DevOps-持续集成持续部署二

DevOps-持续集成持续部署二_第1张图片

实践(K8s自动化构建NodeJS、JAVA项目)

整套流程

1. 代码仓库创建项目
2. 开发代码逻辑
3. push 到 gitlab 后执行构建
   3.1 自动构建   
   		3.1.1 获取分支使用自带变量 Env.gitlabBranch
   3.2 手动构建   
   		3.2.1 获取分支使用 BRANCH (需要创建)
   3.3 定时构建
4. jenkins 调k8s 创建 pod 执行构建
   4.1 代码编译
   4.2 代码扫描
5. 根据 Dockerfile 生成我们要的镜像
   5.1 放在对用项目的根目录
   		5.1.1 需要代码 TAG
   		5.1.2 需要 Dockerfile --- 放在项目根目录
   		5.1.3 需要 Harbor 地址
   		5.1.4 需要 Harbor registry
   		5.1.5 需要 应用名称
   5.2 放在 gitlab 统一管理
   5.3 每个 job 配置单独的变量
   		5.3.1 jar、war 放入基础镜像
   		5.3.2 html  放入 nginx
   		5.3.3 js 放入工作目录  node server.js
6. push 镜像到镜像仓库
7. jenkins slave  kubelet  运行 set 命令  更新我们的镜像
   7.1 只更新镜像
   7.2 helm 更新
8. 判断程序是否启动
   8.1 -w 参数去判断
   8.2 写脚本去判断
9. 程序启动后,调用测试job(如果有自动化测试,第八步可以取消)
不构建的流水线:
	1. jenkins 调用镜像仓库接口,返回镜像 tag
	2. 选择对应的 tag 进行发版到其他环境

创建JOB(Blue Ocean 下创建jenkinsfile中不能有中文,否则无法保存)

注意:jenkinsfile中不能有中文,否则无法保存,需要修改jenkins配置让blueocean支持中文
DevOps-持续集成持续部署二_第2张图片
上面设置了手动获取branch,现在设置自动触发获取,后期增加判断,只执行其中一个
DevOps-持续集成持续部署二_第3张图片

Jenkinsfile

pipeline {
  agent {
    kubernetes {
      cloud 'kubernetes-default'         // 集群名
      slaveConnectTimeout 1200
      yaml '''                           // 引用yaml文件
apiVersion: v1
kind: Pod
metadata:
  name: jenkins
spec:
  containers:
    - args: [\'$(JENKINS_SECRET)\', \'$(JENKINS_NAME)\']
      image: 'registry.cn-beijing.aliyuncs.com/citools/jnlp:alpine'
      name: jnlp
      imagePullPolicy: IfNotPresent
      volumeMounts:
        - mountPath: "/etc/localtime"
          name: "volume-2"
          readOnly: false
        - mountPath: "/etc/hosts"
          name: "volume-hosts"
          readOnly: false        
    - command:
        - "cat"
      env:
        - name: "LANGUAGE"
          value: "en_US:en"
        - name: "LC_ALL"
          value: "en_US.UTF-8"
        - name: "LANG"
          value: "en_US.UTF-8"
      // nodejs使用镜像
      image: "registry.cn-beijing.aliyuncs.com/citools/node:php7.1-node10"     
      imagePullPolicy: "IfNotPresent"
      name: "build"
      tty: true
      volumeMounts:
        - mountPath: "/etc/localtime"
          name: "volume-2"
          readOnly: false
        - mountPath: "/root/.m2/"
          name: "volume-maven-repo"
          readOnly: false
        - mountPath: "/etc/hosts"
          name: "volume-hosts"
          readOnly: false
    - command:
        - "cat"
      env:
        - name: "LANGUAGE"
          value: "en_US:en"
        - name: "LC_ALL"
          value: "en_US.UTF-8"
        - name: "LANG"
          value: "en_US.UTF-8"
      image: "registry.cn-beijing.aliyuncs.com/citools/kubectl:self-1.17"
      imagePullPolicy: "IfNotPresent"
      name: "kubectl"
      tty: true
      volumeMounts:
        - mountPath: "/etc/localtime"
          name: "volume-2"
          readOnly: false
        - mountPath: "/var/run/docker.sock"
          name: "volume-docker"
          readOnly: false
        - mountPath: "/mnt/.kube/"
          name: "volume-kubeconfig"
          readOnly: false
        - mountPath: "/etc/hosts"
          name: "volume-hosts"
          readOnly: false
    - command:
        - "cat"
      env:
        - name: "LANGUAGE"
          value: "en_US:en"
        - name: "LC_ALL"
          value: "en_US.UTF-8"
        - name: "LANG"
          value: "en_US.UTF-8"
      image: "registry.cn-beijing.aliyuncs.com/citools/docker:19.03.9-git"
      imagePullPolicy: "IfNotPresent"
      name: "docker"
      tty: true
      volumeMounts:
        - mountPath: "/etc/localtime"
          name: "volume-2"
          readOnly: false
        - mountPath: "/var/run/docker.sock"
          name: "volume-docker"
          readOnly: false
        - mountPath: "/etc/hosts"
          name: "volume-hosts"
          readOnly: false
  restartPolicy: "Never"
  securityContext: {}
  volumes:
    - hostPath:
        path: "/var/run/docker.sock"
      name: "volume-docker"
    - hostPath:
        path: "/usr/share/zoneinfo/Asia/Shanghai"
      name: "volume-2"
    - hostPath:
        path: "/etc/hosts"
      name: "volume-hosts"
    - name: "volume-maven-repo"
      hostPath:
        path: "/opt/m2"                   // java默认目录
    - name: "volume-kubeconfig"
      secret:
        secretName: "multi-kube-config"         // 存放集群yaml信息
''' 
}
}

