Rancher2.x流水線自動化部署

1、概述

　　由於一些項目使用了rancher進行部署發布，所以使用Rancher的流水線自動部署功能實現CICD，從gitlab、harbor安裝，到流水線配置和中間的一些問題一一進行詳細介紹解答。

2、准備工作

　　前期的Docker和Rancher安裝就不在描述，直接進入正題

　　2.1 gitlab安裝

　　　　　gitlab安裝很簡單，配置到相應pvc和external_url即可

　　　　　 yaml文件如下

　　　　　 

apiVersion: apps/v1beta2
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "1"
    field.cattle.io/creatorId: user-ff6zz
    field.cattle.io/publicEndpoints: '[{"addresses":["10.10.1.3"],"port":31901,"protocol":"TCP","serviceName":"gitlab:gitlab-nodeport","allNodes":true}]'
  creationTimestamp: "2019-12-02T12:48:28Z"
  generation: 2
  labels:
    cattle.io/creator: norman
    workload.user.cattle.io/workloadselector: deployment-gitlab-gitlab
  name: gitlab
  namespace: gitlab
  resourceVersion: "3780"
  selfLink: /apis/apps/v1beta2/namespaces/gitlab/deployments/gitlab
  uid: 68d9ca46-80bf-4b2b-af50-a9e69aadf12a
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      workload.user.cattle.io/workloadselector: deployment-gitlab-gitlab
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
    type: RollingUpdate
  template:
    metadata:
      annotations:
        cattle.io/timestamp: "2019-12-02T12:48:37Z"
        field.cattle.io/ports: '[[{"containerPort":31901,"dnsName":"gitlab-nodeport","kind":"NodePort","name":"31901tcp319011","protocol":"TCP","sourcePort":31901}]]'
      creationTimestamp: null
      labels:
        workload.user.cattle.io/workloadselector: deployment-gitlab-gitlab
    spec:
      containers:
      - env:
        - name: GITLAB_OMNIBUS_CONFIG
          value: external_url 'http://10.10.1.3:31901'
        image: gitlab/gitlab-ce:12.4.5-ce.0
        imagePullPolicy: Always
        name: gitlab
        ports:
        - containerPort: 31901
          name: 31901tcp319011
          protocol: TCP
        resources: {}
        securityContext:
          allowPrivilegeEscalation: false
          capabilities: {}
          privileged: false
          readOnlyRootFilesystem: false
          runAsNonRoot: false
        stdin: true
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        tty: true
        volumeMounts:
        - mountPath: /etc/gitlab
          name: vol1
        - mountPath: /var/log/gitlab
          name: vol2
        - mountPath: /var/opt/gitlab
          name: vol3
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      terminationGracePeriodSeconds: 30
      volumes:
      - name: vol1
        persistentVolumeClaim:
          claimName: gitlab-config
      - name: vol2
        persistentVolumeClaim:
          claimName: gitlab-log
      - name: vol3
        persistentVolumeClaim:
          claimName: gitlab-data
status:
  availableReplicas: 1
  conditions:
  - lastTransitionTime: "2019-12-02T12:51:23Z"
    lastUpdateTime: "2019-12-02T12:51:23Z"
    message: Deployment has minimum availability.
    reason: MinimumReplicasAvailable
    status: "True"
    type: Available
  - lastTransitionTime: "2019-12-02T12:48:28Z"
    lastUpdateTime: "2019-12-02T12:51:23Z"
    message: ReplicaSet "gitlab-db7b54f5c" has successfully progressed.
    reason: NewReplicaSetAvailable
    status: "True"
    type: Progressing
  observedGeneration: 2
  readyReplicas: 1
  replicas: 1
  updatedReplicas: 12.2

　　2.2 harbor安裝

　　　　　harbor私有docker鏡像倉庫安裝，為了做到持久化，先行安裝pgsql和redis。pgsql安裝好后先創建registry,clair,notary_server,notary_signer4個數據庫然后在商店選擇harbor，配置相關選項，然后在harbor啟動后，如果沒有使用https，需要在node主機上的docker配置文件daemon.json中加入harbor私用鏡像庫地址 "insecure-registries":["10.10.1.3:30003"]，不然docker會報證書問題的錯誤。然后在rancher的資源->鏡像庫憑證中添加相關憑證。最后把接下來需要的鏡像上傳到harbor,上傳前需要docker login。

docker pull mcr.microsoft.com/dotnet/core/sdk:3.0
docker tag mcr.microsoft.com/dotnet/core/sdk:3.0 10.10.1.3:30003/jfwang/mcr.microsoft.com/dotnet/core/sdk:3.0
docker push 10.10.1.3:30003/jfwang/mcr.microsoft.com/dotnet/core/sdk:3.0

