DevOps
Damoncai 10/21/2022 k8s,运维
# 第一章 KubeSphere DevOps 系统
基于 Jenkins (opens new window) 的 KubeSphere DevOps 系统是专为 Kubernetes 中的 CI/CD 工作流设计的,它提供了一站式的解决方案,帮助开发和运维团队用非常简单的方式构建、测试和发布应用到 Kubernetes。它还具有插件管理、Binary-to-Image (B2I) (opens new window)、Source-to-Image (S2I) (opens new window)、代码依赖缓存、代码质量分析、流水线日志等功能。
DevOps 系统为用户提供了一个自动化的环境,应用可以自动发布到同一个平台。它还兼容第三方私有镜像仓库(如 Harbor)和代码库(如 GitLab/GitHub/SVN/BitBucket)。它为用户提供了全面的、可视化的 CI/CD 流水线,打造了极佳的用户体验,而且这种兼容性强的流水线能力在离线环境中非常有用。
# 第二章 启动DevOps
在 自定义资源中查询 ClusterConfiguration
DevOps 配置置为true
更新配置等待一伙
kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f
1
通过以上命令可以查看安装进度
# 第三章 创建DevOps
这里需要注意的是,如果是后开启DevOps功能,需要注意的事情,之前存在的用户创建DevOps工程会出现异常状态
https://github.com/kubesphere/ks-devops/issues/109
创建DevOps工程,并添加用户
创建流水线模板
# 第四章 Jenkins可视化
# 4.1 拉取代码
输入名称
在任务中添加步骤
选择指定容器
base(不同容器中安装的工具软件也不一样)添加嵌套步骤,选择git拉取代码
填写Url和凭证
添加步骤 选择 shell 执行 ls打印输出信息
# 4.2 编译项目
由于Java项目采用maven打包编译,为了提高效率需要配置一下阿里云的镜像地址
登录 admin账号
修改配置 配置中心 - 配置 - ks-devops-agent文件
选择修改配置
修改流水线配置
保存并运行
# 4.3 构建镜像 hospital-manage 为例
打包命令
docker build -t hospital-manage:v1.0 -f hospital-manage/Dockerfile hospital-manage/
1
# 4.4 构建其余镜像
添加并行阶段修改相关信息
# 4.5 推送镜像 hospital-manage 为例
添加阿里云仓库凭证
点击添加嵌套步骤 - 添加凭证 - 设置用户名和密码别名
需要在添加凭证下面添加嵌套步骤 不然不能通过
将jenkinsfile复制出来修改
初始时这样的
编写完
stage('推送镜像') { agent none steps { container('maven') { withCredentials([usernamePassword(credentialsId : 'ailiyun-hub' ,passwordVariable : 'RP_PWD' ,usernameVariable : 'RP_USERNAME' ,)]) { // 登录 sh 'echo "$RP_PWD" | docker login $REGISTRY -u "$RP_USERNAME" --password-stdin' // 打标签 sh 'docker tag hospital-manage:v1.0 $REGISTRY/$DOCKERHUB_NAMESPACE/hospital-manage:SNAPSHOT-$BRANCH_NAME-$BUILD_NUMBER' // 推送 sh 'docker push $REGISTRY/$DOCKERHUB_NAMESPACE/hospital-manage:SNAPSHOT-$BRANCH_NAME-$BUILD_NUMBER' } } } }1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# 4.6 推送其余镜像
添加并行阶段,修改相关参数即可
# 4.7 部署
在工程中添加yml部署文件
deploy.ymlapiVersion: apps/v1 kind: Deployment metadata: labels: app: hospital-manage name: hospital-manage namespace: his #一定要写名称空间 spec: progressDeadlineSeconds: 600 replicas: 1 selector: matchLabels: app: hospital-manage strategy: rollingUpdate: maxSurge: 50% maxUnavailable: 50% type: RollingUpdate template: metadata: labels: app: hospital-manage spec: imagePullSecrets: - name: aliyun-docker-hub #提前在项目下配置访问阿里云的账号密码 containers: - image: $REGISTRY/$ALIYUNHUB_NAMESPACE/hospital-manage:SNAPSHOT-$BUILD_NUMBER # readinessProbe: # httpGet: # path: /actuator/health # port: 8080 # timeoutSeconds: 10 # failureThreshold: 30 # periodSeconds: 5 imagePullPolicy: Always name: app ports: - containerPort: 8080 protocol: TCP resources: limits: cpu: 300m memory: 600Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst restartPolicy: Always terminationGracePeriodSeconds: 30 --- apiVersion: v1 kind: Service metadata: labels: app: hospital-manage name: hospital-manage namespace: his spec: ports: - name: http port: 8080 protocol: TCP targetPort: 8080 selector: app: hospital-manage sessionAffinity: None type: ClusterIP1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66imagePullSecrets:指定拉取镜像密钥凭证后面会配置
