kubernetes环境devops流水线
# 部署jenkins
# Dockerfile文件展示
FROM docker.cnb.cool/zzppjj/docker-images/jenkins:jdk17
ADD ./apache-maven-3.9.0-bin.tar.gz /usr/local/
ADD ./sonar-scanner-cli-4.8.0.2856-linux.zip /usr/local/
USER root
WORKDIR /usr/local/
RUN unzip sonar-scanner-cli-4.8.0.2856-linux.zip
RUN mv sonar-scanner-4.8.0.2856-linux sonar-scanner-cli
RUN ln -s /usr/local/sonar-scanner-cli/bin/sonar-scanner /usr/bin/sonar-scanner
ENV MAVEN_HOME=/usr/local/apache-maven-3.9.0
ENV PATH=$JAVA_HOME/bin:$MAVEN_HOME/bin:$PATH
RUN echo "jenkins ALL=NOPASSWD: ALL" >> /etc/sudoers
USER jenkins
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# 执行打包镜像
docker build -t docker.cnb.cool/zzppjj/docker-images/jenkins:v1 .
1
# 准备部署
docker compose文件
version: '3'
services:
jenkins:
image: docker.cnb.cool/zzppjj/docker-images/jenkins:v1
container_name: jenkins
restart: always
ports:
- '8000:8080'
- '50000:50000'
environment:
JAVA_OPTS: -Duser.timezone=Asia/Shanghai
volumes:
- ./jenkins_home:/var/jenkins_home
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker
- /usr/bin/kubectl:/usr/bin/kubectl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
执行部署
docker compose up -d
1
# jenkins 配置kubeconfig
打开config文件
cat /root/.kube/config
1
证书配置
echo certificate-authority-data | base64 -d > ca.crt
echo client-certificate-data | base64 -d > client.crt
echo client-key-data | base64 -d > client.key
1
2
3
2
3
根据这三个文件生成一个PKCS12格式的客户端证书文件
openssl pkcs12 -export -out cert.pfx -inkey client.key -in client.crt -certfile ca.crt
1
注意生成证书的时候,一定要填写密码,后面会用到
将生成的 cert.pfx 上传到凭证
配置kubeconfig
安装插件Config File Provider Plugin
系统管理点击Managed files-Custom-file
pipeline使用例子
stage('Deploy') {
steps {
script{
configFileProvider([configFile(fileId: '22bdbd6d-14f4-49c1-a924-5c844073ea69',
targetLocation: "admin.kubeconfig")]){
sh """
sed -i 's#IMAGE_NAME#${image_name}#' deployment.yaml
sed -i 's#REPLICAS#${ReplicaCount}#' deployment.yaml
kubectl apply -f deployment.yaml -n ${Namespace} --kubeconfig=admin.kubeconfig
"""
}
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
2
3
4
5
6
7
8
9
10
11
12
13
# 部署go程序的jenkinsfile示例
pipeline {
agent {
label 'devops'
}
environment {
REGISTRY = 'docker.cnb.cool'
GIT_REPO_URL = '192.168.51.37:9080'
DOCKERHUB_NAMESPACE = 'zzppjj/docker-images'
APP_NAME = 'go-admin'
}
parameters {
string(name: 'BRANCH_NAME', defaultValue: 'main', description: '请选择要发布的分支')
string(name: 'TAG_NAME', defaultValue: 'latest', description: '标签名称,必须以 v 开头,例如:v1、v1.0.0')
}
stages {
stage('clone code') {
steps {
git branch: 'main', credentialsId: 'git-user-pass', url: 'http://192.168.51.37:9080/root/xirang.git'
}
}
stage('build & push') {
steps {
sh 'docker build -f Dockerfile -t $REGISTRY/$DOCKERHUB_NAMESPACE/$APP_NAME:$TAG_NAME .'
withCredentials([usernamePassword(credentialsId : 'cnb-user-pass' ,passwordVariable : 'DOCKER_PASSWORD' ,usernameVariable : 'DOCKER_USERNAME' ,)]) {
sh '''echo "$DOCKER_PASSWORD" | docker login $REGISTRY -u "$DOCKER_USERNAME" --password-stdin
docker push $REGISTRY/$DOCKERHUB_NAMESPACE/$APP_NAME:$TAG_NAME'''
}
}
}
stage('deploy to dev') {
steps {
script{
configFileProvider([configFile(fileId: '2e4e564d-6b63-4edd-9bea-1dbfc15d95a4',
targetLocation: "admin.kubeconfig")]){
sh """
sed -i\'\' "s#REGISTRY#$REGISTRY#" deploy/deployment.yaml
sed -i\'\' "s#DOCKERHUB_NAMESPACE#$DOCKERHUB_NAMESPACE#" deploy/deployment.yaml
sed -i\'\' "s#APP_NAME#$APP_NAME#" deploy/deployment.yaml
sed -i\'\' "s#BUILD_NUMBER#$TAG_NAME#" deploy/deployment.yaml
kubectl apply -f deploy/deployment.yaml --kubeconfig=admin.kubeconfig
"""
}
}
}
}
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
上次更新: 2025/03/02, 18:52:31
|