首页 > 其他分享 >基于k8s构建企业jenkins CICD(一)

基于k8s构建企业jenkins CICD(一)

时间:2023-03-02 18:32:35浏览次数:56  
标签:slave name CICD 192.168 usr jenkins docker k8s

介绍及准备工作

1.概述
  • 持续集成(Continuous Integration,CI):代码合并、构建、部署、测试都在一起,不断地执行这个过程,并对结果反馈。
  • 持续部署(Continuous Deployment,CD):部署到测试环境、预生产环境、生产环境。
  • 持续交付(Continuous Delivery,CD):将最终产品发布到生产环境给用户使用。

基于k8s构建企业jenkins CICD(一)_k8s

闭环流程

基于k8s构建企业jenkins CICD(一)_jenkins_02

引入k8s

基于k8s构建企业jenkins CICD(一)_jenkins_03

部署到k8s平台流程
  • 制作镜像
  • 容器放到pod
  • 控制器管理pod
  • 暴露应用
  • 对外发布应用
  • 日志管理/监控
2.准备工作
部署harbor和git
1、下载安装包
wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.1.tgz
2、解压
tar -zxvf harbor-offline-installer-v1.8.1.tgz
3、编辑配置文件
cd harbor
vim harbor.yaml
hostname = x.x.x.x (ip)
4、准备配置
./prepare
5、导入镜像并启动
./install.sh
6、查看容器状态
docker-compose ps
# 安装docker
1、安装依赖
yum install -y yum-utils device-mapper-persistent-data lvm2
2、添加源
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
3、安装
yum install docker-ce -y
4、配置加速器
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io
systemctl restart docker
systemctl enable docker
5、安装docker-compose
curl -L https://get.daocloud.io/docker/compose/releases/download/1.22.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
# 安装git
1、安装git
yum install git -y
2、创建git用户并设置密码
useradd git
passwd git
3、创建仓库
su - git
mkdir app-git
cd app-git
git --bare init
4、配置客户端与git服务器SSH免密交互
ssh-keygen # 一路回车
ssh-copy-id [email protected]
5、测试
git clone [email protected]:/home/
git add .
git commit -m "test"
git push origin master
k8s中部署jenkins

基于k8s构建企业jenkins CICD(一)_k8s_04

# nfs安装及挂载
1、安装nfs
yum install nfs-utils -y
2、设置共享暴露目录
vim /etc/exports
/nfs *(rw,no_root_squash)
3、启动服务
systemctl start nfs
4、客户端挂载
mount -t nfs 192.168.100.2:/nfs /mnt
构建jenkins-slave镜像
  • 构建镜像
Dockerfile:构建jenkins-slave镜像
jenkins-slave:shell脚本(需要加入可执行权限 chmod +x jenkins-slave),在镜像构建时需要用到。
slave.jar: 启动脚本

# Dockerfile
FROM ubuntu
ENV JAVA_HOME /usr/local/jdk
ENV MAVEN_HOME /usr/local/maven
ENV PATH=${JAVA_HOME}/bin:${MAVEN_HOME}/bin:$PATH

RUN apt-get update && \
apt-get install -y curl git libltdl-dev && \
apt-get clean all && \
mkdir -p /usr/share/jenkins

COPY slave.jar /usr/share/jenkins/slave.jar
COPY jenkins-slave /usr/bin/jenkins-slave
RUN chmod +x /usr/bin/jenkins-slave

ENTRYPOINT ["jenkins-slave"]

# centos版的
FROM centos:7

RUN yum install -y java-1.8.0-openjdk maven curl git libtool-ltdl-devel && \
yum clean all && \
rm -rf /var/cache/yum/* && \
mkdir -p /usr/share/jenkins

COPY slave.jar /usr/share/jenkins/slave.jar
COPY jenkins-slave /usr/bin/jenkins-slave
COPY settings.xml /etc/maven/settings.xml
RUN chmod +x /usr/bin/jenkins-slave

