Gitlab+Jenkins+Docker+Harbor+K8s集群搭建CICD平台(持续集成部署Hexo博客D
目次[*]涉及内容:
[*]一、CICD服务器情况搭建
[*]1、docker 情况安装
[*](1)、拉取镜像,启动并设置开机自启
[*](2)、配置docker加速器
[*]2、安装并配置GitLab
[*](1)、创建共享卷目次
[*](2)、创建 gitlab 容器
[*](3)、关闭容器修改配置文件
[*](4)、修改完配置文件之后。直接启动容器
[*](5)、相关的git下令(针对已存在的文件夹)
[*]3、安装配置远程镜像仓库harbor
[*](1)、首先需要设置selinux、防火墙
[*](2)、安装并启动docker并安装docker-compose,关于docker-compose,这里不消了解太多,一个轻量的docker编排工具
[*](3)、解压harbor 安装包:harbor-offline-installer-v2.0.6.tgz,导入相关镜像
[*](4)、修改配置文件
[*](5)、harbor.yml:设置IP和用户名暗码
[*](6)、./prepare && ./install.sh
[*](7)、检察相关的镜像
[*](8)、访问测试
[*]4、CI服务器的docker配置
[*](1)、修改配置文件
[*](2)、push一个镜像,可以在私仓的web页面检察
[*]5、安装配置jenkins
[*](1)、镜像jenkins拉取
[*](2)、创建共享卷,修改所属组和用户,和容器里雷同
[*](3)、创建创建 jenkins 容器
[*](4)、更换国内清华大学镜像,Jenkins下载插件特别慢,更换国内的清华源的镜像地址会快不少
[*](5)、重启docker,获取登录密匙
[*](6)、安装 docker 插件
[*](7)、jenkins 安全设置
[*](8)、下载kubectl客户端工具
[*]拷贝 kubeconfig 文件
[*]拷贝证书和k8s集群客户端工具到jenkins容器内
[*](9)、kubectl下令测试
[*]二 、hexo博客体系CICD实战
[*]1、k8s集群中配置hexo生产情况高可用
[*](1)、deployments创建
[*](2)、service创建
[*]2、k8s集群配置私仓地址
[*]3、jenkins配置CICD流程
[*]4、配置 gitlab 和 jenkins 的联动
[*]5、编写Dockerfile文件,更新代码测试
[*]6、访问hexo博客体系
本篇文章参考 山河已无恙大佬的文章:(持续集成部署Hexo博客Demo)
涉及内容:
[*]Gitlab+Jenkins+Docker+Harbor+K8S集群 的CICD搭建教程
[*]在搭建好的CICD平台上持续集成部署hexo博客体系
[*]其中Gitlab+Jenkins +Harbor都是通过容器化部署
[*]篇幅有限,关于CD情况k8s集群这里用之前部署好的,并且已经做了kubeconfig证书
[*]下面为涉及到的机器:
用到的机器ip客户机本地物理机Gitlab+Jenkins+Docker192.168.112.10docker镜像仓库:harbor192.168.112.20k8s集群-master节点192.168.112.30k8s集群-node节点192.168.112.40k8s集群-node节点192.168.112.50拓扑图这里客户机用本地的IDE持续编码,然后push代码到gitlab,gitlab中的web钩子触发jenkins中配置好的构建触发器,通过shell下令拉取gitlab仓库中的代码,然后通过拉取的应用源码和Dockerfile文件来构建应用镜像,构建完成后将应用镜像push到harbor私有镜像仓库,然后通过shell下令的方式在jenkins中用kubelet客户端将镜像从私有仓库拉取到k8s集群并更新其deploy中的镜像,默认deploy更新副本的方式为滚动更新,整个流程中,只有客户机push代码是手手动的方式,其他满是自动https://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133224209-1645744318.png一、CICD服务器情况搭建
CI即为持续集成(Continue Integration,简称CI),用通俗的话讲,就是持续的整合版本库代码编译后制作应用镜像。建立有用的持续集成情况可以减少开发过程中一些不必要的问题、进步代码质量、快速迭代等,
常用的工具和平台有:
Jenkins:基于Java开发的一种持续集成工具,用于监控持续重复的工作,旨在提供一个开放易用的软件平台,使软件的持续集成变成可能。
Bamboo: 是一个企业级商用软件,可以部署在大规模生产情况中。
CD即持续交付Continuous Delivery和持续部署Continuous Deployment,用通俗的话说,即可以持续的部署到生产情况给客户利用,这里分为两个阶段,持续交付我明白为满足上线条件的过程,但是没有上线,持续部署,即为上线应用的过程
关于CD情况,我们利用以前搭建好的K8s集群,K8s集群可以实现应用的健康检测,动态扩容,滚动更新等优点,关于K8s集群的搭建,小伙伴可以看看我的其他文章
我们来搭建CI服务器:操作服务器: jenkins:192.168.112.10
1、docker 情况安装
(1)、拉取镜像,启动并设置开机自启
# systemctl start docker
# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.https://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133223879-593493274.png
(2)、配置docker加速器
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://2tefyfv7.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker切记:这里的端口要设置成80,要不push项目会提示没有报错,假如宿主机端口被占用,需要把这个端口腾出来
(3)、关闭容器修改配置文件
# docker pull beginor/gitlab-ceexternal_url 'http://192.168.112.10'
# mkdir -p /data/gitlab/etc/ /data/gitlab/log/ /data/gitlab/data
# chmod 777 /data/gitlab/etc/ /data/gitlab/log/ /data/gitlab/data/gitlab_rails[‘gitlab_ssh_host’] = '192.168.112.10'
# docker run -itd --name=gitlab --restart=always --privileged=true -p 8443:443-p 80:80 -p 222:22 -v/data/gitlab/etc:/etc/gitlab -v/data/gitlab/log:/var/log/gitlab -v/data/gitlab/data:/var/opt/gitlabbeginor/gitlab-ce
805eb9eac8367c53a8d458fec17649e3b3b206f3dc74c99c7a037a41dd9e8ca6
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
805eb9eac836 beginor/gitlab-ce "/assets/wrapper" 20 seconds ago Up 19 seconds (health: starting) 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:222->22/tcp, :::222->22/tcp, 0.0.0.0:8443->443/tcp, :::8443->443/tcp gitlabgitlab_rails = 222
