[Kubernetes series] Part 8 full process practice of CI/CD

Keywords: Linux jenkins git GitLab Docker

Preface

  1. The sample code and Jenkins agent image already in this practice have been pushed and archived to github. > transmission gate
  2. Note that the data in this practice are all intranet data. You must change it to the valid data of your own environment when testing.
  3. Because this practice involves many components, if there is unclear operation, you can leave a message in the background, and we will improve it together.
  4. If there is any unclear or error in the specific operation, you can leave a message and solve it together.

1. Prepare basic data

1. Configure gitlab

  • Create project
  • Upload sample code

    _Note: the address of the gitlab project used in this example is: http://gitlab.hanker.com/colynn/hanker-hello.git

2. Configure harbor

  • Create a project to store the built image
    _Note: the harbor address used in this example is 10.0.0.185:5000 / hanker / hanker Hello: v1

3.jenkins validation information

  • Add gitlab account information

    _Operation instructions: Credentials - > System - > Global credentials - > Add Credentials

  • harbor information

    _Operation instructions: Credentials - > System - > Global credentials - > Add Credentials

  • k8s namespace validation information

    On your k8s master node, do the following:

1. Create serviceaccount

$ kubectl -n devops create serviceaccount jenkins-robot

Command output:

serviceaccount/jenkins-robot created

2. Role binding

$ kubectl -n devops create rolebinding jenkins-robot-binding --clusterrole=cluster-admin --serviceaccount=devops:jenkins-robot

Command output:

rolebinding.rbac.authorization.k8s.io/jenkins-robot-binding created

3. Get ServiceAccount

$ kubectl -n devops get serviceaccount jenkins-robot -o go-template --template='{{range .secrets}}{{.name}}{{"\n"}}{{end}}'

jenkins-robot-token-n8w6b

4. Decoding ServiceToken based on base64

$ kubectl -n devops get secrets jenkins-robot-token-n8w6b -o go-template --template '{{index .data "token"}}' | base64 --decode

Command output:

eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZXZvcHMiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoiamVua2lucy1yb2JvdC10b2tlbi1uOHc2YiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJqZW5raW5zLXJvYm90Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiOTcyZTY0OGYtMTYxZC00NmM5LWI0ZjgtYjFkNTdlOWY4NTBjIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRldm9wczpqZW5raW5zLXJvYm90In0.ArQvcaEqCaeU1ZcJ6nOC5rLaTZr_vLDrpLCt87asltMUWj2gSli_mXUTrl09hBnBDXI3A1D4rJXHKLHjIAA4nN8qRIRGbpqSNzDwmqJr-jmmmWWZFrZ3n3Al9-13KJnNOK8pcWr70rt3Rsigt4B6CIQ0-ZLK8BZhvROJSifeOfJ6xe2KBqdXBv1ccZZZfEhPLgGbaR5yWm5jLvOMr2MQiPDrZoHOEkcMt-C0xipytOp4sJCJ4bQhb-UoMu1owYydxbd6O7xO71fvqP_bMDpZXC601nA2ggK7h-vi6CJffHv5MM59q8X_DWe1NnZS6KXiMmkXqAmBn10Yu20PNj-kjg

5. Add Secret text authentication information

_Operation instructions: select [Secret text] type from [home page] - [Credentials] - [System] - [Global credentials] - [Add Credentials] - > select [Secret text]

Then update the decoding result of the previous step to Secret, Pipeline.

2. How to create jenkins pipeline

1. Create jenkins pipeline item

_Operation instructions: first page - > New Item

2. pipeline script step description

_Note: pipeline mainly consists of three stages (check out code, make image and deploy service). Let me explain how to write pipeline. With the help of Pipeline Syntax, only part of the code is generated. You can improve it according to the language specification.