 

　　　　　

　　　　   　　　　　　

                

               

3、配置流水線

　　配置rancher的token和key在后續自動部署的時候直接操作容器，

 

點擊添加key，然后記住token和key。

 

然后在工作負載->流水線->配置代碼庫->認證&同步代碼庫，我這里選擇的gitlab，按照配置即可

 

 

授權成功后，需要在setting->network->Outbound requests下勾選Allow requests to the local network from web hooks and services，這樣代碼的pull命令才會觸發鈎子。

同步完代碼庫后，點擊啟用，點擊編輯配置對流水線進行具體配置。

第一步clone代碼是自帶的無需配置

第二步執行測試操作，點擊添加階段。然后在階段里添加步驟，步驟類型為運行腳本，基礎鏡像填你執行命令的所需鏡像，不同程序語言執行不同的腳本

 

第三步 發布程序，步驟類型和基礎鏡像和第二步一樣，腳本為發布腳本

第四不 構建鏡像，步驟類型構建並發布鏡像，Dockerfile路徑就填寫你代碼中Dockerfile的路徑，鏡像名稱如果你要push到自己的鏡像倉庫則規則必須是  鏡像項目名/程序名，不然無權限，最后勾選我們最開始配置的私有鏡像倉庫地址。

 

 

 

 Dockerfile

FROM 10.10.1.3:30003/jfwang/mcr.microsoft.com/dotnet/core/aspnet:3.0 AS runtime
WORKDIR /app
COPY /src/publish ./
ENTRYPOINT ["dotnet", "pipeline-example-dotnetcore.dll"]

 

第五步，因我們要自動部署應用到rancher，為了重復部署的時候防止端口被占用，名稱重復等等，我們直接先通過rancher api 執行刪除pod操作。注意如果不是用的https要在最后面加-k參數，不然會報證書錯誤。

 

curl -u "{token}:{key}" \
-X DELETE \
-H 'Accept: application/json' \
'https://10.10.1.3/v3/project/c-24h9n:p-f9cxk/workloads/deployment:default:pipeline-example-dotnetcore' -k

 

第六步 通過yaml部署應用

路徑填寫代碼中的yaml路徑

yaml

apiVersion: apps/v1beta2
kind: Deployment
metadata: 
  name: pipeline-example-dotnetcore
  namespace: default
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      workload.user.cattle.io/workloadselector: deployment-default-pipeline-example-dotnetcore
  strategy:
    type: Recreate
  template:
    metadata:
      annotations:
        cattle.io/timestamp: "2019-12-01T08:37:18Z"
        field.cattle.io/ports: '[[{"containerPort":80,"dnsName":"pipeline-example-dotnetcore-hostport","hostPort":5000,"kind":"HostPort","name":"5000tcp50000","protocol":"TCP","sourcePort":5000}]]'
      creationTimestamp: null
      labels:
        workload.user.cattle.io/workloadselector: deployment-default-pipeline-example-dotnetcore
    spec:
      containers:
      - image: ${CICD_IMAGE}:1.${CICD_EXECUTION_SEQUENCE}
        imagePullPolicy: Always
        name: pipeline-example-dotnetcore
        ports:
        - containerPort: 80
          hostPort: 5000
          name: 5000tcp50000
          protocol: TCP
        resources: {}
        securityContext:
          allowPrivilegeEscalation: false
          capabilities: {}
          privileged: false
          readOnlyRootFilesystem: false
          runAsNonRoot: false
        stdin: true
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        tty: true
      dnsPolicy: ClusterFirst
      imagePullSecrets:
      - name: harbor
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      terminationGracePeriodSeconds: 30
status:
  availableReplicas: 1
  conditions:
  - lastTransitionTime: "2019-12-01T08:37:21Z"
    lastUpdateTime: "2019-12-01T08:37:21Z"
    message: Deployment has minimum availability.
    reason: MinimumReplicasAvailable
    status: "True"
    type: Available
  - lastTransitionTime: "2019-12-01T08:32:53Z"
    lastUpdateTime: "2019-12-01T08:37:21Z"
    message: ReplicaSet "pipeline-example-dotnetcore-84d4cfbb75" has successfully progressed.
    reason: NewReplicaSetAvailable
    status: "True"
    type: Progressing
  observedGeneration: 7
  readyReplicas: 1
  replicas: 1
  updatedReplicas: 1

 

至此全部部署完畢。