目录

一、什么是DevOps

二、k8s 在 DevOps 中可实现的功能

三、DevOps 容器云平台工作流程

 四、搭建Harbor

五、安装Jenkins

1、可用如下两种方法 

2、离线安装插件 

3、配置k8s基于containerd从harbor仓库找镜像运行pod 

4、测试jenkins的CICD

​编辑 5、添加登录harbor需要的凭据

6、测试通过jenkins发布代码到k8s开发环境、测试环境、生产环境


一、什么是DevOps

    DevOps 中的 Dev 是 Devlopment(开发),Ops 是 Operation(运维),用一句话来说 DevOps 就是打通开发运维的壁垒,实现开发运维一体化。DevOps 整个流程包括敏捷开发->持续集成->持续交 付->持续部署。

1.敏捷开发    提高开发效率,及时跟进用户需求,缩短开发周期。敏捷开发包括编写代码和构建代码两个阶段,可以使用 git 或者 svn 来管理代码,比方说 java 代 码,用 maven 对代码进行构建。2.持续集成(CI)    持续集成(CI)是在源代码变更后自动检测、拉取、构建和(在大多数情况下)进行单元测试的过 程。持续集成是启动管道的环节(经过某些预验证 —— 通常称为 上线前检查 (pre-flight checks) —— 有时会被归在持续集成之前)。持续集成的目标是快速确保开发人员新提交的变更是好的,并且适 合在代码库中进一步使用。    常见的持续集成工具:    1. Jenkins Jenkins 是用 Java 语言编写的,是目前使用最多和最受欢迎的持续集成工具,使用 Jenkins,可以 自动监测到 git 或者 svn 存储库代码的更新,基于最新的代码进行构建,把构建好的源码或者镜像发布到 生产环境。Jenkins 还有个非常好的功能:它可以在多台机器上进行分布式地构建和负载测试    2. TeamCity     3. Travis CI     4. Go CD     5. Bamboo     6. GitLab CI     7. Codeship    它的好处主要有以下几点:     1)较早的发现错误:每次集成都通过自动化的构建(包括编译,发布,自动化测试)来验证,哪个 环节出现问题都可以较早的发现。     2)快速的发现错误:每完成一部分代码的更新,就会把代码集成到主干中,这样就可以快速的发现 错误,比较容易的定位错误。     3)提升团队绩效:持续集成中代码更新速度快,能及时发现小问题并进行修改,使团队能创造出更 好的产品。     4)防止分支过多的偏离主干:经常持续集成,会使分支代码经常向主干更新,当单元测试失败或者 出现 bug,如果开发者需要在没有调试的情况下恢复仓库的代码到没有 bug 的状态,只有很小部分的代 码会丢失。     持续集成的目的是提高代码质量,让产品快速的更新迭代。它的核心措施是,代码集成到主干之前, 必须通过自动化测试。只要有一个测试用例失败,就不能集成。3.持续交付    持续交付在持续集成的基础上,将集成后的代码部署到更贴近真实运行环境的「类生产环境」(production-like environments)中。交付给质量团队或者用户,以供评审。如果评审通过,代码就进入生产阶段。如果所有的代码完成之后一起交付,会导致很多问题爆发出来,解决起来很麻烦,所以持续集成,也就是每更新一次代码,都向下交付一次,这样可以及时发现问题,及时解决,防止问题大量堆积。4.持续部署(CD)    持续部署是指当交付的代码通过评审之后,自动部署到生产环境中。持续部署是持续交付的最高阶段。Puppet,SaltStack 和 Ansible 是这个阶段使用的流行工具。容器化工具在部署阶段也发挥着重要作用。Docker 和 k8s 是流行的工具,有助于在开发,测试和生产环境中实现一致性。 除此之外,k8s还可以实现自动扩容缩容等功能。

二、k8s 在 DevOps 中可实现的功能

1、自动化     持续交付->持续部署。 2、多集群管理     可以根据客户需求对开发,测试,生产环境部署多套 kubernetes 集群,每个环境使用独立的物理资源,相互之间避免影响。或者,可以搭建一套 k8s,划分名称空间,给不同的环境用。 3、多环境一致性    Kubernetes 是基于 docker 的容器编排工具,因为容器的镜像是不可变的,所以镜像把 OS、业务 代码、运行环境、程序库、目录结构都包含在内,镜像保存在我们的私有仓库,只要用户从我们提供的私 有仓库拉取镜像,就能保证环境的一致性。

