代码发布流程
1.git 提交代码
2.gitlab 存储代码
3.Jenkins pipeline 整合(maven编译代码->Sonarqube代码质量检测->经过代码质量检测后代码构建的容器镜像存到harbor镜像仓库),将写好的yaml文件传送到K8s master中执行
4.k8s apply -f yaml文件部署deployment
安装工具流程
1.准备服务器,使用虚拟机创建,一台Gitlab,一台Jenkins,一台k8s master,一台k8s worker
2.所有服务器IP设置,防火墙关闭,安装docker,docker-compose服务
3.在Gitlab服务器安装配置Gitlab
4.本地电脑使用IntelliJ IDEA Community Edition 2022.2.1进行代码开发,里面默认有git功能,准备好样例代码。
5.在Jenkins服务器安装配置JDK,Jenkins, Maven, Sonarqube,harbor
6.在二台k8s服务器部署k8s集群,图形化管理工具kuboard
7.测试验证
安装工具详细流程
1.准备服务器
所有服务器最小化安装centos7.9系统,打开 阿里云centos系统仓库
下载CentOS-7-x86_64-Minimal-2009.torrent,使用迅雷下载提高速度
#改主机名命令
hostnamectl set-hostname gitlab-126
hostnamectl set-hostname jenkins-127
hostnamectl set-hostname k8s-master-105
hostnamectl set-hostname k8s-node-106
2.服务器IP设置,4台服务器都设置对应的IP
[root@gitlab-126 ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens33
IPADDR="192.168.1.126"
PREFIX="24"
GATEWAY="192.168.1.1"
DNS1="180.76.76.76"
DNS2="114.114.114.114"
IPV6_PRIVACY="no"
#wq保存退出
[root@gitlab-126 ~]# systemctl restart network
服务器防火墙关闭,安装docker,docker-compose服务
#【关闭防火墙】
systemctl stop firewalld
systemctl disable firewalld
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0
swapoff -a
#【安装docker服务】
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sudo yum install docker-ce docker-ce-cli containerd.io
sudo systemctl start docker
sudo systemctl enable docker
#【安装docker-compose】
访问https://github.com/docker/compose/releases/tag/v2.10.1,选择docker-compose-linux-x86_64下载
访问github网速不稳定,可修改本地hosts文件
C:\Windows\System32\drivers\etc\hosts
20.205.243.166 github.com
185.199.111.153 assets-cdn.github.com
103.252.114.61 github.global.ssl.fastly.net
【将docker-compose安装包传送到gitlab-126,jenkins-127服务器,都执行如下命令】
[root@jenkins-127 ~]# mv docker-compose-linux-x86_64 docker-compose
[root@jenkins-127 ~]# echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
[root@jenkins-127 ~]# mv docker-compose /usr/bin/
[root@jenkins-127 ~]# docker-compose version
-bash: /usr/bin/docker-compose: Permission denied
[root@jenkins-127 ~]# chmod +x /usr/bin/docker-compose
[root@jenkins-127 ~]# ll /usr/bin/docker-compose
-rwxr-xr-x. 1 root root 25722880 Sep 10 01:14 /usr/bin/docker-compose
[root@jenkins-127 ~]# docker-compose version
Docker Compose version v2.10.1
3.在Gitlab-126服务器使用docker-compose安装配置Gitlab并启动
[root@gitlab-126 gitlab]# docker pull gitlab/gitlab-ce
[root@gitlab-126 CICD]# cd gitlab
[root@ gitlab-126 gitlab]# ls
docker-compose.yml
[root gitlab-126 gitlab]# vi docker-compose.yml
[root@gitlab-126 gitlab]# more docker-compose.yml
version: '3.1'
services:
gitlab:
image: 'gitlab/gitlab-ce:latest'
container_name: gitlab
restart: always
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'http://192.168.1.127:8929'
gitlab_rails['gitlab_shell_ssh_port'] = 2224
ports:
- '8929:8929'
- '2224:2224'
volumes:
- './config:/etc/gitlab'
- './data:/var/opt/gitlab'
[root@gitlab-126 gitlab]# docker-compose up -d
[+] Running 2/2
⠿ Network gitlab_default Created 0.2s
⠿ Container gitlab Started
[root@gitlab-126 gitlab]# cd config/
[root@gitlab-126 config]# ls
gitlab.rb gitlab-secrets.json initial_root_password ssh_host_ecdsa_key ssh_host_ecdsa_key.pub ssh_host_ed25519_key ssh_host_ed25519_key.pub ssh_host_rsa_key ssh_host_rsa_key.pub trusted-certs
#查看登陆gitlab的默认密码,账号为root,访问http://192.168.1.127:8929,可以在perferences->password修改密码
[root@gitlab-126 config]# more initial_root_password
4.本地准备demo 代码
访问https://start.spring.io/ ,生成一个demo jar.配置demo Metadata如下图,Dependencies选择Spriing Web
解压,idea打开,添加ExampleController类,启动项目,127.0.0.1:8080/example
本地电脑安装git
https://git-scm.com/download/win 下载安装gitlab创建project用于存放code
本地idea打开Terminal,使用Clone with HTTP,查看Git clone命令
输入Git命令
git init --initial-branch=main
git remote add origin http://192.168.1.126:8929/root/mydemo.git
git add .
