Gitlab Runner 部署

发表于 | 分类于 | 评论数: | 阅读次数:

CI (Continuous Integration)

CI 的全称是 Continuous Integration (持续集成),是 extreme programming (极限编程) 的一部分。我们常用 CI 来做一些自动化工作,这种自动化工作会运行在一台集中的机器上,比如程序的打包,单元测试,部署等。这种构建方式避免了了打包环境差异引动的错误,并且通过 Gitlab 的 hook, 在代码提交的各个环节自动地完成一系列的构建工作。

CI Runner

和第三方的 Travis CI, CircleCI 不同,Gitlab 本身并不提供机器,只提供一个注册机器的接口。这些机器用于运行构建逻辑,在 Gitlab 中被称为 Runner.

以下为部署示例

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: gitlab-runner
  namespace: tools
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  namespace: tools
  name: gitlab-runner
  labels:
    k8s-app: gitlab-runner
roleRef:
  kind: Role
  name: gitlab-runner-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: gitlab-runner
  namespace: tools
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  namespace: tools
  name: gitlab-runner-admin
rules:
- apiGroups: [""]
  resources: ["pods","pods/exec","secrets"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    app: gitlab-runner
  name: gitlab-runner
  namespace: tools
spec:
  replicas: 1
  revisionHistoryLimit: 2
  selector:
    matchLabels:
      app: gitlab-runner
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: gitlab-runner
    spec:
      containers:
      - args:
        - run
        image: registry.saas.hand-china.com/tools/gitlab-runner:alpine-v10.6.1
        imagePullPolicy: Always
        name: gitlab-runner
        resources:
          limits:
            memory: 200Mi
          requests:
            memory: 200Mi
        volumeMounts:
        - mountPath: /etc/gitlab-runner
          name: config
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      terminationGracePeriodSeconds: 30
      serviceAccount: gitlab-runner
      serviceAccountName: gitlab-runner
      volumes:
      - configMap:
          defaultMode: 420
          name: gitlab-runner-config
        name: config
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: gitlab-runner-config
  namespace: tools
data:
  config.toml: |
    concurrent = 5
    check_interval = 0

    [[runners]]
      name = "runner1"
      url = "http://gitlab.alpha.saas.hand-china.com/"
      token = "9b204dac0a04a1f619c9893cca"
      executor = "kubernetes"
      environment = ["CHART_REPOSITORY=http://helm-charts.staging.saas.hand-china.com", "REGISTRY_ADDRESS=registry.saas.hand-china.com", "SONAR_URL=http://sonarqube.staging.saas.hand-china.com/", "DOCKER_REGISTRY=registry.saas.hand-china.com", "NODE_REGISTRY=http://npm.saas.hand-china.com", "CHOERODON_URL=http://api.alpha.saas.hand-china.com"]
      [runners.cache]
        Type = "s3"
        ServerAddress = "devops-deploy-minio.tools.svc:9000"
        AccessKey = "admin"
        SecretKey = "handhand"
        BucketName = "runners"
        Insecure = true
      [runners.kubernetes]
        host = ""
        bearer_token_overwrite_allowed = false
        image = "registry.saas.hand-china.com/tools/devops-ci:1.0.1"
        namespace = "tools"
        namespace_overwrite_allowed = ""
        privileged = true
        cpu_limit = "1"
        memory_limit = "2Gi"
        service_cpu_limit = "500m"
        service_memory_limit = "800Mi"
        helper_cpu_limit = "500m"
        helper_memory_limit = "200Mi"
        cpu_request = "500m"
        memory_request = "1Gi"
        service_cpu_request = "100m"
        service_memory_request = "500Mi"
        helper_cpu_request = "100m"
        helper_memory_request = "100Mi"
        pull_policy = "always"
        helper_image = "registry.saas.hand-china.com/tools/gitlab-runner-helper:x86_64-684e71b1"
        service_account_overwrite_allowed = ""
        pod_annotations_overwrite_allowed = ""
        [runners.kubernetes.volumes]
          [[runners.kubernetes.volumes.host_path]]
            name = "docker"
            mount_path = "/var/run/docker.sock"
            host_path = "/var/run/docker.sock"
          [[runners.kubernetes.volumes.pvc]]
            name = "cache"
            mount_path = "/cache/"
          [[runners.kubernetes.volumes.pvc]]
            name = "maven"
            mount_path = "/root/.m2"
          [[runners.kubernetes.volumes.secret]]
            name = "docker-registry-secret"
            mount_path = "/root/.docker"
            [runners.kubernetes.volumes.secret.items]
              "config.json" = "config.json"
setzero wechat