构建cicd流程线实践
jienkins官方文档
gojenkins接口包文档
gojenkins源码库
痛点
1、一键查看所有pod日志
2、启动后不知道什么原因服务不可用、三方镜像命令都没有
开发功能:
- 空间列表、node列表、deployment及其关联svc、rc、rs、pod 列表 、网络ip endpoint 端口对应关系、点击可访问
- 构建环境
- svc
- pod
- 基础镜像
- build yaml文件
- 发布代码分支
- 新建变更、拉新分支
- 开发环境拉取分支
- 构建镜像
- 启动deployment
- 合并分支
- 构建发布镜像
流水线
gojenkins
修改为python 读取配置变量
变量数据源 data.json
{“branch”:“feature/xx_xx_xx_xx”}
import os
import json
import datetime
import traceback
BASE_DIR = '/home/app/tmp/cicd/code/jenkins_app_code'
def readJson(fileName):
with open(fileName, 'r') as f:
data = json.load(f)
return data
def run():
try:
log_file = f'{BASE_DIR}/jenkins.log'
data_file = f'{BASE_DIR}/data.json'
data = readJson(data_file)
branch = data.get('branch','')
cmd = '''
cd /home/app/tmp/cicd/code/jenkins_app_code &&
rm -fr /home/app/tmp/cicd/code/jenkins_app_code/SkyEyeSystem
'''
out = os.popen(cmd).read()
print(datetime.datetime.now())
print('删除分支',out)
cmd = '''
cd /home/app/tmp/cicd/code/jenkins_app_code &&
git clone http://name:pass@xx.com/app.git
'''
out = os.popen(cmd).read()
print(datetime.datetime.now())
print('拉取代码库',out)
cmd = '''
cd /home/app/tmp/cicd/code/jenkins_app_code/appdir &&
git checkout %s
'''%(branch)
out = os.popen(cmd).read()
print(datetime.datetime.now())
print(f'切换分支:{branch}',out)
cmd = '''
cd /home/app/tmp/cicd/code/jenkins_app_code &&
docker build -t app:vtest -f Dockerfile-jenkins .
'''
out = os.popen(cmd).read()
print(datetime.datetime.now())
print('构建镜像完成',out)
except Exception:
print(traceback.format_exc())
if __name__ == "__main__":
run()
api url
http://127.0.0.1:3000/api/jenkins/buildStatus/jobName/tianyan/buildId/9
"SUCCESS"
http://127.0.0.1:3000/api/jenkins/buildJob/jobName/tianyan
17
http://127.0.0.1:3000/api/jenkins/getBuildList/jobName/tianyan
[
{
Number: 9,
URL: "http://11.164.62.250:31837/job/tianyan/9/"
},
{
Number: 8,
URL: "http://11.164.62.250:31837/job/tianyan/8/"
},
]
http://127.0.0.1:3000/api/jenkins/getJob
[
{
_class: "org.jenkinsci.plugins.workflow.job.WorkflowJob",
name: "tianyan",
url: "http://11.164.62.250:31837/job/tianyan/",
color: "blue"
}
]
pipline
先配置 sshPub 远程主机
pipeline { //整体定义
agent any //指定机器
stages { //步骤
stage('拉取代码') { //每一阶段的名称
steps {
sshPublisher(publishers: [sshPublisherDesc(configName: 'dev', transfers: [sshTransfer(cleanRemote: false, excludes: '', execCommand: 'sh /home/tianyan/tmp/cicd/code/jenkins_app_code/jenkins_run.sh', execTimeout: 120000, flatten: false, makeEmptyDirs: false, noDefaultExcludes: false, patternSeparator: '[, ]+', remoteDirectory: '', remoteDirectorySDF: false, removePrefix: '', sourceFiles: '')], usePromotionTimestamp: false, useWorkspaceInPromotion: false, verbose: false)])
echo '拉取成功'
}
}
stage('执行构建') { //每一阶段的名称
steps {
echo '构建完成'
}
}
}
}
jenkins_ru.sh
#cat jenkins_run.sh
# sh jenkins_run.sh feature/xx_xx_xx分支
echo "开始构建" > /home/app/tmp/cicd/code/jenkins_tianyan_code/jenkins.log
cd /home/app/tmp/cicd/code/jenkins_tianyan_code
rm -fr /home/app/tmp/cicd/code/jenkins_tianyan_code/SkyEyeSystem
echo "删除代码路径" >> /home/app/tmp/cicd/code/jenkins_app_code/jenkins.log
git clone http://name:pass%2F0yes@gitlab.app.com/app.git
echo "拉取代码完成" >> /home/app/tmp/cicd/code/jenkins_app_code/jenkins.log
cd /home/app/tmp/cicd/code/jenkins_app_code/SkyEyeSystem
git checkout $1
echo "切换分支完成 $1" >> /home/app/tmp/cicd/code/jenkins_app_code/jenkins.log
echo "开始构建镜像" >> /home/app/tmp/cicd/code/jenkins_app_code/jenkins.log
cd /home/app/tmp/cicd/code/jenkins_app_code
docker build -t app:vtest -f Dockerfile-jenkins .
