Shulou(Shulou.com)06/03 Report--

With the widespread application of Kubernetes, the Kubernetes-based jenkins publishing mode also needs to make some changes. This blog builds a set of enterprise-level Jenkins CI/CD publishing process based on the previously built Kubernetes 1.16.0 high availability cluster.

Jenkins uses Pipline publishing, containerized deployment, master-slave structure, Jenkins master is responsible for scheduling slave, while slave performs operations such as pulling code, packaging, building image release and other operations. After the release, slave automatically dies and does not occupy server resources. Code storage here to facilitate the use of the Git repository, image storage uses the latest 1.9.0 Harbor.

Server resources:

172.30.0.109 k8smaster1 Harbor

172.30.0.81 k8smaster2

172.30.0.89 k8snode1 Git warehouse

Note: the master node is set to be schedulable or can be used as a node to run the business container and K8S deployment solution. Please refer to the previous blog, which is not described too much here.

The relevant configuration files in this blog will be uploaded to Baidu network disk later.

First, deploy Harbor

1. Install docker-compose

Harbor needs to be installed and managed based on the docker-compose plug-in

# curl-L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-`uname-s`-`uname-m`-o / usr/local/bin/docker-compose

# chmod + x / usr/local/bin/docker-compose

2. Install docker

The docker driver of Harbor version 1.9 requires at least 18.03. please install it yourself.

3. Download the Harbor installation package

Search for Harbor on Github

4. Modify harbor configuration

Modify haribor.yml

If you log in using IP, you need to change it to IP address, and you need to change it to domain name. Here Harbor uses http mode. If you want to change it to https access, you need to modify the key configuration.

Harbor uses non-secure authentication. Docker needs to modify the security configuration so that the newcomer is not secure, otherwise the mirror package cannot be uploaded.

The docker.service configuration is as follows

5. Harbor effect. Upload image normally.

II. Git warehouse

It is recommended to use Gitlab graphical tool for easy management.

1. Initialize the Git server

Download git

# yum install git-y

# useradd git

# groupadd git

# su-git switch to git user to create a repository

# mkdir tomcat-java-demo

# cd tomcat-java-demo

# git init-- bare initializes git

# initialization of git server is complete

2. Upload the code to the Git warehouse

Extract the java demo code

# unzip tomcat-java-demo.zip

# cd tomcat-java-demo

# git init initializes client git and prepares to upload code to remote server

# git add. Add code to the local git repository

# git commit-m 'test'

# git remote add origin git@172.30.0.89:/home/git/tomcat-java-demo sets git repository as a remote client

# git push origin master upload code to remote client master branch

Verify that the code is uploaded properly:

Recreate a directory, initialize git, and pull the code

# mkdir test & & cd test

# git init & & git remote add origin git@172.30.0.89:/home/git/tomcat-java-demo

# git pull origin master

The code was pulled successfully, and the uploaded code is correct.

Upload the code to the specified branch, such as 1.0.0

Create a 1.0.0 branch locally, switch to 1.0.0 branch, because the default is in the master branch, and then upload the code to the remote 1.0.0 branch

# git branch 1.0.0 create 1.0.0 branch

# git checkout 1.0.0 switch to 1.0.0 branch

# git push origin 1.0.0 Code uploaded to remote 1.0.0

You will see an extra 1.0.0 branch on the remote git server

III. Jenkins deployment

1. Deploy Jenkins master

[root@k8s-master1 jenkins] # cat jenkins.yml

ApiVersion: apps/v1

Kind: StatefulSet

Metadata:

Name: jenkins

Labels:

Name: jenkins

Spec:

ServiceName: jenkins

Replicas: 1

UpdateStrategy:

Type: RollingUpdate

Selector:

MatchLabels:

Name: jenkins

Template:

Metadata:

Name: jenkins

Labels:

Name: jenkins

Spec:

TerminationGracePeriodSeconds: 10

ServiceAccountName: jenkins

# imagePullSecrets:

#-name: registry-pull-secret

NodeName: k8s-master1

Containers:

-name: jenkins

Image: jenkins/jenkins:lts

ImagePullPolicy: IfNotPresent

Ports:

-containerPort: 8080

-containerPort: 50000

Resources:

Limits:

Cpu: 1

Memory: 1Gi

Requests:

Cpu: 0.5

Memory: 500Mi

Env:

-name: LIMITS_MEMORY

ValueFrom:

ResourceFieldRef:

Resource: limits.memory

Divisor: 1Mi

-name: JAVA_OPTS

# value:-XX:+UnlockExperimentalVMOptions-XX:+UseCGroupMemoryLimitForHeap-XX:MaxRAMFraction=1-XshowSettings:vm-Dhudson.slaves.NodeProvisioner.initialDelay=0-Dhudson.slaves.NodeProvisioner.MARGIN=50-Dhudson.slaves.NodeProvisioner.MARGIN0=0.85

