文章目录
一、jenkins
CI持续集成(主要是开发人员提交代码后立即构建、测试)、CD持续交付(将集成后的代码部署到接近线上环境)、CD持续部署(将所有变更代码部署生产环境)
#持续集成的出现,保证开发团队交代码的质量,减轻了软件发布时的压力;其次就是全程自动完成,无需太多人工干预,极大的减少了重复的过程,节省了时间、工作量和成本。
Jenkins 用于监控持续重复的工作,能实时监控集成中存在的错误,提供详细的日志文件和提醒功能,使软件的持续集成变成可能的项目构建工具。
docker安装jenkins
version: '3.1'
services:
jenkins:
image: jenkins/jenkins:2.319.1-lts
container_name: jenkins
restart: always
ports:
- '8080:8080'
- '50000:50000'
volumes:
- '/docker/jenkins_docker/data/:/var/jenkins_home/' #jenkins家目录
#使jenkins容器内能与docker通信,默认docker.sock所属组root:docker,修改chown root:root docker.sock chmod o+rw docker.sock赋予其他用户读写权限
- '/var/run/docker.sock:/var/run/docker.sock'
- '/usr/bin/docker:/usr/bin/docker' #使jenkins容器内使用docker命令
- '/etc/docker/daemon.json:/etc/docker/daemon.json'#使jenkins容器内使用docker权限
访问http://192.168.70.129:8080
#获取登录token
cat /docker/jenkins_docker/data/secrets/initialAdminPassword
自定义jenkins两种插件插件安装都可以,这里我选有选择插件安装,根据自己需要来进行安装
#必备插件
Git client plugin
Git Parameter Plug-In
Git plugin
GIT server Plugin
Pipeline
Pipeline Graph Analysis Plugin
Publish Over SSH
SonarQube Scanner for Jenkins
jdk8下载 jdk-8u361-linux-i586.tar.gz
sonarqube-scanner下载 sonar-scanner-cli-4.7.0.2747-linux.zip
将jdk8、sonarqube-scanner压缩包解压后移动到jenkins_home目录下,这里对
jenkins_home路径做了映射,直接移动到宿主机/docker/jenkins_docker/data下
将下载的sonar-scanner移到jenkin目录下并修改sonar-scanner里配置
vi sonar-scanner/conf/sonar-scanner.properties
#修改
sonar.host.url=http://192.168.70.129:9000
sonar.sourceEncoding=UTF-8
二、gitlab
Gitlab是一个用于仓库管理系统的开源项目,使用Git作为代码管理工具,并在此基础上搭建起来的web服务。gitlab-ce是它的社区版,gitlab-ee是企业版,是收费的。这里通过docker安装gitlab-ce社区免费版。
git基本使用
docker安装gitlab
version: '3.1'
services:
gitlab:
image: gitlab/gitlab-ce:latest
container_name: gitlab
restart: always
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'http://172.20.80.100:8929'
gitlab_rails['gitlab_shell_ssh_port'] = 2224
ports:
- '8929:8929'
- '2224:2224'
volumes:
- './config:/etc/gitlab'
- './logs:/var/log/gitlab'
- './data:/var/opt/gitlab'
#获取root密码
cat docker/gitlab_docker/config/initial_root_password
#修改root密码
#进入容器内部
docker exec -it gitlab /bin/bash
#进入控制台
gitlab-rails console -e production
#查询id为1的用户,id为1的用户是超级管理员
user = User.where(id:1).first
user.password='lj123456'
user.save!
exit
#创建go项目test
#本地将mytest项目拉取下来
git clone
三、制作go项目镜像
在当前路径下touch一个Dockerfile,制作go镜像
FROM golang:alpine AS builder
#设置go环境变量
ENV GO111MODULE=on \
CGO_ENABLED=0 \
GOOS=linux \
GOARCH=amd64 \
GOPROXY="https://goproxy.cn,direct"
#切换到build作为容器工作目录
WORKDIR /build
#将go所以来module拷贝当前目录并下载
COPY ./go.mod .
COPY ./go.sum .
RUN go mod download
#将当前代码拷贝容器工作目录中
COPY . .
#编译二进制可执行文件mytest
RUN go build -o mytest .
