集成webhook打造hexo博客 (gitlab基于k8s的持续发布)

准备本地hexo环境

准备webhook镜像

#https://hub.docker.com/r/almir/webhook
FROM        golang:alpine3.11 AS build
MAINTAINER wangyunpeng <wangyp0701@gmail.com>
WORKDIR     /go/src/github.com/adnanh/webhook
ENV         WEBHOOK_VERSION 2.6.11
RUN         apk add --update -t build-deps curl libc-dev gcc libgcc
RUN         curl -L --silent -o webhook.tar.gz https://github.com/adnanh/webhook/archive/${WEBHOOK_VERSION}.tar.gz && \
            tar -xzf webhook.tar.gz --strip 1 &&  \
            go get -d && \
            go build -o /usr/local/bin/webhook && \
            apk del --purge build-deps && \
            rm -rf /var/cache/apk/* && \
            rm -rf /go

FROM        alpine:3.11
ENV TZ Asia/Shanghai
RUN apk add --no-cache tzdata git openssh-client
COPY        --from=build /usr/local/bin/webhook /usr/local/bin/webhook
WORKDIR     /code/webhook
VOLUME      ["/code/webhook"]
EXPOSE      9000
ENTRYPOINT  ["/usr/local/bin/webhook" , "-hooks" , "/code/webhook/hooks.json" , "-verbose"]

准备k8s的yaml文件

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: hexo-static-data
spec:
  accessModes:
 #   - ReadWriteOnce
    - ReadWriteMany
 # storageClassName: ceph-storageclass
  #storageClassName: glusterfs-storage
  storageClassName: managed-nfs-storage
 # storageClassName: csi-cephfs
  resources:
    requests:
      storage: 1Gi

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  #annotations:
  #  "initializer.kubernetes.io/lxcfs": "true"
  name: hexo-static
  labels:
    k8s-app: hexo-static
spec:
  replicas: 1
  revisionHistoryLimit: 3
  template:
    metadata:
      labels:
        k8s-app: hexo-static
    spec:
      containers:
      - name: hexo-static
        image: registry.yappam.com/nginx/openresty:1.15.8.3-2-alpine
        ports:
        - containerPort: 80
        resources:
          limits:
            cpu: "0.2"
            memory: 152M
          requests:
            cpu: 0.1
            memory: 128M
        volumeMounts:
            - name: hexo-static-webhook
              mountPath: "/usr/local/openresty/nginx/html"
            - name: hexo-nginx-conf
              mountPath: "/etc/nginx/conf.d/hexo-nginx.conf"
              subPath: hexo-nginx.conf
      volumes:
      - name: hexo-nginx-conf           #挂载数据节点名称
        configMap:
         name: hexo-nginx.conf        #指定创建configMap的名称
         items:
          - key: hexo-nginx.conf       #key为文件名称
            path: hexo-nginx.conf
      - name: hexo-static-webhook
        persistentVolumeClaim:
          claimName: hexo-static-data

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  #annotations:
  #  "initializer.kubernetes.io/lxcfs": "true"
  name: hexo-webhook
  labels:
    k8s-app: hexo-webhook
spec:
  replicas: 1
  revisionHistoryLimit: 3
  template:
    metadata:
      labels:
        k8s-app: hexo-webhook
    spec:
      containers:
      - name: hexo-webhook
        image: registry.yappam.com/webhook/webhook:latest
        #触发git仓库更新到项目
        ports:
        - containerPort: 9000
        volumeMounts:
            - name: hexo-static-webhook
              mountPath: "/var/www"
            - name: ssh-key
              mountPath: "/root/.ssh/id_ed25519"
              subPath: id_ed25519 #必须以子目录方式挂载
            - name: webhook-conf
              mountPath: "/code/webhook/work.sh"
              subPath: work.sh
            - name: webhook-conf
              mountPath: "/code/webhook/hooks.json"
              subPath: hooks.json
      volumes:
      - name: hexo-static-webhook
        persistentVolumeClaim:
          claimName: hexo-static-data
      - name: ssh-key
        secret:
          defaultMode: 0600
          secretName: mysecret
      - name: webhook-conf           #挂载数据节点名称
        configMap:
         name: webhook-conf        #指定创建configMap的名称
         defaultMode: 0755
         items:
          - key: hooks.json       #key为文件名称
            path: hooks.json      #文件路径内容
          - key: work.sh      #key为文件名称
            path: work.sh      #文件路径内容 

