gitlab创建OAuth应用
创建一个GitLab OAuth应用程序。使用者密钥和使用者密钥用于授权访问GitLab资源
- 授权回调URL必须与以下格式和路径匹配,并且必须使用确切的服务器方案和主机
填写名称(name),回调地址(Redirect URI),勾选api与read_user权限
gitlab 10.6 版本以后为了安全,不允许向本地网络发送webhook请求,如果想向本地网络发送webhook请求,则需要使用管理员帐号登录配置OutBound Request
使用管理员账号登录 setting => network => Outbound requests
Expand-勾选Allow requests to the local network from web hooks and services
创建一个共享密钥,以验证runner与drone服务器之间的通信
# openssl rand -hex 16
d065db69f7dcc35bd6a0658a9e8b4201
|
安装drone-server
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: drone-data
namespace: demo
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: nfs
|
kind: Deployment
metadata:
name: drone-server
namespace: demo
labels:
app: drone
type: server
spec:
replicas: 1
selector:
matchLabels:
app: drone
type: server
template:
metadata:
namespace: drones
creationTimestamp: null
labels:
app: drone
type: server
spec:
volumes:
- name: drone-data
persistentVolumeClaim:
claimName: drone-data
containers:
- name: drone-server
image: 'drone/drone:1.10.1'
ports:
- containerPort: 80
protocol: TCP
env:
- name: DRONE_GITLAB_CLIENT_ID
value: e4ea12c994c9084290a2237f8076db98bc5476058d70a699d01057c391e6e2f7
- name: DRONE_GITLAB_CLIENT_SECRET
value: 575dabd93c02c09b95625fc4d11ae28d5e7f63d461c7b457a84d3a939c82339c
- name: DRONE_RPC_SECRET
value: d065db69f7dcc35bd6a0658a9e8b4201
- name: DRONE_GITLAB_SERVER
value: 'http://10.166.33.116:19980'
- name: DRONE_SERVER_HOST
value: '10.166.33.107:54839'
- name: DRONE_SERVER_PROTO
value: http
- name: DRONE_GITLAB
value: 'true'
- name: DRONE_USER_CREATE
value: 'username:root,admin:true'
- name: DRONE_AGENTS_ENABLED
value: 'true'
- name: DRONE_LOGS_TRACE
value: 'true'
volumeMounts:
- name: drone-data
mountPath: /data
imagePullPolicy: IfNotPresent
restartPolicy: Always
imagePullSecrets:
- name: harbor
---
apiVersion: v1
kind: Service
metadata:
name: drone-server-service
namespace: demo
spec:
type: NodePort
selector:
app: drone
type: server
ports:
- port: 80
targetPort: 80
nodePort: 54839
|
安装drone-runner
drone启动并运行后,您将需要安装runner程序以执行构建管道
Kubernetes runner程序使用集群内ServiceAccount与Kubernetes API进行通信。在部署到集群时,请确保Kubernetes runner程序与ServiceAccount关联
apiVersion: v1
kind: ServiceAccount
metadata:
name: drone
namespace: demo
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: demo
name: drone
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- apiGroups:
- ""
resources:
- pods
- pods/log
verbs:
- get
- create
- delete
- list
- watch
- update
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: drone
namespace: demo
subjects:
- kind: ServiceAccount
name: drone
namespace: demo
roleRef:
kind: Role
name: drone
apiGroup: rbac.authorization.k8s.io
|
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone-runner
namespace: demo
labels:
app.kubernetes.io/name: drone
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: drone
template:
metadata:
labels:
app.kubernetes.io/name: drone
spec:
imagePullSecrets:
- name: harbor
serviceAccountName: drone
serviceAccount: drone
containers:
- name: runner
image: drone/drone-runner-kube:latest
ports:
- containerPort: 3000
env:
- name: DRONE_RPC_HOST
value: '10.166.33.107:54839'
- name: DRONE_RPC_PROTO
value: http
- name: DRONE_RPC_SECRET
value: d065db69f7dcc35bd6a0658a9e8b4201
|
Drone使用
首先,在浏览器中导航到您的Drone服务器URL。如果您尚未通过身份验证,Drone会将您重定向到GitHub进行登录。
登录后,您将被重定向回您的Drone仪表板。如果这是您第一次使用Drone,则在Drone将您的存储库列表与GitHub同步时,您的仪表板将空几秒钟
搜索您的存储库,然后单击“启用”按钮。单击启用按钮,将向您的存储库添加一个Webhook,以便在每次推送代码时通知Drone。请注意,您必须对存储库具有管理员权限才能启用
代码仓库:https://github.com/wq-h/demo-2048.git
您需要通过.drone.yml在git存储库的根目录中创建一个文件来配置管道。在此文件中,我们定义了每次收到Webhook时都要执行的一系列步骤
kind: pipeline
type: kubernetes
name: demo-2048
clone:
skip_verify: true
metadata:
namespace: demo
node_selector:
kubernetes.io/hostname: slave-14
volumes:
- name: cache
host:
path: /data/cache
steps:
- name: build code
image: maven:3.6-jdk-8
commands:
- mvn clean install -DskipTests=true
- cd target && jar -xf 2048.war
- ls -l
volumes:
- name: cache
path: /root/.m2
- name: build image & push
image: plugins/docker
settings:
repo: 10.166.33.110/demo/demo-2048
registry: 10.166.33.110
username:
from_secret: harbor_username
password:
from_secret: harbor_password
tags:
- ${DRONE_BRANCH}-${DRONE_COMMIT}-${DRONE_BUILD_NUMBER}
insecure: true
dockerfile: ./Dockerfiles/Dockerfile
- name: k8s-deploy
image: danielgormly/drone-plugin-kube:0.2.0
settings:
build_tag: ${DRONE_BRANCH}-${DRONE_COMMIT}-${DRONE_BUILD_NUMBER}
template: template/demo-2048.yaml
server: https://10.166.33.111:6443
token:
from_secret: k8s_token
ca:
from_secret: k8s_ca
- name: email
image: drillster/drone-email:latest
settings:
recipients_only: true
recipients: [weiqun_h@163.com]
subject: "Drone build: [{{ build.status }}] {{ repo.name }} ({{ repo.branch }}) #{{ build.number }}"
host: smtp.exmail.qq.com
port: 465
from: weiqun.he@tenxcloud.com
username:
from_secret: email_user
password:
from_secret: email_password
when:
status: [ success, failure ]
trigger:
branch:
- drone
|
kind: Deployment
metadata:
name: demo-2048
namespace: demo
labels:
app: demo-2048
name: demo-2048
spec:
replicas: 1
selector:
matchLabels:
app: demo-2048
name: demo-2048
template:
metadata:
labels:
app: demo-2048
name: demo-2048
spec:
containers:
- name: demo-2048
image: >-
10.166.33.110/demo/demo-2048:{{build_tag}}
ports:
- containerPort: 8080
protocol: TCP
resources:
limits:
cpu: 128m
memory: 256Mi
requests:
cpu: 128m
memory: 128Mi
imagePullPolicy: IfNotPresent
restartPolicy: Always
imagePullSecrets:
- name: harbor
|
secret 配置
pipeline执行结果
邮件通知
wechat
alipay
