如何搭建自己的CI/CD平台:Gitlab+Jenkins+Docker+Harbor+K8s集群搭建CICD平台

网友投稿 1550 2022-05-29

写在前面

聊聊CICD的环境搭建以及一个基于Hexo的博客系统在CICD流程中的配置Demo

很早就想着写这样一篇博文,但是没有时间,之前写了一半,正好春节假期把剩下的一般写完.

本文属于Devpos实战类文章,基本没有理论,所有,小伙伴需要对devops有些基本的了解,

博文中讲的CICD属于Devops的一部分

当然小伙伴们也可以找一些云服务商提供的商业的Depops平台去学习,一般有免费的体验,比如华为云的软开云平台。

博文涉及内容:

Gitlab+Jenkins+Docker+Harbor+K8S集群 的CICD搭建教程

在搭建好的CICD平台上持续集成部署hexo博客系统,Demo有些简陋,仅用于学习。

其中Gitlab+Jenkins +Harbor都是通过容器化部署

篇幅有限,关于CD环境k8s集群这里用之前部署好的,并且已经做了kubeconfig证书,关于这方便感兴趣小伙伴可以看看我之前的文章

下面为涉及到的机器:

上帝借由各种途径使人变得孤独,好让我们可以走向自己。 ——赫尔曼·黑塞《德米安》

一、CICD服务器环境搭建

CI即为持续集成(Continue Integration,简称CI),用通俗的话讲,就是持续的整合版本库代码编译后制作应用镜像。建立有效的持续集成环境可以减少开发过程中一些不必要的问题、提高代码质量、快速迭代等,

常用的工具和平台有:

Jenkins:基于Java开发的一种持续集成工具,用于监控持续重复的工作,旨在提供一个开放易用的软件平台,使软件的持续集成变成可能。

Bamboo: 是一个企业级商用软件,可以部署在大规模生产环境中。

CD即持续交付Continuous Delivery和持续部署Continuous Deployment,用通俗的话说,即可以持续的部署到生产环境给客户使用,这里分为两个阶段,持续交付我理解为满足上线条件的过程,但是没有上线,持续部署,即为上线应用的过程

关于CD环境,我们使用以前搭建好的K8s集群,K8s集群可以实现应用的健康检测,动态扩容,滚动更新等优点,关于K8s集群的搭建,小伙伴可以看看我的其他文章

我们来搭建CI服务器:操作服务器: liruilongs.github.io:192.168.26.55

docker 环境安装

拉取镜像,启动并设置开机自启

┌──[root@liruilongs.github.io]-[~] └─$ yum -y install docker-ce ┌──[root@liruilongs.github.io]-[~] └─$ systemctl enable docker --now

配置docker加速器

sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://2tefyfv7.mirror.aliyuncs.com"] } EOF sudo systemctl daemon-reload sudo systemctl restart docker

1.安装GitLab 并配置

GitLab 不多介绍。一个基于Git的版本控制平台,,提供了Git仓库管理、代码审查、问题跟踪、活动反馈和wiki,当然同时也提供了

┌──[root@liruilongs.github.io]-[~] └─$ docker pull beginor/gitlab-ce

┌──[root@liruilongs.github.io]-[~] └─$ mkdir -p /data/gitlab/etc/ /data/gitlab/log /data/gitlab/data ┌──[root@liruilongs.github.io]-[~] └─$ chmod 777 /data/gitlab/etc/ /data/gitlab/log /data/gitlab/data

┌──[root@liruilongs.github.io]-[~] └─$ docker run -itd --name=gitlab --restart=always --privileged=true -p 8443:443 -p 80:80 -p 222:22 -v /data/gitlab/etc:/etc/gitlab -v /data/gitlab/log:/var/log/gitlab -v /data/gitlab/data:/var/opt/gitlab beginor/gitlab-ce acc95b2896e8475915275d5eb77c7e63f63c31536432b68508f2f216d4fec634 ┌──[root@liruilongs.github.io]-[~] └─$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES acc95b2896e8 beginor/gitlab-ce "/assets/wrapper" 53 seconds ago Up 51 seconds (health: starting) 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:222->22/tcp, :::222->22/tcp, 0.0.0.0:8443->443/tcp, :::8443->443/tcp gitlab ┌──[root@liruilongs.github.io]-[~] └─$ ┌──[root@liruilongs.github.io]-[~] └─$#

切记:这里的端口要设置成80,要不push项目会提示没有报错,如果宿主机端口被占用,需要把这个端口腾出来

┌──[root@liruilongs.github.io]-[~] └─$ docker stop gitlab gitlab

external_url 'http://192.168.26.55’

