基于 GitLab CI 和阿里云 k8s 的持续交付解决方案
今年对于我个人而言,在 DevOps 上的最大收获,莫过于摸索了这套基于 GitLab CI 和 k8s 的持续交付解决方案,其实原理都很简单,在我去年的方案里又做了改进,实现了基于 git tag 的触发方式,并且把原先的本地打包推镜像改为在 GitLab Runner 上打包推镜像。
这套解决方案大致流程是这样的:
- 推送代码,在代码中配置
gitlab-ci.yml - 推送 tag,触发 GitLab Runner 编译 docker 镜像,并推送至阿里云镜像仓库
- 在阿里云 k8s 上基于镜像仓库创建应用,并创建重新部署的触发器,在镜像更新时触发该触发器
这样,以后每次推送新的 tag 上去,就可以实现自动打包&部署了。
下面,我来详细讲解下所有步骤。
配置 GitLab Runner
config.toml
concurrent = 1
check_interval = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "common-runner"
url = "https://git.xxx.xxx"
token = "TOKEN"
executor = "docker"
[runners.custom_build_dir]
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
[runners.docker]
tls_verify = false
image = "docker:latest"
privileged = false
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = [
"/var/run/docker.sock:/var/run/docker.sock",
"/xxx/gitlab-runner/cache:/cache"
]
shm_size = 0
其中 token 从 GitLab Admin Area / Overview / Runners 中可以找到,或者也可以从 Project / Settings / CI/CD 中找到项目专用的 Runner token。
代码配置
前端(node)
Dockerfile
FROM node:10-alpine
WORKDIR /app
COPY package.json /app
COPY yarn.lock /app
RUN yarn install
COPY . /app
RUN yarn build
EXPOSE 8888
ENV APP_ENV $APP_ENV
CMD ["yarn", "start"]
.gitlab-ci.yml
image: docker:latest
variables:
REGISTRY: registry.cn-hangzhou.aliyuncs.com
USERNAME: your username
PASSWORD: your password
NAMESPACE: your namespace
PROJECT_NAME: your project name
stages:
- build
docker-build:
stage: build
image: docker:latest
script:
- docker login --username=$USERNAME $REGISTRY -p $PASSWORD
- docker build -t $REGISTRY/$NAMESPACE/$PROJECT_NAME:$CI_COMMIT_REF_NAME -t $REGISTRY/$NAMESPACE/$PROJECT_NAME:latest .
- docker push $REGISTRY/$NAMESPACE/$PROJECT_NAME:$CI_COMMIT_REF_NAME
- docker push $REGISTRY/$NAMESPACE/$PROJECT_NAME:latest
only:
- tags
后端(spring boot)
Dockerfile
FROM openjdk:11-jre-slim
RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
VOLUME /tmp
COPY target/xxx-api.jar app.jar
ENV SPRING_PROFILES_ACTIVE="prd"
ENV JAVA_OPTS="-Xmx256m"
ENTRYPOINT [ "java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "/app.jar"]
.gitlab-ci.yml
image: docker:latest
variables:
MAVEN_OPTS: -Dmaven.repo.local=/cache/.m2/repository
REGISTRY: registry.cn-hangzhou.aliyuncs.com
USERNAME: your username
PASSWORD: your password
NAMESPACE: your namespace
PROJECT_NAME: your project name
stages:
- package
- build
maven-package:
image: maven:3.6-jdk-11-slim
stage: package
script:
- mvn $MAVEN_OPTS clean package -Dmaven.test.skip=true
- cp target/$PROJECT_NAME.jar /cache/jars/
only:
- tags
docker-build:
stage: build
image: docker:latest
script:
- docker login --username=$USERNAME $REGISTRY -p $PASSWORD
- mkdir target
- cp /cache/jars/$PROJECT_NAME.jar target
- docker build -t $REGISTRY/$NAMESPACE/$PROJECT_NAME:$CI_COMMIT_REF_NAME -t $REGISTRY/$NAMESPACE/$PROJECT_NAME:latest .
- docker push $REGISTRY/$NAMESPACE/$PROJECT_NAME:$CI_COMMIT_REF_NAME
- docker push $REGISTRY/$NAMESPACE/$PROJECT_NAME:latest
only:
- tags
阿里云 k8s 配置
应用创建触发器:
复制触发器 URL 到镜像仓库中创建推送触发器:
完成。
评论区