三、DevOps 容器云平台工作流程


jenkins 主节点:
负责维护 pipeline
jenkins 从节点:
负责把主节点 pipeline 里的步骤运行起来
jenkins 主节点立即构建 pipeline,会调用 k8s apiserver 在 k8s 集群里创建一个 pod(jenkins 从节点)。所有 pipeline 里的步骤会在 jenkins 从节点运行。
Jenkins—>k8s,帮助你创建一个 pod,pod 里面封装的是 jenkins 服务
主 Jenkins pipeline 流水线:
第一步:从 gitlab 拉代码
第二步:如果 java 开发,对代码编译打包并且把代码传到代码扫描仓库 sonarqube:maven 生成jar、war、go build 生成一个可执行的文件、python 代码,直接运行.py 结尾的文件
第三步:把 jar 或者 war 包基于 dockerfile 构建镜像
第四步: 把镜像传到镜像仓库 harbor
第五步:写 yaml 文件,把开发、测试、生产环境的资源对应的 yaml 都写出来
主 jenkins 构建 pipeline,调用 k8s api,在 k8s 里创建一个 pod,这个 pod 里面运行的是jenkins 服务,只不过这个 pod 里运行的 jenkins 服务是 jenkins 从节点,刚才这五个步骤,都是在jenkins 从节点这个 pod 里做的。完成之后,jenkins 从节点这个 pod 就会被删除。主 jenkins 是包工

 四、搭建Harbor

设置主机名
hostnamectl set-hostname harbor.cn && bash
修改hosts文件
vim /etc/hosts
192.168.1.100 lx100
192.168.1.110 lx110
192.168.1.120 lx120
192.168.1.130 harbor.cn
永久关闭selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
临时关闭selinux
setenforce 0
配置yum源
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
配置时间同步
yum -y install chrony
vim /etc/chrony.conf
server ntp1.aliyun.com iburst
server ntp2.aliyun.com iburst
server ntp1.tencent.com iburst
server ntp2.tencent.com iburst
设置为开机自启并且现在启动
systemctl enable chronyd --now
编写计划任务定时同步时间
crontab -e
* * * * * /usr/bin/systemctl restart chronyd
修改内核参数
modprobe br_netfilter
cat <<EOF >/etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
sysctl -p /etc/sysctl.d/k8s.conf
将K8S节点的hosts文件同步
vim /etc/hosts
192.168.1.100 lx100
192.168.1.110 lx110
192.168.1.120 lx120
192.168.1.130 harbor.cn
在K8S控制节点到harbor.cn机器免密登录
生成公钥密钥
ssh-keygen -t rsa
将公钥发送到目标机器(倘若之前生成过公钥密钥可以直接发送)
ssh-copy-id -i .ssh/id_rsa.pub root@harbor.cn
为Harbor自签发证书
mkdir /data/ssl -p 
cd /data/ssl
生成CA证书
生成一个 3072 位的 key,也就是私钥
openssl genrsa -out ca.key 3072
生成一个数字证书 ca.pem,3650 表示证书的有效时间是 10 年,按箭头提示填写即可,没有箭头标注的为空
openssl req -new -x509 -days 3650 -key ca.key -out ca.pem
  Country Name (2 letter code) [XX]:CN
  State or Province Name (full name) []:beijing
  Locality Name (eg, city) [Default City]:beijing
  Organization Name (eg, company) [Default Company Ltd]:lx
  Organizational Unit Name (eg, section) []:CA
  Common Name (eg, your name or your server's hostname) []:harbor.cn
  Email Address []:lx@163.com
生成域名的证书
openssl genrsa -out harbor.key 3072
生成一个 3072 位的 key,也就是私钥
openssl req -new -key harbor.key -out harbor.csr
  Country Name (2 letter code) [XX]:CN
  State or Province Name (full name) []:beijing
  Locality Name (eg, city) [Default City]:beijing
  Organization Name (eg, company) [Default Company Ltd]:lx
  Organizational Unit Name (eg, section) []:CA
  Common Name (eg, your name or your server's hostname) []:harbor.cn    
  Email Address []:lx@163.com
  
