vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
3ae8fd627a2d96c7e5ee9b51cfdf19caed8fe1d4
doc-exports/docs/cce/umn/cce_bestpractice_0324.html
Dong, Qiu Jian 86fb05065f CCE UMN for 24.2.0 version -20240428 
Reviewed-by: Eotvos, Oliver <oliver.eotvos@t-systems.com>
Co-authored-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
Co-committed-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
2024-06-10 08:19:07 +00:00

135 lines
17 KiB
HTML
Raw Blame History

<a name="cce_bestpractice_0324"></a><a name="cce_bestpractice_0324"></a>
<h1 class="topictitle1">Interconnecting GitLab with SWR and CCE for CI/CD</h1>
<div id="body0000001238215064"><p id="cce_bestpractice_0324__p8060118"></p>
<div class="section" id="cce_bestpractice_0324__section104562318367"><h4 class="sectiontitle">Background</h4><p id="cce_bestpractice_0324__p563822163811">GitLab is an open-source version management system developed with Ruby on Rails for Git project repository management. It supports web-based access to public and private projects. Similar to GitHub, GitLab allows you to browse source code, manage bugs and comments, and control team member access to repositories. You will find it very easy to view committed versions and file history database. Team members can communicate with each other using the built-in chat program (Wall).</p>
<p id="cce_bestpractice_0324__p1274620283394">GitLab provides powerful CI/CD functions and is widely used in software development.</p>
<div class="fignone" id="cce_bestpractice_0324__fig2090044616395"><span class="figcap"><b>Figure 1 </b>GitLab CI/CD process</span><br><span><img id="cce_bestpractice_0324__image13651332153917" src="en-us_image_0000001897904777.png"></span></div>
<p id="cce_bestpractice_0324__p9298143183713">This section describes how to interconnect GitLab with SWR and CCE for CI/CD.</p>
</div>
<div class="section" id="cce_bestpractice_0324__section2060412224119"><h4 class="sectiontitle">Preparations</h4><ol id="cce_bestpractice_0324__ol158624331226"><li id="cce_bestpractice_0324__li88620331724">Create a CCE cluster and a node and bind an EIP to the node for downloading an image during GitLab Runner installation.</li><li id="cce_bestpractice_0324__li2086213318215">Download and configure kubectl to connect to the cluster.</li><li id="cce_bestpractice_0324__li13479155813217"><a href="https://helm.sh/docs/intro/install/" target="_blank" rel="noopener noreferrer">Install Helm 3</a>.</li></ol>
</div>
<div class="section" id="cce_bestpractice_0324__section7459101375015"><h4 class="sectiontitle">Installing GitLab Runner</h4><p id="cce_bestpractice_0324__p99813218399">Log in to <a href="https://www.gitlab.com/" target="_blank" rel="noopener noreferrer">GitLab</a>, choose <strong id="cce_bestpractice_0324__b16415107183416">Settings</strong> &gt; <strong id="cce_bestpractice_0324__b41611933415">CI/CD</strong> in the project view, click <strong id="cce_bestpractice_0324__b5786121313414">Expand</strong> next to <strong id="cce_bestpractice_0324__b1093881563411">Runners</strong>, and search for the GitLab Runner registration URL and token.</p>
<p id="cce_bestpractice_0324__p10952323124318"><span><img id="cce_bestpractice_0324__image813162519432" src="en-us_image_0000001898024285.png"></span></p>
<p id="cce_bestpractice_0324__p1983485014367">Create the <strong id="cce_bestpractice_0324__b10556175363413">values.yaml</strong> file and fill in the following information:</p>
<pre class="screen" id="cce_bestpractice_0324__screen1016123017374"># Registration URL
gitlabUrl: https://gitlab.com/
# Registration token
runnerRegistrationToken: "******"
rbac:
create: true
runners:
privileged: true</pre>
<p id="cce_bestpractice_0324__p1672651414379">Create a GitLab namespace.</p>
<pre class="screen" id="cce_bestpractice_0324__screen1739210238102">kubectl create namespace gitlab</pre>
<p id="cce_bestpractice_0324__p11198038171419">Install GitLab Runner using Helm.</p>
<pre class="screen" id="cce_bestpractice_0324__screen1432715563145">helm repo add gitlab https://charts.gitlab.io
helm install --namespace gitlab gitlab-runner -f values.yaml gitlab/gitlab-runner --version=0.43.1</pre>
