基于 Drone + Gogs 构建私有 CI/CD 平台 | Kubernetes 篇

前言

很久之前、部署方案选择了基于 Docker 的容器化落地方案，极简描述与总结于 gogs_drone_docker。但是随着微服务抽象定义的服务越来越多、团队规模越来越壮大时，单机部署的自动化持续部署平台在并行处理任务可能会出现大量排队、扩容机制不灵活，同时为了统一、对齐部署姿势，因此将 Docker 转 Kubernetes 。

github/alicfeng/kubernetes_cicd

目的

拥抱云原生的敏捷开发姿势，践行持续集成 / 持续部署，标准化工作流程，自动化执行流程步骤，从而提升能效和质量。

组件

此方案的组件选型并非唯一的选择，以自动化构建 Drone 作为基准，其它组件的选择是灵活可变的，每个组件支持丰富的选择，比如代码协作工具支持 Gitlab、Gogs等，数据库支持SQLite、MySQL、Postgres等

看不到 mermaid 吗？那就安装谷歌浏览器 插件

graph LR components(组件) automate(自动化构建) drone(Drone) drone_server(Server) drone_runner(Runner) git(代码协作) gogs(Gogs) database(数据库) postgres(Postgres) code_quality(代码质量检测) sonarqube(Sonarqube) components-->automate components-->git components-->database components-->code_quality automate-->drone drone-->drone_server drone-->drone_runner git-->gogs database-->postgres code_quality-->sonarqube 

部署

前置说明

1. 持久化后端存储使用阿里云的 NAS
2. VirtualService.yaml 为阿里云网格服务的虚拟服务编排定义，根据实际情况而定，常见 Ingress、Traefik ...
3. 此方案上部分应用依赖 postgres，因便于调试采取容器化部署(生产上不推荐)
4. 计划后续将支持 helm 部署

部署步骤

因为环境、配置、后端存储、调度策略等不一致，需要自定修改编排文件

创建命名空间

 kubectl create namespace devops 

创建节点标签

 kubectl label nodes ${cicd_node} cicd=true 

创建节点污点

 kubectl taint nodes ${cicd_node} operation=cicd:NoSchedule 

部署组件应用

# 部署数据库依赖.postgres kubectl apply -f postgres # 部署代码协作工具 git.gogs kubectl apply -f gogs # 部署自动化构建工具 dorne kubectl apply -f drone/server kubectl apply -f drone/runner # 部署代码质量检测工具 kubectl apply -f sonarqube 

运行

编排

kind: pipeline name: Demo type: kubernetes clone: disable: true steps: - name: 克隆源码 image: drone/git - name: 加载缓存 image: drillster/drone-volume-cache volumes: - name: cache path: /cache settings: restore: true mount: - ./vendor - name: 安装依赖 image: registry.cn-shenzhen.aliyuncs.com/tq_library/php8.0_runtime:develop commands: - composer config repo.packagist composer https://mirrors.aliyun.com/composer/ - COMPOSER_MEMORY_LIMIT=-1 /usr/local/bin/composer install --optimize-autoloader -vvv when: branch: - develop - name: 单元测试 image: registry.cn-shenzhen.aliyuncs.com/tq_library/php8.0_runtime:develop commands: - ./vendor/phpunit/phpunit/phpunit - name: 构建镜像 image: plugins/docker settings: username: from_secret: DOCKER_USERNAME password: from_secret: DOCKER_PASSWORD repo: registry.cn-shenzhen.aliyuncs.com/application/demo registry: registry-vpc.cn-shenzhen.aliyuncs.com insecure: true purge: false tags: ${DRONE_BUILD_NUMBER} - name: 部署开发 image: quay.io/honestbee/drone-kubernetes settings: kubernetes_server: from_secret: KUBERNETES_DEV_SERVER kubernetes_token: from_secret: KUBERNETES_DEV_TOKEN namespace: from_secret: KUBERNETES_DEV_NAMESPACE deployment: demo container: [app] repo: registry.cn-shenzhen.aliyuncs.com/application/demo tag: ${DRONE_BUILD_NUMBER} - name: 代码分析 image: aosapps/drone-sonar-plugin detach: true settings: sonar_host: from_secret: SONAR_HOST sonar_token: from_secret: SONAR_TOKEN when: branch: - develop - name: 构建文档 image: registry.cn-shenzhen.aliyuncs.com/tq_library/apidoc_runtime:1.0.0 commands: - apidoc -c apidoc.json -i app/Http/Controllers -o document/document/demo - name: 文档部署 image: alicfeng/publish_aliyun_oss:1.0.1 settings: access_key_id: from_secret: DOCUMENT_ACCESS_KEY_ID access_key_secret: from_secret: DOCUMENT_ACCESS_KEY_SECRET app_publish_dir: from_secret: DOCUMENT_APP_PUBLISH_DIR oss_end_point: from_secret: DOCUMENT_OSS_END_POINT oss_bucket_name: from_secret: DOCUMENT_OSS_BUCKET_NAME cdn_object_path: from_secret: DOCUMENT_CDN_OBJECT_PATH cdn_object_type: from_secret: DOCUMENT_OSS_OBJECT_TYPE cdn_region_id: from_secret: DOCUMENT_CDN_REGION_ID - name: 部署测试 image: quay.io/honestbee/drone-kubernetes settings: kubernetes_server: from_secret: KUBERNETES_TEST_SERVER kubernetes_token: from_secret: KUBERNETES_TEST_TOKEN namespace: from_secret: KUBERNETES_TEST_NAMESPACE deployment: demo container: [app] repo: registry.cn-shenzhen.aliyuncs.com/application/demo tag: ${DRONE_BUILD_NUMBER} when: target: - test - name: 部署生产 image: quay.io/honestbee/drone-kubernetes settings: kubernetes_server: from_secret: KUBERNETES_PROD_SERVER kubernetes_token: from_secret: KUBERNETES_PROD_TOKEN namespace: from_secret: KUBERNETES_PROD_NAMESPACE deployment: demo container: [app] repo: registry.cn-shenzhen.aliyuncs.com/application/demo tag: ${DRONE_BUILD_NUMBER=latest} when: target: - production - name: 构建缓存 image: drillster/drone-volume-cache volumes: - name: cache path: /cache settings: rebuild: true mount: - ./vendor volumes: - name: cache host: path: /data/drone/compose # k8s.tolerations 部署时修改了调度策略 视情况而定 tolerations: - key: operation operator: Equal value: cicd effect: NoSchedule 

支持

价值源于技术，技术源于分享。