┌──[root@liruilongs.github.io]-[~] └─$ cat /data/gitlab/etc/gitlab.rb | grep external_url ##! For more details on configuring external_url see: # external_url 'GENERATED_EXTERNAL_URL' # registry_external_url 'https://registry.gitlab.example.com' # pages_external_url "http://pages.example.com/" # gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4' # mattermost_external_url 'http://mattermost.example.com' ┌──[root@liruilongs.github.io]-[~] └─$ sed -i "/external_url 'GENERATED_EXTERNAL_URL'/a external_url\t'http://192.168.26.55' " /data/gitlab/etc/gitlab.rb ┌──[root@liruilongs.github.io]-[~] └─$ cat /data/gitlab/etc/gitlab.rb | grep external_url ##! For more details on configuring external_url see: # external_url 'GENERATED_EXTERNAL_URL' external_url 'http://192.168.26.55' # registry_external_url 'https://registry.gitlab.example.com' # pages_external_url "http://pages.example.com/" # gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4' # mattermost_external_url 'http://mattermost.example.com' ┌──[root@liruilongs.github.io]-[~] └─$

gitlab_rails[‘gitlab_ssh_host’] = '192.168.26.55’

┌──[root@liruilongs.github.io]-[~] └─$ cat /data/gitlab/etc/gitlab.rb | grep gitlab_ssh_host # gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com' ┌──[root@liruilongs.github.io]-[~] └─$ sed -i "/gitlab_ssh_host/a gitlab_rails['gitlab_ssh_host'] = '192.168.26.55' " /data/gitlab/etc/gitlab.rb ┌──[root@liruilongs.github.io]-[~] └─$ cat /data/gitlab/etc/gitlab.rb | grep gitlab_ssh_host # gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com' gitlab_rails['gitlab_ssh_host'] = '192.168.26.55' ┌──[root@liruilongs.github.io]-[~] └─$

gitlab_rails[gitlab_shell_ssh_port] = 222

┌──[root@liruilongs.github.io]-[~] └─$ cat /data/gitlab/etc/gitlab.rb | grep gitlab_shell_ssh # gitlab_rails['gitlab_shell_ssh_port'] = 22 ┌──[root@liruilongs.github.io]-[~] └─$ sed -i "/gitlab_shell_ssh_port/a gitlab_rails['gitlab_shell_ssh_port'] = 222" /data/gitlab/etc/gitlab.rb ┌──[root@liruilongs.github.io]-[~] └─$ cat /data/gitlab/etc/gitlab.rb | grep gitlab_shell_ssh # gitlab_rails['gitlab_shell_ssh_port'] = 22 gitlab_rails[gitlab_shell_ssh_port] = 222 ┌──[root@liruilongs.github.io]-[~] └─$

┌──[root@liruilongs.github.io]-[~] └─$ vim /data/gitlab/data/gitlab-rails/etc/gitlab.yml ┌──[root@liruilongs.github.io]-[~] └─$ ############################## gitlab: ## Web server settings (note: host is the FQDN, do not include http://) host: 192.168.26.55 port: 80 https: false

修改完配置文件之后。直接启动容器

┌──[root@liruilongs.github.io]-[~] └─$ docker start gitlab

相关的git命令

PS F:\blogger> git init Initialized empty Git repository in F:/blogger/.git/ PS F:\blogger> git config --global user.name "Administrator" PS F:\blogger> git config --global user.email "admin@example.com" PS F:\blogger> git remote add origin http://192.168.26.55/root/blog.git PS F:\blogger> git add . PS F:\blogger> git commit -m "Initial commit" PS F:\blogger> git push -u origin master Enumerating objects: 322, done. Counting objects: 100% (322/322), done. Delta compression using up to 8 threads Compressing objects: 100% (302/302), done. Writing objects: 100% (322/322), 11.31 MiB | 9.22 MiB/s, done. Total 322 (delta 24), reused 0 (delta 0) remote: Resolving deltas: 100% (24/24), done. To http://192.168.26.55/root/blog.git * [new branch] master -> master Branch 'master' set up to track remote branch 'master' from 'origin'. PS F:\blogger>

2.安装配置远程镜像仓库harbor

下面我们要配置私有的docker镜像仓库,用到的机器为:

操作服务器:vms56.liruilongs.github.io:192.168.26.56

这里仓库我们选择harbor,因为有web页面,当然也可以使用 registry

下面我们开始安装

首先需要设置selinux、防火墙

┌──[root@vms56.liruilongs.github.io]-[~] └─#getenforce Disabled

┌──[root@vms56.liruilongs.github.io]-[~] └─#systemctl disable firewalld.service --now Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

