k8s + Jenkins Pipeline + Gitlab + Harbor 环境发布业务
本文用于个人记录,只有yaml文件,无其他相关,本人采用的nfs存储。
gitlab-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitlab
spec:
selector:
matchLabels:
app: gitlab
revisionHistoryLimit: 2
template:
metadata:
labels:
app: gitlab
spec:
restartPolicy: Always
containers:
- image: gitlab/gitlab-ce
name: gitlab
imagePullPolicy: IfNotPresent
ports:
- containerPort: 443
name: gitlab443
- containerPort: 80
name: gitlab80
- containerPort: 22
name: gitlab22
volumeMounts:
- name: gitlab-persistent-config
mountPath: /etc/gitlab
- name: gitlab-persistent-logs
mountPath: /var/log/gitlab
- name: gitlab-persistent-data
mountPath: /var/opt/gitlab
imagePullSecrets:
- name: devops-repo
volumes:
- name: gitlab-persistent-config
nfs:
server: 172.30.100.134
path: /k8s/nfs/gitlab/config
- name: gitlab-persistent-logs
nfs:
server: 172.30.100.134
path: /k8s/nfs/gitlab/logs
- name: gitlab-persistent-data
nfs:
server: 172.30.100.134
path: /k8s/nfs/gitlab/datagitlab-service.yaml
apiVersion: v1
kind: Service
metadata:
name: gitlab
spec:
selector:
app: gitlab
type: NodePort
ports:
- name: https
port: 443
protocol: TCP
- name: http
port: 80
protocol: TCPjenkins.yaml
apiVersion: v1
kind: Service
metadata:
name: jenkins
labels:
app: jenkins
spec:
type: NodePort
ports:
- name: http
port: 8080
targetPort: 8080
nodePort: 32001
- name: jnlp
port: 50000
targetPort: 50000
nodePort: 32002
selector:
app: jenkins
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
labels:
app: jenkins
spec:
selector:
matchLabels:
app: jenkins
replicas: 1
template:
metadata:
labels:
app: jenkins
spec:
containers:
- name: jenkins
image: jenkins/jenkins:2.289.1
securityContext:
runAsUser: 0
privileged: true
ports:
- name: http
containerPort: 8080
- name: jnlp
containerPort: 50000
resources:
limits:
memory: 2Gi
cpu: "2000m"
requests:
memory: 2Gi
cpu: "2000m"
env:
- name: LIMITS_MEMORY
valueFrom:
resourceFieldRef:
resource: limits.memory
divisor: 1Mi
- name: "JAVA_OPTS"
value: "
-Xmx$(LIMITS_MEMORY)m
-XshowSettings:vm
-Dhudson.slaves.NodeProvisioner.initialDelay=0
-Dhudson.slaves.NodeProvisioner.MARGIN=50
-Dhudson.slaves.NodeProvisioner.MARGIN0=0.85
-Duser.timezone=Asia/Shanghai
"
- name: "JENKINS_OPTS"
value: "--prefix=/jenkins"
volumeMounts:
- name: data
mountPath: /var/jenkins_home
volumes:
- name: data
persistentVolumeClaim:
claimName: jenkins-datajenkins-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins-data
spec:
storageClassName: "nfs-storage"
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 10Gijenkins安装kubernetes、pipeline等插件
打开系统管理-系统配置滑到最后配置Cloud
配置pod template
这里用到的项目serviceAccount
apiVersion: v1
kind: ServiceAccount
metadata:
name: cmdb
labels:
cluster: cmdb
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cmdb-role
labels:
cluster: cmdb
rules:
- apiGroups: ["apps"]
resources: ["deployments", "statefulsets"]
verbs: ["create", "update", "list", "delete", "watch", "get", "patch", "deletecollection"]
- apiGroups: [""]
resources: ["configmaps", "namespaces", "services", "pods"]
verbs: ["create", "update", "list", "delete", "watch", "get", "deletecollection", "patch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cmdb-rolebinding
labels:
cluster: cmdb
subjects:
- apiGroup: ""
kind: ServiceAccount
name: cmdb
namespace: default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cmdb-rolejenkinsfiles
pipeline {
agent {label "jnlp-slave"}
environment {
harbor_addr = "172.30.100.134:8000/test"
}
parameters {
choice(
name: 'Namespace',
choices: ["test", "dev", "cmdb"],
description: "选择部署环境"
)
}
stages {
stage('Clone') {
steps {
echo "1.Clone Stage"
echo "env.BRANCH_NAME"
git credentialsId: 'gitlab', url: "http://172.30.100.132:30920/root/cmdb.git"
script {
build_tag = sh(returnStdout: true, script: 'git rev-parse --short HEAD').trim()
env.BRANCH_NAME = sh(returnStdout: true, script: 'git branch').trim()
}
}
}
stage('Test') {
steps {
echo "2.Test Stage"
}
}
stage('Docker Build') {
steps {
echo "3.Build Docker Image Stage"
sh "docker build -t ${harbor_addr}/cmdb-core:${build_tag} core"
}
}
stage('Docker Push') {
steps {
withCredentials([usernamePassword(credentialsId: "dockerharbor", usernameVariable: "user", passwordVariable: "passwd")]) {
sh "docker login -u ${user} -p ${passwd} ${harbor_addr}"
sh "docker push ${harbor_addr}/cmdb-core:${build_tag}"
}
}
}
stage('Deploy k8s') {
steps {
sh "sed -ri 's#image: .*#image: ${harbor_addr}/cmdb-core:${build_tag}#g' k8s/core.yaml"
sh "sed -ri 's//${params.Namespace}/' k8s/cmdb-namespace.yaml"
sh "kubectl apply -f k8s/cmdb-namespace.yaml"
sh "kubectl apply -f k8s/ -n ${params.Namespace}"
}
}
}
post {
changed {
script {
buildDescription "构建状态改变"
}
}
failure {
script {
buildDescription "构建失败"
}
}
success {
script {
buildDescription "构建成功"
}
}
aborted {
script {
buildDescription "手动取消"
}
}
}
} 
# harbor自行安装,我之前有现成的环境是docker-compose部署的,也可以用k8s、helm等方式安装。