  stages {
    stage('pulling Code') {
      parallel {
        stage('pulling Code') {
          when {
            expression {
              env.gitlabBranch == null
            }
          }
          steps {
            git(branch: "${BRANCH}", credentialsId: '310275da-b864-4f65-9d02-8963529b34ea', url: "${REPO_URL}")
          }
        }

        stage('pulling Code by trigger') {
          when {
            expression {
              env.gitlabBranch != null
            }
          }
          steps {
            git(url: "${REPO_URL}", branch: env.gitlabBranch, credentialsId: '310275da-b864-4f65-9d02-8963529b34ea')
          }
        }

      }
    }

    stage('initConfiguration') {
      steps {
        script {
          CommitID = sh(returnStdout: true, script: "git log -n 1 --pretty=format:'%h'").trim()
          CommitMessage = sh(returnStdout: true, script: "git log -1 --pretty=format:'%h : %an  %s'").trim()
          def curDate = sh(script: "date '+%Y%m%d-%H%M%S'", returnStdout: true).trim()
          TAG = curDate[0..14] + "-" + CommitID + "-" + BRANCH
        }

      }
    }

    stage('Building') {
      parallel {
        stage('Building') {
          steps {
            container(name: 'build') {
            sh """
            echo "Building Project..."
            ${BUILD_COMMAND}
          """
            }

          }
        }

        stage('Scan Code') {
          steps {
            sh 'echo "Scan Code"'
          }
        }

      }
    }

    stage('Build image') {
      steps {
                withCredentials([usernamePassword(credentialsId: 'bb2328f7-aac8-404c-9c66-77058a525fcf', passwordVariable: 'Password', usernameVariable: 'Username')]) {
        container(name: 'docker') {
          sh """
          docker build -t ${HARBOR_ADDRESS}/${REGISTRY_DIR}/${IMAGE_NAME}:${TAG} .
          docker login -u ${Username} -p ${Password} ${HARBOR_ADDRESS}
          docker push ${HARBOR_ADDRESS}/${REGISTRY_DIR}/${IMAGE_NAME}:${TAG}
          """
        }
        }

      }
    }

    stage('Deploy') {
    when {
            expression {
              DEPLOY != "false"
            }
          }
    
      steps {
      container(name: 'kubectl') {
        sh """
        cat ${KUBECONFIG_PATH} > /tmp/1.yaml
  /usr/local/bin/kubectl config use-context ${CLUSTER} --kubeconfig=/tmp/1.yaml
  export KUBECONFIG=/tmp/1.yaml
  /usr/local/bin/kubectl set image ${DEPLOY_TYPE} -l ${DEPLOY_LABEL} ${CONTAINER_NAME}=${HARBOR_ADDRESS}/${REGISTRY_DIR}/${IMAGE_NAME}:${TAG} -n ${NAMESPACE}
"""
        }

