1. drone是一款使用 Go 開發的開源的 CI 自動構建平臺。原生 Docker 支持,kubernetes也是支持的。drone比argo, tekton更快,更簡單,比jenkins更輕量化。drone雲原生概念+1,做了很多事不用考慮+1,gitlab/github能看到構建結果+1
- 環境:kubernetes 1.18+, helm3 參考官方
- 創建namespace, 添加倉庫
kubectl create ns drone
helm repo add drone https://charts.drone.io
helm repo update
- 在gitlab中創建一個OAuth應用。Redirect URI是drone的地址並加一個/login,授權兩個api, read_user
- 增加一個文件
drone-server-overrides.yaml
。這裏使用的traefik。需要一個數據庫鏈接,默認使用的sqllite,本例使用postgres
image:
tag: 1.9.1
ingress:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls.certresolver: aliyun
traefik.ingress.kubernetes.io/router.tls.domains.0.main: drone.your_domain.com
hosts:
- host: drone.your_domain.com
paths:
- "/"
env:
DRONE_SERVER_HOST: drone.your_domain.com:31000
DRONE_SERVER_PROTO: https
# 更新已存在並關連的gitlab帳號爲admin權限,需要重啓pod,參考https://docs.drone.io/server/user/admin/
DRONE_USER_CREATE: username:your_gitlab_username,admin:true
# 通過openssl rand -hex 16生成一個
DRONE_RPC_SECRET: c7a536a3af5e2809f3d0d34a71a13302
DRONE_GITLAB_CLIENT_ID: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
DRONE_GITLAB_CLIENT_SECRET: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
DRONE_GITLAB_SERVER: https://your_gitlab_url
# oauth會驗證gitlab證書,如果驗證不過,需要打開
#DRONE_GITLAB_SKIP_VERIFY: true
DRONE_DATABASE_DRIVER: postgres
DRONE_DATABASE_DATASOURCE: postgres://postgres:[email protected]:5433/drone?sslmode=disable
persistentVolume:
enabled: false
- 創建drone server
helm install --namespace drone \
server \
drone/drone \
-f drone-server-overrides.yaml
- 創建runner文件
drone-runner-kube-values.yaml
image:
tag: latest
rbac:
buildNamespaces:
- drone
env:
# 同server的kubernetes service名稱
DRONE_RPC_HOST: server-drone
DRONE_RPC_SECRET: c7a536a3af5e2809f3d0d34a71a13302
DRONE_NAMESPACE_DEFAULT: drone
- 運行runner
helm install --namespace drone \
drone-runner-kube \
drone/drone-runner-kube \
-f drone-runner-kube-values.yaml
- 查看pod是否跑起來了
$ kubectl get pods -n drone
NAME READY STATUS RESTARTS AGE
drone-runner-kube-6554c9df64-2znff 1/1 Running 0 3h16m
server-drone-647875c9f-t5bfx 1/1 Running 0 3h21m
- 解析域名並訪問導出的Ingress。第一次訪問會跳轉到gitlab,要求授權
- 在項目下創建
.drone.yml
。drone docker插件參考
kind: pipeline
type: kubernetes
name: default
# 跳過驗證證書,根據實際情況要或不要,github不需要
clone:
skip_verify: true
steps:
- name: 編譯&構建鏡像
image: plugins/docker
# 掛載主機的docker
volumes:
- name: docker
path: /var/run/docker.sock
settings:
repo: registry.your_registry.com:31000/your_project/test-ci
registry: registry.your_registry.com:31000
mirror: https://hub-mirror.c.163.com
username: username
password: password
# 更多變量參考https://docs.drone.io/pipeline/environment/reference/
tags:
- ${DRONE_TAG=latest}
- build-${DRONE_BUILD_NUMBER}
- name: 部署到k8s
image: pelotech/drone-helm3
settings:
mode: upgrade
chart: ./helm
release: my-test-ci
namespace: drone
debug: true
cleanup_failed_upgrade: true
force_upgrade: true
wait_for_upgrade: true
kube_api_server: "https://192.168.1.30:6443"
kube_token:
from_secret: kube_token
skip_tls_verify: true
values:
- image.tag=build-${DRONE_BUILD_NUMBER}
- 說明:
pelotech/drone-helm3
是連接helm和kubernetes的一個插件。通過它就可以把項目下的helm自動部到kubernetes中。參考官方 - 使用
helm create test-ci
創建helm項目,並放到項目下。根據實際情況修改templates
文件夾下的模板。參考官方教程 - 使用了一個
from_secret
要在網頁中添加kubernetes的token,如何生成token參考https://my.oschina.net/u/160697/blog/3176131
- 圖爲運行後效果