Value:-Xmx$ (LIMITS_MEMORY) m-XshowSettings:vm-Dhudson.slaves.NodeProvisioner.initialDelay=0-Dhudson.slaves.NodeProvisioner.MARGIN=50-Dhudson.slaves.NodeProvisioner.MARGIN0=0.85

VolumeMounts:

-name: data

MountPath: / var/jenkins_home

SecurityContext:

FsGroup: 1000

Volumes:

-name: data

HostPath:

Path: / app/jenkins

-

ApiVersion: v1

Kind: Service

Metadata:

Name: jenkins

Spec:

Type: NodePort

Selector:

Name: jenkins

Ports:

-

Name: http

Port: 80

TargetPort: 8080

Protocol: TCP

NodePort: 30009

-

Name: agent

Port: 50000

Protocol: TCP

Authorize the jenkins container

[root@k8s-master1 jenkins] # cat rbac.yaml

# In GKE need to get RBAC permissions first with

# kubectl create clusterrolebinding cluster-admin-binding-clusterrole=cluster-admin [--user= |-- group=]

-

ApiVersion: v1

Kind: ServiceAccount

Metadata:

Name: jenkins

-

Kind: Role

ApiVersion: rbac.authorization.k8s.io/v1beta1

Metadata:

Name: jenkins

Rules:

-apiGroups: ["]

Resources: ["pods"]

Verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]

-apiGroups: ["]

Resources: ["pods/exec"]

Verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]

-apiGroups: ["]

Resources: ["pods/log"]

Verbs: ["get", "list", "watch"]

-apiGroups: ["]

Resources: ["secrets"]

Verbs: ["get"]

-

ApiVersion: rbac.authorization.k8s.io/v1beta1

Kind: RoleBinding

Metadata:

Name: jenkins

RoleRef:

ApiGroup: rbac.authorization.k8s.io

Kind: Role

Name: jenkins

Subjects:

-kind: ServiceAccount

Name: jenkins

# kubectl apply-f rbac.yaml

# kubectl apply-f jenkins.yaml

Visit the http://172.30.0.109:30009 to open the Jenkins web page, install the plug-ins by default, and then go to the plug-in management page to install the required plug-ins.

2. Jenkins system configuration

① integrates Kubernetes into Jenkins

In the system settings managed by the system, modify the configuration

After modification, you can test the connection in the lower right corner.

② downloads plug-ins for Jenkins and Kubernetes integration

In plug-in management of system management

Kubernetes

Kubernetes Continuous Deploy

Extended Choice Parameter

③ configuration Git repository access key and kubeconfig configuration used by Jenkins containers to access Kubernetes

In credential

To access the key of the Git server, you only need to log in from the Jenkins server to Git, and copy the private key of the server where Jenkins is located to the above location to realize the secret login of the code pull process.

Copy the K8S cluster / root/.kube/config file to the above area so that Jenkins can access the K8S cluster and deploy pod

3 、 Jenkins slave

Build Jenkins Slave, and then call JnekinsFile through Pipline pipeline on Jenkins for publishing operation.

Jenkins Slave Dockerfile:

Build an image

# docker build-t 172.30.0.109/wujqc/jenkins-slave:lts-f dockerfile-jenkins-slave.

Upload to Harbor

# docker login 172.30.0.109

Enter the harbor administrator account password to log in

# docker push 172.30.0.109/wujqc/jenkins-slave:lts

4. Create Pipline to publish Java project to K8S environment

① creates an assembly line project

② setting Parametric Construction

You can use tags, character parameters to specify code branches, Branch and other ways to pull the code at the specified location of Git,Gitlab and compile it. Here, character parameters are used to specify code branches.

③ configure Pipline pipeline

Set the git address and configure the login-free key that can pull git (previously configured)

Use the character parameter Tag to get the branch of the code you want to compile, such as 1.0.0, load the variable origin/1.0.0 pull code, read JenkinsFile in the pulled code for the next step of Jenkins Slave maven construction, image construction, K8S deploy operation

It can be said that in the entire Jenkins project, the ${Tag} version is used to pull the JenkinsFile and code of the specified branch, and on this basis, the pipelined deployment is carried out. What is encapsulated in JenkinsFile is the entire packaging and compilation, pulling the dockerfile,deploy.yaml of the specified service, building the image, uploading the image, and deploying the pipeline operation of K8S deploy.yaml.

Note: JenkinsFile needs to be in the git code path, otherwise Jenkins will not recognize it and will report to NotFoundFile

The JenkinsFile file is as follows:

Note: these two ID need to be replaced with the git,kubeconfig key ID above the Jenkins

Because Jenkins Slave needs to go to Docker for image construction and upload operation, docker is mounted into Jenkins Slave so that it can use

Download Deploy File operation is to distinguish between different system services and micro-service modules. Because different service modules may have different deploy.yaml and Dockerfile, it is necessary to have a unified management path to obtain these two files to facilitate management. You only need to mount the directory to Jenkins Slave. This path can be used by NFS, which is not recommended in production for convenience in hostpath.

5. Start the Pipline project and enter the branch number 1.0.0

Built successfully!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.