#创建一个debian小镜象
FROM debian:stretch-slim
# 从builder镜像中把mytest可执行文件 拷贝到容器根目录
COPY --from=builder /build/mytest /mytest
#执行
CMD ["/mytest"]
四、sonarqube
sonarqube是一个开源的代码分析平台, 用来持续分析和评测项目源代码的质量
sonarqube
version: '3.1'
services:
db:
image: postgres
container_name: db
ports:
- 5432:5432
networks:
- sonarnet
environment:
POSTGRES_USER: sonar
POSTGRES_PASSWORD: sonar
sonarqube:
image: sonarqube:8.9.6-community
container_name: sonarqube
depends_on:
- db
restart: always
environment:
SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
SONAR_JDBC_USERNAME: sonar
SONAR_JDBC_PASSWORD: sonar
ports:
- '9000:9000'
networks:
- sonarnet
networks:
sonarnet:
driver: bridge
安装成功后访问192.168.70.129:30004登录
账号密码admin/admin
修改密码后登录主页
五、harbor镜像仓库,用于存放镜像
#解压下载的压缩包并切换harbor目录
tar xzf harbor-online-installer-v1.10.16.tgz
cd harbor
#修改harbor.yml
hostname: 192.168.70.129 #harbor主机ip
port: 10001 #端口号
harbor_admin_password: 12345678 #admin用户登录密码
#并将https注释掉
#执行./install.sh进行安装
./install.sh
#安装成功后通过docker ps可以查看到运行了很多harbor依赖的容器
#访问:192.168.70.129:10001登录harbor的web界面
#harbor停止
cd /docker/harbor_docker/harbor
docker-compose down
六、jenkins配置
6.1、系统管理 =》系统配置=》
6.1.1、jenkins配置
6.1.2、sonarqube配置
添加Server authentication token
打开sonarqubeweb页面http://172.20.80.100:9000/
6.1.3、Publish over SSH配置
6.1.4、保存
6.2、系统管理 =》全局工具配置=》
7、新建任务
7.1、构建一个自由风格的软件项目
相关配置
执行脚本deploy.sh
#!/bin/bash
harbor_addr=$1
harbor_repo=$2
project=$3
version=$4
container_port=$5
host_port=$6
imageName=$harbor_addr/$harbor_repo/$project:$version
echo $imageName
containerId=`docker ps -a | grep ${project} | awk '{print $1}'`
echo $containerId
if [ "$containerId" != "" ] ; then
docker stop $containerId
docker rm $containerId
fi
tag=`docker images | grep ${project} | awk '{print $2}'`
echo $tag
if [[ "$tag" =~ "$version" ]] ; then
docker rmi -f $imageName
fi
docker login -u admin -p liujun $harbor_addr
docker pull $imageName
docker run -d -p $host_port:$container_port --name $project $imageName
echo "success"
7.2、pipeline
pipeline{
agent any
environment{
harborUser='admin'
harborPasswd='liujun'
harborAddr='192.168.70.129:10001'
harborRepo='repo'
}
stages{
stage("拉取gitlab代码"){
steps{
checkout([$class: 'GitSCM', branches: [[name: '*/master']], extensions: [], userRemoteConfigs: [[url: 'http://172.20.80.100:8929/root/test1.git']]])
}
}
stage("sonarqube进行代码检测"){
steps{
sh '/var/jenkins_home/sonar-scanner -Dsonar.sources=./ -Dsonar.projectname=linux-test -Dsonar.projectKey=linux-test -Dsonar.login=6c289e1b36ca36513b3422c64c840b527cf7eff2'
}
}
stage("制作项目镜像"){
steps{
sh 'docker build -t ${JOB_NAME}:${tag} .'
}
}
stage("将镜像上传harbor镜像仓库"){
steps{
sh '''docker login -u ${harborUser} -p ${harborPasswd} ${harborAddr}
docker tag ${JOB_NAME}:${tag} ${harborAddr}/${harborRepo}/${JOB_NAME}:${tag}
docker push ${harborAddr}/${harborRepo}/${JOB_NAME}:${tag}'''
}
}
stage("启动容器"){
steps{
sshPublisher(publishers: [sshPublisherDesc(configName: '', transfers: [sshTransfer(cleanRemote: false, excludes: '', execCommand: "deploy.sh $harborAddr $harborRepo ${JOB_NAME} $tag $containerPort $hostPort", execTimeout: 120000, flatten: false, makeEmptyDirs: false, noDefaultExcludes: false, patternSeparator: '[, ]+', remoteDirectory: '', remoteDirectorySDF: false, removePrefix: '', sourceFiles: '')], usePromotionTimestamp: false, useWorkspaceInPromotion: false, verbose: false)])
}
}
}
}
7.3、整合k8s
7.3.1、将pipeline.yml上传gitlab
pipeline.yml
apiVersion: v1
kind: Namespace
metadata:
name: test
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: pipeline
namespace: test
labels:
app: pipeline
spec:
selector:
matchLabels:
app: pipeline
replicas: 3
template:
metadata:
labels:
app: pipeline
spec:
containers:
- name: pipeline
image: 192.168.70.129:10001/repo/pipeline:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8998
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
name: pipeline
namespace: test
labels:
app: pipeline
spec:
selector:
app: pipeline
type: NodePort
ports:
- name: pipeline
protocol: TCP
port: 5000
targetPort: 8998
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-pipeline
namespace: test
spec:
ingressClassName: "nginx"
rules:
- host: time.test.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: pipeline
port:
number: 5000
7.3.2、jenkings配置
系统管理 =》配置=》
使能够免密登录k8s服务器
#进入jenkins容器
docker exec -it jenkins bash
#生成密钥
ssh-keygen -t rsa -C "test@qq.com"
#将jenkins容器公钥复制,在服务器的创建authorized_keys文件,将jenkins的公钥粘贴到authorized_keys
vi authorized_keys
pipeline构造文件
pipeline{
agent any
environment{
harborUser='admin'
harborPasswd='12345678'
harborAddr='192.168.70.129:10001'
harborRepo='repo'
}
stages{
stage("拉取gitlab代码"){
steps{
checkout([$class: 'GitSCM', branches: [[name: '${tag}']], extensions: [], userRemoteConfigs: [[url: 'http://192.168.70.129:8929/root/mytest.git']]])
}
}
stage("sonarqube进行代码检测"){
steps{
sh '/var/jenkins_home/sonar-scanner/bin/sonar-scanner -Dsonar.sources=./ -Dsonar.projectname=${JOB_NAME}
-Dsonar.projectKey=${JOB_NAME} -Dsonar.login=3bfd6413ea0608f32bb8c2dd6f701ecdd030e80b'
}
}
stage("制作项目镜像"){
steps{
sh 'docker build -t ${JOB_NAME}:${tag} .'