  Please enter the following 'extra' attributes
  to be sent with your certificate request
  A challenge password []:
  An optional company name []:
签发证书
openssl x509 -req -in harbor.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out harbor.pem -days 3650
Signature ok
subject=C = CN, ST = beijing, L = beijing, O = lx, OU = CA, CN = harbor.cn, emailAddress = lx@163.com
Getting CA Private Key
查看证书是否有效
openssl x509 -noout -text -in harbor.pem 
安装docker
yum -y install docker-ce
启动docker并配置开机自启
systemctl start docker && systemctl enable docker
配置镜像加速器
vim /etc/docker/daemon.json
{
    "registry-mirrors": ["https://vljhz7wt.mirror.aliyuncs.com"],
    "insecure-registries":["192.168.1.130","harbor.cn"]
}
重启docker
systemctl restart docker
安装harbor
创建安装目录
mkdir /data/install -p
把harbor的离线包 harbor-offline-installer-v2.3.0-rc3.tgz上传到这个目录
下载离线包地址:
https://github.com/goharbor/harbor/releases/tag/
解压压缩包
tar zxf harbor-offline-installer-v2.3.0-rc3.tgz
cd harbor
cp harbor.yml.tmpl harbor.yml
vim harbor.yml
  hostname: harbor.cn
  certificate: /data/ssl/harbor.pem
  private_key: /data/ssl/harbor.key
  harbor_admin_password: Harbor12345
安装docker-compose
下载二进制文件地址:
https://github.com/docker/compose/
上传到服务器
mv docker-compose-Linux-x86_64.64 /usr/local/bin/dockercompose
添加执行权限
chmod +x /usr/local/bin/docker-compose
docker load -i 解压镜像
docker load -i docker-harbor-2-3-0.tar.gz
安装
cd /data/install/harbor
./install.sh
停止:
cd /data/install/harbor
docker-compose stop
启动:
cd /data/install/harbor
docker-compose up -d
修改自己电脑的hosts文件,C:\Windows\System32\drivers\etc
添加:
192.168.1.130 harbor.cn

访问:

新建一个test项目

 在其他机器上测试harbor


vim /etc/docker/daemon.json
添加:
"insecure-registries":["192.168.1.130","harbor.cn"]
登录harbor
docker login 192.168.1.130
Username: admin
Password:  Harbor12345
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
打包镜像
docker tag busybox:1.28 192.168.1.130/test/busybox:1.28
上传镜像
docker push 192.168.1.130/test/busybox:1.28
拉取镜像
docker pull 192.168.1.130/test/busybox:1.28
1.28: Pulling from test/busybox
Digest: sha256:74f634b1bc1bd74535d5209589734efbd44a25f4e2dc96d78784576a3eb5b335
Status: Image is up to date for 192.168.1.130/test/busybox:1.28
192.168.1.130/test/busybox:1.28
docker images
REPOSITORY                   TAG        IMAGE ID       CREATED       SIZE
php                          5-apache   24c791995c1e   4 years ago   355MB
192.168.1.130/test/busybox   1.28       8c811b4aec35   5 years ago   1.15MB
busybox                      1.28       8c811b4aec35   5 years ago   1.15MB

验证

五、安装Jenkins

1、可用如下两种方法 

  • 通过 docker 直接下载 jenkins 镜像,基于镜像启动服务 
  • 在 k8s 中部署 Jenkins 服务,我们基于此方法

 

安装nfs服务
在主节点上安装nfs server端
yum install nfs-utils -y && systemctl start nfs-server && systemctl enable nfs-server
在从节点上安装nfs client端
yum install nfs-utils -y && systemctl start nfs-server && systemctl enable nfs-server
在主节点上新建一个nfs共享目录
mkdir /data/v1 -p
vim /etc/export
/data/v1 *(rw,no_root_squash)
exportfs -arv
在kubenets中部署jenkins
创建命名空间
kubectl create ns jenkins-k8s
创建PV
cat pv.yaml 
apiVersion: v1
kind: PersistentVolume
metadata:
  name: jenkins-k8s-pv
spec:
  capacity:
    storage: 10Gi
  accessModes:
  - ReadWriteMany
  nfs:
    server: 192.168.1.100
    path: /data/v1
更新资源清单
kubectl apply -f pv.yaml
创建PVC
cat pvc.yaml 
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: jenkins-k8s-pvc
  namespace: jenkins-k8s
spec:
  resources:
    requests: 
      storage: 10Gi
  accessModes:
  - ReadWriteMany
更新资源清单
kubectl apply -f pvc.yaml
查看pvc和pv是否绑定
kubectl get pvc -n jenkins-k8s
创建SA
kubectl create sa jenkins-k8s-sa -n jenkins-k8s
kubectl create clusterrolebinding jenkins-k8s-sa-cluster --clusterrole=cluster-admin --serviceaccount=jenkins-k8s:jenkins-k8s-sa
解压镜像
ctr -n=k8s.io images  import jenkins-slave-latest.tar.gz

