wooo/ewoooc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dev
ewoooc/docs/REGISTRY_DEPLOYMENT_CHECKLIST.md
ogt 1b4f3a7bbe
Some checks failed
CD Pipeline / deploy (push) Failing after 59s
Details
feat: EwoooC 初始化 — 完整專案推版至 Gitea 
- 建立 Gitea Actions CD pipeline (.gitea/workflows/cd.yaml)
- 部署模式: rsync Python 檔案至 188 → docker restart (volume mount)
- Dockerfile/requirements 變動時自動重建 Docker image
- 部署通知: Telegram (開始/成功/失敗)
- 健康檢查: https://mo.wooo.work/health (最多 5 次重試)
- 同步最新 CLAUDE.md / ADR-008 / memory (2026-04-19)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-19 01:21:13 +08:00

239 lines
5.6 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Docker Registry CI/CD 部署檢查清單
## 概述
本文檔記錄從 Harbor 遷移到自建 Docker Registry 的完整部署流程和檢查清單。
---
## 架構變更總覽
### 之前 (Harbor)
```
GitLab CI → Docker Build → Push to Harbor (192.168.0.110:5050) → K8s Pull
```
### 之後 (Docker Registry)
```
GitLab CI → Docker Build → Push to Registry (registry.wooo.work) → K8s Pull (UAT)
→ SCP + Import (GCP)
```
---
## 部署檢查清單
### 1. UAT 環境準備
#### 1.1 Docker Registry 部署
- [ ] 安裝 Docker Registry
```bash
cd /home/wooo/registry
docker compose up -d
```
- [ ] 確認 Registry 運行中
```bash
curl http://127.0.0.1:5000/v2/
# 應返回 {}
```
#### 1.2 Nginx 反向代理
- [ ] 複製 Nginx 配置
```bash
sudo cp config/nginx/sites-available/registry /etc/nginx/sites-available/
sudo ln -sf /etc/nginx/sites-available/registry /etc/nginx/sites-enabled/
```
- [ ] 建立 htpasswd 認證
```bash
sudo htpasswd -Bbn admin Wooo_Registry_2026 > /etc/nginx/conf.d/.htpasswd
```
- [ ] 申請 SSL 證書
```bash
sudo certbot certonly --webroot -w /var/www/certbot -d registry.wooo.work
```
- [ ] 重載 Nginx
```bash
sudo nginx -t && sudo systemctl reload nginx
```
#### 1.3 驗證外部連線
- [ ] 測試 HTTPS 連線
```bash
curl -I https://registry.wooo.work/v2/
# 應返回 401 (需要認證)
```
- [ ] 測試 Docker 登入
```bash
docker login registry.wooo.work -u admin
```
### 2. GitLab CI/CD 設定
#### 2.1 設定 CI/CD 變數
- [ ] 進入 GitLab > 專案 > Settings > CI/CD > Variables
- [ ] 新增以下變數:
- `REGISTRY_USER`: `admin`
- `REGISTRY_PASSWORD`: `Wooo_Registry_2026` (設為 Protected & Masked)
- `UAT_SSH_PRIVATE_KEY`: UAT SSH 私鑰 (設為 Protected)
- `GCP_SSH_PRIVATE_KEY`: GCP SSH 私鑰 (設為 Protected)
- `TELEGRAM_BOT_TOKEN`: Telegram Bot Token
- `TELEGRAM_CHAT_ID`: Telegram Chat ID
#### 2.2 更新 .gitlab-ci.yml
- [ ] 確認已更新為新的 CI/CD 配置
- [ ] 移除所有 Harbor 引用
### 3. K8s 設定
#### 3.1 建立 Registry Secret
```bash
kubectl delete secret registry-secret -n momo 2>/dev/null || true
kubectl create secret docker-registry registry-secret \
--docker-server=registry.wooo.work \
--docker-username=admin \
--docker-password=Wooo_Registry_2026 \
-n momo
```
#### 3.2 套用 K8s 配置
```bash
kubectl apply -f k8s/04-momo-app.yaml
kubectl apply -f k8s/05-scheduler.yaml
```
### 4. 測試 CI/CD 流程
#### 4.1 觸發測試部署
```bash
git add .