echo "构建镜像完成" >> /home/app/tmp/cicd/code/jenkins_app_code/jenkins.log
Dockerfile
Dockerfile-jenkins
FROM app:v1
ADD ./xxxx /home/app
go
- jenkins 接口
router/router.go
package router
import (
"gin-client-go/pkg/apis"
"github.com/gin-gonic/gin"
)
func InitRouter(r *gin.Engine) {
r.GET("/ping", apis.Ping)
r.GET("/api/namespaces", apis.GetNamespaces)
r.GET("/api/nodes", apis.GetNode)
r.GET("/api/namespace/:namespaceName/pods", apis.GetPods)
r.GET("/api/namespace/:namespaceName/pod/:podName/delete", apis.DeletePod)
r.GET("/namespace/:namespaceName/pod/:podName/container/:container", apis.ExecContainer)
r.GET("/msg", func(c *gin.Context) { apis.Msg(c.Writer, c.Request) })
r.GET("/api/cicd", apis.GetGitLab)
r.GET("/api/jenkins/getJob", apis.GetJob)
r.GET("/api/jenkins/getBuildList/jobName/:jobName", apis.GetBuildList)
r.GET("/api/jenkins/buildJob/jobName/:jobName", apis.BuildJob)
r.GET("/api/jenkins/buildStatus/jobName/:jobName/buildId/:buildId", apis.BuildStatus)
}
apis/jenkins.go
package apis
import (
"gin-client-go/pkg/service/cicd"
"github.com/gin-gonic/gin"
"net/http"
"strconv"
)
func GetJob(c *gin.Context) {
data, err := service.GetJob()
if err != nil {
c.JSON(http.StatusInternalServerError, err.Error())
}
c.JSON(http.StatusOK, data)
}
func BuildJob(c *gin.Context) {
jobName := c.Param("jobName")
data, err := service.BuildJob(jobName)
if err != nil {
c.JSON(http.StatusInternalServerError, err.Error())
}
c.JSON(http.StatusOK, data)
}
func GetBuildList(c *gin.Context) {
jobName := c.Param("jobName")
data, err := service.GetBuildList(jobName)
if err != nil {
c.JSON(http.StatusInternalServerError, err.Error())
}
c.JSON(http.StatusOK, data)
}
func BuildStatus(c *gin.Context) {
id := c.Param("buildId")
buidId, err := strconv.ParseInt(id, 10, 64)
jobName := c.Param("jobName")
data, err := service.BuidStatus(jobName, buidId)
if err != nil {
c.JSON(http.StatusInternalServerError, err.Error())
}
c.JSON(http.StatusOK, data)
}
service/cicd/jenkins.go
package service
import (
"context"
"github.com/bndr/gojenkins"
"k8s.io/klog/v2"
)
type Job struct {
Name string
Url string
}
func getJenkins() *gojenkins.Jenkins {
jenkins := gojenkins.CreateJenkins(nil, "http://xx.xx.xx.250:31837", "阿德民", "123456")
return jenkins
}
func GetJob() (any, error) {
ctx := context.Background()
jenkins := getJenkins()
klog.Info("jenkins", jenkins)
_, err := jenkins.Init(ctx)
jobs, err := jenkins.GetAllJobNames(ctx)
if err != nil {
klog.Info(err)
}
queueid, err := jenkins.BuildJob(ctx, "app", nil)
if err != nil {
klog.Info(err)
}
klog.Info("queueid:", queueid)
return jobs, err
}
func BuildJob(jobName string) (int64, error) {
ctx := context.Background()
jenkins := getJenkins()
_, err := jenkins.Init(ctx)
//jobName := "xxxx"
queueid, err := jenkins.BuildJob(ctx, jobName, nil)
if err != nil {
klog.Info(err)
}
klog.Info("queueid:", queueid)
return queueid, err
}
func GetBuildList(jobName string) (any, error) {
ctx := context.Background()
jenkins := getJenkins()
_, err := jenkins.Init(ctx)
builds, err := jenkins.GetAllBuildIds(ctx, jobName)
if err != nil {
klog.Info(err, builds)
}
return builds, err
}
func BuidStatus(jobName string, buildId int64) (any, error) {