ENTRYPOINT ["jenkins-slave"]
  • 配置java的基础环境
配置 JDK和maven,把下载的二进制包解压放到如下目录
apache-maven-3.6.2-bin.tar.gz解压到的地址为 /usr/local/maven里面。
jdk-8u231-linux-x64.tar.gz解压到的地址为 /usr/local/jdk里面。
# 配置maven源,copy出maven的conf下的settings.xml文件
<mirror>
<id>central</id>
<mirrorOf>central</mirrorOf>
<name>aliyun maven</name>
<url>https://maven.aliyun.com/repository/public</url>
</mirror>
  • 构建镜像
docker build -t 192.168.100.2/ops/jenkins-slave .
  • 推送镜像
1、docker中添加harbor仓库ip,否则可能无法正常登录
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com"],
"insecure-registries": ["192.168.100.2"]
}
修改完重启下docker
2、登录harbor
docker login 192.168.100.2
docker push 192.168.100.2/ops/jenkins-slave

基于k8s构建企业jenkins CICD(一)_k8s_05

基于k8s构建企业jenkins CICD(一)_cicd_06

部署jenkins
jenkins-service-account.yml: jenkins的服务账号创建
jenkins.yml: 创建容器和service 服务得。进行可以访问。
Dockerfile: 主要用来生成 jenkins 镜像的。
registry-pull-secret.yaml:主要是用来部署时可以直接登录harbor仓库来拉取镜像(在部署jenkins需要用到)
# 构建镜像,并推送到harbor
docker build -t 192.168.100.2/ops/jenkins:lts-alpine .
docker push 192.168.100.2/ops/jenkins:lts-alpine
# 添加harbor登录信息
生成方式为: 可以在有登录的harbor 的node服务器上面执行以下命令生成认证信息
cat ~/.docker/config.json |base64 -w0 即可生成信息,然后替换registry-pull-secret.yaml里的.dockerconfigjson内容

基于k8s构建企业jenkins CICD(一)_k8s_07

# 依次执行yml文件
kubectl create -f jenkins-service-account.yml
# In GKE need to get RBAC permissions first with
# kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin [--user=<user-name>|--group=<group-name>]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: jenkins
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins

# registry-pull-secret.yaml
kubectl create -f registry-pull-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: registry-pull-secret
namespace: default
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjEwMC4yIjogewoJCQkiYXV0aCI6ICJZV1J0YVc0NmVIaDZlRUEzT0RrPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuMyAobGludXgpIgoJfQp9
type: kubernetes.io/dockerconfigjson

# jenkins.yml
kubectl create -f jenkins.yml
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-jenkins-pv
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
nfs:
path: /nfs/jenkins_home
server: 192.168.100.2

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-jenkins-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

---
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: jenkins
labels:
name: jenkins
spec:
serviceName: jenkins
replicas: 1
updateStrategy:
type: RollingUpdate
template:
metadata:
name: jenkins
labels:
name: jenkins
spec:
terminationGracePeriodSeconds: 10
serviceAccountName: jenkins
# imagePullSecrets:
# - name: registry-pull-secret
containers:
- name: jenkins
image: 192.168.100.2/ops/jenkins:lts-alpine
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
- containerPort: 50000
resources:
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 0.5
memory: 500Mi
env:
- name: LIMITS_MEMORY
valueFrom:
resourceFieldRef:
resource: limits.memory
divisor: 1Mi
- name: JAVA_OPTS
# value: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -XX:MaxRAMFraction=1 -XshowSettings:vm -Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85
value: -Xmx$(LIMITS_MEMORY)m -XshowSettings:vm -Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85
volumeMounts:
- name: jenkins-home
mountPath: /var/jenkins_home
livenessProbe:
httpGet:
path: /login
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /login
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 5
#securityContext:
# fsGroup: 1000
volumes:
- name: jenkins-home
persistentVolumeClaim:
claimName: nfs-jenkins-pvc

