我最近正在玩Docker,Kubernetes,Google Cloud Platform(GCP)和Gitlab,以便从CI/CD到commit实现staging 。
到目前为止,我已成功将testing,building和pushing图片移至Container registry of Gitlab。
我有一个输出'Hello world'的小节点和docker应用程序。另外,我在Container registry of Gitlab中构建了我的泊坞窗图像。此时此过程是docker-in-docker。我想在GCP中将我的图片从Gitlab container registry推送到Kubernetes engine。我已经安装了kubectl和gcloud sdk。 Auto DevOps似乎很有希望,但我想实现自己的.gitlab-ci.yml文件。
以下是我的.gitlab-ci.yml:
stages:
- testing
- build
- staging
variables:
CONTAINER_TEST_IMAGE: registry.gitlab.com/surajneupane55/node-app-
testing
CONTAINER_RELEASE_IMAGE: registry.gitlab.com/surajneupane55/node-
app-testing:latest
test:
stage: testing
image: node:boron
script:
- npm install
- npm test
build_image:
stage: build
only: [master]
image: docker:git
services:
- docker:dind
script:
- docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN
registry.gitlab.com/surajneupane55
- docker build -t $CONTAINER_TEST_IMAGE .
- docker push $CONTAINER_TEST_IMAGE
staging_site:
//I need help here!!!
//For staging my project in Kubernetes cluster in GCP
//Already created node-app Kubernetes cluster
请让我知道我的方法是否错误,因为这是我的第一个CI / CD学习项目。
答案 0 :(得分:5)
使用gitlab-ci.yml在GKE中构建和部署的简单Google Container Registry(GCR)文件。首先,我们构建图像并将其推送到GCR。凭借有效的凭证,我们可以轻松地将GKE与GCR连接并进行部署。
stages:
- build
- deploy
variables:
CONTAINER_TEST_IMAGE: gcr.io/node-testing-189614/node-testing:latest
build_image:
stage: build
only: [master]
image: google/cloud-sdk
services:
- docker:dind
script:
- echo "$GOOGLE_KEY_SECRET" > key.json # Google Cloud service accounts
- gcloud auth activate-service-account --key-file key.json
- gcloud config set project node-testing-189614
- gcloud container builds submit -t $CONTAINER_TEST_IMAGE .
deploy_staging:
image: google/cloud-sdk
stage: deploy
script:
- echo "$GOOGLE_KEY_SECRET" > key.json # Google Cloud service accounts
- gcloud auth activate-service-account --key-file key.json
- gcloud config set project node-testing-189614
- gcloud config set compute/zone europe-west1-b
- gcloud config set container/use_client_certificate True
- gcloud container clusters get-credentials node-testing
- kubectl delete pods --all
- kubectl apply -f staging.yml
environment:
name: staging
url: http://***.***.**.***:****/ //External IP from Kubernetes
only:
- master
上面我们删除了GKE中的pod,因为我们总是希望用最新的标签更新图像。到目前为止,可用的最佳解决方案是删除窗格并让staging.yml文件创建新文件(如果不可用)。
最后staging.yml看起来像这样:
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: node-testing
spec:
replicas: 2
template:
metadata:
labels:
app: node-testing
spec:
containers:
- name: node-testing
image: gcr.io/node-testing-189614/node-testing:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
imagePullSecrets:
- name: gcr.io/node-testing-189614/node-testing
答案 1 :(得分:0)
Yu不需要将图像存储在GCR中以便能够在你的GKE中使用它,尽管它附近很好。您需要在gcloud上拥有一个服务帐户,这样您就可以对GCR进行非过期的身份验证(或者您需要使用gcloud cli来授权GCR)然后只需标记图像并将其推送。
在kubernetes上运行它是一个不同的故事,我强烈建议您也看看Helm为您的应用程序创建可以在多个环境中重用的安装图表。
答案 2 :(得分:0)
You can decouple your configuration from CI to make it more reliable and secure if you follow the GitOps approach.
Please take a look at my answer to another very similar question.
For a more high-level overview, see also:
Disclaimer: I am a Kubernetes contributor and Weaveworks employee. We build open-source and commercial tools that help people to get to production with Kubernetes sooner.