- 1Linux打开文件描述符限制_如何判断打开文件描述符超限
- 2一篇文章了解MySQL(一)_文章内容 mysql
- 3C语言之初识数组,简单认识一维数组,二维数组,字符数组
- 4QoS 服务质量
- 5yolov5 优化——mosaic相关_yolov5的mosic
- 6北斗4G遥测终端 北斗4G双模通信遥测终端机_北斗 支持4g通信
- 7Android 颜色透明度对照表_android透明度对照表
- 8自然语言处理NLP星空智能对话机器人系列:NLP on Transformers 101 第17章: BERT CommonLit Readability Prize比赛技术进阶详解_iron: private inference on transformers
- 9实验一:顺序表、单链表_实验一1、顺序表、单链和双向链表的定义,初始化、插入和删除 操作函数,并利用
- 10ROS2_foxy教程总结(自用)_ros2 foxy
基于Jenkins+Kubernetes+GitLab+Harbor构建CICD平台
赞
踩
1. 实验环境
1.1 k8s环境
1)Kubernetes 集群版本是 1.20.6
2)k8s控制节点:
IP:192.168.140.130
主机名:k8s-master
配置:4C6G
3)k8s工作节点
节点1:
IP:192.168.140.131
主机名:k8s-node1
配置:4C7.5G
节点2:
IP:192.168.140.132
主机名:k8s-node2
配置:4C11G
1.2 GitLab 环境
地址:http://192.168.140.132:8001/
代码仓库地址: http://192.168.140.132:8001/root/jenkins-sample.git
代码下载链接:https://pan.baidu.com/s/1xbW-zUf23tu0YSV-5c1dew?pwd=lmzf
提取码:lmzf
GitLab安装过程参考:Yum一键安装GitLab_yum gitlab-CSDN博客
1.3 Harbor环境
IP:192.168.140.132
1.4 Jenkins环境
版本:Jenkins 2.394
对应的jnlp软件下载地址如下:
链接:https://pan.baidu.com/s/1bNYiZCHWT099eOEdhDmJ3Q?pwd=lmzf
提取码:lmzf
备注:docker load -i jenkins-slave-latest.tar.gz 镜像即为jenkins-slave-latest:v1
2. 安装环境
2.1 安装 nfs 服务
1)三个节点分别安装nfs服务,k8s-master作为服务端
[root@k8s-master ~]# yum -y install nfs-utils
[root@k8s-master ~]# systemctl enable nfs --now
[root@k8s-node1 ~]# yum -y install nfs-utils
[root@k8s-node1 ~]# systemctl enable nfs --now
[root@k8s-node2 ~]# yum -y install nfs-utils
[root@k8s-node2 ~]# systemctl enable nfs --now
2)k8s-master上创建共享目录
[root@k8s-master ~]# mkdir /data/v2 -p
[root@k8s-master ~]# vim /etc/export
/data/v2 192.168.140.0/24(rw,no_root_squash)
[root@k8s-master ~]# exportfs -arv
[root@k8s-master ~]# systemctl restart nfs
2.2 在 kubernetes 中部署 jenkins
1)创建名称空间
[root@k8s-master ~]# kubectl create namespace jenkins-k8s
2)创建 pv
[root@k8s-master ~]# kubectl apply -f pv.yaml
- # pv.yaml文件
- apiVersion: v1
- kind: PersistentVolume
- metadata:
- name: jenkins-k8s-pv
- spec:
- capacity:
- storage: 10Gi
- accessModes:
- - ReadWriteMany
- nfs:
- server: 192.168.140.130
- path: /data/v2
3)创建pvc
[root@k8s-master ~]# kubectl apply -f pvc.yaml
- # pvc.yaml文件
- kind: PersistentVolumeClaim
- apiVersion: v1
- metadata:
- name: jenkins-k8s-pvc
- namespace: jenkins-k8s
- spec:
- resources:
- requests:
- storage: 10Gi
- accessModes:
- - ReadWriteMany
4)查看 pvc 是否创建成功
[root@k8s-master ~]# kubectl get pvc -n jenkins-k8
- [root@k8s-master ~]# kubectl get pvc -n jenkins-k8s
- NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
- jenkins-k8s-pvc Bound jenkins-k8s-pv 10Gi RWX 8h
5)创建一个 sa 账号
[root@k8s-master ~]# kubectl create sa jenkins-k8s-sa -n jenkins-k8s6)把上面的 sa 账号做 rbac 授权
[root@k8s-master ~]# kubectl create clusterrolebinding jenkins-k8s-sa-cluster -n jenkins-k8s --clusterrole=cluster-admin --serviceaccount=jenkins-k8s:jenkins-k8s-sa7)Jenkins文件夹授权
[root@k8s-master ~]# chown -R 1000.1000 /data/v28)deployment 部署 jenkins