ctx := context.Background()
jenkins := getJenkins()
_, err := jenkins.Init(ctx)
//buildId :=
build, err := jenkins.GetBuild(ctx, jobName, buildId)
klog.Info("jobName:", jobName, " buildId:", buildId)
if err != nil {
klog.Info(err)
}
data := build.GetResult()
return data, err
}
jenkins pod
- 启动异常 pod status 状态 RunContainerError
- 使用/bin/sh 启动端口没有启动 ,查找hub官网,确认启动命令
- 采用docker启动
- 构建镜像java1.11
docker run -d -uroot -p 8002:8080 -p 8003:50000 --name jenkins
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins-deployment
spec:
selector:
matchLabels:
app: jenkins
replicas: 1
template:
metadata:
labels:
app: jenkins
spec:
nodeName: xxx.xxx
containers:
- name: jenkins
image: jenkins:v1
command: ["/usr/sbin/init"]
securityContext:
privileged: true
lifecycle:
postStart:
exec:
command: ['/bin/sh','-c','systemctl start jenkins']
ports:
- containerPort: 8080
- containerPort: 50000
volumeMounts:
- name: vol
#mountPath: /var/jenkins_home
mountPath: /var/lib/jenkins
#mountPath: /mnt
volumes:
- name: vol
nfs:
path: /home/app/tmp/cicd/work_dir/jenkins_centos
server: xx.xx.xx.xx
nfs
- yum install -y nfs-utils rpcbind
- sudo systemctl enable rpcbind
- sudo systemctl enable nfs
Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service. - sudo systemctl start rpcbind
- sudo systemctl start nfs
- vi /etc/exports
/home/app/tmp/ *(rw,sync,no_root_squash,no_all_squash)
- systemctl restart nfs
#showmount -e localhost
Export list for localhost:
/home/app/tmp *
- 客户端配置
yum install -y nfs-utils rpcbind
systemctl enable rpcbind
systemctl start rpcbind
showmount -e xx.xx.xx.xx
推送镜像
- 克隆镜像 docker tag app:v20221207 127.0.0.1:5000/app:v20221207
- 上传镜像 docker push 127.0.0.1:5000/app:v20221207
- 添加镜像源 vi /etc/docker/daemon.json
- “insecure-registries”:[“127.0.0.1:5000”]
- 查询镜像 curl -XGET http://127.0.0.1:5000/v2/_catalog
启动 deployment
- 启动脚本 run.sh
echo 1 > /home/xxx/run.log
cd /home/tianyan
echo 2 >> /home/xxx/run.log
echo "xx.xx.xx.xx xx.net" >> /etc/hosts
echo "xx.xx.xx.xx xxx.net" >> /etc/hosts
echo 3 >> /home/xx/run.log
APP_ENV=dev python manage.py runserver 0.0.0.0:80 >> run.log 2>&1
- app_deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: app-deployment
spec:
selector:
matchLabels:
app: app
replicas: 1 # tells deployment to run 2 pods matching the template
template:
metadata:
labels:
app: app
spec:
nodeName: hostname
containers:
- name: app
image: app:v1
command: ["/usr/sbin/init"] # 初始化
securityContext:
privileged: true # 打开特权模式 systemctl
lifecycle:
postStart:
exec:
command: ['/bin/sh','-c','/home/xx/run.sh &']
ports:
- containerPort: 80
- containerPort: 22
volumeMounts:
- name: vol
mountPath: /home/xx
volumes:
- name: vol
hostPath:
path: /home/xx/code
- app_service.yaml
apiVersion: v1
kind: Service
metadata:
name: app
spec:
type: NodePort
ports:
- name: web
port: 9080
targetPort: 80
- name: ssh
port: 9022
targetPort: 22
selector:
app: app
kubectl get pod
app-deployment-xx-xx 0/1 Terminating 0 93m # Terminating pod 退出
app-deployment-xx-xx 0/1 Terminating 0 65m
app-deployment-xx-xx 1/1 Running 0 6m4s
app-deployment-xx-xx 0/1 Terminating 0 28m
网络
抓包分析
- tcpdump -nn -q -i eth0 port 80