gitlab pipeline对接华为云CCE实现CI/CD

Gitlab是一个受众较广的代码托管工具,为了便于进行ci/cd,其增加了通过编辑.gitlab-ci.yml文件来简洁的实现ci/cd功能配置的功能,同时其gitlab-runner可以非常方便的和linux主机、k8s集群进行集成。本篇就结合huaweicloud CCE(商用k8s)进行集成测试。

一、安装配置gitlab-runner

因为只是出于测试目的,这里选用了公网gitlab服务,免去了安装gitlab的麻烦,因为gitlab自有的Shared runners是付费服务,这里我先选用Specific runners(自有安装的runner)。

获取项目专用Runner的注册信息

  1. 登录GitLab。
  2. 在顶部导航栏中,选择Projects > Your projects。
  3. 在Your projects页签下,选择相应的Project。
  4. 在左侧导航栏中,选择Settings > CI / CD。
  5. 单击Runners右侧的Expand。
    gitlab-runner
    这里主要是获取域名信息和token信息,获取后,下载我放在github上的gitlab-runner目录下的代码,修改values.yaml文件里对应的gitlabUrl和runnerRegistrationToken项。

配置缓存云磁盘

同时注意,如果用的不是华为CCE,还需要修改templates/pvc.yaml目录下的PVC项内容,比如阿里云对于磁盘的定义就是volume.beta.kubernetes.io/storage-provisioner: alicloud/disk。这里挂载碰盘的目的,主要用于本地缓存,具体可以配合templates/configmap.yaml文件一起查看下。

helm安装gitlab-runner

调整完成后,执行helm安装(需要提前安装helm指令,helm选择最新版本在华为云CCE上会报错,可以选用华为云官方推荐版本):

[root@testcce-68506-l3jp4 gitlab-runner]# ll
total 20
-rw-r--r-- 1 root root  369 Apr 13 22:33 Chart.yaml
-rw-r--r-- 1 root root  229 Apr 13 22:33 README.md
drwxr-xr-x 2 root root 4096 Apr 14 01:16 templates
-rw-r--r-- 1 root root 6470 Apr 19 05:20 values.yaml
[root@testcce-68506-l3jp4 gitlab-runner]# helm package .
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
Successfully packaged chart and saved it to: /data/gitlab-runner/gitlab-runner-0.1.37.tgz
[root@testcce-68506-l3jp4 gitlab-runner]# helm install --namespace gitlab gitlab-runner *.tgz
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
NAME: gitlab-runner
LAST DEPLOYED: Tue Apr 19 05:20:47 2022
NAMESPACE: gitlab
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Your GitLab Runner should now be registered against the GitLab instance reachable at: "https://gitlab.com/"

安装完成后就会多出来一个tag为k8s-runner的runner。
直接需要使用linux指令安装的,也可以参考官方文档,注意安装过程中的名称和tag,在有多个runner时,是需要通过tag字段来区分具体使用哪个runner。

备注:如果使用云磁盘进行缓存,安装完成后,可以通过如下指令查看到对应的碰盘信息:

[root@testcce-68506-l3jp4 gitlab-runner]# kubectl get sc
NAME                PROVISIONER                     RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
csi-disk            everest-csi-provisioner         Delete          Immediate              true                   5d23h
csi-nas             everest-csi-provisioner         Delete          Immediate              true
……
[root@testcce-68506-l3jp4 gitlab-runner]# kubectl get pv
NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                         STORAGECLASS   REASON   AGE
pvc-04900bed-40c6-46d9-8c8b-b722e61698d1   20Gi       RWO            Delete           Bound    gitlab/gitlab-runner-cache    csi-disk                6m20s
pvc-c5005850-5fdb-4a85-bc39-41044997e13f   10Gi       RWO            Delete           Bound    monitoring/pvc-prometheus-0   csi-disk                5d23h
[root@testcce-68506-l3jp4 gitlab-runner]# kubectl get pvc
No resources found in default namespace.
[root@testcce-68506-l3jp4 gitlab-runner]# kubectl get pvc -A
NAMESPACE    NAME                  STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
gitlab       gitlab-runner-cache   Bound    pvc-04900bed-40c6-46d9-8c8b-b722e61698d1   20Gi       RWO            csi-disk       6m30s
monitoring   pvc-prometheus-0      Bound    pvc-c5005850-5fdb-4a85-bc39-41044997e13f   10Gi       RWO            csi-disk       5d23h

