IT评测·应用市场-qidao123.com技术社区

标题: Gitlab+Jenkins+Docker+Harbor+K8s集群搭建CICD平台(持续集成部署Hexo博客D [打印本页]
作者: 海哥    时间: 2024-5-14 08:03
标题: Gitlab+Jenkins+Docker+Harbor+K8s集群搭建CICD平台(持续集成部署Hexo博客D
目次

本篇文章参考 山河已无恙大佬的文章:(持续集成部署Hexo博客Demo)
涉及内容:

用到的机器ip客户机本地物理机Gitlab+Jenkins+Docker192.168.112.10docker镜像仓库:harbor192.168.112.20k8s集群-master节点192.168.112.30k8s集群-node节点192.168.112.40k8s集群-node节点192.168.112.50拓扑图这里客户机用本地的IDE持续编码,然后push代码到gitlab,gitlab中的web钩子触发jenkins中配置好的构建触发器,通过shell下令拉取gitlab仓库中的代码,然后通过拉取的应用源码和Dockerfile文件来构建应用镜像,构建完成后将应用镜像push到harbor私有镜像仓库,然后通过shell下令的方式在jenkins中用kubelet客户端将镜像从私有仓库拉取到k8s集群并更新其deploy中的镜像,默认deploy更新副本的方式为滚动更新,整个流程中,只有客户机push代码是手手动的方式,其他满是自动
一、CICD服务器情况搭建

CI即为持续集成(Continue Integration,简称CI),用通俗的话讲,就是持续的整合版本库代码编译后制作应用镜像。建立有用的持续集成情况可以减少开发过程中一些不必要的问题、进步代码质量、快速迭代等,
常用的工具和平台有:
Jenkins:基于Java开发的一种持续集成工具,用于监控持续重复的工作,旨在提供一个开放易用的软件平台,使软件的持续集成变成可能。
Bamboo: 是一个企业级商用软件,可以部署在大规模生产情况中。
CD即持续交付Continuous Delivery和持续部署Continuous Deployment,用通俗的话说,即可以持续的部署到生产情况给客户利用,这里分为两个阶段,持续交付我明白为满足上线条件的过程,但是没有上线,持续部署,即为上线应用的过程
关于CD情况,我们利用以前搭建好的K8s集群,K8s集群可以实现应用的健康检测,动态扩容,滚动更新等优点,关于K8s集群的搭建,小伙伴可以看看我的其他文章
我们来搭建CI服务器:操作服务器: jenkins:192.168.112.10
1、docker 情况安装

(1)、拉取镜像,启动并设置开机自启
  1. [root@jenkins ~]# systemctl start docker
  2. [root@jenkins ~]# systemctl enable docker
  3. Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
复制代码

