持续集成和部署(Jenkins)
当前
k8s
集群信息
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane,master 47h v1.23.5
node1 Ready <none> 47h v1.23.5
node2 Ready <none> 47h v1.23.5
[root@master ~]# helm version
version.BuildInfo{Version:"v3.8.2", GitCommit:"6e3701edea09e5d55a8ca2aae03a68917630e91b", GitTreeState:"clean", GoVersion:"go1.17.5"}
一. Chart版本3.11.10
1.1 搜索
# 添加repo
helm repo add jenkins https://charts.jenkins.io
helm repo update
[root@master helm]# helm search repo jenkins/jenkins
NAME CHART VERSION APP VERSION DESCRIPTION
jenkins/jenkins 3.11.10 2.332.2 Jenkins - Build great things at any scale! The ...
1.2 my-values.yaml
本地自定义域名
cat <<EOF> my-values.yaml
controller:
image: "registry.cn-shanghai.aliyuncs.com/wanfei/jenkins"
# tag: "2.332.2-jdk11"
tagLabel: jdk11
imagePullPolicy: "IfNotPresent"
adminUser: "admin"
adminPassword: "www19930327"
ingress:
enabled: true
apiVersion: "networking.k8s.io/v1"
ingressClassName: nginx
hostName: jenkins.tophant.wang
persistence:
enabled: true
storageClass: "nfs-storage"
size: "2Gi"
EOF
线上真实域名(https
)
cat <<EOF> my-values.yaml
controller:
image: "registry.cn-shanghai.aliyuncs.com/wanfei/jenkins"
# tag: "2.332.2-jdk11"
tagLabel: jdk11
imagePullPolicy: "IfNotPresent"
adminUser: "admin"
adminPassword: "www19930327"
ingress:
enabled: true
annotations:
kubernetes.io/tls-acme: "true"
apiVersion: "networking.k8s.io/v1"
ingressClassName: nginx
hostName: jenkins.wanfei.wang
tls:
- secretName: jenkins-tls
hosts:
- jenkins.wanfei.wang
persistence:
enabled: true
storageClass: "nfs-storage"
size: "2Gi"
EOF
1.3 部署
helm install jenkins jenkins/jenkins --version 3.11.10 -f my-values.yaml
# 卸载
helm uninstall jenkins
1.4 验证部署
[root@master jenkins]# kubectl get pods | grep jenkins
jenkins-0 2/2 Running 0 47m
[root@master jenkins]# kubectl get svc | grep jenkins
jenkins ClusterIP 10.106.137.1 <none> 8080/TCP 49m
jenkins-agent ClusterIP 10.101.182.60 <none> 50000/TCP 49m
本地添加hosts
192.168.4.27 jenkins.tophant.wang
访问 http://jenkins.tophant.wang
如果忘记了密码,可以查看密码
kubectl exec --namespace default -it svc/jenkins -c jenkins -- /bin/cat /run/secrets/chart-admin-password && echo
输入账号密码 admin/www19930327
1.5 安装中文插件
搜索Localization: Chinese (Simplified)
,点第二个
安装后重启(勾选Restart
)
1.6 添加gitee凭据
等会儿测试需要从码云(
gitee
)下载代码
1.6.1 安装gitee
插件
搜索gitee
,点第二个
1.6.2 配置gitee
私钥
点击【系统管理】-【管理凭据】,点击如下图【Jenkins】
点击【全局凭据】
点击【增加凭据】
此时去复制gitee
私钥,登录gitee
后,点击头像,然后点击【设置】,点击【私人令牌】,然后点击【生成新的令牌】
填写令牌描述,然后根据实际需求选择权限,点击提交
输入gitee密码验证
回到打开的新增凭据页面,选择【Gitee API 令牌】,然后将上个步骤拷贝的私钥粘贴到此处,然后增加描述内容,点击确定即可
此时Gitee
私钥就添加完成了
1.6.3 Gitee
插件配置
点击【系统管理】-【系统配置】
找到Gitee配置
,链接名自定义,比如Gitee
,域名填写 https://gitee.com
,证书令牌选择步骤1中增加的凭据,点开【高级】,勾选忽略SSL检查
,然后点击【测试连接】,如下显示成功即OK
如果
测试连接
