构建docker镜像
jenkins插件管理安装:docker-build
jenkins安装了docker
配置docke builder
添加
unix:///var/run/docker.sock
root@ubuntu20:~# usermod -G docker jenkins
测试失败
修改docker中service文件添加
-H tcp://0.0.0.0:2376
jenkins中系统管理中
tcp://localhost:2376
添加流水线,添加docker构建
构建成功
jenkins 查看镜像
root@ubuntu20:~# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
hub.magedu.com/ikubernetes/spring-boot--helloword latest c2619d10999c 2 minutes ago 165MB
增加推送步骤,推送到阿里云,也可以推送到harbor镜像仓库
${jOB_NAME}:${imageTag}
luo2/jenkins
${imageTag}
${registry}
${registrUrl}
推送到harbor
[Docker] ERROR: failed to push image 192.168.1.30/ikubernetes2/jenkins:latest
ERROR: Build step failed with exception
com.github.dockerjava.api.exception.DockerClientException: Could not push image: Get "https://192.168.1.30/v2/": tls: failed to verify certificate: x509: cannot validate certificate for 192.168.1.30 because it doesn't contain any IP SANs
at com.github.dockerjava.core.command.PushImageResultCallback.throwFirstError(PushImageResultCallback.java:42)
jenkins 中docker配置文件中daemon.json 中添加配置文件
"insecure-registries": ["hub.magedu.com"]
root@ubuntu20:~# docker login hub.magedu.com
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
通过helm部署harbor
cat harbor-values.yaml
expose:
type: ingress
tls:
enabled: true
certSource: auto
ingress:
hosts:
core: hub.magedu.com
notary: notary.magedu.com
controller: default
annotations:
kubernetes.io/ingress.class: "nginx"
ipFamily:
ipv4:
enabled: true
ipv6:
enabled: false
externalURL: https://hub.magedu.com
# 持久化存储配置部分
persistence:
enabled: true
resourcePolicy: "keep"
persistentVolumeClaim: # 定义Harbor各个组件的PVC持久卷
registry: # registry组件(持久卷)
storageClass: "nfs-csi" # 前面创建的StorageClass,其它组件同样配置
accessMode: ReadWriteMany # 卷的访问模式,需要修改为ReadWriteMany
size: 5Gi
chartmuseum: # chartmuseum组件(持久卷)
storageClass: "nfs-csi"
accessMode: ReadWriteMany
size: 5Gi
jobservice:
jobLog:
storageClass: "nfs-csi"
accessMode: ReadWriteOnce
size: 1Gi
#scanDataExports:
# storageClass: "nfs-csi"
# accessMode: ReadWriteOnce
# size: 1Gi
database: # PostgreSQl数据库组件
storageClass: "nfs-csi"
accessMode: ReadWriteMany
size: 2Gi
redis: # Redis缓存组件
storageClass: "nfs-csi"
accessMode: ReadWriteMany
size: 2Gi
trivy: # Trity漏洞扫描
storageClass: "nfs-csi"
accessMode: ReadWriteMany
size: 5Gi
harborAdminPassword: "qwert123"
kubeApiServer
kubeapi.magedu.com
自动触发流水线
允许本地
安装插件
root@ubuntu20:/etc/gitlab# sudo gitlab-rails console
user = User.find_by_username(‘root’)
user.password = ‘2368756722Aa@’
user.password_confirmation = ‘2368756722Aa@’
user.save!
exit
gitlab root修改密码
--------------------------------------------------------------------------------
Ruby: ruby 3.0.6p216 (2023-03-30 revision 23a532679b) [x86_64-linux]
GitLab: 16.3.6 (abc892a30ec) FOSS
GitLab Shell: 14.26.0
PostgreSQL: 13.11
-----------------------------------------------------------[ booted in 113.54s ]
Loading production environment (Rails 7.0.6)
irb(main):001:0> user = User.find_by_username('root')
=> #<User id:1 @root>
irb(main):002:0> user.password = '2368756722Aa@'
=> "2368756722Aa@"
irb(main):003:0> user.password_confirmation = '2368756722Aa@'
=> "2368756722Aa@"
irb(main):004:0> user.save!
=> true
irb(main):005:0> exit
编辑流水线,添加
Secret token 用于添加Webhook的令排
gitlab添加Webhook
修改代码提交代码后,jenkins会自动构建
修改文件中的版本为v0.9.7
root@ubuntu20:~/luohuiwen/spring-boot-helloWorld# git status
On branch main
Your branch is up to date with 'origin/main'.
Changes not staged for commit:
(use "git add <file>..." to update what will be committed)
(use "git restore <file>..." to discard changes in working directory)
modified: pom.xml
modified: src/main/java/com/neo/controller/HelloWorldController.java
no changes added to commit (use "git add" and/or "git commit -a")
提交
root@ubuntu20:~/luohuiwen/spring-boot-helloWorld# git config --local user.name luohuiwen
root@ubuntu20:~/luohuiwen/spring-boot-helloWorld# git config --local user.email 2@qq.com
root@ubuntu20:~/luohuiwen/spring-boot-helloWorld# git add .
root@ubuntu20:~/luohuiwen/spring-boot-helloWorld# git commit -m "update to v0.9.7"
[main 27df443] update to v0.9.7
推送
root@ubuntu20:~/luohuiwen/spring-boot-helloWorld# git push origin
Username for 'http://192.168.1.50': root
Password for 'http://root@192.168.1.50':
Enumerating objects: 19, done.
Counting objects: 100% (19/19), done.
Delta compression using up to 2 threads
Compressing objects: 100% (8/8), done.
Writing objects: 100% (10/10), 731 bytes | 731.00 KiB/s, done.
Total 10 (delta 3), reused 0 (delta 0)
To http://192.168.1.50/devops/spring-boot-helloWorld.git
d26d5d2..27df443 main -> main
3 合并请求 自动提交流水线
gitlab 生成令牌
glpat-ogM1JubQaUxSZ6VZrkF8
jenkins中新建 secret填写gitlab中生成的令牌
配置gitlab
配置流水线,添加
更新代码,推送
root@ubuntu20:~/luohuiwen/spring-boot-helloWorld# git add .
root@ubuntu20:~/luohuiwen/spring-boot-helloWorld# git commit -m "update to v0.9.8."
[develop c8d76d2] update to v0.9.8.
2 files changed, 8 deletions(-)
root@ubuntu20:~/luohuiwen/spring-boot-helloWorld# git push origin
luohuiwen用户提交合并请求
git 中root用户批准
查看Jenkins流水线会自动触发