Deploy GitLab Runner on K8S

2019-11-14

Deploy gitlab-runner

Deploy using Helm, refer to: https://gitlab.com/gitlab-org/charts/gitlab-runner.git

`1`	`helm install --namespace gitlab-managed-apps --name k8s-gitlab-runner -f values.yaml`

Note: The values.yaml file must set privileged: true.

Build Base Image (Docker-in-Docker)

Content of the Dockerfile:

FROM docker:19.03.1-dind
WORKDIR /opt
RUN echo "nameserver 114.114.114.114" >> /etc/resolv.conf
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
RUN apk update
RUN apk upgrade
RUN apk add g++ gcc make docker docker-compose git

Build the image and push it to Harbor:

Setting up Jenkins using Docker Compose

wanzi

2019-11-11

docker-compose Configuration

version: '2'
 
services:
  jenkins:
    image: jenkins/jenkins:latest
    restart: always
    environment:
      JAVA_OPTS: "-Dorg.apache.commons.jelly.tags.fmt.timeZone=Asia/Shanghai -Djava.awt.headless=true -Dmail.smtp.starttls.enable=true"
    ports:
      - "80:8080"
      - "50000:50000"
    volumes:
      - '/ssd/jenkins:/var/jenkins_home'
      - '/var/run/docker.sock:/var/run/docker.sock'
      - '/etc/localtime:/etc/localtime:ro'
    dns: 223.5.5.5
    networks:
      - extnetwork
networks:
   extnetwork:
      ipam:
         config:
         - subnet: 172.255.0.0/16

Start Services

`1`	`docker-compose up -d`

Stunning Terminal Configuration on macOS (oh-my-zsh)

wanzi

2018-11-10

brew Tool

Official Website: https://brew.sh

Install brew:

`1`	`/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"`

Switch brew source to domestic mirror:

git -C "$(brew --repo)" remote set-url origin https://mirrors.tuna.tsinghua.edu.cn/git/homebrew/brew.git
git -C "$(brew --repo homebrew/core)" remote set-url origin https://mirrors.tuna.tsinghua.edu.cn/git/homebrew/homebrew-core.git
git -C "$(brew --repo homebrew/cask)" remote set-url origin https://mirrors.tuna.tsinghua.edu.cn/git/homebrew/homebrew-cask.git
export HOMEBREW_BOTTLE_DOMAIN=https://mirrors.aliyun.com/homebrew/homebrew-bottles # Add to ~/.zshrc
brew update  # Update Homebrew
brew upgrade # Upgrade all installed packages
brew cleanup # Clean up old versions after upgrade

iTerm2

Install iTerm2:

Summary of Daily Git Commands

wanzi

2018-07-28

Git Global Settings:

1
2

git config --global user.name "wanzi"
git config --global user.email "iwz2099@163.com"

Git Commit Code

git clone git@github.com:iwz2099/test.git
cd test
touch README.md
git add README.md
git commit -m "add README"
git push -u origin master
# The above command pushes the local master branch to the remote origin, and -u sets the default remote branch as origin. After this, you can use `git push` without any arguments.

# Push all local branches to origin
git push -u origin --all  

# If development is based on the local `case_dev_wanzi` branch, push it to the remote `case_dev` branch
git push origin case_dev_wanzi:case_dev

Git Query and Cleanup

git status   # Check current branch status
git log      # View commit history of current branch
git log -n3  # Show last three commits
git log -p -2  # Show patch differences for each of the last two commits
git log --stat  # Show summary statistics for each commit
git log --pretty=oneline # Display each commit on a single line; options include short, full, fuller
git log --pretty=format:"%h - %an, %ar : %s"
git log --pretty=format:"%h %s" --graph  # Use ASCII art to visualize branching and merge history
git reflog # Show all operations across all branches (including commits, resets, and deleted commits)
git reflog # Show last 10 entries
git grep -n wanzi  # Search for 'wanzi' in commit history and working directory
git grep --count wanzi  # Count occurrences of 'wanzi'
git clean  # Remove untracked files not ignored by .gitignore
git clean -d  # Clean entire working directory
git clean -d -n  #-n tests cleanup without actually removing files