      }
    }

  }
  environment {
    CommitID = ''
    CommitMessage = ''
    TAG = ''
  }
}

Jenkins 调用k8s集群

需要使用Jenkins的kubernetes-plugin

如果Jenkins服务器在kubernetes集群之外,我们准备以下文件才能从外面连接到kubernetes集群。

制作集群证书
  1. 获取证书
[root@master pki]# cat /root/.kube/config
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1EWXhNVEExTkRBME9Wb1hEVE15TURZd09EQTFOREEwT1Zvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS0ZqCk0yYWxQV3pEbHhGUzZ0QTVMcnZQSGQ0UzJCVXZPQ3ZITDl1VlkyUG5wZVZnN3ZET2czUXF4d1lXTWlTQWVZaDcKcUtzVWxuV0l4d1FnUmQwbGN2b3djL3pSSkxIOWRxR0gvOHFWSVMzWXdOUzFCWm1OaEJpVy9JZ042UmV3NW5tMwpPZFQ3Rm9EYWc4VE9IWkdHbzVLNU13akwrdER2aVR1V2g3SXlsRnNOcHlmYjBkaE15cXlRc1NMSUczcXpRWlRTCnNhUnlMN1ZSOS9VRGgxekUU2dNaUtpYnozNDQzY2QKR1BGZGdCU2xkYzdKT2tqUXFpUGE4d1dpcHFOWUJIRlJNc2RNM2dOT3FRT1ByRlNMWXpUUit4RDI3YXZqZ3VBeQoyaXlqRE5lS05KM1FHZ0trTnF1N0k4Q2JBQ1VsMG9scjN5VWNSdFl2TU1FSXZla0syMXNsK3N6Z3A2VHprWmFjCkxKNDBvV2c2aVhFMG5IdG5hclY3SkhyRzQyMkh0a2JtR2dRclJEQUpERkU1MGFLMWNqSVFRNnRjSURLV05NNVQKZDNrPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
    server: https://10.0.12.14:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    namespace: jenkins
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJSzJueWUweFdUc0V3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TWpBMk1URXdOVFF3TkRsYUZ3MHlNekEyTVRFd05UUXdOVEZhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JUTkFSbjFhenJSVlhxODFvZEtmdjkvNklIeQo2ekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBamlwS20zTnFFVHcrSWVJdStIQWJVZWVNYWVIWDJtU2VOazNiCkRPaDMrYlJvL0RON0g0SjZFZmw0N1dKajN6ZkVRWThlSDBHUEFqbjN2VHR5OEFQM0t0V3FzVXErZTRJRWFFNE8KTG9uZWYzYTdkdDNMYWk1cmFoTU5veEdjbnArUEdBTDlLcXRWcFRsKzFKbmtlZVIyOTFOZTN6bXQrZktuSk16dQp2eVYvUy9DY1d2NnBJbm1hYjN1aDJRaFZMTlp5VWJKaC9leDg4bmJZVDZiNHRCZ2EzTytjQ0t0TytNK1RONTJhClEyaGRmRnNDcWpJS3RodmcydkcyenZzblRJRkRRaVI5VFFUZkJZVWdaM0NERU5lRU9kUlRTbUVhdU5peWl2L0kKVFBpbkRqbDEvd0FlSFNISnBxeU9wU1l3WXpvSlBvMS8zWEtDTHBjTmZHcXpFWXRkekE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
    client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBK2N2RlFOMnc5b0Y5Z3RBdDRPYkY1NWs3Vll4Z3ljVTBVVnlRcGNQYkFRdG1iellDCno1WXBJNGlBSFZldnJxVGNwOTJndlp0ajdVNk1nc2s5U3B1dDNPSHYzbENsdDV1Z091V0Y5bW1IdDVYUHNBeHEKVnpsOHMxdFhxVDZwM2IrRVZhWVWNWQW9HQkFQelgKRDFvOFIxenAvTmVEQUFJZTFvYWR6SmJWalZ5bUFRd1BBNzZXbmhrV3JPNkVzR2thZnFZWStmdTUzYzhJcm5XcgpMNy9RaFdlU0UyZkJOTUZ6dXkrdTU2YWRXa1drVTBHWHN0eUs2ejBXcG1LYXVWQmtQaVJtZ2RyTWlEWUdRNE5GCk1CK2tCMDF5UUtiVFArU3R1Mm9zVHo4aWQxaTdJYUFOR2NhdlpNaEhBb0dCQVBYdHpXSDFjMjErYXI3WDB3ZjIKbGJoUnZnTWxTN01rRUV1b1FqeGNSRkx4cklsV3ZoRG9wT0xWYUFjczByRlJVMkdJR3hkcHVBdDhveVVNV1RQdwpWZFFsL3dPWmExM0V3Ykk3QWlYNVg1S2d3eHRjbkxrVlBBL1ZhYnFHeE1BTHJDT0I1d3dtWXZvTTRwaVNCTWkrCjRDYmp2bHFRdytvbUlDZFk0OHpQR3JTWkFvR0FkQUZrVE4xOVRKY2E1L0oxN1lNaW9HOEVNR3hZeUpwdHZvK2gKQXkvdDU4cnNteDhNSlp6L1lNdnkzbGtmK042ZDFPVXZLazNNOTRFaElDaVlRTzROZzBvM2hNMkxYb3FQbkhleQptOWV0S01FY28vOGphVXdrNnVTUlRjY3I4OFdaOGorclhja1BoS3dZRjdLekRRUGRDbEM4SjFaejlhVWVQMlhqClhyS1loZjhDZ1lBazZkTFlRWFpaaGExUVg1UzhMNjkrV1R5Y0k5aTNxVW1QckxZbkNsTjZzU2FFOTVXT3BNWDgKVnFTRnRZNEl5d0VHeFZvS05HblcrTnFMVTd3VU9OOGJNZ2FtUHBxMm1VbUlKdi9LZWYyb2wwS3VEZlRTSnNUawpORFh1TGo0N1lTdHQrd05YdVhHMUkrMTQzNXR1MThhSDI4b25VZ1dvN0ZvZ0FVay8xQ3FCT2c9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