git commit -m “Initial commit”
git push -u origin main上传代码
5.在Jenkins-127服务器安装配置JDK,Jenkins, Maven, Sonarqube,harbor
- 安装JDK8,安装包到oracle官网下载,需要注册一个oracle账号
[root@jenkins-127 ~]# tar -xzvf jdk-8u172-linux-x64.tar.gz -C /usr/local
- 使用docker-compose安装Jenkins
安装Jenkins2.361.1版本,访问https://hub.docker.com/r/jenkins/jenkins查找docker pull 命令
[root@jenkins-127 jenkins]# docker pull jenkins/jenkins:2.361.1-lts
[root@jenkins-127 jenkins]# chmod -R 777 data/
[root@jenkins-127 jenkins]# more docker-compose.yml
version: "3.1"
services:
jenkins:
image: jenkins/jenkins:2.361.1-lts
container_name: jenkins
ports:
- 8080:8080
- 50000:50000
volumes:
- ./data/:/var/jenkins_home/
[root@jenkins-127 jenkins]# docker-compose up -d
[root@jenkins-127 jenkins]# docker-compose restart
0cbbf91277df447da2ae2d3885875823
This may also be found at: /var/jenkins_home/secrets/initialAdminPassword
#Jenkins 更换国内源 安装插件飞快
修改/var/lib/jenkins/updates/default.json
google改为www.baidu.com即可
[root@jenkins-127 data]# more hudson.model.UpdateCenter.xml
<?xml version='1.1' encoding='UTF-8'?>
<sites>
<site>
<id>default</id>
<url>http://mirror.esuni.jp/jenkins/updates/update-center.json</url>
</site>
</sites>
#访问http://192.168.1.127:8080/pluginManager/advanced -->升级站点-》http://mirror.esuni.jp/jenkins/updates/update-center.json
[root@jenkins-127 data]# docker-compose up -d
- 访问http://192.168.1.127:8080/manage/pluginManager/available 安装jenkins插件
git parameter
publish over ssh
- 安装maven
访问https://maven.apache.org/download.cgi,下载apache-maven-3.8.6-bin.tar.gz
设置阿里云镜像库加快下载
设置JDK开启
[root@jenkins-127 ~]# tar -xzvf apache-maven-3.8.6-bin.tar.gz -C /usr/local
[root@jenkins-127 ~]# cd /usr/local
[root@jenkins-127 local]# ls
apache-maven-3.8.6 bin etc games include jdk1.8.0_172 lib lib64 libexec sbin share src
[root@jenkins-127 local]# mv jdk1.8.0_172/ jdk/
[root@jenkins-127 local]# mv apache-maven-3.8.6/ maven/
[root@jenkins-127 conf]# pwd
/usr/local/maven/conf
[root@jenkins-127 conf]# more settings.xml
<!-- 设置阿里云镜像库 -->
<mirror>
<id>nexus-aliyun</id>
<mirrorOf>*</mirrorOf>
<name>Nexus aliyun</name>
<url>http://maven.aliyun.com/nexus/content/groups/public</url>
</mirror>
<!-- maven配置settings.xml指定默认java8版本 -->
<profile>
<id>jdk18</id>
<activation>
<activeByDefault>true</activeByDefault>
<jdk>1.8</jdk>
</activation>
<properties>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<maven.compiler.compilerVersion>1.8</maven.compiler.compilerVersion>
</properties>
</profile>
<!-- 设置JDK开启 -->
<activeProfiles>
<activeProfile>jdk8</activeProfile>
</activeProfiles>
[root@jenkins-127 jenkins]# mv /usr/local/maven/ data/
[root@jenkins-127 jenkins]# mv /usr/local/jdk/ data/
- 使用docker-compose安装SonarQube
版本:SonarQube 8.9.9 LTS
[root@jenkins-127 sonarqube]# pwd
/CICD/sonarqube
[root@jenkins-127 ~]# docker pull sonarqube:8.9.9-community
