DevOps-持续集成持续部署二
实践(K8s自动化构建NodeJS、JAVA项目)
整套流程
1. 代码仓库创建项目
2. 开发代码逻辑
3. push 到 gitlab 后执行构建
3.1 自动构建
3.1.1 获取分支使用自带变量 Env.gitlabBranch
3.2 手动构建
3.2.1 获取分支使用 BRANCH (需要创建)
3.3 定时构建
4. jenkins 调k8s 创建 pod 执行构建
4.1 代码编译
4.2 代码扫描
5. 根据 Dockerfile 生成我们要的镜像
5.1 放在对用项目的根目录
5.1.1 需要代码 TAG
5.1.2 需要 Dockerfile --- 放在项目根目录
5.1.3 需要 Harbor 地址
5.1.4 需要 Harbor registry
5.1.5 需要 应用名称
5.2 放在 gitlab 统一管理
5.3 每个 job 配置单独的变量
5.3.1 jar、war 放入基础镜像
5.3.2 html 放入 nginx
5.3.3 js 放入工作目录 node server.js
6. push 镜像到镜像仓库
7. jenkins slave kubelet 运行 set 命令 更新我们的镜像
7.1 只更新镜像
7.2 helm 更新
8. 判断程序是否启动
8.1 -w 参数去判断
8.2 写脚本去判断
9. 程序启动后,调用测试job(如果有自动化测试,第八步可以取消)
不构建的流水线:
1. jenkins 调用镜像仓库接口,返回镜像 tag
2. 选择对应的 tag 进行发版到其他环境
创建JOB(Blue Ocean 下创建jenkinsfile中不能有中文,否则无法保存)
注意:jenkinsfile中不能有中文,否则无法保存,需要修改jenkins配置让blueocean支持中文
上面设置了手动获取branch,现在设置自动触发获取,后期增加判断,只执行其中一个
Jenkinsfile
pipeline {
agent {
kubernetes {
cloud 'kubernetes-default' // 集群名
slaveConnectTimeout 1200
yaml ''' // 引用yaml文件
apiVersion: v1
kind: Pod
metadata:
name: jenkins
spec:
containers:
- args: [\'$(JENKINS_SECRET)\', \'$(JENKINS_NAME)\']
image: 'registry.cn-beijing.aliyuncs.com/citools/jnlp:alpine'
name: jnlp
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: "/etc/localtime"
name: "volume-2"
readOnly: false
- mountPath: "/etc/hosts"
name: "volume-hosts"
readOnly: false
- command:
- "cat"
env:
- name: "LANGUAGE"
value: "en_US:en"
- name: "LC_ALL"
value: "en_US.UTF-8"
- name: "LANG"
value: "en_US.UTF-8"
// nodejs使用镜像
image: "registry.cn-beijing.aliyuncs.com/citools/node:php7.1-node10"
imagePullPolicy: "IfNotPresent"
name: "build"
tty: true
volumeMounts:
- mountPath: "/etc/localtime"
name: "volume-2"
readOnly: false
- mountPath: "/root/.m2/"
name: "volume-maven-repo"
readOnly: false
- mountPath: "/etc/hosts"
name: "volume-hosts"
readOnly: false
- command:
- "cat"
env:
- name: "LANGUAGE"
value: "en_US:en"
- name: "LC_ALL"
value: "en_US.UTF-8"
- name: "LANG"
value: "en_US.UTF-8"
image: "registry.cn-beijing.aliyuncs.com/citools/kubectl:self-1.17"
imagePullPolicy: "IfNotPresent"
name: "kubectl"
tty: true
volumeMounts:
- mountPath: "/etc/localtime"
name: "volume-2"
readOnly: false
- mountPath: "/var/run/docker.sock"
name: "volume-docker"
readOnly: false
- mountPath: "/mnt/.kube/"