ctr -n=k8s.io images import jenkins2.421.tar.gz 
通过deployment部署jenkins
cat jenkins-deployment.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: jenkins
  namespace: jenkins-k8s
  labels:
    app: jenkins
spec:
  replicas: 2
  selector:
    matchLabels:
      app: jenkins
  template:
    metadata:
      labels:
        app: jenkins
    spec:
      serviceAccountName: jenkins-k8s-sa
      containers:
      - name: jenkins
        image: docker.io/jenkins/jenkins:2.421
        imagePullPolicy: IfNotPresent
        ports:
        - name: web
          containerPort: 8080
          protocol: TCP
        - name: agent
          containerPort: 50000
          protocol: TCP
        livenessProbe:  #存活监测
          httpGet: #尝试连接8080端口的/login地址
            path: /login
            port: 8080
          initialDelaySeconds: 60 #每间隔60秒重新连接
          timeoutSeconds: 5 #每次存活监测请求将在5秒内返回响应,超时则为失败
          failureThreshold: 12  #失败12次说明这个容器不健康,容器会被重启
        readinessProbe: #就绪监测
          httpGet: 
            path: /login
            port: 8080
          initialDelaySeconds: 60
          failureThreshold: 12
          timeoutSeconds: 5
        volumeMounts: 
        - name: jenkins-volumes
          subPath: jenkins_home
          mountPath: /var/jenkins_home
      volumes:
      - name: jenkins-volumes
        persistentVolumeClaim: 
          claimName: jenkins-k8s-pvc
chown -R 1000.1000 /data/v1/
更新资源清单
kubectl apply -f jenkins-deployment.yaml
kubectl get deployment -n=jenkins-k8s
为jenkins前端创建service
cat jenkins-service.yaml 
apiVersion: v1
kind: Service
metadata:
  name: jenkins-svc
  namespace: jenkins-k8s
  labels:
    app: jenkins
spec:
  selector:
    app: jenkins
  type: NodePort
  ports:
  - name: web
    port: 8080
    targetPort: web
    nodePort: 30002  #这个范围在(30000-32767)
  - name: target
    port: 50000
    targetPort: agent
更新资源清单
kubectl apply -f jenkins-service.yaml
查看密码
cat /data/v1/jenkins_home/secrets/initialAdminPassword 
8a817d95a7804f34bf2d80e7ec25291f

访问:

 

 

2、离线安装插件 

查看版本 

 

在清华源下载离线插件

https://mirrors.tuna.tsinghua.edu.cn/jenkins/plugins/上面对应的版本是1.8.0,所以下载1.8.0版本的gitlab

 

离线安装

 

3、配置k8s基于containerd从harbor仓库找镜像运行pod 


修改控制节点和工作节点的/etc/containerd/config.toml文件
    [plugins."io.containerd.grpc.v1.cri".registry]
      config_path = ""

      [plugins."io.containerd.grpc.v1.cri".registry.auths]

      [plugins."io.containerd.grpc.v1.cri".registry.configs]
        [plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.1.130".tls]
            insecure_skip_verify = true
        [plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.1.130".auth]
            username = "admin"
            password = "Harbor12345"

      [plugins."io.containerd.grpc.v1.cri".registry.headers]

      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
         [plugins."io.containerd.grpc.v1.cri".registry.mirrors."192.168.1.130"]
            endpoint = ["https://192.168.1.130:443"]
          [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
             endpoint = ["https://vh3bm52y.mirror.aliyuncs.com","https://registry.docker-cn.com"]
             

