Prepare the infrastructure
Requirements
-
GitLab;
-
Linux host to install the GitLab Runner, featuring:
-
Bash;
-
Git version 2.18.0 or above;
-
GPG;
-
Installing the GitLab Runner
Follow official instructions to install the GitLab Runner on your dedicated host.
Installing werf
To install werf on the GitLab Runner host, run the following command:
curl -sSL https://werf.io/install.sh | bash -s -- --ci
Registering the GitLab Runner
Follow official instructions to register GitLab Runner in GitLab: set Shell as the executor. Once the registration is complete, you may want to perform additional GitLab Runner configuration.
Configuring the container registry
Enable garbage collection for your container registry.
Preparing the system for cross-platform building (optional)
This step only needed to build images for platforms other than host platform running werf.
Register emulators on your system using qemu-user-static:
docker run --restart=always --name=qemu-user-static -d --privileged --entrypoint=/bin/sh multiarch/qemu-user-static -c "/register --reset -p yes && tail -f /dev/null"
Configure the project
Configuring the GitLab project
-
Create and save the access token to clean up the no longer needed images from the container registry with the following parameters:
-
Token name:
werf-images-cleanup; -
Role:
developer; -
Scopes:
api.
-
-
Add the following variables to the project variables:
- Access token to clean up the no longer needed images:
-
Key:
WERF_IMAGES_CLEANUP_PASSWORD; -
Value:
<"werf-images-cleanup" access token you saved earlier>; -
Protect variable:
yes; -
Mask variable:
yes.
-
- Access token to clean up the no longer needed images:
-
Add a scheduled nightly task to clean up the no longer needed images in the container registry by setting the
main/masterbranch as the Target branch.
Configuring CI/CD of the project
This is how the repository that uses werf for build and deploy might look:
stages:
- prod
- cleanup
default:
before_script:
- source "$(~/bin/trdl use werf 2 stable)"
- source "$(werf ci-env gitlab --as-file)"
tags: ["<GitLab Runner tag>"]
prod:
stage: prod
script:
- werf converge
environment:
name: prod
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE != "schedule"
when: manual
images:cleanup:
stage: cleanup
script:
- werf cr login -u nobody -p "${WERF_IMAGES_CLEANUP_PASSWORD:?}" "${WERF_REPO:?}"
- werf cleanup
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "schedule"
apiVersion: apps/v1
kind: Deployment
metadata:
name: app
spec:
selector:
matchLabels:
app: app
template:
metadata:
labels:
app: app
spec:
containers:
- name: app
image: {{ .Values.werf.image.app }}
apiVersion: v1
kind: Service
metadata:
name: app
spec:
selector:
app: app
ports:
- name: app
port: 80
FROM node
WORKDIR /app
COPY . .
RUN npm ci
CMD ["node", "server.js"]
{
"name": "app",
"version": "1.0.0",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "app",
"version": "1.0.0"
}
}
}
{
"name": "app",
"version": "1.0.0",
"main": "server.js",
"scripts": {
"start": "node server.js"
}
}
const http = require('http');
const hostname = '127.0.0.1';
const port = 80;
const server = http.createServer((req, res) => {
res.statusCode = 200;
res.setHeader('Content-Type', 'text/plain');
res.end('Hello World');
});
server.listen(port, hostname, () => {
console.log(`Server running at http://${hostname}:${port}/`);
});
configVersion: 1
project: myproject
---
image: app
dockerfile: Dockerfile
context: ./app
Extras:
- Add authorization options for
werf cleanupin the container registry by following instructions.