# docker stop gitlab
gitlab(4)、修改完配置文件之后。直接启动容器
# cat /data/gitlab/etc/gitlab.rb |grep external_url
##! For more details on configuring external_url see:
# external_url 'GENERATED_EXTERNAL_URL'
# registry_external_url 'https://registry.gitlab.example.com'
# pages_external_url "http://pages.example.com/"
# gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4'
# mattermost_external_url 'http://mattermost.example.com'
# sed -i "/external_url 'GENERATED_EXTERNAL_URL'/a external_url\t'http://192.168.112.10' "/data/gitlab/etc/gitlab.rb
# cat /data/gitlab/etc/gitlab.rb |grep external_url
##! For more details on configuring external_url see:
# external_url 'GENERATED_EXTERNAL_URL'
external_url 'http://192.168.112.10'
# registry_external_url 'https://registry.gitlab.example.com'
# pages_external_url "http://pages.example.com/"
# gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4'
# mattermost_external_url 'http://mattermost.example.com'Gitlab在宿主机所在的物理机访问,http://192.168.112.10/ ,会自动跳转到修改暗码(root用户),假如暗码设置的没有满足一定的复杂性,则会报500,需要重新设置https://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133222823-987962708.pnghttps://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133222431-54215356.png登录进入仪表盘https://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133222073-98454301.pnghttps://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133221721-1921736997.pnghttps://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133221347-62003761.png然后我们简朴测试一下,push一个项目上去,会提示输入用户暗码,这里的项目是一个基于hexo的博客体系https://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133220965-324171227.png项目成功上传Gitlabhttps://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133220629-747513728.pnghttps://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133220269-999570774.png(5)、相关的git下令(针对已存在的文件夹)
# cat /data/gitlab/etc/gitlab.rb |grep gitlab_ssh_host
# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'
# sed -i "/gitlab_ssh_host/a gitlab_rails['gitlab_ssh_host'] = '192.168.112.10' "/data/gitlab/etc/gitlab.rb
# cat /data/gitlab/etc/gitlab.rb |grep gitlab_ssh_host # gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'
gitlab_rails['gitlab_ssh_host'] = '192.168.112.10'3、安装配置远程镜像仓库harbor
下面我们要配置私有的docker镜像仓库,用到的机器为:
操作服务器: harbor:192.168.112.20
这里仓库我们选择harbor,因为有web页面,当然也可以利用 registry
harbor的配置
harbor的安装利用步骤安装并启动docker并安装docker-compose上传harbor的离线包导入harbor的镜像编辑harbor.yml修改hostname 为自己的主机名,不消证书需要注释掉httpsharbor_admin_password 登录暗码安装compose运行脚本 ./install.sh在欣赏器里输入IP访问docker login IP --家目次下会有一个.docker文件夹下面我们开始安装
(1)、首先需要设置selinux、防火墙
# cat /data/gitlab/etc/gitlab.rb | grep gitlab_shell_ssh
# gitlab_rails['gitlab_shell_ssh_port'] = 22
# sed -i "/gitlab_shell_ssh_port/a gitlab_rails['gitlab_shell_ssh_port'] = 222" /data/gitlab/etc/gitlab.rb
# cat /data/gitlab/etc/gitlab.rb | grep gitlab_shell_ssh # gitlab_rails['gitlab_shell_ssh_port'] = 22
gitlab_rails['gitlab_shell_ssh_port'] = 222
# vim /data/gitlab/data/gitlab-rails/etc/gitlab.yml
## GitLab settings
gitlab:
## Web server settings (note: host is the FQDN, do not include http://)
host: 192.168.112.10
port: 80
https: false(2)、安装并启动docker并安装docker-compose,关于docker-compose,这里不消了解太多,一个轻量的docker编排工具
# docker start gitlab
gitlab
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
