0%

《Hexo博客搭建维护》 — 3、提交自动部署

当前写文章并发布的流程是:

  1. 写文章
  2. docker build
  3. docker push
  4. 修改deployment,部署deployment
  5. 提交github代码

可以看到,还是相当复杂的,这篇文章我们来设置一旦提交代码到github就自动部署到k8s

>>> 设置 github action(也就是持续集成以及持续部署)

  1. github repo网页,设置 – 密钥, 添加两个变量,一个是DOCKER_PASSWORD,就是你的docker hub的登陆密码,一个是KUBE_CONFIG,可以通过下面脚本生成
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

set -eu -o pipefail

if [[ "$OSTYPE" == "linux-gnu" ]]; then
REQUEST_ID=$(uuid)
BASE64_DECODE_FLAG="-d"
BASE64_WRAP_FLAG="-w 0"
elif [[ "$OSTYPE" == "darwin"* ]]; then
REQUEST_ID=$(uuidgen)
BASE64_DECODE_FLAG="-D"
BASE64_WRAP_FLAG=""
else
echo "Unknown OS ${OSTYPE}"
exit 1
fi

mkdir -p build
pushd build
cat > csr <<EOF
{
"hosts": [
],
"CN": "teleport",
"names": [{
"O": "system:masters"
}],
"key": {
"algo": "ecdsa",
"size": 256
}
}
EOF

cat csr | cfssl genkey - | cfssljson -bare server

cat <<EOF | kubectl create -f -
apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
name: ${REQUEST_ID}
spec:
groups:
- system:authenticated
request: $(cat server.csr | base64 | tr -d '\n')
usages:
- digital signature
- key encipherment
- client auth
EOF
kubectl certificate approve ${REQUEST_ID}

kubectl get csr ${REQUEST_ID} -o jsonpath='{.status.certificate}' \
| base64 ${BASE64_DECODE_FLAG} > server.crt

kubectl -n kube-system exec $(kubectl get pods -n kube-system -l k8s-app=kube-dns -o jsonpath='{.items[0].metadata.name}') -c kubedns -- /bin/cat /var/run/secrets/kubernetes.io/serviceaccount/ca.crt > ca.crt

CURRENT_CONTEXT=$(kubectl config current-context)
CURRENT_CLUSTER=$(kubectl config view -o jsonpath="{.contexts[?(@.name == \"${CURRENT_CONTEXT}\"})].context.cluster}")
CURRENT_CLUSTER_ADDR=$(kubectl config view -o jsonpath="{.clusters[?(@.name == \"${CURRENT_CLUSTER}\"})].cluster.server}")

cat > kubeconfig <<EOF
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: $(cat ca.crt | base64 ${BASE64_WRAP_FLAG})
server: ${CURRENT_CLUSTER_ADDR}
name: k8s
contexts:
- context:
cluster: k8s
user: teleport
name: k8s
current-context: k8s
kind: Config
preferences: {}
users:
- name: teleport
user:
client-certificate-data: $(cat server.crt | base64 ${BASE64_WRAP_FLAG})
client-key-data: $(cat server-key.pem | base64 ${BASE64_WRAP_FLAG})
EOF

popd

执行完后会在同级目录下生成一个build文件夹,里面有一个kubeconfig文件

执行前务必先切换到您的集群

然后执行 cat ./build/kubeconfig | base64 就可以得到需要的数据,填入KUBE_CONFIG的值里面

  1. 项目根目录下新建文件 .github/workflows/main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
name: CI

on:
create:
tags:
- 'v*.*.*'

env:
USERNAME: pefish

jobs:
deploy:
name: deploy
runs-on: ubuntu-latest

steps:
- name: checkout codes
uses: actions/[email protected]
- name: Set env
run: echo ::set-env name=RELEASE_VERSION::${GITHUB_REF:10}
- name: docker login
run: |
docker login -u "${{env.USERNAME}}" -p "${{ secrets.DOCKER_PASSWORD }}"
- name: docker build
run: |
docker build -t ${{env.USERNAME}}/pefish-blog:${{env.RELEASE_VERSION}} .
- name: docker push
run: |
docker push ${{env.USERNAME}}/pefish-blog:${{env.RELEASE_VERSION}}
- name: deploy k8s
uses: actions-hub/[email protected]
env:
KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
with:
args: -n default set image deployment/frontend-pefish-blog pefish-blog=${{env.USERNAME}}/pefish-blog:${{env.RELEASE_VERSION}}
  1. 提交代码即可触发ci

下图是我的自动构建部署

cicd

>>> 结束语

以后写文章只需要两部

  1. 写文章
  2. git tag打标签
  3. 提交代码

很方便了




微信关注我,及时接收最新技术文章