安装并启动docker并安装docker-compose,关于docker-compose,这里不用了解太多,一个轻量的docker编排工具

┌──[root@vms56.liruilongs.github.io]-[~] └─#yum install -y docker-ce ┌──[root@vms56.liruilongs.github.io]-[~] └─#yum install -y docker-compose

解压harbor 安装包:harbor-offline-installer-v2.0.6.tgz,导入相关镜像

┌──[root@vms56.liruilongs.github.io]-[/] └─#ls bin dev harbor-offline-installer-v2.0.6.tgz lib machine-id mnt proc run srv tmp var boot etc home lib64 media opt root sbin sys usr ┌──[root@vms56.liruilongs.github.io]-[/] └─#tar zxvf harbor-offline-installer-v2.0.6.tgz harbor/harbor.v2.0.6.tar.gz harbor/prepare harbor/LICENSE harbor/install.sh harbor/common.sh harbor/harbor.yml.tmpl ┌──[root@vms56.liruilongs.github.io]-[/] └─#docker load -i harbor/harbor.v2.0.6.tar.gz

修改配置文件

┌──[root@vms56.liruilongs.github.io]-[/] └─#cd harbor/ ┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#ls common.sh harbor.v2.0.6.tar.gz harbor.yml.tmpl install.sh LICENSE prepare ┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#cp harbor.yml.tmpl harbor.yml ┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#ls common.sh harbor.v2.0.6.tar.gz harbor.yml harbor.yml.tmpl install.sh LICENSE prepare ┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#vim harbor.yml ┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#

harbor.yml:设置IP和用户名密码

4 # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. 5 hostname: 192.168.26.56 6 7 # http related config ....... 12 # https related config 13 #https: 14 # https port for harbor, default is 443 15 # port: 443 16 # The path of cert and key files for nginx 17 # certificate: /your/certificate/path 18 # private_key: /your/private/key/path .... 33 # Remember Change the admin password from UI after launching Harbor. 34 harbor_admin_password: Harbor12345 35 36 # Harbor DB configuration

./prepare && ./install.sh

┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#./prepare prepare base dir is set to /harbor WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml Generated and saved secret to file: /data/secret/keys/secretkey Successfully called func: create_root_cert Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir

┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#./install.sh [Step 0]: checking if docker is installed ... Note: docker version: 20.10.9 [Step 1]: checking docker-compose is installed ... Note: stopping existing Harbor instance ... Removing harbor-jobservice ... done Removing nginx ... done Removing harbor-core ... done Removing registry ... done Creating harbor-log ... done Removing harbor-portal ... done Removing redis ... done Removing network harbor_harbor Creating registry ... done Creating harbor-core ... done Creating network "harbor_harbor" with the default driver Creating nginx ... done Creating redis ... Creating registry ... Creating harbor-portal ... Creating registryctl ... Creating harbor-db ... Creating harbor-core ... Creating harbor-jobservice ... Creating nginx ... ✔ ----Harbor has been installed and started successfully.---- ┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#

查看相关的镜像

┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 0efcf7b83dcf goharbor/nginx-photon:v2.0.6 "nginx -g 'daemon of…" 16 minutes ago Up 16 minutes (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx ee9d418c7cee goharbor/harbor-jobservice:v2.0.6 "/harbor/entrypoint.…" 16 minutes ago Up 16 minutes (healthy) harbor-jobservice 6052c481dbd0 goharbor/harbor-core:v2.0.6 "/harbor/entrypoint.…" 16 minutes ago Up 16 minutes (healthy) harbor-core 001ff83b037d goharbor/harbor-db:v2.0.6 "/docker-entrypoint.…" 17 minutes ago Up 16 minutes (healthy) 5432/tcp harbor-db 2ebc81356ef1 goharbor/harbor-registryctl:v2.0.6 "/home/harbor/start.…" 17 minutes ago Up 16 minutes (healthy) registryctl 6ca721c0fa75 goharbor/harbor-portal:v2.0.6 "nginx -g 'daemon of…" 17 minutes ago Up 16 minutes (healthy) 8080/tcp harbor-portal 2b06e2cf91ab goharbor/registry-photon:v2.0.6 "/home/harbor/entryp…" 17 minutes ago Up 16 minutes (healthy) 5000/tcp registry 2292a20780e2 goharbor/redis-photon:v2.0.6 "redis-server /etc/r…" 17 minutes ago Up 16 minutes (healthy) 6379/tcp redis a0e3e49cf9db goharbor/harbor-log:v2.0.6 "/bin/sh -c /usr/loc…" 17 minutes ago Up 17 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log ┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#

访问测试

CI服务器的docker配置

这里因为我们要在192.168.26.55(CI服务器)上push镜像到192.168.26.56(私仓),所有需要修改CI服务器上的Docker配置。添加仓库地址

