持续集成与交付技术2-jenkins使用结合ansible与k8s集群
文章目录
- 前言
- 1、Jenkins自动构建docker镜像,并上传至harbor仓库
-
- 1.1 环境搭建
- 1.2 Jenkins添加插件自动执行Dockerfile
-
- 1.2.1 添加本地仓库registry(这里临时做测试,后面换成harbor仓库)
- 1.2.2 添加插件自动执行Dockerfile
- 1.3 将registry仓库换成harbor,增加一台虚拟机做(步骤类似)
-
- 1.3.1 给git-3虚拟机安装docker-ce
- 1.3.2 Jenkins后台修改配置
- 1.3.3 Jenkins使用tls方式连接docker构建主机
- 1.3.4 Jenkins后台添加认证(一一对应)
- 1.3.5 测试
- 1.4 自动更新仓库部署
-
- 1.4.1 Jenkins后台配置
- 1.4.2 测试
- 2、Jenkins结合ansible
-
- 2.1 在git-2上安装ansible
- 2.2 在GitLab上新建ansible项目,命名playbook
- 2.3 Jenkins后台创建ansible项目
- 2.4 修改ansible配置,增加git-4/git-5虚拟机并配置免密
-
- 2.4.1 配置ansible.cfg
- 2.4.2 配置免密
- 2.4.3 对git-4/git-5的操作(两台虚拟机操作一致)
- 2.5 配置playbook.yml清单和inventory 主机并提交到仓库
- 3、 Jenkins结合kubernetes
-
- 3.1 docker的部署
- 3.2 k8s部署
-
- 3.2.1 先部署好仓库文件
- 3.2.2 k8s集群部署
- 3.3 jenkins部署k8s
-
- 3.3.1 安装插件
- 3.3.2 GitLab配置
- 3.3.3 设置git-2,使jenkins用户可以操作k8s集群
- 3.3.4 jenkins后台配置
前言
本文衔接上一篇文章持续集成与交付技术1-Git工具使用(jenkins、gitlab)是上一篇文章的延伸与扩展
1、Jenkins自动构建docker镜像,并上传至harbor仓库
1.1 环境搭建
查看运行状态,保证运行正常
[root@git-1 ~]# gitlab-ctl status
配置仓库信息
给git-2(jenkins主机)安装并启动docker
[root@git-2 ~]# cd /etc/yum.repos.d/ #配置yum文件,安装docker
[root@git-2 yum.repos.d]# vim docker.repo
[root@git-2 yum.repos.d]# cat docker.repo
[docker]
name=docker-ce
baseurl=http://172.25.200.250/docker-ce #docker发布目录
gpgcheck=0
[root@git-2 ~]# yum install docker-ce -y ##安装docker-ce
[root@git-2 ~]# systemctl enable --now docker
消除docker info 的警告
[root@git-2 ~]# sysctl -a | grep bridge-nf-call-iptables
[root@git-2 ~]# vim /etc/sysctl.d/docker.conf
[root@git-2 ~]# cat /etc/sysctl.d/docker.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
[root@git-2 demo]# sysctl --system
配置加速器
[root@git-2 demo]# cat /etc/docker/daemon.json ##配置加速器
{
"registry-mirrors": ["https://vo5twm71.mirror.aliyuncs.com"]
}
[root@git-2 demo]# systemctl reload docker.service
测试拉取镜像
[root@git-2 demo]# docker pull nginx ##拉取nginx
写Dockerfile文件
[root@git-1 demo1]# vim Dockerfile
[root@git-1 demo1]# cat Dockerfile
FROM nginx
COPY index.html /usr/share/nginx/html
[root@git-1 demo1]# git add Dockerfile ##进入仓库内
[root@git-1 demo1]# git commit -m "add Dockerfile"
[root@git-1 demo]1# git push origin master
jenkins网页控制台查看
1.2 Jenkins添加插件自动执行Dockerfile
1.2.1 添加本地仓库registry(这里临时做测试,后面换成harbor仓库)
git-2上安装registry仓库
[root@git-2 ]# docker pull registry
[root@git-2 ]# docker historg registry:latest
[root@git-2 ]# docker tag nginx:latest localhost:5000/nginx:latest
[root@git-2 ]# docker push localhost:5000/nginx:latest
[root@git-2 ]# docker run -d --name registry -p 5000:5000 -v /opt/registry:/var/lib/registry registry
[root@git-2 ]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a2910d239dcf registry "/entrypoint.sh /etc…" 12 seconds ago Up 11 seconds 0.0.0.0:5000->5000/tcp registry
修改docker.sock权限,不然jenkins无法直接执行docker命令
[root@git-2 ]# ll /var/run/docker.sock
srw-rw---- 1 root docker 0 Mar 17 22:13 /var/run/docker.sock
[root@git-2 ]# chmod 777 /var/run/docker.sock ##修改docker.sock权限,不然jenkins无法直接执行docker命令