一直报错,需要安装jersey 2 API
插件,然后就可以了
参考 https://blog.csdn.net/m0_65787443/article/details/123031292
1.6.4 添加gitee
账号凭据
1.6.5 创建一个从gitee
拉取代码任务
然后点击立即构建
可以看到创建了一个Agent default-0k406
去执行任务
1.7 流水线部署
1.7.1 配置集群
kubernetes
插件默认安装了
点击【系统管理】 -> 【节点管理】
点击【Configure Clouds】,发现默认都配置好了,点击连接测试成功
查看默认的标签jenkins-jenkins-agent
1.7.2 流水线任务
流水线脚本
node('jenkins-jenkins-agent'){
stage("clone 代码"){
echo "代码 clone"
}
stage("代码构建"){
echo "代码构建"
}
stage("代码测试"){
echo "代码测试"
}
stage("代码部署"){
echo "代码部署"
}
}
1.8 Jenkinsfile
流水线部署
创建protal-dev
流水线任务
配置gitee
项目,项目里面必须要有Jenkinsfile
文件
项目结构如下
script
:里面包含docker
构建镜像push
镜像脚本和chart
模板Jenkinsfile
:流水线过程
因为上面引用了maven-pvc
,所以需要创建,用来存储maven
jar
包
cat <<EOF> maven-pvc.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: maven-pv
spec:
capacity:
storage: 4Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Delete
nfs:
server: 192.168.4.27
path: /nfsdata
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: maven-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 4Gi
EOF
kubectl apply -f maven-pvc.yaml
当前
StorageClass
不能有默认的,否则会自动创建pv
,不使用上面的pv
点击立即构建
创建了一个Pod: kubernetes default/slave-26c42db4-79ad-49ab-89c8-e7cdf41b501a-z5frp-0vds3
执行当前部署,部署完成之后自动删除maven
下载的jar
包存储路径
[root@master jenkins]# ls /nfsdata/repository/
com commons-io io org
1.9 错误
流水线错误
Error: UPGRADE FAILED: query: failed to query with labels: secrets is forbidden: User "system:serviceaccount:default:default" cannot list resource "secrets" in API group "" in the namespace "default"
解决
没有权限。可以赋cluster-admin
权限--serviceaccount={namespace}:default
kubectl create clusterrolebinding default-permissive-binding --clusterrole=cluster-admin --serviceaccount=default:default
1.10 时区设置
安装之后发现时区不对,设置,点击【三角】 -> 【设置】
最下面找到上海
时区
二. Chart版本4.1.1
2.1 搜索
[root@master jenkins]# helm search repo jenkins/jenkins
NAME CHART VERSION APP VERSION DESCRIPTION
jenkins/jenkins 4.1.1 2.332.3 Jenkins - Build great things at any scale! The ...
2.2 my-values.yaml
cat <<EOF> my-values.yaml
controller:
image: "registry.cn-shanghai.aliyuncs.com/wanfei/jenkins"
# tag: "2.332.3-jdk11"
tagLabel: jdk11
imagePullPolicy: "IfNotPresent"
adminUser: "admin"
adminPassword: "www19930327"
resources:
requests:
cpu: "50m"
memory: "256Mi"
limits:
cpu: "2000m"
# 服务器内存小,4096Mi修改为1024Mi
memory: "1024Mi"
ingress:
enabled: true
annotations:
kubernetes.io/tls-acme: "true"
apiVersion: "networking.k8s.io/v1"
ingressClassName: nginx
hostName: jenkins.wanfei.wang
tls:
- secretName: jenkins-tls
hosts:
- jenkins.wanfei.wang
persistence:
enabled: true
storageClass: "nfs-storage"
size: "2Gi"
EOF
2.3 部署
helm install jenkins jenkins/jenkins --version 4.1.1 -f my-values.yaml
等几分钟
2.4 修改时区注意
如果提示这个
上面输入两次密码再点击应用
- 点赞
- 收藏
- 关注作者
评论(0)