我使用 gcloud,我在虚拟机上有一个 git 服务器,在存储库中通过 git hook(接收后),我调用 cloud build 来触发 docker 映像的构建以及在 kubernetes 上部署该映像。
我已经在云构建服务帐户上设置了适当的权限,以访问容器/工件注册表和云源存储库上的另一个存储库,其中包含要部署的 kubernetes 清单。
问题是这个流程有时有效,有时无效,并且日志没有说明失败的原因。如果我比较结束良好的流程和未结束的流程的日志,它们是相同的,只是其中一个简单地停止了。
git hook 中调用 Cloud Build 的脚本如下所示 (这是 GCP 虚拟机内部):
#!/bin/bash
oldrev=$1
newrev=$2
refname=$3
BRANCH_REF=$(git rev-parse --symbolic --abbrev-ref $refname)
BASE_PATH="path/to/basepath"
build_image() {
cd "$BASE_PATH"
mkdir -p "build.tmp"
cd "build.tmp"
git clone --branch $BRANCH_REF --single-branch "/path/to/repo" "$NAME"
# This directory contains the Dockerfile
cd repo
#
# code the condition to call cloud build
# through the commit message
#
if [[ $COMMIT_MSG =~ $pattern ]]; then
nohup gcloud builds submit --log-http --config="/path/to/cloudbuild.yaml" --substitutions=_NAME="myproyect",_HASH=$HASH > "$BASE_PATH/build_log.txt" 2>&1 &
fi
}
这就是 cloudbuild yaml 的样子
# This step builds the container image and pushes the image to Conteiner Registry
steps:
- name: 'gcr.io/cloud-builders/docker'
id: Build
args: [ 'build', '-t', 'gcr.io/cloud-builders/${_NAME}:docker-${_HASH}', '-t', 'gcr.io/cloud-builders/${_NAME}:latest', '.' ]
# This step clones the kubernetes google repository
- name: 'gcr.io/cloud-builders/gcloud'
id: Clone env repository
entrypoint: /bin/sh
args:
- '-c'
- |
gcloud source repos clone kubernetes_manifests && \
cd kubernetes_manifests && \
git config user.email $(gcloud auth list --filter=status:ACTIVE --format='value(account)')
# This step generates the new manifest
- name: 'gcr.io/cloud-builders/gcloud'
id: Generate manifest
entrypoint: /bin/sh
args:
- '-c'
- |
sed -e "s#image: gcr.io/cloud-builders/myproyect:.*#image: gcr.io/cloud-builders/${_NAME}:docker-${_HASH}#" kubernetes_manifests/myproyect/development/3.deployment.yaml > kubernetes_manifests/myproyect/development/3.deployment.yaml.tmp && \
mv kubernetes_manifests/myproyect/development/3.deployment.yaml.tmp kubernetes_manifests/myproyect/development/3.deployment.yaml
# This step pushes the manifest back to kubernetes
- name: 'gcr.io/cloud-builders/gcloud'
id: Push manifest
entrypoint: /bin/sh
args:
- '-c'
- |
set -x && \
cd kubernetes_manifests && \
git add myproyect/development/3.deployment.yaml && \
git commit -m "Update image gcr.io/cloud-builders/${_NAME}:${_HASH}
Built from commit ${_HASH} of repository ${_NAME}" --author="Cloud Build Agent" && \
git push origin master
# This step deploys the new version of our container image
- name: 'gcr.io/cloud-builders/kubectl'
id: Deploy
args:
- 'apply'
- '-f'
- 'kubernetes_manifests/myproyect/development/3.deployment.yaml'
env:
- 'CLOUDSDK_COMPUTE_REGION=us-central1-f'
- 'CLOUDSDK_CONTAINER_CLUSTER=k8-myproyect'
- 'CLOUDSDK_CORE_PROJECT=cloud-builders'
timeout: 43200s
options:
machineType: 'N1_HIGHCPU_8'
logging: CLOUD_LOGGING_ONLY
substitutions:
_NAME: 'myproyect' # default value
_HASH: 'latest' # default value
images:
- 'gcr.io/cloud-builders/${_NAME}:docker-${_HASH}'
- 'gcr.io/cloud-builders/${_NAME}:latest'
就像我说的,有时有效,有时无效,我不明白为什么。我希望有人能指出我正确的方向来解决这个问题。
如果它有价值的话,这是失败/停止时日志中的最后一个请求
==== request start ====
uri: https://storage.googleapis.com/storage/v1/b?alt=json&maxResults=1000&prefix=myproyect_cloudbuild&project=myProyect
method: GET
== headers start ==
b'accept': b'application/json'
b'accept-encoding': b'gzip, deflate'
b'authorization': --- Token Redacted ---
b'content-length': b'0'
b'user-agent': b'google-cloud-sdk gcloud/445.0.0 command/gcloud.builds.submit invocation-id/6aa15f12724940dea7fc6bc4a244eac9 environment/GCE environment-version/None client-os/LINUX client-os-ver/5.15.0 client-pltf-arch/x86_64 interactive/False from-script/False python/3.9.16 term/ (Linux 5.15.0-1038-gcp)'
b'x-goog-api-client': b'cred-type/mds'
== headers end ==
== body start ==
== body end ==
==== request end ====
---- response start ----
status: 200
-- headers start --
Cache-Control: private, max-age=0, must-revalidate, no-transform
Content-Length: 789
Content-Type: application/json; charset=UTF-8
Date: Tue, 12 Sep 2023 17:30:52 GMT
Expires: Tue, 12 Sep 2023 17:30:52 GMT
Server: UploadServer
Vary: Origin, X-Origin
X-GUploader-UploadID: ADPycdtf0wrEzjksupKzYNSnqtRqv9z93lIEVFhG0tjpoxELV-WkCSmlW4YPMl8idPfG194FtutaWllo37PMhVYmcrk0rg
-- headers end --
-- body start --
{
"kind": "storage#buckets",
"items": [
{
"kind": "storage#bucket",
"selfLink": "https://www.googleapis.com/storage/v1/b/myproyect_cloudbuild",
"id": "myproyect_cloudbuild",
"name": "myproyect_cloudbuild",
"projectNumber": "249995562558",
"metageneration": "1",
"location": "US",
"storageClass": "STANDARD",
"etag": "CAE=",
"timeCreated": "2023-06-13T00:53:30.886Z",
"updated": "2023-06-13T00:53:30.886Z",
"iamConfiguration": {
"bucketPolicyOnly": {
"enabled": false
},
"uniformBucketLevelAccess": {
"enabled": false
},
"publicAccessPrevention": "inherited"
},
"locationType": "multi-region",
"rpo": "DEFAULT"
}
]
}
-- body end --
total round trip time (request+response): 0.074 secs
---- response end ----
----------------------
基本上我的错误是尝试在后台运行云构建命令,解决方案是使用gcloud builds commit中的async
选项gcloud 构建提交 --async --config="/path/to/cloudbuild.yaml" --substitutions=_NAME="myproyect",_HASH=$HASH
而不是这个
nohup gcloud 构建提交...等