<p id="cce_bestpractice_0324__p1760416501781">After the installation, you can obtain the gitlab-runner workload on the CCE console and view the connection information in GitLab later.</p>
<p id="cce_bestpractice_0324__p062113719548"><span><img id="cce_bestpractice_0324__image0306174412542" src="en-us_image_0000001898024333.png"></span></p>
</div>
<div class="section" id="cce_bestpractice_0324__section14977521194213"><h4 class="sectiontitle">Creating an Application</h4><p id="cce_bestpractice_0324__p17491928134214">Place the application to be created in the GitLab project repository. This section takes Nginx modification as an example. For details, visit <a href="https://gitlab.com/c8147/cidemo/-/tree/main" target="_blank" rel="noopener noreferrer">https://gitlab.com/c8147/cidemo/-/tree/main</a>.</p>
<p id="cce_bestpractice_0324__p2710175013216">The following files are included:</p>
<ul id="cce_bestpractice_0324__ul1283975373210"><li id="cce_bestpractice_0324__li4289145863214"><strong id="cce_bestpractice_0324__b760015354517">.gitlab-ci.yml</strong>: Gitlab CI file, which will be described in detail in <a href="#cce_bestpractice_0324__section171541431101910">Creating a Pipeline</a>.</li><li id="cce_bestpractice_0324__li18961220193319"><strong id="cce_bestpractice_0324__b584111474510">Dockerfile</strong>: used to build Docker images.</li><li id="cce_bestpractice_0324__li12151726173311"><strong id="cce_bestpractice_0324__b3895378453">index.html</strong>: used to replace the index page of Nginx.</li><li id="cce_bestpractice_0324__li128403533327"><strong id="cce_bestpractice_0324__b7189154544514">k8s.yaml</strong>: used to deploy the Nginx app. A Deployment named <strong id="cce_bestpractice_0324__b818913456451">nginx-test</strong> and a Service named <strong id="cce_bestpractice_0324__b1918914594520">nginx-test</strong> will be created.</li></ul>
<p id="cce_bestpractice_0324__p9536214194319">The preceding files are only examples. You can replace or modify them accordingly.</p>
</div>
<div class="section" id="cce_bestpractice_0324__section8498152791815"><h4 class="sectiontitle">Configuring Global Variables</h4><p id="cce_bestpractice_0324__p638732817559">When using pipelines, build an image, upload it to SWR, and run kubectl commands to deploy the image in the cluster. Before performing these operations, you must log in to SWR and obtain the credential for connecting to the cluster. You can define the information as variables in GitLab.</p>
<p id="cce_bestpractice_0324__p642032716199">Log in to <a href="https://www.gitlab.com/" target="_blank" rel="noopener noreferrer">GitLab</a>, choose <strong id="cce_bestpractice_0324__b207051173521">Settings</strong> &gt; <strong id="cce_bestpractice_0324__b422621925218">CI/CD</strong> in the project view, and click <strong id="cce_bestpractice_0324__b1458782105219">Expand</strong> next to <strong id="cce_bestpractice_0324__b13215243528">Variables</strong> to add variables.</p>
<p id="cce_bestpractice_0324__p6966102711198"><span><img id="cce_bestpractice_0324__image1480813492017" src="en-us_image_0000001851744104.png"></span></p>
<ul id="cce_bestpractice_0324__ul17795124313228"><li id="cce_bestpractice_0324__li99752566242"><strong id="cce_bestpractice_0324__b1442193305214">kube_config</strong><p id="cce_bestpractice_0324__p9618857172412"><strong id="cce_bestpractice_0324__b146033285532">kubeconfig.json</strong> file used for kubectl command authentication. Run the following command on the host where kubectl is configured to convert the file to the Base64 format:</p>
<p id="cce_bestpractice_0324__p11481120132512"><strong id="cce_bestpractice_0324__b1550193724111">echo $(cat ~/.kube/config | base64) | tr -d " "</strong></p>
<p id="cce_bestpractice_0324__p14681440132517">The command output is the content of <strong id="cce_bestpractice_0324__b22697258534">kubeconfig.json</strong>.</p>
</li><li id="cce_bestpractice_0324__li0571732133117"><strong id="cce_bestpractice_0324__b967519332531">project</strong>: project name.<p id="cce_bestpractice_0324__p1098083212315">Log in to the management console, click your username in the upper right corner, and click <strong id="cce_bestpractice_0324__b184132165419">My Credentials</strong>. In the <strong id="cce_bestpractice_0324__b6211857135318">Projects</strong> area on the <strong id="cce_bestpractice_0324__b728185735317">API Credentials</strong> page, check the name of the project in your current region.</p>
