K8s部署GitlabCIRunner

编程

  • K8s 版本:1.20.6
  • GitLab CI 最大的作用是管理各个项目的构建状态。因此,运行构建任务这种浪费资源的事情交给一个独立的 Gitlab Runner 来做就会好很多,而且 Gitlab Runner 可以安装到不同的机器上
  • 只要在项目中添加一个.gitlab-ci.yml文件,然后添加一个 Runner ,即可进行持续集成
  • 官方文档:Install GitLab Runner | GitLab

1. 介绍

  • Pipeline:相当于一次构建任务,里面可以包含多个流程,如安装依赖、运行测试、编译、部署测试服务器、部署生产服务器等。任何提交或者 Merge Request 的合并都可以触发 Pipeline 构建
  • Stages:表示一个构建阶段。一次 Pipeline 中可定义多个 Stages

    • 所有 Stages 会顺序运行,即当一个 Stage 完成后,下一个 Stage 才会开始
    • 只有当所有 Stages 完成后,该构建任务才会成功
    • 如果任何一个 Stage 失败,那么后面的 Stages 不会执行,该构建任务失败

  • Jobs:表示构建工作,即某个 Stage 里面执行的工作。一个 Stage 中可定义多个 Jobs

    • 相同 Stage 中的 Jobs 会并行执行
    • 相同 Stage 中的 Jobs 都执行成功时,该 Stage 才会成功
    • 如果任何一个 Job 失败,那么该 Stage 失败,即该构建任务失败

  • Runner:执行 Gitlab CI 构建任务

2. Gitlab Runner

  • gitlab-ci-runner-cm:Runner 镜像所需环境变量

    • 其他选项可在 Pod 中运行gitlab-ci-multi-runner register --help查看

  • gitlab-ci-token:存放加密的 Gitlab CI runner token

    • http://gitlab.south.com/admin/runners -> K9Qhf4Sh1T7fqxHSWS5s

  • gitlab-ci-runner-scripts:一个用于注册、运行和取消注册 Gitlab CI Runner 的脚本

    • 只有当 Pod 正常通过 Kubernetes(TERM 信号)终止时,才会触发取消注册。如果强制终止 Pod(SIGKILL 信号),Runner 将不会注销自身,必须手动完成对这种被杀死的 Runner 的清理

  • gitlab-ci-runner:Runner 的 StatefulSet 控制器

    • 通过 K8s 生命周期钩子:开始运行时取消注册所有的同名 Runner;节点丢失时(即 NodeLost 事件)重新注册自己并开始运行;正常停止 Pod 时运行 unregister 命令来取消自己

apiVersion: v1

kind: ServiceAccount

metadata:

name: gitlab-ci

namespace: gitlab

---

kind: Role

apiVersion: rbac.authorization.k8s.io/v1

metadata:

name: gitlab-ci

namespace: gitlab

rules:

- apiGroups: [""]

resources: ["*"]

verbs: ["*"]

---

kind: RoleBinding

apiVersion: rbac.authorization.k8s.io/v1

metadata:

name: gitlab-ci

namespace: gitlab

subjects:

- kind: ServiceAccount

name: gitlab-ci

namespace: gitlab

roleRef:

kind: Role

name: gitlab-ci

apiGroup: rbac.authorization.k8s.io

---

apiVersion: v1

kind: ConfigMap

metadata:

labels:

app: gitlab-ci-runner

name: gitlab-ci-runner-cm

namespace: gitlab

data:

REGISTER_NON_INTERACTIVE: "true"

REGISTER_LOCKED: "false"

METRICS_SERVER: "0.0.0.0:9100"

CI_SERVER_URL: "http://gitlab.gitlab.svc.cluster.local/ci" # *

RUNNER_REQUEST_CONCURRENCY: "4"

RUNNER_EXECUTOR: "kubernetes"

KUBERNETES_NAMESPACE: "gitlab" # *

KUBERNETES_PRIVILEGED: "true"

KUBERNETES_CPU_LIMIT: "1"

KUBERNETES_MEMORY_LIMIT: "1Gi"

KUBERNETES_SERVICE_CPU_LIMIT: "1"

