728x90
Gitlab 소스 Commit
01. gitlab pipeline > project 생성 > new project > (maven 소스 있을 때) 참고
01. gitlab pipeline > source clone > import Maven Projects (maven 소스 있을 때) 참고
Dockerfile 생성
.gitlab-ci.yml
variables:
DOCKER_DRIVER: overlay2
DOCKER_HOST: "0.0.0.0:2375"
DOCKER_TLS_CERTDIR: ""
image: docker:latest
services:
- docker:dind
stages:
- build
- deploy
- production
docker-build:
stage: build
script:
- docker login $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD # 도커 로그인
- docker build --network host -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA -f Dockerfile . # 도커 빌드 ( Dockerfile로 spring boot jar 파일 maven 으로 build 설정 )
- docker image tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:$TAG # 도커 이미지 설정 ( tag 를 branch/master로 분리하여 push 하기 위한 작업 )
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA # 도커 branch 이미지 push
- docker push $CI_REGISTRY_IMAGE:$TAG # 도커 master 이미지 push
dev:
stage: deploy
image: google/cloud-sdk:latest
script:
- gcloud auth activate-service-account --key-file=$GOOGLE_APPLICATION_CREDENTIALS_OC # OC 클러스터 key.json 파일 변수 사용
- gcloud config set project $DEV_PROJECT # OC 클러스터 config set project, cluster, zone
- gcloud config set container/cluster $DEV_CLUSTER
- gcloud config set compute/zone $ZONE
- gcloud container clusters get-credentials $DEV_CLUSTER --zone $ZONE
- kubectl apply -f k8s/aws/dev/configmap.yml
- mkdir .generated
- sed -e "s#IMAGE#$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA#g" k8s/aws/deployment.yml | tee ".generated/deployment.yml"
- kubectl apply -f .generated/deployment.yml
- kubectl apply -f k8s/aws/service.yml
only:
- branches
except:
- master
production:
stage: production
image: google/cloud-sdk:latest
script:
- gcloud auth activate-service-account --key-file=$GOOGLE_APPLICATION_CREDENTIALS_PMS # PMS 클러스터 key.json 파일 변수 사용
- gcloud config set project $PROD_PROJECT # PMS 클러스터 key.json 파일 변수 사용
- gcloud config set container/cluster $PROD_CLUSTER
- gcloud config set compute/zone $ZONE
- gcloud container clusters get-credentials $PROD_CLUSTER --zone $ZONE
- kubectl apply -f k8s/aws/dev/configmap.yml
- mkdir .generated
- sed -e "s#IMAGE#$CI_REGISTRY_IMAGE:$TAG#g" k8s/aws/deployment.yml | tee ".generated/deployment.yml"
- kubectl apply -f .generated/deployment.yml
- kubectl apply -f k8s/aws/service.yml
only:
- master
.gitlab-ci.yml 파일 생성
01. gitlab pipeline > gitlab-ci.yml 파일 생성 참고
docker-registry secret 생성 ( 저장소/계정/비번이 바뀌었을 때 삭제 후 재생성 필요)
secret 생성 명령어
# kubectl delete secret docker-registry-login -n awesome-shopping # 삭제
kubectl create secret docker-registry docker-registry-login --namespace=awesome-shopping --docker-server=gitlab.gcp-multiverse.skcc.com:1883 --docker-username={아이디} --docker-password={패스워드} --docker-email={이메일}
k8s > deployment.yml에서 image 경로 수정 / namespace 추가 / docker-registry 추가
deployment.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: awesome-shopping-cart-service
namespace: awesome-shopping # namespace 적용
labels:
app: awesome-shopping-cart-service
spec:
selector:
matchLabels:
app: awesome-shopping-cart-service
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
template:
metadata:
labels:
app: awesome-shopping-cart-service
spec:
imagePullSecrets:
- name: docker-registry-login # registry 추가
containers:
- name: awesome-shopping-cart-service
image: IMAGE
imagePullPolicy: Always
ports:
- containerPort: 8080
envFrom:
- configMapRef:
name: awesome-shopping-cart-service
resources:
requests:
memory: "256Mi"
cpu: "0.25"
limits:
memory: "1Gi"
cpu: "0.5"
k8s > service.yml에서 namespace 추가service.yml
kind: Service
apiVersion: v1
metadata:
name: awesome-shopping-cart-service
namespace: awesome-shopping
spec:
ports:
- name: http
port: 80
targetPort: 8080
type: ClusterIP
selector:
app: awesome-shopping-cart-service
k8s > aws > dev/prod > configmap.yml에서 namespace 추가configmap.yml
apiVersion: v1
kind: ConfigMap
metadata:
name: awesome-shopping-cart-service
namespace: awesome-shopping # namespace 적용
data:
PORT: "8080"
SPRING_PROFILES_ACTIVE: "dev"
Settings > variables 등록
Variables
| Key | Value |
| DEV_CLUSTER | oc-p-cluster |
| DEV_PROJECT | multiverse-oc |
| PROD_CLUSTER | pms-p-cluster |
| PROD_PROJECT | multiverse-pms |
| TAG | latest |
| ZONE | asia-northeast3 |
File
| Key | Value |
| Key | Value |
| GOOGLE_APPLICATION_CREDENTIALS_OC | { "type": "service_account", "project_id": "**-oc", "private_key_id": "e1d10e74a0b0fd43e6ad20532b5c69acc7fd3ba4", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBA ..... 중략 ... eMqwf8=\n-----END PRIVATE KEY-----\n", "client_email": "gitlab-ci@**-oc.iam.gserviceaccount.com", "client_id": "107588053160718907818", "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://oauth2.googleapis.com/token", "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/gitlab-ci%40multiverse-oc.iam.gserviceaccount.com" } |
| GOOGLE_APPLICATION_CREDENTIALS_PMS | { "type": "service_account", "project_id": "**-pms", "private_key_id": "37713f456be28b17447db7dc9230f257e38759b4", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIE..... 중략 ... YzP3Hm7pg==\n-----END PRIVATE KEY-----\n", "client_email": "gitlab-ci@**-pms.iam.gserviceaccount.com", "client_id": "116880720445064848711", "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://oauth2.googleapis.com/token", "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/gitlab-ci%40multiverse-pms.iam.gserviceaccount.com" } |
Protect variable 해제지정된 프로젝트에만 변수값을 보내는 변수 보호를 체크해제해야 변수값이 넘어간다.
728x90
'클라우드 > gitlab' 카테고리의 다른 글
| gitlab pipeline aws (0) | 2021.09.05 |
|---|---|
| gitlab 설치 (0) | 2021.09.04 |
| Gitlab 서버 접속 (0) | 2021.09.03 |
댓글