[root@k8s-master ~]# kubectl apply -f jenkins-deployment.yaml - # jenkins-deployment.yaml文件
- kind: Deployment
- apiVersion: apps/v1
- metadata:
- name: jenkins
- namespace: jenkins-k8s
- spec:
- replicas: 1
- selector:
- matchLabels:
- app: jenkins
- template:
- metadata:
- labels:
- app: jenkins
- spec:
- serviceAccount: jenkins-k8s-sa
- containers:
- - name: jenkins
- image: jenkins/jenkins:2.394
- imagePullPolicy: IfNotPresent
- ports:
- - containerPort: 8080
- name: web
- protocol: TCP
- - containerPort: 50000
- name: agent
- protocol: TCP
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 500m
- memory: 512Mi
- livenessProbe:
- httpGet:
- path: /login
- port: 8080
- initialDelaySeconds: 60
- timeoutSeconds: 5
- failureThreshold: 12
- readinessProbe:
- httpGet:
- path: /login
- port: 8080
- initialDelaySeconds: 60
- timeoutSeconds: 5
- failureThreshold: 12
- volumeMounts:
- - name: jenkins-volume
- subPath: jenkins-home
- mountPath: /var/jenkins_home
- volumes:
- - name: jenkins-volume
- persistentVolumeClaim:
- claimName: jenkins-k8s-pvc
- nodeName: k8s-node1
备注:
a. image: jenkins/jenkins:2.394 通过在k8s-node1节点直接下载获取
[root@k8s-node1 ~]# docker pull jenkins/jenkins:2.394b. nodeName: k8s-node1: 本文指定部署在node1j节点
9)查看 jenkins 是否创建成功,如下所示表明创建成功
- [root@k8s-master ~]# kubectl get pods -n jenkins-k8s
- NAME READY STATUS RESTARTS AGE
- jenkins-5558b49ff5-dqhz5 1/1 Running 2 9h
10)把 jenkins 前端加上 service,提供外部网络访问
[root@k8s-master ~]# kubectl apply -f jenkins-service.yaml- # jenkins-service.yaml文件
- apiVersion: v1
- kind: Service
- metadata:
- name: jenkins-service
- namespace: jenkins-k8s
- labels:
- app: jenkins
- spec:
- selector:
- app: jenkins
- type: NodePort
- ports:
- - name: web
- port: 8080
- targetPort: web
- nodePort: 30002
- - name: agent
- port: 50000
- targetPort: agent
2.3 配置 Jenkins
1)浏览器访问Jenkins页面:http://192.168.140.132:30002/
2)获取管理员密码
[root@k8s-master ~]# cat /data/v2/jenkins-home/secrets/initialAdminPassword把上面获取到的密码拷贝到上面管理员密码下的方框里
点击继续,出现如下界面
3)安装推荐的插件
插件安装好之后显示需要创建用户
4)创建管理员用户
点击保存并完成,出现如下界面
点击保存并完成,出现如下界面
2.4 测试Jenkins的CICD
1)在 Jenkins 中安装 kubernetes 和blueocean插件
Manage Jnekins------>插件管理------>可选插件------>搜索 kubernetes------>出现如下
选中 kubernetes 之后------>点击下面的直接安装------>安装之后选择重新启动 jenkins--->
http://192.168.40.180:30002/restart-->重启之后登陆 jenkins,插件即可生效
备注:blueocean插件安装流程和安装kubernetes插件一致
2)配置 jenkins 连接到我们存在的 k8s 集群
访问地址 http://192.168.140.130:30002/configureClouds/,新增一个云,在下拉菜单中选择 kubernets 并添加
3)填写kubenetes信息
kubenetes地址:https://192.168.140.130:6443
4)测试 jenkins 和 k8s 是否可以通信
点击连接测试,如果显示 Connection test successful 或者Connected to Kubernetes v1.20.6,说明测试成功, Jenkins 可以和 k8s 进行通信。
Jenkins地址:http://jenkins-service.jenkins-k8s.svc.cluster.local:8080
配置 k8s 集群的时候 jenkins 地址需要写上面域名的形式,配置之后执行如下:应用------>保存
5)配置pod template
访问地址 http://192.168.140.130:30002/configureClouds/,
按照如下配置:
6)在上面的 pod template 下添加容器
添加容器------>Container Template------>按如下配置
