自动化构建java应用实战
文章目录#一.环境准备##1.1安装jenkins安装JDK[root@k8s-gitlab local]# vim /etc/profile.d/java.shexport JAVA_HOME=/usr/local/jdkexport JRE_HOME=/usr/local/jdk/jreexport CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/li
#一.环境准备
##1.1安装jenkins
安装JDK
[root@k8s-gitlab local]# vim /etc/profile.d/java.sh
export JAVA_HOME=/usr/local/jdk
export JRE_HOME=/usr/local/jdk/jre
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib
export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH
[root@k8s-gitlab local]# source /etc/profile.d/java.sh
稳定版下载地址:https://mirrors.tuna.tsinghua.edu.cn/jenkins/war-stable/
启动:nohup java -jar /usr/local/jenkins.war --httpPort=28080 &
http://192.168.0.200:28080/
初始密码:
cat /root/.jenkins/secrets/initialAdminPassword
e89a1e637f1041f891440b30c27c27d8
jenkins插件下载:https://plugins.jenkins.io/
安装插件:Git Parameter,active choice,Bule ocean,build pipeline,convert to pipeline,credentials binding plugin,credentials plugin,dashboard,Hidden Parameter,kubernetes cli,,kubernetes plugin,Kubernetes :: Pipeline :: DevOps Steps,List Git Branches Parameter,Parameterized Remote Trigger,pipeline
##1.2安装Gitlab
下载:https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/
yum install -y curl openssh-server postfix cronie
yum -y install policycoreutils-python
[root@k8s-gitlab ~]# rpm -ivh gitlab-ce-13.7.5-ce.0.el7.x86_64.rpm
[root@k8s-gitlab ~]# vim /etc/gitlab/gitlab.rb #修改为域名或IP
external_url ‘http://192.168.0.200’
[root@k8s-gitlab ~]# gitlab-ctl reconfigure #重载配置文件
[root@k8s-gitlab ~]# gitlab-ctl status
run: alertmanager: (pid 1201) 44655s; run: log: (pid 1182) 44656s
run: gitaly: (pid 1193) 44655s; run: log: (pid 1174) 44656s
run: gitlab-exporter: (pid 1198) 44655s; run: log: (pid 1175) 44656s
run: gitlab-workhorse: (pid 1199) 44655s; run: log: (pid 1176) 44656s
…
启动/停止单个服务
[root@k8s-gitlab ~]# gitlab-ctl stop|start alertmanager
访问:http://192.168.0.200,一登陆会要求改密码
账号:root
#二.Gitlab配置SSH Key
[root@k8s-cicd ~]# cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDft6CmoNepXo8DDtj+dgZ/KyLvihzfAj/ARUryu2DNkM92pWF16XLvXBVWlOGXIP1ScFszj1qP3qrFkn0KQfp9Pcxj2evPgBfPhKcbQSSh3LruoGiKHW0I9rJl4ZzdSgyJk1K1ndRd+nT0JMZAmRpZafLB1xJ3zOwWIyvv43eBwS+w63kk/RCSV5cgcg5v6vKTzeA7Orh5h91o+yh8lAUV42sDCE/VAwpm7g6Ccgg8XADPUD+LSePRmoNSJEKdgG8rcPq19Gy6gg/2SosxmQV8XzYwMp1E7musc+q75jerNX91Bu7pXOVwgzUiv2Rj8UNLedxCEoTk5KkIvaXDyzMZ root@k8s-cicd
#三.推送代码到Gitlab仓库
[root@k8s-cicd ~]# cd /usr/local/spring-cloud-demo/
[root@k8s-cicd spring-cloud-demo]# ls
docs README.md spring-cloud-account spring-cloud-biz spring-cloud-client spring-cloud-demo spring-cloud-eureka spring-cloud-gateway spring-cloud-parent spring-cloud-starter
全局设置git自己的邮箱和名字
git config --global user.email “you@example.com”
git config --global user.name “Your Name”
添加远程仓库地址
git remote add origin git@192.168.0.200:kubernetes-guide/spring-cloud-demo.git
推送到仓库
git init .
git status
git add .