805eb9eac836 beginor/gitlab-ce "/assets/wrapper" 21 minutes ago Up 7 seconds (health: starting) 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:222->22/tcp, :::222->22/tcp, 0.0.0.0:8443->443/tcp, :::8443->443/tcp gitlab(3)、解压harbor 安装包:harbor-offline-installer-v2.0.6.tgz,导入相关镜像
harbor安装包:harbor
cd existing_folder
git init
git remote add origin http://192.168.112.10/root/hexo-gitlab-blog.git
git add .
git commit -m "Initial commit"
git push -u origin master(4)、修改配置文件
# getenforce
Disabled
# systemctl disable firewalld.service --now(5)、harbor.yml:设置IP和用户名暗码
yum install -y docker-ce
yum install -y docker-compose(6)、./prepare && ./install.sh
# ls
aliyun.shanaconda-ks.cfgharbor-offline-installer-v2.0.6.tgz
# tar -zxvf harbor-offline-installer-v2.0.6.tgz
harbor/harbor.v2.0.6.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl
# docker load -i harbor/harbor.v2.0.6.tar.gz# cd harbor/
# ls
common.shharbor.v2.0.6.tar.gzharbor.yml.tmplinstall.shLICENSEprepare
# cp harbor.yml.tmpl harbor.yml
# ls
common.sh harbor.yml install.shprepare
harbor.v2.0.6.tar.gzharbor.yml.tmplLICENSE
# vim harbor.yml(7)、检察相关的镜像
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: 192.168.112.20
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# https related config
#https:
# https port for harbor, default is 443
#port: 443
# The path of cert and key files for nginx
#certificate: /your/certificate/path
#private_key: /your/private/key/path
# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
# # set enabled to true means internal tls is enabled
# enabled: true
# # put your cert and key files on dir
# dir: /etc/harbor/tls/internal
# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433
# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: Harbor12345(8)、访问测试
harborhttps://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133219897-1694938928.pnghttps://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133219565-848745049.png4、CI服务器的docker配置
这里因为我们要在192.168.112.10(CI服务器)上push镜像到192.168.112.20(私仓),全部需要修改CI服务器上的Docker配置。添加仓库地址
操作服务器: jenkins:192.168.112.10
(1)、修改配置文件
# ./prepare
prepare base dir is set to /root/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir修改后的配置文件
# ./install.sh
: checking if docker is installed ...
Note: docker version: 25.0.4
: checking docker-compose is installed ...
Note: docker-compose version: 1.18.0
: loading Harbor images ...
Loaded image: goharbor/notary-server-photon:v2.0.6
Loaded image: goharbor/clair-photon:v2.0.6
Loaded image: goharbor/clair-adapter-photon:v2.0.6
Loaded image: goharbor/harbor-portal:v2.0.6
Loaded image: goharbor/harbor-core:v2.0.6
Loaded image: goharbor/harbor-db:v2.0.6
Loaded image: goharbor/harbor-jobservice:v2.0.6
Loaded image: goharbor/redis-photon:v2.0.6
Loaded image: goharbor/notary-signer-photon:v2.0.6
Loaded image: goharbor/harbor-log:v2.0.6
Loaded image: goharbor/harbor-registryctl:v2.0.6
Loaded image: goharbor/trivy-adapter-photon:v2.0.6
Loaded image: goharbor/chartmuseum-photon:v2.0.6
Loaded image: goharbor/prepare:v2.0.6
Loaded image: goharbor/nginx-photon:v2.0.6
Loaded image: goharbor/registry-photon:v2.0.6
: preparing environment ...
: preparing harbor configs ...
prepare base dir is set to /root/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Creating harbor-log ... done
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
Creating registry ... done
Creating harbor-core ... done
Creating network "harbor_harbor" with the default driver
Creating nginx ... done
Creating harbor-db ...
