k8s cicd
环境
- centos7 + jenkins2.361.3(裸机安装) + gitlab(裸机安装) + harbor(k8s安装)
注意
- 在裸机安装jenkins高版本的时候需要安装java11
- 在实现cicd的时候git版本需要高一点的,我的是2.31.1
安装完jenkins,需要的配置
1.需要设置授权策略为允许登录的用户做任何事,否则jenkins会显示权限不足报403
2.点掉授权
3.jenkins新建一个自由风格的项目,配置镜像版本参数,也可忽略此步骤
4.填写gitlab项目地址,这里可以用免秘钥的行驶通过ssh去拉取,或者配置认证,我这里是ssh
5.记录这个地址,稍后在配置gitlab webhook的时候需要用到
6.通过shell完成cicd
7.test.sh内容如下:
[root@minikube-k8s mytest01]# cat test.sh #!/bin/bash echo "=========================================" docker login 192.168.28.151:30002 --username=admin --password=Harbor12345 docker build -t 192.168.28.151:30002/test01/nginx:$tag ./ docker push 192.168.28.151:30002/test01/nginx:$tag ssh root@192.168.28.151 kubectl apply -f /root/myapp.yaml echo "========================================="
8.myapp.yaml内容如下:
[root@minikube-k8s mytest01]# cat myapp.yaml apiVersion: apps/v1 kind: Deployment metadata: name: mynginx1 namespace: default spec: replicas: 2 selector: matchLabels: app: mynginx template: metadata: labels: app: mynginx spec: containers: - name: nginx image: 192.168.28.151:30002/test01/nginx:v1 ports: - name: http containerPort: 80
安装完gitlab需要的配置
1.新建一个gitlab项目
2.创建gitlab webhook
3.点击test push event测试
4.设置ssh免密登录
测试
尝试push到仓库,然后查看jenkins任务执行情况如下:
Started by GitLab push by Administrator Running as SYSTEM Building in workspace /var/lib/jenkins/workspace/mytest01 The recommended git tool is: NONE No credentials specified > git rev-parse --resolve-git-dir /var/lib/jenkins/workspace/mytest01/.git # timeout=10 Fetching changes from the remote Git repository > git config remote.origin.url git@192.168.28.151:root/mytest01.git # timeout=10 Fetching upstream changes from git@192.168.28.151:root/mytest01.git > git --version # timeout=10 > git --version # 'git version 2.31.1' > git fetch --tags --force --progress -- git@192.168.28.151:root/mytest01.git +refs/heads/*:refs/remotes/origin/* # timeout=10 > git rev-parse remotes/origin/master^{commit} # timeout=10 > git branch -a -v --no-abbrev --contains b26f23e4526ea9ca717a5d9df5c6776153460d61 # timeout=10 Checking out Revision b26f23e4526ea9ca717a5d9df5c6776153460d61 (origin/master) > git config core.sparsecheckout # timeout=10 > git checkout -f b26f23e4526ea9ca717a5d9df5c6776153460d61 # timeout=10 Commit message: "v6" > git rev-list --no-walk b26f23e4526ea9ca717a5d9df5c6776153460d61 # timeout=10 [mytest01] $ /bin/sh -xe /tmp/jenkins2387672580940564012.sh + ./test.sh latest ========================================= WARNING! Using --password via the CLI is insecure. Use --password-stdin. WARNING! Your password will be stored unencrypted in /var/lib/jenkins/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded Sending build context to Docker daemon 127kB Step 1/3 : FROM nginx:latest ---> 605c77e624dd Step 2/3 : COPY index.html /usr/share/nginx/html ---> Using cache ---> b65ad20ce6d0 Step 3/3 : CMD ["/usr/sbin/nginx","-g","daemon off;"] ---> Using cache ---> 3e615f842d5f Successfully built 3e615f842d5f Successfully tagged 192.168.28.151:30002/test01/nginx:latest The push refers to repository [192.168.28.151:30002/test01/nginx] bc8838e7b453: Preparing d874fd2bc83b: Preparing 32ce5f6a5106: Preparing f1db227348d0: Preparing b8d6e692a25e: Preparing e379e8aedd4d: Preparing 2edcec3590a4: Preparing e379e8aedd4d: Waiting 2edcec3590a4: Waiting bc8838e7b453: Layer already exists d874fd2bc83b: Layer already exists b8d6e692a25e: Layer already exists f1db227348d0: Layer already exists 32ce5f6a5106: Layer already exists e379e8aedd4d: Layer already exists 2edcec3590a4: Layer already exists latest: digest: sha256:0ede8cc8c7643a4cd64df93db30f64df5541c6db86869652791e32f23805cf85 size: 1777 deployment.apps/mynginx1 unchanged ========================================= Finished: SUCCESS
查看pod是否创建ok
查看harbor镜像仓库是否已经有镜像上传