git commit -m “add page”
git push -u origin master
#四.Jenkins凭证
##4.1配置harbor/阿里云账号密码
凭据->系统->全局凭据->类型为Username with password
##4.2配置gitlab私钥
[root@k8s-gitlab ~]# cat /root/.ssh/id_rsa #查看私钥
公钥已经配置在gitlab ssh,这样jenkins有权限构建gitlab上的项目
凭据->系统->全局凭据->类型为SSH Username with private key
#五.Blue Ocean创建流水线
安装bule ocean插件,相比经典界面更加友好,bule ocean每一步都有清晰的日志
ssh key添加至gitlab ssh key,创建完成会在gitlab project生成Jenkinsfile文件
Jenkinsfile文件内容拷贝到Jenkinsfile
pipeline {
agent {
kubernetes {
cloud 'kubernetes-default'
slaveConnectTimeout 1200
yaml '''
apiVersion: v1
kind: Pod
spec:
containers:
- args: [\'$(JENKINS_SECRET)\', \'$(JENKINS_NAME)\']
image: 'registry.cn-beijing.aliyuncs.com/citools/jnlp:alpine'
name: jnlp
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: "/etc/localtime"
name: "volume-2"
readOnly: false
- mountPath: "/etc/hosts"
name: "volume-hosts"
readOnly: false
- command:
- "cat"
env:
- name: "LANGUAGE"
value: "en_US:en"
- name: "LC_ALL"
value: "en_US.UTF-8"
- name: "LANG"
value: "en_US.UTF-8"
image: "registry.cn-beijing.aliyuncs.com/citools/maven:3.5.3"
imagePullPolicy: "IfNotPresent"
name: "build"
tty: true
volumeMounts:
- mountPath: "/etc/localtime"
name: "volume-2"
readOnly: false
- mountPath: "/root/.m2/"
name: "volume-maven-repo"
readOnly: false
- mountPath: "/etc/hosts"
name: "volume-hosts"
readOnly: false
- command:
- "cat"
env:
- name: "LANGUAGE"
value: "en_US:en"
- name: "LC_ALL"
value: "en_US.UTF-8"
- name: "LANG"
value: "en_US.UTF-8"
image: "registry.cn-beijing.aliyuncs.com/citools/kubectl:self-1.17"
imagePullPolicy: "IfNotPresent"
name: "kubectl"
tty: true
volumeMounts:
- mountPath: "/etc/localtime"
name: "volume-2"
readOnly: false
- mountPath: "/var/run/docker.sock"
name: "volume-docker"
readOnly: false
- mountPath: "/mnt/.kube/"
name: "volume-kubeconfig"
readOnly: false
- mountPath: "/etc/hosts"
name: "volume-hosts"
readOnly: false
- command:
- "cat"
env:
- name: "LANGUAGE"
value: "en_US:en"
- name: "LC_ALL"
value: "en_US.UTF-8"
- name: "LANG"
value: "en_US.UTF-8"
image: "registry.cn-beijing.aliyuncs.com/citools/docker:19.03.9-git"
imagePullPolicy: "IfNotPresent"
name: "docker"
tty: true
volumeMounts:
- mountPath: "/etc/localtime"
name: "volume-2"
readOnly: false
- mountPath: "/var/run/docker.sock"
name: "volume-docker"
readOnly: false
- mountPath: "/etc/hosts"
name: "volume-hosts"
readOnly: false
restartPolicy: "Never"
nodeSelector:
build: "true"
securityContext: {}
volumes:
- hostPath:
path: "/var/run/docker.sock"
name: "volume-docker"
- hostPath:
path: "/usr/share/zoneinfo/Asia/Shanghai"
name: "volume-2"
- hostPath:
path: "/etc/hosts"
name: "volume-hosts"
- name: "volume-maven-repo"
hostPath:
path: "/opt/m2"
- name: "volume-kubeconfig"
secret:
secretName: "multi-kube-config"
'''
}
}
stages {
stage('pulling Code') {
parallel {
stage('pulling Code') {
when {
expression {
env.gitlabBranch == null
}
}
steps {
git(branch: "${BRANCH}", credentialsId: '13245b0d-3a26-475e-98e2-3c1e6f3536f8', url: "${REPO_URL}")
}
}
stage('pulling Code by trigger') {
when {
expression {
env.gitlabBranch != null
}
}
steps {
git(url: "${REPO_URL}", branch: env.gitlabBranch, credentialsId: '13245b0d-3a26-475e-98e2-3c1e6f3536f8')
}
}
}
}
stage('initConfiguration') {
steps {
script {
CommitID = sh(returnStdout: true, script: "git log -n 1 --pretty=format:'%h'").trim()
CommitMessage = sh(returnStdout: true, script: "git log -1 --pretty=format:'%h : %an %s'").trim()
def curDate = sh(script: "date '+%Y%m%d-%H%M%S'", returnStdout: true).trim()
TAG = curDate[0..14] + "-" + CommitID + "-" + BRANCH
}
}
}
stage('Building') {
parallel {
stage('Building') {
steps {
container(name: 'build') {
sh """
echo "Building Project..."