[root@jenkins-127 sonarqube]# more docker-compose.yml
version: '3.1'
services:
db:
image: postgres
container_name: db
ports:
- 5432:5432
networks:
- sonarnet
environment:
POSTGRES_USER: sonar
POSTGRES_PASSWORD: sonar
sonarqube:
image: sonarqube:8.9.9-community
container_name: sonarqube
depends_on:
- db
ports:
- 9000:9000
networks:
- sonarnet
environment:
SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
SONAR_JDBC_USERNAME: sonar
SONAR_JDBC_PASSWORD: sonar
networks:
sonarnet:
driver: bridge
[root@jenkins-127 sonarqube]# docker-compose up –d
#报错,修改参数再sysctl -p使其生效
bootstrap check failure [1] of [1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
[root@jenkins-127 sonarqube]# more /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
vm.max_map_count=262144
[root@jenkins-127 sonarqube]# sysctl -p
访问SonarQube http://192.168.1.127:9000/
默认用户密码 admin:admin
改密码为password
到Plugins下载中文语言插件
- Maven配置访问SonarQuebe
[root@jenkins-127 conf]# pwd
/CICD/jenkins/data/maven/conf
[root@jenkins-127 conf]# more settings.xml |grep sonar -A10
<id>sonar</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<sonar.login>admin</sonar.login>
<sonar.password>password</sonar.password>
<sonar.host.url>http://192.168.1.127:9000</sonar.host.url>
</properties>
</profile>
</profiles>
<!-- activeProfiles
| List of profiles that are active for all builds.
|
<activeProfiles>
<activeProfile>alwaysActiveProfile</activeProfile>
--
<activeProfile>sonar</activeProfile>
</activeProfiles>
</settings>
- 安装sonar-scanner
下载SonarScanner | SonarQube Docs
找历史版本sonar-scanner-cli-4.6.0.2311-linux.zip解压安装,用于有效检查代码质量,上面安装的SonarQuebe主要用于扫描数据汇总,实际扫描器是sonar-scanner
[root@jenkins-127 conf]# yum -y install unzip
[root@jenkins-127 ~]# unzip sonar-scanner-cli-4.6.0.2311-linux.zip
[root@jenkins-127 ~]# mv sonar-scanner /CICD/jenkins/data/
[root@jenkins-127 data]# cd sonar-scanner/conf/
[root@jenkins-127 conf]# vi sonar-scanner.properties
[root@jenkins-127 conf]# more sonar-scanner.properties
#Configure here general information about the environment, such as SonarQube ser
ver connection details for example
#No information about specific project should appear here
#----- Default SonarQube server
sonar.host.url=http://192.168.1.127:9000
#----- Default source code encoding
sonar.sourceEncoding=UTF-8
生成令牌以便后面调用
- SonarQube与jenkins集成
在jenkins安装sonarqube scanner插件
加配置
Maven,JDK与jenkins集成
- harbor安装
[root@jenkins-127 ~]#wget https://ghproxy.com/https://github.com/goharbor/harbor/releases/download/v2.5.3/harbor-offline-installer-v2.5.3.tgz
[root@jenkins-127 ~]# tar -xzvf harbor-offline-installer-v2.5.3.tgz -C /usr/local
[root@jenkins-127 ~]# cd /usr/local/harbor
[root@jenkins-127 ~]# cp harbor.yml.tmpl harbor.yml
[root@jenkins-127 ~]# vi harbor.yml
hostname: 192.168.1.127
