jenkins + gitee + k8s 实现CICD
1.安装jenkins
# 下载安装包
wget https://mirrors.tuna.tsinghua.edu.cn/jenkins/redhat-stable/jenkins-2.235.2-1.1.noarch.rpm
# 安装jenkins(安装jenkins需要java运行环境)
yum localinstall -y jenkins-2.235.2-1.1.noarch.rpm
# 设置开机启动并启动jenkins
systemctl enable jenkins
systemctl start jenkins
# 访问地址http://192.168.184.34:8080/
# 安装完插件后创建新用户
2.配置jenkins
-
配置环境变量
CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.275.b01-0.el7_9.x86_64 M2_HOME=/opt/apache-maven-3.6.3 PATH+EXTRA=$M2_HOME/bin
3.流水线命令
#!groovy
pipeline {
agent any
environment {
//git 仓库地址
REPOSITORY= 'git@gitee.com:xxx/demo1.git'
GIT_BRANCH="master"
//项目名称 参数传递
MODULE ="demo1"
//sh脚本目录 已通用无需修改
SCRIPT_PATH ="/data/script"
}
stages {
stage('获取代码') {
steps {
echo "start fetch core from git:${REPOSITORY}"
git credentialsId: 'a3c44f47-fe8c-46c0-9587-xxx', url: 'https://gitee.com/x/xxdemo1.git'
}
}
stage('编译、单元测试') {
steps {
echo "start compile"
sh "mvn clean -U package -Dmaven.test.skip=true"
}
}
stage('构建镜像') {
steps {
echo "start bulid image"
sh "${SCRIPT_PATH}/build-images.sh ${MODULE}"
}
}
stage('发布系统') {
steps {
echo "start deploy"
sh "${SCRIPT_PATH}/deploy.sh ${MODULE} ${MODULE}"
}
}
}
}
4.shell 脚本
-
build-images.sh
-
#!/bin/bash # 项目名称 参数输入 MODULE=$1 TIME=`date "+%Y%m%d%H%M"` # git 版本号 GIT_REVISION=`git log -1 --pretty=format:"%h"` IMAGE_NAME=registry.cn-hangzhou.aliyuncs.com/xxx/${MODULE}:${TIME}_${GIT_REVISION} workdir=$(pwd) echo "PATH:" + $workdir # 切换到打包目录 dockerfile构建镜像 当前目录 #cd ${MODULE} docker build -t ${IMAGE_NAME} . #cd - # push 镜像到镜像仓库 # docker login --username=kevinzhou133 registry.cn-hangzhou.aliyuncs.com docker tag ${IMAGE_NAME} registry.cn-hangzhou.aliyuncs.com/bigcat_zhou/${MODULE}:${TIME}_${GIT_REVISION} docker push registry.cn-hangzhou.aliyuncs.com/bigcat_zhou/${MODULE}:${TIME}_${GIT_REVISION} echo "${IMAGE_NAME}" > IMAGE_NAME
-
-
deploy.sh
-
#!/bin/bash # kubectl 更新镜像 IMAGE=`cat IMAGE_NAME` DEPLOYMENT=$1 MODULE=$2 PATH=$PATH:/root/bin export PATH echo "update image to:${IMAGE}" echo "DEPLOYMENT : ${DEPLOYMENT}" echo "MODULE : ${MODULE}" echo "kubectl set image deployments/${DEPLOYMENT} ${MODULE}=${IMAGE}" # 滚动更新镜像 # kubectl apply -f k8s-yaml/nginx-deployment.yaml kubectl set image deployments/${DEPLOYMENT} ${MODULE}=${IMAGE} # 实时观察发布状态: kubectl rollout status deployment/${DEPLOYMENT}
-
-
jenkins 在shell脚本运行docker权限报错
#将jenkins用户加入docker组 #重启Jenkins服务 sudo gpasswd -a jenkins docker sudo service jenkins restart
-
jenkins 在shell脚本运行k8s命令报错
# 原因:在安装k8s时,我们是以管理员身份运行的.如果不能改.不方便调用kubectl工具 # 方法:更改jenkins的用户 vi /etc/sysconfig/jenkins # 修改$JENKINS_USER,并去掉当前行注释 $JENKINS_USER="root" chown -R root:root /var/lib/jenkins chown -R root:root /var/cache/jenkins chown -R root:root /var/log/jenkins # 重启Jenkins(若是其他方式安装的jenkins则重启方式略不同) service jenkins restart # 查看Jenkins进程所属用户 ps -ef | grep jenkins # 若显示为root用户,则表示修改完成
-
K8S无法拉取私有仓库镜像解决
问题: K8S部署pod 从Harbor拉取镜像报错: repository does not exist or may require ‘docker login’: denied: requested access to the resource is denied 解决方法: 1、配置添加项目所在命名空间的私有仓库秘钥,以便拉取镜像时完成认证过程 kubectl create secret docker-registry harbor-secret(别名) --namespace=项目所在命名空间 --docker-server=Harbor地址 --docker-username=账户 --docker-password=Harbor密码 //这里的别名在引用时需要用到,尽可能和命名空间一致 2、更新服务yaml文件,添加引用创建的秘钥 spec: containers: - image: imagePullPolicy: Always name: imagePullSecrets: - name: harbor-secret