gitlab-runner部署及流水线配置

gitlab-runner部署

采用GitLab Runner Helm 图表 方式进行runner部署
参考文档：https://docs.gitlab.com/runner/install/kubernetes.html

1. 准备values.yaml文件 配置gitlab-runner相关参数

模版：https://gitlab.com/gitlab-org/charts/gitlab-runner/blob/main/values.yaml

为了使 GitLab Runner 正常运行，您必须在配置文件中设置以下值：

gitlabUrl https://gitlab.example.com：用于注册运行器 的 GitLab 服务器的完整 URL（如）。

rbac: { create: true }：为 GitLab Runner 创建 RBAC（基于角色的访问控制）规则，以创建在其中运行作业的 pod。

runnerToken：在GitLab UI 中创建运行器时获取的身份验证令牌 。

如需在docker 中构建镜像，应该将 Kubernetes 执行器与 Docker-in-Docker 结合使用：
参考配置：https://docs.gitlab.com/ee/ci/docker/using_docker_build.html

2. 使用 Helm 图表安装 GitLab Runner

#添加 GitLab Helm 存储库：
helm repo add gitlab https://charts.gitlab.io

#检查您可以访问哪些 GitLab Runner 版本：
helm search repo -l gitlab/gitlab-runner

#如果您无法访问最新版本的 GitLab Runner，请使用以下命令更新图表：
helm repo update gitlab

#在文件中配置GitLab Runner后values.yaml，运行此命令，根据需要更改参数：
helm install --namespace <NAMESPACE> gitlab-runner -f <CONFIG_VALUES_FILE> gitlab/gitlab-runner

#要更改配置或更新图表，请使用helm upgrade，根据需要更改参数：
helm upgrade --namespace <NAMESPACE> -f <CONFIG_VALUES_FILE> <RELEASE-NAME> gitlab/gitlab-runner

配置流水线

以GO 项目为例，配置流水线：

需准备好多阶段构建的Dockerfile

流水线的流程为 多阶段构建镜像 -> 推送镜像到镜像仓库
1、在项目中设置 -> CI/CD -> 变量 -> 添加变量：

IMAGE_REGISTRY：镜像仓库地址
IMAGE_REGISTRY_USERMANE：镜像仓库用户名
IMAGE_REGISTRY_PASSWORD：镜像仓库密码

2、.流水线配置，编辑.gitlab-ci.yml文件：

default:
  image: docker:24.0.5
  services:
    - docker:24.0.5-dind
  before_script:
    - docker info

variables:
  # When using dind service, you must instruct Docker to talk with
  # the daemon started inside of the service. The daemon is available
  # with a network connection instead of the default
  # /var/run/docker.sock socket.
  DOCKER_HOST: tcp://docker:2376
  #
  # The 'docker' hostname is the alias of the service container as described at
  # https://docs.gitlab.com/ee/ci/services/#accessing-the-services.
  # If you're using GitLab Runner 12.7 or earlier with the Kubernetes executor and Kubernetes 1.6 or earlier,
  # the variable must be set to tcp://localhost:2376 because of how the
  # Kubernetes executor connects services to the job container
  # DOCKER_HOST: tcp://localhost:2376
  #
  # Specify to Docker where to create the certificates. Docker
  # creates them automatically on boot, and creates
  # `/certs/client` to share between the service and job
  # container, thanks to volume mount from config.toml
  DOCKER_TLS_CERTDIR: "/certs"
  # These are usually specified by the entrypoint, however the
  # Kubernetes executor doesn't run entrypoints
  # https://gitlab.com/gitlab-org/gitlab-runner/-/issues/4125
  DOCKER_TLS_VERIFY: 1
  DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client"

build:
  stage: build
  tags:
    - CityDO-public-gitlab-Runner     #执行任务的Gitlab Runner的标签
  before_script:
  - IMAGENAME="ops-vm-inventory" #镜像名称
  - VERSION="1.0.0"  # 镜像版本
  - NAMESPACE="dev" # 镜像命名空间
  script:
    - docker login --username=$IMAGE_REGISTRY_USERMANE  --password=$IMAGE_REGISTRY_PASSWORD $IMAGE_REGISTRY
    - docker  build  -t $IMAGE_REGISTRY/$NAMESPACE/$IMAGENAME:$VERSION .   #打包镜像
    - docker push $IMAGE_REGISTRY/$NAMESPACE/$IMAGENAME:$VERSION          #推送镜像到镜像仓库