k8s安裝直接跳過,用Kubeadm安裝也比較簡單
安裝和配置 NFS
NFS簡介
NFS(Network File System),它最大的功能就是可以通過網絡,讓不同的機器、不同的操作系統可以
共享彼此的文件。我們可以利用NFS共享Jenkins運行的配置文件、Maven的倉庫依賴文件等
NFS安裝直接跳過,之前博客也寫過
[root@k8s-master ~]# cat /etc/exports /opt/nfs/jenkins *(rw,no_root_squash) /opt/nfs/maven *(rw,no_root_squash) [root@k8s-master ~]# [root@k8s-master ~]# showmount -e 192.168.1.114 Export list for 192.168.1.114: /opt/nfs/maven * /opt/nfs/jenkins * [root@k8s-master ~]#
Kubernetes安裝Jenkins-Master
創建NFS client provisioner
nfs-client-provisioner 是一個Kubernetes的簡易NFS的外部provisioner,本身不提供NFS,需要現有
的NFS服務器提供存儲。
1)上傳nfs-client-provisioner構建文件
[root@k8s-master ~]# cd /wgr/ [root@k8s-master wgr]# ll total 0 drwxr-xr-x 5 root root 67 Jun 2 13:20 jenkins [root@k8s-master wgr]# cd jenkins/ [root@k8s-master jenkins]# ll total 0 drwxr-xr-x 2 root root 94 Jun 2 12:41 jenkins-master drwxr-xr-x 2 root root 81 Jun 2 13:20 jenkins-slave drwxr-xr-x 2 root root 64 Jun 2 12:19 nfs-client [root@k8s-master jenkins]# cd nfs-client/ [root@k8s-master nfs-client]# ll total 12 -rw-r--r-- 1 root root 225 Jun 2 12:19 class.yaml -rw-r--r-- 1 root root 983 Jun 2 12:19 deployment.yaml -rw-r--r-- 1 root root 1526 Jun 2 12:19 rbac.yaml [root@k8s-master nfs-client]#
執行
kubectl create -f .
安裝Jenkins-Master
1)上傳Jenkins-Master構建文件
2)創建kube-ops的namespace
因為我們把Jenkins-Master的pod放到kube-ops下
kubectl create namespace kube-ops
3)構建Jenkins-Master的pod資源
kubectl create -f .
4)查看pod是否創建成功
查看分配的端口
Jenkins與Kubernetes整合
安裝Kubernetes插件
系統管理->插件管理->可選插件
實現Jenkins與Kubernetes整合
系統管理->系統配置->雲->新建雲->Kubernetes
kubernetes地址采用了kube的服務器發現: https://kubernetes.default.svc.cluster.local
namespace填kube-ops,然后點擊Test Connection,如果出現 Connection test successful 的提
示信息證明 Jenkins 已經可以和 Kubernetes 系統正常通信
Jenkins URL 地址: http://jenkins.kube-ops.svc.cluster.local:8080
構建Jenkins-Slave自定義鏡像
Jenkins-Master在構建Job的時候,Kubernetes會創建Jenkins-Slave的Pod來完成Job的構建。我們選擇
運行Jenkins-Slave的鏡像為官方推薦鏡像:jenkins/jnlp-slave:latest,但是這個鏡像里面並沒有Maven
環境,為了方便使用,我們需要自定義一個新的鏡像:
准備材料:
Dockerfile如下:
FROM jenkins/jnlp-slave:latest MAINTAINER itcast # 切換到 root 賬戶進行操作 USER root # 安裝 maven COPY apache-maven-3.6.2-bin.tar.gz . RUN tar -zxf apache-maven-3.6.2-bin.tar.gz && \ mv apache-maven-3.6.2 /usr/local && \ rm -f apache-maven-3.6.2-bin.tar.gz && \ ln -s /usr/local/apache-maven-3.6.2/bin/mvn /usr/bin/mvn && \ ln -s /usr/local/apache-maven-3.6.2 /usr/local/apache-maven && \ mkdir -p /usr/local/apache-maven/repo COPY settings.xml /usr/local/apache-maven/conf/settings.xml USER jenkins
構建出一個新鏡像: jenkins-slave-maven:latest
然把鏡像上傳到Harbor的公共庫library中
生成憑證
