Upgrade to Pro — share decks privately, control downloads, hide ads and more …

GitLab CI/CDとECS Fargateでリリース作業が楽になった話

0729bc5967d5db847518f7659a2fd40c?s=47 orfx
April 24, 2019

GitLab CI/CDとECS Fargateでリリース作業が楽になった話

2019/04/24(水)
GitLab Meetup Tokyo #16: 新年度応援
https://gitlab-jp.connpass.com/event/126533/

0729bc5967d5db847518f7659a2fd40c?s=128

orfx

April 24, 2019
Tweet

Transcript

  1. GitLab CI/CD ͱ ECS Fargate Ͱ ϦϦʔε࡞ۀָ͕ʹͳͬͨ࿩ GitLab Meetup Tokyo

    #16 גࣜձࣾΞΠϦοδ ઒ޱ ૗
  2. Kawaguchi So • ࣗࣾαʔϏεͷӡ༻νʔϜॴଐ • αʔόαΠυΤϯδχΞ • GitLab ྺ1೥ •

    Suzuki V-Strom250 2018.04 ~
  3. ͱ͜ΖͰ օ͞ΜͷपΓʹ͜Μͳ ΦϖϨʔγϣϯ͸͋Γ·ͤΜ͔ʁ

  4. Before ౿Έ୆αʔό ΞϓϦέʔγϣϯαʔό • ͱ͋ΔίϯϙʔωϯτͷϦϦʔεखॱॻʹه ࡌ͞Ε͍ͯͨίϚϯυ͸ܭ 88 ݸͰɺ࡞ۀऀͱ ֬ೝऀ͕ҰͭҰͭ݁ՌΛμϒϧνΣοΫ͠ͳ ͕Β࣮ߦ͍ͯͨ͠

    (࣮࿩) ϦϦʔε࡞ۀऀ ϦϙδτϦ 44) BOTJCMF QMBZCPPL HJUDMPOF
  5. ͭΒ͍ ɺɺɺͰ͕͢

  6. ͦΜͳͭΒ͍ӡ༻पΓ͸ GitLab CI/CD Λ ׆༻͢ΔνϟϯεͰ͢

  7. After GitLab 1೥໨ͷࢲͰ΋ GitLab CI/CD Λ࢖͑͹ ϘλϯΛԡ͚ͩ͢ ͷϦϦʔε͕࣮ݱͰ͖·ͨ͠ʂ

  8. ͲΜͳύΠϓϥΠϯΛ ߏஙͨ͠ͷ͔

  9. Build Stage build: stage: build script: - docker build -t

    image_name:ci . - docker save image_name:ci -o ${ARTIFACT_PATH} artifacts: paths: - ${ARTIFACT_PATH} expire_in: 1h • docker build ͰϏϧυͨ͠ΠϝʔδΛ docker save ͰϑΝΠϧʹॻ͖ग़͢ɻ • ॻ͖ग़ͨ͠ϑΝΠϧ͸ GitLab ͷ artifacts ػೳͰ δϣϒ׬ྃޙʹ GitLab ΁ࣗಈΞοϓϩʔυͤ͞Δɻ
  10. Test Stage unittest: stage: test script: - docker load -i

    ${ARTIFACT_PATH} - docker-compose up --exit-code-from service_name • artifacts ͰΞοϓϩʔυ͞ΕͨϑΝΠϧ͸࣍ͷδϣϒ։࢝࣌ ʹࣗಈμ΢ϯϩʔυ͞ΕΔͷͰ docker load ͰಡΈࠐΉɻ • ͦͷΠϝʔδΛ༻͍ͯ docker-compose Ͱ UnitTest ʹඞཁ ͳίϯςφҰࣜΛཱͪ͛ͯςετΛ࣮ߦ͢Δɻ
  11. Push Stage push: stage: push script: - docker load -i

    ${ARTIFACT_PATH} - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY - docker tag image_name:ci $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG • ಉ༷ʹࣗಈμ΢ϯϩʔυ͞ΕͨϏϧυΠϝʔδΛಡΈࠐΉɻ • docker login Ͱ GitLab Container Registry ʹϩάΠϯͯ͠ɺ docker push ͰϨδετϦʹΠϝʔδΛΞοϓϩʔυ͢Δɻ
  12. Deploy Stage deploy: stage: deploy variables: RELEASE_TAG: $CI_COMMIT_REF_SLUG script: -