操作服务器: liruilongs.github.io:192.168.26.55

┌──[root@liruilongs.github.io]-[~] └─$ cat /etc/docker/daemon.json { "registry-mirrors": ["https://2tefyfv7.mirror.aliyuncs.com"] } ┌──[root@liruilongs.github.io]-[~] └─$ vim /etc/docker/daemon.json

修改后的配置文件

┌──[root@liruilongs.github.io]-[~] └─$ cat /etc/docker/daemon.json { "registry-mirrors": ["https://2tefyfv7.mirror.aliyuncs.com"], "insecure-registries": ["192.168.26.56"] }

加载使其生效

┌──[root@liruilongs.github.io]-[~] └─$ systemctl daemon-reload ┌──[root@liruilongs.github.io]-[~] └─$ systemctl restart docker ┌──[root@liruilongs.github.io]-[~]

CI机器简单测试一下

┌──[root@liruilongs.github.io]-[~] └─$ docker login 192.168.26.56 Authenticating with existing credentials... WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded ┌──[root@liruilongs.github.io]-[~] └─$ docker tag busybox 192.168.26.56/demo/busybox ┌──[root@liruilongs.github.io]-[~] └─$ docker push 192.168.26.56/demo/busybox Using default tag: latest The push refers to repository [192.168.26.56/demo/busybox] cfd97936a580: Pushed latest: digest: sha256:febcf61cd6e1ac9628f6ac14fa40836d16f3c6ddef3b303ff0321606e55ddd0b size: 527 ┌──[root@liruilongs.github.io]-[~] └─$

push一个镜像,可以在私仓的web页面查看

到这里。我们配置了镜像仓库

3.安装配置jenkins

操作服务器: liruilongs.github.io:192.168.26.55

镜像jenkins拉取

┌──[root@liruilongs.github.io]-[~] └─$ docker pull jenkins/jenkins:centos7-jdk8 。。。。。。 ┌──[root@liruilongs.github.io]-[~] └─$ docker history jenkins/jenkins:centos7-jdk8 IMAGE CREATED CREATED BY SIZE COMMENT de64a05279ba 5 days ago LABEL org.opencontainers.image.vendor=Jenkin… 0B buildkit.dockerfile.v0 5 days ago COPY install-plugins.sh /usr/local/bin/insta… 10.6kB buildkit.dockerfile.v0 。。。。。。。。。。 5 days ago ARG JENKINS_HOME=/var/jenkins_home 0B buildkit.dockerfile.v0 5 days ago ARG agent_port=50000 0B buildkit.dockerfile.v0 5 days ago ARG http_port=8080 0B buildkit.dockerfile.v0 5 days ago ARG gid=1000 0B buildkit.dockerfile.v0 5 days ago ARG uid=1000 0B buildkit.dockerfile.v0 5 days ago ARG group=jenkins 0B buildkit.dockerfile.v0 5 days ago ARG user=jenkins 0B buildkit.dockerfile.v0 5 days ago RUN |5 TARGETARCH=amd64 COMMIT_SHA=0b797f024… 10.4MB buildkit.dockerfile.v0 5 days ago COPY git_lfs_pub.gpg /tmp/git_lfs_pub.gpg # … 62.5kB buildkit.dockerfile.v0 5 days ago ARG GIT_LFS_VERSION=3.0.1 0B buildkit.dockerfile.v0 5 days ago ARG COMMIT_SHA 0B buildkit.dockerfile.v0 5 days ago ARG TARGETARCH 0B buildkit.dockerfile.v0 5 days ago RUN |2 TARGETARCH=amd64 COMMIT_SHA=0b797f024… 426MB buildkit.dockerfile.v0 5 days ago ARG COMMIT_SHA 0B buildkit.dockerfile.v0 5 days ago ARG TARGETARCH 0B buildkit.dockerfile.v0 5 days ago ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_AL… 0B buildkit.dockerfile.v0 7 weeks ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B 7 weeks ago /bin/sh -c #(nop) LABEL org.label-schema.sc… 0B 7 weeks ago /bin/sh -c #(nop) ADD file:b3ebbe8bd304723d4… 204MB ┌──[root@liruilongs.github.io]-[~] └─$

这里为什么要改成 1000,是因为容器里是以 jenkins 用户的身份去读写数据,而在容器里jenkins 的 uid 是 1000,

┌──[root@liruilongs.github.io]-[~] └─$ mkdir /jenkins && chown 1000:1000 /jenkins ┌──[root@liruilongs.github.io]-[~] └─$ # 这里为什么要改成 1000,是因为容器里是以 jenkins 用户的身份去读写数据,而在容器里jenkins 的 uid 是 1000,