  1. 将certificate-authority-data的内容复制出来在本地制作kube-ca.crt
mkdir  ~/kube-cert
[root@master pki]# echo LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1EWXhNVEExTkRBME9Wb1hEVE15TURZd09EQTFOREEwT1Zvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQVE81cDJEajA1ZFZLYkFTZ2xPWjlIRXIzcUprdFBEb1VuCmFGSUdZR01Ra0tpVTA2UUxYbjNrRGk4SzkycngvR3lxdzk5NWdHSEJQcitEUFhmc0ZUU2dNaUtpYnozNDQzY2QKR1BGZGdCU2xkYzdKT2tqUXFpUGE4d1dpcHFOWUJIRlJNc2RNM2dOT3FRT1ByRlNMWXpUUit4RDI3YXZqZ3VBeQoyaXlqRE5lS05KM1FHZ0trTnF1N0k4Q2JBQ1VsMG9scjN5VWNSdFl2TU1FSXZla0syMXNsK3N6Z3A2VHprWmFjCkxKNDBvV2c2aVhFMG5IdG5hclY3SkhyRzQyMkh0a2JtR2dRclJEQUpERkU1MGFLMWNqSVFRNnRjSURLV05NNVQKZDNrPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==  | base64 -d > ~/kube-cert/kube-ca.crt
  1. 将client-certificate-data的内容复制出来在本地制作kube-client.crt
[root@master pki]# echo LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJSzJueWUweFdUc0V3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TWpBMk1URXdOVFF3TkRsYUZ3MHlNekEyTVRFd05UUXdOVEZhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0R5OEFQM0t0V3FzVXErZTRJRWFFNE8KTG9uZWYzYTdkdDNMYWk1cmFoTU5veEdjbnArUEdBTDlLcXRWcFRsKzFKbmtlZVIyOTFOZTN6bXQrZktuSk16dQp2eVYvUy9DY1d2NnBJbm1hYjN1aDJRaFZMTlp5VWJKaC9leDg4bmJZVDZiNHRCZ2EzTytjQ0t0TytNK1RONTJhClEyaGRmRnNDcWpJS3RodmcydkcyenZzblRJRkRRaVI5VFFUZkJZVWdaM0NERU5lRU9kUlRTbUVhdU5peWl2L0kKVFBpbkRqbDEvd0FlSFNISnBxeU9wU1l3WXpvSlBvMS8zWEtDTHBjTmZHcXpFWXRkekE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | base64 -d > ~/kube-cert/kube-client.crt
  1. 将client-key-data的内容复制出来在本地制作kube-client.key
[root@master pki]# echo LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBK2N2RlFOMnc5b0Y5Z3RBdDRPYkY1NWs3Vll4Z3ljVTBVVnlRcGNQYkFRdG1iellDCno1WXBJNGlBSFZldnJxVGNwOTJndlp0ajdVNk1nc2s5U3B1dDNPSHYzbENsdDV1Z091V0Y5bW1IdDVYUHNBeHEKVnpsOHMxdFhxVDZwM2IrRVZhWVBsTUN1dTZENGZUTmRCR2szNThTMUpjeGppRlpRT1pObWpBMHc4YlpoaGV0OQo1Y3JwZEx4emozWlAvK0lQeEZlK3dCRjdMUGJicFc1WVA1OXVyaKQXkvdDU4cnNteDhNSlp6L1lNdnkzbGtmK042ZDFPVXZLazNNOTRFaElDaVlRTzROZzBvM2hNMkxYb3FQbkhleQptOWV0S01FY28vOGphVXdrNnVTUlRjY3I4OFdaOGorclhja1BoS3dZRjdLekRRUGRDbEM4SjFaejlhVWVQMlhqClhyS1loZjhDZ1lBazZkTFlRWFpaaGExUVg1UzhMNjkrV1R5Y0k5aTNxVW1QckxZbkNsTjZzU2FFOTVXT3BNWDgKVnFTRnRZNEl5d0VHeFZvS05HblcrTnFMVTd3VU9OOGJNZ2FtUHBxMm1VbUlKdi9LZWYyb2wwS3VEZlRTSnNUawpORFh1TGo0N1lTdHQrd05YdVhHMUkrMTQzNXR1MThhSDI4b25VZ1dvN0ZvZ0FVay8xQ3FCT2c9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=  | base64 -d > ~/kube-cert/kube-client.key
  1. 创建证书,创建证书需要设置密码,设置的密码不要忘记
[root@master pki]# openssl pkcs12 -export -out ~/kube-cert/kube-cert.pfx -inkey ~/kube-cert/kube-client.key -in ~/kube-cert/kube-client.crt -certfile ~/kube-cert/kube-ca.crt
Enter Export Password:
Verifying - Enter Export Password:

[root@master kube-cert]# ll
total 16
-rw-r--r-- 1 root root 1099 Jul  4 14:39 kube-ca.crt
-rw-r--r-- 1 root root 3221 Jul  4 14:43 kube-cert.pfx        # jenkins 需要的
-rw-r--r-- 1 root root 1147 Jul  4 14:40 kube-client.crt
-rw-r--r-- 1 root root 1679 Jul  4 14:42 kube-client.key

此时我们创建了4个文件:kube-ca.crt、kube-cert.pfx、kube-client.crt、kube-client.key,其中kube-ca.crt的文件内容在创建Jenkins连接到kubernetes集群时需要用,kube-cert.pfx需要上传到Jenkins的凭据配置中

新建全局凭证
password 为创建pfx文件时输入的密码
DevOps-持续集成持续部署二_第4张图片

jenkins添加集群设置DevOps-持续集成持续部署二_第5张图片

打开集群内通讯的端口50000(默认)
DevOps-持续集成持续部署二_第6张图片

需要注意
Kubernetes 地址:kubernetes服务地址,也就是apiserver的地址,一般是master节点NodeIP+6443端口,证书里会含合法的地址列表,比如10.1.0.1, 192.168.122.3, centos7-k8s-master, kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc.cluster.local,我的Jenkins服务器和kubernetes集群不在一个网段,所以我在Host文件加入了192.168.0.10 centos7-k8s-master,然后在192.168.0.10里做了端口映射ssh -CfNg -L 6443:192.168.122.3:6443 root@127.0.0.1,才能验证通过。