Creating redis ...
Creating registryctl ...
Creating registry ...
Creating harbor-portal ...
Creating harbor-core ...
Creating nginx ...
Creating harbor-jobservice ...
✔ ----Harbor has been installed and started successfully.----加载使其见效
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9572b7a8d0a8 goharbor/harbor-jobservice:v2.0.6 "/harbor/entrypoint.…" 5 minutes ago Up 5 minutes (healthy) harbor-jobservice
83b679a70258 goharbor/nginx-photon:v2.0.6 "nginx -g 'daemon of…" 5 minutes ago Up 5 minutes (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx
e7c53195c856 goharbor/harbor-core:v2.0.6 "/harbor/entrypoint.…" 5 minutes ago Up 5 minutes (healthy) harbor-core
37884d3bb185 goharbor/registry-photon:v2.0.6 "/home/harbor/entryp…" 5 minutes ago Up 5 minutes (healthy) 5000/tcp registry
d4de74c6b397 goharbor/harbor-portal:v2.0.6 "nginx -g 'daemon of…" 5 minutes ago Up 5 minutes (healthy) 8080/tcp harbor-portal
3459fba85f4c goharbor/harbor-db:v2.0.6 "/docker-entrypoint.…" 5 minutes ago Up 5 minutes (healthy) 5432/tcp harbor-db
febab24100f4 goharbor/redis-photon:v2.0.6 "redis-server /etc/r…" 5 minutes ago Up 5 minutes (healthy) 6379/tcp redis
8b6f3d626464 goharbor/harbor-registryctl:v2.0.6 "/home/harbor/start.…" 5 minutes ago Up 5 minutes (healthy) registryctl
52a51aae1c1b goharbor/harbor-log:v2.0.6 "/bin/sh -c /usr/loc…" 5 minutes ago Up 5 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-logCI机器简朴测试一下
# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://2tefyfv7.mirror.aliyuncs.com"]
}
# vim /etc/docker/daemon.json(2)、push一个镜像,可以在私仓的web页面检察
harborhttps://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133219214-2096159089.png到这里。我们配置了镜像仓库
5、安装配置jenkins
操作服务器:jenkins:192.168.112.10
(1)、镜像jenkins拉取
# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://2tefyfv7.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.112.20"]
}(2)、创建共享卷,修改所属组和用户,和容器里雷同
这里为什么要改成 1000,是因为容器里是以 jenkins 用户的身份去读写数据,而在容器里jenkins 的 uid 是 1000
# systemctl daemon-reload
# systemctl restart docker(3)、创建创建 jenkins 容器
# docker login 192.168.112.20
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
# docker tag busybox 192.168.112.20/library/busybox
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.112.20/library/busybox latest beae173ccac6 2 years ago 1.24MB
busybox latest beae173ccac6 2 years ago 1.24MB
beginor/gitlab-ce latest 5595d4ff803e 5 years ago 1.5GB
# docker push 192.168.112.20/library/busybox
Using default tag: latest
The push refers to repository
01fd6df81c8e: Mounted from library/bysybox
latest: digest: sha256:62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732dee size: 527访问jenkinshttps://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133218843-1014131572.png因为要修改 jenkins 的配置,所以此时关闭 jenkins 容器# docker pull jenkins/jenkins:latest
latest: Pulling from jenkins/jenkins
0e29546d541c: Pull complete
11bbb8c402a7: Pull complete
cf91f018150b: Pull complete
a98e88c6f0f0: Pull complete
f67fc70d671a: Pull complete
edbe48067464: Pull complete
fa23ca93dd6b: Pull complete
00159d993c13: Pull complete
f28fb40a17cf: Pull complete
071d309df04b: Pull complete
78599f36e494: Pull complete
896a32d969fb: Pull complete
3f1a51ea9f7f: Pull complete
26e724f0bfad: Pull complete
b377e1ae1384: Pull complete
d3cdbe7e8b9f: Pull complete
f3b40ebc3458: Pull complete
Digest: sha256:c3fa8e7f70d1e873ea6aa87040c557aa53e6707eb1d5ecace7f6884a87588ac8
Status: Downloaded newer image for jenkins/jenkins:latest
docker.io/jenkins/jenkins:latest(4)、更换国内清华大学镜像,Jenkins下载插件特别慢,更换国内的清华源的镜像地址会快不少
# mkdir /jenkins
# chown 1000:1000 /jenkins
# 这里为什么要改成 1000,是因为容器里是以 jenkins 用户的身份去读写数据,而在容器里jenkins 的 uid 是 1000"http://www.google.com/" 替换为 "http://www.baidu.com/"
# docker run -dit -p 8080:8080 -p 50000:50000 --name jenkins--privileged=true --restart=always -v /jenkins:/var/jenkins_home jenkins/jenkins:latest
f250456a77abeb916eb36781eafd8c17e3aad8ec26d5f6e006df4956d234f445
# docker ps | grep jenkins
f250456a77ab jenkins/jenkins:latest "/sbin/tini -- /usr/…" 17 seconds ago Up 16 seconds 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp, 0.0.0.0:50000->50000/tcp, :::50000->50000/tcp jenkins替换后检察
