Gitlab+Jenkins+Docker+K8S实现CI/CD

使用Docker安装GitLab及Jenkins

下载安装gitlab镜像

# 下载gitlab镜像文件
$ docker pull gitlab/gitlab-ce:latest
# 启动gitlab
$ docker run -d \
             --hostname HOST_NAME \
             -p 9443:443 -p 9080:80 -p 2222:22 \
             --name gitlab \
             -v PATH/config:/etc/gitlab \
             -v PATH/logs:/var/log/gitlab \
             -v PATH/data:/var/opt/gitlab \
             gitlab/gitlab-ce:latest
# 修改PATH/config/gitlab.rb
$  cat PATH/config/gitlab.rb
gitlab_rails['gitlab_shell_ssh_port'] = 2222
# 重启gitlab容器
$ docker stop gitlab
$ docker rm gitlab
$ docker run -d \
             --hostname HOST_NAME \
             -p 9443:443 -p 9080:80 -p 2222:22 \
             --name gitlab \
             -v PATH/config:/etc/gitlab \
             -v PATH/logs:/var/log/gitlab \
             -v PATH/data:/var/opt/gitlab \
             gitlab/gitlab-ce:latest

下载安装Jenkins

# 下载jenkins镜像
$ docker pull jenkins
# 启动jenkins
$ docker run -d \
             -p 8080:8080 \
             -p 50000:50000 \
             -v PATH/jenkins-data:/var/jenkins_home \
             -v /var/run/docker.sock:/var/run/docker.sock \
             --name jenkins \
             jenkins:latest

Jenkins安全设置

1. 点击“系统管理” - 进入“全局安全配置”
2. 在“访问控制”-“授权策略”-“登录用户可以做任何事”中勾选上“匿名用户具有可读权限”
3. 去掉"CSRF Protection"中的"防止跨站点请求伪造"

gitlab添加jenkins服务器及git服务器SSH KEYS

jenkins创建流水线任务

jenkins触发远程构建

gitlab添加jenkins钩子

jenkins编写流水线脚本

# 构建流水线脚本
#!groovy
pipeline {
	agent any
	environment {
		REPOSITORY="ssh://[email protected]:2222/hadeian/microservice.git"
		MODULE="user-edge-service"
		SCRIPT_PATH="~/scripts"
	}
	stages {
		stage('获取代码') {
			steps {
				echo "start fetch from git:${REPOSITORY}"
				deleteDir()
				git "${REPOSITORY}"
			}
		}
		stage('编译+单元测试') {
			steps {
				echo "start compile"
				sh "mvn -U -pl ${MODULE} -am clean package"
			}
		}
		stage('构建镜像') {
			steps {
				echo "start build image"
				sh "${SCRIPT_PATH}/build-image.sh ${MODULE}"
			}
		}
		stage('发布服务') {
			steps {
				echo "start deploy"
				sh "${SCRIPT_PATH}/deploy.sh user-edge-service ${MODULE}"
			}
		}
	}
}

# 远程执行编译脚本
$ cat build-image.sh
#!/bin/bash
MODULE=$1
TIME=`date "+%Y%m%d%H%M"`
GIT_VERSION=`git log -1 --pretty=format:"%h"`
IMAGE_NAME=DOCKER_REGISTRY/PRODUCT_NAME/${MODULE}:${TIME}_${GIT_VERSION}
cd ${MODULE}
docker build -t ${IMAGE_NAME} .
cd -
docker push ${IMAGE_NAME}
echo "${IMAGE_NAME}" > IMAGE_NAME

# 编写K8S更新服务脚本
$ cat deploy.sh
#!/bin/bash
IMAGE=`cat IMAGE_NAME`
DEPLOYMENT=$1
MODULE=$2
kubectl set image deployment/${DEPLOYMENT} ${MODULE}=${IMAGE}