GitLab使用
mkdir $HOME/gitlab
export GITLAB_HOME=$HOME/gitlab
# 使用ce社区版本
docker run --detach --privileged\
--hostname centos.leng2011.jcleng \
--publish 443:443 --publish 80:80 --publish 2222:22 \
--name gitlab \
--restart always \
--volume $GITLAB_HOME/config:/etc/gitlab:Z \
--volume $GITLAB_HOME/logs:/var/log/gitlab:Z \
--volume $GITLAB_HOME/data:/var/opt/gitlab:Z \
--shm-size 256m \
gitlab/gitlab-ce
# 日志
docker logs -f gitlab
# 用户root 密码:
docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password
Password: 6HetTxT/gVNtLcH30/RLKMyE1XccSeKX9N2s4g/Qa+0=
# 配置域名和https https://docs.gitlab.com/omnibus/settings/ssl/index.html
# 配置smtp用来接收邮件通知 https://docs.gitlab.com/omnibus/settings/smtp.html
cat gitlab.rb|grep smtp
国内网站 (极狐)[https://jihulab.com/]
CI/DI 流水线(pipelines) 配置文件: .gitlab-ci.yml
# CI/DI 是基于 GitLab Runner
# 创建的时候选择模板即可,我使用dockerfile构建项目的docker镜像,选择DockerFile模板
# 变量说明: https://docs.gitlab.com/ee/ci/variables/predefined_variables.html
# only 的 配置 https://docs.gitlab.com/ee/ci/yaml/#only--except
## 使用pushes或者tags
## pushes对每次提交都生效
## tags对提交的tag生效
# 常用常量: ndocker.leng2011.icu/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:$CI_COMMIT_SHORT_SHA
# This file is a template, and might need editing before it works on your project.
# To contribute improvements to CI/CD templates, please follow the Development guide at:
# https://docs.gitlab.com/ee/development/cicd/templates.html
# This specific template is located at:
# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Docker.gitlab-ci.yml
# Build a Docker image with CI/CD and push to the GitLab registry.
# Docker-in-Docker documentation: https://docs.gitlab.com/ee/ci/docker/using_docker_build.html
#
# This template uses one generic job with conditional builds
# for the default branch and all other (MR) branches.
docker-build:
# Use the official docker image.
image: docker:latest
stage: build
services:
- docker:dind
before_script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
# Default branch leaves tag empty (= latest tag)
# All other branches are tagged with the escaped branch name (commit ref slug)
script:
- |
if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
tag="$CI_COMMIT_SHORT_SHA"
echo "Running on default branch '$CI_DEFAULT_BRANCH': tag = '$CI_COMMIT_SHORT_SHA'"
else
tag="$CI_COMMIT_REF_SLUG"
echo "Running on branch '$CI_COMMIT_BRANCH': tag = $tag"
fi
- docker build --pull -t "$CI_REGISTRY_IMAGE:${tag}" .
- docker push "$CI_REGISTRY_IMAGE:${tag}"
- wget "https://www.xxxxx.icu/sendmail?token=fc2a0954axxxxxxx5ae&action=buildimagesuccess&v=${tag}"
only:
- tags
- pushes
# Run this job in a branch where a Dockerfile exists
# rules:
# - if: $CI_COMMIT_BRANCH
# exists:
# - Dockerfile
Dockerfile文件实例
# docker build -t registry.cn-hangzhou.aliyuncs.com/jcleng/adminer:latest .
FROM dockerproxy.com/hyperf/hyperf:7.4-alpine-v3.14-swoole
RUN mkdir /var/work/
WORKDIR /var/work/
COPY . /var/work/
CMD ["php", "-S", "0.0.0.0:12345"]
git tag提交
git tag v3 -m "版本3"
git push
# 只推送tag
git push --tag
镜像使用
docker pull registry.jihulab.com/jcleng1/first_demo:v3
docker run -itd --name=test_adminer registry.jihulab.com/jcleng1/first_demo:v3
docker inspect test_adminer|grep addr
k8s使用deployment
# 因为是私有镜像, 先本地登录仓库,提示Login Succeeded
docker login registry.jihulab.com
# 登录成功在config.json文件里面可以看到,生成密钥base64字符串
cat ~/.docker/config.json|base64 -w 0
# 编写registrykey-jihulab.yml密钥配置文件
kubectl apply -f registrykey-jihulab.yml
kubectl get secret
# NAME TYPE DATA AGE
# default-token-6vvnv kubernetes.io/service-account-token 3 11d
# registrykey-jihulab kubernetes.io/dockerconfigjson 1 50s
# 然后在containers同级新增
imagePullSecrets:
- name: registrykey-jihulab
# pod生效
kubectl apply -f deployment.yaml
# deployment.apps/adminer-deployment created
# 查看pod日志
kubectl describe pod
kubectl get pods
# NAME READY STATUS RESTARTS AGE
# adminer-deployment-644bf9767d-qcs8m 1/1 Running 0 92s
# adminer-deployment-644bf9767d-xthg6 1/1 Running 0 92s
# 删除pod
kubectl delete -f deployment.yaml
