准备环境
- Minikube:1.27.0
- Docker-Desktop:20.10.13
- Mac操作系统
- gitlab-runner:使用安装下文安装的gitlab-runner GitLab CI/CD+Docker的CI/CD部署工作流 | AxisZql's blog
kubectl连接Minikube测试
-
先在docker中安装kubectl容器,测试该容器内的kubectl是否能连接到主机到Minikube集群,测试流程如下:
-
1.先在安装了Minikube的机器上查看kubectl的相关配置,得到相关证书的地址:
-
2.获取安装了Minikube主机的内网地址,比如我的内网地址如下:
宿主Minikube的启动命令如下:
$ minikube start --driver=docker --image-mirror-country=cn --apiserver-ips=192.168.43.30
- 3.将/.kube/config文件复制到一个目标文件夹,我这里选择的文件夹是
/Volumes/axis-data/internship/gitlab-runner/kubeconfig,然后将第二步查询到的内网地址填到config文件,即下图对应位置:
- 4.执行以下命令,测试在docker容器中的kubectl能否连接到宿主主机的Kubernetes集群
$ docker run --rm --name kubectl --network=host -v /Volumes/axis-data/internship/gitlab-runner/kubeconfig/config:/.kube/config -v /Users/axiszql/.minikube/profiles/minikube/client.crt:/.kube/client.crt -v /Users/axiszql/.minikube/profiles/minikube/client.key:/.kube/client.key -v /Users/axiszql/.minikube/ca.crt:/.kube/ca.crt bitnami/kubectl:latest get pods --all-namespaces
成功的效果如下:
如果出现如下的错误,则按照以下步骤重启Minikube即可:
重启步骤:
测试成功后,即可编写如下.gitlab-ci.yml文件:
services:
- docker:20.10.7-dind
stages:
- build
- deploy_k8s
build:
stage: build
tags:
- docker
services:
- docker:20.10.7-dind
before_script:
- echo "$CI_REGISTRY_USER"
- echo "$CI_REGISTRY_PASSWORD"
- echo "$CI_REGISTRY_IMAGE"
- echo "$CI_REGISTRY"
script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
- docker build -t $CI_REGISTRY_IMAGE:latest .
- docker push $CI_REGISTRY_IMAGE:latest
only:
- main
deploy_k8s:
stage: deploy_k8s
tags:
- docker
image:
name: bitnami/kubectl
entrypoint: [""]
services:
- docker:20.10.7-dind
before_script:
- cp -rf /build/kubeconfig/config /.kube/config
- cp -rf /build/client.crt /.kube/client.crt
- cp -rf /build/client.key /.kube/client.key
- cp -rf /build/ca.crt /.kube/ca.crt
script:
- kubectl version
#运行成功!可以发现gitlab-ci起的docker容器和宿主在同一个网络
- kubectl get pods --all-namespaces
- kubectl apply -f ./server-k8s.yml
# - kubectl port-forward service/server-demo 8082:8081
对应的Kubernetes Pod启动文件如下:
apiVersion: v1
kind: Service
metadata:
name: server-demo
spec:
selector:
app: server-demo
ports:
- name: http
port: 8081
targetPort: 8081
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: server-demo
spec:
selector:
matchLabels:
app: server-demo
replicas: 2
template:
metadata:
labels:
app: server-demo
spec:
imagePullSecrets:
- name: gitlab-register # 自定义镜像拉取权限设置
containers:
- name: server-demo
# 在极狐狸会将构建好的docker容器推送到该仓库,该仓库的登陆账号密码为极狐的登陆账号密码
image: registry.jihulab.com/axiszql/server-demo:latest
imagePullPolicy: Always
securityContext:
runAsUser: 0 # 设置以root用户运行容器
privileged: true # 拥有特权
ports:
- name: http
containerPort: 9051
resources:
limits:
memory: 2Gi
cpu: "1000m"
requests:
memory: 500Mi
cpu: "500m"
创建imagePullSecrets
-
由于kubectl拉起GitLab的docker仓库的镜像需要登陆权限,所以要使用如下命令创建一个imagePullSecrets:
$ kubectl create secret docker-registry gitlab-register --docker-server=registry.jihulab.com --docker-username=你的gitlab账号名 --docker-password=对应的登陆密码然后在部署服务的yaml文件中将imagePullSecrets设置为上面创建的secret策略:gitlab-register。
运行测试
-
最后将变更push到GitLab上对应的代码仓库中,触发.gitlab-ci.yml中定义的流水线执行,效果如下:
- build:
- deploy_k8s
- 最终效果如如下:
