在kubernetes上部署GitLab Runner

GitLab Runner是一个开源项目,用于运行您的jobs并将结果发送回GitLab。它与GitLab CI一起使用,GitLab CI是GitLab随附的开源持续集成服务,用于协调jobs。

注册Runner

查看配置信息

在Kubernetes上设置Gitlab Runner的第一步是获取身份验证令牌。此令牌非常重要,因为它会向Gitlab验证您的跑步者。要注册Runner,我们需要从Gitlab获取配置详细信息并完成Runner的注册过程。

这里我是直接使用root账户来注册的,查看位于Admin Area > Runners 的“Set up a shared Runner manually”(手动设置共享Runner),这里包含使用Gitlab注册新Runner所需的配置详细信息,记住URL和token。

run01

注意: 使用其他普通账户可以注册Specific Runners(特定的runner),配置信息位于相关项目的Settings > CI/CD > Runners 下。

注册Runner

接下来,我们需要完成注册过程以连接新的Runner。注册Runner的最简单方法是使用Runner 在本地启动Docker容器来进行注册:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# docker run --rm -it --entrypoint /bin/bash gitlab/gitlab-runner:latest
root@ceb637716b3c:/# gitlab-runner register ##注册runner
Runtime platform arch=amd64 os=linux pid=30 revision=692ae235 version=11.9.0
Running in system-mode.

Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
http://192.168.100.128:32626/ ##配置gitlab-ci的URL,通常为域名
Please enter the gitlab-ci token for this runner:
5cy-91nwWtcqsuNXWZmF ##输入gitlab-ci token
Please enter the gitlab-ci description for this runner:
[ceb637716b3c]: Kubernetes Gitlab-Runner ##输入gitlab-ci的描述
Please enter the gitlab-ci tags for this runner (comma separated):
kubernetes,gitlab-runner ##输入该runner的tag
Registering runner... succeeded runner=5cy-91nw
Please enter the executor: shell, virtualbox, docker+machine, docker-ssh+machine, kubernetes, parallels, docker-ssh, ssh, docker:
kubernetes ##输入executor
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!

root@ceb637716b3c:/# grep token /etc/gitlab-runner/config.toml ##获取身份验证令牌
token = "-YGyg2YY_E4z9siNhpxj"
bearer_token_overwrite_allowed = false

注意:复制此令牌并确保不会丢失它,这是验证Runner连接Gitlab的唯一身份令牌。保存令牌后,为安全计,请删除Docker实例。

在Kubernetes上部署Runner

为Runner创建RBAC(角色访问控制)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# vim gitlab-runner-rbac.yaml 
apiVersion: v1
kind: ServiceAccount
metadata:
name: gitlab-runner
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: gitlab-runner
rules:
- apiGroups: [""]
resources: ["*"]
verbs: ["*"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: gitlab-runner
subjects:
- kind: ServiceAccount
name: gitlab-runner
roleRef:
kind: Role
name: gitlab-runner
apiGroup: rbac.authorization.k8s.io

创建ConfigMap

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# vim config.toml 
concurrent = 4

[[runners]]
name = "Kubernetes Gitlab-Runner"
url = "http://192.168.100.128:32626"
token = "-YGyg2YY_E4z9siNhpxj"
executor = "kubernetes"
[runners.kubernetes]
namespace = "default"
privileged = true
poll_timeout = 600
cpu_request = "1"
service_cpu_request = "200m"
[[runners.kubernetes.volumes.host_path]]
name = "docker"
mount_path = "/var/run/docker.sock"
host_path = "/var/run/docker.sock"
# kubectl create configmap gitlab-runner-config --from-file=config.toml
configmap/gitlab-runner-config created

关于Kubernetes executor详询:https://docs.gitlab.com/runner/executors/kubernetes.html

部署Runner

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# vim gitlab-runner.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: gitlab-runner
spec:
replicas: 1
selector:
matchLabels:
name: gitlab-runner
template:
metadata:
labels:
name: gitlab-runner
spec:
serviceAccountName: gitlab-runner
containers:
- name: gitlab-runner
image: 192.168.100.100/gitlab/gitlab-runner:v11.9.0
imagePullPolicy: Always
resources:
requests:
cpu: "100m"
limits:
cpu: "100m"
volumeMounts:
- name: config
mountPath: /etc/gitlab-runner/config.toml
readOnly: true
subPath: config.toml
volumes:
- name: config
configMap:
name: gitlab-runner-config
restartPolicy: Always
# kubectl apply -f .
serviceaccount/gitlab-runner created
role.rbac.authorization.k8s.io/gitlab-runner created
rolebinding.rbac.authorization.k8s.io/gitlab-runner created
deployment.extensions/gitlab-runner created

查看连接情况

run02

注意:再次说明,使用root账户创建的runner是共享的,其他项目、其他用户的项目都可以使用。而在某个用户下创建的项目为特定runner,只执行该项目jobs。

使用Runner新建一个项目

配置环境变量

配置项位于该项目 Settings > CI/CD > Environment variables 下

run03

新建一个简单的dockerfile文件

1
2
3
FROM 192.168.100.100/library/alpine:3.9
WORKDIR /app
RUN echo "hello" > hh.txt

新建gitlab-ci.yml配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
image:
name: 192.168.100.100/library/alpine:3.9

stages:
- test

test:
stage: test
image: 192.168.100.100/docker/docker:18
script:
- docker info
- docker login -u $harbor_username -p $harbor_password 192.168.100.100
- docker build -t 192.168.100.100/docker/test:latest .
- docker push 192.168.100.100/docker/test:latest
tags:
- kubernetes

run04

这里要注意的是,我截的图着重将clone的地址也截了下来,这里的gitlab为service。如果你是用的域名,而且域名可达,可忽略该问题。如果域名不可达,或者使用的是nodeport,又或者像我这样使用的是service,就需要更改gitlab的配置文件,不然gitlab-runner会出现无法Cloning repository的问题。这里我通过configmap挂载gitlab.rb配置文件到/etc/gitlab/目录来实现,gitlab.rb只需配置如下即可:
external_url “http://gitlab"

之后gitlab-runner会自动进行构建,构建成功会显示“passed”,失败则会显示“failed”。

run05

点击“Stages”可查看相关构建阶段的详细信息

run06

参照文章:https://adambcomer.com/blog/setup-gitlab-cicd-on-kubernetes.html

ZhiJian wechat
欢迎您扫一扫上面的二维码,订阅我的微信公众号!
-------------本文结束,感谢您的阅读-------------