1. 程式人生 > >[k8s] jenkins配合kubernetes外掛實現k8s叢集構建的持續整合

[k8s] jenkins配合kubernetes外掛實現k8s叢集構建的持續整合

程式設計師將程式碼提交到程式碼倉庫gitlab
- 鉤子觸發jenkins master啟動一次構建
- jenkins master從k8s申請一個jenkins slave編譯容器
- 在容器內編譯完成以後,獲得最終產物
- 將最終產物通過dockerfile生成生產部署映象(這裡省略了測試,其實部署映象需要測試通過)
- 將生產映象推送到harbor映象倉庫
- jenkins slave生命週期結束,k8s銷燬slave容器
- 一次構建完成

k8s持續整合的一個思路:

這裡要說的是部署部分

注: 這只是一個持續整合思想.本篇按照這個思想來搞,在我的環境裡我為了速度快當然還有別的因素我用這種方案,用的很6.
其他思路:

  • 可以將code+image打在一起做升級
  • 可以rbac+環境+ns+supervisor 每個開發一個環境這樣搞
    後面我抽空一一實現下.

這篇文章思路:

手動構建war包(整合測試)-->本地tomcat測試通過(功能測試)-->k8s容器化tomcat(pv+deploy+svc+ingress)-->將war包拖入k8s的tomcat測試.

jenkins jnlp映象構建(mvn+git+kubectl)-> jnlp映象測試,確保可被server動態排程-->配置war包的pipeline測試.

注: 本篇jenkins server部署在vm上,非docker部署,jenkins-jnlp-slave是容器化自動建立的.
其他內容參考: 容器ci索引: 

http://www.cnblogs.com/iiiiher/p/8026689.html

構建jnlp映象的dockerfile

  • 準備dockerfile所需檔案
git clone https://github.com/jenkinsci/docker-jnlp-slave.git
cd docker-jnlp-slave

$ ls
Dockerfile  jenkins-slave  kubectl  README.md

構建mvn3.5.2+git+kubectl的映象

基於jenkinsci/slave:alpine的基礎映象
參考: https://github.com/jenkinsci/docker-slave/blob/master/Dockerfile


https://github.com/jenkinsci/docker-jnlp-slave/blob/master/Dockerfile
https://hub.docker.com/r/jenkinsci/slave/tags/

alpine-git安裝參考:
https://hub.docker.com/r/alpine/git/~/dockerfile/

$ cat Dockerfile 
FROM jenkinsci/slave:alpine

USER root
RUN apk add --no-cache curl tar bash

## Install Maven
ARG MAVEN_VERSION=3.5.2
ARG USER_HOME_DIR="/root"
ARG SHA=707b1f6e390a65bde4af4cdaf2a24d45fc19a6ded00fff02e91626e3e42ceaff
ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries

RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
  && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
  && echo "${SHA}  /tmp/apache-maven.tar.gz" | sha256sum -c - \
  && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \
  && rm -f /tmp/apache-maven.tar.gz \
  && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn \
  && apk --update add git openssh \
  && rm -rf /var/lib/apt/lists/* \
  && rm /var/cache/apk/* \
  && mkdir /src /target \
  && chown jenkins.jenkins /src /target

ENV MAVEN_HOME /usr/share/maven
ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"

# install kubectl
COPY kubectl /usr/local/bin/kubectl

## install jenkins-slave
COPY jenkins-slave /usr/local/bin/jenkins-slave
USER jenkins
WORKDIR /home/jenkins
ENTRYPOINT ["jenkins-slave"]

映象已可以從dockerhub下載:

docker pull lanny/mvn-git-kubectl-jnlp:3.5.2

測試jnlp映象

主要看他能否用jenkins-server動態呼叫跑起來
當然首先安裝jenkins kubernetes外掛,新建一朵雲:
參考: http://www.cnblogs.com/iiiiher/p/7979336.html

配置專案: 選擇pipeline script

podTemplate(name: 'maotai-dev', cloud: 'kubernetes',
  namespace: 'kube-public', label: 'maotai-dev',
  serviceAccount: 'default', containers: [
  containerTemplate(
      name: 'jnlp',
      image: 'lanny/mvn-git-kubectl-jnlp:3.5.2',
      args: '${computer.jnlpmac} ${computer.name}',
      ttyEnabled: true,
      privileged: false,
      alwaysPullImage: false)
  ],
) {

  node('maotai-dev') {
    stage('git-clone') {
      container('jnlp') {
          sh """
          date +%F;
          sleep 30;
          """
      }
    }
  }
}

