Preface
- The sample code and Jenkins agent image already in this practice have been pushed and archived to github. > transmission gate
- Note that the data in this practice are all intranet data. You must change it to the valid data of your own environment when testing.
- Because this practice involves many components, if there is unclear operation, you can leave a message in the background, and we will improve it together.
- If there is any unclear or error in the specific operation, you can leave a message and solve it together.
1. Prepare basic data
1. Configure gitlab
- Create project
- Upload sample code
_Note: the address of the gitlab project used in this example is: http://gitlab.hanker.com/colynn/hanker-hello.git
2. Configure harbor
- Create a project to store the built image
_Note: the harbor address used in this example is 10.0.0.185:5000 / hanker / hanker Hello: v1
3.jenkins validation information
- Add gitlab account information
_Operation instructions: Credentials - > System - > Global credentials - > Add Credentials
- harbor information
_Operation instructions: Credentials - > System - > Global credentials - > Add Credentials
- k8s namespace validation information
On your k8s master node, do the following:
1. Create serviceaccount
$ kubectl -n devops create serviceaccount jenkins-robot
Command output:
serviceaccount/jenkins-robot created
2. Role binding
$ kubectl -n devops create rolebinding jenkins-robot-binding --clusterrole=cluster-admin --serviceaccount=devops:jenkins-robot
Command output:
rolebinding.rbac.authorization.k8s.io/jenkins-robot-binding created
3. Get ServiceAccount
$ kubectl -n devops get serviceaccount jenkins-robot -o go-template --template='{{range .secrets}}{{.name}}{{"\n"}}{{end}}'
jenkins-robot-token-n8w6b
4. Decoding ServiceToken based on base64
$ kubectl -n devops get secrets jenkins-robot-token-n8w6b -o go-template --template '{{index .data "token"}}' | base64 --decode
Command output:
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZXZvcHMiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoiamVua2lucy1yb2JvdC10b2tlbi1uOHc2YiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJqZW5raW5zLXJvYm90Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiOTcyZTY0OGYtMTYxZC00NmM5LWI0ZjgtYjFkNTdlOWY4NTBjIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRldm9wczpqZW5raW5zLXJvYm90In0.ArQvcaEqCaeU1ZcJ6nOC5rLaTZr_vLDrpLCt87asltMUWj2gSli_mXUTrl09hBnBDXI3A1D4rJXHKLHjIAA4nN8qRIRGbpqSNzDwmqJr-jmmmWWZFrZ3n3Al9-13KJnNOK8pcWr70rt3Rsigt4B6CIQ0-ZLK8BZhvROJSifeOfJ6xe2KBqdXBv1ccZZZfEhPLgGbaR5yWm5jLvOMr2MQiPDrZoHOEkcMt-C0xipytOp4sJCJ4bQhb-UoMu1owYydxbd6O7xO71fvqP_bMDpZXC601nA2ggK7h-vi6CJffHv5MM59q8X_DWe1NnZS6KXiMmkXqAmBn10Yu20PNj-kjg
5. Add Secret text authentication information
_Operation instructions: select [Secret text] type from [home page] - [Credentials] - [System] - [Global credentials] - [Add Credentials] - > select [Secret text]
Then update the decoding result of the previous step to Secret, Pipeline.
2. How to create jenkins pipeline
1. Create jenkins pipeline item
_Operation instructions: first page - > New Item
2. pipeline script step description
_Note: pipeline mainly consists of three stages (check out code, make image and deploy service). Let me explain how to write pipeline. With the help of Pipeline Syntax, only part of the code is generated. You can improve it according to the language specification.
1. Stage 1, check out the code
_Operation instructions: first page - > hanker Hello Demo - > Pipeline Syntax
_Note: the git: Git type selected in this practice, of course, you can also choose checkout: Check out from version control
Get the script to the step
git credentialsId: 'gitlab-project-auth', url: 'http://gitlab.hanker.com/colynn/hanker-hello.git'
2. Stage 2, build the image
_Operation instruction: similar to stage 1,
Get the step script
script { withDockerRegistry(credentialsId: 'harbor-auth', url: 'http://10.0.0.185:5000') { def customImage = docker.build("10.0.0.185:5000/devops/hanker-hello:v1") customImage.push() } }
_Note: to support this stage, you need to include the docker command in the Jenkins agent image.
3. Phase 3. Deployment Services
Reference: jenkins kubernetes cli plugin
_Note: to support this stage, you need to include the kubectl command in the Jenkins agent image.
3. Set pipeline
Note:
- You can set the General/ Build Triggers/ Advanced Project Options according to your own needs, merge the scripts of each stage, and update them to pipline - > script.
The content of the merged pipeline script is as follows:
pipeline { agent any stages { stage('checkout') { steps { git credentialsId: 'gitlab-project-auth', url: 'http://gitlab.hanker.com/colynn/hanker-hello.git' } } stage('docker-publish') { steps{ script { withDockerRegistry(credentialsId: 'harbor-auth', url: 'http://10.0.0.185:5000') { def customImage = docker.build("10.0.0.185:5000/devops/hanker-hello:v1") customImage.push() } } } } stage('application-deploy') { steps { withKubeConfig([credentialsId: '5a5517f3-3d38-459d-bafc-12b55beeb588', serverUrl: 'https://10.0.0.182:6443']) { sh '/usr/bin/kubectl apply -f k8s-setup.yml' } } } } }
3. Trigger build
4. Result confirmation
1. Confirm the startup status of jenkina agent;
$ kubectl -n devops get pods |grep jnlp jnlp-sh8zl 1/1 Running 0 14s // View Jenkins agent pod log $ kubectl -n devops logs -f [jenkins-agent-pod-name]
_Note: if Jenkins agent is not started for a long time, you can confirm whether there are enough resources in the cluster.
2. Confirm the pipeline execution status;
3. Confirm whether there is a newly pushed image in the harbor image warehouse
_Note: projects in harbor need to be created first, or errors will be reported during push.
4. Confirm the service status of the deployment
Perform the following operations on the k8s master node:
$ kubectl -n devops get pod,deployment,svc,ingress |grep hanker-hello pod/hanker-hello-5b7586f86d-5j7kk 1/1 Running 0 173m deployment.extensions/hanker-hello 1/1 1 1 3h8m service/hanker-hello-svc ClusterIP 10.233.22.19 <none> 8080/TCP 3h8m ingress.extensions/hanker-hello-ingress hanker-hello-demo.dev.hanker.net 80 3h8m
appendix
1. Customize Jenkins agent image
## Based on https://github.com/kubernetes-best-practice/jenkins-jnlp-agent.git $ git checkout https://github.com/Kubernetes-Best-Pratice/jenkins-jnlp-agent.git $ cd jenkins-jnlp-agent $ docker build . $ docker tag tag-name custom-private-repository-addr
_Note: you can also base on base image Create a custom image
2. More perfect
- Configure webhook to automatically trigger jenkins job;
- At present, the image version we build in practice is fixed. Whether you can replace it with the form that depends on the pipeline environment variable or parameter transfer is more meaningful.
- In the previous article, when setting the [configure Kubernetes Pod Template], we mentioned that you can mount hosts or network shared storage. Can you use this to speed up your build?
- Our sample code uses go, which is directly packaged in the image. You can refer to how to better build other languages. Using Docker with Pipeline;
- Have you thought about how to download the products in the construction process, etc.
Reference link:
- https://github.com/jenkinsci/...
- Download kubectl: https://docs.docker.com/ee/uc...