apiVersion: v1
kind: Service
metadata:
  name: hexo-static
spec:
  selector:
    k8s-app: hexo-static
  ports:
  - port: 80
    name: web
    targetPort: 8080
    protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
  name: hexo-webhook
spec:
  selector:
    k8s-app: hexo-webhook
  ports:
  - port: 9000
    name: webhook
    targetPort: 9000
    nodePort: 27590
    protocol: TCP
  type: NodePort #根据自己的环境选择

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: hexo
  namespace: hexo
  annotations:
    #启用cert-manager绑定issuer
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
  tls:
  - hosts:
    - hexo.k8s.wangyp.win
    secretName: my-certificate-secret
  rules:
  - host: hexo.k8s.wangyp.win
    http:
      paths:
      - path: /
        backend:
          serviceName: hexo-static
          servicePort: 80

apiVersion: v1
kind: ConfigMap
metadata:
  name: webhook-conf
data:
  work.sh: |
    #!/bin/sh
    cd /var/www && git pull
    curtime=`date +"%Y%m%d%H%M%S"`
    if [ $? -eq 0 ];then
    echo "$curtime pull success!" >> /code/webhook/git.log
    else
    echo "$curtime pull fail!" >> /code/webhook/git.log
    fi
  hooks.json: |
    [
     {
    "id": "redeploy-webhook",
    "execute-command": "/code/webhook/work.sh",
    "command-working-directory": "/code/webhook"
     }
    ]

apiVersion: v1
kind: ConfigMap
metadata:
  name: webhook-conf
data:
  hexo-nginx.conf: |
	server {
		listen       8080;
		server_name  localhost;


		location / {
			root   /usr/local/openresty/nginx/html;
			index  index.html index.htm;
		}
		location ~ /\.git {
			   deny all; #禁止访问.git目录所有内容
	  }}

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
  namespace: hexo
type: Opaque
data:
  id_ed25519:  LtLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFNd0FBQUF0emMyZ3RaVwpReU5UVXhPUUFBQUNEMVhBWlJ1VHdoK0dmTEl4VExVZVBsZzNYZnhLTU04UWZNb2hBaXBURUQ1UUFBQUtEMXAzUHA5YWR6CjZRQUFBQXR6YzJndFpXUXlOVFV4T1FBQUFDRDFYQVpSdVR3aCtHZkxJeFRMVWVQbGczWGZ4S01NOFFmTW9oQWlwVEVENVEKQUFBRUM3ZWpNWXZGeVFhbURDTTlCMUVZTDFSQkh4QlRJVS9YeVpVTHJoZ05HbE52VmNCbEc1UENINFo4c2pGTXRSNCtXRApkZC9Fb3d6eEI4eWlFQ0tsTVFQbEFBQUFHbkp2YjNSQWJHOWpZV3hvYjNOMExteHZZMkZzWkc5dFlXbHVBUUlECi0tLS0tRU5EIE9QRU5TU0ggUFJJVkFURSBLRVktLS0tLQo=

配置gitlab仓库webhook

webhook

ssh密钥

本地hexo环境生成静态文件,并推送到git

npm install hexo-deployer-git --save

deploy:
  type: git
  repo: <repository url> #https://bitbucket.org/JohnSmith/johnsmith.bitbucket.io
  branch: [branch]
  message: [message]

hexo g && hexo d

hexo d

注意!!!