點選構建-->顯示構建成功

構建成功後jnlp映象隨著構建結束自動刪除.

tomcat java-helloworld專案

kubernetes外掛的pipeline使用:
參考:
https://github.com/jenkinsci/kubernetes-plugin
https://help.aliyun.com/document_detail/56336.html?spm=5176.doc56336.6.851.wAqCzu

javahelloworld程式碼: https://github.com/lannyMa/trucks ,構建可形成helloworld的war包.可以部署在tomcat用於測試.

jenkins專案配置: 新建專案 test-pipeline

podTemplate(name: 'maotai-dev', cloud: 'kubernetes',
  namespace: 'kube-public', label: 'maotai-dev',
  serviceAccount: 'default', containers: [
  containerTemplate(
      name: 'jnlp',
      image: 'lanny/mvn-git-kubectl-jnlp:3.5.2',
      args: '${computer.jnlpmac} ${computer.name}',
      ttyEnabled: true,
      privileged: false,
      alwaysPullImage: false)
  ],
  volumes: [
    persistentVolumeClaim(mountPath: '/tmp/', claimName: 'spring-pvc')
  ]) {
  node('maotai-dev') {
    stage('git-clone') {
      container('jnlp') {
          sh """
          git clone https://github.com/lannyMa/trucks.git
          """
      }
    }

    stage('mvn-package') {
      container('jnlp') {
          sh """
          cd trucks && mvn clean package && cp -rpf target/*.war /tmp/
          """
      }
    }

    stage('restart') {
      container('jnlp') {
          sh """
          pod_name=`kubectl -s 192.168.x.x:8080 -n kube-public get pods -l name=maotai-dev -o name | cut -d"/" -f2`
          kubectl -s kube-apiserver-http.kube-public -n kube-public delete pod \$pod_name
          """
      }
    }
  }
}

配置tomcat專案

tomcat-pvc.yaml #前提是配置好stroragecalss: 參考: http://www.cnblogs.com/iiiiher/p/7988803.html

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: spring-pvc
  namespace: kube-public
spec:
  storageClassName: "managed-nfs-storage"
  accessModes:
    - ReadOnlyMany
  resources:
    requests:
      storage: 100Mi

tomcat-deploy.yaml

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: spring
  namespace: kube-public
spec:
  replicas: 1
  template:
    metadata:
      labels:
        name: spring
        name: maotai-dev  #這裡標籤設定需注意,因為jenkins配置kubectl的stage時需要根據標籤過濾重啟它: kubectl -s 192.168.x.x:8080 -n kube-public get pods -l name=spring -o name | cut -d"/" -f2
    spec:
      containers:
      - name: spring
        image: tomcat:latest
        imagePullPolicy: IfNotPresent
        ports:
        - name: web
          containerPort: 8080
        volumeMounts:
        - mountPath: /usr/local/tomcat/webapps
          name: spring-folder
      volumes:
      - name: spring-folder
        persistentVolumeClaim:
          claimName: spring-pvc

執行成功:

k8s叢集容器化tomcat專案

  • 容器化tomcat專案: 配置k8s叢集的tomcat 包含了 pvc+deploy+svc+ingress
  • 做法:
    • 先手動編譯專案,本次tomcat測試通過
    • 整合到k8s叢集的tomcat,測試,確保專案可以正常執行

tomcat-svc.yaml

apiVersion: v1
kind: Service
metadata:
  name: spring
  namespace: kube-public
  labels:
    name: spring
spec:
  ports:
    - name: web
      port: 8080
      targetPort: web
  selector:
    name: spring

tomcat-ingress.yaml #前提是已配置好了ingress,nginx-ingress配置參考:http://www.cnblogs.com/iiiiher/p/8006801.html

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: spring
  namespace: kube-public
spec:
  rules:
  - host: spring.maotai.net
    http:
      paths:
      - path: /
        backend:
          serviceName: spring
          servicePort: web

建立好後確保能夠訪問:

接下來需要手動編譯,確保專案通過整合測試(可成功編譯),功能測試(部署tomcat後可訪問)

專案程式碼: https://github.com/lannyMa/trucks.git
mvn配置改源等參考: https://github.com/lannyMa/java-helloword.git

確保沒問題後將war包放到上一步建立的pv裡.我的是nfs,直接到nfs-server上把war包託上去,然後重啟tomcat,測試效果.