k8s的CICD实施项目

news/2025/2/13 5:34:57/

环境需求:
目前领导需要做一个需求,临时把我从运维岗位,把我调度到到专家组让我主导cicd的项目实施
目前环境资源
k8s环境,28台服务器,上面是k8s集群,要实施一个测试环境的cicd以及一个生产环境的cicd
gitlab代码服务器
jenkins服务器
镜像仓库采用的是ACR仓库

一、部署jenkins服务器

mkdir /data/jenkins_data -p
chmod -R 777 /data/jenkins_data
docker run -d --name=jenkins --restart=always -e  \
JENKINS_PASSWORD=admin123 -e JENKINS_USERNAME=admin -e   \
JENKINS_HTTP_PORT_NUMBER=8080 -p 8080:8080 -p 50000:50000 -v   \
/data/jenkins_data:/bitnami/jenkins   bitnami/jenkins:2.479.2-debian-12-r0

访问的时候用
http://192.168.8.9:9090
输入账号密码 admin/admin123 进行访问
在这里插入图片描述
按照对应的插件

Git
Git Parameter
Git Pipeline for Blue Ocean
GitLab
Credentials
Credentials Binding
Blue Ocean
Blue Ocean Pipeline Editor
Blue Ocean Core JS
Pipeline SCM API for Blue Ocean
Dashboard for Blue Ocean
Build With Parameters
Dynamic Extended Choice Parameter Plug-In
Dynamic Parameter Plug-in
Extended Choice Parameter
List Git Branches Parameter
Pipeline
Pipeline: Declarative
Kubernetes
Kubernetes CLI
Kubernetes Credentials
Image Tag Parameter
Active Choices

