基于docker实现cicd中的问题记录
前言
所需中间件:gitlab、docker、docker-compose、jenkins、nexus3、k3s、kuborad。
细节可参考:http://www.xbhp.cn/news/37188.html
开始
gitlab和k3s搭建不在这里讲述。
nexus3
docker-compose.yml
version: "3"
services:
nexus:
image: sonatype/nexus3:latest
container_name: nexus
restart: always
ports:
- 8081:8081
- 5000:5000
volumes:
- /home/nexus/nexus-data:/nexus-data
- /etc/localtime:/etc/localtime
8081端口为nexus得后台管理页面端口、
5000端口为docker仓库得端口、
maven仓库
需要配置proxys、hosted、group
使用nexus3搭建docker仓库(也可使用harbor)
宿主机docker使用docker私库
宿主机docker仓库得配置问题。
/etc/docker
有则修改,没有则新建
daemon.json
{"storage-driver": "devicemapper","insecure-registries":["docker私库ip:5000"]}
jenkins部署
一定要赋予修改权限,不然挂载会失败,我们这里给最高权限。
chmod -R 777 jenkins_mount
docker-compose.yml
version: "3"
services:
jenkins:
image: jenkins/jenkins
privileged: true
restart: always
user: root
ports:
- 10240:8080
- 10241:50000
container_name: jenkins
volumes:
- /home/jenkins/jenkins_mount:/var/jenkins_home
- /etc/localtime:/etc/localtime
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker
- /etc/docker/daemon.json:/etc/docker/daemon.json
networks:
- nexus_default
networks:
nexus_default:
external:
name: nexus_default
使用nexus默认得网络,后面使用maven仓库或者docker仓库时可以直接使用容器得名称。解决一些未知得网络问题。
jenkins中maven如果要使用http得请求,要是有3.9.0以下得版本,本案例使用3.9.2也可以。
在jenkins的系统配置的ssh中添加k3s的ssh地址,账号密码、以及目标路径,注意当前用户的操作权限。
jenkins中的执行shell编写(后端)
#!/bin/bash
image_addr=192.168.10.122:5000
image_name=jeecg-cloud-mqtt
port=5201
image_provider=$image_addr/$image_name
MAVEN_HOME=/var/jenkins_home/apache-maven-3.9.2
BUILD_COMMAND="${MAVEN_HOME}/bin/mvn clean install -Dmaven.test.skip=true -f ./pom.xml"
${BUILD_COMMAND}
docker login 192.168.10.122:5000 -u docker -p rhein2023
version=test_$(date "+%Y%m%d_%H%M")
docker build -f ./$image_name/jeecg-cloud-mqtt-biz/Dockerfile -t $image_provider:$version ./$image_name/jeecg-cloud-mqtt-biz/target
docker push $image_provider:$version
docker rmi $image_provider:$version
work_home=$WORKSPACE/$image_name/k3s
mkdir -p $work_home
cd $work_home
touch $image_name.yaml
cat > $image_name.yaml<< EOF
apiVersion: v1
kind: Namespace
metadata:
name: hb-mes
---
apiVersion: v1
kind: Service
metadata:
name: $image_name
namespace: hb-mes
spec:
ports:
- port: $port
selector:
app: $image_name
tier: frontend
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: $image_name
namespace: hb-mes
spec:
selector:
matchLabels:
app: $image_name
tier: frontend
replicas: 1
template:
metadata:
labels:
app: $image_name
tier: frontend
spec:
imagePullSecrets:
- name: regcred
containers:
- name: $image_name
image: $image_provider:$version
imagePullPolicy: Always
ports:
- containerPort: $port
resources:
limits:
cpu: 400m
memory: 1536Mi
requests:
cpu: 200m
memory: 1Gi
EOF
jenkins中的执行shell编写(前端)
#!/bin/bash
image_addr=192.168.10.122:5000
image_name=jeecg-cloud-vue
image_provider=$image_addr/$image_name
port=8300
cd ./jeecg-cloud-vue
node -v
#npm install chromedriver --#chromedriver_cdnurl=http://cdn.npm.taobao.org/dist/chromedriver
npm install --registry https://registry.npm.taobao.org
#npm install
npm run build
#npm install -g yarn -registry=https://registry.npm.taobao.org
#yarn -v
#yarn config set ignore-engines true #此项目需要
#yarn config set registry "http://192.168.10.122:8081/repository/npm-public/"
#yarn install --pure-lockfile
#--pure-lockfile 这个参数是在服务器install不生成yarn.lock,防止服务器和本地代码冲突
#yarn run build
version=test_$(date "+%Y%m%d_%H%M")
echo hb/mes-vue版本:$version 正在发布...
docker login 192.168.10.122 -u docker -p rhein2023
echo ........正在执行:docker build -t $image_provider:$version .
docker build -t $image_provider:$version .
