使用 Gitlab 作为代码仓库 & 使用 Harbor 作为镜像仓库
#harbor
# tar zxvf harbor-offline-installer-v2.0.0.tgz
# cd harbor
# cp harbor.yml.tmpl harbor.yml
# vi harbor.yml
hostname: 192.168.0.90
https: # 先注释https相关配置
harbor_admin_password: Harbor12345
# ./prepare
# mv docker-compose-Linux-x86_64 /usr/local/bin/docker-compose
# chmod +x /usr/local/bin/docker-compose
# ./install.sh
# docker-compose ps
#Gitlab
mkdir /opt/gitlab
GITLAB_HOME=/opt/gitlab # 数据持久化目录
docker run --detach \
--hostname gitlab.aliangedu.cn \
--publish 443:443 \
--publish 88:80 \
--publish 2222:22 \
--name gitlab \
--restart always \
--volume $GITLAB_HOME/config:/etc/gitlab \
--volume $GITLAB_HOME/logs:/var/log/gitlab \
--volume $GITLAB_HOME/data:/var/opt/gitlab \
gitlab/gitlab-ce:13.12.5-ce.0
新建一个项目
#推送项目原代码文件夹到gitlab
cd java-demo
git init
git remote add origin http://192.168.0.90:88/root/java-demo.git
git add .
git config --global user.email "checkjiji@example.com"
git config --global user.name "checkjiji"
git commit -m "Initial commit"
git push -u origin master #输入gitlab的用户名密码
#刷新gitlab显示
# 部署Jenkins
这里使用NFS做持久存储动态创建PV
yum install nfs-utils -y #全部机器
kubectl apply -f rbac.yaml # 授权访问apiserver
kubectl apply -f deployment.yaml # 部署插件,需修改里面NFS服务器地址与共享目录
# deployment.yaml 这里只需要把ip改成NFS服务器ip
class.yaml # 创建存储类NFS
#mount -t nfs 192.168.0.90:/ifs/kubernetes /mnt mount测试
#kubectl -f Jenkins.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: ops
labels:
name: jenkins
spec:
replicas: 1
selector:
matchLabels:
name: jenkins
template:
metadata:
name: jenkins
labels:
name: jenkins
spec:
serviceAccountName: jenkins
containers:
- name: jenkins
image: jenkins/jenkins
ports:
- containerPort: 8080
- containerPort: 50000
resources:
limits:
cpu: 1.5
memory: 2Gi
requests:
cpu: 1
memory: 1Gi
volumeMounts:
- name: jenkins-home
mountPath: /var/jenkins_home
securityContext:
fsGroup: 1000
volumes:
- name: jenkins-home
persistentVolumeClaim:
claimName: jenkins
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins
namespace: ops
spec:
storageClassName: "managed-nfs-storage"
accessModes:
- ReadWriteMany
resources:
requests:
storage: 5Gi
#kubectl apply -f rbac.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
namespace: ops
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: jenkins
namespace: ops
rules:
- apiGroups: [""]
resources: ["pods","events"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets","events"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins
namespace: ops
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
#kubectl apply -f service.yaml
apiVersion: v1
kind: Service
metadata:
name: jenkins
namespace: ops
spec:
selector:
name: jenkins
type: NodePort
ports:
- name: http
port: 80
targetPort: 8080
protocol: TCP
nodePort: 30008
- name: agent
port: 50000
protocol: TCP
kubectl logs -n ops jenkins-7f96594c55-4c8nz #查询出Jenkins的密码
管理Jenkins->系统配置-->管理插件-->分别搜索Git Parameter/Git/Pipeline/kubernetes/Config File Provider,选中点击安装。
Git Parameter:Git参数化构建
Git:拉取代码
Pipeline:流水线
kubernetes:连接Kubernetes动态创建Slave代理
Config File Provider:存储kubectl用于连接k8s集群的kubeconfig配置文件
添加kubernetes集群
管理Jenkins->Manage Nodes and Clouds->configureClouds->Add
输入https://kubernetes.default 点击测试
#配置Jenkins名称和名称空间
[root@k8s-master jenkins-slave]# ls
Dockerfile jenkins-slave kubectl settings.xml slave.jar #做个标记后续传。
#测试 Jenkins主从架构:测试主从架构是否正常
pipeline {
agent {
kubernetes {
label "jenkins-slave"
yaml '''
apiVersion: v1
kind: Pod
metadata:
name: jenkins-slave
spec:
containers:
- name: jnlp