┌──[root@liruilongs.github.io]-[~] └─$ cat jenkins.docker.sh docker run -dit -p 8080:8080 -p 50000:50000 --name jenkins --privileged=true --restart=always -v /jenkins:/var/jenkins_home jenkins/jenkins:centos7-jdk8 ┌──[root@liruilongs.github.io]-[~] └─$ docker run -dit -p 8080:8080 -p 50000:50000 --name jenkins --privileged=true --restart=always -v /jenkins:/var/jenkins_home jenkins/jenkins:centos7-jdk8 39afa098c8a56973ce1559d374b058b8e6091175b5b783d613a9f2e356827684 ┌──[root@liruilongs.github.io]-[~] └─$ docker ps | grep jenkins 39afa098c8a5 jenkins/jenkins:centos7-jdk8 "/sbin/tini -- /usr/…" 3 minutes ago Up 2 minutes 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp, 0.0.0.0:50000->50000/tcp, :::50000->50000/tcp jenkins

┌──[root@liruilongs.github.io]-[~] └─$ docker stop jenkins jenkins

更换国内清华大学镜像,Jenkins下载插件特别慢,更换国内的清华源的镜像地址会快不少

┌──[root@liruilongs.github.io]-[~] └─$ cat /jenkins/hudson.model.UpdateCenter.xml default https://updates.jenkins.io/update-center.json ┌──[root@liruilongs.github.io]-[~] └─$

┌──[root@liruilongs.github.io]-[~] └─$ sed -i 's#updates.jenkins.io/update-center.json#mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json#g ' /jenkins/hudson.model.UpdateCenter.xml ┌──[root@liruilongs.github.io]-[~] └─$ cat /jenkins/hudson.model.UpdateCenter.xml default https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json ┌──[root@liruilongs.github.io]-[~] └─$

"http://www.google.com/" 替换为 "http://www.baidu.com/"

yum -y install jq ┌──[root@liruilongs.github.io]-[~] └─$ cat /jenkins/updates/default.json | jq '.connectionCheckUrl' "http://www.google.com/" ┌──[root@liruilongs.github.io]-[~] └─$ cat /jenkins/updates/default.json | jq 'keys' [ "connectionCheckUrl", "core", "deprecations", "generationTimestamp", "id", "plugins", "signature", "updateCenterVersion", "warnings" ] ┌──[root@liruilongs.github.io]-[~] └─$ sed -i s#http://www.google.com/#http://www.baidu.com/#g /jenkins/updates/default.json

替换后查看

┌──[root@liruilongs.github.io]-[~] └─$ cat /jenkins/updates/default.json | jq '.connectionCheckUrl' "http://www.baidu.com/" ┌──[root@liruilongs.github.io]-[~] └─$ cat /jenkins/updates/default.json | jq 'keys' [ "connectionCheckUrl", "core", "deprecations", "generationTimestamp", "id", "plugins", "signature", "updateCenterVersion", "warnings" ] ┌──[root@liruilongs.github.io]-[~] └─$

重启docker,获取登录密匙

┌──[root@liruilongs.github.io]-[~] └─$ docker start jenkins jenkins ┌──[root@liruilongs.github.io]-[~] └─$ ┌──[root@liruilongs.github.io]-[~] └─$ cat /jenkins/secrets/initialAdminPassword be15eaabc4c946de913dd5af8636cae9

需要修改jenkins绑定的docker的启动参数,ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2376 -H fd:// --containerd=/run/containerd/containerd.sock

修改镜像库启动参数后需要重启docker

┌──[root@vms56.liruilongs.github.io]-[~] └─#systemctl daemon-reload ┌──[root@vms56.liruilongs.github.io]-[~] └─#systemctl restart docker

后面 gitlab 要和 jenkins 进行联动,所以必须要需要对 jenkins 的安全做一些设置,依次点击 系统管理-全局安全配置-授权策略,勾选"匿名用户具有可读权限"

添加 JVM 运行参数 -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true 运行跨站请求访问

┌──[root@liruilongs.github.io]-[~] └─$ docker exec -u root -it jenkins bash [root@39afa098c8a5 /]# ls anaconda-post.log bin dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var [root@39afa098c8a5 /]# vi /usr/local/bin/jenkins.sh [root@39afa098c8a5 /]# exit exit ┌──[root@liruilongs.github.io]-[~] └─$

这里的话我们要通过jenkins上的kubectl客户端连接k8s,所以我们需要安装一个k8s的客户端kubectl,下载k8s客户端

wget https://storage.googleapis.com/kubernetes-release/release/v1.22.2/bin/linux/amd64/kubectl

┌──[root@liruilongs.github.io]-[~] └─$ yum install -y kubectl-1.22.2-0 --disableexcludes=kubernetes