registrykey-jihulab.yml原文
apiVersion: v1
kind: Secret
metadata:
name: registrykey-jihulab
namespace: default
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: 填刚才生成的base64编码,注意空格和没有百分号
服务service.yaml文件
# 服务
apiVersion: v1
kind: Service
metadata:
name: service-adminer
spec:
type: ClusterIP
selector:
app: adminer
ports:
- port: 80
targetPort: 12345
# 临时暴露端口测试
# kubectl port-forward --address 0.0.0.0 service/service-adminer 8080:80
路由ingress.yaml文件
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: adminer-ingress
annotations:
# We are defining this annotation to prevent nginx
# from redirecting requests to `https` for now
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: service-adminer
port:
number: 80
gitlab-runner
# https://docs.gitlab.com/runner/install/docker.html
mkdir -p ~/gitlab-runnerconfig/
touch ~/gitlab-runnerconfig/config.toml
docker run -d --name gitlab-runner \
-v ~/gitlab-runnerconfig/:/etc/gitlab-runner \
-v /var/run/docker.sock:/var/run/docker.sock \
gitlab/gitlab-runner:latest
# 配置文件不存在/etc/gitlab-runner/config.toml
# 注册并创建
gitlab-runner register -n --url https://jihulab.com/ --registration-token GR134xxxxxJFCGkWxxxxowPdb
## 根据提示进行配置
## Configuration (with the authentication token) was saved in "/etc/gitlab-runner/config.toml"
## 成功之后就能在[可用的指定Runner]看到了
## 还需要打开[运行未标记的作业]才能进行ci队列
# 提示错误error during connect: Post http://docker:2375/v1.39/auth: dial tcp: lookup docker on 183.60.83.19:53: no such host
# 在[runners.docker]里面的[volumes]增加docker.sock映射,这个就是runner机器上的docker的套接字,所以需要有docker服务在运行
volumes = ["/cache", "/var/run/docker.sock:/var/run/docker.sock"]
# 使用自己的镜像仓库,我用阿里云的
# docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
docker login --username=username -p password registry.cn-hangzhou.aliyuncs.com
# 把CI_REGISTRY_IMAGE修改为自己的地址,test_hold是自己的仓库
docker build --pull -t "registry.cn-hangzhou.aliyuncs.com/jcleng/test_hold${tag}" .
docker push "registry.cn-hangzhou.aliyuncs.com/jcleng/test_hold${tag}"
# 退出登录
docker logout registry.cn-hangzhou.aliyuncs.com
# 本地环境不用每次都拉镜像,在runners.docker添加: 文档 https://docs.gitlab.com/runner/executors/kubernetes.html#using-pull-policies
pull_policy = ["if-not-present"]
config.toml原文
concurrent = 1
check_interval = 0
shutdown_timeout = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "46ade5b338fb"
url = "https://jihulab.com/"
id = 6141
token = "SfWhSEDntpPypmpq3viy"
token_obtained_at = 2022-12-10T10:16:20Z
token_expires_at = 0001-01-01T00:00:00Z
executor = "docker"
[runners.custom_build_dir]
[runners.cache]
MaxUploadedArchiveSize = 0
[runners.cache.s3]
[runners.cache.gcs]
[runners.cache.azure]
[runners.docker]
tls_verify = false
image = "docker:dind"
privileged = false
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/cache", "/var/run/docker.sock:/var/run/docker.sock"]
shm_size = 0
# 并发执行个数
concurrent=5
gitlab使用代理连接到[Kubernetes 集群]
# 创建项目内的配置文件
.gitlab/agents/kba-01/config.yaml
# kba-01就作为代理的名称,创建之后会显示helm安装agent软件的命令
helm upgrade --install kba-01 gitlab/gitlab-agent --namespace gitlab-agent-kba-01 --create-namespace --set image.tag=v15.9.0 --set config.token=HYmtcPensdoXE1234fLGWy2eHxUG48A5tYCfyL1Uh6W-mry22A --set config.kasAddress=wss://kas.jihulab.com
kubectl get all -n gitlab-agent-kba-01
# NAME READY STATUS RESTARTS AGE
# pod/kba-01-gitlab-agent-74dd7ddf49-2x6hx 1/1 Running 0 13m
# NAME READY UP-TO-DATE AVAILABLE AGE
# deployment.apps/kba-01-gitlab-agent 1/1 1 1 13m
# NAME DESIRED CURRENT READY AGE
# replicaset.apps/kba-01-gitlab-agent-74dd7ddf49 1 1 1 13m
# 配置.gitlab-ci.yml获取get-contexts
# https://docs.gitlab.cn/jh/user/clusters/agent/ci_cd_workflow.html#%E6%9B%B4%E6%96%B0-gitlab-ciyml-%E6%96%87%E4%BB%B6%E4%BB%A5%E8%BF%90%E8%A1%8C-kubectl-%E5%91%BD%E4%BB%A4
deploy:
image:
name: bitnami/kubectl:latest
entrypoint: ['']
script:
# 第一次先获取上下文列表
- kubectl config get-contexts
# 获取之后再设置
- kubectl config use-context jcleng/test_hold:kba-01
# 之后就可以运行命令了
- kubectl get pods
# 部署项目
- helm upgrade -i testervercanary ./helm_canary