</li><li id="cce_bestpractice_0324__li1382183519310"><strong id="cce_bestpractice_0324__b3429921135410">swr_ak</strong>: access key.<p id="cce_bestpractice_0324__p12766133514315">Log in to the management console, click your username in the upper right corner, and click <strong id="cce_bestpractice_0324__b14630195820548">My Credentials</strong>. In the navigation pane, choose <strong id="cce_bestpractice_0324__b7395090210">Access Keys</strong>. Click <strong id="cce_bestpractice_0324__b123813182024">Create Access Key</strong>, enter the description, and click <strong id="cce_bestpractice_0324__b82911824625">OK</strong>. In the displayed <strong id="cce_bestpractice_0324__b1051115251722">Information</strong> dialog box, click <span class="uicontrol" id="cce_bestpractice_0324__uicontrol95178251326"><b>Download</b></span>. After the certificate is downloaded, obtain the AK and SK information from the <strong id="cce_bestpractice_0324__b1061133131818">credentials</strong> file.</p>
</li><li id="cce_bestpractice_0324__li12211152014237"><strong id="cce_bestpractice_0324__b1877511361037">swr_sk</strong>: secret key for logging in to SWR.<p id="cce_bestpractice_0324__p17573639338">Run the following command to obtain the key pair. Replace <em id="cce_bestpractice_0324__i24341255101012">$AK</em> and <em id="cce_bestpractice_0324__i161220586109">$SK</em> with the AK and SK obtained in the preceding steps.</p>
<p id="cce_bestpractice_0324__p172946312336"><strong id="cce_bestpractice_0324__b123114254113">printf "</strong><strong id="cce_bestpractice_0324__b439417274344"><em id="cce_bestpractice_0324__i1988111460419">$AK</em></strong><strong id="cce_bestpractice_0324__b102334213412">" | openssl dgst -binary -sha256 -hmac "</strong><strong id="cce_bestpractice_0324__b066123143413"><em id="cce_bestpractice_0324__i16267451154115">$SK</em></strong><strong id="cce_bestpractice_0324__b52310426411">" | od -An -vtx1 | sed 's/[ \n]//g' | sed 'N;s/\n//'</strong></p>
<p id="cce_bestpractice_0324__p3605640103410">The command output displays the login key pair.</p>
</li></ul>
</div>
<div class="section" id="cce_bestpractice_0324__section171541431101910"><a name="cce_bestpractice_0324__section171541431101910"></a><a name="section171541431101910"></a><h4 class="sectiontitle">Creating a Pipeline</h4><p id="cce_bestpractice_0324__p1815163610194">Log in to <a href="https://www.gitlab.com/" target="_blank" rel="noopener noreferrer">Gitlab</a> and add the <strong id="cce_bestpractice_0324__b12130165371113">.gitlab-ci.yml</strong> file to <strong id="cce_bestpractice_0324__b63781657161117">Repository</strong>.</p>
<p id="cce_bestpractice_0324__p10937163133618"><span><img id="cce_bestpractice_0324__image128228320363" src="en-us_image_0000001851744112.png"></span></p>
<p id="cce_bestpractice_0324__p9962163843715">The content is as follows:</p>
<pre class="screen" id="cce_bestpractice_0324__screen3120121125720"># Define pipeline stages, including <strong id="cce_bestpractice_0324__b1341584243418">package</strong>, <strong id="cce_bestpractice_0324__b104159423347">build</strong>, and <strong id="cce_bestpractice_0324__b164151042113416">deploy</strong>.
stages:
- package
- build
- deploy
# If no image is specified in each stage, the default image <strong id="cce_bestpractice_0324__b1888838282">docker:latest</strong> is used.
image: docker:latest
# In the package stage, only printing is performed.
package:
stage: package
script:
- echo "package"
# In the build stage, the Docker-in-Docker mode is used.
build:
stage: build
# Define environment variables for the build stage.
variables:
DOCKER_HOST: tcp://docker:2375
# Define the image for running Docker-in-Docker.
services:
- docker:18.09-dind
script:
- echo "build"
# Log in to SWR.
- docker login -u $project@$swr_ak -p $swr_sk swr.eu-de.otc.t-systems.com
# Build an image. <strong id="cce_bestpractice_0324__b1689310412146">k8s-dev</strong> is the organization name in SWR. Replace it to the actual name.
- docker build -t swr.eu-de.otc.t-systems.com/k8s-dev/nginx:$CI_PIPELINE_ID .
