1, pipeline type
UAV support different types of pipeline execution environment in which each type has its own custom yaml specification. Type and target execution environment kind and type attribute defines the pipe.
1.1 Docker pipeline
Execute the command in the pipeline isolation Docker containers. A docker pipe conduit is performed inside a shell command Docker containers. Docker containers provide isolation may be performed concurrently in the pipeline safely on the same machine. The main benefit is the ability to bring the pipe vessel own build environment in the form of Docker image. No one will automatically download docker image at run time
https://docker-runner.docs.drone.io/configuration/overview/
1.2 Kubernetes pipeline
Pipe command executed in the pod, wherein the step of each conduit in the container represented by the pod. Kubernetes a conduit pipe for a container as few steps in Kubernetes nacelle. Container provides isolation, can be safely performed concurrently on the same computer pipeline. Construction is able to bring their environment in the form of a mirror main advantages Docker container-based pipeline. No one will automatically download docker image at run time.
Please note that the pipeline is not a direct replacement Kubernetes Docker pipe. Configuration and run-time behavior may vary.
https://kube-runner.docs.drone.io/configuration/overview/
1.3 SSH pipeline
Using the SSH protocol execution pipeline commands on a remote computer, you need to run or not for workload execution inside the container is useful directly on the host.
https://ssh-runner.docs.drone.io/configuration/overview/
2, the difference between the Docker and Kubernetes
Kubernetes Docker pipes and ducts have many similarities, but they should not be seen as a direct replacement for one another. There are some significant differences in the configuration syntax and runtime behavior.
Kubernetes pipeline project executed in the same Pod, and therefore share the same network. This means that by address rather than a custom hostname to access the service.
localhostKubernetes pipeline scheduled by Kubernetes, which provides advanced affinity options. Kubernetes run using the disclosed node_selector property node selection function into the pipeline.
Kubernetes container will automatically install the service account credentials . This may be a security risk, and may affect integration with Kubernetes plug.
/var/run/secrets/kubernetes.io/serviceaccount
3, GitLib server installation Drone
Create a shared key to verify that the communication between the runner and the central Drone server.
You can use openssl to generate a shared secret:
openssl rand -hex 16
docker run \ --volume=/var/lib/drone:/data \ --env=DRONE_AGENTS_ENABLED=true \ --env=DRONE_GITLAB_SERVER=http://gitlab.econage.com \ --env=DRONE_GITLAB_CLIENT_ID=b6f0a6323c57da1ade470546b5b3f07817ec12ca4dcc964b626affd0dfbb46e3 \ --env=DRONE_GITLAB_CLIENT_SECRET=76b6f5159f158337cd637ff120ff3f15206ad5b3aeb40b6d6da6469c40242dd1 \ --env=DRONE_RPC_SECRET=5c2a265111e08953de1028451ae866d7 \ --env=DRONE_SERVER_HOST=192.168.10.14 \ --env=DRONE_GIT_ALWAYS_AUTH=true \ --env=DRONE_USER_CREATE=username:docker,admin:true \ --env=DRONE_SERVER_PROTO=http \ --publish=80:80 \ --restart=always \ --detach=true \ --name=drone \ drone/drone
3.4配置
必需的字符串值提供您的GitLab oauth客户端ID。
DRONE_GITLAB_CLIENT_SECRET
必需的字符串值提供您的GitLab oauth客户端密钥。
DRONE_GITLAB_SERVER
选项字符串值提供您的GitLab服务器网址。默认值为的gitlab.com服务器地址https://gitlab.com。
DRONE_GIT_ALWAYS_AUTH
可选的布尔值将Drone配置为在克隆公共存储库时进行身份验证。仅在将自托管的GitLab与私有模式启用一起使用时,才应启用此功能。
DRONE_RPC_SECRET
必需的字符串值提供了无人机共享机密。这用于验证到服务器的rpc连接。必须为服务器和代理提供相同的秘密值。
DRONE_SERVER_HOST
必需的字符串值提供您的外部主机名或IP地址。如果使用IP地址,则可以包括端口。
DRONE_SERVER_PROTO
必需的字符串值提供了您的外部协议方案。此值应设置为http或https。如果您配置ssl或acme,则此字段默认为https。
4、安装Docker Runner
docker run -d \
-v /var/run/docker.sock:/var/run/docker.sock \
-e DRONE_RPC_PROTO=http \
-e DRONE_RPC_HOST=192.168.10.14 \
-e DRONE_RPC_SECRET=3ab0479b9718d8337e111796c445eefe \
-e DRONE_RUNNER_CAPACITY=2 \
-e DRONE_RUNNER_NAME=${HOSTNAME} \
-p 3000:3000 \
--restart always \
--name runner \
drone/drone-runner-docker
配置
DRONE_RPC_HOST
提供您的Drone服务器的主机名(和可选端口)。运行程序在主机地址连接到服务器,以接收执行管线。
DRONE_RPC_PROTO
提供用于连接到Drone服务器的协议。该值必须是http或https。
DRONE_RPC_SECRET
提供用于与您的Drone服务器进行身份验证的共享密钥。这必须与您的Drone服务器配置中定义的机密匹配
同意后就能看到界面
k8s模块地址:http://plugins.drone.io/mactynow/drone-kubernetes/
---
kind: pipeline
type: docker
name: base
#主要是缓存maven依赖包,可不用变化,直接使用
steps:
- name: restore-cache
image: drillster/drone-volume-cache
settings:
restore: true
mount:
- ./repository
volumes:
- name: cache
path: /cache
when:
event: push #push事件的时候触发
- name: mvn
image: registry.hello.com/maven:3-jdk-8 #harbor仓库maven镜像
commands:
#maven打包命令,公司使用的是自己的私服,需要指明setting文件地址
- mvn clean package -Dmaven.test.skip=true -Dmaven.repo.local=./repository -s /root/.m2/settings.xml
- mv helloworld/target/helloworld-*.jar helloworld/target/app.jar
#改名是为了Dockerfile文件方便构建镜像
- name: rebuild-cache
image: drillster/drone-volume-cache
settings:
rebuild: true
mount:
- ./repository
volumes:
- name: cache
path: /cache
when:
event: push
- name: docker-build
image: docker
commands:
- docker login -u admin -p hello.123 registry.hello.com
- docker build -t registry.hello.com/helloworld:$DRONE_COMMIT ./helloworld
- docker push registry.hello.com/helloworld:$DRONE_COMMIT
volumes:
- name: deamon
path: /var/run/docker.sock
when:
event: push
branch: [dev]
- name: deploy-k8s
image: appleboy/drone-ssh
settings:
host: 192.168.0.10 #k8s集群master节点的ip
username: root
password:
from_secret: ssh_password #在web界面中设置密码
port: 22
envs:
- DRONE_BRANCH
- DRONE_COMMIT
script:
#替换deoloy中的镜像
- kubectl set image deployment/helloworld helloworld=registry.hello.com/helloworld:$DRONE_COMMIT -n $DRONE_BRANCH
when:
event: push
branch: [dev]
volumes:
- name: deamon
host:
path: /var/run/docker.sock
- name: cache
host:
path: /opt/drone/cache
Supported variables are:
https://autoscale.drone.io/reference/
FROM registry.hello.com/jdk:1.8_232 ADD ./target/app.jar app.jar CMD ["java -jar app.jar -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap"]
Provided in the master key of the remote node is connected k8s
Packing is provided in the front end node, simply replace the packing base image and a command to
- name: npm image: registry.hello.com/node:6.11 commands: - npm install --unsafe-perm - npm run build