然后拷贝kubeconfig 证书,k8s集群中查看证书位置,这里的证书是之前创建好的,小伙伴可以看看我之前的文章

┌──[root@liruilongs.github.io]-[~] └─$ scp root@192.168.26.81:/root/ansible/k8s-rbac-create/kc1 . Warning: Permanently added '192.168.26.81' (ECDSA) to the list of known hosts. root@192.168.26.81's password: kc1 100% 5566 108.7KB/s 00:00

┌──[root@liruilongs.github.io]-[~] └─$ docker cp kc1 jenkins:/ ┌──[root@liruilongs.github.io]-[~] └─$ docker cp kubectl jenkins:/ ┌──[root@liruilongs.github.io]-[~] └─$

┌──[root@liruilongs.github.io]-[~] └─$ docker exec -u root -it jenkins bash [root@39afa098c8a5 /]# ls anaconda-post.log bin dev etc home kc1 kubectl lib lib64 media mnt opt proc root run sbin srv sys tmp usr var [root@39afa098c8a5 /]# ./kubectl --kubeconfi=kc1 get pods -A Error: unknown flag: --kubeconfi See 'kubectl get --help' for usage. [root@39afa098c8a5 /]# ./kubectl --kubeconfig=kc1 get pods -A Error from server (Forbidden): pods is forbidden: User "liruilong" cannot list resource "pods" in API group "" at the cluster scope

发现没有权限,这里我们为了方便,直接赋予集群中的cluster-admin角色

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-rbac-create] └─$kubectl create clusterrolebinding test --clusterrole=cluster-admin --user=liruilong clusterrolebinding.rbac.authorization.k8s.io/test created ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-rbac-create] └─$

命令测试没有问题

[root@39afa098c8a5 /]# ./kubectl --kubeconfig=kc1 get nodes NAME STATUS ROLES AGE VERSION vms81.liruilongs.github.io Ready control-plane,master 51d v1.22.2 vms82.liruilongs.github.io NotReady 51d v1.22.2 vms83.liruilongs.github.io NotReady 51d v1.22.2 [root@39afa098c8a5 /]#

二 、hexo博客系统CICD实战

4. k8s集群中配置hexo生产环境高可用

我们要部署Nginx来运行hexo博客系统,hexo编译完后为一堆静态文件,所以我们需要创建一个svc和一个deploy,使用SVC提供服务,使用deploy提供服务能力,使用Nginx+hexo的静态文件构成的镜像

apiVersion: apps/v1 kind: Deployment metadata: creationTimestamp: null labels: app: nginx name: nginxdep spec: replicas: 2 selector: matchLabels: app: nginx strategy: {} template: metadata: creationTimestamp: null labels: app: nginx spec: containers: - image: blog name: web resources: requests: cpu: 100m restartPolicy: Always

deployments创建

这里我们先用一个Nginx镜像来代替hexo博客的镜像

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$kubectl apply -f nginx.yaml deployment.apps/nginxdep created

查看deployments和pod

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$kubectl get deployments.apps | grep nginxdep nginxdep 2/2 2 2 109s ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$kubectl get pods -o wide | grep web ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$kubectl get pods -o wide | grep nginxdep nginxdep-645bf755b9-2w8jv 1/1 Running 0 2m22s 10.244.171.164 vms82.liruilongs.github.io nginxdep-645bf755b9-jfqxj 1/1 Running 0 2m22s 10.244.171.157 vms82.liruilongs.github.io ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$

service创建

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$kubectl expose deploy nginxdep --port=8888 --target-port=80 --type=NodePort service/nginxdep exposed ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$kubectl get svc -o wide | grep nginxdep nginxdep NodePort 10.106.217.50 8888:31964/TCP 16s app=nginx

访问测试没有问题,之后我们配置好jenkins上的触发器,直接替换就OK

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$curl 127.0.0.1:31964 Welcome to nginx!

Welcome to nginx!

If you see this page, the nginx web server is successfully installed and working. Further configuration is required.

For online documentation and support please refer to nginx.org.
Commercial support is available at nginx.com.

Thank you for using nginx.

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$

5.k8s集群配置私仓地址

我们通过kubectl set命令更新deploy的镜像时,获取的镜像是通过私仓获取的,所以需要在启动参数添加私仓地址

ExecStart=/usr/bin/dockerd --insecure-registry 192.168.26.56 -H fd:// --containerd=/run/containerd/containerd.sock

这里所有的节点都需要设置后重启docker

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$vim /usr/lib/systemd/system/docker.service ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$systemctl daemon-reload ;systemctl restart docker & [1] 23273 ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$ssh root@192.168.26.82 Last login: Sun Jan 16 06:09:07 2022 from 192.168.26.1 ┌──[root@vms82.liruilongs.github.io]-[~] └─$vim /usr/lib/systemd/system/docker.service ┌──[root@vms82.liruilongs.github.io]-[~] └─$systemctl daemon-reload ;systemctl restart docker & [1] 26843 ┌──[root@vms82.liruilongs.github.io]-[~] └─$exit 登出 Connection to 192.168.26.82 closed.

6.jenkins配置CICD流程

访问jenkins,接下来才是重点,我们要的jenkins上配置整个CICD流程,从而实现自动化

相关的文本信息

cd ~ rm -rf blog git clone http://192.168.26.55/root/blog.git

/var/jenkins_home/blog/ 192.168.26.56/library/blog:${BUILD_NUMBER}

如何搭建自己的CI/CD平台:Gitlab+Jenkins+Docker+Harbor+K8s集群搭建CICD平台

export KUBECONFIG=/kc1; /kubectl set image deployment/nginxdep *="192.168.26.56/library/blog:${BUILD_NUMBER}" -n kube-system

7.配置 gitlab 和 jenkins 的联动

到这里,联动已经配置完成

8.编写Dockerfile文件,更新代码测试

下面我们编译一下hexo,生成public的一个文件夹,然后上传gitlab

PS F:\blogger> hexo g ..... PS F:\blogger> git add .\public\ PS F:\blogger> git commit -m "编译代码" PS F:\blogger> git push

同时需要编写Dockerfile文件来创建镜像

FROM docker.io/library/nginx:latest MAINTAINER liruilong ADD ./public/ /usr/share/nginx/html/ EXPOSE 80 CMD ["nginx", "-g","daemon off;"]

PS F:\blogger> git add . PS F:\blogger> git commit -m "Dockcerfile文件编写" [master 217e0ed] Dockcerfile文件编写 1 file changed, 1 deletion(-) PS F:\blogger> git push Enumerating objects: 5, done. Counting objects: 100% (5/5), done. Delta compression using up to 8 threads Compressing objects: 100% (3/3), done. Writing objects: 100% (3/3), 307 bytes | 307.00 KiB/s, done. Total 3 (delta 2), reused 0 (delta 0) To http://192.168.26.55/root/blog.git 6690612..217e0ed master -> master PS F:\blogger>

Started by remote host 192.168.26.1 Running as SYSTEM Building in workspace /var/jenkins_home/workspace/liruilong-cicd [liruilong-cicd] $ /bin/sh -xe /tmp/jenkins6108687102523328796.sh + cd /var/jenkins_home + rm -rf blog + git clone http://192.168.26.55/root/blog.git Cloning into 'blog'... Docker Build Docker Build: building image at path /var/jenkins_home/blog Step 1/5 : FROM docker.io/library/nginx:latest ---> f8f4ffc8092c Step 2/5 : MAINTAINER liruilong ---> Running in e341b5562b64 Removing intermediate container e341b5562b64 ---> 4e9f5aa47ab5 Step 3/5 : ADD ./public/ /usr/share/nginx/html/ ---> 3956cff32507 Step 4/5 : EXPOSE 80 ---> Running in b4c27124989d Removing intermediate container b4c27124989d ---> ba9d1764d764 Step 5/5 : CMD ["nginx", "-g","daemon off;"] ---> Running in 61dca01a4883 Removing intermediate container 61dca01a4883 ---> 2aadc5732a60 Successfully built 2aadc5732a60 Tagging built image with 192.168.26.56/library/blog:41 Docker Build Response : 2aadc5732a60 Pushing [192.168.26.56/library/blog:41] The push refers to repository [192.168.26.56/library/blog] 89570901cdea: Preparing 65e1ea1dc98c: Preparing 88891187bdd7: Preparing 6e109f6c2f99: Preparing 0772cb25d5ca: Preparing 525950111558: Preparing 476baebdfbf7: Preparing 525950111558: Waiting 476baebdfbf7: Waiting 88891187bdd7: Layer already exists 6e109f6c2f99: Layer already exists 65e1ea1dc98c: Layer already exists 0772cb25d5ca: Layer already exists 89570901cdea: Pushing [> ] 301.6kB/28.75MB 89570901cdea: Pushing [==> ] 1.193MB/28.75MB 476baebdfbf7: Layer already exists 525950111558: Layer already exists 89570901cdea: Pushing [======> ] 3.917MB/28.75MB 89570901cdea: Pushing [==========> ] 5.996MB/28.75MB 89570901cdea: Pushing [==============> ] 8.097MB/28.75MB 89570901cdea: Pushing [==================> ] 10.76MB/28.75MB 89570901cdea: Pushing [=====================> ] 12.57MB/28.75MB 89570901cdea: Pushing [========================> ] 13.8MB/28.75MB 89570901cdea: Pushing [=========================> ] 14.71MB/28.75MB 89570901cdea: Pushing [===========================> ] 15.59MB/28.75MB 89570901cdea: Pushing [=============================> ] 16.79MB/28.75MB 89570901cdea: Pushing [===============================> ] 18.27MB/28.75MB 89570901cdea: Pushing [=================================> ] 19.45MB/28.75MB 89570901cdea: Pushing [===================================> ] 20.34MB/28.75MB 89570901cdea: Pushing [=====================================> ] 21.55MB/28.75MB 89570901cdea: Pushing [=======================================> ] 22.44MB/28.75MB 89570901cdea: Pushing [=========================================> ] 23.64MB/28.75MB 89570901cdea: Pushing [==========================================> ] 24.52MB/28.75MB 89570901cdea: Pushing [============================================> ] 25.42MB/28.75MB 89570901cdea: Pushing [==============================================> ] 26.61MB/28.75MB 89570901cdea: Pushing [===============================================> ] 27.19MB/28.75MB 89570901cdea: Pushing [=================================================> ] 28.69MB/28.75MB 89570901cdea: Pushing [==================================================>] 29.32MB 89570901cdea: Pushed 41: digest: sha256:c90b64945a8d063f7bcdcc39f00f91b6d83acafcd6b2ec6aba5b070474bafc37 size: 1782 Cleaning local images [2aadc5732a60] Docker Build Done [liruilong-cicd] $ /bin/sh -xe /tmp/jenkins246013519648603221.sh + export KUBECONFIG=/kc1 + KUBECONFIG=/kc1 + /kubectl set image deployment/nginxdep '*=192.168.26.56/library/blog:41' -n kube-system deployment.apps/nginxdep image updated Finished: SUCCESS

