基于Kubernetes的DevOps平台实践

Jenkins初体验

Jenkins是一个开源的、提供友好操作界面的持续集成(CI)工具由Java编写

部署要点:

#获取管理员密码#
kubectl -n jenkins exec jenkins-master-0 bash 
cat /var/jenkins_home/secrets/initialAdminPassword   
#在插件管理中修改清华源,后重启Pod。#
https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json
#根据自己部署环境配置进行调优至少2C4G#
env:        
- name: JAVA_OPTS          
  value: "-Xms4096m -Xmx5120m -Duser.timezone=Asia/Shanghai -Dhudson.model.DirectoryBrowserSupport.CSP="

Jenkins+Gitlab+钉钉

Gitlab部署

#部署配置至少3C4G,痛的领悟#
docker run -d --hostname 192.168.188.9 -p 8443:443 -p 80:80 -p 8022:22 --
name gitlab --restart always -v /opt/gitlab/config:/etc/gitlab -v
/opt/gitlab/logs:/var/log/gitlab -v /opt/gitlab/data:/var/opt/gitlab
gitlab/gitlab-ce:latest

钉钉API

curl 'https://oapi.dingtalk.com/robot/send?access_token=xxxxxxxx' \
   -H 'Content-Type: application/json' \
   -d '{"msgtype": "text","text": {"content": "我就是我, 是不一样的烟火"}}'

实现流程图

1.png

Jenkins定制化容器

获取插件

#!/usr/bin/env bash
curl -sSL "http://admin:123456@localhost:8080/pluginManager/api/xml?
depth=1&xpath=/*/*/shortName|/*/*/version&wrapper=plugins" | perl -pe 's/.*?
<shortName>([\w-]+).*?<version>([^<]+)()(<\/\w+>)+/\1:\2\n/g'|sed 's/ /:/' >
 plugins.txt

Dockerfile

FROM jenkinsci/blueocean
COPY plugins.txt /usr/share/jenkins/ref/
RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt

构建

docker build . -t  192.168.188.8:5000/jenkins:v20210208 -f Dockerfile
docker push 192.168.188.8:5000/jenkins:v20210208

流水线入门

示例

pipeline {
    agent { label '192.168.188.8'}
    options {
        buildDiscarder(logRotator(numToKeepStr: '10'))
        disableConcurrentBuilds()
        timeout(time: 20, unit: 'MINUTES')
        gitLabConnection('gitlab')
}
    environment {
        IMAGE_REPO = "192.168.188.8:5000/myblog"
        DINGTALK_CREDS = credentials('dingTalk')
        TAB_STR = "\n
\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"
    }
    stages {
        stage('Checkout') {
            steps {
                checkout scm
                updateGitlabCommitStatus(name: env.STAGE_NAME, state: 'success')
                 script{
                     env.BUILD_TASKS = env.STAGE_NAME + "√..." + env.TAB_STR
                }
            }
        }
        stage('build-image') {
            steps {
                retry(2) { sh 'docker build . -t ${IMAGE_REPO}:${GIT_COMMIT}'}
            }
        }
        stage('push-image'){
            steps {
                retry(2) { sh 'docker push ${IMAGE_REPO}:${GIT_COMMIT}'}
            }
        }
        stage('Deploy') {
            steps {
                sh "sed -i 's{{IMAGE_URL}}#${IMAGE_REPO}:${GIT_COMMIT}#g'
deploy/*"
                timeout(time: 1, unit: 'MINUTES') {
                    sh "kubectl apply -f deploy/"
               }
            }
        }
    }   
    post {
        success {
             'Congratulations!'
             sh """
             curl 'https://oapi.dingtalk.com/robot/send?access_token=${DINGTALK_CREDS_PSW}' \
                 -H 'Content-Type: application/json' \
                 -d '{"msgtype": "text",
 "text":{
"content": "??构建成功??\n 关键字:luffy\n 项目
名称: ${JOB_BASE_NAME}\n Commit Id: ${GIT_COMMIT}\n 构建地址:${RUN_DISPLAY_URL}"
}
}'
                """
         }
        failure {
            echo 'Oh no!'
        }
        always {
            echo 'I will always say Hello again!'
        }
    }
}

工具集成与Jenkinsfile实践篇

集成Kubernetes

插件安装及配置

  1. [系统管理] -> [插件管理] -> [搜索kubernetes]->直接安装
    若安装失败,请先更新 bouncycastle API Plugin并重新启动Jenkins
  2. [系统管理] -> [系统配置] -> [Add a new cloud]
  3. 配置地址信息
    Kubernetes 地址: https://kubernetes.default(或者https://192.168.188.8:6443)
    Kubernetes 命名空间:jenkins
    连接测试,成功会提示:Connection test successful
    Jenkins地址:http://jenkins:8080
  4. 配置Pod Template
    名称:jnlp-slave
    命名空间:jenkins
    Jenkins 通道 :jenkins:50000
    标签列表:jnlp-slave,作为agent的label选择用
    连接 Jenkins 的超时时间(秒) :300
    节点选择器:agent=true
    工作空间卷:选择hostpath,设置/opt/jenkins_jobs/,注意需要设置chown -R 1000:1000 /opt/jenkins_jobs/权限,否则Pod没有权限