Git Branch Operations:

git branch # List current branches
git branch -v # Show last commit for each branch
# Create local dev branch from remote master
git checkout -b dev origin/master 

git branch --merged # List branches merged into current branch
git branch --no-merged # List branches not yet merged into current branch

# Start new feature development: create and switch to new branch
git checkout -b dev-20180720-111111-wanzi
Equivalent to:
git branch r-20180720-111111-wanzi
git checkout r-20180720-111111-wanzi

# Merge completed feature into master
git checkout master
git merge dev-20180720-111111-wanzi

Git Merge Operations

Create a new local branch issue54 from remote master, then develop on it.

Dockerfile Multi-stage Builds

wanzi

2018-07-02

Understanding Docker Multi-stage Builds:

Building an image requires a base image; all subsequent operations are based on this base image.
Docker image files have a layered structure. Each RUN instruction adds a new layer, so reducing the number of layers helps minimize image size.
When multiple FROM instructions are used, only the last FROM image becomes the root image of the final build.

Example of multi-stage build in my own project deployment: Here, we compile a binary using the Golang base image and then directly copy it into a minimal Alpine-based image:

Detailed Dockerfile syntax

wanzi

2018-06-21

FROM

Specifies the base image used to build the Docker image. FROM must be the first non-comment instruction in a Dockerfile. If the specified image is not available locally, Docker will automatically pull it from the public registry.

Example:

`1`	`FROM ubuntu:14.04 # Inherits from ubuntu:14.04`

MAINTAINER

Specifies the maintainer information.

`1`	`MAINTAINER wanzi "iwz2099@163.com"`

ENV

Sets environment variables that are available for subsequent RUN instructions and persist at runtime within the container.

Docker Basic Commands

wanzi

2018-06-20

Common Commands

docker info     # View local Docker information
docker search openresty   # Search remote image repository
docker images      # View images in the local image repository
docker ps          # View currently running containers
docker pull centos  # Pull an image from the remote repository (default tag is 'latest' if not specified)
docker container run -p 8000:80 --rm -t -i centos:latest /bin/bash  # Map container port 80 to host port 8000; --rm removes the container after termination (useful for temporary debugging); -t allocates a pseudo-terminal and binds it to the container's stdin; -i keeps the container's stdin open
docker container exec -i -t b5d7bad57561 /bin/bash # Enter a running container
docker rmi $(docker images -f "dangling=true" -q) # Batch remove dangling (unnamed) images

Importing and Exporting Images

1
2
3

docker save -o centos7.tar centos  # Export image to tar file
docker load < centos7.tar   # Import image (via standard input, including original metadata such as tags)
docker load --input centos7.tar   # Load image from tar file (non-standard input method)

Importing and Exporting Containers

docker ps   # Default: show currently running containers
docker ps -a   # Show all containers, including stopped ones
docker ps -l   # Show the most recently created container (including stopped ones)

docker export 5a80afa126ba > centos7.5a80afa126ba.tar  # Export container snapshot
docker import 5a80afa126ba > centos7.5a80afa126ba.tar  # Import container snapshot into image repository

Note: Users can use docker load to import image files into the local image library, or docker import to import container snapshots. The key difference is that container snapshot files discard all historical records and metadata (preserving only the state at the time of the snapshot), while image storage files preserve full history and are larger in size. Additionally, when importing from a container snapshot, you can reassign metadata like tags.

Issuing Certificates Using OpenSSL

wanzi

2018-05-25

Generate Client Private Key:

`1`	`openssl genrsa -out server.key 2048`

Generate Client Certificate:

`1`	`openssl req -new -sha256 -x509 -days 3650 -key server.key -out server.crt`

Certificate Signing Request (CSR):

`1`	`openssl req -new -key server.key -out server.csr`

Generate CA Private Key

Encrypted with des3, requires a password of more than 4 characters:

`1`	`openssl genrsa -des3 -out ca.key 4096`

Generate CA Certificate

`1`	`openssl req -new -x509 -days 3650 -key ca.key -out ca.crt`

Add the following configuration to the CA config file /private/etc/ssl/openssl.cnf (macOS system):