Drone在kubernetes環境下打包並部署

1. drone是一款使用 Go 開發的開源的 CI 自動構建平臺。原生 Docker 支持，kubernetes也是支持的。drone比argo, tekton更快，更簡單，比jenkins更輕量化。drone雲原生概念+1，做了很多事不用考慮+1，gitlab/github能看到構建結果+1

2. 環境：kubernetes 1.18+, helm3 參考官方

• https://github.com/drone/charts
• https://docs.drone.io/server/provider/gitlab/

3. 創建namespace, 添加倉庫

kubectl create ns drone
helm repo add drone https://charts.drone.io
helm repo update

4. 在gitlab中創建一個OAuth應用。Redirect URI是drone的地址並加一個/login，授權兩個api, read_user
5. 增加一個文件drone-server-overrides.yaml。這裏使用的traefik。需要一個數據庫鏈接，默認使用的sqllite，本例使用postgres

image:
  tag: 1.9.1
ingress:
  enabled: true
  annotations:
    traefik.ingress.kubernetes.io/router.tls: "true"
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls.certresolver: aliyun
    traefik.ingress.kubernetes.io/router.tls.domains.0.main: drone.your_domain.com
  hosts:
    - host: drone.your_domain.com
      paths:
        - "/"

env:
  DRONE_SERVER_HOST: drone.your_domain.com:31000
  DRONE_SERVER_PROTO: https
  # 更新已存在並關連的gitlab帳號爲admin權限，需要重啓pod，參考https://docs.drone.io/server/user/admin/
  DRONE_USER_CREATE: username:your_gitlab_username,admin:true
  # 通過openssl rand -hex 16生成一個
  DRONE_RPC_SECRET: c7a536a3af5e2809f3d0d34a71a13302
  DRONE_GITLAB_CLIENT_ID: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  DRONE_GITLAB_CLIENT_SECRET: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  DRONE_GITLAB_SERVER: https://your_gitlab_url
  # oauth會驗證gitlab證書，如果驗證不過，需要打開
  #DRONE_GITLAB_SKIP_VERIFY: true
  DRONE_DATABASE_DRIVER: postgres
  DRONE_DATABASE_DATASOURCE: postgres://postgres:[email protected]:5433/drone?sslmode=disable

persistentVolume:
  enabled: false

6. 創建drone server

helm install --namespace drone \
  server \
  drone/drone \
  -f drone-server-overrides.yaml

7. 創建runner文件drone-runner-kube-values.yaml

image:
  tag: latest
rbac:
  buildNamespaces:
    - drone
env:
  # 同server的kubernetes service名稱
  DRONE_RPC_HOST: server-drone
  DRONE_RPC_SECRET: c7a536a3af5e2809f3d0d34a71a13302

  DRONE_NAMESPACE_DEFAULT: drone

8. 運行runner

helm install --namespace drone \
  drone-runner-kube \
  drone/drone-runner-kube \
  -f drone-runner-kube-values.yaml

9. 查看pod是否跑起來了

$ kubectl get pods -n drone
NAME                                 READY   STATUS    RESTARTS   AGE
drone-runner-kube-6554c9df64-2znff   1/1     Running   0          3h16m
server-drone-647875c9f-t5bfx         1/1     Running   0          3h21m

10. 解析域名並訪問導出的Ingress。第一次訪問會跳轉到gitlab，要求授權
11. 在項目下創建.drone.yml。drone docker插件參考

kind: pipeline
type: kubernetes
name: default

# 跳過驗證證書，根據實際情況要或不要，github不需要
clone:
  skip_verify: true

steps:
- name: 編譯&構建鏡像
  image: plugins/docker
  # 掛載主機的docker
  volumes:
    - name: docker
      path: /var/run/docker.sock
  settings:
    repo: registry.your_registry.com:31000/your_project/test-ci
    registry: registry.your_registry.com:31000
    mirror: https://hub-mirror.c.163.com
    username: username
    password: password
    # 更多變量參考https://docs.drone.io/pipeline/environment/reference/
    tags:
      - ${DRONE_TAG=latest}
      - build-${DRONE_BUILD_NUMBER}

- name: 部署到k8s
  image: pelotech/drone-helm3
  settings:
    mode: upgrade
    chart: ./helm
    release: my-test-ci
    namespace: drone
    debug: true
    cleanup_failed_upgrade: true
    force_upgrade: true
    wait_for_upgrade: true
    kube_api_server: "https://192.168.1.30:6443"
    kube_token:
      from_secret: kube_token
    skip_tls_verify: true
    values:
      - image.tag=build-${DRONE_BUILD_NUMBER}

• 說明：pelotech/drone-helm3是連接helm和kubernetes的一個插件。通過它就可以把項目下的helm自動部到kubernetes中。參考官方
• 使用helm create test-ci創建helm項目，並放到項目下。根據實際情況修改templates文件夾下的模板。參考官方教程
• 使用了一個from_secret要在網頁中添加kubernetes的token，如何生成token參考https://my.oschina.net/u/160697/blog/3176131

12. 圖爲運行後效果