git commit -m "test: 測試新 CI/CD 流程"
git push gitlab main
```
#### 4.2 驗證部署結果
- [ ] GitLab Pipeline 全部成功 (test, build, deploy-uat)
- [ ] Telegram 收到部署通知
- [ ] 檢查 K8s Pod 狀態
```bash
kubectl get pods -n momo
```
- [ ] 健康檢查通過
```bash
curl https://mo.wooo.work/health
```
### 5. GCP 部署
#### 5.1 手動觸發 GCP 部署
- 在 GitLab UI 點擊 `deploy-gcp` 手動執行
#### 5.2 或使用本地部署腳本
```bash
# SSH 到 GCP
ssh wooo@35.194.233.141
cd ~/momo-pro-system
./k8s/gcp/deploy.sh --full
```
#### 5.3 驗證 GCP 部署
```bash
curl https://momo.wooo.work/health
```
---
## 驗證腳本
執行完整驗證:
```bash
./scripts/verify-registry-cicd.sh
```
---
## 快速回滾
如果新 CI/CD 有問題,可以暫時回滾:
### 回滾 K8s 到舊版本
```bash
kubectl rollout undo deployment/momo-app -n momo
kubectl rollout undo deployment/momo-scheduler -n momo
```
### 手動構建並部署(繞過 CI/CD
```bash
# 本地構建
docker build -t momo-pro-system:latest .
# 傳輸到 UAT
docker save momo-pro-system:latest | ssh wooo@192.168.0.110 'sudo k3s ctr images import -'
# 重啟
ssh wooo@192.168.0.110 'kubectl rollout restart deployment/momo-app deployment/momo-scheduler -n momo'
```
---
## 變更記錄
### 新增檔案
- `docker/registry/docker-compose.yml` - Registry 服務配置
- `docker/registry/config.yml` - Registry 內部配置
- `docker/registry/setup.sh` - Registry 安裝腳本
- `config/nginx/sites-available/registry` - Nginx 配置
- `deploy/lib/registry.sh` - Registry 管理函數庫
- `scripts/registry_health_monitor.sh` - Registry 健康監控
- `scripts/verify-registry-cicd.sh` - CI/CD 驗證腳本
- `k8s/gcp/` - GCP 專用 K8s 配置
### 修改檔案
- `.gitlab-ci.yml` - 完全重寫,使用 Docker Registry
- `k8s/04-momo-app.yaml` - 映像來源改為 Registry
- `k8s/05-scheduler.yaml` - 映像來源改為 Registry
- `docker-compose.yml` - 映像來源改為 Registry
- `CLAUDE.md` - 文檔更新,移除 Harbor 引用
### 刪除檔案
- `deploy/lib/harbor.sh` - 已被 registry.sh 取代
- `scripts/harbor_health_monitor.sh` - 已被 registry_health_monitor.sh 取代
---
## 常見問題
### Q: Registry 無法存取
**A**: 檢查以下項目:
1. Docker Registry 容器是否運行 (`docker ps | grep registry`)
2. Nginx 是否正確代理 (`nginx -t`)
3. SSL 證書是否有效 (`certbot certificates`)
### Q: K8s 映像拉取失敗
**A**: 檢查 Registry Secret
```bash
kubectl get secret registry-secret -n momo -o yaml
kubectl describe pod <pod-name> -n momo
```
### Q: GCP 部署失敗
**A**: 使用本地映像推送方式:
```bash
# 本地構建
docker build -t momo-pro-system:latest .
docker save momo-pro-system:latest | gzip > /tmp/momo.tar.gz
# SCP 傳輸
scp /tmp/momo.tar.gz wooo@35.194.233.141:/tmp/
# SSH 匯入
ssh wooo@35.194.233.141 'gunzip -c /tmp/momo.tar.gz | sudo k3s ctr images import -'
```
---
## 聯絡資訊
如有問題,請聯繫:
- Telegram: @wooowooowooobot (Chat ID: 5619078117)
- GitLab Issues: http://192.168.0.110:8929/root/momo-pro-system/-/issues
Reference in New Issue View Git Blame Copy Permalink