为什么要搭建gitlab+drone
为实现devops的自动化部署,这里采用了gitlab+dronoe(服务器资源允许的情况下,可采用jenkins)的模式。后续会介入minikube中
gitlab
GitLab 是一个用于仓库管理系统的开源项目,使用Git作为代码管理工具,并在此基础上搭建起来的web服务
- 安装
- docker pull gitlab/gitlab-ce:13.7.1-ce.0
- 为了能修改gitlab的external_url,修改出口80端口
- docker run -it -d --detach --restart unless-stopped -p 13080:13080 -p 13443:443 -p 13022:22 --name gitlab gitlab/gitlab-ce:13.7.1-ce.0
- 配置
- 配置nginx反向代理
upstream gitlab { server xxxx:13080; } server { listen 80; listen [::]:80; server_name git.tool.mybns.cn; #charset koi8-r; access_log /var/log/nginx/git.tool.mybns.cn.success.log main; error_log /var/log/nginx/git.tool.mybns.cn.error.log error; location / { client_max_body_size 1024m; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # 反向代理到 gitlab 内置的 nginx proxy_pass http://gitlab; index index.html index.htm; } }- 修改配置
- vim /etc/gitlab/gitlab.rb
external_url 'http://192.168.***.***' gitlab_rails['gitlab_shell_ssh_port'] = 13022- gitlab-ctl reconfigure
- gitlab-ctl restart
- 安装结果
drone
和 Jenkins 相比, Drone 就轻量的多了,从应用本身的安装部署到流水线的构建都简洁的多。由于是和源码管理系统相集成,所以 Drone 天生就省去了各种账户\权限的配置,直接与 gitlab 、 github 、 Bitbucket 这样的源码管理系统操作源代码的权限一致
- 安装
- docker pull drone/drone:1.10.1
- 安装文档:docs.drone.io/server/prov…
- gitlab创建应用
- 记得保存appid和密钥
- 创建drone密钥,用于安装runner使用:openssl rand -hex 16
- 开始安装
docker run \ --volume=/var/lib/drone:/data \ --env=DRONE_GITLAB_SERVER=https://gitlab.com \ --env=DRONE_GITLAB_CLIENT_ID={{DRONE_GITLAB_CLIENT_ID}} \ --env=DRONE_GITLAB_CLIENT_SECRET={{DRONE_GITLAB_CLIENT_SECRET}} \ --env=DRONE_RPC_SECRET={{DRONE_RPC_SECRET}} \ --env=DRONE_SERVER_HOST={{DRONE_SERVER_HOST}} \ --env=DRONE_SERVER_PROTO={{DRONE_SERVER_PROTO}} \ --publish=2080:80 \ --publish=2443:443 \ --restart=always \ --detach=true \ --name=drone \ drone/drone:1- nginx反向代理
upstream drone { server xxx:2080; } server { listen 80; listen [::]:80; server_name drone.tool.mybns.cn; #charset koi8-r; access_log /var/log/nginx/drone.tool.mybns.cn.success.log main; error_log /var/log/nginx/drone.tool.mybns.cn.error.log error; location / { client_max_body_size 1024m; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://drone; index index.html index.htm; } } - 安装结果
安装drone-docker-runner
- docker pull drone/drone-runner-docker:1.6
- 安装
docker run -d \
-v /var/run/docker.sock:/var/run/docker.sock \
-e DRONE_RPC_PROTO=https \
-e DRONE_RPC_HOST=xxxxxxx \
-e DRONE_RPC_SECRET=xxxxx \
-e DRONE_RUNNER_CAPACITY=2 \
-p 23000:3000 \
--restart always \
--name runner \
drone/drone-runner-docker:1.6
- 测试:docker logs runner
对接minikube测试
- 注意:minikube apiserver端口为8443,具体可以在minikube服务器上查看~/.kube/config 文件
- .drone.yml文件
kind: pipeline
type: docker
name: default
steps:
- name: build
image: golang
commands:
- go version
- name: deploy
image: danielgormly/drone-plugin-kube:0.2.0
settings:
template: ./testdrone.yaml
server: https://xxxxx:8443
token: xxxxx // 通过命令kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep default-token | awk '{print $1}') 获取default-token 改成你的accountService
ca: xxxxx
- testdrone.yaml文件
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: '1'
k8s.kuboard.cn/displayName: nginx
k8s.kuboard.cn/ingress: 'true'
k8s.kuboard.cn/service: ClusterIP
k8s.kuboard.cn/workload: nginx
generation: 1
labels:
k8s.kuboard.cn/layer: ''
k8s.kuboard.cn/name: testdrone
name: testdrone
namespace: default
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s.kuboard.cn/layer: ''
k8s.kuboard.cn/name: testdrone
template:
metadata:
labels:
k8s.kuboard.cn/layer: ''
k8s.kuboard.cn/name: testdrone
spec:
containers:
- image: 'nginx:1.19.6-alpine'
imagePullPolicy: IfNotPresent
name: testdrone
- 执行效果
- 查看pod
