k3s 部署gitea+drone

k3s 部署可以参考官方文档，推荐使用AutoK3s工具部署

以下内容主要参考文章 https://github.com/yikaus/k3s-cicd

install gitea

helm repo add k8s-land https://charts.k8s.land
kubectl create namespace drone

gitea-values.yaml

ingress:
  hostname: gitea

service:
  http:
    port: 3000

helm install --namespace drone -f gitea-values.yaml gitea k8s-land/gitea

gitea-service.yaml

kind: Service
apiVersion: v1
metadata:
  name: gitea
  namespace: drone
spec:
  ports:
    - name: http
      protocol: TCP
      port: 80
      targetPort: 3000
  selector:
    app: gitea-gitea
  type: ClusterIP

kubectl apply -f gitea-service.yaml

修改host文件，linux下可以执行这个命令

echo "$(kubectl get ingresses.extensions -n drone -o jsonpath='{.items[0].status.loadBalancer.ingress[0].ip}' 2> /dev/null)\tgitea" | sudo tee -a /etc/hosts
echo "$(kubectl get ingresses.extensions -n drone -o jsonpath='{.items[0].status.loadBalancer.ingress[0].ip}' 2> /dev/null)\tdrone" | sudo tee -a /etc/hosts

本地访问 http://gitea

install drone

helm repo add drone https://charts.drone.io

参考 https://docs.drone.io/server/provider/gitea/ 生成gitea 的应用密钥

gitea

编辑 drone.yaml 这里我略有改动，端口8080->80

service:
  type: ClusterIP
  port: 80
  annotations: {}
  nodePort:

env:
  DRONE_SERVER_HOST: drone
  DRONE_SERVER_PROTO: http
  DRONE_RPC_SECRET: test123
  DRONE_GITEA_CLIENT_ID: "这里填gitea生成的客户端ID"
  DRONE_GITEA_CLIENT_SECRET: "这里填gitea生成的客户端密钥"
  DRONE_GITEA_SERVER: http://gitea
  DRONE_LOGS_DEBUG: true

安装 drone server

helm install --namespace drone drone drone/drone -f drone.yaml

编辑 droneingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: drone
  namespace: drone
  annotations:
    ingress.kubernetes.io/ssl-redirect: "false"
spec:
  rules:
  - host: drone
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: drone
            port: 
              number: 80

执行生成ingress配置信息

kubectl apply -f droneingress.yaml

尝试访问 http://drone

install drone-runner

编辑 dronerunner.yaml

rbac:
  buildNamespaces:
    - drone
env:
  DRONE_RPC_SECRET: test123
  DRONE_NAMESPACE_DEFAULT: drone
  DRONE_LOGS_TRACE: true
  DRONE_RPC_HOST: drone.drone.svc.cluster.local

helm install --namespace drone drone-runner-kube drone/drone-runner-kube -f dronerunner.yaml

为了方便推送仓库，新建一个ingress，不要忘记修改host文件

gitea-ssh-ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: gitea-ssh
  namespace: drone
spec:
  rules:
  - host: gitea-ssh
    http:
      paths:
      - backend:
          service:
            name: gitea-gitea-ssh
            port:
              number: 22
        pathType: ImplementationSpecific

使用AutoK3S自带的Explorer查看Ingresses

image.png

.drone.yaml基础示例参见 https://docs.drone.io/quickstart/kubernetes/

这是我使用的.drone.yml 适合go项目使用，实现基本的linter+build+publish功能

kind: pipeline
type: kubernetes
name: greeting

steps:
  - name: linter
    image: golangci/golangci-lint:v1.45-alpine
    pull: if-not-exists
    environment:
      GOPROXY: "https://goproxy.cn,direct"
    commands:
      - golangci-lint run

  - name: build
    image: golang:latest
    pull: if-not-exists
    environment:
      GOPROXY: "https://goproxy.cn,direct"

    commands:
      - CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o main # 使用alpine务必要指定 GO_ENABLED=0

  - name: publish
    image: plugins/docker
    pull: if-not-exists
    settings:
      username:
        from_secret: registry_username
      password:
        from_secret: registry_password
      tags:
        - ${DRONE_COMMIT}
        - latest
      repo: 镜像地址
      registry: 镜像服务地址
      dockerfile: Dockerfile

trigger:
  branch:
    - k8s

镜像仓库密钥保存在 Drone中

image.png

本地推送到gitea的代码可以自动执行Drone的CI功能，推送到远程仓库，下一篇文章会结合Argo的自动部署功能