name: "volume-kubeconfig"
readOnly: false
- mountPath: "/etc/hosts"
name: "volume-hosts"
readOnly: false
- command:
- "cat"
env:
- name: "LANGUAGE"
value: "en_US:en"
- name: "LC_ALL"
value: "en_US.UTF-8"
- name: "LANG"
value: "en_US.UTF-8"
image: "registry.cn-beijing.aliyuncs.com/citools/docker:19.03.9-git"
imagePullPolicy: "IfNotPresent"
name: "docker"
tty: true
volumeMounts:
- mountPath: "/etc/localtime"
name: "volume-2"
readOnly: false
- mountPath: "/var/run/docker.sock"
name: "volume-docker"
readOnly: false
- mountPath: "/etc/hosts"
name: "volume-hosts"
readOnly: false
restartPolicy: "Never"
securityContext: {}
volumes:
- hostPath:
path: "/var/run/docker.sock"
name: "volume-docker"
- hostPath:
path: "/usr/share/zoneinfo/Asia/Shanghai"
name: "volume-2"
- hostPath:
path: "/etc/hosts"
name: "volume-hosts"
- name: "volume-maven-repo"
hostPath:
path: "/opt/m2" // java默认目录
- name: "volume-kubeconfig"
secret:
secretName: "multi-kube-config" // 存放集群yaml信息
'''
}
}
stages {
stage('pulling Code') {
parallel {
stage('pulling Code') {
when {
expression {
env.gitlabBranch == null
}
}
steps {
git(branch: "${BRANCH}", credentialsId: '310275da-b864-4f65-9d02-8963529b34ea', url: "${REPO_URL}")
}
}
stage('pulling Code by trigger') {
when {
expression {
env.gitlabBranch != null
}
}
steps {
git(url: "${REPO_URL}", branch: env.gitlabBranch, credentialsId: '310275da-b864-4f65-9d02-8963529b34ea')
}
}
}
}
stage('initConfiguration') {
steps {
script {
CommitID = sh(returnStdout: true, script: "git log -n 1 --pretty=format:'%h'").trim()
CommitMessage = sh(returnStdout: true, script: "git log -1 --pretty=format:'%h : %an %s'").trim()
def curDate = sh(script: "date '+%Y%m%d-%H%M%S'", returnStdout: true).trim()
TAG = curDate[0..14] + "-" + CommitID + "-" + BRANCH
}
}
}
stage('Building') {
parallel {
stage('Building') {
steps {
container(name: 'build') {
sh """
echo "Building Project..."
${BUILD_COMMAND}
"""
}
}
}
stage('Scan Code') {
steps {
sh 'echo "Scan Code"'
}
}
}
}
stage('Build image') {
steps {
withCredentials([usernamePassword(credentialsId: 'bb2328f7-aac8-404c-9c66-77058a525fcf', passwordVariable: 'Password', usernameVariable: 'Username')]) {
container(name: 'docker') {
sh """
docker build -t ${HARBOR_ADDRESS}/${REGISTRY_DIR}/${IMAGE_NAME}:${TAG} .