    ecs-cli compose -p ${SERVICE_NAME} -f ${CLUSTER_NAME} service up தུ environment: name: ${ENVIRONMENT} when: manual • ECS CLI Ͱ docker-compose ϑΝΠϧΛ࢖༻ͯ͠αʔϏεΞοϓ ͢Δɻ͜Ε͚ͩͰ ECS ͕͍͍ײ͡ʹσϓϩΠͯ͘͠ΕΔ (ࡶ) • σϓϩΠδϣϒ͸ when: manual Λࢦఆͯࣗ͠ಈ࣮ߦ͞Εͳ͍Α ͏ʹ͢Δɻ -> ͜Ε͕ઌ΄Ͳͷԡ͚ͩ͢ͷϘλϯ
  13. δϣϒ࣮ߦ৚݅Λઃఆͯ͠ޡര๷ࢭ ௨ৗ࣌ ςετ͸লུͯ࣌ؒ͠୹ॖ ϦϦʔε࣌ͷΈ ຊ൪؀ڥσϓϩΠ͕ දࣔ͞ΕΔ ϦϦʔε࣌ (λάϓογϡͰύΠϓϥΠϯΛੜ੒͢Δӡ༻)

  14. ศརͰخ͍͠ػೳ

  15. Artifacts ػೳ • Runner ͕ෳ਺͋Δ؀ڥͰɺύΠϓϥΠϯதʹผͷ Runner Ͱॲཧ͕࣮ߦ͞Εͯ͠·ͬͯ΋ɺδϣϒ࣮ߦʹඞ ཁͳϑΝΠϧΛ؆୯ʹڞ༗͢Δ͜ͱ͕Ͱ͖Δɻ • expire_in

    Ͱ༗ޮظݶΛઃఆ͢ΔͱࣗಈͰ࡟আͯ͘͠Ε Δɻ • Ξοϓϩʔυͨ͠ϑΝΠϧ͸΢ΣϒαΠτ্͔Β௚઀μ ΢ϯϩʔυͰ͖Δɻ
  16. Environment ػೳ deploy: stage: deploy variables: RELEASE_TAG: $CI_COMMIT_REF_SLUG script: -

    ecs-cli compose -f compose.yml தུ environment: name: ${ENVIRONMENT} when: manual δϣϒʹ؀ڥ໊Λఆ͓͚ٛͯͩ͘͠Ͱ…
  17. Environment ػೳ GitLab ্ʹ؀ڥҰཡΛউखʹ࡞ͬͯ͘ΕΔʂ

  18. Environment ػೳ • ؀ڥຖʹσϓϩΠཤྺ͕೔࣌΍λά෇͖ͰݟΕΔʂ • ͔͜͜ΒϘλϯҰͭͰ೚ҙ࣌఺ʹϩʔϧόοΫͰ͖Δʂ

  19. Container Registry ػೳ • Լهਤͷ༷ʹύεΛ۠੾Δͱผݸʹදࣔ͞ΕΔͷͰ nginx ͳͲαΠυΧʔతͳίϯςφΛಉҰϓϩδΣΫτ ͰҰݩ؅ཧ͢Δࡍʹศརɻ

  20. Container Registry ͱ Fargate Fargate Secrets Manager Container Registry ᶃ

    ᶄ ᶅ ᶆ 1. CI/CD ͕ Registry ʹΠϝʔδΛϓογϡ 2. CI/CD ͕λεΫఆٛͱαʔϏεΛߋ৽ AWS७ਖ਼ͷ Container Registry (ECR) ͡Όͳͯ͘΋ Deploy Token ͱ Secrets Manager Ͱ Fargate ʹσϓϩΠͰ͖·͢ʂ 3. Fargate ͕ SM ͔Β Deploy Token Λೖख 4. Fargate ͕ Deploy Token Λ࢖ͬͯΠϝʔδΛऔಘ
  21. ຊ೔ͷ·ͱΊ • GitLab ʹ͸ӡ༻୲౰ऀʹخ͍͠ศརͳػೳ͕ ੝Γͩ͘͞Μʂ • ͳΜͱ͜ΕΒͷػೳΛ౥ࡌͨ͠ GitLab ͸ແྉ Ͱ࢖͍࢝ΊΔ͜ͱ͕Ͱ͖·͢ʂ

    • ͳ͓ɺແঈ൛ʹ͸Ұ෦ػೳ੍ݶ͕͍͟͝·͢ɻ ࠓ͙͢ొ࿥
  22. ຊ೔ൃද͖͠Εͳ͔ͬͨ ECS Fargate पΓͷҠߦ࿩͸ ΞΠϦοδ։ൃऀϒϩά ʹͯ ެ։தʂ EC2 ͰՔಇ͍ͯ͠ΔγεςϜΛ ECS

    Fargate ʹҠߦͤ͞Δ https://iridge-tech.hatenablog.com/entry/2019/04/24/162758