k8s與CICD--將drone部署到kubernetes中,實現agent動態收縮
前言 本文主要講如何把drone部署到k8s叢集當中,本身drone這種基於容器的pipeline方式,和k8s是相當契合的。這樣的好處有:
k8s叢集守護drone-server 和drone-agent。 可以利用rpc特性,根據agent負載壓力來動態調整agent的數量。當然即使不動態調整,我們手動調整一下複製集的數目也是相當簡單的。 部署到k8s叢集以後,可以利用k8s已有的日誌系統和監控系統。
其實在接下來的文章系列中,我們會不斷側重於k8s相關。依舊是直接先上yaml檔案,先來一個直觀的感受。 相關yaml檔案 ConfigMap在此處可以理解為drone應用的配置檔案。這裡有關於server和agent一系列設定。不過在k8s中大家需要注意的是:更新configmap以後,對於掛載該configmap的應用,配置內容並不能立即生效,大約需要10s。 apiVersion: v1 kind: ConfigMap metadata: name: drone-config namespace: devops data:
#######################
Drone Server Config
####################### # server host name server.host: drone.xxx.com
start the server in debug mode
server.debug: "false" # open user registration server.open: "true" # database driver, defaul as sqlite3 server.database.driver: sqlite3
database driver configuration string
server.database.datasource: drone.sqlite
remote parameters (Gogs)
server.remote.gogs: "true" server.remote.gogs.url: "http://gogs.xxx.com" server.remote.gogs.private.mode: "true" ######################
Drone Agent Config
###################### agent.debug: "false" agent.debug.pretty: "false" agent.max.procs: "1" agent.healthcheck: "true" Secret檔案,主要是存放一些祕鑰之類的。不過這裡也是有坑的,這個secret用於server和angent通訊,設定不對就會構建專案一直處於pending狀態。切記k8s中,secret需要base64。 echo -n "yourpassword" | base64 eW91cnBhc3N3b3Jk apiVersion: v1 kind: Secret metadata: name: drone-secrets namespace: devops data: server.secret: eW91cnBhc3N3b3Jk 接下來就是drone-server的Deployment和Service和Ingress。此處為了簡單,用了sqlite資料庫,真正生產環境建議用mysql或是pgsql。即使用sqlite,也應該掛載到ceph中,保證資料的安全。這裡直接hostpath。k8s中,應該做到儲存和計算的分離。 apiVersion: extensions/v1beta1 kind: Deployment metadata: name: drone-server namespace: devops spec: replicas: 1 template: metadata: labels: app: drone-server spec: nodeSelector: net-type: external containers: - image: drone/drone:latest imagePullPolicy: Always name: drone-server ports: - containerPort: 8000 protocol: TCP - containerPort: 9000 protocol: TCP volumeMounts:# Persist our configs in an SQLite DB in here - name: drone-server-sqlite-db mountPath: /var/lib/drone resources: requests: cpu: 40m memory: 32Mi env: - name: DRONE_HOST valueFrom: configMapKeyRef: name: drone-config key: server.host - name: DRONE_OPEN valueFrom: configMapKeyRef: name: drone-config key: server.open - name: DRONE_DATABASE_DRIVER valueFrom: configMapKeyRef: name: drone-config key: server.database.driver - name: DRONE_DATABASE_DATASOURCE valueFrom: configMapKeyRef: name: drone-config key: server.database.datasource - name: DRONE_SECRET valueFrom: secretKeyRef: name: drone-secrets key: server.secret - name: DRONE_GOGS valueFrom: configMapKeyRef: name: drone-config key: server.remote.gogs - name: DRONE_GOGS_URL valueFrom: configMapKeyRef: name: drone-config key: server.remote.gogs.url - name: DRONE_GOGS_PRIVATE_MODE valueFrom: configMapKeyRef: name: drone-config key: server.remote.gogs.private.mode - name: DRONE_DEBUG valueFrom: configMapKeyRef: name: drone-config key: server.debug volumes: - name: drone-server-sqlite-db hostPath: path: /var/lib/drone apiVersion: v1 kind: Service metadata: name: drone-service namespace: devops spec: ports: - name: http protocol: TCP port: 80 targetPort: 8000 - name: grpc protocol: TCP port: 9000 targetPort: 9000 selector: app: drone-server apiVersion: extensions/v1beta1 kind: Ingress metadata: name: drone-ingress namespace: devops spec: rules: - host: drone.xxx.com http: paths: - backend: serviceName: drone-service servicePort: 80 path: / 下面就是agent的部署檔案了,replicas: 1 該項可以設定agent的數量,擴容起來特別方便。server和agent通過grpc的方式進行通訊,主要埠是9000。 apiVersion: extensions/v1beta1 kind: Deployment metadata: name: drone-agent namespace: devops spec: replicas: 1 template: metadata: labels: app: drone-agent spec: nodeSelector: net-type: external containers: - image: drone/agent:latest imagePullPolicy: Always name: drone-agent volumeMounts:# Enables Docker in Docker - name: docker-socket mountPath: /var/run/docker.sock resources: requests: cpu: 100m memory: 64Mi livenessProbe: httpGet: path: /healthz port: 3000 initialDelaySeconds: 3 periodSeconds: 3 env: - name: DRONE_SERVER value: drone-service:9000# issue: https://github.com/drone/drone/issues/2048 - name: DOCKER_API_VERSION value: "1.24" - name: DRONE_SECRET valueFrom: secretKeyRef: name: drone-secrets key: server.secret volumes: - name: docker-socket hostPath: path: /var/run/docker.sock 所有都部署到devops名稱空間下,這個namespace已經建好了。當然如果沒有的話,需要提前建立。 效果圖 總結 專案github地址,這裡有該系列的所有檔案。 本文轉自中文社群-k8s與CICD--將drone部署到kubernetes中,實現agent動態收縮