1.2.2 添加插件自动执行Dockerfile
1.3 将registry仓库换成harbor,增加一台虚拟机做(步骤类似)
1.3.1 给git-3虚拟机安装docker-ce
[root@git-3 yum.repos.d]# yum install docker-ce -y ##安装docker-ce
[root@git-3 ~]# systemctl enable --now docker
消除docker info 的警告
[root@git-3 ~]# sysctl -a | grep bridge-nf-call-iptables
[root@git-3 ~]# vim /etc/sysctl.d/docker.conf
[root@git-3 ~]# cat /etc/sysctl.d/docker.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
[root@git-3 ~]# sysctl --system
配置加速器
[root@git-3 yum.repos.d]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://reg.westos.org"]
}
1.3.2 Jenkins后台修改配置
1.3.3 Jenkins使用tls方式连接docker构建主机
[root@git-3 ~]# openssl genrsa -aes256 -out ca-key.pem 2048
[root@git-3 ~]# openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem
[root@git-3 ~]# openssl genrsa -out server-key.pem 2048
[root@git-3 ~]# openssl req -subj "/CN=server3" -sha256 -new -key server-key.pem -out server.csr
[root@git-3 ~]# echo subjectAltName = DNS:git-3,IP:172.25.200.3,IP:127.0.0.1 >> extfile.cnf
[root@git-3 ~]# openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile extfile.cnf
[root@git-3 ~]# ll
total 28
-rw-r--r-- 1 root root 1766 Mar 18 02:21 ca-key.pem
-rw-r--r-- 1 root root 1383 Mar 18 02:21 ca.pem
-rw-r--r-- 1 root root 17 Mar 18 02:26 ca.srl
-rw-r--r-- 1 root root 57 Mar 18 02:25 extfile.cnf
-rw-r--r-- 1 root root 1176 Mar 18 02:26 server-cert.pem
-rw-r--r-- 1 root root 887 Mar 18 02:25 server.csr
-rw-r--r-- 1 root root 1679 Mar 18 02:25 server-key.pem
[root@git-3 ~]# cp ca.pem server-cert.pem server-key.pem /etc/docker/
[root@git-3 ~]# systemctl status docker
[root@git-3 ~]# cp /usr/lib/systemd/system/docker.service /etc/systemd/system
[root@git-3 ~]# vim /etc/systemd/system
[root@git-3 system]# cp /usr/lib/systemd/system/docker.service /etc/systemd/system/
[root@git-3 system]# vim /etc/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --tlsverify --tlscacert=/etc/docker/ca.pem --tlscert=/etc/docker/server-cert.pem --tlskey=/etc/docker/server-key.pem -H tcp://0.0.0.0:2376
[root@git-3 ~]# systemctl daemon-reload
[root@git-3 ~]# systemctl restart docker
[root@git-3 ~]# openssl genrsa -out key.pem 2048
[root@git-3 ~]# openssl req -subj '/CN=client' -new -key key.pem -out client.csr
[root@git-3 ~]# echo extendedKeyUsage = clientAuth >> extfile.cnf
[root@git-3 ~]# openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem -extfile extfile.cnf
1.3.4 Jenkins后台添加认证(一一对应)
1.3.5 测试
[root@git-1 ~]# cd demo/
[root@git-1 demo1]# ls
Dockerfile index.html README.md
[root@git-1 demo1]# cat Dockerfile
FROM nginx
COPY index.html /usr/share/nginx/html
[root@git-1 demo1]# vim index.html
[root@git-1 demo1]# cat index.html
hello
hello world
hello redhat
[root@git-1 demo1]# git commit -a -m "update index.html"
# On branch master
nothing to commit, working directory clean
[root@git-1 demo1]# git push origin master
Counting objects: 5, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 255 bytes | 0 bytes/s, done.