image: "192.168.0.90/library/jenkins-slave-jdk:1.8"
'''
}
}
stages {
stage('Main'){
steps {
sh 'hostname'
}
}
}
}
#配置Jenkins自动拉取demo项目代码1
#配置Jenkins自动拉取demo项目代码2
配置好后按 配置1图选择 id,之后可以创建拉取代码块。了解方法即可,后面上传完整Jenkinsfile。
创建一个Jenkins-slave容器运行时允许调用kubectl的文件,没有这个工具可以在插件模块添加进来。
#jenkinsfile
jenkinsfile
// 公共
def registry = "192.168.0.90"
// 项目
def project = "demo"
def app_name = "java-demo"
def image_name = "${registry}/${project}/${app_name}:${BUILD_NUMBER}"
def git_address = "http://192.168.0.90:88/root/java-demo.git"
// 认证
def secret_name = "registry-auth"
def harbor_auth = "5714638c-98e4-4d1b-8d61-ad8c0f33da4a"
def git_auth = "733ed482-66f5-4040-92e8-508c542549b5"
def k8s_auth = "524457d9-eec0-48dd-a551-f81947bd3ede"
pipeline {
agent {
kubernetes {
label "jenkins-slave"
yaml """
kind: Pod
metadata:
name: jenkins-slave
spec:
containers:
- name: jnlp
image: "${registry}/library/jenkins-slave-jdk:1.8"
imagePullPolicy: Always
volumeMounts:
- name: docker-cmd
mountPath: /usr/bin/docker
- name: docker-sock
mountPath: /var/run/docker.sock
- name: maven-cache
mountPath: /root/.m2
volumes:
- name: docker-cmd
hostPath:
path: /usr/bin/docker
- name: docker-sock
hostPath:
path: /var/run/docker.sock
- name: maven-cache
hostPath:
path: /tmp/m2
"""
}
}
parameters {
gitParameter branch: '', branchFilter: '.*', defaultValue: 'master', description: '选择发布的分支', name: 'Branch', quickFilterEnabled: false, selectedValue: 'NONE', sortMode: 'NONE', tagFilter: '*', type: 'PT_BRANCH'
choice (choices: ['1', '3', '5', '7'], description: '副本数', name: 'ReplicaCount')
choice (choices: ['dev','test','prod'], description: '命名空间', name: 'Namespace')
}
stages {
stage('拉取代码'){
steps {
checkout([$class: 'GitSCM',
branches: [[name: "${params.Branch}"]],
doGenerateSubmoduleConfigurations: false,
extensions: [], submoduleCfg: [],
userRemoteConfigs: [[credentialsId: "${git_auth}", url: "${git_address}"]]
])
}
}
stage('代码编译'){
steps {
sh """
mvn clean package -Dmaven.test.skip=true
"""
}
}
stage('构建镜像'){
steps {
withCredentials([usernamePassword(credentialsId: "${harbor_auth}", passwordVariable: 'password', usernameVariable: 'username')]) {
sh """
unzip target/*.war -d target/ROOT
echo '
FROM lizhenliang/tomcat
LABEL maitainer lizhenliang
ADD target/ROOT /usr/local/tomcat/webapps/ROOT
' > Dockerfile
docker build -t ${image_name} .
docker login -u ${username} -p '${password}' ${registry}
docker push ${image_name}
"""
}
}
}
stage('部署到K8S平台'){
steps {
configFileProvider([configFile(fileId: "${k8s_auth}", targetLocation: "admin.kubeconfig")]){
sh """
sed -i 's#IMAGE_NAME#${image_name}#' deploy.yaml
sed -i 's#SECRET_NAME#${secret_name}#' deploy.yaml
sed -i 's#REPLICAS#${ReplicaCount}#' deploy.yaml
sed -i 's#NAMESPACE#${Namespace}#' deploy.yaml
kubectl apply -f deploy.yaml --kubeconfig=admin.kubeconfig
"""
}
}
}
}
}
deploy.yaml 需要放在项目根目录下 。
apiVersion: apps/v1
kind: Deployment
metadata:
name: java-demo
namespace: NAMESPACE
spec:
replicas: REPLICAS
selector:
matchLabels:
project: demo
app: java
strategy: {}
template:
metadata:
labels:
project: demo
app: java
spec:
imagePullSecrets:
- name: SECRET_NAME
containers:
- image: IMAGE_NAME
name: web
resources:
requests:
cpu: 0.4
memory: 400Mi
limits:
cpu: 0.5
memory: 500Mi
livenessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
---
apiVersion: v1
kind: Service
metadata:
name: java-demo
namespace: NAMESPACE
spec:
ports:
- protocol: TCP
port: 80
targetPort: 8080
selector:
project: demo
app: java
type: NodePort
最终效果,