设置阿里云镜像拉取凭证 - 在部署工程中进行配置
创建凭证
名称填写为
"$KUBECONFIG_CREDENTIAL_ID",这样可以动态取值配置部署文件路径
部署
配置文件预览
pipeline { agent { node { label 'maven' } } stages { stage('拉取代码') { agent none steps { container('base') { git(url: 'https://gitee.com/damoncai/yygh-parent.git', credentialsId: 'gitee-cai', changelog: true, poll: false) } sh 'ls' } } stage('编译') { agent none steps { container('maven') { sh 'mvn clean package' } } } stage('构建镜像-hospital-manage') { agent none steps { container('maven') { sh 'docker build -t hospital-manage:v1.0 -f hospital-manage/Dockerfile hospital-manage/' } } } stage('推送镜像') { agent none steps { container('maven') { withCredentials([usernamePassword(credentialsId : 'ailiyun-hub' ,passwordVariable : 'RP_PWD' ,usernameVariable : 'RP_USERNAME' ,)]) { sh 'echo "$RP_PWD" | docker login $REGISTRY -u "$RP_USERNAME" --password-stdin' sh 'docker tag hospital-manage:v1.0 $REGISTRY/$DOCKERHUB_NAMESPACE/hospital-manage:SNAPSHOT-$BUILD_NUMBER' sh 'docker push $REGISTRY/$DOCKERHUB_NAMESPACE/hospital-manage:SNAPSHOT-$BUILD_NUMBER' } } } } stage('deploy to dev') { agent none steps { kubernetesDeploy(configs: 'hospital-manage/deploy/**', enableConfigSubstitution: true, kubeconfigId: "$KUBECONFIG_CREDENTIAL_ID") } } stage('deploy to production') { steps { kubernetesDeploy(configs: 'deploy/prod-ol/**', enableConfigSubstitution: true, kubeconfigId: "$KUBECONFIG_CREDENTIAL_ID") } } } environment { DOCKER_CREDENTIAL_ID = 'dockerhub-id' GITHUB_CREDENTIAL_ID = 'github-id' KUBECONFIG_CREDENTIAL_ID = 'demo-kubeconfig' REGISTRY = 'registry.cn-hangzhou.aliyuncs.com' DOCKERHUB_NAMESPACE = 'ximen' GITHUB_ACCOUNT = 'kubesphere' APP_NAME = 'devops-java-sample' ALIYUNHUB_NAMESPACE = 'ximen' } parameters { string(name: 'TAG_NAME', defaultValue: '', description: '') } }1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# 4.8 前端部署
在工程下创建Jenkinsfile文件
pipeline {
agent {
node {
label 'nodejs'
}
}
stages {
stage('拉取代码') {
agent none
steps {
container('nodejs') {
git(url: 'https://gitee.com/leifengyang/yygh-admin.git', credentialsId: 'gitee-id', branch: 'master', changelog: true, poll: false)
sh 'ls -al'
}
}
}
stage('项目编译') {
agent none
steps {
container('nodejs') {
sh 'npm i node-sass --sass_binary_site=https://npm.taobao.org/mirrors/node-sass/'
sh 'npm install --registry=https://registry.npm.taobao.org'
sh 'npm run build'
sh 'ls'
}
}
}
stage('构建镜像') {
agent none
steps {
container('nodejs') {
sh 'ls'
sh 'docker build -t yygh-admin:latest -f Dockerfile .'