docker login -u ${Username} -p ${Password} ${HARBOR_ADDRESS}
docker push ${HARBOR_ADDRESS}/${REGISTRY_DIR}/${IMAGE_NAME}:${TAG}
"""
}
}
}
}
stage('Deploy') {
when {
expression {
DEPLOY != "false"
}
}
steps {
container(name: 'kubectl') {
sh """
cat ${KUBECONFIG_PATH} > /tmp/1.yaml
/usr/local/bin/kubectl config use-context ${CLUSTER} --kubeconfig=/tmp/1.yaml
export KUBECONFIG=/tmp/1.yaml
/usr/local/bin/kubectl set image ${DEPLOY_TYPE} -l ${DEPLOY_LABEL} ${CONTAINER_NAME}=${HARBOR_ADDRESS}/${REGISTRY_DIR}/${IMAGE_NAME}:${TAG} -n ${NAMESPACE}
"""
}
}
}
}
environment {
CommitID = ''
CommitMessage = ''
TAG = ''
}
}
Jenkins 调用k8s集群
需要使用Jenkins的kubernetes-plugin
如果Jenkins服务器在kubernetes集群之外,我们准备以下文件才能从外面连接到kubernetes集群。
制作集群证书
- 获取证书
[root@master pki]# cat /root/.kube/config
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1EWXhNVEExTkRBME9Wb1hEVE15TURZd09EQTFOREEwT1Zvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS0ZqCk0yYWxQV3pEbHhGUzZ0QTVMcnZQSGQ0UzJCVXZPQ3ZITDl1VlkyUG5wZVZnN3ZET2czUXF4d1lXTWlTQWVZaDcKcUtzVWxuV0l4d1FnUmQwbGN2b3djL3pSSkxIOWRxR0gvOHFWSVMzWXdOUzFCWm1OaEJpVy9JZ042UmV3NW5tMwpPZFQ3Rm9EYWc4VE9IWkdHbzVLNU13akwrdER2aVR1V2g3SXlsRnNOcHlmYjBkaE15cXlRc1NMSUczcXpRWlRTCnNhUnlMN1ZSOS9VRGgxekUU2dNaUtpYnozNDQzY2QKR1BGZGdCU2xkYzdKT2tqUXFpUGE4d1dpcHFOWUJIRlJNc2RNM2dOT3FRT1ByRlNMWXpUUit4RDI3YXZqZ3VBeQoyaXlqRE5lS05KM1FHZ0trTnF1N0k4Q2JBQ1VsMG9scjN5VWNSdFl2TU1FSXZla0syMXNsK3N6Z3A2VHprWmFjCkxKNDBvV2c2aVhFMG5IdG5hclY3SkhyRzQyMkh0a2JtR2dRclJEQUpERkU1MGFLMWNqSVFRNnRjSURLV05NNVQKZDNrPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://10.0.12.14:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
namespace: jenkins
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJSzJueWUweFdUc0V3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TWpBMk1URXdOVFF3TkRsYUZ3MHlNekEyTVRFd05UUXdOVEZhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JUTkFSbjFhenJSVlhxODFvZEtmdjkvNklIeQo2ekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBamlwS20zTnFFVHcrSWVJdStIQWJVZWVNYWVIWDJtU2VOazNiCkRPaDMrYlJvL0RON0g0SjZFZmw0N1dKajN6ZkVRWThlSDBHUEFqbjN2VHR5OEFQM0t0V3FzVXErZTRJRWFFNE8KTG9uZWYzYTdkdDNMYWk1cmFoTU5veEdjbnArUEdBTDlLcXRWcFRsKzFKbmtlZVIyOTFOZTN6bXQrZktuSk16dQp2eVYvUy9DY1d2NnBJbm1hYjN1aDJRaFZMTlp5VWJKaC9leDg4bmJZVDZiNHRCZ2EzTytjQ0t0TytNK1RONTJhClEyaGRmRnNDcWpJS3RodmcydkcyenZzblRJRkRRaVI5VFFUZkJZVWdaM0NERU5lRU9kUlRTbUVhdU5peWl2L0kKVFBpbkRqbDEvd0FlSFNISnBxeU9wU1l3WXpvSlBvMS8zWEtDTHBjTmZHcXpFWXRkekE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBK2N2RlFOMnc5b0Y5Z3RBdDRPYkY1NWs3Vll4Z3ljVTBVVnlRcGNQYkFRdG1iellDCno1WXBJNGlBSFZldnJxVGNwOTJndlp0ajdVNk1nc2s5U3B1dDNPSHYzbENsdDV1Z091V0Y5bW1IdDVYUHNBeHEKVnpsOHMxdFhxVDZwM2IrRVZhWVWNWQW9HQkFQelgKRDFvOFIxenAvTmVEQUFJZTFvYWR6SmJWalZ5bUFRd1BBNzZXbmhrV3JPNkVzR2thZnFZWStmdTUzYzhJcm5XcgpMNy9RaFdlU0UyZkJOTUZ6dXkrdTU2YWRXa1drVTBHWHN0eUs2ejBXcG1LYXVWQmtQaVJtZ2RyTWlEWUdRNE5GCk1CK2tCMDF5UUtiVFArU3R1Mm9zVHo4aWQxaTdJYUFOR2NhdlpNaEhBb0dCQVBYdHpXSDFjMjErYXI3WDB3ZjIKbGJoUnZnTWxTN01rRUV1b1FqeGNSRkx4cklsV3ZoRG9wT0xWYUFjczByRlJVMkdJR3hkcHVBdDhveVVNV1RQdwpWZFFsL3dPWmExM0V3Ykk3QWlYNVg1S2d3eHRjbkxrVlBBL1ZhYnFHeE1BTHJDT0I1d3dtWXZvTTRwaVNCTWkrCjRDYmp2bHFRdytvbUlDZFk0OHpQR3JTWkFvR0FkQUZrVE4xOVRKY2E1L0oxN1lNaW9HOEVNR3hZeUpwdHZvK2gKQXkvdDU4cnNteDhNSlp6L1lNdnkzbGtmK042ZDFPVXZLazNNOTRFaElDaVlRTzROZzBvM2hNMkxYb3FQbkhleQptOWV0S01FY28vOGphVXdrNnVTUlRjY3I4OFdaOGorclhja1BoS3dZRjdLekRRUGRDbEM4SjFaejlhVWVQMlhqClhyS1loZjhDZ1lBazZkTFlRWFpaaGExUVg1UzhMNjkrV1R5Y0k5aTNxVW1QckxZbkNsTjZzU2FFOTVXT3BNWDgKVnFTRnRZNEl5d0VHeFZvS05HblcrTnFMVTd3VU9OOGJNZ2FtUHBxMm1VbUlKdi9LZWYyb2wwS3VEZlRTSnNUawpORFh1TGo0N1lTdHQrd05YdVhHMUkrMTQzNXR1MThhSDI4b25VZ1dvN0ZvZ0FVay8xQ3FCT2c9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
- 将certificate-authority-data的内容复制出来在本地制作kube-ca.crt
mkdir ~/kube-cert
[root@master pki]# echo LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1EWXhNVEExTkRBME9Wb1hEVE15TURZd09EQTFOREEwT1Zvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQVE81cDJEajA1ZFZLYkFTZ2xPWjlIRXIzcUprdFBEb1VuCmFGSUdZR01Ra0tpVTA2UUxYbjNrRGk4SzkycngvR3lxdzk5NWdHSEJQcitEUFhmc0ZUU2dNaUtpYnozNDQzY2QKR1BGZGdCU2xkYzdKT2tqUXFpUGE4d1dpcHFOWUJIRlJNc2RNM2dOT3FRT1ByRlNMWXpUUit4RDI3YXZqZ3VBeQoyaXlqRE5lS05KM1FHZ0trTnF1N0k4Q2JBQ1VsMG9scjN5VWNSdFl2TU1FSXZla0syMXNsK3N6Z3A2VHprWmFjCkxKNDBvV2c2aVhFMG5IdG5hclY3SkhyRzQyMkh0a2JtR2dRclJEQUpERkU1MGFLMWNqSVFRNnRjSURLV05NNVQKZDNrPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | base64 -d > ~/kube-cert/kube-ca.crt
- 将client-certificate-data的内容复制出来在本地制作kube-client.crt
[root@master pki]# echo LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJSzJueWUweFdUc0V3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TWpBMk1URXdOVFF3TkRsYUZ3MHlNekEyTVRFd05UUXdOVEZhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0R5OEFQM0t0V3FzVXErZTRJRWFFNE8KTG9uZWYzYTdkdDNMYWk1cmFoTU5veEdjbnArUEdBTDlLcXRWcFRsKzFKbmtlZVIyOTFOZTN6bXQrZktuSk16dQp2eVYvUy9DY1d2NnBJbm1hYjN1aDJRaFZMTlp5VWJKaC9leDg4bmJZVDZiNHRCZ2EzTytjQ0t0TytNK1RONTJhClEyaGRmRnNDcWpJS3RodmcydkcyenZzblRJRkRRaVI5VFFUZkJZVWdaM0NERU5lRU9kUlRTbUVhdU5peWl2L0kKVFBpbkRqbDEvd0FlSFNISnBxeU9wU1l3WXpvSlBvMS8zWEtDTHBjTmZHcXpFWXRkekE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | base64 -d > ~/kube-cert/kube-client.crt
