容器PaaS平台集成

本章我们主要讲述Jenkins与需求管理平台Jira集成。这篇文章是我根据我们当前团队的情况进行定制的,可能有些内容与大家不太一样。重点是告诉大家如何实现集成?关于细节问题可自由定制。 在这里要告诉大家的是思路。

目录

当前我做实验的集群是 v1.17.0。

部署jenkins

下载github仓库中的yml文件进行部署 文件地址: https://github.com/zeyangli/devops-on-k8s/blob/master/jenkins.yml 创建命令: kubectl create –f jenkins.yml

创建一个Deployment部署jenkins, 保留1个副本。 使用镜像jenkins/jenkins:2.211,开放端口30080,开发slave通信端口30081。volume以hostPath方式挂载到了容器中JENKINS_HOME

  1. kind: Deployment
  2. apiVersion: apps/v1
  3. metadata:
  4.   labels:
  5.     k8s-app: jenkins
  6.   name: jenkins
  7.   namespace: devops
  8. spec:
  9.   replicas: 1
  10.   revisionHistoryLimit: 10
  11.   selector:
  12.     matchLabels:
  13.       k8s-app: jenkins
  14.   template:
  15.     metadata:
  16.       labels:
  17.         k8s-app: jenkins
  18.       namespace: devops
  19.       name: jenkins
  20.     spec:
  21.       hostAliases:
  22.       - ip: "192.168.1.200"
  23.         hostnames:
  24.           - "updates.jenkins-ci.org"
  25.       containers:
  26.         - name: jenkins
  27.           image: jenkins/jenkins:2.211
  28.           imagePullPolicy: Always
  29.           ports:
  30.             - containerPort: 30080
  31.               name: web
  32.               protocol: TCP
  33.             - containerPort: 30081
  34.               name: agent
  35.               protocol: TCP
  36.           resources:
  37.             limits:
  38.               cpu: 1000m
  39.               memory: 2Gi
  40.             requests:
  41.               cpu: 500m
  42.               memory: 512Mi
  43.           livenessProbe:
  44.             httpGet:
  45.               path: /login
  46.               port: 30080
  47.             initialDelaySeconds: 60
  48.             timeoutSeconds: 5
  49.             failureThreshold: 12
  50.           readinessProbe:
  51.             httpGet:
  52.               path: /login
  53.               port: 30080
  54.             initialDelaySeconds: 60
  55.             timeoutSeconds: 5
  56.             failureThreshold: 12
  57.           volumeMounts:
  58.             - name: jenkins-home
  59.               mountPath: /var/lib/jenkins
  60.           env:
  61.             - name: JENKINS_HOME
  62.               value: /var/lib/jenkins
  63.             - name: JENKINS_OPTS 
  64.               value: --httpPort=30080
  65.             - name: JENKINS_SLAVE_AGENT_PORT
  66.               value: "30081"
  67.       volumes:
  68.         - name: jenkins-home
  69.           hostPath: 
  70.             path: /data/devops/jenkins
  71.             type: Directory
  72.       serviceAccountName: jenkins

创建一个service,使用nodePort方式暴露端口

  1. ---
  2. kind: Service
  3. apiVersion: v1
  4. metadata:
  5.   labels:
  6.     k8s-app: jenkins
  7.   name: jenkins
  8.   namespace: devops
  9. spec:
  10.   type: NodePort
  11.   ports:
  12.     - name: web
  13.       port: 30080
  14.       targetPort: 30080
  15.       nodePort: 30080
  16.     - name: slave
  17.       port: 30081
  18.       targetPort: 30081
  19.       nodePort: 30081
  20.   selector:
  21.     k8s-app: jenkins

创建RBAC,授权。

  1. ---
  2. apiVersion: v1
  3. kind: ServiceAccount
  4. metadata:
  5.   labels:
  6.     k8s-app: jenkins
  7.   name: jenkins
  8.   namespace: devops
  10. ---
  11. kind: Role
  12. apiVersion: rbac.authorization.k8s.io/v1beta1
  13. metadata:
  14.  name: jenkins
  15.  namespace: devops
  16. rules:
  17.  - apiGroups: [""]
  18.    resources: ["pods","configmaps","namespaces"]
  19.    verbs: ["create","delete","get","list","patch","update","watch"]
  20.  - apiGroups: [""]
  21.    resources: ["pods/exec"]
  22.    verbs: ["create","delete","get","list","patch","update","watch"]
  23.  - apiGroups: [""]
  24.    resources: ["pods/log"]
  25.    verbs: ["get","list","watch"]
  26.  - apiGroups: [""]
  27.    resources: ["secrets"]
  28.    verbs: ["get"]
  29. ---
  30. apiVersion: rbac.authorization.k8s.io/v1beta1
  31. kind: RoleBinding
  32. metadata:
  33.  name: jenkins
  34.  namespace: devops
  35. roleRef:
  36.  apiGroup: rbac.authorization.k8s.io
  37.  kind: Role
  38.  name: jenkins
  39. subjects:
  40.  - kind: ServiceAccount
  41.    name: jenkins
  42.    namespace: devops

静态slave

静态slave是在Kubernetes中创建一个固定的pod运行,跟之前我们用VM主机添加agent是一样的。 首先我们登陆Jenkins,创建一个agent,然后获取secret信息。 images

我们创建一个Deployment部署slave。在这里使用的镜像是jenkinsci/jnlp-slave:3.36-1,我在这里挂载了Docker和kubectl方便在pod中构建镜像和使用kubectl命令。挂载本地的一个目录用于workspace。 定义了环境变量JENKINS_URL,JENKINS_SECRET,JENKINS_AGENT_NAME,JENKINS_AGENT_WORKDIR