}
}
}
stage('推送镜像') {
agent none
steps {
container('nodejs') {
withCredentials([usernamePassword(credentialsId : 'aliyun-docker-registry' ,usernameVariable : 'DOCKER_USER_VAR' ,passwordVariable : 'DOCKER_PWD_VAR' ,)]) {
sh 'echo "$DOCKER_PWD_VAR" | docker login $REGISTRY -u "$DOCKER_USER_VAR" --password-stdin'
sh 'docker tag yygh-admin:latest $REGISTRY/$DOCKERHUB_NAMESPACE/yygh-admin:SNAPSHOT-$BUILD_NUMBER'
sh 'docker push $REGISTRY/$DOCKERHUB_NAMESPACE/yygh-admin:SNAPSHOT-$BUILD_NUMBER'
}
}
}
}
stage('部署到dev环境') {
agent none
steps {
kubernetesDeploy(configs: 'deploy/**', enableConfigSubstitution: true, kubeconfigId: "$KUBECONFIG_CREDENTIAL_ID")
}
}
//1、配置全系统的邮件: 全系统的监控
//2、修改ks-jenkins的配置,里面的邮件; 流水线发邮件
stage('发送确认邮件') {
agent none
steps {
mail(to: '17512080612@163.com', subject: 'yygh-admin构建结果', body: "构建成功了 $BUILD_NUMBER")
}
}
}
environment {
DOCKER_CREDENTIAL_ID = 'dockerhub-id'
GITHUB_CREDENTIAL_ID = 'github-id'
KUBECONFIG_CREDENTIAL_ID = 'demo-kubeconfig'
REGISTRY = 'registry.cn-hangzhou.aliyuncs.com'
DOCKERHUB_NAMESPACE = 'lfy_hello'
GITHUB_ACCOUNT = 'kubesphere'
APP_NAME = 'devops-java-sample'
ALIYUNHUB_NAMESPACE = 'lfy_hello'
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
创建部署文件deploy.yml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: hospital-manage
name: hospital-manage
namespace: his #一定要写名称空间
spec:
progressDeadlineSeconds: 600
replicas: 1
selector:
matchLabels:
app: hospital-manage
strategy:
rollingUpdate:
maxSurge: 50%
maxUnavailable: 50%
type: RollingUpdate
template:
metadata:
labels:
app: hospital-manage
spec:
imagePullSecrets:
- name: aliyun-docker-hub #提前在项目下配置访问阿里云的账号密码
containers:
- image: $REGISTRY/$ALIYUNHUB_NAMESPACE/hospital-manage:SNAPSHOT-$BUILD_NUMBER
# readinessProbe:
# httpGet:
# path: /actuator/health
# port: 8080
# timeoutSeconds: 10
# failureThreshold: 30
# periodSeconds: 5
imagePullPolicy: Always
name: app
ports:
- containerPort: 8080
protocol: TCP
resources:
limits:
cpu: 300m
memory: 600Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
terminationGracePeriodSeconds: 30
---
apiVersion: v1
kind: Service
metadata:
labels:
app: hospital-manage
name: hospital-manage
namespace: his
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: hospital-manage
sessionAffinity: None
type: ClusterIP
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
创建流水线任务
这里提供另外一种部署方式
在工程下创建Jenkisfile文件,部署后会执行该文件配置
# 第五章 Webhook
按照上面前端部署创建流水线时会生成webhook接口地址
创建webhook,添加相关接口
