Please enable Javascript to view the contents

helm部署drone

 ·  ☕ 3 分钟 · 👀... 阅读

使用Helm安装Drone

一个比较热门的轻量级CI/CD开源工具:Drone

简介

  • Drone是用Go开发的开源轻量级CI/CD工具
  • 使用简单的 YAML 配置文件来定义和执行 Docker 容器中定义的 Pipeline
  • 构成简单,服务占用资源少
    • Server端负责身份认证,仓库配置,用户、Secrets 以及 Webhook 相关的配置
    • Agent端用于接受构建的作业和真正用于运行的 Pipeline 工作流
  • 安装简单,支持主流Git托管服务(github,gitea等)
  • 官方文档也很全

环境

  • helm v3.0.2
  • drone 1.6.1
  • k8s 1.17.0

准备工作

注册Github OAuth应用

drone github oauth应用

获取到github oauth Client ID,Client Secret留用。

创建持久化存储

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# https://ysicing.me/hack/demo/pvc.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
  name: dronepv
spec:
  accessModes:
  - ReadWriteOnce
  capacity:
    storage: 2Gi
  persistentVolumeReclaimPolicy: Delete
  storageClassName: nfs-test
  nfs:
    server: 192.168.100.101
    path: /k8sdata/default-drone-pvc
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: dronepvc
  namespace: default
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 2Gi
  storageClassName: nfs-test

示例

# nfs 地址需要按需调整一下
kubectl apply -f https://ysicing.me/hack/demo/pvc.yaml
kubectl get pvc

安装

本文使用helm方式安装,因为需要对配置做些调整,需要自定义一些配置

1
2
3
4
5
helm repo update
# 获取最新的离线drone包
helm pull  stable/drone
tar xf drone-2.4.0.tgz && cd drone
# 编辑values.yaml

示例values.yaml如下

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
# 有注释的地方说明有修改
images:
  server:
    repository: "docker.io/drone/drone"
    tag: 1.6.1
    pullPolicy: IfNotPresent
  agent:
    repository: "docker.io/drone/agent"
    tag: 1.6.1
    pullPolicy: IfNotPresent
  dind:
    repository: "docker.io/library/docker"
    tag: 18.06.1-ce-dind
    pullPolicy: IfNotPresent
service:
  httpPort: 80
  type: ClusterIP
  exposeGRPC: false
ingress:
  enabled: true # 启用
  hosts:
    - drone.godu.dev # 域名
  tls:
    - secretName: godu.dev # 证书,集群内已经证书的secret了,可以不启用,因为我的dev域名必须https访问
      hosts:
        - drone.godu.dev # 域名
sourceControl:
  provider: github # github
  secret:
  github:
    clientID: xxx # github oauth id xxx
    clientSecretKey: clientSecret
    clientSecretValue: xxxx # github oauth secret xxxx
    server: https://github.com
  gitlab:
    clientID:
    clientSecretKey: clientSecret
    clientSecretValue:
    server:
  gitea:
    clientID:
    clientSecretKey: clientSecret
    clientSecretValue:
    server:
  gogs:
    server:
  bitbucketCloud:
    clientID:
    clientSecretKey: clientSecret
    clientSecretValue:
  bitbucketServer:
    server:
    consumerKey: consumerKey
    privateKey: privateKey
    username:
    passwordKey: password
server:
  host: "drone.godu.dev"
  protocol: https
  rpcProtocol: http
  adminUser: ysicing # github 登录后就具有管理员权限
  alwaysAuth: false
  kubernetes:
    enabled: true # 运行 Drone 的任务的时候就是直接使用 Kubernetes 的 Job 资源对象来执行,而不是 Drone 的 agent.
  env:
    DRONE_LOGS_DEBUG: "false"
    DRONE_DATABASE_DRIVER: "sqlite3"
    DRONE_DATABASE_DATASOURCE: "/var/lib/drone/drone.sqlite"
  annotations: {}
  resources: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  extraContainers: |
  extraVolumes: |
agent:
  env:
    DRONE_LOGS_DEBUG: "false"
  replicas: 1
  annotations: {}
  resources: {}
  livenessProbe: {}
  readinessProbe: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
dind:
  enabled: true
  driver: overlay2
  resources: {}
metrics:
  prometheus:
    enabled: true
persistence:
  enabled: true
  existingClaim: dronepvc # 刚刚创建的持久化 pvc
rbac:
  create: true
  apiVersion: v1
serviceAccount:
  create: true
  name:

部署drone

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
$ helm install drone -f values.yaml stable/drone

$ helm status drone

NAME: drone
LAST DEPLOYED: Sun Jan  5 20:30:00 2020
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
*********************************************************************************
***        PLEASE BE PATIENT: drone may take a few minutes to install         ***
*********************************************************************************
From outside the cluster, the server URL(s) are:
     http://drone.godu.dev

最后

root@k8s.cn1:~/drone/drone# kubectl get pods -l app=drone
NAME                                  READY   STATUS    RESTARTS   AGE
drone-drone-server-5bffbc56df-qzk28   1/1     Running   0          35m
root@k8s.cn1:~/drone/drone# kubectl get ing -l app=drone
NAME          HOSTS            ADDRESS   PORTS     AGE
drone-drone   drone.godu.dev             80, 443   36m

触发CI构建

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# .drone.yml
kind: pipeline
name: default

steps:
  - name: build
    image: golang:latest
    environment:
      GOPROXY: https://goproxy.cn
    commands:
      - CGO_ENABLED=0 go build 

  - name: docker
    image: plugins/docker
    settings:
      repo: ysicing/godemo
      use_cache: true
      username:
        from_secret: dockeruser
      password:
        from_secret: docker
    tags:
      - latest
    when:
      event: push
      branch: master

代码地址: BeidouCloudPlatform/demo

drone ci

drone 详情页

Cli工具

brew install drone-cli
export DRONE_SERVER=https://drone.godu.dev
export DRONE_TOKEN=<token>
drone info
# 修复webhook,如果调整了域名,可以通过此命令修复webhook
drone repo repair  BeidouCloudPlatform/demo

Job清理问题

因为使用Job的方式进行pipline操作,如果不启用TTLAfterFinished会导致job不会被自动清理。 开启feature请参考 feature开启

默认drone清理是300s

分享

ysicing
作者
ysicing
云原生爱好者


目录