GitLab CI/CD ͱ ECS Fargate Ͱ ϦϦʔε࡞ۀָ͕ʹͳͬͨ࿩ GitLab Meetup Tokyo #16 גࣜձࣾΞΠϦοδ ઒ޱ ૗

Kawaguchi So • ࣗࣾαʔϏεͷӡ༻νʔϜॴଐ • αʔόαΠυΤϯδχΞ • GitLab ྺ1೥ • Suzuki V-Strom250 2018.04 ~

ͱ͜ΖͰ օ͞ΜͷपΓʹ͜Μͳ ΦϖϨʔγϣϯ͸͋Γ·ͤΜ͔ʁ

Before ౿Έ୆αʔό ΞϓϦέʔγϣϯαʔό • ͱ͋ΔίϯϙʔωϯτͷϦϦʔεखॱॻʹه ࡌ͞Ε͍ͯͨίϚϯυ͸ܭ 88 ݸͰɺ࡞ۀऀͱ ֬ೝऀ͕ҰͭҰͭ݁ՌΛμϒϧνΣοΫ͠ͳ ͕Β࣮ߦ͍ͯͨ͠ (࣮࿩) ϦϦʔε࡞ۀऀ ϦϙδτϦ 44) BOTJCMF QMBZCPPL HJUDMPOF

ͭΒ͍ ɺɺɺͰ͕͢

ͦΜͳͭΒ͍ӡ༻पΓ͸ GitLab CI/CD Λ ׆༻͢ΔνϟϯεͰ͢

After GitLab 1೥໨ͷࢲͰ΋ GitLab CI/CD Λ࢖͑͹ ϘλϯΛԡ͚ͩ͢ ͷϦϦʔε͕࣮ݱͰ͖·ͨ͠ʂ

ͲΜͳύΠϓϥΠϯΛ ߏஙͨ͠ͷ͔

Build Stage build: stage: build script: - docker build -t image_name:ci . - docker save image_name:ci -o ${ARTIFACT_PATH} artifacts: paths: - ${ARTIFACT_PATH} expire_in: 1h • docker build ͰϏϧυͨ͠ΠϝʔδΛ docker save ͰϑΝΠϧʹॻ͖ग़͢ɻ • ॻ͖ग़ͨ͠ϑΝΠϧ͸ GitLab ͷ artifacts ػೳͰ δϣϒ׬ྃޙʹ GitLab ΁ࣗಈΞοϓϩʔυͤ͞Δɻ

Test Stage unittest: stage: test script: - docker load -i ${ARTIFACT_PATH} - docker-compose up --exit-code-from service_name • artifacts ͰΞοϓϩʔυ͞ΕͨϑΝΠϧ͸࣍ͷδϣϒ։࢝࣌ ʹࣗಈμ΢ϯϩʔυ͞ΕΔͷͰ docker load ͰಡΈࠐΉɻ • ͦͷΠϝʔδΛ༻͍ͯ docker-compose Ͱ UnitTest ʹඞཁ ͳίϯςφҰࣜΛཱͪ͛ͯςετΛ࣮ߦ͢Δɻ

Push Stage push: stage: push script: - docker load -i ${ARTIFACT_PATH} - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY - docker tag image_name:ci $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG • ಉ༷ʹࣗಈμ΢ϯϩʔυ͞ΕͨϏϧυΠϝʔδΛಡΈࠐΉɻ • docker login Ͱ GitLab Container Registry ʹϩάΠϯͯ͠ɺ docker push ͰϨδετϦʹΠϝʔδΛΞοϓϩʔυ͢Δɻ

Deploy Stage deploy: stage: deploy variables: RELEASE_TAG: $CI_COMMIT_REF_SLUG script: - ecs-cli compose -p ${SERVICE_NAME} -f ${CLUSTER_NAME} service up தུ environment: name: ${ENVIRONMENT} when: manual • ECS CLI Ͱ docker-compose ϑΝΠϧΛ࢖༻ͯ͠αʔϏεΞοϓ ͢Δɻ͜Ε͚ͩͰ ECS ͕͍͍ײ͡ʹσϓϩΠͯ͘͠ΕΔ (ࡶ) • σϓϩΠδϣϒ͸ when: manual Λࢦఆͯࣗ͠ಈ࣮ߦ͞Εͳ͍Α ͏ʹ͢Δɻ -> ͜Ε͕ઌ΄Ͳͷԡ͚ͩ͢ͷϘλϯ