二、部署gitlab服务器
gitlab相关的软件包在清华源可以找到

yum -y install gitlab-ce

三、部署harbor的镜像仓库

jenkinsfile不带审批功能

#没有添加审批都是可用过的-已测试过
pipeline {agent {kubernetes {cloud 'study-kubernetes'slaveConnectTimeout 1200workspaceVolume hostPathWorkspaceVolume(hostPath: "/opt/workspace", readOnly: false)yaml '''
apiVersion: v1
kind: Pod
spec:containers:- args: [\'$(JENKINS_SECRET)\', \'$(JENKINS_NAME)\']image: 'registry.cn-beijing.aliyuncs.com/dotbalo/jnlp-agent-docker:latest'name: jnlpimagePullPolicy: IfNotPresentvolumeMounts:- mountPath: "/etc/localtime"name: "localtime"readOnly: false- command:- "cat"env:- name: "LANGUAGE"value: "en_US:en"- name: "LC_ALL"value: "en_US.UTF-8"- name: "LANG"value: "en_US.UTF-8"image: "registry.cn-beijing.aliyuncs.com/citools/maven:3.5.3"imagePullPolicy: "IfNotPresent"name: "build"tty: truevolumeMounts:- mountPath: "/etc/localtime"name: "localtime"- mountPath: "/root/.m2/"name: "cachedir"readOnly: false- command:- "cat"env:- name: "LANGUAGE"value: "en_US:en"- name: "LC_ALL"value: "en_US.UTF-8"- name: "LANG"value: "en_US.UTF-8"image: "registry.cn-beijing.aliyuncs.com/citools/kubectl:self-1.17"imagePullPolicy: "IfNotPresent"name: "kubectl"tty: truevolumeMounts:- mountPath: "/etc/localtime"name: "localtime"readOnly: false- command:- "cat"env:- name: "LANGUAGE"value: "en_US:en"- name: "LC_ALL"value: "en_US.UTF-8"- name: "LANG"value: "en_US.UTF-8"image: "registry.cn-beijing.aliyuncs.com/citools/docker:19.03.9-git"imagePullPolicy: "IfNotPresent"name: "docker"tty: truevolumeMounts:- mountPath: "/etc/localtime"name: "localtime"readOnly: false- mountPath: "/var/run/docker.sock"name: "dockersock"readOnly: falserestartPolicy: "Never"nodeSelector:build: "true"securityContext: {}volumes:- hostPath:path: "/var/run/docker.sock"name: "dockersock"- hostPath:path: "/usr/share/zoneinfo/Asia/Shanghai"name: "localtime"- name: "cachedir"hostPath:path: "/opt/m2"
'''}
}stages {stage('Pulling Code') {parallel {stage('Pulling Code by Jenkins') {when {expression {env.gitlabBranch == null}}steps {git(changelog: true, poll: true, url: 'git@192.168.8.8:dev/spring-boot-project.git', branch: "${BRANCH}", credentialsId: 'gitlab-key')script {COMMIT_ID = sh(returnStdout: true, script: "git log -n 1 --pretty=format:'%h'").trim()TAG = BUILD_TAG + '-' + COMMIT_IDprintln "Current branch is ${BRANCH}, Commit ID is ${COMMIT_ID}, Image TAG is ${TAG}"}}}stage('Pulling Code by trigger') {when {expression {env.gitlabBranch != null}}steps {git(url: 'git@192.168.8.8:dev/spring-boot-project.git', branch: env.gitlabBranch, changelog: true, poll: true, credentialsId: 'gitlab-key')script {COMMIT_ID = sh(returnStdout: true, script: "git log -n 1 --pretty=format:'%h'").trim()TAG = BUILD_TAG + '-' + COMMIT_IDprintln "Current branch is ${BRANCH}, Commit ID is ${COMMIT_ID}, Image TAG is ${TAG}"}}}}}stage('Building') {steps {container(name: 'build') {sh """mvn clean install -DskipTests"""}}}stage('Docker build for creating image') {environment {HARBOR_USER     = credentials('HARBOR_ACCOUNT')}steps {container(name: 'docker') {sh """echo ${HARBOR_USER_USR} ${HARBOR_USER_PSW} ${TAG}docker build -t ${HARBOR_ADDRESS}/${REGISTRY_DIR}/${IMAGE_NAME}:${TAG} .docker login -u ${HARBOR_USER_USR} -p ${HARBOR_USER_PSW} ${HARBOR_ADDRESS}docker push ${HARBOR_ADDRESS}/${REGISTRY_DIR}/${IMAGE_NAME}:${TAG}"""}}}stage('Deploying to K8s') {environment {MY_KUBECONFIG = credentials('study-k8s-kubeconfig')}steps {container(name: 'kubectl'){sh """/usr/local/bin/kubectl --kubeconfig $MY_KUBECONFIG set image deploy -l app=${IMAGE_NAME} ${IMAGE_NAME}=${HARBOR_ADDRESS}/${REGISTRY_DIR}/${IMAGE_NAME}:${TAG} -n $NAMESPACE"""}}}}environment {COMMIT_ID = ""HARBOR_ADDRESS = "192.168.8.101"REGISTRY_DIR = "dev"IMAGE_NAME = "spring-boot-project"NAMESPACE = "dev"TAG = ""}parameters {gitParameter(branch: '', branchFilter: 'origin/(.*)', defaultValue: '', description: 'Branch for build and deploy', name: 'BRANCH', quickFilterEnabled: false, selectedValue: 'NONE', sortMode: 'NONE', tagFilter: '*', type: 'PT_BRANCH')}
}

