Drone在kubernetes环境下打包并部署

1. drone是一款使用 Go 开发的开源的 CI 自动构建平台。原生 Docker 支持，kubernetes也是支持的。drone比argo, tekton更快，更简单，比jenkins更轻量化。drone云原生概念+1，做了很多事不用考虑+1，gitlab/github能看到构建结果+1

2. 环境：kubernetes 1.8+, helm3 参考官方

• https://github.com/drone/charts
• https://docs.drone.io/server/provider/gitlab/

3. 创建namespace, 添加仓库

kubectl create ns drone
helm repo add drone https://charts.drone.io
helm repo update

4. 在gitlab中创建一个OAuth应用。Redirect URI是drone的地址并加一个/login，授权两个api, read_user
5. 增加一个文件drone-server-overrides.yaml。这里使用的traefik

image:
  tag: 1.9.0
ingress:
  enabled: true
  annotations:
    traefik.ingress.kubernetes.io/router.tls: "true"
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls.certresolver: aliyun
    traefik.ingress.kubernetes.io/router.tls.domains.0.main: drone.your_domain.com
  hosts:
    - host: drone.your_domain.com
      paths:
        - "/"

env:
  DRONE_SERVER_HOST: drone.your_domain.com:31000
  DRONE_SERVER_PROTO: https
  # 通过openssl rand -hex 16生成一个
  DRONE_RPC_SECRET: c7a536a3af5e2809f3d0d34a71a13302
  DRONE_GITLAB_CLIENT_ID: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  DRONE_GITLAB_CLIENT_SECRET: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  DRONE_GITLAB_SERVER: https://your_gitlab_url
  # oauth会验证gitlab证书，如果验证不过，需要打开
  DRONE_GITLAB_SKIP_VERIFY: true

persistentVolume:
  enabled: true
  accessModes:
    - ReadWriteMany
  storageClass: rook-cephfs

6. 创建drone server

helm install --namespace drone \
  server \
  drone/drone \
  -f drone-server-overrides.yaml

7. 创建runner文件drone-runner-kube-values.yaml

image:
  tag: latest
rbac:
  buildNamespaces:
    - drone
env:
  # 同server的kubernetes service名称
  DRONE_RPC_HOST: server-drone
  DRONE_RPC_SECRET: c7a536a3af5e2809f3d0d34a71a13302

  DRONE_NAMESPACE_DEFAULT: drone

8. 运行runner

helm install --namespace drone \
  drone-runner-kube \
  drone/drone-runner-kube \
  -f drone-runner-kube-values.yaml

9. 查看pod是否跑起来了

$ kubectl get pods -n drone
NAME                                 READY   STATUS    RESTARTS   AGE
drone-runner-kube-6554c9df64-2znff   1/1     Running   0          3h16m
server-drone-647875c9f-t5bfx         1/1     Running   0          3h21m

10. 解析域名并访问导出的Ingress。第一次访问会跳转到gitlab，要求授权
11. 在项目下创建.drone.yml。drone docker插件参考

kind: pipeline
type: kubernetes
name: default

# 跳过验证证书，根据实际情况要或不要，github不需要
clone:
  skip_verify: true

steps:
- name: 编译&构建镜像
  image: plugins/docker
  # 挂载主机的docker
  volumes:
    - name: docker
      path: /var/run/docker.sock
  settings:
    repo: registry.your_registry.com:31000/your_project/test-ci
    registry: registry.your_registry.com:31000
    mirror: https://hub-mirror.c.163.com
    username: username
    password: password
    # 更多变量参考https://docs.drone.io/pipeline/environment/reference/
    tags:
      - ${DRONE_TAG=latest}
      - build-${DRONE_BUILD_NUMBER}

- name: 部署到k8s
  image: pelotech/drone-helm3
  settings:
    mode: upgrade
    chart: ./helm
    release: my-test-ci
    namespace: drone
    debug: true
    cleanup_failed_upgrade: true
    force_upgrade: true
    wait_for_upgrade: true
    kube_api_server: "https://192.168.1.30:6443"
    kube_token:
      from_secret: kube_token
    skip_tls_verify: true
    values:
      - image.tag=build-${DRONE_BUILD_NUMBER}

• 说明：pelotech/drone-helm3是连接helm和kubernetes的一个插件。通过它就可以把项目下的helm自动部到kubernetes中。参考官方
• 使用helm create test-ci创建helm项目，并放到项目下。根据实际情况修改templates文件夹下的模板。参考官方教程
• 使用了一个from_secret要在网页中添加kubernetes的token，如何生成token参考https://my.oschina.net/u/160697/blog/3176131

12. 图为运行后效果

来源：oschina

链接：https://my.oschina.net/u/160697/blog/4487417