创建pod测试


#导入tomcat镜像
docker load -i tomcat.tar.gz 
#打包tomcat镜像
docker tag tomcat:8.5-jre8-alpine 192.168.1.130/test/tomcat:8.5
上传镜像到仓库
docker push 192.168.1.130/test/tomcat:8.5
编写yaml文件创建pod
cat ceshi.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: test
spec:
  containers:
  - name: test
    ports:
    - containerPort: 8080
    image: 192.168.1.130/test/tomcat:8.5
    imagePullPolicy: IfNotPresent
更新资源清单
kubectl apply -f ceshi.yaml
查看pod
kubectl get pods
NAME                                 READY   STATUS    RESTARTS       AGE

test                                 1/1     Running   0              2m16s

 

4、测试jenkins的CICD

在harbor中创建jenkins-demo项目

在jenkins中安装kubernetes插件

 

配置jenkins访问K8S集群 

 

 

如果结果为示 Connection test successful 或Connected to Kubernetes 1.26 则测试成功

配置jenkins的地址为域名

 

配置pod模板

 

 

添加卷------>选择 Host Path Volume

控制节点存在污点,所以需要把.kube文件夹传入所有工作节点把所有工作节点都导入jenkins-slave-latest.tar.gzctr -n=k8s.io images import jenkins-slave-latest.tar.gz工作节点:mkdir -p /root/.kube控制节点:scp /root/.kube/config 节点名称:/root/.kube

 

 5、添加登录harbor需要的凭据


username:admin
password:Harbor12345 
ID:dockerharbor 
描述:随意 
上面改好之后选择 create 即可

 

6、测试通过jenkins发布代码到k8s开发环境、测试环境、生产环境

在k8s的控制节点创建命名空间kubectl create ns devlopmentnamespace/devlopment createdkubectl create ns productionnamespace/production createdkubectl create ns qatestnamespace/qatest created

新建任务

 

编写pipeline脚本
node('testhan') {  #testhan为以上设置的Pod模板标签
    stage('Clone') {
        echo "1.Clone Stage" #第一步克隆代码
        git url: "https://gitee.com/howehonkei/jenkins-sample" #gitee地址
        script {
            build_tag = sh(returnStdout: true, script: 'git rev-parse --short HEAD').trim()
        }
    }
    stage('Test') {
      echo "2.Test Stage" #打印2.Test Stage

    }
    stage('Build') { #构建镜像
            echo "3.Build Docker Image Stage"
        sh "docker build -t 192.168.1.130/jenkins-demo/jenkins-demo:${build_tag} ." #构建后的名字:仓库地址/项目名/镜像名:版本号
    }
    stage('Push') { #上传到镜像仓库
       echo "4.Push Docker Image Stage"
       withCredentials([usernamePassword(credentialsId: 'dockerharbor',passwordVariable: 'dockerHubPassword', usernameVariable: 'dockerHubUser')]) {
           sh "docker login 192.168.1.130 -u ${dockerHubUser} -p ${dockerHubPassword}"
           sh "docker push 192.168.1.130/jenkins-demo/jenkins-demo:${build_tag}"
       }
    }
    stage('Deploy to dev') {
        echo "5. Deploy DEV"
       sh "sed -i 's/<BUILD_TAG>/${build_tag}/' k8s-dev-harbor.yaml "
        sh "kubectl apply -f k8s-dev-harbor.yaml  --validate=false"
  }  
  stage('Promote to qa') {  
    def userInput = input(
            id: 'userInput',

            message: 'Promote to qa?', #是否部署到qatest测试环境
            parameters: [
                [
                    $class: 'ChoiceParameterDefinition',
                    choices: "YES\nNO",
                    name: 'Env'
                ]
            ]
        )
        echo "This is a deploy step to ${userInput}"
        if (userInput == "YES") { #如果是则部署,如果不是则exit退出
            sh "sed -i 's/<BUILD_TAG>/${build_tag}/' k8s-qa-harbor.yaml "
            sh "kubectl apply -f k8s-qa-harbor.yaml --validate=false"
            sh "sleep 6"
            sh "kubectl get pods -n qatest"
        } else {
            //exit
        }
    }
  stage('Promote to pro') {  
    def userInput = input(

            id: 'userInput',
            message: 'Promote to pro?',  #是否部署到pro生产环境,如果是则部署,如果不是,则退出
            parameters: [
                [
                    $class: 'ChoiceParameterDefinition',
                    choices: "YES\nNO",
                    name: 'Env'
                ]
            ]
        )
        echo "This is a deploy step to ${userInput}"
        if (userInput == "YES") {
            sh "sed -i 's/<BUILD_TAG>/${build_tag}/' k8s-prod-harbor.yaml "
            sh "kubectl apply -f k8s-prod-harbor.yaml --record --validate=false"
        }
    }
}