1. Stage 1, check out the code

_Operation instructions: first page - > hanker Hello Demo - > Pipeline Syntax

_Note: the git: Git type selected in this practice, of course, you can also choose checkout: Check out from version control

Get the script to the step

git credentialsId: 'gitlab-project-auth', url: 'http://gitlab.hanker.com/colynn/hanker-hello.git'

2. Stage 2, build the image
_Operation instruction: similar to stage 1,

Get the step script

script {
    withDockerRegistry(credentialsId: 'harbor-auth', url: 'http://10.0.0.185:5000') {
        def customImage =  docker.build("10.0.0.185:5000/devops/hanker-hello:v1")
        customImage.push()
    }
}

_Note: to support this stage, you need to include the docker command in the Jenkins agent image.

3. Phase 3. Deployment Services

Reference: jenkins kubernetes cli plugin

_Note: to support this stage, you need to include the kubectl command in the Jenkins agent image.

3. Set pipeline

Note:

  • You can set the General/ Build Triggers/ Advanced Project Options according to your own needs, merge the scripts of each stage, and update them to pipline - > script.

The content of the merged pipeline script is as follows:

pipeline {
    agent any
    stages {
        stage('checkout') {
            steps {
                git credentialsId: 'gitlab-project-auth', url: 'http://gitlab.hanker.com/colynn/hanker-hello.git'    
            }
        }
        
        stage('docker-publish') {
            steps{
                script {
                    withDockerRegistry(credentialsId: 'harbor-auth', url: 'http://10.0.0.185:5000') {
                        def customImage =  docker.build("10.0.0.185:5000/devops/hanker-hello:v1")
                        customImage.push()
                    }
                }
            }
        }
        
        stage('application-deploy') {
            steps {
                withKubeConfig([credentialsId: '5a5517f3-3d38-459d-bafc-12b55beeb588', serverUrl: 'https://10.0.0.182:6443']) {
                    sh '/usr/bin/kubectl apply -f k8s-setup.yml'
                }
            }
        }
    }
}

3. Trigger build

4. Result confirmation

1. Confirm the startup status of jenkina agent;

$ kubectl -n devops get pods |grep jnlp
jnlp-sh8zl                                 1/1     Running   0          14s

// View Jenkins agent pod log
$ kubectl -n devops logs -f [jenkins-agent-pod-name]

_Note: if Jenkins agent is not started for a long time, you can confirm whether there are enough resources in the cluster.

2. Confirm the pipeline execution status;

3. Confirm whether there is a newly pushed image in the harbor image warehouse

_Note: projects in harbor need to be created first, or errors will be reported during push.

4. Confirm the service status of the deployment

Perform the following operations on the k8s master node:

$ kubectl -n devops get pod,deployment,svc,ingress |grep hanker-hello 

pod/hanker-hello-5b7586f86d-5j7kk              1/1     Running   0          173m


deployment.extensions/hanker-hello              1/1     1            1           3h8m
service/hanker-hello-svc          ClusterIP   10.233.22.19    <none>        8080/TCP             3h8m
ingress.extensions/hanker-hello-ingress              hanker-hello-demo.dev.hanker.net                   80      3h8m

appendix

1. Customize Jenkins agent image

## Based on https://github.com/kubernetes-best-practice/jenkins-jnlp-agent.git

$ git checkout  https://github.com/Kubernetes-Best-Pratice/jenkins-jnlp-agent.git

$ cd jenkins-jnlp-agent
$ docker build .
$ docker tag tag-name custom-private-repository-addr

_Note: you can also base on base image Create a custom image

2. More perfect

  1. Configure webhook to automatically trigger jenkins job;
  2. At present, the image version we build in practice is fixed. Whether you can replace it with the form that depends on the pipeline environment variable or parameter transfer is more meaningful.
  3. In the previous article, when setting the [configure Kubernetes Pod Template], we mentioned that you can mount hosts or network shared storage. Can you use this to speed up your build?
  4. Our sample code uses go, which is directly packaged in the image. You can refer to how to better build other languages. Using Docker with Pipeline
  5. Have you thought about how to download the products in the construction process, etc.

Reference link:

  1. https://github.com/jenkinsci/...
  2. Download kubectl: https://docs.docker.com/ee/uc...

Posted by ali_p on Sun, 27 Oct 2019 22:07:12 -0700