Jenkins带审批功能

已测试过的
pipeline {agent {kubernetes {cloud 'study-kubernetes'slaveConnectTimeout 1200workspaceVolume hostPathWorkspaceVolume(hostPath: "/opt/workspace", readOnly: false)yaml '''
apiVersion: v1
kind: Pod
spec:containers:- args: [\'$(JENKINS_SECRET)\', \'$(JENKINS_NAME)\']image: 'registry.cn-beijing.aliyuncs.com/dotbalo/jnlp-agent-docker:latest'name: jnlpimagePullPolicy: IfNotPresentvolumeMounts:- mountPath: "/etc/localtime"name: "localtime"readOnly: false- command:- "cat"env:- name: "LANGUAGE"value: "en_US:en"- name: "LC_ALL"value: "en_US.UTF-8"- name: "LANG"value: "en_US.UTF-8"image: "registry.cn-beijing.aliyuncs.com/citools/maven:3.5.3"imagePullPolicy: "IfNotPresent"name: "build"tty: truevolumeMounts:- mountPath: "/etc/localtime"name: "localtime"- mountPath: "/root/.m2/"name: "cachedir"readOnly: false- command:- "cat"env:- name: "LANGUAGE"value: "en_US:en"- name: "LC_ALL"value: "en_US.UTF-8"- name: "LANG"value: "en_US.UTF-8"image: "registry.cn-beijing.aliyuncs.com/citools/kubectl:self-1.17"imagePullPolicy: "IfNotPresent"name: "kubectl"tty: truevolumeMounts:- mountPath: "/etc/localtime"name: "localtime"readOnly: false- command:- "cat"env:- name: "LANGUAGE"value: "en_US:en"- name: "LC_ALL"value: "en_US.UTF-8"- name: "LANG"value: "en_US.UTF-8"image: "registry.cn-beijing.aliyuncs.com/citools/docker:19.03.9-git"imagePullPolicy: "IfNotPresent"name: "docker"tty: truevolumeMounts:- mountPath: "/etc/localtime"name: "localtime"readOnly: false- mountPath: "/var/run/docker.sock"name: "dockersock"readOnly: falserestartPolicy: "Never"nodeSelector:build: "true"securityContext: {}volumes:- hostPath:path: "/var/run/docker.sock"name: "dockersock"- hostPath:path: "/usr/share/zoneinfo/Asia/Shanghai"name: "localtime"- name: "cachedir"hostPath:path: "/opt/m2"
'''}
}stages {stage('Pulling Code') {parallel {stage('Pulling Code by Jenkins') {when {expression {env.gitlabBranch == null}}steps {git(changelog: true, poll: true, url: 'git@192.168.8.8:dev/spring-boot-project.git', branch: "${BRANCH}", credentialsId: 'gitlab-key')script {COMMIT_ID = sh(returnStdout: true, script: "git log -n 1 --pretty=format:'%h'").trim()TAG = BUILD_TAG + '-' + COMMIT_IDprintln "Current branch is ${BRANCH}, Commit ID is ${COMMIT_ID}, Image TAG is ${TAG}"}}}stage('Pulling Code by trigger') {when {expression {env.gitlabBranch != null}}steps {git(url: 'git@192.168.8.8:dev/spring-boot-project.git', branch: env.gitlabBranch, changelog: true, poll: true, credentialsId: 'gitlab-key')script {COMMIT_ID = sh(returnStdout: true, script: "git log -n 1 --pretty=format:'%h'").trim()TAG = BUILD_TAG + '-' + COMMIT_IDprintln "Current branch is ${BRANCH}, Commit ID is ${COMMIT_ID}, Image TAG is ${TAG}"}}}}}stage('Building') {steps {container(name: 'build') {sh """mvn clean install -DskipTests"""}}}stage('Docker build for creating image') {environment {HARBOR_USER     = credentials('HARBOR_ACCOUNT')}steps {container(name: 'docker') {sh """echo ${HARBOR_USER_USR} ${HARBOR_USER_PSW} ${TAG}docker build -t ${HARBOR_ADDRESS}/${REGISTRY_DIR}/${IMAGE_NAME}:${TAG} .docker login -u ${HARBOR_USER_USR} -p ${HARBOR_USER_PSW} ${HARBOR_ADDRESS}docker push ${HARBOR_ADDRESS}/${REGISTRY_DIR}/${IMAGE_NAME}:${TAG}"""}}}stage('Deploying to K8s') {environment {MY_KUBECONFIG = credentials('study-k8s-kubeconfig')}steps {container(name: 'kubectl'){sh """/usr/local/bin/kubectl --kubeconfig $MY_KUBECONFIG set image deploy -l app=${IMAGE_NAME} ${IMAGE_NAME}=${HARBOR_ADDRESS}/${REGISTRY_DIR}/${IMAGE_NAME}:${TAG} -n $NAMESPACE"""}}}}environment {COMMIT_ID = ""HARBOR_ADDRESS = "192.168.8.101"REGISTRY_DIR = "dev"IMAGE_NAME = "spring-boot-project"NAMESPACE = "dev"TAG = ""}parameters {gitParameter(branch: '', branchFilter: 'origin/(.*)', defaultValue: '', description: 'Branch for build and deploy', name: 'BRANCH', quickFilterEnabled: false, selectedValue: 'NONE', sortMode: 'NONE', tagFilter: '*', type: 'PT_BRANCH')}
}