结果(期间需要点一下yes/no): 


Started by user admin
[Pipeline] Start of Pipeline
[Pipeline] node
Agent test2-q4bzl is provisioned from template test2
---
apiVersion: "v1"
kind: "Pod"
metadata:
  labels:
    jenkins: "slave"
    jenkins/label-digest: "109f4b3c50d7b0df729d299bc6f8e9ef9066971f"
    jenkins/label: "test2"
  name: "test2-q4bzl"
  namespace: "jenkins-k8s"
spec:
  containers:
  - env:
    - name: "JENKINS_SECRET"
      value: "********"
    - name: "JENKINS_AGENT_NAME"
      value: "test2-q4bzl"
    - name: "JENKINS_NAME"
      value: "test2-q4bzl"
    - name: "JENKINS_AGENT_WORKDIR"
      value: "/home/jenkins/agent"
    - name: "JENKINS_URL"
      value: "http://jenkins-service.jenkins-k8s.svc.cluster.local:8080/"
    image: "docker.io/library/jenkins-slave-latest:v1"
    imagePullPolicy: "IfNotPresent"
    name: "jnlp"
    resources: {}
    tty: true
    volumeMounts:
    - mountPath: "/var/run/docker.sock"
      name: "volume-0"
      readOnly: false
    - mountPath: "/home/jenkins/agent/.kube"
      name: "volume-1"
      readOnly: false
    - mountPath: "/home/jenkins/agent"
      name: "workspace-volume"
      readOnly: false
    workingDir: "/home/jenkins/agent"
  hostNetwork: false
  nodeSelector:
    kubernetes.io/os: "linux"
  restartPolicy: "Never"
  serviceAccountName: "jenkins-k8s-sa"
  volumes:
  - hostPath:
      path: "/var/run/docker.sock"
    name: "volume-0"
  - hostPath:
      path: "/root/.kube/"
    name: "volume-1"
  - emptyDir:
      medium: ""
    name: "workspace-volume"

Running on test2-q4bzl in /home/jenkins/agent/workspace/jenkins-variable-test-deploy
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Clone)
[Pipeline] echo
1.Clone Stage
[Pipeline] git
The recommended git tool is: NONE
No credentials specified
Cloning the remote Git repository
Cloning repository https://gitee.com/howehonkei/jenkins-sample
 > git init /home/jenkins/agent/workspace/jenkins-variable-test-deploy # timeout=10
Fetching upstream changes from https://gitee.com/howehonkei/jenkins-sample
 > git --version # timeout=10
 > git --version # 'git version 2.20.1'
 > git fetch --tags --force --progress -- https://gitee.com/howehonkei/jenkins-sample +refs/heads/*:refs/remotes/origin/* # timeout=10
 > git config remote.origin.url https://gitee.com/howehonkei/jenkins-sample # timeout=10
 > git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/* # timeout=10
Avoid second fetch
Checking out Revision c84e9c996d94a1a70acef249f02defa1dd8eba2d (refs/remotes/origin/master)
Commit message: "update k8s-qa-harbor.yaml."
 > git rev-parse refs/remotes/origin/master^{commit} # timeout=10
 > git config core.sparsecheckout # timeout=10
 > git checkout -f c84e9c996d94a1a70acef249f02defa1dd8eba2d # timeout=10
 > git branch -a -v --no-abbrev # timeout=10
 > git checkout -b master c84e9c996d94a1a70acef249f02defa1dd8eba2d # timeout=10
 > git rev-list --no-walk 695badebb4fcec5ec7121a7ee0ad7c01470c1f64 # timeout=10
[Pipeline] script
[Pipeline] {
[Pipeline] sh
+ git rev-parse --short HEAD
[Pipeline] }
[Pipeline] // script
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Test)
[Pipeline] echo
2.Test Stage
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Build)
[Pipeline] echo
3.Build Docker Image Stage
[Pipeline] sh
+ docker build -t 192.168.1.130/jenkins-demo/jenkins-demo:c84e9c9 .

