另一个结合harbor自动构建镜像的思路: 即code+baseimage一体的方案
- 程序员将代码提交到代码仓库gitlab
- 钩子触发jenkins master启动一次构建
- jenkins master从k8s申请一个jenkins slave编译容器
- 在容器内编译完成以后,获得最终产物
- 将最终产物通过dockerfile生成生产部署镜像(这里省略了测试,其实部署镜像需要测试通过)
- 将生产镜像推送到harbor镜像仓库
- jenkins slave生命周期结束,k8s销毁slave容器
- 一次构建完成
k8s持续集成的一个思路:
这里要说的是部署部分
注: 这只是一个持续集成思想.本篇按照这个思想来搞,在我的环境里我为了速度快当然还有别的因素我用这种方案,用的很6.
其他思路:
- 可以将code+image打在一起做升级
- 可以rbac+环境+ns+supervisor 每个开发一个环境这样搞
后面我抽空一一实现下.
这篇文章思路:
手动构建war包(集成测试)-->本地tomcat测试通过(功能测试)-->k8s容器化tomcat(pv+deploy+svc+ingress)-->将war包拖入k8s的tomcat测试.
jenkins jnlp镜像构建(mvn+git+kubectl)-> jnlp镜像测试,确保可被server动态调度-->配置war包的pipeline测试.
注: 本篇jenkins server部署在vm上,非docker部署,jenkins-jnlp-slave是容器化自动创建的.
其他内容参考: 容器ci索引: http://www.cnblogs.com/iiiiher/p/8026689.html
构建jnlp镜像的dockerfile
- 准备dockerfile所需文件
git clone https://github.com/jenkinsci/docker-jnlp-slave.git
cd docker-jnlp-slave
$ ls
Dockerfile jenkins-slave kubectl README.md
构建mvn3.5.2+git+kubectl的镜像
基于jenkinsci/slave:alpine的基础镜像
参考: https://github.com/jenkinsci/docker-slave/blob/master/Dockerfile
https://github.com/jenkinsci/docker-jnlp-slave/blob/master/Dockerfile
https://hub.docker.com/r/jenkinsci/slave/tags/
alpine-git安装参考:
https://hub.docker.com/r/alpine/git/~/dockerfile/
$ cat Dockerfile
FROM jenkinsci/slave:alpine
USER root
RUN apk add --no-cache curl tar bash
## Install Maven
ARG MAVEN_VERSION=3.5.2
ARG USER_HOME_DIR="/root"
ARG SHA=707b1f6e390a65bde4af4cdaf2a24d45fc19a6ded00fff02e91626e3e42ceaff
ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
RUN mkdir -p /usr/share/maven /usr/share/maven/ref
&& curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz
&& echo "${SHA} /tmp/apache-maven.tar.gz" | sha256sum -c -
&& tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1
&& rm -f /tmp/apache-maven.tar.gz
&& ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
&& apk --update add git openssh
&& rm -rf /var/lib/apt/lists/*
&& rm /var/cache/apk/*
&& mkdir /src /target
&& chown jenkins.jenkins /src /target
ENV MAVEN_HOME /usr/share/maven
ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"
# install kubectl
COPY kubectl /usr/local/bin/kubectl
## install jenkins-slave
COPY jenkins-slave /usr/local/bin/jenkins-slave
USER jenkins
WORKDIR /home/jenkins
ENTRYPOINT ["jenkins-slave"]
镜像已可以从dockerhub下载:
docker pull lanny/mvn-git-kubectl-jnlp:3.5.2
测试jnlp镜像
主要看他能否用jenkins-server动态调用跑起来
当然首先安装jenkins kubernetes插件,新建一朵云:
参考: http://www.cnblogs.com/iiiiher/p/7979336.html
配置项目: 选择pipeline script
podTemplate(name: 'maotai-dev', cloud: 'kubernetes',
namespace: 'kube-public', label: 'maotai-dev',
serviceAccount: 'default', containers: [
containerTemplate(
name: 'jnlp',
image: 'lanny/mvn-git-kubectl-jnlp:3.5.2',
args: '${computer.jnlpmac} ${computer.name}',
ttyEnabled: true,
privileged: false,
alwaysPullImage: false)
],
) {
node('maotai-dev') {
stage('git-clone') {
container('jnlp') {
sh """
date +%F;
sleep 30;
"""
}
}
}
}
点击构建-->显示构建成功
构建成功后jnlp镜像随着构建结束自动删除.