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# https related config
#https:
# https port for harbor, default is 443
# port: 443
# The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path
由于没有配https,docker需要配置下,才能正常访问私有镜像库Harbor
[root@jenkins-127 harbor]# ./install.sh
Vi /etc/docker/daemon.json
{
"insecure-registries": ["192.168.1.127:80"]
}
[root@jenkins-127 harbor]# Systemctl restart docker
[root@jenkins-127 sonarqube]# docker login -u admin -p Harbor12345 192.168.1.127:80
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
在Harbor里创建项目
- jenkins使用宿主机的docker服务
[root@jenkins-127 run]# pwd
/var/run
[root@jenkins-127 run]# chown root:root docker.sock
[root@jenkins-127 run]# chmod o+rw docker.sock
#docker-compose.yml后面追加下面3个映射
[root@jenkins-127 jenkins]# vi docker-compose.yml
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker
- /etc/docker/daemon.json:/etc/docker/daemon.json
#重启jenkins
[root@jenkins-127 jenkins]# docker-compose up -d
#测试
[root@jenkins-127 jenkins]# docker exec -it jenkins bash
jenkins@43bf782393ea:/$ docker version
6.在二台k8s服务器部署k8s集群
二台k8s服务器都执行下列命令设置host,添加主机名与IP对应关系
cat >> /etc/hosts << EOF
192.168.1.105 k8s-master-105
192.168.1.106 k8s-node-106
EOF
hostnamectl set-hostname k8s-master-105
hostnamectl set-hostname k8s-node-106
二台k8s服务器都执行下列命令,将IPv4流量转发到iptables
cat > /etc/sysctl.d/k8s.conf << EOF
net.ipv4.ip_forward = 1
net.ipv4.tcp_tw_recycle = 0
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
最开始已经安装过docker服务了,这里Docker配置修改,设置cgroup驱动,这里用systemd
配置修改为如下
vim /etc/docker/daemon.json
{
"graph": "/data/docker",
"registry-mirrors": ["https://01xxgaft.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
重启docker服务
systemctl restart docker
2台机器都执行下列命令,添加k8s阿里云YUM软件源
[root@k8s-master-105 ~]# more /etc/yum.repos.d/kubernetes.repo
[Kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
2台机器都执行下列命令,安装kubeadm,kubelet和kubectl
yum install -y kubelet-1.16.2 kubeadm-1.16.2 kubectl-1.16.2
systemctl start kubelet
systemctl enable kubelet
部署master节点,只在192.168.1.105上执行
[root@k8s-master-105 ~]# kubeadm init --apiserver-advertise-address=192.168.1.105 \
[root@k8s-master-105 ~]# --image-repository registry.aliyuncs.com/google_containers \
[root@k8s-master-105 ~]# --kubernetes-version v1.18.0 \
[root@k8s-master-105 ~]# --service-cidr=10.96.0.0/12 \
[root@k8s-master-105 ~]# --pod-network-cidr=10.244.0.0/16
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.1.105:6443 --token fuh4c7.f8fkqxuczd267z2s \
--discovery-token-ca-cert-hash sha256:1a9da40553cb981af969dbb28099f3e4767da9ebcb86d931318ba5c32be6c2d6
执行生成的命令
[root@k8s-master-105 ~]# mkdir -p $HOME/.kube
[root@k8s-master-105 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master-105 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
再用生成的命令部署node节点,在192.168.1.106执行