echo ........正在执行:docker push $image_provider:$version
docker push $image_provider:$version
docker rmi -f $image_provider:$version
work_home=$WORKSPACE/$image_name/k3s
mkdir -p $work_home
cd $work_home
touch $image_name.yaml
cat > $image_name.yaml<< EOF
apiVersion: v1
kind: Namespace
metadata:
name: hb-mes
---
apiVersion: v1
kind: Service
metadata:
name: $image_name
namespace: hb-mes
spec:
ports:
- port: $port
selector:
app: $image_name
tier: frontend
type: LoadBalancer
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: $image_name
namespace: hb-mes
spec:
selector:
matchLabels:
app: $image_name
tier: frontend
replicas: 1
template:
metadata:
labels:
app: $image_name
tier: frontend
spec:
imagePullSecrets:
- name: regcred
containers:
- name: $image_name
image: $image_provider:$version
imagePullPolicy: Always
ports:
- containerPort: $port
resources:
limits:
cpu: 300m
memory: 512Mi
requests:
cpu: 100m
memory: 512Mi
EOF
添加执行后操作,将yml推送到k3s主节点,执行k3s命令。注意:ssh登录用户是否有k3s命令的权限及是否需要sudo,可前往k3s主节点的路径:/etc/rancher/k3s,修改k3s.yaml操作权限。
k3s的配置
修改各个节点的docker仓库配置,方便实际中的使用,在路径:/etc/rancher/k3s下创建registries.yaml
mirrors:
"192.168.10.122:5000":
endpoint:
- "http://192.168.10.122:5000"
configs:
"192.168.10.122:5000":
auth:
username: docker
password: rhein2023
需要重启k3s生效
附:由于项目启动或资源未作限制,有可能导致整个k3s集群cpu或内存达到100%,导致集群宕机,可对k3s集群各个节点进行配置(重启生效):
路径:/etc/rancher/k3s
文件名称:config.yaml
文件内容:
kubelet-arg:
- "eviction-hard=memory.available<15%,nodefs.available<10%"
解析:当该节点可使用内存小于15%时,会将该节点的服务踢出至其他符合条件的节点。
kuborad
网上找案例,将k3s.yml导入到kuborad,即可管理k3s集群。
其他
maven的setting.xml配置文件
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<localRepository>C:\Users\administrato\.m2\repository</localRepository>
<servers>
<server>
<id>maven-releases</id>
<username>admin</username>
<password>rhein2023</password>
</server>
<server>
<id>maven-snapshots</id>
<username>admin</username>
<password>rhein2023</password>
</server>
</servers>
<mirrors>
<mirror>
<id>ManaphyMirror</id>
<mirrorOf>central</mirrorOf>
<name>Manaphy Repository Mirror.</name>
<url>http://192.168.10.122:8081/repository/maven-public/</url>
</mirror>
</mirrors>
<profiles>
<!-- java编译插件,配jdk的编译版本-->
<profile>
<id>jdk-1.8</id>
<activation>
<activeByDefault>true</activeByDefault>
<jdk>1.8</jdk>
</activation>
<properties>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<maven.compiler.compilerVersion>1.8</maven.compiler.compilerVersion>
</properties>
</profile>
<!-- 自定义私服的配置 -->
<profile>
<id>Manaphy</id>
<repositories>
<repository>
<id>nexus</id>
<name>Public Repositories</name>
<url>http://192.168.10.122:8081/repository/maven-public/</url>
<releases>
<enabled>true</enabled>
</releases>
</repository>
<repository>
<id>maven-central</id>
<name>Central Repositories</name>
<url>http://192.168.10.122:8081/repository/maven-central/</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
<repository>
<id>maven-releases</id>
<name>Release Repositories</name>
<url>http://192.168.10.122:8081/repository/maven-releases/</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
<repository>
<id>maven-snapshots</id>
<name>Snapshot Repositories</name>
<url>http://192.168.10.122:8081/repository/maven-snapshots/</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>plugins</id>
<name>Plugin Repositories</name>
<url>http://192.168.10.122:8081/repository/maven-public/</url>
</pluginRepository>
</pluginRepositories>
</profile>
</profiles>
<!-- 激活Profiles
| 为所有生成激活的配置文件的列表。
|-->
<activeProfiles>
<activeProfile>jdk-1.8</activeProfile>
<activeProfile>Manaphy</activeProfile>
</activeProfiles>
</settings>
私包发布
需要在pom中添加:
<distributionManagement>
<repository>
<id>maven-releases</id><!--此处的id要和settings.xml中server记录用户名和密码那一条记录对应的id保持一致-->
<name>Nexus Release Repository</name>
<url>http://192.168.10.122:8081/repository/maven-releases/</url>
</repository>
<snapshotRepository>
<id>maven-snapshots</id><!--此处的id要和settings.xml中server记录用户名和密码那一条记录对应的id保持一致-->
<name>Nexus Snapshot Repository</name>
<url>http://192.168.10.122:8081/repository/maven-snapshots/</url>
</snapshotRepository>
</distributionManagement>