The background,

Recently, the company launched the zero-trust security gateway system of office network, and I was responsible for the deployment. During the deployment, I was also thinking about how to guarantee the stability and the simplicity of subsequent deployment.

Remembered k8s micro service maturity, not only can automatically restart can also monitor the running state of the container, also can be integrated automation deployment, hence to find some information will contact rancher before use up, the first thing to do is to simplify the installation, the following are some of the process, I can also provide a reference for everyone at the same time.

Two, operation steps

  1. Give Rancher access to GitLab
  2. Add projects to the pipeline
  3. Add the required files to the repository
  4. Automatic CICD deployment debugging

Iii. Gitlab adds OAUth authorization

In the namespace to enter the cluster, click Tools-Pipeline on the menu bar and you will see the interface shown belowNext open GitLab, then open the Settings pagehttp://xx.xx.xx.xx/admin/applications/4, as shown in the figure below

Fill in the required information in the image above and click Save

Once saved, GitLab will generateApplication IdandSecretLet’s copy it,

After copying them, cut back to the Rancher system and fill them in, as shown below

After clicking Finish, a popup window will appear for authorization, and rancher will be able to access the GitLab warehouse once authorization is complete.

Add a repository to Rancher

After ensuring that Rancher has access to the GitLab repository, from the Rancher menu bar click Tools – Pipeline to enable and save the projects that need automated deployment, as shown below

After saving, go back to the CICD list and you can see two projects that have been enabled, as shown in the figure below

5. Add a required file for deployment

Now you can start to enable CICD automation deployment in your code by adding three files to the project root directory:

  1. .rancher-pipeline.yml
  2. Dockerfile
  3. deployment.yaml

5.1 Setting the Release Process

Automatic deployment first needs to determine the deployment process, mainly using files. Rancher-pipeline. yml, here I am golang’s project, using three processes.

First compile the project; Then the image is built and pushed to Rancher’s image repository. Finally, the project is published using the container choreography file. The core concerns of the configuration code are shown in the red area below

Stages: - name: Build steps: - runScriptConfig: image: golang:1.16 |- go env -w GO111MODULE=on && go env -w GOPROXY=https://goproxy.cn,direct go mod tidy pwd go build -o ./bin/funfecenter  - name: Publish steps: - publishImageConfig: dockerfilePath: ./Dockerfile buildContext: . tag: funfecenter:${CICD_EXECUTION_SEQUENCE} - name: Deploy steps: - applyYamlConfig: path: ./deployment.yaml timeout: 60 notification: {}Copy the code

5.2 Building an Image

Having compiled the project in the previous step, you need to put the compiled executable file into the image, which is mainly a Dockerfile file. The configuration code is relatively simple, as shown below

FROM golang:1.16 EXPOSE 1333 COPY./bin/funfecenter /data/funfecenter/center COPY./init/ / COPY script apt update -y RUN apt install -y python3 #CMD ["python3","/root/script.py"] CMD ["/data/funfecenter/center"]Copy the code

5.3 Container Orchestration

Having pushed the images that need to be run to Rancher’s mirror repository in the previous step, it is now time to build a pod to run the container, where the main role is in the deployme.yaml file.

This file may be unfamiliar to those who are not familiar with K8S. Here, I have annotated each line and circled the modification in red, as shown in the picture below

Refer to the following configuration

ApiVersion: v1 # Specifies the API version. This value must be in kubectl api-versions. Metadata: # Specifies the resource's metadata/attribute name. Funfe-center # Name of the resource, which must be unique in the same namespace spec: # selector: app: center type: NodePort # port type ports: -protocol: TCP # protocol port: 80 # service port targetPort: 80 # Container exposed port -- apiVersion: Kubectl API-versions kind: Deployment # specifies the role/type of the resource to be created. Replicas: funfe-center specifies the name of the resource and must be unique in the namespace. Selector: matchLabels: # matchLabels app: center template: # template metadata: # set resource metadata/attribute labels app: # set resource metadata/attribute labels app: ImagePullSecrets: # pipeline-docker-registry containers: - name: pipeline-docker-registry containers: Image :${CICD_IMAGE}:${CICD_EXECUTION_SEQUENCE} # Port: -containerport: 80 #Copy the code

Six, modify code automatic deployment

Code changes are automatically compiled, pushed to the mirror, and pulled for deployment

Now I modify the code in the repository, go back to the Rancher pipeline, and see a task performing the automatic deployment process, as shown in the figure below

On completion week, go back to the cluster workload and see that a service has been automatically deployed to K8s


Date: 2021-03-04

Author: Tang Qingsong

WeChat: songboy8888