DEV Community

Leon
Leon

Posted on

Deploying a simple portfolio with Argo Tunnels and containers for fun 🚀 - Part 2

Alright so now that I finally got done with part one of this blog post, here is part 2!

By now you should have Cloudflare Argo tunnel and Gitlab runner running.

$ podman ps
CONTAINER ID  IMAGE                                  COMMAND               CREATED     STATUS                PORTS       NAMES
31f46243cbe9  docker.io/gitlab/gitlab-runner:alpine  run --user=gitlab...  8 days ago  Up About an hour ago              gitlab-runner

$ systemctl --user status cloudflared
Loaded: loaded (/home/leon/.config/systemd/user/cloudflared.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2021-10-10 14:51:26 IST; 1h 8min ago
Enter fullscreen mode Exit fullscreen mode

For Gitlab CI/CD to work you need to add a .gitlab-ci.yml, in the root folder of your project This is like the main ingredient.

This is what my .gitlab-ci.yml looks like.

stages:
  - publish
  - deploy
variables:
  TAG_LATEST: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:latest
  TAG_COMMIT: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHORT_SHA
# Begin building the image
publish:
  image: quay.io/podman/stable:latest
  stage: publish
  tags:
    - publish
  script:
    - podman build -t $TAG_COMMIT -t $TAG_LATEST .
    - podman login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
    - podman  push $TAG_COMMIT
    - podman push $TAG_LATEST

# Deployment
deploy:
  image: alpine:latest
  stage: deploy
  tags:
    - deployment
  before_script:
    - apk update && apk add openssh-client
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - eval $(ssh-agent -s)
    - echo "${PK_KEY}" |tr -d '\r' | ssh-add -
    - ssh-keyscan $SERVER_IP

  script:
    - ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "podman login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY"
    - ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "podman pull $TAG_COMMIT"
    - ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "podman container rm -f $WEB_NAME || true"
    - ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "podman run -d -p 8080:80 --name $WEB_NAME $TAG_COMMIT"
  environment:
    name: production
    url: https://portfolio.afro-coder.com/
  # Run only on the main branch
  only:
    - main
Enter fullscreen mode Exit fullscreen mode

Now let us dive into some of the important variables here, these need to be defined in your Gitlab Repository(Individual repository) => Settings => CI/CD => Variables.

Make sure you mask the important and sensitive variables, and protect them so that they do not show up in your logs,
your username also needs to be longer than 4 chars to mask it and also meet their RegEx criteria

  • $SERVER_USER - SSH login for the user.
  • $SERVER_IP - The VM where you would run these containers
  • $WEB_NAME - Container name you would like to keep
  • $PK_KEY - Private key used to SSH to the server. You can use ssh-keygen to create a key and add the public key to your .ssh/authorized_keys file

Further documentation on the Gitlab Variables can be found here

Now go ahead and commit this file to your repository.

git add .gitlab-ci.yml
git commit -s -m "Added Gitlab CI"
git push -u
Enter fullscreen mode Exit fullscreen mode

If your gitlab CI/CD doesn't run after pushing it to the main branch re-check the branch name
and the tags you've given your runner, they should match the one in the .gitlab-ci.yml file

If your build goes successfully, you should see the following.

Photo of the pipeline running

Photo of the publish stage running

After the pipeline builds the container should be running on the host

$ podman ps
CONTAINER ID  IMAGE                                                     COMMAND               CREATED         STATUS             PORTS                 NAMES
31646243cbe9  docker.io/gitlab/gitlab-runner:alpine                     run --user=gitlab...  8 days ago      Up 16 minutes ago                        gitlab-runner-priv
4930b205caa1  registry.gitlab.com/leon9923/new-portfolio/main:c2054av4  httpd-foreground      15 minutes ago  Up 15 minutes ago  0.0.0.0:8080->80/tcp  portfolio.afro-coder.com
Enter fullscreen mode Exit fullscreen mode

And thats it, you now have a self-hosted rootless(But still insecure if not protected correctly.) gitlab CI/CD with podman and Argo Tunnels and it works!

My Portfolio website image

My next goal would be to create a custom executor for gitlab that uses podman without the docker interface altogether, thank you for reading!

Meme of chemistry cat saying Thank you!

Discussion (0)