10
Jan

gitlab CICD

   Posted by: admin   in Lăng nhăng lít nhít

.gitlab-ci.yml

stages:
  - build
  - deploy_to_cluster
  - rollback_on_failure
  - cleanup

variables:
  PIPELINE_ID: "pipeline_id"
  GIT_STRATEGY: clone
 
build:
  stage: build
  tags:
    - build
  only:
    - master
  script:
    - |
        echo "Build"
        sudo /bin/docker image build -t $CI_REGISTRY/jason/$CI_PROJECT_NAME/frontend_harry:$CI_PIPELINE_ID -f Dockerfile .
        sudo /bin/docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
        sudo /bin/docker push $CI_REGISTRY/jason/$CI_PROJECT_NAME/frontend_harry:$CI_PIPELINE_ID
        cat data/db.json > /home/gitlab-runner/db.json
        sudo /bin/docker kill json-server || echo "no json-server running"
        echo "restart json-server..."
        sudo /bin/docker run --rm -d -p 127.0.0.1:8091:80 -v /home/gitlab-runner/db.json:/data/db.json --name json-server clue/json-server

kubernetes_deploy:
  stage: deploy_to_cluster
  tags:
    - build
  only:
    - master
  timeout: 30m
  script:
    - |
        echo "Deploy revision $CI_PIPELINE_ID @ $CI_REGISTRY to Kubernetes cluster"
        echo "`date`" > build_time
        sudo /bin/kubectl get secret/regcred || sudo /bin/kubectl create secret docker-registry regcred --docker-server="$CI_REGISTRY" --docker-username="k8s_git_runner" --docker-password="$k8s_git_runner" --docker-email="harry@helpusdefend.com"
        sudo /bin/kubectl get service frontend-harry || sudo /bin/kubectl apply -f k8s/frontend_harry.svc.yaml
        sudo /bin/kubectl get deploy frontend-harry-app || sudo /bin/kubectl apply -f k8s/frontend_harry-app.yaml
        sudo /bin/kubectl set image deployment frontend-harry-app frontend-harry=$CI_REGISTRY/jason/$CI_PROJECT_NAME/frontend_harry:$CI_PIPELINE_ID --record
        echo "Deploy $CI_REGISTRY/jason/$CI_PROJECT_NAME/frontend_harry:$CI_PIPELINE_ID" > imagetag.txt
        sudo /bin/kubectl rollout history deploy frontend-harry-app
        sudo /bin/kubectl rollout status --timeout=5m deploy frontend-harry-app

rollback_to_previous_version:
  stage: rollback_on_failure
  when: on_failure
  tags:
    - build
  only:
    - master
  script:
    - |
        echo "rollback to previous version"
        cat imagetag.txt && kubectl rollout undo deploy frontend-harry-app --to-revision=`sudo /bin/kubectl rollout history  deploy/frontend-harry-app | tail -n 3 | head -n 1 | cut -f 1 -d' '`
        
cleanup_build:
  stage: cleanup
  when: always
  tags:
    - build
  only:
    - master
  script:
    - |
        echo "cleanup"
        rm -f build_time
        rm -f imagetag.txt

frontend-harry.svc.yaml
apiVersion: v1
kind: Service
metadata:
  name: frontend-harry
  labels:
    app: frontend-harry
spec:
  type: LoadBalancer
  selector:
    app: frontend-harry
  ports:
    - port: 9080
      targetPort: 8000

frontend-harry-app.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: frontend-harry-app
  labels:
    app: frontend-harry
spec:
  replicas: 3
  selector:
    matchLabels:
      app: frontend-harry
  minReadySeconds: 5
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 1
    type: RollingUpdate      
  template:
    metadata:
      labels:
        app: frontend-harry
    spec:
      containers:
        - image: c..com:5050/jason/front-end-/frontend_harry:latest
          name: frontend-harry
          ports:
          - containerPort: 8000
      imagePullSecrets:
      - name: regcred

gitlab-runner ALL=(ALL) NOPASSWD: /bin/yum, /bin/docker, /bin/pip3, /bin/docker-composei, /bin/kubectl, /bin/k9s

wget https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.rpm.sh

sh script.rpm.sh

yum -y install gitlab-runner

gitlab menu -> /settings/reposistory/deploy-tokens/read_registry

squid.conf

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS #

# Example rule allowing access from your local networks.

# Adapt localnet in the ACL section to list your (internal) IP networks

# from where browsing should be allowed

# Squid normally listens to port 3128

http_port 80 accel defaultsite=46.17.175.144 vhost

cache_peer 10.109.76.54 parent 9080 0 no-query originserver name=harry_frontend

cache_peer 127.0.0.1 parent 8091 0 no-query originserver name=json_server

cache_peer 192.168.5.5 parent 8091 0 no-query originserver name=json_server2

cache_peer 10.100.43.53 parent 8888 0 no-query originserver name=anna_api

acl sites_harry_frontend dstdomain frontend.helpusdefend.org www.helpusdefend.org

acl sites_json_server dstdomain json-server.helpusdefend.org

acl sites_anna_api dstdomain anna.api.helpusdefend.org

cache_peer_access harry_frontend allow sites_harry_frontend

cache_peer_access json_server allow sites_json_server

cache_peer_access json_server2 allow sites_json_server

cache_peer_access anna_api allow sites_anna_api

http_access allow sites_harry_frontend

http_access allow sites_json_server

http_access allow sites_anna_api

http_access allow localnet

http_access allow localhost

# And finally deny all other access to this proxy

http_access deny all

# Squid normally listens to port 3128

#http_port 3128

This entry was posted on Tuesday, January 10th, 2023 at 7:10 am and is filed under Lăng nhăng lít nhít. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed at this time.