1、jenkins在k8s内部署(请参考其他人的文章)
2、jenkins安装kubenents相关插件
3、配置k8s云
非常重要,目的是实现jenkins可以远程调用k8s进行部署,并可实现安装jenkins-slave进行构建。使得不再依赖jenkins单机能力进行构建,比较适合一定规模的公司。
插件安装后,打开jenkins,点击系统管理-->系统配置-->Clouds,点击新增一个kubernetes。
具体配置见如下:
3.1 首先配置K8S地址
3.2 为K8S云创建Pod Templates
目的是在jenkins构建的时候,可以自动在K8S内创建一个POD服务于本次构建。
以JAVA为例,构建时需要使用maven并docker构建,然后连接至K8S Master进行远程发布。
在POD容器列表中放了2个Docker镜像,一个是Maven负责java的build,一个是jnlp创建一个jenkins的slave。
3.3 挂载存储卷
3.3.1、主要是把maven的repository挂载到宿主机上,以方便多次构建后复用。
3.3.2、宿主机上安装了docker,把docker命令挂载到K8S的POD内,使得POD具备了
docker in docker的能力,如此就可以在该POD内进行docker构建。
3.3.3、宿主机一般都是被K8S控制的Node,因此一般都装有kubernets,因此可以把kubectl命令关在到POD中,使得POD具备执行kubectl命令能力,以控制K8S。
请用如下代码给k8s内的jenkins账号授权
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
namespace: zo-jenkins
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: jenkins
namespace: zo-jenkins
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/portforward"]
verbs: ["*"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins
namespace: zo-jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
namespace: zo-jenkins
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: jenkinsClusterRole
namespace: zo-jenkins
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
- apiGroups: [ "apps" ]
resources: ["deployments"]
verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: jenkinsClusterRuleBinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: jenkinsClusterRole
subjects:
- kind: ServiceAccount
name: jenkins
namespace: zo-jenkins4、JAVA应用中增加pipeline脚本
#!groovy
pipeline {
agent {
kubernetes {
cloud "k8s-deploy" //选择名字是kubernetes1的cloud,这里不要修改
label "jenkins-slave"
//yamlFile '' //jenkins-slave部署文件位置,内容不要修改
}
}
stages {
stage('初始化环境') {
steps {
script {
env.APP_NAME = "report-server" //修改为自己的应用名称
env.APP_CODE = "https://codeup.aliyun.com/xxxxxxx/outsourced/excleToReport/xxx-xxxx.git"
env.CODE_BRANCH = "master" //修改为实际部署的分支
env.DOCKER_IMAGE_URL = "registry.cn-hangzhou.aliyuncs.com/xx-xx/xx-xxx" // 修改DOCKER镜像地址
env.DOCKER_TAG = "1.0.0"
env.K8S_NAME_SPACE = "zo-home-prd" // 修改应用在K8S内的实际部署的命名空间
}
}
}
stage('拉取代码') {
steps {
echo "1.Git Clone Code"
git branch: "$CODE_BRANCH", credentialsId: 'zo-git-yun', url: "$APP_CODE"
}
}
stage('maven构建') {
steps {
container('maven') {
sh 'mvn -s jenkins/settings.xml clean package -e -U -Dmaven.test.skip=true -Dautoconfig.skip'
}
}
}
stage('docker镜像构建') {
steps {
container('maven') { // maven容器确保与宿主机的docker实现docker in docker的能力
sh 'docker build -t $APP_NAME:$DOCKER_TAG .'
sh 'docker tag $APP_NAME:$DOCKER_TAG $DOCKER_IMAGE_URL:$DOCKER_TAG'
sh 'docker push $DOCKER_IMAGE_URL:$DOCKER_TAG'
}
}
}
// 部署到K8s
stage('K8S部署-开发环境') {
steps {
container('jenkins-jnlp-slave') {
withKubeConfig(serverUrl: 'https://192.168.10.200:6443') {// 这里配置K8S Master的API地址
echo 'begin k8s deploy!'
sh 'chmod 744 k8s/home-prd/deployment.sh'
sh 'k8s/home-prd/deployment.sh' // 执行部署
// --record 用作记录滚动更新的信息, 后面方便版本回退
//sh 'kubectl set image deployment/$APP_NAME $APP_NAME=$IMAGE_URL --namespace $NAME_SPACE --record'
}
}
}
}
}
options {
buildDiscarder(logRotator(numToKeepStr: '5', artifactNumToKeepStr: '5'))
}
}
