K8s 部署 Gitlab CI Runner

  • A+
所属分类:linux技术
摘要

创建:结果:在 http://gitlab.south.com/admin/runners 即可看到两个 Runner 实例参考:在 Kubernetes 上安装 Gitlab CI Runner-阳明的博客
便宜好用的国外VPS推荐
  • K8s 版本:1.20.6
  • GitLab CI 最大的作用是管理各个项目的构建状态。因此,运行构建任务这种浪费资源的事情交给一个独立的 Gitlab Runner 来做就会好很多,而且 Gitlab Runner 可以安装到不同的机器上
  • 只要在项目中添加一个.gitlab-ci.yml文件,然后添加一个 Runner ,即可进行持续集成
  • 官方文档:Install GitLab Runner | GitLab

1. 介绍

  • Pipeline:相当于一次构建任务,里面可以包含多个流程,如安装依赖、运行测试、编译、部署测试服务器、部署生产服务器等。任何提交或者 Merge Request 的合并都可以触发 Pipeline 构建
  • Stages:表示一个构建阶段。一次 Pipeline 中可定义多个 Stages
    • 所有 Stages 会顺序运行,即当一个 Stage 完成后,下一个 Stage 才会开始
    • 只有当所有 Stages 完成后,该构建任务才会成功
    • 如果任何一个 Stage 失败,那么后面的 Stages 不会执行,该构建任务失败
  • Jobs:表示构建工作,即某个 Stage 里面执行的工作。一个 Stage 中可定义多个 Jobs
    • 相同 Stage 中的 Jobs 会并行执行
    • 相同 Stage 中的 Jobs 都执行成功时,该 Stage 才会成功
    • 如果任何一个 Job 失败,那么该 Stage 失败,即该构建任务失败
  • Runner:执行 Gitlab CI 构建任务