http://www.ppmy.cn/news/1564898.html

相关文章

Node.js 完全教程:从入门到精通

Node.js 完全教程:从入门到精通 Node.js 是一个基于 Chrome V8 引擎的 JavaScript 运行环境,允许开发者在服务器端使用 JavaScript。它的非阻塞 I/O 和事件驱动架构使得 Node.js 非常适合于构建高性能的网络应用。本文将详细介绍 Node.js 的安装、基本语…

web3.0 开发实践

优质博文:IT-BLOG-CN 一、简介 Web3.0也称为去中心化网络,是对互联网未来演进的一种概念性描述。它代表着对现有互联网的下一代版本的设想和期望。Web3.0的目标是通过整合区块链技术、分布式系统和加密技术等新兴技术,构建一个更加去中心化…

24V过压保护、反接保护电路分享

电路图如上图所示。 1、防反接电路详解 防反接电路采用N沟道MOS管来实现,DZ17的作用是将G级电压钳位到9.1V,防止烧毁MOS换。 当电源连接正常是电流方向如下图,MOS管G极电压为9.1V,N沟道MOS打开,电流从S极正常流过到电…

三维扫描赋能文化:蔡司3D扫描仪让木质文化遗产焕发新生-沪敖3D

挪威文化历史博物馆在其修复工作中融入现代3D扫描技术,让数百年的历史焕发新生。 文化历史博物馆的工作 文化历史博物馆是奥斯陆大学的一个院系。凭借其在文化历史管理、研究和传播方面的丰富专业知识,该博物馆被誉为挪威博物馆研究领域的领先机构。馆…

实现二叉树_堆

一. 堆的实现 在上一节中我们知道了堆的数据结构,其实就是一种特殊的完全二叉树,堆的底层数据结构就是数组,所以我们就可以定义堆的结构: //定义堆的结构--数组 typedef int HPDataType; typedef struct Heap {HPDataType* arr;…

cmake 可使用的构建系统

cmake 可使用的构建系统 ChatGPT 说: ChatGPT CMake 支持多种构建系统,允许用户根据其开发环境选择适合的构建工具。以下是 CMake 常用的构建系统和生成器: 1. Visual Studio 系列 适用于 Windows 环境的 Visual Studio 构建系统&#xf…

加密容器检材处理

以2024数证杯初赛的题目为例: (本人第一次接触加密容器检材,所以有挺多猪鼻操作,请见谅) 题目信息: 检材提取码: ktf8 哈希校验值: 容器文件MD5值:4AAA79BA46C2065FC5C4D5DC97202F3D 挂载/…

浅谈计算机网络03 | 现代网络组成

现代网络组成 一 、网络生态体系1.1网络生态系统的多元主体1.2 网络接入设施的多样类型 二、现代网络的典型体系结构解析三、高速网络技术3.1 以太网技术3.2 Wi-Fi技术的深度剖析3.2.1 应用场景的多元覆盖3.2.2 标准升级与性能提升 3.3 4G/5G蜂窝网的技术演进3.3.1 蜂窝技术的代…