1.在k8s集群中部署jenkins
1.1 Deployment.yaml
kind: Deployment apiVersion: extensions/v1beta1 metadata: name: jenkins namespace: infra labels: name: jenkins spec: replicas: 1 selector: matchLabels: name: jenkins template: metadata: labels: app: jenkins name: jenkins spec: volumes: - name: data nfs: server: hdss7-200 path: /data/nfs-volume/jenkins_home - name: data2 nfs: server: hdss7-200 path: /data/nfs-volume/cache - name: docker hostPath: path: /run/docker.sock type: '' containers: - name: jenkins image: harbor.od.com/infra/jenkins:v2.190.3 ports: - containerPort: 8080 protocol: TCP env: - name: JAVA_OPTS value: -Xmx512m -Xms512m resources: limits: cpu: 500m memory: 1Gi requests: cpu: 500m memory: 1Gi volumeMounts: - name: data mountPath: /var/jenkins_home - name: data2 mountPath: /root/.m2 - name: docker mountPath: /run/docker.sock terminationMessagePath: /dev/termination-log terminationMessagePolicy: File imagePullPolicy: IfNotPresent imagePullSecrets: - name: harbor restartPolicy: Always terminationGracePeriodSeconds: 30 securityContext: runAsUser: 0 schedulerName: default-scheduler strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 maxSurge: 1 revisionHistoryLimit: 7 progressDeadlineSeconds: 600
1.2 service.yml
kind: Service apiVersion: v1 metadata: name: jenkins namespace: infra spec: ports: - protocol: TCP port: 80 targetPort: 8080 selector: app: jenkins type: ClusterIP sessionAffinity: None
1.3 ingress.yml
kind: Ingress apiVersion: extensions/v1beta1 metadata: name: jenkins namespace: infra spec: rules: - host: jenkins.od.com http: paths: - path: / backend: serviceName: jenkins servicePort: 80
1.3發布jenkins到k8s集群
kubectl apply -f http://k8s-yaml.od.com/jenkins/Ingress.yaml kubectl apply -f http://k8s-yaml.od.com/jenkins/service.yaml http://k8s-yaml.od.com/jenkins/Deployment.yaml
2.
2.1jenkins安全管理
2.2允許匿名訪問
2.3允許跨域
2.4修改jeknis插件源
https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json
有時候下載插件失敗可以重新check now一下就好了
jenkins流水線發布需要安裝兩個組件
Blue Ocean和SSH Pipeline Steps
3.
3.1新建流水線項目
3.2
保留三天的構建
3.3添加參數話構建
兩個可選參數其他的為自定義參數
app_name
image_name
git_repo https://gitee.com/ycxc/learnjenkins #我測試的代碼倉庫
git_ver
add_tag
mvn_dir
target_dir
mvn_cmd
base_image(可選參數)
maven(可選版本)
pipeline script
pipeline { agent any stages { stage('pull') { //get project code from repo steps { sh "git clone ${params.git_repo} ${params.app_name}/${env.BUILD_NUMBER} && cd ${params.app_name}/${env.BUILD_NUMBER} && git checkout ${params.git_ver}" } } stage('build') { //exec mvn cmd steps { sh "cd ${params.app_name}/${env.BUILD_NUMBER} && /var/jenkins_home/maven-${params.maven}/bin/${params.mvn_cmd}" } } stage('package') { //move jar file into project_dir steps { sh "cd ${params.app_name}/${env.BUILD_NUMBER} && cd ${params.target_dir} && mkdir project_dir && mv *.jar ./project_dir" } } stage('image') { //build image and push to registry steps { writeFile file: "${params.app_name}/${env.BUILD_NUMBER}/Dockerfile", text: """FROM harbor.od.com/${params.base_image} ADD ${params.target_dir}/project_dir /opt/project_dir""" sh "cd ${params.app_name}/${env.BUILD_NUMBER} && docker build -t harbor.od.com/${params.image_name}:${params.git_ver}_${params.add_tag} . && docker push harbor.od.com/${params.image_name}:${params.git_ver}_${params.add_tag}" } } stage('dp') { //發布 steps { script { def remote = [:] remote.name = 'test' remote.host ='10.5.7.21' remote.user = 'root' remote.password ='123456' remote.allowAnyHosts= true writeFile file: "dp.sh", text: """/usr/bin/kubectl apply -f http://k8s-yaml.od.com/hello/dp.yaml""" sshScript remote: remote,script: "dp.sh" } } } } }
參數話構建如圖
構建完成
SSH Pipeline Steps用法請參考
https://github.com/jenkinsci/ssh-steps-plugin#sshput
傳輸文件到遠程主機
node { def remote = [:] remote.name = 'test' remote.host = 'test.domain.com' remote.user = 'root' remote.password = 'password' remote.allowAnyHosts = true stage('Remote SSH') { writeFile file: 'abc.sh', text: 'ls -lrt' sshPut remote: remote, from: 'abc.sh', into: '.' } }
遠程執行本地腳本
node { def remote = [:] remote.name = 'test' remote.host = 'test.domain.com' remote.user = 'root' remote.password = 'password' remote.allowAnyHosts = true stage('Remote SSH') { writeFile file: 'abc.sh', text: 'ls -lrt' sshScript remote: remote, script: "abc.sh" } }
遠程執行命令
node { def remote = [:] remote.name = 'test' remote.host = 'test.domain.com' remote.user = 'root' remote.password = 'password' remote.allowAnyHosts = true stage('Remote SSH') { sshCommand remote: remote, command: "ls -lrt" sshCommand remote: remote, command: "for i in {1..5}; do echo -n \"Loop \$i \"; date ; sleep 1; done" } }
拷貝遠程主機文件到本地
node { def remote = [:] remote.name = 'test' remote.host = 'test.domain.com' remote.user = 'root' remote.password = 'password' remote.allowAnyHosts = true stage('Remote SSH') { sshGet remote: remote, from: 'abc.sh', into: 'abc_get.sh', override: true } }
刪除遠程主機上的文件
node { def remote = [:] remote.name = 'test' remote.host = 'test.domain.com' remote.user = 'root' remote.password = 'password' remote.allowAnyHosts = true stage('Remote SSH') { sshRemove remote: remote, path: "abc.sh" } }
秘鑰的形式執行命令
def remote = [:] remote.name = "node-1" remote.host = "10.000.000.153" remote.allowAnyHosts = true node { withCredentials([sshUserPrivateKey(credentialsId: 'sshUser', keyFileVariable: 'identity', passphraseVariable: '', usernameVariable: 'userName')]) { remote.user = userName remote.identityFile = identity stage("SSH Steps Rocks!") { writeFile file: 'abc.sh', text: 'ls' sshCommand remote: remote, command: 'for i in {1..5}; do echo -n \"Loop \$i \"; date ; sleep 1; done' sshPut remote: remote, from: 'abc.sh', into: '.' sshGet remote: remote, from: 'abc.sh', into: 'bac.sh', override: true sshScript remote: remote, script: 'abc.sh' sshRemove remote: remote, path: 'abc.sh' } } }
碼雲訪問私鑰管理
https://gitee.com/help/articles/4181#article-header0
推送賬號是手機號 密碼是自己設置的密碼
參考鏈接:https://www.cnblogs.com/slim-liu/p/11953327.html