Archive for January, 2023

10
Jan

gitlab CICD

   Posted by: admin    in Lăng nhăng lít nhít

.gitlab-ci.yml

stages:
  - build
  - deploy_to_cluster
  - rollback_on_failure
  - cleanup

variables:
  PIPELINE_ID: "pipeline_id"
  GIT_STRATEGY: clone
 
build:
  stage: build
  tags:
    - build
  only:
    - master
  script:
    - |
        echo "Build"
        sudo /bin/docker image build -t $CI_REGISTRY/jason/$CI_PROJECT_NAME/frontend_harry:$CI_PIPELINE_ID -f Dockerfile .
        sudo /bin/docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
        sudo /bin/docker push $CI_REGISTRY/jason/$CI_PROJECT_NAME/frontend_harry:$CI_PIPELINE_ID
        cat data/db.json > /home/gitlab-runner/db.json
        sudo /bin/docker kill json-server || echo "no json-server running"
        echo "restart json-server..."
        sudo /bin/docker run --rm -d -p 127.0.0.1:8091:80 -v /home/gitlab-runner/db.json:/data/db.json --name json-server clue/json-server

kubernetes_deploy:
  stage: deploy_to_cluster
  tags:
    - build
  only:
    - master
  timeout: 30m
  script:
    - |
        echo "Deploy revision $CI_PIPELINE_ID @ $CI_REGISTRY to Kubernetes cluster"
        echo "`date`" > build_time
        sudo /bin/kubectl get secret/regcred || sudo /bin/kubectl create secret docker-registry regcred --docker-server="$CI_REGISTRY" --docker-username="k8s_git_runner" --docker-password="$k8s_git_runner" --docker-email="harry@helpusdefend.com"
        sudo /bin/kubectl get service frontend-harry || sudo /bin/kubectl apply -f k8s/frontend_harry.svc.yaml
        sudo /bin/kubectl get deploy frontend-harry-app || sudo /bin/kubectl apply -f k8s/frontend_harry-app.yaml
        sudo /bin/kubectl set image deployment frontend-harry-app frontend-harry=$CI_REGISTRY/jason/$CI_PROJECT_NAME/frontend_harry:$CI_PIPELINE_ID --record
        echo "Deploy $CI_REGISTRY/jason/$CI_PROJECT_NAME/frontend_harry:$CI_PIPELINE_ID" > imagetag.txt
        sudo /bin/kubectl rollout history deploy frontend-harry-app
        sudo /bin/kubectl rollout status --timeout=5m deploy frontend-harry-app

rollback_to_previous_version:
  stage: rollback_on_failure
  when: on_failure
  tags:
    - build
  only:
    - master
  script:
    - |
        echo "rollback to previous version"
        cat imagetag.txt && kubectl rollout undo deploy frontend-harry-app --to-revision=`sudo /bin/kubectl rollout history  deploy/frontend-harry-app | tail -n 3 | head -n 1 | cut -f 1 -d' '`
        
cleanup_build:
  stage: cleanup
  when: always
  tags:
    - build
  only:
    - master
  script:
    - |
        echo "cleanup"
        rm -f build_time
        rm -f imagetag.txt


frontend-harry.svc.yaml
apiVersion: v1
kind: Service
metadata:
  name: frontend-harry
  labels:
    app: frontend-harry
spec:
  type: LoadBalancer
  selector:
    app: frontend-harry
  ports:
    - port: 9080
      targetPort: 8000






frontend-harry-app.yaml


apiVersion: apps/v1
kind: Deployment
metadata:
  name: frontend-harry-app
  labels:
    app: frontend-harry
spec:
  replicas: 3
  selector:
    matchLabels:
      app: frontend-harry
  minReadySeconds: 5
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 1
    type: RollingUpdate      
  template:
    metadata:
      labels:
        app: frontend-harry
    spec:
      containers:
        - image: c..com:5050/jason/front-end-/frontend_harry:latest
          name: frontend-harry
          ports:
          - containerPort: 8000
      imagePullSecrets:
      - name: regcred




gitlab-runner   ALL=(ALL)       NOPASSWD: /bin/yum, /bin/docker, /bin/pip3, /bin/docker-composei, /bin/kubectl, /bin/k9s


wget https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.rpm.sh


sh script.rpm.sh


yum -y install gitlab-runner


gitlab menu -> /settings/reposistory/deploy-tokens/read_registry


squid.conf


# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS #


# Example rule allowing access from your local networks.


# Adapt localnet in the ACL section to list your (internal) IP networks


# from where browsing should be allowed


# Squid normally listens to port 3128


http_port 80 accel defaultsite=46.17.175.144 vhost


cache_peer 10.109.76.54 parent 9080 0  no-query originserver name=harry_frontend


cache_peer 127.0.0.1 parent 8091 0  no-query originserver name=json_server


cache_peer 192.168.5.5 parent 8091 0  no-query originserver name=json_server2


cache_peer 10.100.43.53 parent 8888 0  no-query originserver name=anna_api


acl sites_harry_frontend dstdomain frontend.helpusdefend.org www.helpusdefend.org


acl sites_json_server dstdomain json-server.helpusdefend.org


acl sites_anna_api dstdomain anna.api.helpusdefend.org


cache_peer_access harry_frontend allow sites_harry_frontend


cache_peer_access json_server allow sites_json_server


cache_peer_access json_server2 allow sites_json_server


cache_peer_access anna_api allow sites_anna_api


http_access allow sites_harry_frontend


http_access allow sites_json_server


http_access allow sites_anna_api


http_access allow localnet


http_access allow localhost


# And finally deny all other access to this proxy


http_access deny all


# Squid normally listens to port 3128


#http_port 3128
Comments Off
Back to top