创建jenkinsfile中所用集群配置对应的secret和namespace和标签等

[root@master kube-cert]# kubectl create ns java-test  --kubeconfig=./multi-cluster.yaml 
namespace/java-test created

[root@master kube-cert]# kubectl create secret generic  multi-kube-config --from-file=/root/kube-cert/multi-cluster.yaml
secret/multi-kube-config created
[root@master kube-cert]# kubectl get secrets 
NAME                  TYPE                                  DATA   AGE
default-token-z8qwx   kubernetes.io/service-account-token   3      3m33s
multi-kube-config     Opaque                                1      4s


[root@master kube-cert]# kubectl label node  worker-1 build=true
node/worker-1 labeled

# 配置镜像仓库secret
[root@master kube-cert]# docker-registry NAME --docker-username=user --docker-password=password --docker-email=email [--docker-server=string] [--from-literal=key1=value1] [--dry-run]

[root@master kube-cert]# docker login --username=条约音符 registry.cn-hangzhou.aliyuncs.com
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

使用的nodejs-demo下载地址

https://github.com/selaworkshops/npm-demo-app

设置所需的变量

DevOps-持续集成持续部署二_第7张图片

测试运行jenkins-job

报错

Jul 04, 2022 9:13:01 AM hudson.remoting.jnlp.Main$CuiListener error
SEVERE: http://jenkins.bianminchang.com/ provided port:5080 is not reachable
java.io.IOException: http://jenkins.bianminchang.com/ provided port:5080 is not reachable
        at org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver.resolve(JnlpAgentEndpointResolver.java:287)
        at hudson.remoting.Engine.innerRun(Engine.java:523)
        at hudson.remoting.Engine.run(Engine.java:474)

原因是集群运行的jenkins,集群内pod连接jenkins 端口出错

# 找到容器id
[root@master jenkins]# docker  ps -a |grep java

[root@master jenkins]# docker  inspect 1b3b8f767210 |grep  _50000
                "JENKINS_AGENT_PORT_50000_TCP_PORT=50000",
                "JENKINS_AGENT_PORT_50000_TCP=tcp://10.111.187.80:50000",     # 集群内访问地址
                "JENKINS_AGENT_PORT_50000_TCP_PROTO=tcp",
                "JENKINS_AGENT_PORT_50000_TCP_ADDR=10.111.187.80",

获取到集群内访问地址
DevOps-持续集成持续部署二_第8张图片

再次测试(先不构建deploy)

DevOps-持续集成持续部署二_第9张图片
会运行4个pod去完成build镜像并上传到仓库

[root@master jenkins]# kubectl get pod
NAME                              READY   STATUS        RESTARTS   AGE
jenkins-deploy-6b7677dbc-t5l98    1/1     Running       0          3h27m
nodejs-demo-6-xzdtp-5zknk-0vghp   4/4     Running   0          59s

查看Blue Ocean 无异常

DevOps-持续集成持续部署二_第10张图片
镜像仓库也有了对应镜像
DevOps-持续集成持续部署二_第11张图片

修改nodejs-demo的index.html 测试创建deploy

先创建一个depoly,使用刚上传的镜像,具体步骤。略
DevOps-持续集成持续部署二_第12张图片

运行结束
DevOps-持续集成持续部署二_第13张图片

查看kubelet

[root@master jenkins]# kubectl get pod
NAME                           READY   STATUS        RESTARTS   AGE
nodejs-demo-85dc499478-tk7d6   1/1     Running       0          21s

查看使用的镜像是否为修改index.html后的版本

优化

镜像优化

由于反复的修改镜像,导致镜像过大,不方便以后pod再创建
可以在制作Dockerfile 把第三方依赖、插件 与代码文件分两个COPY 
例如PHP
COPY /verdor
COPY /src
例如JAVA、NodeJS
COPY 依赖 、NodeModules
COPY 源码 

你可能感兴趣的:(devops,ci,docker,kubernetes)