CloudNative: drone - x893675/note GitHub Wiki
环境说明
- 服务器ip:
192.168.2.84 - docker版本:
19.03
gogs安装
docker run -d --name=gogs -p 10022:22 -p 10080:3000 -v /opt/gogs:/data gogs/gogs:latest
访问ui进行服务初始化,为了简单,使用sqlte3数据库
drone安装
drone server
docker run \
--volume=/usr/share/zoneinfo:/usr/share/zoneinfo:ro \
--volume=/etc/localtime:/etc/localtime:ro \
--volume=/opt/drone:/data \
--env=DRONE_AGENTS_ENABLED=true \
--env=DRONE_GOGS_SERVER=http://192.168.2.84:10080 \
--env=DRONE_GOGS_SKIP_VERIFY=true \
--env=DRONE_RPC_SECRET=secret123456 \
--env=DRONE_SERVER_HOST=192.168.2.84:8080 \
--env=DRONE_SERVER_PROTO=http \
--env=DRONE_LOGS_TRACE=true \
--env=DRONE_USER_CREATE=username:Admin,admin:true,token:55f24eb3d61ef6ac5e83d550178638dc \
--publish=8080:80 \
--publish=20443:443 \
--restart=always \
--detach=true \
--name=drone \
drone/drone:1
drone docker runner
docker run -d \
--volume=/usr/share/zoneinfo:/usr/share/zoneinfo:ro \
--volume=/etc/localtime:/etc/localtime:ro \
-v /var/run/docker.sock:/var/run/docker.sock \
-e DRONE_RPC_PROTO=http \
-e DRONE_RPC_HOST=192.168.2.84:8080 \
-e DRONE_RPC_SECRET=secret123456 \
-e DRONE_RUNNER_CAPACITY=2 \
-e DRONE_LOGS_TRACE=true \
-e DRONE_RUNNER_NAME=runner \
-p 3000:3000 \
--restart always \
--name runner \
drone/drone-runner-docker:1
可以使用192.168.2.84:8080访问drone的ui,使用gogs的账号登录,drone的admin账号无法登录界面,使用token进行命令行操作
常用drone pipeline
使用docker插件构建
kind: pipeline
type: docker
name: push-build
clone:
depth: 10
steps:
- name: build-apiserver
image: plugins/docker
pull: if-not-exists
settings:
repo: caas4/dev-platform-apiserver
username:
from_secret: DOCKER_USERNAME
password:
from_secret: DOCKER_PASSWORD
dockerfile: Dockerfile
auto_tag: true
build_args:
- REPO_URL=${DRONE_REPO}
- BRANCH=${DRONE_BRANCH}
- COMMIT_REF=${DRONE_COMMIT_SHA}
- VERSION=${DRONE_COMMIT_SHA:0:8}-${DRONE_BUILD_CREATED}
- HTTP_PROXY=http://172.20.139.209:8118
- name: email-notify
image: drillster/drone-email
pull: if-not-exists
settings:
host: xxx.xxx.xxx.com
port: 465
username:
from_secret: EMAIL_USER
password:
from_secret: EMAIL_PASSWORD
from:
from_secret: EMAIL_USER
recipients: [[email protected]]
recipients_only: true
skip_verify: true
when:
status: [ success, failure ]
trigger:
event:
- push
---
kind: pipeline
type: docker
name: nightly-update-dev
clone:
depth: 10
steps:
- name: update-deploy
image: bitnami/kubectl:latest
pull: if-not-exists
user: root
environment:
KUBE_CONFIG:
from_secret: devenv-kubeconfig #将kubeconf文件base64编码,注意换行,需要使用base64 -w0 禁用换行
NAMESPACE: devel
commands:
- mkdir /.kube && echo -n $KUBE_CONFIG | base64 -d > /.kube/config
- kubectl set env deployment/middle-platform-auth-deployment DRONE_REVISION=${DRONE_BUILD_NUMBER} -n $NAMESPACE
- kubectl set env deployment/middle-platform-account-deployment DRONE_REVISION=${DRONE_BUILD_NUMBER} -n $NAMESPACE
- kubectl set env deployment/middle-platform-gw-deployment DRONE_REVISION=${DRONE_BUILD_NUMBER} -n $NAMESPACE
when:
branch:
- master
- name: email-notify
image: drillster/drone-email
pull: if-not-exists
settings:
host: xxx.xxx.xxx.com
port: 465
username:
from_secret: EMAIL_USER
password:
from_secret: EMAIL_PASSWORD
from:
from_secret: EMAIL_USER
recipients: [[email protected]]
recipients_only: true
skip_verify: true
when:
status: [ success, failure ]
trigger:
event:
- cron
- promote
- rollback
cron:
- devel-daily-update #用命令行或ui上为改仓库创建的cron的名字
使用buildx构建多架构镜像(需要docker服务端安装buildx环境)
kind: pipeline
type: docker
name: push-build