- 将client-key-data的内容复制出来在本地制作kube-client.key
[root@master pki]# echo LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBK2N2RlFOMnc5b0Y5Z3RBdDRPYkY1NWs3Vll4Z3ljVTBVVnlRcGNQYkFRdG1iellDCno1WXBJNGlBSFZldnJxVGNwOTJndlp0ajdVNk1nc2s5U3B1dDNPSHYzbENsdDV1Z091V0Y5bW1IdDVYUHNBeHEKVnpsOHMxdFhxVDZwM2IrRVZhWVBsTUN1dTZENGZUTmRCR2szNThTMUpjeGppRlpRT1pObWpBMHc4YlpoaGV0OQo1Y3JwZEx4emozWlAvK0lQeEZlK3dCRjdMUGJicFc1WVA1OXVyaKQXkvdDU4cnNteDhNSlp6L1lNdnkzbGtmK042ZDFPVXZLazNNOTRFaElDaVlRTzROZzBvM2hNMkxYb3FQbkhleQptOWV0S01FY28vOGphVXdrNnVTUlRjY3I4OFdaOGorclhja1BoS3dZRjdLekRRUGRDbEM4SjFaejlhVWVQMlhqClhyS1loZjhDZ1lBazZkTFlRWFpaaGExUVg1UzhMNjkrV1R5Y0k5aTNxVW1QckxZbkNsTjZzU2FFOTVXT3BNWDgKVnFTRnRZNEl5d0VHeFZvS05HblcrTnFMVTd3VU9OOGJNZ2FtUHBxMm1VbUlKdi9LZWYyb2wwS3VEZlRTSnNUawpORFh1TGo0N1lTdHQrd05YdVhHMUkrMTQzNXR1MThhSDI4b25VZ1dvN0ZvZ0FVay8xQ3FCT2c9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= | base64 -d > ~/kube-cert/kube-client.key
- 创建证书,创建证书需要设置密码,设置的密码不要忘记
[root@master pki]# openssl pkcs12 -export -out ~/kube-cert/kube-cert.pfx -inkey ~/kube-cert/kube-client.key -in ~/kube-cert/kube-client.crt -certfile ~/kube-cert/kube-ca.crt
Enter Export Password:
Verifying - Enter Export Password:
[root@master kube-cert]# ll
total 16
-rw-r--r-- 1 root root 1099 Jul 4 14:39 kube-ca.crt
-rw-r--r-- 1 root root 3221 Jul 4 14:43 kube-cert.pfx # jenkins 需要的
-rw-r--r-- 1 root root 1147 Jul 4 14:40 kube-client.crt
-rw-r--r-- 1 root root 1679 Jul 4 14:42 kube-client.key
此时我们创建了4个文件:kube-ca.crt、kube-cert.pfx、kube-client.crt、kube-client.key,其中kube-ca.crt的文件内容在创建Jenkins连接到kubernetes集群时需要用,kube-cert.pfx需要上传到Jenkins的凭据配置中
新建全局凭证
password 为创建pfx文件时输入的密码
jenkins添加集群设置
打开集群内通讯的端口50000(默认)
需要注意
Kubernetes 地址:kubernetes服务地址,也就是apiserver的地址,一般是master节点NodeIP+6443端口,证书里会含合法的地址列表,比如10.1.0.1, 192.168.122.3, centos7-k8s-master, kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc.cluster.local,我的Jenkins服务器和kubernetes集群不在一个网段,所以我在Host文件加入了192.168.0.10 centos7-k8s-master,然后在192.168.0.10里做了端口映射ssh -CfNg -L 6443:192.168.122.3:6443 root@127.0.0.1,才能验证通过。