2. Gitlab Runner

  • gitlab-ci-runner-cm:Runner 镜像所需环境变量
    • 其他选项可在 Pod 中运行gitlab-ci-multi-runner register --help查看
  • gitlab-ci-token:存放加密的 Gitlab CI runner token
  • gitlab-ci-runner-scripts:一个用于注册、运行和取消注册 Gitlab CI Runner 的脚本
    • 只有当 Pod 正常通过 Kubernetes(TERM 信号)终止时,才会触发取消注册。如果强制终止 Pod(SIGKILL 信号),Runner 将不会注销自身,必须手动完成对这种被杀死的 Runner 的清理
  • gitlab-ci-runner:Runner 的 StatefulSet 控制器
    • 通过 K8s 生命周期钩子:开始运行时取消注册所有的同名 Runner;节点丢失时(即 NodeLost 事件)重新注册自己并开始运行;正常停止 Pod 时运行 unregister 命令来取消自己
apiVersion: v1 kind: ServiceAccount metadata:   name: gitlab-ci   namespace: gitlab --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata:   name: gitlab-ci   namespace: gitlab rules:   - apiGroups: [""]     resources: ["*"]     verbs: ["*"] --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata:   name: gitlab-ci   namespace: gitlab subjects:   - kind: ServiceAccount     name: gitlab-ci     namespace: gitlab roleRef:   kind: Role   name: gitlab-ci   apiGroup: rbac.authorization.k8s.io  --- apiVersion: v1 kind: ConfigMap metadata:   labels:     app: gitlab-ci-runner   name: gitlab-ci-runner-cm   namespace: gitlab data:   REGISTER_NON_INTERACTIVE: "true"   REGISTER_LOCKED: "false"   METRICS_SERVER: "0.0.0.0:9100"   CI_SERVER_URL: "http://gitlab.gitlab.svc.cluster.local/ci"  # *   RUNNER_REQUEST_CONCURRENCY: "4"   RUNNER_EXECUTOR: "kubernetes"   KUBERNETES_NAMESPACE: "gitlab"  # *   KUBERNETES_PRIVILEGED: "true"   KUBERNETES_CPU_LIMIT: "1"   KUBERNETES_MEMORY_LIMIT: "1Gi"   KUBERNETES_SERVICE_CPU_LIMIT: "1"   KUBERNETES_SERVICE_MEMORY_LIMIT: "1Gi"   KUBERNETES_HELPER_CPU_LIMIT: "500m"   KUBERNETES_HELPER_MEMORY_LIMIT: "100Mi"   KUBERNETES_PULL_POLICY: "if-not-present"   KUBERNETES_TERMINATIONGRACEPERIODSECONDS: "10"   KUBERNETES_POLL_INTERVAL: "5"   KUBERNETES_POLL_TIMEOUT: "360" --- apiVersion: v1 kind: Secret metadata:   name: gitlab-ci-token   namespace: gitlab   labels:     app: gitlab-ci-runner data:   GITLAB_CI_TOKEN: SzlRaGY0U2gxVDdmcXhIU1dTNXMK  # echo K9Qhf4Sh1T7fqxHSWS5s | base64 -w0 --- apiVersion: v1 kind: ConfigMap metadata:   labels:     app: gitlab-ci-runner   name: gitlab-ci-runner-scripts   namespace: gitlab data:   run.sh: |     #!/bin/bash     unregister() {         kill %1         echo "Unregistering runner ${RUNNER_NAME} ..."         /usr/bin/gitlab-ci-multi-runner unregister -t "$(/usr/bin/gitlab-ci-multi-runner list 2>&1 | tail -n1 | awk '{print $4}' | cut -d'=' -f2)" -n ${RUNNER_NAME}         exit $?     }     trap 'unregister' EXIT HUP INT QUIT PIPE TERM     echo "Registering runner ${RUNNER_NAME} ..."     /usr/bin/gitlab-ci-multi-runner register -r ${GITLAB_CI_TOKEN}     sed -i 's/^concurrent.*/concurrent = '"${RUNNER_REQUEST_CONCURRENCY}"'/' /home/gitlab-runner/.gitlab-runner/config.toml     echo "Starting runner ${RUNNER_NAME} ..."     /usr/bin/gitlab-ci-multi-runner run -n ${RUNNER_NAME} &     wait  --- apiVersion: apps/v1 kind: StatefulSet metadata:   name: gitlab-ci-runner   namespace: gitlab   labels:     app: gitlab-ci-runner spec:   updateStrategy:     type: RollingUpdate   replicas: 2   serviceName: gitlab-ci-runner   template:     metadata:       labels:         app: gitlab-ci-runner     spec:       volumes:       - name: gitlab-ci-runner-scripts         projected:           sources:           - configMap:               name: gitlab-ci-runner-scripts               items:               - key: run.sh                 path: run.sh                 mode: 0755       serviceAccountName: gitlab-ci       securityContext:         runAsNonRoot: true         runAsUser: 999         supplementalGroups: [999]       containers:       - image: gitlab/gitlab-runner:latest         name: gitlab-ci-runner         command:         - /scripts/run.sh         envFrom:         - configMapRef:             name: gitlab-ci-runner-cm         - secretRef:             name: gitlab-ci-token         env:         - name: RUNNER_NAME           valueFrom:             fieldRef:               fieldPath: metadata.name         ports:         - containerPort: 9100           name: http-metrics           protocol: TCP         volumeMounts:         - name: gitlab-ci-runner-scripts           mountPath: "/scripts"           readOnly: true       restartPolicy: Always

创建:

$ kubectl create -f gitlab-runner.yaml $ kubectl -n gitlab get pod NAME                        READY   STATUS    RESTARTS   AGE gitlab-7b894fcff-mnkb4      1/1     Running   0          69m gitlab-ci-runner-0          1/1     Running   0          2m gitlab-ci-runner-1          1/1     Running   0          2m postgresql-6b6b478f-s6nj7   1/1     Running   0          69m redis-7db89c7d46-fqdr5      1/1     Running   0          69m

结果:

http://gitlab.south.com/admin/runners 即可看到两个 Runner 实例

参考:在 Kubernetes 上安装 Gitlab CI Runner-阳明的博客

便宜好用的国外VPS推荐