Deploying a simple portfolio with Argo Tunnels and containers for fun 🚀 - Part 2
Leon Nunes
Posted on October 10, 2021
Alright so now that I finally got done with part one of this blog post, here is part 2!
By now you should have Cloudflare Argo tunnel and Gitlab runner running.
$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
31f46243cbe9 docker.io/gitlab/gitlab-runner:alpine run --user=gitlab... 8 days ago Up About an hour ago gitlab-runner
$ systemctl --user status cloudflared
Loaded: loaded (/home/leon/.config/systemd/user/cloudflared.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2021-10-10 14:51:26 IST; 1h 8min ago
For Gitlab CI/CD to work you need to add a .gitlab-ci.yml, in the root folder of your project This is like the main ingredient.
This is what my .gitlab-ci.yml looks like.
stages:
- publish
- deploy
variables:
TAG_LATEST: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:latest
TAG_COMMIT: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHORT_SHA
# Begin building the image
publish:
image: quay.io/podman/stable:latest
stage: publish
tags:
- publish
script:
- podman build -t $TAG_COMMIT -t $TAG_LATEST .
- podman login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
- podman push $TAG_COMMIT
- podman push $TAG_LATEST
# Deployment
deploy:
image: alpine:latest
stage: deploy
tags:
- deployment
before_script:
- apk update && apk add openssh-client
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- eval $(ssh-agent -s)
- echo "${PK_KEY}" |tr -d '\r' | ssh-add -
- ssh-keyscan $SERVER_IP
script:
- ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "podman login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY"
- ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "podman pull $TAG_COMMIT"
- ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "podman container rm -f $WEB_NAME || true"
- ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "podman run -d -p 8080:80 --name $WEB_NAME $TAG_COMMIT"
environment:
name: production
url: https://portfolio.afro-coder.com/
# Run only on the main branch
only:
- main
Now let us dive into some of the important variables here, these need to be defined in your Gitlab Repository(Individual repository) => Settings => CI/CD => Variables.
Make sure you mask the important and sensitive variables, and protect them so that they do not show up in your logs,
your username also needs to be longer than 4 chars to mask it and also meet their RegEx criteria
- $SERVER_USER - SSH login for the user.
- $SERVER_IP - The VM where you would run these containers
- $WEB_NAME - Container name you would like to keep
- $PK_KEY - Private key used to SSH to the server. You can use
ssh-keygento create a key and add the public key to your.ssh/authorized_keysfile
Further documentation on the Gitlab Variables can be found here
Now go ahead and commit this file to your repository.
git add .gitlab-ci.yml
git commit -s -m "Added Gitlab CI"
git push -u
If your gitlab CI/CD doesn't run after pushing it to the main branch re-check the branch name
and the tags you've given your runner, they should match the one in the .gitlab-ci.yml file
If your build goes successfully, you should see the following.
After the pipeline builds the container should be running on the host
$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
31646243cbe9 docker.io/gitlab/gitlab-runner:alpine run --user=gitlab... 8 days ago Up 16 minutes ago gitlab-runner-priv
4930b205caa1 registry.gitlab.com/leon9923/new-portfolio/main:c2054av4 httpd-foreground 15 minutes ago Up 15 minutes ago 0.0.0.0:8080->80/tcp portfolio.afro-coder.com
And thats it, you now have a self-hosted rootless(But still insecure if not protected correctly.) gitlab CI/CD with podman and Argo Tunnels and it works!
My next goal would be to create a custom executor for gitlab that uses podman without the docker interface altogether, thank you for reading!
Posted on October 10, 2021
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.
Related
October 10, 2021