tomcat java-helloworld项目
kubernetes插件的pipeline使用:
参考:
https://github.com/jenkinsci/kubernetes-plugin
https://help.aliyun.com/document_detail/56336.html?spm=5176.doc56336.6.851.wAqCzu
javahelloworld代码: https://github.com/lannyMa/trucks ,构建可形成helloworld的war包.可以部署在tomcat用于测试.
jenkins项目配置: 新建项目 test-pipeline
podTemplate(name: 'maotai-dev', cloud: 'kubernetes',
namespace: 'kube-public', label: 'maotai-dev',
serviceAccount: 'default', containers: [
containerTemplate(
name: 'jnlp',
image: 'lanny/mvn-git-kubectl-jnlp:3.5.2',
args: '${computer.jnlpmac} ${computer.name}',
ttyEnabled: true,
privileged: false,
alwaysPullImage: false)
],
volumes: [
persistentVolumeClaim(mountPath: '/tmp/', claimName: 'spring-pvc')
]) {
node('maotai-dev') {
stage('git-clone') {
container('jnlp') {
sh """
git clone https://github.com/lannyMa/trucks.git
"""
}
}
stage('mvn-package') {
container('jnlp') {
sh """
cd trucks && mvn clean package && cp -rpf target/*.war /tmp/
"""
}
}
stage('restart') {
container('jnlp') {
sh """
pod_name=`kubectl -s 192.168.x.x:8080 -n kube-public get pods -l name=maotai-dev -o name | cut -d"/" -f2`
kubectl -s kube-apiserver-http.kube-public -n kube-public delete pod $pod_name
"""
}
}
}
}
配置tomcat项目
tomcat-pvc.yaml #前提是配置好stroragecalss: 参考: http://www.cnblogs.com/iiiiher/p/7988803.html
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: spring-pvc
namespace: kube-public
spec:
storageClassName: "managed-nfs-storage"
accessModes:
- ReadOnlyMany
resources:
requests:
storage: 100Mi
tomcat-deploy.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: spring
namespace: kube-public
spec:
replicas: 1
template:
metadata:
labels:
name: spring
name: maotai-dev #这里标签设置需注意,因为jenkins配置kubectl的stage时需要根据标签过滤重启它: kubectl -s 192.168.x.x:8080 -n kube-public get pods -l name=spring -o name | cut -d"/" -f2
spec:
containers:
- name: spring
image: tomcat:latest
imagePullPolicy: IfNotPresent
ports:
- name: web
containerPort: 8080
volumeMounts:
- mountPath: /usr/local/tomcat/webapps
name: spring-folder
volumes:
- name: spring-folder
persistentVolumeClaim:
claimName: spring-pvc
执行成功:
k8s集群容器化tomcat项目
- 容器化tomcat项目: 配置k8s集群的tomcat 包含了 pvc+deploy+svc+ingress
- 做法:
- 先手动编译项目,本次tomcat测试通过
- 集成到k8s集群的tomcat,测试,确保项目可以正常运行
tomcat-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: spring
namespace: kube-public
labels:
name: spring
spec:
ports:
- name: web
port: 8080
targetPort: web
selector:
name: spring
tomcat-ingress.yaml #前提是已配置好了ingress,nginx-ingress配置参考:http://www.cnblogs.com/iiiiher/p/8006801.html
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: spring
namespace: kube-public
spec:
rules:
- host: spring.maotai.net
http:
paths:
- path: /
backend:
serviceName: spring
servicePort: web
创建好后确保能够访问:
接下来需要手动编译,确保项目通过集成测试(可成功编译),功能测试(部署tomcat后可访问)
项目代码: https://github.com/lannyMa/trucks.git
mvn配置改源等参考: https://github.com/lannyMa/java-helloword.git
确保没问题后将war包放到上一步创建的pv里.我的是nfs,直接到nfs-server上把war包托上去,然后重启tomcat,测试效果.