DevOpsTools/K3S
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
K3S/docs/cicd.md
Sergey Antropoff 38aaadbfb1 docs: sync addon docs with explicit external/internal service modes 
Обновлена документация под новые аддоны (gitlab, redis, mongodb, kafka, kafka-ui, rabbitmq) и новую модель явного выбора зависимостей. Добавлены и унифицированы описания переключателей *_database_mode и *_redis_mode, обновлена таблица зависимостей аддонов, примеры конфигурации и список vault-секретов.
2026-04-29 23:21:04 +03:00

310 lines
7.2 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# CI/CD
Инструменты непрерывной интеграции и доставки: Jenkins, Gitea Actions, GitLab CI/CD, ArgoCD.
## Jenkins
CI/CD сервер с dynamic Kubernetes Pod agents и JCasC. Подробнее: [addons/jenkins/README.md](../addons/jenkins/README.md).
### Быстрый старт
```yaml
# group_vars/all/addons.yml
addon_jenkins: true
jenkins_ingress_host: "jenkins.example.com"
jenkins_ingress_tls: true
```
```bash
make addon-jenkins
```
### Dynamic k8s agents
Jenkins создаёт Pod для каждой сборки и удаляет после завершения. Шаблон Pod задаётся прямо в Jenkinsfile:
```groovy
pipeline {
agent {
kubernetes {
yaml """
apiVersion: v1
kind: Pod
spec:
containers:
- name: maven
image: maven:3.9-eclipse-temurin-17
command: ['cat']
tty: true
- name: kaniko
image: gcr.io/kaniko-project/executor:debug
command: ['cat']
tty: true
"""
}
}
stages {
stage('Build') {
steps {
container('maven') {
sh 'mvn clean package -DskipTests'
}
}
}
stage('Docker Push') {
steps {
container('kaniko') {
sh '''
/kaniko/executor \
--context=. \
--destination=harbor.example.com/library/myapp:${BUILD_NUMBER}
'''
}
}
}
stage('Deploy') {
steps {
container('maven') {
sh 'kubectl apply -f k8s/'
}
}
}
}
post {
always { cleanWs() }
failure {
emailext subject: "Failed: ${env.JOB_NAME}",
body: "${env.BUILD_URL}",
to: "team@example.com"
}
}
}
```
### Интеграция с Vault
При `addon_vault: true` JCasC автоматически настраивает Vault URL.
1. Создай AppRole в Vault:
```bash
vault write auth/approle/role/jenkins \
token_policies="jenkins-policy" \
token_ttl=1h
```
2. Создай credentials в Jenkins: Manage → Credentials → Add → Vault App Role Credential
- ID: `vault-approle`
3. Использование в Pipeline:
```groovy
withVault(configuration: [
vaultCredentialId: 'vault-approle'
], vaultSecrets: [
[path: 'secret/myapp', secretValues: [
[envVar: 'DB_PASSWORD', vaultKey: 'db_password']
]]
]) {
sh 'deploy.sh --db-password "$DB_PASSWORD"'
}
```
### SMTP уведомления (через smtp-relay)
Jenkins → Manage → Configure → Extended E-mail:
- SMTP server: `smtp-relay.smtp-relay.svc.cluster.local`
- Port: `25`
---
## Gitea Actions
GitHub Actions-совместимая CI/CD встроенная в Gitea. Подробнее: [addons/gitea/README.md](../addons/gitea/README.md).
### Быстрый старт
```yaml
addon_gitea: true
gitea_actions_enabled: true
gitea_actions_runner_enabled: true
gitea_actions_runner_replicas: 2
gitea_actions_runner_dind_enabled: true # Docker-in-Docker
```
```bash
make addon-gitea
```
### Workflow пример
```yaml
# .gitea/workflows/ci.yml
name: CI/CD Pipeline
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: '20'
- name: Install & Test
run: |
npm install
npm test
build-push:
needs: test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Build & Push Docker Image
run: |
docker build -t harbor.example.com/library/myapp:${{ gitea.sha }} .
echo "${{ secrets.HARBOR_PASSWORD }}" | \
docker login harbor.example.com -u admin --password-stdin
docker push harbor.example.com/library/myapp:${{ gitea.sha }}
deploy:
needs: build-push
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Deploy to K3S
run: |
kubectl set image deployment/myapp \
myapp=harbor.example.com/library/myapp:${{ gitea.sha }}
env:
KUBECONFIG: ${{ secrets.KUBECONFIG }}
```
### Секреты в Gitea Actions
В Gitea → Repository → Settings → Secrets:
- `HARBOR_PASSWORD` — пароль Harbor
- `KUBECONFIG` — base64 из kubeconfig
---
## ArgoCD — GitOps
Непрерывный деплой на основе Git. Подробнее: [addons/argocd/README.md](../addons/argocd/README.md).
### Быстрый старт
```yaml
addon_argocd: true
argocd_ingress_enabled: true
argocd_ingress_host: "argocd.example.com"
```
```bash
make addon-argocd
```
### Redis режим для ArgoCD
```yaml
argocd_redis_mode: "auto" # auto | internal | external_redis
```
Если в кластере уже установлен `addon_redis: true`, режим `auto` подключит внешний Redis.
---
## GitLab + Runner
GitLab Community Edition с GitLab Runner в pod-режиме. Подробнее: [addons/gitlab/README.md](../addons/gitlab/README.md).
```yaml
addon_gitlab: true
gitlab_ingress_host: "gitlab.example.com"
gitlab_runner_install: true
gitlab_runner_replicas: 2
gitlab_database_mode: "auto" # auto | internal | external_postgresql
```
```bash
make addon-gitlab
```
### Application manifest
```yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-app
namespace: argocd
spec:
project: default
source:
repoURL: https://gitea.example.com/org/repo.git
targetRevision: main
path: k8s/
destination:
server: https://kubernetes.default.svc
namespace: my-app
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
```
---
## CI/CD + GitOps схема
```
Gitea (code)
├── Gitea Actions (CI) ──→ Build Docker Image ──→ Harbor (registry)
│ │
└── ArgoCD (CD) ←── обнаруживает изменение в Git ←───┘
└──→ kubectl apply ──→ K3S кластер
```
**Рабочий процесс:**
1. Push в Gitea → запускает Gitea Actions workflow
2. Actions: тест → build → push в Harbor
3. Actions обновляет `image: harbor.example.com/myapp:${SHA}` в k8s-манифестах
4. ArgoCD обнаруживает изменение в Git → автоматически деплоит в кластер
### Интеграция Jenkins + Gitea
В Gitea → Repository → Webhooks → Add Webhook:
- URL: `https://jenkins.example.com/gitea-webhook/post`
- Content-Type: `application/json`
В Jenkins: плагин `gitea-plugin` уже установлен.
### Интеграция ArgoCD + Gitea
```yaml
apiVersion: v1
kind: Secret
metadata:
name: gitea-repo
namespace: argocd
labels:
argocd.argoproj.io/secret-type: repository
stringData:
type: git
url: https://gitea.example.com/org/repo.git
username: argocd-bot
password: "gitea-token"
```
Reference in New Issue View Git Blame Copy Permalink