9.访问hexo博客系统

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$kubectl get deployments.apps | grep nginxdep nginxdep 2/2 2 2 30h ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$kubectl get pods -o wide | grep nginxdep nginxdep-bddfd9b5f-94d88 1/1 Running 0 110s 10.244.171.142 vms82.liruilongs.github.io nginxdep-bddfd9b5f-z57qc 1/1 Running 0 35m 10.244.171.177 vms82.liruilongs.github.io ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$kubectl get svc -o wide | grep nginxdep nginxdep NodePort 10.106.217.50 8888:31964/TCP 30h app=nginx ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$kubectl describe pods nginxdep-bddfd9b5f-94d88 Name: nginxdep-bddfd9b5f-94d88 Namespace: kube-system Priority: 0 Node: vms82.liruilongs.github.io/192.168.26.82 Start Time: Fri, 04 Feb 2022 03:11:14 +0800 Labels: app=nginx pod-template-hash=bddfd9b5f Annotations: cni.projectcalico.org/podIP: 10.244.171.142/32 cni.projectcalico.org/podIPs: 10.244.171.142/32 Status: Running IP: 10.244.171.142 IPs: IP: 10.244.171.142 Controlled By: ReplicaSet/nginxdep-bddfd9b5f Containers: web: Container ID: docker://669f48cb626d5067f40bb1aaa378268a7ee9879488b0b298a86271957c162316 Image: 192.168.26.56/library/blog:41 Image ID: docker-pullable://192.168.26.56/library/blog@sha256:c90b64945a8d063f7bcdcc39f00f91b6d83acafcd6b2ec6aba5b070474bafc37 Port: Host Port: State: Running Started: Fri, 04 Feb 2022 03:11:15 +0800 Ready: True Restart Count: 0 Requests: cpu: 100m Environment: Mounts: /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-trn5n (ro) Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled True Volumes: kube-api-access-trn5n: Type: Projected (a volume that contains injected data from multiple sources) TokenExpirationSeconds: 3607 ConfigMapName: kube-root-ca.crt ConfigMapOptional: DownwardAPI: true QoS Class: Burstable Node-Selectors: Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s node.kubernetes.io/unreachable:NoExecute op=Exists for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 4m10s default-scheduler Successfully assigned kube-system/nginxdep-bddfd9b5f-94d88 to vms82.liruilongs.github.io Normal Pulling 4m9s kubelet Pulling image "192.168.26.56/library/blog:41" Normal Pulled 4m9s kubelet Successfully pulled image "192.168.26.56/library/blog:41" in 67.814838ms Normal Created 4m9s kubelet Created container web Normal Started 4m9s kubelet Started container web

Docker Git Jenkins 镜像服务

版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。

上一篇:Beautiful Soup:用 Python 构建一个网页爬虫
下一篇:疯狂Java学习笔记(48)------------泛型详解
相关文章