clone:
depth: 10
steps:
- name: build-image
image: hanamichi/docker:19.03-buildx
pull: if-not-exists
environment:
DOCKER_USER:
from_secret: DOCKER_USERNAME
DOCKER_PASS:
from_secret: DOCKER_PASSWORD
GOPROXY: https://goproxy.cn,direct
DOCKER_ORG: hanamichi
DOCKER_TAG: latest
volumes:
- name: sock
path: /var/run/docker.sock
commands:
- docker buildx create --use --name mybuilder
- docker buildx inspect mybuilder --bootstrap
- echo -n $DOCKER_PASS | docker login --username $DOCKER_USER --password-stdin
- >-
docker buildx build -f build/account/Dockerfile --build-arg BRANCH=${DRONE_BRANCH}
--build-arg REPO_URL=${DRONE_REPO} --build-arg COMMIT_REF=${DRONE_COMMIT_SHA}
--build-arg VERSION=${DRONE_COMMIT_SHA:0:8}-${DRONE_BUILD_CREATED} --build-arg GOPROXY=$GOPROXY
-t $DOCKER_ORG/middle-platform-account:$DOCKER_TAG --platform=linux/arm64,linux/amd64 . --push
- docker logout
- docker buildx stop mybuilder && docker buildx rm mybuilder
volumes:
- name: sock
host:
path: /var/run/docker.sock
trigger:
event:
- push
上传镜像到私有镜像仓库
docker buildx 上传镜像到私有镜像仓库,通过改 host 以及加证书没有效果。是因为 docker buildx 使用 dns 来解析。
要使用 docker buildx 上传到私有镜像仓库,需要在宿主机搭建一个本地 dns,更改 /etc/resolv.conf
使用 drone exec runner
samples
环境说明:
- 私有 harbor, 域名为 caas.registry.com,使用自签 tls 证书
- centos内核: 5.4.118-1.el7.elrepo.x86_64, 本机 ip: 10.0.0.13
- 已安装 docker buildx
- harbor 证书已放置在
/etc/docker/certs.d/目录中
步骤如下:
-
以 systemd 方式安装 coredns, cordons 配置文件如下:
.:53 { # 绑定interface ip bind 10.0.0.13 # 先走本机的hosts # https://coredns.io/plugins/hosts/ hosts { # 自定义sms.service search.service 的解析 # 因为解析的域名少我们这里直接用hosts插件即可完成需求 # 如果有大量自定义域名解析那么建议用file插件使用 符合RFC 1035规范的DNS解析配置文件 172.16.29.140 caas.registry.com # ttl ttl 60 # 重载hosts配置 reload 1m # 继续执行 fallthrough } # file enables serving zone data from an RFC 1035-style master file. # https://coredns.io/plugins/file/ # file service.signed service # 最后所有的都转发到系统配置的上游dns服务器去解析 forward . /etc/resolv.conf # 缓存时间ttl cache 120 # 自动加载配置文件的间隔时间 reload 6s # 输出日志 log # 输出错误 errors } -
将
nameserver 10.0.0.13本机 ip 写入/etc/resolv.conf的第一行,ping harbor 地址查看是否正常 -
测试登录harbor,拉取镜像正常
-
参考 drone exec runner 安装 部署 drone exec runner
-
创建 cicd buildx instance
docker buildx create --driver-opt network=host --global --use --name cicd-globaldocker buildx use --global cicd- 进入 buildx cicd 的实例容器,
docker exec -it buildx_buildkit_cicd0 sh, 将 harbor 的 ca 证书加入到 /etc/ssl/certs/ca-certificates.crt 末尾 - 验证在本机执行 buildx 构建上传到 harbor 仓库
-
drone.yml 例子
kind: pipeline type: exec name: push-build clone: depth: 10 platform: os: linux arch: amd64 steps: - name: build-image environment: DOCKER_USER: from_secret: DOCKER_USERNAME DOCKER_PASS: from_secret: DOCKER_PASSWORD DOCKER_REGISTRY: caas.registry.com DOCKER_ORG: library DOCKER_TAG: v0.0.1 commands: - env - mkdir -pv $HOMEPATH/.docker/buildx/instances - cp /root/.docker/buildx/instances/cicd $HOMEPATH/.docker/buildx/instances/cicd - docker buildx ls - docker buildx use cicd - echo -n $DOCKER_PASS | docker login $DOCKER_REGISTRY --username $DOCKER_USER --password-stdin - docker buildx build -f Dockerfile --build-arg VERSION=${DRONE_COMMIT_SHA} --tag $DOCKER_REGISTRY/$DOCKER_ORG/coredns:$DOCKER_TAG --tag $DOCKER_REGISTRY/$DOCKER_ORG/coredns:$DOCKER_TAG-${DRONE_COMMIT_SHA:0:6} --platform=linux/arm64,linux/amd64 . --push when: branch: - master - name: clean environment: DOCKER_REGISTRY: caas.registry.com commands: - docker logout $DOCKER_REGISTRY || true when: status: - success - failure trigger: event: - push