jingzhaopan 2020-06-04
k8s安装直接跳过,用Kubeadm安装也比较简单
安装和配置 NFS
NFS简介
NFS(Network File System),它最大的功能就是可以通过网络,让不同的机器、不同的操作系统可以
共享彼此的文件。我们可以利用NFS共享Jenkins运行的配置文件、Maven的仓库依赖文件等
NFS安装直接跳过,之前博客也写过
[-master ~]# cat /etc/exports /opt/nfs/jenkins *(rw,no_root_squash) /opt/nfs/maven *(rw,no_root_squash) [ ~]# [ ~]# showmount -e 192.168.1.114 Export list for 192.168.1.114: /opt/nfs/maven * /opt/nfs/jenkins * [ ~]#
Kubernetes安装Jenkins-Master
创建NFS client provisioner
nfs-client-provisioner 是一个Kubernetes的简易NFS的外部provisioner,本身不提供NFS,需要现有
的NFS服务器提供存储。
1)上传nfs-client-provisioner构建文件
[ ~]# cd /wgr/ [ wgr]# ll total 0 drwxr-xr-x 5 root root 67 Jun 2 13:20 jenkins [ wgr]# cd jenkins/ [ jenkins]# ll total 0 drwxr-xr-x 2 root root 94 Jun 2 12:41 jenkins-master drwxr-xr-x 2 root root 81 Jun 2 13:20 jenkins-slave drwxr-xr-x 2 root root 64 Jun 2 12:19 nfs-client [ jenkins]# cd nfs-client/ [ nfs-client]# ll total 12 -rw-r--r-- 1 root root 225 Jun 2 12:19 class.yaml -rw-r--r-- 1 root root 983 Jun 2 12:19 deployment.yaml -rw-r--r-- 1 root root 1526 Jun 2 12:19 rbac.yaml [ nfs-client]#
执行
kubectl create -f .
安装Jenkins-Master
1)上传Jenkins-Master构建文件
2)创建kube-ops的namespace
因为我们把Jenkins-Master的pod放到kube-ops下
kubectl create namespace kube-ops
3)构建Jenkins-Master的pod资源
kubectl create -f .
4)查看pod是否创建成功
查看分配的端口
Jenkins与Kubernetes整合
安装Kubernetes插件
系统管理->插件管理->可选插件
实现Jenkins与Kubernetes整合
系统管理->系统配置->云->新建云->Kubernetes
kubernetes地址采用了kube的服务器发现: https://kubernetes.default.svc.cluster.local
namespace填kube-ops,然后点击Test Connection,如果出现 Connection test successful 的提
示信息证明 Jenkins 已经可以和 Kubernetes 系统正常通信
Jenkins URL 地址: http://jenkins.kube-ops.svc.cluster.local:8080
构建Jenkins-Slave自定义镜像
Jenkins-Master在构建Job的时候,Kubernetes会创建Jenkins-Slave的Pod来完成Job的构建。我们选择
运行Jenkins-Slave的镜像为官方推荐镜像:jenkins/jnlp-slave:latest,但是这个镜像里面并没有Maven
环境,为了方便使用,我们需要自定义一个新的镜像:
准备材料:
Dockerfile如下:
FROM jenkins/jnlp-slave:latest MAINTAINER itcast # 切换到 root 账户进行操作 USER root # 安装 maven COPY apache-maven-3.6.2-bin.tar.gz . RUN tar -zxf apache-maven-3.6.2-bin.tar.gz && mv apache-maven-3.6.2 /usr/local && rm -f apache-maven-3.6.2-bin.tar.gz && ln -s /usr/local/apache-maven-3.6.2/bin/mvn /usr/bin/mvn && ln -s /usr/local/apache-maven-3.6.2 /usr/local/apache-maven && mkdir -p /usr/local/apache-maven/repo COPY settings.xml /usr/local/apache-maven/conf/settings.xml USER jenkins
构建出一个新镜像: jenkins-slave-maven:latest
然把镜像上传到Harbor的公共库library中
生成凭证
[ maven]# kubectl create secret docker-registry registry-auth-secret --docker-server=192.168.1.120:8001 --docker-username=admin --docker-password=Harbor12345 secret/registry-auth-secret created [ maven]# kubectl get secret NAME TYPE DATA AGE default-token-d4gmj kubernetes.io/service-account-token 3 10d nfs-client-provisioner-token-rqxj2 kubernetes.io/service-account-token 3 21h qingcloud kubernetes.io/dockerconfigjson 1 10d registry-auth-secret kubernetes.io/dockerconfigjson 1 12s
