agent(3分)
将Kubernetes集群添加到GitLab项目中指定名称和命名空间。(需要用到的软件包:CICD-Runners-demo2048.tar.gz)
将Kubernetes集群添加到demo-2048项目中,并命名为kubernetes-agent,项目命名空间选择gitlab-ci。
# 在GitLab Admin界面下,依次点击“Settings”→“Network”,展开“Outbound requests”,勾选“Allow requests to the local network from webhooks and integrations”,并保存。
# 进入demo-2048项目,新建配置文件(.gitlab/agents/<agent-name>/config.yaml),此处为.gitlab/agents/kubernetes-agent/config.yaml
# config.yaml文件格式如下
gitops:
manifest_projects:
- id: gitlab-org/cluster-integration/gitlab-agent
default_namespace: my-ns
paths:
# Read all YAML files from this directory.
- glob: '/team1/app1/*.yaml'
# Read all .yaml files from team2/apps and all subdirectories.
- glob: '/team2/apps/**/*.yaml'
# If 'paths' is not specified or is an empty list, the configuration below is used.
- glob: '/**/*.{yaml,yml,json}'
reconcile_timeout: 3600s
dry_run_strategy: none
prune: true
prune_timeout: 3600s
prune_propagation_policy: foreground
inventory_policy: must_match
# 依次点击左侧菜单栏“Operate”→“Kubernetes clusters”
# 点击“Connect a cluster”,并选择配置文件kubernetes-agent,
# 点击“Register”
# 通过如下命令安装agent,将config.token和config.kasAddress的值修改为上一步页面显示的值
helm upgrade --install kubernetes-agent gitlab-agent-1.1.0.tgz --namespace gitlab-ci --create-namespace --set image.tag=v16.2.0 --set config.token=vTPAASMpwTW-tEQ3NHYc3y5YKCHCFep466q52dgaRCstXyXDzg --set config.kasAddress=ws://10.244.0.23/-/kubernetes-agent/
# 列出所有helm图
helm -n gitlab-ci list
# 查看pod信息
kubectl get pod -n gitlab-ci
# 点击“Close”并刷新界面
# 可以看到,Kubernetes集群已连接成功。
# 在GitLab中开启Container Registry,进入demo-2048项目,依次点击“Settings”→“CI/CD”
# 展开“Variables”,配置镜像仓库相关的参数。
# 添加REGISTRY变量,其值为Harbor仓库地址
# 添加完成
# 然后继续添加变量REGISTRY_IMAGE(demo)、REGISTRY_USER(admin)、REGISTRY_PASSWORD(Harbor12345)、REGISTRY_PROJECT(demo)和HOST(10.24.2.14),添加完成后保存变量
# 修改harbor仓库的helm配置
vi /opt/harbor/values.yaml
…
#将127.0.0.1改为master节点实际IP地址
externalURL: http://10.26.7.197:80
…
# 修改完成后,更新harbor仓库:
helm -n harbor upgrade harbor /opt/harbor
# 登录Harbor仓库新建一个公开项目demo
# 将镜像tomcat:8.5.64-jdk8推送到该项目中:
ctr -n k8s.io images tag docker.io/library/tomcat:8.5.64-jdk8 10.24.2.14/library/tomcat:8.5.64-jdk8
ctr -n k8s.io images push 10.24.2.14/library/tomcat:8.5.64-jdk8 --plain-http=true --user admin:Harbor12345
# 修改containerd配置文件
vi /etc/containerd/config.toml
……
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."harbor.com"]
endpoint = ["http://harbor.com"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."10.24.2.14"]
endpoint = ["http://10.24.2.14"]
# 重新加载服务配置
systemctl daemon-reload
# 重启服务
systemctl restart containerd
3、构建CI/CD(3分)
编写流水线脚本触发自动构建,要求基于GitLab项目完成代码的编译、镜像的构建与推送,并自动发布应用到Kubernetes集群中。
编写流水线脚本.gitlab-ci.yml触发自动构建,具体要求如下:(需要用到的软件包:CICD-Runners-demo2048.tar.gz)
①基于镜像maven:3.6-jdk-8构建项目的drone分支;
②构建镜像的名称:demo:latest;
③将镜像推送到Harbor仓库demo项目中;
④将demo-2048应用自动发布到Kubernetes集群gitlab-ci命名空间下。
# 编写.gitlab-ci.yml:
vi .gitlab-ci.yml
stages:
- build
- release
- review
variables:
MAVEN_OPTS: "-Dmaven.repo.local=/opt/cache/.m2/repository"
maven_build:
image: maven:3.6-jdk-8
stage: build
only:
- drone
script:
- cp -r /opt/repository /opt/cache/.m2/
- mvn clean install -DskipTests=true
- cd target && jar -xf 2048.war
- cp -rfv 2048 /home/gitlab-runner/ci-build-cache
image_build:
image: demo:latest
stage: release
variables:
DOCKER_DRIVER: overlay
DOCKER_HOST: tcp://localhost:2375
#CI_DEBUG_TRACE: "true"
services:
- name: demo:latest
command: ["--insecure-registry=0.0.0.0/0"]
script:
- cp -rfv /home/gitlab-runner/ci-build-cache/2048 .
- sed -i "s/10.24.2.3/$REGISTRY/g" ./Dockerfiles/Dockerfile
- docker build -t "${REGISTRY_IMAGE}:latest" -f ./Dockerfiles/Dockerfile .
- docker tag "${REGISTRY_IMAGE}:latest" "${REGISTRY}/${REGISTRY_PROJECT}/${REGISTRY_IMAGE}:latest"
- docker login -u "${REGISTRY_USER}" -p "${REGISTRY_PASSWORD}" "${REGISTRY}"
- docker push "${REGISTRY}/${REGISTRY_PROJECT}/${REGISTRY_IMAGE}:latest"
deploy_review:
image: kubectl:1.22
stage: review
only:
- drone
script:
- sed -i "s/REGISTRY/$REGISTRY/g" template/demo-2048.yaml
- kubectl apply -f template/
# 流水线脚本编写完成后会自动触发构建,进入demo-2048项目,依次点击“build”→“Pipelines”,可以看到GitLab CI开始执行构建任务了
# 点击“running”可查看构建详情
# 点击流水线的任一阶段可查看构建详情,
# 此时Runner Pod所在的namespace下面也会出现1个新的Pod:
kubectl -n gitlab-ci get pods
# 这个新Pod就是用来执行具体的Job任务的。
# 构建完成后
# 查看新发布的Pod:
kubectl -n gitlab-ci get pods
# 登录Harbor仓库,进入demo项目
# 可以看到镜像已构建并上传成功。
# 查看Service
kubectl -n gitlab-ci get svc
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
