Mac操作系统
gitlab-runner:使用安装下文安装的gitlab-runner
GitLab CI/CD+Docker的CI/CD部署工作流 | AxisZql's blog
kubectl连接Minikube测试
先在docker中安装kubectl容器,测试该容器内的kubectl是否能连接到主机到Minikube集群,测试流程如下:
1.先在安装了Minikube的机器上查看kubectl的相关配置,得到相关证书的地址:
2.获取安装了Minikube主机的内网地址,比如我的内网地址如下:
宿主Minikube的启动命令如下:
$ minikube start --driver=docker --image-mirror-country=cn --apiserver-ips=192.168.43.30
3.将/.kube/config文件复制到一个目标文件夹,我这里选择的文件夹是/Volumes/axis-data/internship/gitlab-runner/kubeconfig ,然后将第二步查询到的内网地址填到config文件,即下图对应位置:
4.执行以下命令,测试在docker容器中的kubectl能否连接到宿主主机的Kubernetes集群
$ docker run --rm --name kubectl --network=host -v /Volumes/axis-data/internship/gitlab-runner/kubeconfig/config:/.kube/config -v /Users/axiszql/.minikube/profiles/minikube/client.crt:/.kube/client.crt -v /Users/axiszql/.minikube/profiles/minikube/client.key:/.kube/client.key -v /Users/axiszql/.minikube/ca.crt:/.kube/ca.crt bitnami/kubectl:latest get pods --all-namespaces
成功的效果如下:
如果出现如下的错误,则按照以下步骤重启Minikube即可:
重启步骤:
测试成功后,即可编写如下.gitlab-ci.yml文件:
services:
- docker:20.10.7-dind
stages:
- build
- deploy_k8s
build:
stage: build
tags:
- docker
services:
- docker:20.10.7-dind
before_script:
- echo "$CI_REGISTRY_USER"
- echo "$CI_REGISTRY_PASSWORD"
- echo "$CI_REGISTRY_IMAGE"
- echo "$CI_REGISTRY"
script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
- docker build -t $CI_REGISTRY_IMAGE:latest .
- docker push $CI_REGISTRY_IMAGE:latest
only:
- main
deploy_k8s:
stage: deploy_k8s
tags:
- docker
image:
name: bitnami/kubectl
entrypoint: [""]
services:
- docker:20.10.7-dind
before_script:
- cp -rf /build/kubeconfig/config /.kube/config
- cp -rf /build/client.crt /.kube/client.crt
- cp -rf /build/client.key /.kube/client.key
- cp -rf /build/ca.crt /.kube/ca.crt
script:
- kubectl version
- kubectl get pods --all-namespaces
- kubectl apply -f ./server-k8s.yml
对应的Kubernetes Pod启动文件如下:
apiVersion: v1
kind: Service
metadata:
name: server-demo
spec:
selector:
app: server-demo
ports:
- name: http
port: 8081
targetPort: 8081
apiVersion: apps/v1
kind: Deployment
metadata:
name: server-demo
spec:
selector:
matchLabels:
app: server-demo
replicas: 2
template:
metadata:
labels:
app: server-demo
spec:
imagePullSecrets:
- name: gitlab-register
containers:
- name: server-demo
image: registry.jihulab.com/axiszql/server-demo:latest
imagePullPolicy: Always
securityContext:
runAsUser: 0
privileged: true
ports:
- name: http
containerPort: 9051
resources:
limits:
memory: 2Gi
cpu: "1000m"
requests:
memory: 500Mi
cpu: "500m"
创建imagePullSecrets
由于kubectl拉起GitLab的docker仓库的镜像需要登陆权限,所以要使用如下命令创建一个imagePullSecrets:
$ kubectl create secret docker-registry gitlab-register --docker-server=registry.jihulab.com --docker-username=你的gitlab账号名 --docker-password=对应的登陆密码
然后在部署服务的yaml文件中将imagePullSecrets设置为上面创建的secret策略:gitlab-register。
最后将变更push到GitLab上对应的代码仓库中,触发.gitlab-ci.yml中定义的流水线执行,效果如下:
