GitLab CI/CDとECS Fargateでリリース作業が楽になった話

Transcript

1. GitLab CI/CD ͱ ECS Fargate Ͱ ϦϦʔε࡞ۀָ͕ʹͳͬͨ࿩ GitLab Meetup Tokyo

   #16 גࣜձࣾΞΠϦοδ ઒ޱ ૗

2. Kawaguchi So • ࣗࣾαʔϏεͷӡ༻νʔϜॴଐ • αʔόαΠυΤϯδχΞ • GitLab ྺ1೥ •

   Suzuki V-Strom250 2018.04 ~

3. ͱ͜ΖͰ օ͞ΜͷपΓʹ͜Μͳ ΦϖϨʔγϣϯ͸͋Γ·ͤΜ͔ʁ

4. Before ౿Έ୆αʔό ΞϓϦέʔγϣϯαʔό • ͱ͋ΔίϯϙʔωϯτͷϦϦʔεखॱॻʹه ࡌ͞Ε͍ͯͨίϚϯυ͸ܭ 88 ݸͰɺ࡞ۀऀͱ ֬ೝऀ͕ҰͭҰͭ݁ՌΛμϒϧνΣοΫ͠ͳ ͕Β࣮ߦ͍ͯͨ͠

   (࣮࿩) ϦϦʔε࡞ۀऀ ϦϙδτϦ 44) BOTJCMF
   QMBZCPPL
   HJU
   DMPOF

5. ͭΒ͍ ɺɺɺͰ͕͢

6. ͦΜͳͭΒ͍ӡ༻पΓ͸ GitLab CI/CD Λ ׆༻͢ΔνϟϯεͰ͢

7. After GitLab 1೥໨ͷࢲͰ΋ GitLab CI/CD Λ࢖͑͹ ϘλϯΛԡ͚ͩ͢ ͷϦϦʔε͕࣮ݱͰ͖·ͨ͠ʂ

8. ͲΜͳύΠϓϥΠϯΛ ߏஙͨ͠ͷ͔

9. Build Stage build: stage: build script: - docker build -t

   image_name:ci . - docker save image_name:ci -o ${ARTIFACT_PATH} artifacts: paths: - ${ARTIFACT_PATH} expire_in: 1h • docker build ͰϏϧυͨ͠ΠϝʔδΛ docker save ͰϑΝΠϧʹॻ͖ग़͢ɻ • ॻ͖ग़ͨ͠ϑΝΠϧ͸ GitLab ͷ artifacts ػೳͰ δϣϒ׬ྃޙʹ GitLab ΁ࣗಈΞοϓϩʔυͤ͞Δɻ

10. Test Stage unittest: stage: test script: - docker load -i

    ${ARTIFACT_PATH} - docker-compose up --exit-code-from service_name • artifacts ͰΞοϓϩʔυ͞ΕͨϑΝΠϧ͸࣍ͷδϣϒ։࢝࣌ ʹࣗಈμ΢ϯϩʔυ͞ΕΔͷͰ docker load ͰಡΈࠐΉɻ • ͦͷΠϝʔδΛ༻͍ͯ docker-compose Ͱ UnitTest ʹඞཁ ͳίϯςφҰࣜΛཱͪ͛ͯςετΛ࣮ߦ͢Δɻ

11. Push Stage push: stage: push script: - docker load -i

    ${ARTIFACT_PATH} - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY - docker tag image_name:ci $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG • ಉ༷ʹࣗಈμ΢ϯϩʔυ͞ΕͨϏϧυΠϝʔδΛಡΈࠐΉɻ • docker login Ͱ GitLab Container Registry ʹϩάΠϯͯ͠ɺ docker push ͰϨδετϦʹΠϝʔδΛΞοϓϩʔυ͢Δɻ

12. Deploy Stage deploy: stage: deploy variables: RELEASE_TAG: $CI_COMMIT_REF_SLUG script: -

    ecs-cli compose -p ${SERVICE_NAME} -f ${CLUSTER_NAME} service up தུ environment: name: ${ENVIRONMENT} when: manual • ECS CLI Ͱ docker-compose ϑΝΠϧΛ࢖༻ͯ͠αʔϏεΞοϓ ͢Δɻ͜Ε͚ͩͰ ECS ͕͍͍ײ͡ʹσϓϩΠͯ͘͠ΕΔ (ࡶ) • σϓϩΠδϣϒ͸ when: manual Λࢦఆͯࣗ͠ಈ࣮ߦ͞Εͳ͍Α ͏ʹ͢Δɻ -> ͜Ε͕ઌ΄Ͳͷԡ͚ͩ͢ͷϘλϯ

