Athens 代理私有仓库包
Athens 为你运行 Go 模块 提供服务。它可以为你提供公有和私有的代码,因此,你不需要直接从像 GitHub 或 GitLab 等版本控制系统(VCS)上拉取。
Athens 部署
docker 仓库上有相关容器可以直接下载
docker pull gomods/athens:latest
或者也可以向我一样下载代码自己构建
git clone https://github.com/gomods/athens.git
主要是看makefile里的代码怎么执行的,例如:
...
## 这边就知道这个项目怎么构建的
.PHONY: build
build: ## build the athens proxy
go build -ldflags="-w -s" -o ./cmd/proxy/proxy ./cmd/proxy
## 这边知道项目怎么制作镜像的
.PHONY: build-ver
build-ver: ## build the athens proxy with version number
GO111MODULE=on CGO_ENABLED=0 GOPROXY="https://proxy.golang.org" go build -ldflags "-s -w -X github.com/gomods/athens/pkg/build.version=$(VERSION) -X github.com/gomods/athens/pkg/build.buildDate=$(DATE)" -o athens ./cmd/proxy
## 这边知道本地怎么运行代码
.PHONY: run
run: ## run the athens proxy with dev configs
cd ./cmd/proxy && go run . -config_file ../../config.dev.toml
...
由于我们是公司内部使用需要上cicd,所以选择了镜像打包的方式实现的。
使用 athens 代理我们公司的 git 仓库的包需要几个配置文件
先定义 download.hcl 配置文件,主要功能就是代理 git 仓库,遇到 git.xxx.tech 的拉私有仓库
apiVersion: v1
data:
download.hcl: |-
# 默认全部 direct(不走外网直到 Nginx 解析)
downloadURL = "direct"
mode = "sync"
# 私有仓库(git.xxx.tech/*)走 direct,本地拉 Git 仓库
download "git.xxx.tech/*" {
mode = "sync"
downloadURL = "direct"
}
kind: ConfigMap
metadata:
name: download-387
namespace: microservice
配置 Athens 环境变量
apiVersion: v1
data:
ATHENS_DISK_STORAGE_ROOT: /var/lib/athens
ATHENS_DOWNLOAD_MODE: file:/root/download.hcl
ATHENS_GOGET_WORKERS: "100"
ATHENS_GONOSUM_PATTERNS: git.xxx.tech
ATHENS_NETRC_PATH: /root/.netrc
ATHENS_STORAGE_TYPE: disk
kind: ConfigMap
metadata:
name: env-387
namespace: microservice
配置 .netrc 配置,.netrc 就是登录 git 的账户密码
apiVersion: v1
data:
.netrc: |-
machine git.xxx.tech login xxxx xxxx
kind: ConfigMap
metadata:
name: netrc-387
namespace: microservice
有了 configmap 与 deployment 后可以部署到 k8s 中
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: devops-athens
name: devops-athens-sre-microservice
namespace: microservice
spec:
selector:
matchLabels:
app: devops-athens
template:
metadata:
labels:
app: devops-athens
spec:
containers:
- envFrom:
- configMapRef:
name: env-387
image: harbor.xxx.tech/devtron/devops-athens:eb65bc49-605-38056
imagePullPolicy: IfNotPresent
name: devops-athens
ports:
- containerPort: 3000
name: app
protocol: TCP
volumeMounts:
- mountPath: /root/.netrc
name: netrc-vol
subPath: .netrc
- mountPath: /root/download.hcl
name: download-vol
subPath: download.hcl
volumes:
- configMap:
defaultMode: 420
name: download-387
name: download-vol
- configMap:
defaultMode: 420
name: netrc-387
name: netrc-vol
在部署了 service 后,goproxy 配置成这个代理就可以下载私有仓库包
apiVersion: v1
kind: Service
metadata:
labels:
app: devops-athens
name: devops-athens-sre-microservice-service
namespace: microservice
spec:
ports:
- name: app
port: 3000
protocol: TCP
targetPort: app
selector:
app: devops-athens
type: NodePort
go env 要配置GONOSUMDB与GOPROXY
go env -w GONOSUMDB='git.xxx.tech'
go env -w GOPROXY="http://172.26.33.221:32405"
执行 go get 就可以下载
root@PC:~/microservice-go# go get git.xxx.tech/iot/xxx/go-core@v1.1.0
go: upgraded git.xxx.tech/iot/xxx/go-core v1.0.7 => v1.1.0
配置了 goproxy 为私有 athens 后,下载公共的包就会报错,这个时候可以选择一个 nginx 代理一下,把 athens 与国内社区代理配置上
default.conf: |
server {
listen 80;
server_name localhost;
# 1. 公网 Go 模块,全部走 goproxy.cn
location / {
proxy_pass https://goproxy.cn;
proxy_cache_valid 30d;
}
# 2. 私有模块(所有 git.xxx.tech/*)
location ~* ^/git\.xxx\.tech/ {
proxy_pass http://devops-athens-sre-microservice-service:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_valid 30d;
}
}