---
apiVersion: v1
kind: Service
metadata:
name: jenkins
annotations:
# ensure the client ip is propagated to avoid the invalid crumb issue (k8s <1.7)
# service.beta.kubernetes.io/external-traffic: OnlyLocal
spec:
#type: LoadBalancer
type: NodePort
selector:
name: jenkins
# k8s 1.7+
# externalTrafficPolicy: Local
ports:
-
name: http
port: 80
targetPort: 8080
protocol: TCP
nodePort: 30003
-
name: agent
port: 50000
protocol: TCP

基于k8s构建企业jenkins CICD(一)_cicd_08

基于k8s构建企业jenkins CICD(一)_k8s_09

基于k8s构建企业jenkins CICD(一)_jenkins_10

  • 访问
kubectl log jenkins-0   # 查看管理员密码
# 或者进入jenkins容器里查看

基于k8s构建企业jenkins CICD(一)_k8s_11



#私藏项目实操分享#

标签:slave,name,CICD,192.168,usr,jenkins,docker,k8s
From: https://blog.51cto.com/somethingshare/6096554

相关文章

  • jenkins部署微服务
    非容器发布步骤1.拉取代码2.编译各微服务模块3.发送微服务模块的jar包到目标机4.登录目标机启动各微服务模块对应jar包发布中的问题1.docker中的文件不能映射到宿主机问题:do......
  • 使用gitlab+jenkins实现本地推送到仓库并且自动更新到线上
    1、安装好gitlab服务(不详细介绍)2、安装好jenkins服务(不详细介绍)gitlab配置在gitlab上进入要操作的项目,在左边的菜单栏上找到这个配置,【设置-Webhooks】 网址:从jenki......
  • K8S 1.20 弃用 Docker 评估之 Docker 和 OCI 镜像格式的差别
    背景2020年12月初,Kubernetes在其最新的Changelog中宣布,自Kubernetes1.20之后将弃用Docker作为容器运行时。弃用Docker带来的,可能是一系列的改变,包括不限于:......
  • jenkins发布前端版本号统一优化
    jenkins发布前端版本号统一优化之前每周一坑提过,pc端和手机端发布版本号不一致的问题【https://www.cnblogs.com/windysai/p/16659881.html】,现在想统一起来。因......
  • k8s——pod控制器
    前言Pod是Kubernetes集群中能够被创建和管理的最小部署单元。所以需要有工具去操作和管理它们的生命周期,这里就需要用到控制器了。Pod控制器由master的kube-cont......
  • K8S中的pod控制器
    一、Pod控制器及其作用Pod控制器,又称之为工作负载(workload),是用于实现管理pod的中间层,确保pod资源符合预期的状态,pod的资源出现故障时,会尝试进行重启,当根据重启策略无效,则......
  • k8s-container unix:///run/crio/crio.sock unix:///var/run/cri-dockerd.sock
    crictlps报runtimeconnectusingdefaultendpoints:[unix:///var/run/dockershim.sockunix:///run/containerd/containerd.sockunix:///run/crio/crio.sockunix:///......
  • 不背锅运维:k8s调度之初探nodeSelector和nodeAffinity
    写在开篇在k8s的调度中,有强制性的nodeSelector,节点亲和性nodeAffinity、Pod亲和性podAffinity、pod反亲和性podAntiAffinity。本篇先对nodeSelector和nodeAffinity做个初......
  • Rancher Prime 为平台工程提供面向 K8s 的弹性能力
    作者简介张应罗,SUSE资深架构师,拥有16年架构咨询工作经验,专注于SUSEEnterpriseContainerManagement相关的产品落地方案及咨询方案设计。平台工程“DevOps已死,平台......
  • k8s通过sidecar模式收集pod的容器日志至ELK
    架构:已完成的部署1、ES集群及kibana部署​​https://blog.51cto.com/yht1990/6080981​​2、kafaka+zookeeper集群​​https://blog.51cto.com/yht1990/6081518​​准备side......