1.在k8s集群中部署jenkins
1.1 Deployment.yaml
kind: Deployment apiVersion: extensions/v1beta1 metadata: name: jenkins namespace: infra labels: name: jenkins spec: replicas: 1 selector: matchLabels: name: jenkins template: metadata: labels: app: jenkins name: jenkins spec: volumes: - name: data nfs: server: hdss7-200 path: /data/nfs-volume/jenkins_home - name: data2 nfs: server: hdss7-200 path: /data/nfs-volume/cache - name: docker hostPath: path: /run/docker.sock type: '' containers: - name: jenkins image: harbor.od.com/infra/jenkins:v2.190.3 ports: - containerPort: 8080 protocol: TCP env: - name: JAVA_OPTS value: -Xmx512m -Xms512m resources: limits: cpu: 500m memory: 1Gi requests: cpu: 500m memory: 1Gi volumeMounts: - name: data mountPath: /var/jenkins_home - name: data2 mountPath: /root/.m2 - name: docker mountPath: /run/docker.sock terminationMessagePath: /dev/termination-log terminationMessagePolicy: File imagePullPolicy: IfNotPresent imagePullSecrets: - name: harbor restartPolicy: Always terminationGracePeriodSeconds: 30 securityContext: runAsUser: 0 schedulerName: default-scheduler strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 maxSurge: 1 revisionHistoryLimit: 7 progressDeadlineSeconds: 600
1.2 service.yml
kind: Service apiVersion: v1 metadata: name: jenkins namespace: infra spec: ports: - protocol: TCP port: 80 targetPort: 8080 selector: app: jenkins type: ClusterIP sessionAffinity: None
1.3 ingress.yml
kind: Ingress apiVersion: extensions/v1beta1 metadata: name: jenkins namespace: infra spec: rules: - host: jenkins.od.com http: paths: - path: / backend: serviceName: jenkins servicePort: 80
1.3发布jenkins到k8s集群
kubectl apply -f http://k8s-yaml.od.com/jenkins/Ingress.yaml kubectl apply -f http://k8s-yaml.od.com/jenkins/service.yaml http://k8s-yaml.od.com/jenkins/Deployment.yaml
2.
2.1jenkins安全管理
2.2允许匿名访问
2.3允许跨域
2.4修改jeknis插件源
https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json
有时候下载插件失败可以重新check now一下就好了
jenkins流水线发布需要安装两个组件
Blue Ocean和SSH Pipeline Steps
3.
3.1新建流水线项目
3.2
保留三天的构建
3.3添加参数话构建
两个可选参数其他的为自定义参数
app_name
image_name
git_repo https://gitee.com/ycxc/learnjenkins #我测试的代码仓库
git_ver
add_tag
mvn_dir
target_dir
mvn_cmd
base_image(可选参数)
maven(可选版本)
pipeline script
pipeline { agent any stages { stage('pull') { //get project code from repo steps { sh "git clone ${params.git_repo} ${params.app_name}/${env.BUILD_NUMBER} && cd ${params.app_name}/${env.BUILD_NUMBER} && git checkout ${params.git_ver}" } } stage('build') { //exec mvn cmd steps { sh "cd ${params.app_name}/${env.BUILD_NUMBER} && /var/jenkins_home/maven-${params.maven}/bin/${params.mvn_cmd}" } } stage('package') { //move jar file into project_dir steps { sh "cd ${params.app_name}/${env.BUILD_NUMBER} && cd ${params.target_dir} && mkdir project_dir && mv *.jar ./project_dir" } } stage('image') { //build image and push to registry steps { writeFile file: "${params.app_name}/${env.BUILD_NUMBER}/Dockerfile", text: """FROM harbor.od.com/${params.base_image} ADD ${params.target_dir}/project_dir /opt/project_dir""" sh "cd ${params.app_name}/${env.BUILD_NUMBER} && docker build -t harbor.od.com/${params.image_name}:${params.git_ver}_${params.add_tag} . && docker push harbor.od.com/${params.image_name}:${params.git_ver}_${params.add_tag}" } } stage('dp') { //发布 steps { script { def remote = [:] remote.name = 'test' remote.host ='10.5.7.21' remote.user = 'root' remote.password ='123456' remote.allowAnyHosts= true writeFile file: "dp.sh", text: """/usr/bin/kubectl apply -f http://k8s-yaml.od.com/hello/dp.yaml""" sshScript remote: remote,script: "dp.sh" } } } } }
参数话构建如图
构建完成
SSH Pipeline Steps用法请参考
https://github.com/jenkinsci/ssh-steps-plugin#sshput
传输文件到远程主机
node { def remote = [:] remote.name = 'test' remote.host = 'test.domain.com' remote.user = 'root' remote.password = 'password' remote.allowAnyHosts = true stage('Remote SSH') { writeFile file: 'abc.sh', text: 'ls -lrt' sshPut remote: remote, from: 'abc.sh', into: '.' } }
远程执行本地脚本
node { def remote = [:] remote.name = 'test' remote.host = 'test.domain.com' remote.user = 'root' remote.password = 'password' remote.allowAnyHosts = true stage('Remote SSH') { writeFile file: 'abc.sh', text: 'ls -lrt' sshScript remote: remote, script: "abc.sh" } }
远程执行命令
node { def remote = [:] remote.name = 'test' remote.host = 'test.domain.com' remote.user = 'root' remote.password = 'password' remote.allowAnyHosts = true stage('Remote SSH') { sshCommand remote: remote, command: "ls -lrt" sshCommand remote: remote, command: "for i in {1..5}; do echo -n \"Loop \$i \"; date ; sleep 1; done" } }
拷贝远程主机文件到本地
node { def remote = [:] remote.name = 'test' remote.host = 'test.domain.com' remote.user = 'root' remote.password = 'password' remote.allowAnyHosts = true stage('Remote SSH') { sshGet remote: remote, from: 'abc.sh', into: 'abc_get.sh', override: true } }
删除远程主机上的文件
node { def remote = [:] remote.name = 'test' remote.host = 'test.domain.com' remote.user = 'root' remote.password = 'password' remote.allowAnyHosts = true stage('Remote SSH') { sshRemove remote: remote, path: "abc.sh" } }
秘钥的形式执行命令
def remote = [:] remote.name = "node-1" remote.host = "10.000.000.153" remote.allowAnyHosts = true node { withCredentials([sshUserPrivateKey(credentialsId: 'sshUser', keyFileVariable: 'identity', passphraseVariable: '', usernameVariable: 'userName')]) { remote.user = userName remote.identityFile = identity stage("SSH Steps Rocks!") { writeFile file: 'abc.sh', text: 'ls' sshCommand remote: remote, command: 'for i in {1..5}; do echo -n \"Loop \$i \"; date ; sleep 1; done' sshPut remote: remote, from: 'abc.sh', into: '.' sshGet remote: remote, from: 'abc.sh', into: 'bac.sh', override: true sshScript remote: remote, script: 'abc.sh' sshRemove remote: remote, path: 'abc.sh' } } }
码云访问私钥管理
https://gitee.com/help/articles/4181#article-header0
推送账号是手机号 密码是自己设置的密码
参考链接:https://www.cnblogs.com/slim-liu/p/11953327.html