[root@k8s-master maven]# kubectl create secret docker-registry registry-auth-secret --docker-server=192.168.1.120:8001 --docker-username=admin --docker-password=Harbor12345 --docker-email=dalianpai@163.com secret/registry-auth-secret created [root@k8s-master maven]# kubectl get secret NAME TYPE DATA AGE default-token-d4gmj kubernetes.io/service-account-token 3 10d nfs-client-provisioner-token-rqxj2 kubernetes.io/service-account-token 3 21h qingcloud kubernetes.io/dockerconfigjson 1 10d registry-auth-secret kubernetes.io/dockerconfigjson 1 12s
建立k8s認證憑證
流水線
def git_address ="http://192.168.1.120:88/dalianpai_group/tensquare_back_k8s.git"
def git_auth = "cc7c6270-03bf-4fe2-9ee3-a5e4d391e0d3"
//構建版本的名稱
def tag = "latest"
//Harbor私服地址
def harbor_url = "192.168.1.120:8001"
//Harbor的項目名稱
def harbor_project_name = "tensquare_k8s"
//Harbor的憑證
def harbor_auth = "b00af28a-e611-41b7-b123-88e99e457839"
def secret_name = "registry-auth-secret"
//Harbor的憑證
def k8s_auth="3d37d57b-d05b-4416-b9cb-313874e00162"
podTemplate(label: 'jenkins-slave', cloud: 'kubernetes', containers: [
containerTemplate(
name: 'jnlp',
image: "192.168.1.120:8001/library/jenkins-slave-maven:latest"
),
containerTemplate(
name: 'docker',
image: "docker:stable",
ttyEnabled: true,
command: 'cat'
),
],
volumes: [
hostPathVolume(mountPath: '/var/run/docker.sock', hostPath:'/var/run/docker.sock'),
nfsVolume(mountPath: '/usr/local/apache-maven/repo', serverAddress:'192.168.1.114' , serverPath: '/opt/nfs/maven'),
],
)
{
node("jenkins-slave"){
// 第一步
stage('拉取代碼'){
checkout([$class: 'GitSCM', branches: [[name: '${branch}']],userRemoteConfigs: [[credentialsId: "${git_auth}", url: "${git_address}"]]])
}
// 第二步
stage('編譯,安裝公共子工程') {
sh "mvn -f tensquare_common clean install"
}
// 第三步
stage('構建鏡像,部署項目'){
//把選擇的項目信息轉為數組
def selectedProjects = "${project_name}".split(',')
for(int i=0;i<selectedProjects.size();i++){
//取出每個項目的名稱和端口
def currentProject = selectedProjects[i];
//項目名稱
def currentProjectName = currentProject.split('@')[0]
//項目啟動端口
def currentProjectPort = currentProject.split('@')[1]
//定義鏡像名稱
def imageName = "${currentProjectName}:${tag}"
//編譯,構建本地鏡像
sh "mvn -f ${currentProjectName} clean package dockerfile:build"
container('docker') {
//給鏡像打標簽
sh "docker tag ${imageName} ${harbor_url}/${harbor_project_name}/${imageName}"
//登錄Harbor,並上傳鏡像
withCredentials([usernamePassword(credentialsId: "${harbor_auth}", passwordVariable: 'password', usernameVariable: 'username')]){
//登錄
sh "docker login -u ${username} -p ${password} ${harbor_url}"
//上傳鏡像
sh "docker push ${harbor_url}/${harbor_project_name}/${imageName}"
}
//刪除本地鏡像
sh "docker rmi -f ${imageName}"
sh "docker rmi -f ${harbor_url}/${harbor_project_name}/${imageName}"
}
def deploy_image_name = "${harbor_url}/${harbor_project_name}/${imageName}"
//部署到K8S
sh """
sed -i 's#\$IMAGE_NAME#${deploy_image_name}#' ${currentProjectName}/deploy.yml
sed -i 's#\$SECRET_NAME#${secret_name}#' ${currentProjectName}/deploy.yml
"""
kubernetesDeploy configs: "${currentProjectName}/deploy.yml",kubeconfigId: "${k8s_auth}"
}
}
}
}
最后的效果