#1 [internal] load build definition from Dockerfile
#1       digest: sha256:bbdc400cb3325a1a54ecadf376a32be85651b9bbeab05d06b9b4b0a9f344485a
#1         name: "[internal] load build definition from Dockerfile"
#1      started: 2024-01-18 05:39:21.487644177 +0000 UTC
#1    completed: 2024-01-18 05:39:21.487777495 +0000 UTC
#1     duration: 133.318µs
#1      started: 2024-01-18 05:39:21.488051257 +0000 UTC
#1    completed: 2024-01-18 05:39:21.517441795 +0000 UTC
#1     duration: 29.390538ms
#1 transferring dockerfile: 173B done


#2 [internal] load .dockerignore
#2       digest: sha256:a25b10a47fbc69d60cbf739aef03488d480632cae80dcc6c485f67467bfbefdf
#2         name: "[internal] load .dockerignore"
#2      started: 2024-01-18 05:39:21.4905305 +0000 UTC
#2    completed: 2024-01-18 05:39:21.490626377 +0000 UTC
#2     duration: 95.877µs
#2      started: 2024-01-18 05:39:21.490805911 +0000 UTC
#2    completed: 2024-01-18 05:39:21.521249966 +0000 UTC
#2     duration: 30.444055ms
#2 transferring context: 2B done


#3 [internal] load metadata for docker.io/library/golang:1.10.4-alpine
#3       digest: sha256:2975609dc4ce6156e263e0aef9cc4d1986d8d39308587e04d395debc0a55fa8f
#3         name: "[internal] load metadata for docker.io/library/golang:1.10.4-alpine"
#3      started: 2024-01-18 05:39:21.574908704 +0000 UTC
#3    completed: 2024-01-18 05:39:37.023026759 +0000 UTC
#3     duration: 15.448118055s


#7 [internal] load build context
#7       digest: sha256:fe0a52a2d68662efe5c62b5b5d4ee7c0517de72c69e6d5137d9381488396a5ca
#7         name: "[internal] load build context"
#7      started: 2024-01-18 05:39:37.024698497 +0000 UTC
#7    completed: 2024-01-18 05:39:37.024729067 +0000 UTC
#7     duration: 30.57µs
#7      started: 2024-01-18 05:39:37.025855149 +0000 UTC
#7    completed: 2024-01-18 05:39:37.061667526 +0000 UTC
#7     duration: 35.812377ms
#7 transferring context: 154.11kB 0.0s done


#8 [1/4] FROM docker.io/library/golang:1.10.4-alpine@sha256:55ff778715a4f37...
#8       digest: sha256:2e76b53f7d06a662855ef278018be0816404be0c654422b28f3c5748b69d9a3a
#8         name: "[1/4] FROM docker.io/library/golang:1.10.4-alpine@sha256:55ff778715a4f37ef0f2f7568752c696906f55602be0e052cbe147becb65dca3"
#8      started: 2024-01-18 05:39:37.025007713 +0000 UTC
#8    completed: 2024-01-18 05:39:37.025587905 +0000 UTC
#8     duration: 580.192µs
#8      started: 2024-01-18 05:39:37.063816307 +0000 UTC
#8    completed: 2024-01-18 05:39:37.063891457 +0000 UTC
#8     duration: 75.15µs
#8       cached: true


#6 [2/4] ADD . /go/src/app
#6       digest: sha256:b1214ffb8f26db98d8e364fb36a7b0c224468782e60f842bfde3b2a8fadf22e6
#6         name: "[2/4] ADD . /go/src/app"
#6      started: 2024-01-18 05:39:37.065077866 +0000 UTC
#6    completed: 2024-01-18 05:39:37.148605762 +0000 UTC
#6     duration: 83.527896ms


#5 [3/4] WORKDIR /go/src/app
#5       digest: sha256:488c9bdf567ea00c52990bc15ca82f860bf423238f30ac537905dd32f415bd44
#5         name: "[3/4] WORKDIR /go/src/app"
#5      started: 2024-01-18 05:39:37.150149484 +0000 UTC
#5    completed: 2024-01-18 05:39:37.185096765 +0000 UTC
#5     duration: 34.947281ms