13. δϣϒ࣮ߦ৚݅Λઃఆͯ͠ޡര๷ࢭ ௨ৗ࣌ ςετ͸লུͯ࣌ؒ͠୹ॖ ϦϦʔε࣌ͷΈ ຊ൪؀ڥσϓϩΠ͕ දࣔ͞ΕΔ ϦϦʔε࣌ (λάϓογϡͰύΠϓϥΠϯΛੜ੒͢Δӡ༻)

14. ศརͰخ͍͠ػೳ

15. Artifacts ػೳ • Runner ͕ෳ਺͋Δ؀ڥͰɺύΠϓϥΠϯதʹผͷ Runner Ͱॲཧ͕࣮ߦ͞Εͯ͠·ͬͯ΋ɺδϣϒ࣮ߦʹඞ ཁͳϑΝΠϧΛ؆୯ʹڞ༗͢Δ͜ͱ͕Ͱ͖Δɻ • expire_in

    Ͱ༗ޮظݶΛઃఆ͢ΔͱࣗಈͰ࡟আͯ͘͠Ε Δɻ • Ξοϓϩʔυͨ͠ϑΝΠϧ͸΢ΣϒαΠτ্͔Β௚઀μ ΢ϯϩʔυͰ͖Δɻ

16. Environment ػೳ deploy: stage: deploy variables: RELEASE_TAG: $CI_COMMIT_REF_SLUG script: -

    ecs-cli compose -f compose.yml தུ environment: name: ${ENVIRONMENT} when: manual δϣϒʹ؀ڥ໊Λఆ͓͚ٛͯͩ͘͠Ͱ…

17. Environment ػೳ GitLab ্ʹ؀ڥҰཡΛউखʹ࡞ͬͯ͘ΕΔʂ

18. Environment ػೳ • ؀ڥຖʹσϓϩΠཤྺ͕೔࣌΍λά෇͖ͰݟΕΔʂ • ͔͜͜ΒϘλϯҰͭͰ೚ҙ࣌఺ʹϩʔϧόοΫͰ͖Δʂ

19. Container Registry ػೳ • Լهਤͷ༷ʹύεΛ۠੾Δͱผݸʹදࣔ͞ΕΔͷͰ nginx ͳͲαΠυΧʔతͳίϯςφΛಉҰϓϩδΣΫτ ͰҰݩ؅ཧ͢Δࡍʹศརɻ

20. Container Registry ͱ Fargate Fargate Secrets Manager Container Registry ᶃ

    ᶄ ᶅ ᶆ 1. CI/CD ͕ Registry ʹΠϝʔδΛϓογϡ 2. CI/CD ͕λεΫఆٛͱαʔϏεΛߋ৽ AWS७ਖ਼ͷ Container Registry (ECR) ͡Όͳͯ͘΋ Deploy Token ͱ Secrets Manager Ͱ Fargate ʹσϓϩΠͰ͖·͢ʂ 3. Fargate ͕ SM ͔Β Deploy Token Λೖख 4. Fargate ͕ Deploy Token Λ࢖ͬͯΠϝʔδΛऔಘ

21. ຊ೔ͷ·ͱΊ • GitLab ʹ͸ӡ༻୲౰ऀʹخ͍͠ศརͳػೳ͕ ੝Γͩ͘͞Μʂ • ͳΜͱ͜ΕΒͷػೳΛ౥ࡌͨ͠ GitLab ͸ແྉ Ͱ࢖͍࢝ΊΔ͜ͱ͕Ͱ͖·͢ʂ

    • ͳ͓ɺແঈ൛ʹ͸Ұ෦ػೳ੍ݶ͕͍͟͝·͢ɻ ࠓ͙͢ొ࿥

22. ຊ೔ൃද͖͠Εͳ͔ͬͨ ECS Fargate पΓͷҠߦ࿩͸ ΞΠϦοδ։ൃऀϒϩά ʹͯ ެ։தʂ EC2 ͰՔಇ͍ͯ͠ΔγεςϜΛ ECS

    Fargate ʹҠߦͤ͞Δ https://iridge-tech.hatenablog.com/entry/2019/04/24/162758