Original address: K8S environment uses gitlab + drone2 for continuous delivery
K8S environment uses gitlab + drone2 for continuous delivery
Environment description
1. K8S: 1.23.0
2. docker: 20.10.13
3. gitlab: 14.7
4. Drone: 2
5. nfs: 4
drone version notes
Drone has two major versions: drone1 and drone2. Starting from drone2, it was acquired by EDGE and the restart project is: Gitness.
The yaml file provided in this tutorial is suitable for both 1 and 2
drone1 interface
drone2 interface
Start deployment
Step one, create an OAuth application
Create GitLab OAuth application authorization resources in gitlab
Step 2, create a shared key
Create a shared secret to authenticate communication between the runner and the central drone server.
# You can use openssl to generate a shared key [root@llody-dev ~]#openssl rand -hex 16 303b6068fb64fe4296da1f1def6295db
Step 3, start drone-server
apiVersion: v1 Kind: Service metadata: name: drone-service namespace:default spec: selector: app: drone ports: - name: http protocol:TCP port: 80 targetPort: 80 - name: https protocol: TCP port: 443 targetPort: 443 --- apiVersion: v1 kind: ConfigMap metadata: name: drone-config namespace:default data: DRONE_GITLAB_SERVER: "gitlab address" DRONE_GITLAB_CLIENT_ID: "GitLab oauth client ID" DRONE_GITLAB_CLIENT_SECRET: "GitLab oauth client secret" DRONE_RPC_SECRET: "Shared key generated above" DRONE_SERVER_HOST: "drone address, it is recommended to fill in the domain name" DRONE_SERVER_PROTO: "https" DRONE_USER_CREATE: "username:gitlab administrator name,admin:true" --- apiVersion: apps/v1 Kind: Deployment metadata: name: drone-deployment namespace:default spec: replicas: 1 selector: matchLabels: app: drone template: metadata: labels: app: drone spec: containers: - name: drone image: drone/drone:2 volumeMounts: - name: drone-data mountPath: /data envFrom: - configMapRef: name: drone-config ports: - containerPort: 80 - containerPort: 443 resources: limits: cpu: 2000m memory: 2048Mi requests: cpu: 100m memory: 512Mi volumes: - name: drone-data persistentVolumeClaim: claimName: drone-pvc --- apiVersion: v1 kind: PersistentVolumeClaim metadata: # pvc name name: drone-pvc spec: # Read and write permissions accessModes: - ReadWriteOnce # Storage class used storageClassName: managed-nfs-storage # Define capacity resources: requests: Storage: 5Gi --- apiVersion: extensions/v1beta1 Kind: Ingress metadata: annotations: #nginx.ingress.kubernetes.io/rewrite-target: / kubernetes.io/ingress.class: traefik traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.entrypoints: websecure labels: app: drone name: drone namespace:default spec: rules: - host: droneci.llody.com http: paths: - backend: serviceName: drone-service servicePort: 80 path: / pathType: ImplementationSpecific tls: - hosts: - droneci.llody.com secretName: wildcard.llody.com-tls
There are several points to note
1. The file relies on NFS storage
2. Treafik is used in the file as the ingress external exposure port.
3. Explain several variables in configmap:
DRONE_GITLAB_CLIENT_ID** Required string value provides your GitLab oauth client ID.
DRONE_GITLAB_CLIENT_SECRET** Required string value providing the GitLab oauth client secret.
The DRONE_GITLAB_SERVER** option string value provides your GitLab server URL. The default value is the server address at gitlab.com. `https://gitlab.com`
DRONE_GIT_ALWAYS_AUTH** Optional boolean value configures Drone to authenticate when cloning a public repository. This feature should only be enabled when using self-hosted GitLab with private mode enabled.
DRONE_RPC_SECRET** The required string value provides the shared secret generated in the previous step. This is used to verify the rpc connection between the server and the runner. The same key value must be provided for both server and runner.
DRONE_SERVER_HOST** Required string value provides the external hostname or IP address. If using an IP address, you can include the port. For example
drone.domain.com
DRONE_SERVER_PROTO** Required string value providing external protocol scheme. This value should be set to or . If ssl or acme is configured, this field defaults to https. `http“https`
DRONE_USER_FILTER** Optional comma separated list of GitLab users or organizations. Registration is limited to users on this list or who are members of organizations on this list. *If this value is not set, registration is open to the public. *
Step 4, deploy drone-runner
--- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace:default name: drone rules: - apiGroups: - "" resources: - secrets verbs: -create -delete - apiGroups: - "" resources: -pods -pods/log verbs: - get -create -delete - list - watch -update --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: drone namespace:default subjects: - kind: ServiceAccount name:default namespace:default roleRef: kind: Role name: drone apiGroup: rbac.authorization.k8s.io --- apiVersion: apps/v1 Kind: Deployment metadata: name: drone-runner labels: app.kubernetes.io/name: drone-runner spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: drone-runner template: metadata: labels: app.kubernetes.io/name: drone-runner spec: containers: - name: drone-runner image: drone/drone-runner-kube:latest ports: - containerPort: 3000 env: - name: DRONE_RPC_HOST value: drone-service.default.svc.cluster.local # Drone Server address - name: DRONE_RPC_PROTO value: http - name: DRONE_RPC_SECRET value: 303b6068fb64fe4296da1f1def6295db # The secret shared key filled in during Drone Server deployment --- apiVersion: v1 Kind: Service metadata: name: drone-runner-service spec: selector: app: drone-runner ports: - protocol: TCP port: 3000 targetPort: 3000
Step 5, log in
The user name here is best consistent with the account name in gitlab
Step 6: Enable the required options and configure the required certificate keys, such as image repository address, cache, etc.
Step 7: Log in to gitlab to confirm whether webhooks are automatically configured
Note: This option is automatically configured after enabling association on your drone page.
Step 8: Write .drone.yml under the nginx-test project
Modify the .drone.yml file and push it to the gitlab warehouse
Note that I only performed one operation here, pulling the image I made myself, printing the current path and printing the current file. By default, it will be divided into two steps. The first step will pull the code, and the second step will execute the builds job.
For more pipeline, please refer to the official website: https://docs.drone.io/pipeline/overview/
Step 9, view execution results
Summary
Although drone2 may not have a follow-up version, you can still pay attention to Gitness.
Drone2 classifies the CICD information of each project, unlike drone1, which is all piled on one page.
Later, I will add some more silky uses of drone in the cloud native environment.