Openshift CI images: S2i image builder + gitlab CI webhook 3 / 3 (Gitlab)

To configure the deployment key in gitlab, go to:

your repository -> settings -> Repository ->Deploy keys

Introduce the public key in the box that will open. Consider using these keys as read only.


Next, we have to configure the CI integration with the webhook URL we obtained before - you will need Gitlab runner.

Add this to your .gitlab-ci.yml:

openshift_job:
  stage: deploy
  tags:
   - docker
   script:
   - "https_proxy= curl -k -XPOST -H'Content-Type: application/json' -d'{}' <your build CI webhook URL>"
   only:
    - master

We rebuild the image:

$ oc start-build mydocsproject

And it should all work now :)

Openshift CI images: S2i image builder + gitlab CI webhook 2 / 3 (OpenShift)

Next step is creating the credentials. We'll use them to make openshift talk to gitlab - this will necessary only if your repository is authenticated.

$ ssh-keygen -b 4096 -t rsa -f mykey Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):  Enter same passphrase again:  Your identification has been saved in mykey.
Your public key has been saved in mykey.pub.

We upload the private key to openshift:

$ oc secrets new mygitlab-key ssh-privatekey=mykey

$ oc secrets add serviceaccount/builder secrets/mygitlab-key

$ oc secrets link builder mygitlab-key

Next we create the app configuration. You may need to customize the image location and your gitlab user / address. The new OpenShift project will be mydocsproject:

$ oc new-app <your repository>/builderimagename:latest:latest~user@gitlab.com:your_repo.git --name mydocsproject

This will generate a build image, that will fail because we haven't given access to our authenticated gitlab repository. We'll configure OpenShift to use the newly created credentials - gitlab configuration in the next post:

$ oc set build-secret --source bc/mydocsproject mygitlab-key

To provide gitlab with the webhook to trigger a deployment on push, we will need the build config's webhook:

$ oc describe bc/mydocsproject | grep -A1 "Webhook Generic"   

Webhook Generic:
       URL:           https://youropenshifturl/oapi/v1/namespaces/blablabla/generic

Next is to configure gitlab.

Openshift CI images: S2i image builder + gitlab CI webhook 1 / 3 (Docker image)

This week I had to migrate an old static site that was hosting a documentation repository. It worked using a git hook that ran rsync to the hosting server every time there was a push. Local git server, physical shared hosting server.

New location: openshift and gitlab.

Laziness within sent thoughts of running git clone from inside the container, but eventually decided to give a try to S2I.

First thing, setting an image with a basic nginx service:

.
├── build
├── Dockerfile
├── etc
│   ├── nginx.conf
│   ├── server_status.conf
│   └── staticdocs.contoso.com.conf
└── test
    └── test-app
        └── index.html

My Dockerfile:

FROM my-favourite-repository/centos-7:latest
MAINTAINER Andres Martin <andreu.antonio@gmail.com>

LABEL io.k8s.description="Platform for serving static HTML files" \      io.k8s.display-name="Nginx latest" \
     io.openshift.expose-services="8080:http" \      io.openshift.tags="builder,html,nginx"

RUN yum install -y nginx git vim curl && \
   yum clean all -y

LABEL io.openshift.s2i.scripts-url=image:///usr/local/s2i
COPY ./.s2i/bin/ /usr/local/s2i


COPY ./etc/nginx.conf /etc/nginx/nginx.conf
COPY ./etc/staticdocs.contoso.com.conf /etc/nginx/conf.d/staticdocs.contoso.com.conf
RUN mkdir -p /etc/nginx/inc.d/internal 

COPY ./etc/server_status.conf /etc/nginx/inc.d/internal/server_status.conf


EXPOSE 8080

#copy paste from other Dockerfiles nginxRUN mkdir -p /var/www/html
RUN chmod 777 /var/www/html # because why notRUN mkdir -p /var/log/nginx
RUN chmod g+xrw /var/log/nginxRUN rm -f /etc/nginx/sites-available/default.conf
RUN mkdir /nginx/cache -p
RUN mkdir /nginx/run -p
RUN chmod g+xrw -R /nginx


USER 1001120000

CMD ["/usr/local/s2i/usage"]

 My nginx.conf to allow non-privileged execution:

worker_processes 1;
daemon off;
pid        /nginx/run/nginx.pid;

events {
   worker_connections 1024;
}

http {

   include       /etc/nginx/mime.types;
   default_type  application/octet-stream;

   log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                     '$status $body_bytes_sent "$http_referer" '                      '"$http_user_agent" "$http_x_forwarded_for"';

   access_log  /nginx/access.log  main;
   error_log /nginx/error.log error;
   client_body_temp_path /nginx/cache 1 2;
   proxy_temp_path /nginx/cache 1 2;
   fastcgi_temp_path /nginx/cache 1 2;
   uwsgi_temp_path /nginx/cache 1 2;

   sendfile        on;

   keepalive_timeout  65;

   #gzip  on;

   client_max_body_size 25m;

   server_tokens off;

   include /etc/nginx/conf.d/*.conf;

   index   index.html index.htm;

}

After installing the s2i tools, you will have something like this in your folder:

├── .s2i
│   └── bin
│       ├── assemble
│       ├── run
│       ├── s2i
│       ├── sti -> s2i
│       └── usage

And you might have this in your run script:

exec nginx -c /etc/nginx/nginx.conf

At this point, to make sure all the above is right you can try a manual run:

Build your image as usual (sudo docker build . -f Dockerfile -t latest --pull; sudo docker tag latest my-registry/builderimagename:latest; sudo docker p
ush my-registry/builderimagename:latest)

$ sudo s2i build <your git repo> <builder image name:test> <result image name:latest>

i.e. my syntax:


$ sudo s2i build https://gitlab.com/myproject.git myrepo/mybuilderimage:latest myrepo/amartin-sample-app

$ sudo docker run -d -p 8080:8080 myrepo/amartin-sample-app <result image>

Now is time to configure OpenShift in the next post.