备注:Docker镜像jenkins-slave-latest:v1为 docker load -i jenkins-slave-latest.tar.gz获取,jenkins-slave-latest.tar.gz需要上传到工作节点。
7)在每一个 pod template 右下脚都有一个高级,点击高级,出现如下
在 Service Account 处输入 jenkins-k8s-sa,这个 sa 就是我们最开始安装 jenkins 时的 sa
8)给上面的 pod template 添加卷
添加卷------>选择 Host Path Volume
/var/run/docker.sock
/var/run/docker.sock
/root/.kube
/home/jenkins/.kube
上述配置好之后, Apply(应用)------>Save(保存)
9)添加docker harbor凭证
首页------>系统管理→Manage Credentials(管理凭据) 
用户名:admin
密码:Harbor12345
ID:dockerharbor
2.5 Jenkins 部署应用发布到 k8s 开发环境、测试环境
1)在 k8s-master 的控制节点创建名称空间:
- [root@ks-master ~]# kubectl create ns devlopment
- [root@ks-master ~]# kubectl create ns qatest
- [root@ks-master ~]# kubectl create ns production
2) jenkins创建任务
pipeline文件
- node('lmzf') {
- stage('Clone') {
- echo "1.Clone Stage"
- git url: "http://192.168.140.132:8001/root/jenkins-sample.git"
- script {
- build_tag = sh(returnStdout: true, script: 'git rev-parse --short HEAD').trim()
- }
- }
- stage('Test') {
- echo "2.Test Stage"
-
- }
- stage('Build') {
- echo "3.Build Docker Image Stage"
- sh "docker build -t 192.168.140.132/jenkins-demo/jenkins-demo:${build_tag} ."
- }
- stage('Push') {
- echo "4.Push Docker Image Stage"
- withCredentials([usernamePassword(credentialsId: 'dockerharbor', passwordVariable: 'dockerHubPassword', usernameVariable: 'dockerHubUser')]) {
- sh "docker login 192.168.140.132 -u ${dockerHubUser} -p ${dockerHubPassword}"
- sh "docker push 192.168.140.132/jenkins-demo/jenkins-demo:${build_tag}"
- }
- }
- stage('Deploy to dev') {
- echo "5. Deploy DEV"
- sh "sed -i 's/<BUILD_TAG>/${build_tag}/' k8s-dev-harbor.yaml"
- sh "sed -i 's/<BRANCH_NAME>/${env.BRANCH_NAME}/' k8s-dev-harbor.yaml"
- // sh "bash running-devlopment.sh"
- sh "kubectl apply -f k8s-dev-harbor.yaml --validate=false"
- }
- stage('Promote to qa') {
- def userInput = input(
- id: 'userInput',
-
- message: 'Promote to qa?',
- parameters: [
- [
- $class: 'ChoiceParameterDefinition',
- choices: "YES\nNO",
- name: 'Env'
- ]
- ]
- )
- echo "This is a deploy step to ${userInput}"
- if (userInput == "YES") {
- sh "sed -i 's/<BUILD_TAG>/${build_tag}/' k8s-qa-harbor.yaml"
- sh "sed -i 's/<BRANCH_NAME>/${env.BRANCH_NAME}/' k8s-qa-harbor.yaml"
- // sh "bash running-qa.sh"
- sh "kubectl apply -f k8s-qa-harbor.yaml --validate=false"
- sh "sleep 6"
- sh "kubectl get pods -n qatest"
- } else {
- //exit
- }
- }
- stage('Promote to pro') {
- def userInput = input(
-
- id: 'userInput',
- message: 'Promote to pro?',
- parameters: [
- [
- $class: 'ChoiceParameterDefinition',
- choices: "YES\nNO",
- name: 'Env'
- ]
- ]
- )
- echo "This is a deploy step to ${userInput}"
- if (userInput == "YES") {
- sh "sed -i 's/<BUILD_TAG>/${build_tag}/' k8s-prod-harbor.yaml"
- sh "sed -i 's/<BRANCH_NAME>/${env.BRANCH_NAME}/' k8s-prod-harbor.yaml"
- // sh "bash running-production.sh"
- sh "cat k8s-prod-harbor.yaml"
- sh "kubectl apply -f k8s-prod-harbor.yaml --record --validate=false"
- }
- }
- }
3)立即构建--->点击左下角进度条---->Console Output