δϣϒ࣮ߦ৚݅Λઃఆͯ͠ޡര๷ࢭ ௨ৗ࣌ ςετ͸লུͯ࣌ؒ͠୹ॖ ϦϦʔε࣌ͷΈ ຊ൪؀ڥσϓϩΠ͕ දࣔ͞ΕΔ ϦϦʔε࣌ (λάϓογϡͰύΠϓϥΠϯΛੜ੒͢Δӡ༻)

ศརͰخ͍͠ػೳ

Artifacts ػೳ • Runner ͕ෳ਺͋Δ؀ڥͰɺύΠϓϥΠϯதʹผͷ Runner Ͱॲཧ͕࣮ߦ͞Εͯ͠·ͬͯ΋ɺδϣϒ࣮ߦʹඞ ཁͳϑΝΠϧΛ؆୯ʹڞ༗͢Δ͜ͱ͕Ͱ͖Δɻ • expire_in Ͱ༗ޮظݶΛઃఆ͢ΔͱࣗಈͰ࡟আͯ͘͠Ε Δɻ • Ξοϓϩʔυͨ͠ϑΝΠϧ͸΢ΣϒαΠτ্͔Β௚઀μ ΢ϯϩʔυͰ͖Δɻ

Environment ػೳ deploy: stage: deploy variables: RELEASE_TAG: $CI_COMMIT_REF_SLUG script: - ecs-cli compose -f compose.yml தུ environment: name: ${ENVIRONMENT} when: manual δϣϒʹ؀ڥ໊Λఆ͓͚ٛͯͩ͘͠Ͱ…

Environment ػೳ GitLab ্ʹ؀ڥҰཡΛউखʹ࡞ͬͯ͘ΕΔʂ

Environment ػೳ • ؀ڥຖʹσϓϩΠཤྺ͕೔࣌΍λά෇͖ͰݟΕΔʂ • ͔͜͜ΒϘλϯҰͭͰ೚ҙ࣌఺ʹϩʔϧόοΫͰ͖Δʂ

Container Registry ػೳ • Լهਤͷ༷ʹύεΛ۠੾Δͱผݸʹදࣔ͞ΕΔͷͰ nginx ͳͲαΠυΧʔతͳίϯςφΛಉҰϓϩδΣΫτ ͰҰݩ؅ཧ͢Δࡍʹศརɻ

Container Registry ͱ Fargate Fargate Secrets Manager Container Registry ᶃ ᶄ ᶅ ᶆ 1. CI/CD ͕ Registry ʹΠϝʔδΛϓογϡ 2. CI/CD ͕λεΫఆٛͱαʔϏεΛߋ৽ AWS७ਖ਼ͷ Container Registry (ECR) ͡Όͳͯ͘΋ Deploy Token ͱ Secrets Manager Ͱ Fargate ʹσϓϩΠͰ͖·͢ʂ 3. Fargate ͕ SM ͔Β Deploy Token Λೖख 4. Fargate ͕ Deploy Token Λ࢖ͬͯΠϝʔδΛऔಘ

ຊ೔ͷ·ͱΊ • GitLab ʹ͸ӡ༻୲౰ऀʹخ͍͠ศརͳػೳ͕ ੝Γͩ͘͞Μʂ • ͳΜͱ͜ΕΒͷػೳΛ౥ࡌͨ͠ GitLab ͸ແྉ Ͱ࢖͍࢝ΊΔ͜ͱ͕Ͱ͖·͢ʂ • ͳ͓ɺແঈ൛ʹ͸Ұ෦ػೳ੍ݶ͕͍͟͝·͢ɻ ࠓ͙͢ొ࿥

ຊ೔ൃද͖͠Εͳ͔ͬͨ ECS Fargate पΓͷҠߦ࿩͸ ΞΠϦοδ։ൃऀϒϩά ʹͯ ެ։தʂ EC2 ͰՔಇ͍ͯ͠ΔγεςϜΛ ECS Fargate ʹҠߦͤ͞Δ https://iridge-tech.hatenablog.com/entry/2019/04/24/162758