K8s部署GitlabCIRunner
- K8s 版本:
1.20.6 - GitLab CI 最大的作用是管理各个项目的构建状态。因此,运行构建任务这种浪费资源的事情交给一个独立的 Gitlab Runner 来做就会好很多,而且 Gitlab Runner 可以安装到不同的机器上
- 只要在项目中添加一个
.gitlab-ci.yml文件,然后添加一个 Runner ,即可进行持续集成 - 官方文档:Install GitLab Runner | GitLab
1. 介绍
- Pipeline:相当于一次构建任务,里面可以包含多个流程,如安装依赖、运行测试、编译、部署测试服务器、部署生产服务器等。任何提交或者 Merge Request 的合并都可以触发 Pipeline 构建
- Stages:表示一个构建阶段。一次 Pipeline 中可定义多个 Stages
- 所有 Stages 会顺序运行,即当一个 Stage 完成后,下一个 Stage 才会开始
- 只有当所有 Stages 完成后,该构建任务才会成功
- 如果任何一个 Stage 失败,那么后面的 Stages 不会执行,该构建任务失败
- Jobs:表示构建工作,即某个 Stage 里面执行的工作。一个 Stage 中可定义多个 Jobs
- 相同 Stage 中的 Jobs 会并行执行
- 相同 Stage 中的 Jobs 都执行成功时,该 Stage 才会成功
- 如果任何一个 Job 失败,那么该 Stage 失败,即该构建任务失败
- Runner:执行 Gitlab CI 构建任务
2. Gitlab Runner
- gitlab-ci-runner-cm:Runner 镜像所需环境变量
- 其他选项可在 Pod 中运行
gitlab-ci-multi-runner register --help查看
- 其他选项可在 Pod 中运行
- gitlab-ci-token:存放加密的 Gitlab CI runner token
- http://gitlab.south.com/admin/runners ->
K9Qhf4Sh1T7fqxHSWS5s
- http://gitlab.south.com/admin/runners ->
- gitlab-ci-runner-scripts:一个用于注册、运行和取消注册 Gitlab CI Runner 的脚本
- 只有当 Pod 正常通过 Kubernetes(TERM 信号)终止时,才会触发取消注册。如果强制终止 Pod(SIGKILL 信号),Runner 将不会注销自身,必须手动完成对这种被杀死的 Runner 的清理
- gitlab-ci-runner:Runner 的 StatefulSet 控制器
- 通过 K8s 生命周期钩子:开始运行时取消注册所有的同名 Runner;节点丢失时(即 NodeLost 事件)重新注册自己并开始运行;正常停止 Pod 时运行 unregister 命令来取消自己
apiVersion: v1kind: ServiceAccount
metadata:
name: gitlab-ci
namespace: gitlab
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: gitlab-ci
namespace: gitlab
rules:
- apiGroups: [""]
resources: ["*"]
verbs: ["*"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: gitlab-ci
namespace: gitlab
subjects:
- kind: ServiceAccount
name: gitlab-ci
namespace: gitlab
roleRef:
kind: Role
name: gitlab-ci
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: gitlab-ci-runner
name: gitlab-ci-runner-cm
namespace: gitlab
data:
REGISTER_NON_INTERACTIVE: "true"
REGISTER_LOCKED: "false"
METRICS_SERVER: "0.0.0.0:9100"
CI_SERVER_URL: "http://gitlab.gitlab.svc.cluster.local/ci" # *
RUNNER_REQUEST_CONCURRENCY: "4"
RUNNER_EXECUTOR: "kubernetes"
KUBERNETES_NAMESPACE: "gitlab" # *
KUBERNETES_PRIVILEGED: "true"
KUBERNETES_CPU_LIMIT: "1"
KUBERNETES_MEMORY_LIMIT: "1Gi"
KUBERNETES_SERVICE_CPU_LIMIT: "1"
KUBERNETES_SERVICE_MEMORY_LIMIT: "1Gi"
KUBERNETES_HELPER_CPU_LIMIT: "500m"
KUBERNETES_HELPER_MEMORY_LIMIT: "100Mi"
KUBERNETES_PULL_POLICY: "if-not-present"
KUBERNETES_TERMINATIONGRACEPERIODSECONDS: "10"
KUBERNETES_POLL_INTERVAL: "5"
KUBERNETES_POLL_TIMEOUT: "360"
---
apiVersion: v1
kind: Secret
metadata:
name: gitlab-ci-token
namespace: gitlab
labels:
app: gitlab-ci-runner
data:
GITLAB_CI_TOKEN: SzlRaGY0U2gxVDdmcXhIU1dTNXMK # echo K9Qhf4Sh1T7fqxHSWS5s | base64 -w0
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: gitlab-ci-runner
name: gitlab-ci-runner-scripts
namespace: gitlab
data:
run.sh: |
#!/bin/bash
unregister() {
kill %1
echo "Unregistering runner ${RUNNER_NAME} ..."
/usr/bin/gitlab-ci-multi-runner unregister -t "$(/usr/bin/gitlab-ci-multi-runner list 2>&1 | tail -n1 | awk "{print $4}" | cut -d"=" -f2)" -n ${RUNNER_NAME}
exit $?
}
trap "unregister" EXIT HUP INT QUIT PIPE TERM
echo "Registering runner ${RUNNER_NAME} ..."
/usr/bin/gitlab-ci-multi-runner register -r ${GITLAB_CI_TOKEN}
sed -i "s/^concurrent.*/concurrent = ""${RUNNER_REQUEST_CONCURRENCY}""/" /home/gitlab-runner/.gitlab-runner/config.toml
echo "Starting runner ${RUNNER_NAME} ..."
/usr/bin/gitlab-ci-multi-runner run -n ${RUNNER_NAME} &
wait
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: gitlab-ci-runner
namespace: gitlab
labels:
app: gitlab-ci-runner
spec:
updateStrategy:
type: RollingUpdate
replicas: 2
serviceName: gitlab-ci-runner
template:
metadata:
labels:
app: gitlab-ci-runner
spec:
volumes:
- name: gitlab-ci-runner-scripts
projected:
sources:
- configMap:
name: gitlab-ci-runner-scripts
items:
- key: run.sh
path: run.sh
mode: 0755
serviceAccountName: gitlab-ci
securityContext:
runAsNonRoot: true
runAsUser: 999
supplementalGroups: [999]
containers:
- image: gitlab/gitlab-runner:latest
name: gitlab-ci-runner
command:
- /scripts/run.sh
envFrom:
- configMapRef:
name: gitlab-ci-runner-cm
- secretRef:
name: gitlab-ci-token
env:
- name: RUNNER_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
ports:
- containerPort: 9100
name: http-metrics
protocol: TCP
volumeMounts:
- name: gitlab-ci-runner-scripts
mountPath: "/scripts"
readOnly: true
restartPolicy: Always
创建:
$ kubectl create -f gitlab-runner.yaml$ kubectl -n gitlab get pod
NAME READY STATUS RESTARTS AGE
gitlab-7b894fcff-mnkb4 1/1 Running 0 69m
gitlab-ci-runner-0 1/1 Running 0 2m
gitlab-ci-runner-1 1/1 Running 0 2m
postgresql-6b6b478f-s6nj7 1/1 Running 0 69m
redis-7db89c7d46-fqdr5 1/1 Running 0 69m
结果:
在 http://gitlab.south.com/admin/runners 即可看到两个 Runner 实例
参考:在 Kubernetes 上安装 Gitlab CI Runner-阳明的博客
以上是 K8s部署GitlabCIRunner 的全部内容, 来源链接: utcz.com/z/519884.html