Total 3 (delta 1), reused 0 (delta 0)
To [email protected]:root/demo.git
40a1832..194d772 master -> master
1.4 自动更新仓库部署
1.4.1 Jenkins后台配置
1.4.2 测试
2、Jenkins结合ansible
2.1 在git-2上安装ansible
配置yum文件,一种用本地源,一种用阿里源,任选其一
[root@git-2 ~]# cd /etc/yum.repos.d/
[root@git-2 yum.repos.d]# vim ansible.repo
[root@git-2 yum.repos.d]# cat ansible.repo
[repl]
name=repl
baseurl=https://mirrors.aliyun.com/epel/8/Everything/x86_64/ ##阿里云镜像源
gpgcheck=0
[root@git-2 yum.repos.d]# cat ansible.repo ##本地镜像源
[ansible]
name=repl
baseurl=http://172.25.200.250/ansible
gpgcheck=0
[root@git-2 yum.repos.d]# yum install ansible -y
2.2 在GitLab上新建ansible项目,命名playbook
2.3 Jenkins后台创建ansible项目
查看ansible工作空间
2.4 修改ansible配置,增加git-4/git-5虚拟机并配置免密
2.4.1 配置ansible.cfg
[root@git-1 playbook]# vim ansible.cfg
[root@git-1 playbook]# cat ansible.cfg
[defaults]
command_warnings=False
remote_user=jenkins
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
2.4.2 配置免密
[root@git-2 ansible]# id jenkins
uid=998(jenkins) gid=996(jenkins) groups=996(jenkins)
[root@git-2 ansible]# usermod -s /bin/bash jenkins
[root@git-2 ansible]# su - jenkins
-bash-4.2$ ssh-keygen
-bash-4.2$ ssh-copy-id git-4:
-bash-4.2$ ssh-copy-id git-5:
2.4.3 对git-4/git-5的操作(两台虚拟机操作一致)
[root@git-4 ~]# groupadd -g 996 jenkins ## 创建组,组id 996
[root@git-4 ~]# useradd -u 998 -g 996 jenkins ## 创建jenkins用户,属996组
[root@git-4 ~]# echo westos | passwd --stdin jenkins ## 给用户jenkins增加密码
[root@git-4 ~]# visudo ## 设置免密权限
2.5 配置playbook.yml清单和inventory 主机并提交到仓库
[root@git-1 playbook]# pwd
/root/playbook
[root@git-1 playbook]# ls
ansible.cfg README.md
[root@git-1 playbook]# vim playbook.yml
[root@git-1 playbook]# cat playbook.yml
---
- hosts: all
tasks:
- name: install httpd
yum:
name: httpd
state: present
- name: start httpd
service:
name: httpd
state: started
[root@git-1 playbook]# mkdir inventory
[root@git-1 playbook]# cd inventory
[root@git-1 inventory]# echo git-5 > prod
[root@git-1 inventory]# echo git-4 > test
[root@git-1 inventory]# ls
prod test
[root@git-1 inventory]# cat prod
git-5
[root@git-1 inventory]# cat test
git-4
[root@git-1 inventory]#
[root@git-1 playbook]# git add .
