[Day 26] Oops!GitOps with Helm

What is GitOps?

GitOps is a way to do Kubernetes cluster management and application delivery. https://www.weave.works/technologies/gitops/ http://dockone.io/article/3450

說到k8s的部署,能將部署的歷程搭配git的版本控制是非常非常重要的一部份,例如你在release的時候,不知道之前有人對你的k8s做了什麼指令,哪時候建立的?誰建立的?都無從追蹤。大部分的k8s的部署都是透過yaml就可以做到了,所以可以很容易得做到版本控制,也可以簡單的建立一個yaml的git repo搭配CI/CD來控制這些流程。

如果你們對於k8s的部署都是透過helm的話也可以在helm repo搭配CI/CD工具來控制這些流程。

K8s CI/CD Flow Design with Git

以我們團隊來說

Code Repo Flow + Image Repo Flow = K8s CI/CD Flow

Dev -> code repo -> git -> Image Repo -> cluster

Code Repo Flow


在k8s環境裡面Code Repo Flow 的最後就是容器化

example For Drone yaml

kind: pipeline
type: docker
name: backend

steps:
- name: golang_test
  image: golang:1.14-alpine
  environment:
    CGO_ENABLED: 0
  commands:
    - go test -mod=vendor -cover

- name: golangci-lint
  image: golangci/golangci-lint:v1.31.0-alpine
  commands:
    - golangci-lint run

- name: build and push image - master
  when:
    branch: master
  image: rain123473/gcloud-helm:v3.3.4
  commands:
  - gcloud auth activate-service-account --key-file ${your_key}
  - echo "Y" | gcloud auth configure-docker
  - docker build --no-cache --pull --force-rm -t rain123473/${DRONE_REPO_NAME}:latest -f Dockerfile .
  - docker push rain123473/${DRONE_REPO_NAME}:latest
  - docker rmi rain123473/${DRONE_REPO_NAME}:latest
  volumes:
  - name: docker
    path: /var/run/docker.sock
  privileged: true


- name: build and push image - tag
  when:
    ref: refs/tags/*
  image: rain123473/gcloud-helm:v3.3.4
  commands:
  - gcloud auth activate-service-account --key-file ${your_key}
  - echo "Y" | gcloud auth configure-docker
  - docker build --no-cache --pull --force-rm -t "rain123473/${DRONE_REPO_NAME}:${DRONE_TAG}" -f Dockerfile .
  - docker push "rain123473/${DRONE_REPO_NAME}:${DRONE_TAG}"
  - docker rmi "rain123473/${DRONE_REPO_NAME}:${DRONE_TAG}"
  privileged: true
  volumes:
  - name: docker
    path: /var/run/docker.sock
    
volumes:
- name: docker
  host:
    path: /var/run/docker.sock

Image Repo Flow with Helm


透過容器化的映像檔部署在k8s上

example For Drone yaml 在GCP

kind: pipeline
type: docker
name: k8s

steps:
- name: helm lint
  image: rain123473/gcloud-helm:v3.3.4
  commands:
    helm lint ${helm_release_repo_path}

- name: helm upgrade release
  when:
    branch: release
  image: rain123473/gcloud-helm:v3.3.4
  commands:
  - gcloud auth activate-service-account --key-file ${your_key}
  - ${link_your_cluster_command}
  - helm upgrade -n ${your_release_namespace} ${helm_release_name} ${helm_release_repo_path}
  - helm ls -n ${your_release_namespace}

今日小結

若是從我們[Day 1]到現在[Day 26]跟讀者們,應該會更加清楚我們整個流程,以上示範為簡易的GitOps的流程,若讀者們認為我地方講錯需要調整的麻煩歡迎留言或私訊我來討論~ 終於快要度過中秋連假了,這次的鐵人賽終於要過第一個連假大魔王(中秋節)了,希望各位撐住!