动态Slave Pod

docker pull jenkins/jnlp-slave:4.0.1-1 #Slave容器
#制作工具容器#
mkdir tools  
cp `which kubectl`  ./
cp ~/.kube/config  ./ 
vi tools/DockerFile
FROM alpine
USER root
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g'
/etc/apk/repositories && \
apk update && \
apk add --no-cache openrc docker git curl tar gcc g++ make \
bash shadow openjdk8  openssl-dev libffi-dev \
libstdc++ harfbuzz nss freetype ttf-freefont&& \
mkdir -p /root/.kube && \
usermod -a -G docker root
COPY config /root/.kube/
RUN rm -rf /var/cache/apk/* && \
rm -rf ~/.cache/pip
COPY kubectl /usr/local/bin/
RUN chmod +x /usr/local/bin/kubectl
docker build . -t 192.168.188.8:5000/devops/tools:v1
docker pull 192.168.188.8:5000/devops/tools:v1

更新Jenkins中的PodTemplate,添加tools镜像,注意同时要先添加名为jnlp的container,在卷栏目,添加卷,Host Path Volume(var/run/docker.sock)。

集成SonarQube实现代码扫描

1.SonarQube 环境部署

2.将Scanner集成到Tools容器。

wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.2.0.1873-linux.zip
unzip -n sonar-scanner-cli-4.2.0.1873-linux.zip 
rm -rf sonar-scanner/jre
vi sonar-scanner/bin/sonar-scanne
use_embedded_jre=false
vi /tools/DockerFile
...
COPY sonar-scanner /usr/lib/sonar-scanner
RUN ln -s /usr/lib/sonar-scanner/bin/sonar-scanner /usr/local/bin/sonar-scanner && chmod +x /usr/local/bin/sonar-scanner
ENV SONAR_RUNNER_HOME=/usr/lib/sonar-scanner

3.Jenkins安装并配置SonarQube插件

[系统管理]->[系统配置]-> [SonarQube servers] ->[Add SonarQube]

Name:sonarqube
Server URL:http://sonarqube:9000
Server authentication token
① 登录sonarqube -> My Account -> Security -> Generate Token
② 登录Jenkins,添加全局凭据,类型为Secret text

4.集成

stage('Code Scan') {
    steps {
        container('tools') {
            withSonarQubeEnv('sonarqube') {
            sh 'sonar-scanner -X'
            sleep 3
        }
        script {
            timeout(1) {
                def qg = waitForQualityGate('sonarqube')
                if (qg.status != 'OK') {
                    error "未通过Sonarqube的代码质量阈检查,请及时修改!failure: ${qg.status}"
                }
            }
        }
    }
}

基于SharedLibrary进行CI/CD流程的优化

Library代码结构介绍

(root)
+- src # Groovy source files
| +- org
| +- foo
| +- Bar.groovy # for org.foo.Bar class
+- vars
| +- foo.groovy # for global 'foo' variable
| +- foo.txt # help for 'foo' variable
+- resources # resource files (external libraries only)
| +- org
| +- foo
| +- bar.json # static helper data for org.foo.Bar

Jenkins与Library集成

[系统管理] -> [系统设置] -> [ Global Pipeline Libraries ]
Library Name:hapa-devops
Default Version:Master
Source Code Management:Git

Jenkinsfile中引用示例

@Library('hapa-devops') _

pipeline {
    agent { label 'jnlp-slave'}
    
    options {
		buildDiscarder(logRotator(numToKeepStr: '10'))
		disableConcurrentBuilds()
		timeout(time: 20, unit: 'MINUTES')
		gitLabConnection('gitlab')
	}

    environment {
        IMAGE_REPO = "192.168.188.8:5000/demo/myblog"
        DINGTALK_CREDS = credentials('dingTalk')
        IMAGE_CREDENTIAL = "credential-registry"
    }

    stages {
        stage('git-log') {
            steps {
                script{
                    sh "git log --oneline -n 1 > gitlog.file"
                    env.GIT_LOG = readFile("gitlog.file").trim()
                }
                sh 'printenv'
            }
        }        
        stage('checkout') {
            steps {
                container('tools') {
                    checkout scm
                }
                updateGitlabCommitStatus(name: env.STAGE_NAME, state: 'success')
                script{
                    env.BUILD_TASKS = env.STAGE_NAME + "√..." + env.TAB_STR
                }
            }
        }
        stage('build-image') {
            steps {
                container('tools') {
                    script{
                        devops.dockerBuild(
                            "Dockerfile",
                            ".",
                            "${IMAGE_REPO}",
                            "${GIT_COMMIT}",
                            IMAGE_CREDENTIAL,
                        ).start().push()
                    }
                }
            }
        }
        stage('deploy') {
            steps {
                container('tools') {
                    script{
                    	devops.deployMulti("deploy").start()
                    }
                }
            }
        }
    }
    post {
        success {
            script {
                container('tools') {
                    devops.notification("myblog", "hapa:All Right", "${GIT_COMMIT}","dingTalk").success()
                }
            }
        }
        failure {
            script {
                container('tools') {
                    devops.notification("myblog", "hapa:Error", "${GIT_COMMIT}", "dingTalk").failure()
                }
            }
        }
    }
}

暂无评论

发送评论 编辑评论


				
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
颜文字
Emoji
小恐龙
花!
上一篇
下一篇