[root@git-1 playbook]# git commit -m "add playbook"
[root@git-1 playbook]# git push -u origin master
3、 Jenkins结合kubernetes
3.1 docker的部署
[root@git-3 ~]# ssh-keygen ##三台机器做免密,git-3作为k8s集群的master
[root@git-3 ~]# ssh-copy-id git-4:
[root@git-3 ~]# ssh-copy-id git-5:
[root@git-4 yum.repos.d]# cat docker.repo
[docker]
name=docker
baseurl=http://172.25.200.250/docker-ce
gpgcheck=0
[root@git-5 yum.repos.d]# cat docker.repo
[docker]
name=docker
baseurl=http://172.25.200.250/docker-ce
gpgcheck=0
[root@git-4 yum.repos.d]# yum install docker-ce -y ##安装docker-ce
[root@git-5 yum.repos.d]# yum install docker-ce -y ##安装docker-ce
[root@git-4 ~]# systemctl enable --now docker ##直接开机自启动
[root@git-5 ~]# systemctl enable --now docker
[root@git-3 docker]# vim /etc/hosts ##所有k8s集群都必须做解析
172.25.200.88 harbor reg.westos.org ##仓库的解析
[root@git-3 ~]# cd /etc/docker/
[root@git-3 docker]# ls
ca.pem certs.d daemon.json key.json server-cert.pem server-key.pem
[root@git-3 docker]# vim /etc/hosts
[root@git-3 docker]# vim daemon.json
[root@git-3 docker]# cat daemon.json ##git-3\4\5都配置
{
"registry-mirrors": ["https://reg.westos.org"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
[root@git-3 docker]# systemctl daemon-reload
[root@git-3 docker]# systemctl restart docker
[root@git-3 docker]# cd /etc/sysctl.d/
[root@git-3 sysctl.d]# ls
99-sysctl.conf docker.conf
[root@git-3 sysctl.d]# scp docker.conf git-4:/etc/sysctl.d/
[root@git-3 sysctl.d]# scp docker.conf git-5:/etc/sysctl.d/
[root@git-3 docker]# scp -r certs.d/ daemon.json git-4:/etc/docker/ ##将密钥文件发送过去
[root@git-3 docker]# scp -r certs.d/ daemon.json git-5:/etc/docker/
[root@git-5 ~]# vim /etc/hosts ##git-4和git-5的操作一样
[root@git-5 ~]# sysctl --system
[root@git-5 ~]# systemctl daemon-reload
[root@git-5 ~]# systemctl restart docker
[root@git-5 ~]# docker info
3.2 k8s部署
3.2.1 先部署好仓库文件
3.2.2 k8s集群部署
1.禁用交换分区,部署仓库,三台k8s集群一起做
[root@git-3 ~]# swapoff -a ##三台机器禁用交换空间
[root@git-3 ~]# vim /etc/fstab
/dev/mapper/rhel-root / xfs defaults 0 0
UUID=b3880b6f-e843-4b8d-b832-854ef91e0bc4 /boot xfs defaults 0 0
#/dev/mapper/rhel-swap swap swap defaults 0 0
配置镜像源,每台机器都一样
[root@git-3 ~]# cd /etc/yum.repos.d/
[root@git-3 yum.repos.d]# ls
docker.repo redhat.repo rhel7.6.repo
[root@git-3 yum.repos.d]# vim k8s.repo
[root@git-3 yum.repos.d]# cat k8s.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
[root@git-3 yum.repos.d]# scp k8s.repo git-4:/etc/yum.repos.d/
[root@git-3 yum.repos.d]# scp k8s.repo git-5:/etc/yum.repos.d/
2.下载k8s软件工具
[root@server3 ~]# yum install kubeadm-1.20.0 kubectl-1.20.0 kubelet-1.20.0 -y ##我使用的是1.20.0版本的
[root@server3 ~]# ssh git-4 yum install kubeadm-1.20.0 kubectl-1.20.0 kubelet-1.20.0 -y
[root@server3 ~]# ssh git-5 yum install kubeadm-1.20.0 kubectl-1.20.0 kubelet-1.20.0 -y
[root@server3 ~]# systemctl enable --now kubelet.service ##启动
[root@server3 ~]# ssh git-4 systemctl enable --now kubelet.service
[root@server3 ~]# ssh git-5 systemctl enable --now kubelet.service
3. 初始化集群
[root@git-3 ~]# kubeadm init --pod-network-cidr=10.244.0.0/16 --image-repository reg.westos.org/k8s --kubernetes-version v1.20.0 ##指定k8s集群
[root@git-3 ~]# vim .bash_profile
[root@git-3 ~]# grep KUBERNETES .bash_profile
export KUBECONFIG=/etc/kubernetes/admin.conf ##设置环境变量