KUBERNETES_SERVICE_MEMORY_LIMIT: "1Gi"

KUBERNETES_HELPER_CPU_LIMIT: "500m"

KUBERNETES_HELPER_MEMORY_LIMIT: "100Mi"

KUBERNETES_PULL_POLICY: "if-not-present"

KUBERNETES_TERMINATIONGRACEPERIODSECONDS: "10"

KUBERNETES_POLL_INTERVAL: "5"

KUBERNETES_POLL_TIMEOUT: "360"

---

apiVersion: v1

kind: Secret

metadata:

name: gitlab-ci-token

namespace: gitlab

labels:

app: gitlab-ci-runner

data:

GITLAB_CI_TOKEN: SzlRaGY0U2gxVDdmcXhIU1dTNXMK # echo K9Qhf4Sh1T7fqxHSWS5s | base64 -w0

---

apiVersion: v1

kind: ConfigMap

metadata:

labels:

app: gitlab-ci-runner

name: gitlab-ci-runner-scripts

namespace: gitlab

data:

run.sh: |

#!/bin/bash

unregister() {

kill %1

echo "Unregistering runner ${RUNNER_NAME} ..."

/usr/bin/gitlab-ci-multi-runner unregister -t "$(/usr/bin/gitlab-ci-multi-runner list 2>&1 | tail -n1 | awk "{print $4}" | cut -d"=" -f2)" -n ${RUNNER_NAME}

exit $?

}

trap "unregister" EXIT HUP INT QUIT PIPE TERM

echo "Registering runner ${RUNNER_NAME} ..."

/usr/bin/gitlab-ci-multi-runner register -r ${GITLAB_CI_TOKEN}

sed -i "s/^concurrent.*/concurrent = ""${RUNNER_REQUEST_CONCURRENCY}""/" /home/gitlab-runner/.gitlab-runner/config.toml

echo "Starting runner ${RUNNER_NAME} ..."

/usr/bin/gitlab-ci-multi-runner run -n ${RUNNER_NAME} &

wait

---

apiVersion: apps/v1

kind: StatefulSet

metadata:

name: gitlab-ci-runner

namespace: gitlab

labels:

app: gitlab-ci-runner

spec:

updateStrategy:

type: RollingUpdate

replicas: 2

serviceName: gitlab-ci-runner

template:

metadata:

labels:

app: gitlab-ci-runner

spec:

volumes:

- name: gitlab-ci-runner-scripts

projected:

sources:

- configMap:

name: gitlab-ci-runner-scripts

items:

- key: run.sh

path: run.sh

mode: 0755

serviceAccountName: gitlab-ci

securityContext:

runAsNonRoot: true

runAsUser: 999

supplementalGroups: [999]

containers:

- image: gitlab/gitlab-runner:latest

name: gitlab-ci-runner

command:

- /scripts/run.sh

envFrom:

- configMapRef:

name: gitlab-ci-runner-cm

- secretRef:

name: gitlab-ci-token

env:

- name: RUNNER_NAME

valueFrom:

fieldRef:

fieldPath: metadata.name

ports:

- containerPort: 9100

name: http-metrics

protocol: TCP

volumeMounts:

- name: gitlab-ci-runner-scripts

mountPath: "/scripts"

readOnly: true

restartPolicy: Always

创建:

$ kubectl create -f gitlab-runner.yaml

$ kubectl -n gitlab get pod

NAME READY STATUS RESTARTS AGE

gitlab-7b894fcff-mnkb4 1/1 Running 0 69m

gitlab-ci-runner-0 1/1 Running 0 2m

gitlab-ci-runner-1 1/1 Running 0 2m

postgresql-6b6b478f-s6nj7 1/1 Running 0 69m

redis-7db89c7d46-fqdr5 1/1 Running 0 69m

结果:

在 http://gitlab.south.com/admin/runners 即可看到两个 Runner 实例

参考:在 Kubernetes 上安装 Gitlab CI Runner-阳明的博客

以上是 K8s部署GitlabCIRunner 的全部内容, 来源链接: utcz.com/z/519884.html

回到顶部