# Push the image to SWR.
- docker push swr.eu-de.otc.t-systems.com/k8s-dev/nginx:$CI_PIPELINE_ID
deploy:
# Use the kubectl image.
image:
name: bitnami/kubectl:latest
entrypoint: [""]
stage: deploy
script:
# Configure the <strong id="cce_bestpractice_0324__b10149325113910">kubeconfig</strong> file.
- mkdir -p $HOME/.kube
- export KUBECONFIG=$HOME/.kube/config
- echo $kube_config |base64 -d &gt; $KUBECONFIG
# Replace the image in the <strong id="cce_bestpractice_0324__b12796161463513">k8s.yaml</strong> file.
- sed -i "s/&lt;IMAGE_NAME&gt;/swr.eu-de.otc.t-systems.com\/k8s-dev\/nginx:$CI_PIPELINE_ID/g" k8s.yaml
- cat k8s.yaml
# Deploy an application.
- kubectl apply -f k8s.yaml</pre>
<p id="cce_bestpractice_0324__p157432174497">After the <strong id="cce_bestpractice_0324__b179031421151813">.gitlab-ci.yml</strong> file is saved, the pipeline is started immediately. You can view the pipeline execution status in GitLab.</p>
<p id="cce_bestpractice_0324__p186649471400"><span><img id="cce_bestpractice_0324__image1533712481601" src="en-us_image_0000001851585432.png"></span></p>
</div>
<div class="section" id="cce_bestpractice_0324__section195431441494"><h4 class="sectiontitle">Verifying Deployment</h4><p id="cce_bestpractice_0324__p144556611115">After the pipeline is deployed, locate the <strong id="cce_bestpractice_0324__b1412745371913">nginx-test</strong> Service on the CCE console, query its access address, and run the <strong id="cce_bestpractice_0324__b119743161717">curl</strong> command to access the Service.</p>
<pre class="screen" id="cce_bestpractice_0324__screen135641518685"># curl <em id="cce_bestpractice_0324__i117091412399">xxx.xxx.xxx.xxx</em>:31111
Hello Gitlab!</pre>
<p id="cce_bestpractice_0324__p1044314811417">If the preceding information is displayed, the deployment is correct.</p>
</div>
<div class="section" id="cce_bestpractice_0324__section551818510449"><h4 class="sectiontitle">Common Issues</h4><ul id="cce_bestpractice_0324__ul17494164711399"><li id="cce_bestpractice_0324__li11494174716399">If the following problem occurs during the deployment:<p id="cce_bestpractice_0324__p1285121534410"><a name="cce_bestpractice_0324__li11494174716399"></a><a name="li11494174716399"></a><span><img id="cce_bestpractice_0324__image936271619446" src="en-us_image_0000001897904773.png"></span></p>
<p id="cce_bestpractice_0324__p16611155514325">Or</p>
<p id="cce_bestpractice_0324__p3444132110308"><span><img id="cce_bestpractice_0324__image740316491325" src="en-us_image_0000001851585416.png"></span></p>
<p id="cce_bestpractice_0324__p21152032144812">Check whether the following commands are missing in the <strong id="cce_bestpractice_0324__b19168131842714">.gitlab-ci.yml</strong> file. If yes, add them to the <strong id="cce_bestpractice_0324__b17169141812274">.gitlab-ci.yml</strong> file.</p>
<pre class="screen" id="cce_bestpractice_0324__screen1976184105012">...
deploy:
# Use the kubectl image.
image:
name: bitnami/kubectl:latest
entrypoint: [""]
stage: deploy
script:
# Configure the <strong id="cce_bestpractice_0324__b9503736143811">kubeconfig</strong> file.
<strong id="cce_bestpractice_0324__b2947195417281"> - mkdir -p $HOME/.kube</strong>
<strong id="cce_bestpractice_0324__b294813542285"> - export KUBECONFIG=$HOME/.kube/config</strong>
- echo $kube_config |base64 -d &gt; $KUBECONFIG
# Replace the image in the <strong id="cce_bestpractice_0324__b6540173213271">k8s.yaml</strong> file.
...</pre>
</li><li id="cce_bestpractice_0324__li16231175204013">If Docker cannot be executed, information similar to the following will display.<p id="cce_bestpractice_0324__p167922036122212"><a name="cce_bestpractice_0324__li16231175204013"></a><a name="li16231175204013"></a><span><img id="cce_bestpractice_0324__image1161638132218" src="en-us_image_0000001911555737.png"></span></p>
<p id="cce_bestpractice_0324__p2710152810423">The <strong id="cce_bestpractice_0324__b161104135017">privileged: true</strong> parameter fails to be transferred during GitLab Runner installation. As a result, you do not have the permission to run the docker command. To resolve this issue, find GitLab Runner in the workload list on the CCE console, add the environment variable <strong id="cce_bestpractice_0324__b20321332145812">KUBERNETES_PRIVILEGED</strong>, and set its value to <strong id="cce_bestpractice_0324__b2335193610581">true</strong>.</p>
<p id="cce_bestpractice_0324__p19688155994510"><span><img id="cce_bestpractice_0324__image16842103414498" src="en-us_image_0000001851585384.png"></span></p>
</li></ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="cce_bestpractice_0322.html">DevOps</a></div>
</div>
</div>
View Git Blame Copy Permalink