[root@git-3 ~]# source .bash_profile
[root@git-3 ~]# echo "source <(kubectl completion bash)" >> ~/.bashrc
[root@git-3 ~]# source .bashrc
4. 配置网络插件(修改镜像拉取路径为harbor仓库的)
[root@git-3 ~]# ll kube-flannel.yml
-rw-r--r-- 1 root root 14366 Mar 16 12:02 kube-flannel.yml
[root@git-3 ~]# vim kube-flannel.yml
[root@git-3 ~]# kubectl apply -f kube-flannel.yml
5. 查看节点状态,并进行节点扩容
[root@git-3 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
git-3 Ready control-plane,master 8m40s v1.20.0
[root@git-4 ~]# kubeadm join 172.25.200.3:6443 --token 1msrnt.ytsd7m3300qop0fg --discovery-token-ca-cert-hash sha256:338a4b3f4acd3274cbb3f528a1b9b986e2b687f7e3f4f0da7056e73aae804a0a
[root@git-5 ~]# kubeadm join 172.25.200.3:6443 --token 1msrnt.ytsd7m3300qop0fg --discovery-token-ca-cert-hash sha256:338a4b3f4acd3274cbb3f528a1b9b986e2b687f7e3f4f0da7056e73aae804a0a
[root@git-3 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
git-3 Ready control-plane,master 15m v1.20.0
git-4 Ready <none> 89s v1.20.0
git-5 Ready <none> 70s v1.20.0
## 6. 测试
[root@server3 ~]# kubectl run demo --image=myapp:v1
[root@server3 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
demo 1/1 Running 0 32s
1.禁用交换分区
2.下载k8s软件工具
3.初始化集群
4.配置网络插件
在pub/docs/k8s/kube-flannel.yml中
5.查看节点状态,并进行节点扩容
6.测试
3.3 jenkins部署k8s
3.3.1 安装插件
3.3.2 GitLab配置
GitLab创建一个新的k8s库
[root@git-1 ~]# git clone [email protected]:root/k8s.git ##建立仓库之后的操作
Cloning into 'k8s'...
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (3/3), done.
[root@git-1 ~]# cd k8s/
[root@git-1 k8s]# ls
README.md
[root@git-1 k8s]# vim deployment.yaml
[root@git-1 k8s]# cat deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
[root@git-1 k8s]# git add deployment.yaml
[root@git-1 k8s]# git commit -m "add deployment.yaml"
[master deecda4] add deployment.yaml
1 file changed, 17 insertions(+)
create mode 100644 deployment.yaml
[root@git-1 k8s]# git push -u origin master
Counting objects: 4, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 429 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To [email protected]:root/k8s.git
f4d3cd2..deecda4 master -> master
Branch master set up to track remote branch master from origin.
3.3.3 设置git-2,使jenkins用户可以操作k8s集群
[root@git-3 ~]# cd /etc/yum.repos.d/
[root@git-3 yum.repos.d]# ls
docker.repo haojin.repo k8s.repo redhat.repo
[root@git-3 yum.repos.d]# scp k8s.repo git-2:/etc/yum.repos.d
[root@git-2 ~]# cd /etc/yum.repos.d/
[root@git-2 yum.repos.d]# ls
ansible.repo docker.repo haojin.repo k8s.repo redhat.repo
[root@git-2 yum.repos.d]# yum install -y kubectl-1.20.0
[root@git-2 ~]# mkdir -p /var/lib/jenkins/.kube/
[root@git-3 kubernetes]# pwd
/etc/kubernetes
[root@git-3 kubernetes]# scp admin.conf git-2:/var/lib/jenkins/.kube/config
root@git-2's password:
admin.conf 100% 5564 5.7MB/s 00:00
[root@git-2 .kube]# pwd
/var/lib/jenkins/.kube
[root@git-2 .kube]# ll
total 8
-rw------- 1 root root 5564 4月 8 16:37 config
[root@git-2 .kube]# chown jenkins config
[root@git-2 .kube]# ll
total 8
-rw------- 1 jenkins root 5564 4月 8 16:37 config
[root@git-2 .kube]# su - jenkins
Last login: 四 4月 8 16:44:49 CST 2021 on pts/0
-bash-4.2$ kubectl get pod
NAME READY STATUS RESTARTS AGE
demo 1/1 Running 0 49m
3.3.4 jenkins后台配置
Jinkens配置
可以看出jenkins已经将nginx创建出来
jenkins的使用到这里结束