创建jenkinsfile中所用集群配置对应的secret和namespace和标签等
[root@master kube-cert]# kubectl create ns java-test --kubeconfig=./multi-cluster.yaml
namespace/java-test created
[root@master kube-cert]# kubectl create secret generic multi-kube-config --from-file=/root/kube-cert/multi-cluster.yaml
secret/multi-kube-config created
[root@master kube-cert]# kubectl get secrets
NAME TYPE DATA AGE
default-token-z8qwx kubernetes.io/service-account-token 3 3m33s
multi-kube-config Opaque 1 4s
[root@master kube-cert]# kubectl label node worker-1 build=true
node/worker-1 labeled
# 配置镜像仓库secret
[root@master kube-cert]# docker-registry NAME --docker-username=user --docker-password=password --docker-email=email [--docker-server=string] [--from-literal=key1=value1] [--dry-run]
[root@master kube-cert]# docker login --username=条约音符 registry.cn-hangzhou.aliyuncs.com
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
使用的nodejs-demo下载地址
https://github.com/selaworkshops/npm-demo-app
设置所需的变量
测试运行jenkins-job
报错
Jul 04, 2022 9:13:01 AM hudson.remoting.jnlp.Main$CuiListener error
SEVERE: http://jenkins.bianminchang.com/ provided port:5080 is not reachable
java.io.IOException: http://jenkins.bianminchang.com/ provided port:5080 is not reachable
at org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver.resolve(JnlpAgentEndpointResolver.java:287)
at hudson.remoting.Engine.innerRun(Engine.java:523)
at hudson.remoting.Engine.run(Engine.java:474)
原因是集群运行的jenkins,集群内pod连接jenkins 端口出错
# 找到容器id
[root@master jenkins]# docker ps -a |grep java
[root@master jenkins]# docker inspect 1b3b8f767210 |grep _50000
"JENKINS_AGENT_PORT_50000_TCP_PORT=50000",
"JENKINS_AGENT_PORT_50000_TCP=tcp://10.111.187.80:50000", # 集群内访问地址
"JENKINS_AGENT_PORT_50000_TCP_PROTO=tcp",
"JENKINS_AGENT_PORT_50000_TCP_ADDR=10.111.187.80",
获取到集群内访问地址
再次测试(先不构建deploy)
会运行4个pod去完成build镜像并上传到仓库
[root@master jenkins]# kubectl get pod
NAME READY STATUS RESTARTS AGE
jenkins-deploy-6b7677dbc-t5l98 1/1 Running 0 3h27m
nodejs-demo-6-xzdtp-5zknk-0vghp 4/4 Running 0 59s
查看Blue Ocean 无异常
镜像仓库也有了对应镜像
修改nodejs-demo的index.html 测试创建deploy
先创建一个depoly,使用刚上传的镜像,具体步骤。略
运行结束
查看kubelet
[root@master jenkins]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nodejs-demo-85dc499478-tk7d6 1/1 Running 0 21s
查看使用的镜像是否为修改index.html后的版本
优化
镜像优化
由于反复的修改镜像,导致镜像过大,不方便以后pod再创建
可以在制作Dockerfile 把第三方依赖、插件 与代码文件分两个COPY
例如PHP
COPY /verdor
COPY /src
例如JAVA、NodeJS
COPY 依赖 、NodeModules
COPY 源码