${BUILD_COMMAND}
"""
}
}
}
stage('Scan Code') {
steps {
sh 'echo "Scan Code"'
}
}
}
}
stage('Build image') {
steps {
withCredentials([usernamePassword(credentialsId: 'REGISTRY_USER', passwordVariable: 'Password', usernameVariable: 'Username')]) {
container(name: 'docker') {
sh """
docker build -t ${HARBOR_ADDRESS}/${REGISTRY_DIR}/${IMAGE_NAME}:${TAG} .
docker login -u ${Username} -p ${Password} ${HARBOR_ADDRESS}
docker push ${HARBOR_ADDRESS}/${REGISTRY_DIR}/${IMAGE_NAME}:${TAG}
"""
}
}
}
}
stage('Deploy') {
when {
expression {
DEPLOY != "false"
}
}
steps {
container(name: 'kubectl') {
sh """
cat ${KUBECONFIG_PATH} > /tmp/1.yaml
/usr/local/bin/kubectl config use-context ${CLUSTER} --kubeconfig=/tmp/1.yaml
export KUBECONFIG=/tmp/1.yaml
/usr/local/bin/kubectl set image ${DEPLOY_TYPE} -l ${DEPLOY_LABEL} ${CONTAINER_NAME}=${HARBOR_ADDRESS}/${REGISTRY_DIR}/${IMAGE_NAME}:${TAG} -n ${NAMESPACE}
"""
}
}
}
}
environment {
CommitID = ''
CommitMessage = ''
TAG = ''
}
}
#六.Jenkins配置k8s多集群
[root@k8s-master01 ~]# cat /etc/kubernetes/pki/ca.pem 复制到服务证书key
Jenkins->系统配置->Cloud
创建证书凭证
[root@k8s-master01 pki]# openssl pkcs12 -export -out /tmp/default.pfx -inkey admin-key.pem -in admin.pem -certfile ca.pem
Enter Export Password:
Verifying - Enter Export Password:
[root@k8s-master01 pki]# sz /tmp/default.pfx
Jenkins->系统配置->Cloud,把凭据和jenkins地址填上
Jenkins->全局安全配置,slave和master通讯,需要开端口
#七.KUBECONFIG多集群配置
[root@k8s-master01 pki]# cd /etc/kubernetes/pki/
[root@k8s-master01 pki]# cp ~/.kube/config ./multi-cluster.yaml
配置集群
[root@k8s-master01 pki]# kubectl config set-cluster test --certificate-authority=ca.pem --embed-certs=true --server=https://192.168.0.236:8443 --kubeconfig=multi-cluster.yaml
Cluster “test” set.
配置用户
[root@k8s-master01 pki]# kubectl config set-credentials test-admin --client-certificate=admin.pem --client-key=admin-key.pem --embed-certs=true --kubeconfig=multi-cluster.yaml
User “test-admin” set.
设置上下文
[root@k8s-master01 pki]# kubectl config set-context test --cluster=test --user=test-admin --kubeconfig=multi-cluster.yaml
Context “test” created.
[root@k8s-master01 pki]# kubectl --kubeconfig=multi-cluster.yaml config use-context test
Switched to context “test”.
[root@k8s-master01 pki]# kubectl get po --kubeconfig=multi-cluster.yaml
[root@k8s-master01 pki]# kubectl create secret generic multi-kube-config --from-file=multi-cluster.yaml
secret/multi-kube-config created
#八.Jenkins创建构建任务
根据gitlab Jenkinsfile文件中的变量设置参数
#九.测试
新项目上线,先制作好镜像推送到阿里镜像仓库,初始镜像为spring-cloud-demo-eureka:test
部署pod
[root@k8s-master01 ci]# cat app.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
labels:
app: spring-cloud-demo-eureka
name: spring-cloud-demo-deploy
namespace: java-test
spec:
replicas: 2
selector:
matchLabels:
app: spring-cloud-demo-eureka
template:
metadata:
labels:
app: spring-cloud-demo-eureka
spec:
containers:
- image: registry.cn-hangzhou.aliyuncs.com/java-demo-karl/spring-cloud-demo-eureka:test
name: spring-cloud-demo-eureka
[root@k8s-master01 ci]# kubectl apply -f app.yaml
jenkins启动构建任务,选择部署。此时会产生新镜像java-demo-karl/spring-cloud-demo-eureka:20210715-125232-a2e9b6b-master
根据Deploy部署执行kubectl set image 替换为新镜像
[root@k8s-master01 ci]# kubectl describe deploy spring-cloud-demo-deploy -n java-test | grep Image
Image: registry.cn-hangzhou.aliyuncs.com/java-demo-karl/spring-cloud-demo-eureka:20210715-125232-a2e9b6b-master
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献1条内容
所有评论(0)