二、配置gitlab pipeline

这里使用的测试代码是:https://github.com/361way/java ,这里的代码只到编译成docker images部分。对于配置pipeline和发布到deployment服务部分没有定义,我们在拉取完代码并上传到gitlab项目后,新增.gitlab-ci.yml文件和deployment.yaml文件,具体在gitlab上的结构如下图:
gitlab-project-repo
.gitlab-ci.yml文件的内容如下:

image: docker:stable
stages:
  - package
  - docker_build
  - deploy_k8s
variables:
  KUBECONFIG: /etc/deploy/config
  MAVEN_OPTS: "-Dmaven.repo.local=/opt/cache/.m2/repository"
mvn_build_job:
  image: maven:3.3-jdk-8
  stage: package
  tags:
    - k8s-runner
  script:
    - mvn package -Dmaven.test.skip=true -U -e -X -B
    - cp target/demoapp.jar /opt/cache
docker_build_job:
  image: docker:latest
  stage: docker_build
  tags:
    - k8s-runner
  script:
    - docker login -u $REGISTRY_USERNAME -p $REGISTRY_PASSWORD swr.la-north-2.myhuaweicloud.com
    - mkdir target
    - cp /opt/cache/demoapp.jar target/demoapp.jar
    - docker build -t swr.la-north-2.myhuaweicloud.com/testca/gitlabci-java-demo:$CI_PIPELINE_ID .
    - docker push swr.la-north-2.myhuaweicloud.com/testca/gitlabci-java-demo:$CI_PIPELINE_ID
deploy_k8s_job:
  image:
    name: bitnami/kubectl:latest
    entrypoint: [""]
  stage: deploy_k8s
  tags:
    - k8s-runner
  before_script:
    - echo $kube_config |base64 -d >  /.kube/config
  script:
    # - docker login -u $REGISTRY_USERNAME -p $REGISTRY_PASSWORD swr.la-north-2.myhuaweicloud.com
    # - mkdir -p /etc/deploy
    - sed -i "s/IMAGE_TAG/$CI_PIPELINE_ID/g" deployment.yaml
    - cat deployment.yaml
    - kubectl --kubeconfig /.kube/config apply -f deployment.yaml
    - echo "finish!

这里主要分为三个阶段(stages),分别是:
1. 使用maven镜像,通过mvn指令进行编译打包;
2. 使用docker指令,通过Dockerfile文件的定义打包成image镜像,并上传到华为云镜像仓库SWR(和registry、harbor的作用一样);
3. 通过预定义的deployment.yaml文件,在k8s上发布服务。

deployment.yaml文件的内容如下:

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    version: v1
  name: javatest
  namespace: default
spec:
  selector:
    matchLabels:
      app: javatest
      version: v1
  template:
    metadata:
      annotations:
        metrics.alpha.kubernetes.io/custom-endpoints: '[{"api":"","path":"","port":"","names":""}]'
      labels:
        app: javatest
        version: v1
    spec:
      containers:
        - image: 'swr.la-north-2.myhuaweicloud.com/testca/gitlabci-java-demo:IMAGE_TAG'
          name: container-0
          resources:
            requests:
              cpu: 1000m
              memory: 1024Mi
            limits:
              cpu: 1000m
              memory: 1024Mi
  replicas: 1
  minReadySeconds: 0
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 1
---
apiVersion: v1
kind: Service
metadata:
  name: javatest
  labels:
    app: javatest
  namespace: default
  annotations: {}
spec:
  selector:
    app: javatest
  externalTrafficPolicy: Cluster
  ports:
    - name: cce-service-0
      targetPort: 8080
      nodePort: 0
      port: 8080
      protocol: TCP
  type: NodePort

三、配置环境变量

这个时候触发的gitlab pipeline还是有问题的,因为里面很多变量是获取不到值的,变量的配置可以通过Settings > CI / CD > Variables完成配置:
gitlab-pipeline-variables
这里注意选择的masked可以在日志中隐藏掉敏感信息,另外这里的kube_config使用不是直接原始值,是通过base64进行了简单的加密操作的:

echo $(cat ~/.kube/config | base64) | tr -d " "

同时也可以发现,在.gitlab-ci.yml文件中有一个echo $kube_config |base64 -d > /.kube/config对应的解密动作。
gitlab-pipeline-jobs

参考文档:
华为云CCE之PV、PVC和StorageClass
使用GitLab CI运行GitLab Runner并执行Pipeline
【上面的内容和 https://www.alibabacloud.com/help/zh/container-service-for-kubernetes/latest/use-gitlab-ci-to-run-a-gitlab-runner-and-run-a-pipeline-on-kubernetes 该链接里的内容一样】

发表回复

您的电子邮箱地址不会被公开。