kubeadm join 192.168.1.105:6443 --token fuh4c7.f8fkqxuczd267z2s \
--discovery-token-ca-cert-hash sha256:1a9da40553cb981af969dbb28099f3e4767da9ebcb86d931318ba5c32be6c2d6
在master节点安装网络插件flannel
[root@k8s-master-105 ~]#wget https://github.com/xuwei777/xw_yaml/blob/main/kube-flannel.yml
[root@k8s-master-105 ~]#kubectl apply -f kube-flannel.yml
[root@k8s-master-105 ~]# kubectl get pods -n kube-system
在master节点安装网络插件calico
[root@k8s-master-105 ~]# wget https://github.com/xuwei777/xw_yaml/blob/main/calico-3.9.2.yaml
[root@k8s-master-105 ~]# sed -i 's/192.168.0.0/10.244.0.0/g' calico-3.9.2.yaml
[root@k8s-master-105 ~]# kubectl apply -f calico.yaml
[root@k8s-master-105 ~]# kubectl get pod --all-namespaces -o wide
- 安装图形化K8S管理工具kuboard
安装指导:安装 Kuboard v3 - kubernetes | Kuboard
[root@k8s-master-105 ~]# kubectl apply -f https://addons.kuboard.cn/kuboard/kuboard-v3-swr.yaml
namespace/kuboard created
configmap/kuboard-v3-config created
serviceaccount/kuboard-boostrap created
clusterrolebinding.rbac.authorization.k8s.io/kuboard-boostrap-crb created
daemonset.apps/kuboard-etcd created
deployment.apps/kuboard-v3 created
service/kuboard-v3 created
[root@k8s-master-105 ~]# watch kubectl get pods -n kuboard
访问kuboard:http://192.168.1.105:30080/
用户名: admin
密码: Kuboard123 - Master 和 node节点都执行下列命令,添加"insecure-registries": [“192.168.1.127:80”],以便访问私有镜像库Harbor
[root@k8s-node-106 ~]# vi /etc/docker/daemon.json
"insecure-registries": ["192.168.1.127:80"],
[root@k8s-node-106 ~]# systemctl restart docker
[root@k8s-node-106 ~]#
K8s添加docker仓库账号密码,访问kuboard,在界面添加即可
- 设置jenkins能连接k8s-master
#在master-105节点创建k8s目录
[root@k8s-master-105 ~]# mkdir -p /usr/local/k8s
再在jenkins配置连接master-105的k8s目录,jenkins后面生成的文件传到这个目录下
- 设置Jenkin docker能免密ssh到master-105上调用kubectl apply –f 命令
Jenkins服务器上执行
[root@jenkins-127 data]# docker exec -it jenkins bash
jenkins@43bf782393ea:/$ cd ~
ls –a
没有.ssh 目录
jenkins@43bf782393ea:~$ ssh-keygen -t rsa
回车
输入密码这一环节直接回车
再次输入密码这一环节直接回车
jenkins@43bf782393ea:~$ more /var/jenkins_home/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC51bfacO+KJPsklcSReX3LFwEbG6R9YYCoC/A7bWLNm0BMxzmnMz3Hi9E4TmCpjgUxWG32lqkxDbIIbse91oFKD9dJ3IdizsYrQRgJsBZOIxDwqJwwoYQYA9VB3HaWpxKZFLT8uszIiIerk47DJiOAPaxA56uMOQCyvh4OMP
YGus7cbprAx/zLMzDvs7E3jJn3xud9DnwONi2DRBqHt2IACzLg+u1dtKwLBaokDjQniBC1DWdS5Dh+vy0zFcv0r10bWEZhFsJmdgmWl7YGLCARucB4qCn0yMA4VDywC+hxQLH9C3nOfXjAvLcZfCxeoleR3yGtTMSKoyWWznS7GGfWRe+wO6Qe7HQ0AT1VM6g9WXddUPcRGIBn
Dw/UwVxlgGftzFoJ5rTx4AAbG1GfkUOrnLNdJoI5Oa/bW4jU+ihYInU5DRsPnX8vcH7MeGXhetYxPYNHBji4Lfe6PL+UXCx7aqmLXf1s1+748vAnVxeQcaamwkcg6/eHUQ4wQ0/H/nk= jenkins@43bf782393ea
#将公钥传送给k8s-master-105服务
jenkins@43bf782393ea:~$ ssh-copy-id root@192.168.1.105
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/jenkins_home/.ssh/id_rsa.pub"
The authenticity of host '192.168.1.105 (192.168.1.105)' can't be established.