建立k8s认证凭证
流水线
def git_address ="http://192.168.1.120:88/dalianpai_group/tensquare_back_k8s.git" def git_auth = "cc7c6270-03bf-4fe2-9ee3-a5e4d391e0d3" //构建版本的名称 def tag = "latest" //Harbor私服地址 def harbor_url = "192.168.1.120:8001" //Harbor的项目名称 def harbor_project_name = "tensquare_k8s" //Harbor的凭证 def harbor_auth = "b00af28a-e611-41b7-b123-88e99e457839" def secret_name = "registry-auth-secret" //Harbor的凭证 def k8s_auth="3d37d57b-d05b-4416-b9cb-313874e00162" podTemplate(label: ‘jenkins-slave‘, cloud: ‘kubernetes‘, containers: [ containerTemplate( name: ‘jnlp‘, image: "192.168.1.120:8001/library/jenkins-slave-maven:latest" ), containerTemplate( name: ‘docker‘, image: "docker:stable", ttyEnabled: true, command: ‘cat‘ ), ], volumes: [ hostPathVolume(mountPath: ‘/var/run/docker.sock‘, hostPath:‘/var/run/docker.sock‘), nfsVolume(mountPath: ‘/usr/local/apache-maven/repo‘, serverAddress:‘192.168.1.114‘ , serverPath: ‘/opt/nfs/maven‘), ], ) { node("jenkins-slave"){ // 第一步 stage(‘拉取代码‘){ checkout([$class: ‘GitSCM‘, branches: [[name: ‘${branch}‘]],userRemoteConfigs: [[credentialsId: "${git_auth}", url: "${git_address}"]]]) } // 第二步 stage(‘编译,安装公共子工程‘) { sh "mvn -f tensquare_common clean install" } // 第三步 stage(‘构建镜像,部署项目‘){ //把选择的项目信息转为数组 def selectedProjects = "${project_name}".split(‘,‘) for(int i=0;i<selectedProjects.size();i++){ //取出每个项目的名称和端口 def currentProject = selectedProjects[i]; //项目名称 def currentProjectName = currentProject.split(‘@‘)[0] //项目启动端口 def currentProjectPort = currentProject.split(‘@‘)[1] //定义镜像名称 def imageName = "${currentProjectName}:${tag}" //编译,构建本地镜像 sh "mvn -f ${currentProjectName} clean package dockerfile:build" container(‘docker‘) { //给镜像打标签 sh "docker tag ${imageName} ${harbor_url}/${harbor_project_name}/${imageName}" //登录Harbor,并上传镜像 withCredentials([usernamePassword(credentialsId: "${harbor_auth}", passwordVariable: ‘password‘, usernameVariable: ‘username‘)]){ //登录 sh "docker login -u ${username} -p ${password} ${harbor_url}" //上传镜像 sh "docker push ${harbor_url}/${harbor_project_name}/${imageName}" } //删除本地镜像 sh "docker rmi -f ${imageName}" sh "docker rmi -f ${harbor_url}/${harbor_project_name}/${imageName}" } def deploy_image_name = "${harbor_url}/${harbor_project_name}/${imageName}" //部署到K8S sh """ sed -i ‘s#\$IMAGE_NAME#${deploy_image_name}#‘ ${currentProjectName}/deploy.yml sed -i ‘s#\$SECRET_NAME#${secret_name}#‘ ${currentProjectName}/deploy.yml """ kubernetesDeploy configs: "${currentProjectName}/deploy.yml",kubeconfigId: "${k8s_auth}" } } } }
最后的效果
###host字段指定授权使用该证书的etcd节点IP或子网列表,需要将etcd集群的3个节点都添加其中。cp etcd-v3.3.13-linux-amd64/etcd* /opt/k8s/bin/