  1. ---
  2. kind: Deployment
  3. apiVersion: apps/v1
  4. metadata:
  5.   labels:
  6.     k8s-app: jenkinsagent
  7.   name: jenkinsagent
  8.   namespace: devops
  9. spec:
  10.   replicas: 1
  11.   revisionHistoryLimit: 10
  12.   selector:
  13.     matchLabels:
  14.       k8s-app: jenkinsagent
  15.   template:
  16.     metadata:
  17.       labels:
  18.         k8s-app: jenkinsagent
  19.       namespace: devops
  20.       name: jenkinsagent
  21.     spec:
  22.       containers:
  23.         - name: jenkinsagent
  24.           image: jenkinsci/jnlp-slave:3.36-1
  25.           securityContext:
  26.             privileged: true
  27.           imagePullPolicy: IfNotPresent
  28.           resources:
  29.             limits:
  30.               cpu: 1000m
  31.               memory: 2Gi
  32.             requests:
  33.               cpu: 500m
  34.               memory: 512Mi
  35.           volumeMounts:
  36.             - name: jenkinsagent-workdir
  37.               mountPath: /home/jenkins/workspace
  38.             - name: buildtools
  39.               mountPath: /home/jenkins/buildtools
  40.             - name: dockersock
  41.               mountPath: "/var/run/docker.sock"
  42.             - name: dockercmd
  43.               mountPath: /usr/bin/docker
  44.             - name: kubectlconfig
  45.               mountPath: /home/jenkins/.kube/config
  46.             - name: kubectlcmd
  47.               mountPath: /usr/bin/kubectl
  48.           env:
  49.             - name: JENKINS_URL
  50.               value: http://192.168.1.200:30080
  51.             - name: JENKINS_SECRET
  52.               value: 5639cac0bf16bf15735d44bc435793417365f4dfa8fc72fb12737f3787091ae8
  53.             - name: JENKINS_AGENT_NAME
  54.               value: build01
  55.             - name: JENKINS_AGENT_WORKDIR
  56.               value: /home/jenkins/workspace
  57.       volumes:
  58.         - name: jenkinsagent-workdir
  59.           hostPath: 
  60.             path: /data/devops/jenkins/workspace
  61.             type: Directory
  62.         - name: buildtools
  63.           hostPath: 
  64.             path: /usr/local/buildtools
  65.             type: Directory
  66.         - name: kubectlconfig
  67.           hostPath: 
  68.             path: /root/.kube/config
  69.         - name: kubectlcmd
  70.           hostPath: 
  71.             path: /usr/bin/kubectl
  72.         - name: dockersock
  73.           hostPath: 
  74.             path: /var/run/docker.sock
  75.         - name: dockercmd
  76.           hostPath: 
  77.             path: /usr/bin/docker

动态slave

安装kubernetes插件(安装完成后最好重启一下)。配置插件信息 系统设置 -> 最后面 Cloud ->增加一个云。

制作Kubernetes证书

  • 进入集群服务器 .kube/config
  • 复制config文件中的certificate-authority-data内容,生成base64文件 ca.crt
  • 复制config文件中的client-certificate-data内容,生成base64文件 client.crt

  • 复制config文件中的client-key-data内容,生成base64文件 client.key

    • echo zzzzzzzzz | base64 –d > client.key

  • 生成证书(会输入密码需要记住后面jenkins需要配置)

    • openssl pkcs12 -export -out cert.pfx -inkey client.key -in client.crt -certfile ca.crt
  • 下载证书 cert.pfx

Jenkins新建凭据

新建凭据 证书类型 上传刚刚下载的证书。并输入证书密码 images

将ca.crt 内容复制到 服务证书key 选择证书凭据 测试连接 images

编写Jenkinsfile测试

文件地址: https://github.com/zeyangli/devops-on-k8s/blob/master/jenkinsfile/jenkinsslave.jenkinsfile

关于Jenkinsfile的写法还有一种使用podtemplate感觉只是对yaml做了包装,学习成本高于原生yaml。所以这里直接使用了yaml定义的。

  1. pipeline{
  2.     agent{
  3.         kubernetes{
  4.             label "test01"
  5.             cloud 'kubernetes'
  6.             yaml '''
  7. ---
  8. kind: Pod
  9. apiVersion: v1
  10. metadata:
  11.   labels:
  12.     k8s-app: jenkinsagent
  13.   name: jenkinsagent
  14.   namespace: devops
  15. spec:
  16. containers:
  17.   - name: jenkinsagent
  18.     image: jenkinsci/jnlp-slave:3.36-1
  19.     imagePullPolicy: IfNotPresent
  20.     resources:
  21.       limits:
  22.         cpu: 1000m
  23.         memory: 2Gi
  24.       requests:
  25.         cpu: 500m
  26.         memory: 512Mi
  27.     volumeMounts:
  28.       - name: jenkinsagent-workdir
  29.         mountPath: /home/jenkins/workspace
  30.       - name: buildtools
  31.         mountPath: /home/jenkins/buildtools
  32.     env:
  33.       - name: JENKINS_AGENT_WORKDIR
  34.         value: /home/jenkins/workspace
  35. volumes:
  36.   - name: jenkinsagent-workdir
  37.     hostPath:
  38.       path: /data/devops/jenkins/workspace
  39.       type: Directory
  40.   - name: buildtools
  41.     hostPath:
  42.       path: /usr/local/buildtools
  43.       type: Directory
  44. '''
  45.         }
  46.     }
  49.     stages{
  50.         stage("test"){
  51.           steps{
  52.             script{
  53.               sh "sleep 30"
  54.             }
  55.           }
  56.         }
  57.     }
  58. }

赶快运行一下吧! 相信你已经成功了。