jenkins实现容器镜像自动发布和k8s应用升级和回滚
|
126
|
0
|

740 字
|
8 分钟

软件规划

主机软件
192.168.252.144 masterjenkins
192.168.252.145 node01gitlab
192.168.252.146 node02harbor
k8s环境上实现镜像自动发布

gitlab

1、安装gitlab

Index of /gitlab-ce/yum/el7/ | 清华大学开源软件镜像站 | Tsinghua Open Source Mirror

yum install -y gitlab-ce-10.1.5-ce.0.el7.x86_64.rpm

2、编辑gitlab配置文件

vim /etc/gitlab/gitlab.rb 
external_url 'http://192.168.140.15'  #修改为自己的主机地址

3、启动gitlab

gitlab-ctl reconfigure

4、访问gitlab

http://192.168.252.145 #默认用户名root 首次登录设置密码

5、创建gitlab项目

  • (项目文件为小鸟飞飞,同时dockerfile放在项目文件下面,dockerfileignore也放在下面)
  • 项目链接:https://pan.quark.cn/s/f57b13a1ee83
  • 提取码:FJqs
mkdir /opt/xiaoniao
git init
git config --global user.name "Administrator"
git config --global user.email admin@example.com
git remote add origin git@192.168.252.145:root/xiaoniao.git
git add .
git commit -m "Initial commit"
git push -u origin master

harbor

1、安装docker(如果你是k8s集群就不用安装了,如果没有则安装)

2、安装docker-compose

Releases · docker/compose (github.com) 我这里是docker-compose version 1.29.0, build 07737305

mv docker-compose /usr/local/bin/ 
chmod a+x /usr/local/bin/docker-compose

3、安装harbor

tar xf harbor-offline-installer-v2.2.2.tgz 
cp harbor/harbor.yml.tmpl harbor/harbor.yml

4、配置CA为harbor签发证书/生成V3证书

创建CA证书
mkdir /opt/ssl 
cd /opt/ssl 
openssl genrsa -out ca.key 4096 
openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/CN=harbor.linux.com" -key ca.key -out ca.crt
为harbor服务器创建证书
openssl genrsa -out server.key 4096 
openssl req -new -sha512 -subj "/CN=harbor.linux.com" -key server.key -out server.csr
创建v3.ext文件
[root@localhost ssl]# cat v3.ext  
 authorityKeyIdentifier=keyid,issuer
 basicConstraints=CA:FALSE
 keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
 extendedKeyUsage = serverAuth 
 subjectAltName = @alt_names
 [alt_names]
 DNS.1=harbor.linux.com
openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in server.csr -out server.crt

5、编辑harbor配置文件

hostname: harbor.linux.com     #修改主机名

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80

# https related config
https:
  # https port for harbor, default is 443
  port: 443
  # The path of cert and key files for nginx
  certificate: /opt/ssl/server.crt    #修改证书
  private_key: /opt/ssl/server.key    #修改密钥

6、启动harbor

cd到你的harbor解压的目录里面

./prepare
./install

7、添加hosts解析,访问harbor

8、Harbor仓库启用了https后,docker服务器要能正常登录访问仓库,需要将harbor的证书拷贝到docker服务器

在所有主机上操作

mkdir /etc/docker/certs.d/harbor.linux.com -p

在harbor主机上操作

scp /opt/ssl/server.crt root@192.168.252.144:/etc/docker/certs.d/harbor.linux.com
scp /opt/ssl/server.crt root@192.168.252.144:/etc/docker/certs.d/harbor.linux.com
cp /opt/ssl/server.crt /etc/docker/certs.d/harbor.linux.com

jenkins

1、下载epel源

wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

2、安装jdk11

yum install java-11-openjdk-devel

3、安装jenkins

yum install -y jenkins-2.405-1.1.noarch.rpm

4、启动jenkins

systemctl start jenkins
systemctl enable jenkins
[root@master ~] netstat tunlp | grep java
tcp6       0      0 :::8080                 :::*                    LISTEN      19655/java

5、修改插件下载地址

  • 将url地址修改为国内地址
[root@node02 ~]# cat /var/lib/jenkins/hudson.model.UpdateCenter.xml
<?xml version='1.1' encoding='UTF-8'?>
<sites>
  <site>
    <id>default</id>
    <url>http://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json</url>
  </site>
</sites>
​
[root@node02 ~]# systemctl restart jenkins

6、访问jenkins

http://192.168.252.145:8080

7、修改default.json文件,将国内的地址修改为国内插件地址

[root@master ~]# sed -i 's/https:\/\/updates.jenkins.io\/download/http:\/\/mirrors.tuna.tsinghua.edu.cn\/jenkins/g' /var/lib/jenkins/updates/default.json && sed -i 's/http:\/\/www.google.com/https:\/\/www.baidu.com/g' /var/lib/jenkins/updates/default.json
​
[root@master ~]# systemctl restart jenkins

8、配置jenkins

下载gitlab插件

生成jenkins需要的令牌

配置系统配置

配置任务中的git源码地址

编写shell脚本(jenkins作为普通用户是无法执行docker套接字,所以需要给docker套接字加其他用户权限,其他的同理,我这里jenkins和master装在一起,否则安装kubectl)

脚本内容解释(如果上次构建成功的哈希值等于这次构建的哈希值就退出,否则登录镜像仓库,构建镜像,推送镜像到仓库,执行镜像更新的命令,这里要开启kubectl代理,-s指定代理ip和端口)

kubectl proxy --port=8888 & #启动代理
#!/bin/bash
if [ $GIT_PREVIOUS_SUCCESSFUL_COMMIT == $GIT_COMMIT ] ;then
    echo "no change,skip build"
    exit 0
else
    docker login harbor.linux.com -u admin-p Harbor12345
    docker build -t harbor.linux.com/xiaoniao/xiaoniao:v$BUILD_ID .
    docker push harbor.linux.com/xiaoniao/xiaoniao:v$BUILD_ID
    kubectl -s http://localhost:8888 set image deployment nginx nginx=harbor.linux.com/xiaoniao/xiaoniao:v$BUILD_ID
fi

创建新的任务,编写回滚的命令

暂无评论

发送评论 编辑评论 


				

			

						

				

					

						

							

								
							

							
						

					

				

				

					

						

							

								
							

							
						

					

				

				

					

						

							

								
							

							
							
													

					

				

			

			
			

				

					
				

			

				

											

							
							
						

																				
					
											
						

	

		
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
	

	

		
颜文字
Emoji
小恐龙
花!
	


									

			

			
			
		

	






上一篇
下一篇