#4 [4/4] RUN  go build -v -o /go/src/app/jenkins-app
#4       digest: sha256:6d351affa2573a9722610567c90ae6d63b273e369ca4a584ee5cf359e9c4fad5
#4         name: "[4/4] RUN  go build -v -o /go/src/app/jenkins-app"
#4      started: 2024-01-18 05:39:37.187433605 +0000 UTC
#4 0.992 app
#4    completed: 2024-01-18 05:39:40.084060901 +0000 UTC
#4     duration: 2.896627296s


#9 exporting to image
#9       digest: sha256:f018acb84f7e531332e57af780b511f745fbb13eb6a7aeed98d98f227d4802ce
#9         name: "exporting to image"
#9      started: 2024-01-18 05:39:40.086667144 +0000 UTC
#9 exporting layers 0.1s done
#9 writing image sha256:43a1bfd469004719b88f9bcbf984176df4fca3f7ab2bedc54a89bc0a554e10c1
#9    completed: 2024-01-18 05:39:40.170335485 +0000 UTC
#9     duration: 83.668341ms
#9 writing image sha256:43a1bfd469004719b88f9bcbf984176df4fca3f7ab2bedc54a89bc0a554e10c1 done
#9 naming to 192.168.1.130/jenkins-demo/jenkins-demo:c84e9c9 done

[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Push)
[Pipeline] echo
4.Push Docker Image Stage
[Pipeline] withCredentials
Masking supported pattern matches of $dockerHubPassword
[Pipeline] {
[Pipeline] sh
Warning: A secret was passed to "sh" using Groovy String interpolation, which is insecure.
     Affected argument(s) used the following variable(s): [dockerHubPassword]
     See https://jenkins.io/redirect/groovy-string-interpolation for details.
+ docker login 192.168.1.130 -u admin -p ****
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[Pipeline] sh
+ docker push 192.168.1.130/jenkins-demo/jenkins-demo:c84e9c9
The push refers to repository [192.168.1.130/jenkins-demo/jenkins-demo]
5cb61b0deea9: Preparing
5f70bf18a086: Preparing
087cad268eff: Preparing
ac1c7fa88ed0: Preparing
cc5fec2c1edc: Preparing
93448d8c2605: Preparing
c54f8a17910a: Preparing
df64d3292fd6: Preparing
93448d8c2605: Waiting
c54f8a17910a: Waiting
df64d3292fd6: Waiting
cc5fec2c1edc: Layer already exists
ac1c7fa88ed0: Layer already exists
5f70bf18a086: Layer already exists
93448d8c2605: Layer already exists
c54f8a17910a: Layer already exists
df64d3292fd6: Layer already exists
087cad268eff: Pushed
5cb61b0deea9: Pushed
c84e9c9: digest: sha256:ca0508a398d69f452e42d4f2bd9704bcee0e8f18f58e5f0bfb90b0c08de6494f size: 1991
[Pipeline] }
[Pipeline] // withCredentials
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Deploy to dev)
[Pipeline] echo
5. Deploy DEV
[Pipeline] sh
+ sed -i s/<BUILD_TAG>/c84e9c9/ k8s-dev-harbor.yaml
[Pipeline] sh
+ kubectl apply -f k8s-dev-harbor.yaml --validate=false
deployment.apps/jenkins-demo configured
service/demo unchanged
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Promote to qa)
[Pipeline] input
Input requested
Approved by admin
[Pipeline] echo
This is a deploy step to YES
[Pipeline] sh
+ sed -i s/<BUILD_TAG>/c84e9c9/ k8s-qa-harbor.yaml
[Pipeline] sh
+ kubectl apply -f k8s-qa-harbor.yaml --validate=false
deployment.apps/jenkins-demo created
service/demo created
[Pipeline] sh
+ sleep 6
[Pipeline] sh
+ kubectl get pods -n qatest
NAME                            READY   STATUS    RESTARTS   AGE
jenkins-demo-7f7fb56856-zzj9r   1/1     Running   0          8s
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Promote to pro)
[Pipeline] input
Input requested
Approved by admin
[Pipeline] echo
This is a deploy step to YES
[Pipeline] sh
+ sed -i s/<BUILD_TAG>/c84e9c9/ k8s-prod-harbor.yaml
[Pipeline] sh
+ kubectl apply -f k8s-prod-harbor.yaml --record --validate=false
Flag --record has been deprecated, --record will be removed in the future
deployment.apps/jenkins-demo created
service/jenkins-demo created
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
Finished: SUCCESS

Logo

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