ECDSA key fingerprint is SHA256:Ou3p/4WYTpa1vsJG4+qIrUmJ4P/DMup0xMAHZgDTTI8.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.1.105's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.1.105'"
and check to make sure that only the key(s) you wanted were added.
在本地代码准备好的Jenkinsfile文件和DOCKEFILE,pipeline.yml文件,上传到gitlab
pipeline{
agent any
environment {
harborUser = 'admin'
harborPasswd = 'Harbor12345'
harborAddress = '192.168.1.127:80'
harborRepo = 'repo'
}
stages {
stage('拉取git仓库代码') {
steps {
checkout([$class: 'GitSCM', branches: [[name: '${tag}']], extensions: [], userRemoteConfigs: [[url: 'http://192.168.1.126:8929/root/mydemo.git']]])
}
}
stage('通过maven构建项目') {
steps {
sh '/var/jenkins_home/maven/bin/mvn clean package -DskipTests'
}
}
stage('sonarqube代码质量检测') {
steps {
sh '/var/jenkins_home/sonar-scanner/bin/sonar-scanner -Dsonar.source=./ -Dsonar.projectname=${JOB_NAME} -Dsonar.projectKey=${JOB_NAME} -Dsonar.java.binaries=./target/ -Dsonar.login=dffbbab02dec3466b52c18f728cfc338ce31da80'
}
}
stage('通过Docker制作自定义镜像') {
steps {
sh '''mv ./target/*.jar ./docker/
docker build -t ${JOB_NAME}:${tag} ./docker/'''
}
}
stage('push到harbor镜像仓库') {
steps {
sh '''docker login -u ${harborUser} -p ${harborPasswd} ${harborAddress}
docker tag ${JOB_NAME}:${tag} ${harborAddress}/${harborRepo}/${JOB_NAME}:${tag}
docker push ${harborAddress}/${harborRepo}/${JOB_NAME}:${tag}'''
}
}
stage('将pipeline.yml传输到k8s-master') {
steps {
sshPublisher(publishers: [sshPublisherDesc(configName: 'k8s-master', transfers: [sshTransfer(cleanRemote: false, excludes: '', execCommand: '', execTimeout: 120000, flatten: false, makeEmptyDirs: false, noDefaultExcludes: false, patternSeparator: '[, ]+', remoteDirectory: '', remoteDirectorySDF: false, removePrefix: '', sourceFiles: 'pipeline.yml')], usePromotionTimestamp: false, useWorkspaceInPromotion: false, verbose: false)])
}
}
stage('远程执行k8s-master的pipeline.yml') {
steps {
sh 'ssh root@192.168.1.105 kubectl apply -f /usr/local/k8s/pipeline.yml'
}
}
}
}
Dockerfile
FROM daocloud.io/library/java:8u40-jdk
COPY demo-0.0.1-SNAPSHOT.jar /usr/local/demo.jar
WORKDIR /usr/local
CMD java -jar demo.jar
pipeline.yml文件
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: test
name: pipeline
labels:
app: pipeline
spec:
replicas: 2
selector:
matchLabels:
app: pipeline
template:
metadata:
labels:
app: pipeline
spec:
containers:
- name: pipeline
image: 192.168.1.127:80/repo/pipeline:v4.0.0
imagePullPolicy: Always
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
namespace: test
labels:
app: pipeline
name: pipeline
spec:
selector:
app: pipeline
ports:
- port: 8081
targetPort: 8080
type: NodePort
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
namespace: test
name: pipeline
spec:
ingressClassName: ingress
rules:
- host: dragon.pipeline.com
http:
paths:
- path: /
pathType: Prefix
backend:
serviceName: pipeline
servicePort: 8081
- 在Jenkins上创建流水线类型的任务
设置Pipeline script from SCM,这样jenkins就可以拿到上面写好的Jenkins文件去执行每个Stage
添加git参数,接收传入的代码版本号,容器端口,宿主机端口
7.测试验证
- 原来为访问服务显示v.4.0.0,经过jenkins CICD后,显示v5.0.0成功
本文含有隐藏内容,请 开通VIP 后查看