# docker stop jenkins
jenkins(5)、重启docker,获取登录密匙
# cat /jenkins/hudson.model.UpdateCenter.xml
<?xml version='1.1' encoding='UTF-8'?>
<sites>
<site>
<id>default</id>
<url>https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json</url>
</site>
</sites># sed -i's#updates.jenkins.io/update-center.json#mirrors.nghua.edu.cn/jenkins/updates/update-center.json#g '/jenkins/hudson.model.UpdateCenter.xml
# cat /jenkins/hudson.model.UpdateCenter.xml <?xml version='1.1' encoding='UTF-8'?>
<sites>
<site>
<id>default</id>
<url>https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json</url>
</site>
</sites>需要修改jenkins绑定的docker的启动参数,ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2376 -H fd:// --containerd=/run/containerd/containerd.sock
# yum install -y jq
# cat /jenkins/updates/default.json | jq '.connectionCheckUrl'
"https://www.google.com/"
# cat /jenkins/updates/default.json | jq 'keys'
[
"connectionCheckUrl",
"core",
"deprecations",
"generationTimestamp",
"id",
"plugins",
"signature",
"updateCenterVersion",
"warnings"
]
# sed -i s#http://www.google.com/#http://www.baidu.com/#g/jenkins/updates/default.json修改镜像库启动参数后需要重启docker
# cat /jenkins/updates/default.json | jq '.connectionCheckUrl'
"https://www.baidu.com/"
# cat /jenkins/updates/default.json | jq 'keys' [
"connectionCheckUrl",
"core",
"deprecations",
"generationTimestamp",
"id",
"plugins",
"signature",
"updateCenterVersion",
"warnings"
](6)、安装 docker 插件
jenkins相关配置,这里的配置照着图片就好,需要配置一个docker集群供jenkins来根据Dockerfile构建镜像并push到私仓,这里docker集群即为CI服务器的dockerhttps://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133218411-452739561.pnghttps://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133218028-1180296570.pnghttps://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133217649-1120493856.pnghttps://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133217309-485385350.pnghttps://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133216945-1078604726.png依此点击Manage Jenkins->Manage Plugins->AVAILABLE->Search 搜索docker、docker-build-stephttps://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133216499-1769152759.pnghttps://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133216144-1550253267.pnghttps://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133215714-855063050.pnghttps://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133215327-352128821.pnghttps://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133214977-1628845243.png修改镜像库启动参数,ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2376 -H fd:// --containerd=/run/containerd/containerd.sockhttps://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133214623-112188310.pnghttps://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133214257-1344416477.png关联docker和jenkinshttps://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133213887-1398952175.png(7)、jenkins 安全设置
背面 gitlab 要和 jenkins 进行联动,所以必须要需要对 jenkins 的安全做一些设置,依次点击 体系管理-全局安全配置-授权计谋,勾选"匿名用户具有可读权限"
https://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133213517-872267659.pnghttps://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133213138-1206288167.png添加 JVM 运行参数 -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true 运行跨站请求访问
# docker start jenkins
jenkins
# cat /jenkins/secret
secret.key secret.key.not-so-secretsecrets/
# cat /jenkins/secrets/initialAdminPassword
f54e4a2c7dd249ce9f7d4f15121005d8(8)、下载kubectl客户端工具
这里的话我们要通过jenkins上的kubectl客户端连接k8s,所以我们需要安装一个k8s的客户端kubectl,下载k8s客户端
vim /lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2376 -H fd:// --containerd=/run/containerd/containerd.sock同时需要编写Dockerfile文件来创建镜像
# systemctl daemon-reload
# systemctl restart dockerjenkins输出https://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133206668-224303473.png# docker exec -u root -it jenkins /bin/bash6、访问hexo博客体系
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum install kubelet-1.22.2 kubeadm-1.22.2 kubectl-1.22.2 -y
systemctl enable kubelet && systemctl start kubelet访问hexo博客体系https://img2023.cnblogs.com/blog/3332572/202403/3332572-20240315133205914-50196778.png
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]