}
}
stage("将镜像上传harbor镜像仓库"){
steps{
sh '''docker login -u ${harborUser} -p ${harborPasswd} ${harborAddr}
docker tag ${JOB_NAME}:${tag} ${harborAddr}/${harborRepo}/${JOB_NAME}:${tag}
docker push ${harborAddr}/${harborRepo}/${JOB_NAME}:${tag}'''
}
}
stage("将k8s的yml文件推到k8s环境路径下"){
steps{
sshPublisher(publishers: [sshPublisherDesc(configName: 'k8s', transfers: [sshTransfer(cleanRemote: false, excludes: '',
execCommand: '', execTimeout: 120000, flatten: false, makeEmptyDirs: false, noDefaultExcludes: false, patternSeparator: '[, ]+',
remoteDirectory: '', remoteDirectorySDF: false, removePrefix: '', sourceFiles: 'pipeline.yml')], usePromotionTimestamp: false,
useWorkspaceInPromotion: false, verbose: false)])
}
}
stage("k8s项目部署"){
steps{
sh 'ssh root@192.168.70.99 kubectl apply -f /var/local/k8s/pipeline.yml'
}
}
}
}
7.4、自动化CI构建
将tag更换latest
pipeline{
agent any
environment{
harborUser='admin'
harborPasswd='liujun'
harborAddr='192.168.70.129:10001'
harborRepo='repo'
}
stages{
stage("拉取gitlab代码"){
steps{
checkout([$class: 'GitSCM', branches: [[name: '*/master']], extensions: [], userRemoteConfigs: [[url: 'http://192.168.70.129:8929/root/mytest.git']]])
}
}
stage("sonarqube进行代码检测"){
steps{
sh '/var/jenkins_home/sonar-scanner/bin/sonar-scanner -Dsonar.sources=./ -Dsonar.projectname=${JOB_NAME}
-Dsonar.projectKey=${JOB_NAME} -Dsonar.login=3bfd6413ea0608f32bb8c2dd6f701ecdd030e80b'
}
}
stage("制作项目镜像"){
steps{
sh 'docker build -t ${JOB_NAME}:latest .'
}
}
stage("将镜像上传harbor镜像仓库"){
steps{
sh '''docker login -u ${harborUser} -p ${harborPasswd} ${harborAddr}
docker tag ${JOB_NAME}:latest ${harborAddr}/${harborRepo}/${JOB_NAME}:latest
docker push ${harborAddr}/${harborRepo}/${JOB_NAME}:latest'''
}
}
stage("将k8s的yml文件推到k8s环境路径下"){
steps{
sshPublisher(publishers: [sshPublisherDesc(configName: 'k8s', transfers: [sshTransfer(cleanRemote: false, excludes: '',
execCommand: '', execTimeout: 120000, flatten: false, makeEmptyDirs: false, noDefaultExcludes: false, patternSeparator: '[, ]+',
remoteDirectory: '', remoteDirectorySDF: false, removePrefix: '', sourceFiles: 'pipeline.yml')], usePromotionTimestamp: false,
useWorkspaceInPromotion: false, verbose: false)])
}
}
stage("k8s项目部署"){
steps{
sh 'ssh root@192.168.70.99 kubectl apply -f /var/local/k8s/pipeline.yml'
sh 'ssh root@192.168.70.99 kubectl rollout restart deployment pipeline -n test'
}
}
}
}
每次将代码推送gitlab上jenkins自动构建