(2)、配置docker加速器
  1. sudo mkdir -p /etc/docker
  2. sudo tee /etc/docker/daemon.json <<-'EOF'
  3. {
  4.   "registry-mirrors": ["https://2tefyfv7.mirror.aliyuncs.com"]
  5. }
  6. EOF
  7. sudo systemctl daemon-reload
  8. sudo systemctl restart docker
复制代码
切记:这里的端口要设置成80,要不push项目会提示没有报错,假如宿主机端口被占用,需要把这个端口腾出来
(3)、关闭容器修改配置文件
  1. [root@jenkins ~]# docker pull beginor/gitlab-ce
复制代码
external_url 'http://192.168.112.10'
  1. [root@jenkins ~]# mkdir -p /data/gitlab/etc/ /data/gitlab/log/ /data/gitlab/data
  2. [root@jenkins ~]# chmod 777 /data/gitlab/etc/ /data/gitlab/log/ /data/gitlab/data/
复制代码
gitlab_rails[‘gitlab_ssh_host’] = '192.168.112.10'
  1. [root@jenkins ~]# docker run -itd --name=gitlab --restart=always --privileged=true   -p 8443:443  -p 80:80 -p 222:22 -v  /data/gitlab/etc:/etc/gitlab -v  /data/gitlab/log:/var/log/gitlab -v  /data/gitlab/data:/var/opt/gitlab  beginor/gitlab-ce
  2. 805eb9eac8367c53a8d458fec17649e3b3b206f3dc74c99c7a037a41dd9e8ca6
  3. [root@jenkins ~]# docker ps
  4. CONTAINER ID   IMAGE               COMMAND             CREATED          STATUS                             PORTS                                                                                                             NAMES
  5. 805eb9eac836   beginor/gitlab-ce   "/assets/wrapper"   20 seconds ago   Up 19 seconds (health: starting)   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:222->22/tcp, :::222->22/tcp, 0.0.0.0:8443->443/tcp, :::8443->443/tcp   gitlab
复制代码
gitlab_rails[gitlab_shell_ssh_port] = 222
  1. [root@jenkins ~]# docker stop gitlab
  2. gitlab
复制代码
(4)、修改完配置文件之后。直接启动容器
  1. [root@jenkins ~]# cat /data/gitlab/etc/gitlab.rb |grep external_url
  2. ##! For more details on configuring external_url see:
  3. # external_url 'GENERATED_EXTERNAL_URL'
  4. # registry_external_url 'https://registry.gitlab.example.com'
  5. # pages_external_url "http://pages.example.com/"
  6. # gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4'
  7. # mattermost_external_url 'http://mattermost.example.com'
  8. [root@jenkins ~]# sed -i "/external_url 'GENERATED_EXTERNAL_URL'/a external_url\t'http://192.168.112.10' "  /data/gitlab/etc/gitlab.rb
  9. [root@jenkins ~]# cat /data/gitlab/etc/gitlab.rb |grep external_url
  10. ##! For more details on configuring external_url see:
  11. # external_url 'GENERATED_EXTERNAL_URL'
  12. external_url    'http://192.168.112.10'
  13. # registry_external_url 'https://registry.gitlab.example.com'
  14. # pages_external_url "http://pages.example.com/"
  15. # gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4'
  16. # mattermost_external_url 'http://mattermost.example.com'
复制代码
Gitlab在宿主机所在的物理机访问,http://192.168.112.10/ ,会自动跳转到修改暗码(root用户),假如暗码设置的没有满足一定的复杂性,则会报500,需要重新设置
登录进入仪表盘
然后我们简朴测试一下,push一个项目上去,会提示输入用户暗码,这里的项目是一个基于hexo的博客体系
项目成功上传Gitlab
(5)、相关的git下令(针对已存在的文件夹)
  1. [root@jenkins ~]# cat /data/gitlab/etc/gitlab.rb |grep gitlab_ssh_host
  2. # gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'
  3. [root@jenkins ~]# sed -i "/gitlab_ssh_host/a gitlab_rails['gitlab_ssh_host'] = '192.168.112.10' "  /data/gitlab/etc/gitlab.rb
  4. [root@jenkins ~]# cat /data/gitlab/etc/gitlab.rb |grep gitlab_ssh_host                   # gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'
  5. gitlab_rails['gitlab_ssh_host'] = '192.168.112.10'
复制代码
3、安装配置远程镜像仓库harbor

下面我们要配置私有的docker镜像仓库,用到的机器为:
操作服务器: harbor:192.168.112.20
这里仓库我们选择harbor,因为有web页面,当然也可以利用 registry
harbor的配置
harbor的安装利用步骤安装并启动docker并安装docker-compose上传harbor的离线包导入harbor的镜像编辑harbor.yml修改hostname 为自己的主机名,不消证书需要注释掉httpsharbor_admin_password 登录暗码安装compose运行脚本 ./install.sh在欣赏器里输入IP访问docker login IP --家目次下会有一个.docker文件夹
下面我们开始安装
(1)、首先需要设置selinux、防火墙
  1. [root@jenkins ~]# cat /data/gitlab/etc/gitlab.rb | grep gitlab_shell_ssh
  2. # gitlab_rails['gitlab_shell_ssh_port'] = 22
  3. [root@jenkins ~]# sed -i "/gitlab_shell_ssh_port/a gitlab_rails['gitlab_shell_ssh_port'] = 222" /data/gitlab/etc/gitlab.rb
  4. [root@jenkins ~]# cat /data/gitlab/etc/gitlab.rb | grep gitlab_shell_ssh                 # gitlab_rails['gitlab_shell_ssh_port'] = 22
  5. gitlab_rails['gitlab_shell_ssh_port'] = 222
  6. [root@jenkins ~]# vim /data/gitlab/data/gitlab-rails/etc/gitlab.yml
  7.   ## GitLab settings
  8.   gitlab:
  9.     ## Web server settings (note: host is the FQDN, do not include http://)
  10.     host: 192.168.112.10
  11.     port: 80
  12.     https: false
复制代码
(2)、安装并启动docker并安装docker-compose,关于docker-compose,这里不消了解太多,一个轻量的docker编排工具
  1. [root@jenkins ~]# docker start gitlab
  2. gitlab
  3. [root@jenkins ~]# docker ps
  4. CONTAINER ID   IMAGE               COMMAND             CREATED          STATUS                            PORTS                                                                                                             NAMES
  5. 805eb9eac836   beginor/gitlab-ce   "/assets/wrapper"   21 minutes ago   Up 7 seconds (health: starting)   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:222->22/tcp, :::222->22/tcp, 0.0.0.0:8443->443/tcp, :::8443->443/tcp   gitlab
复制代码
(3)、解压harbor 安装包:harbor-offline-installer-v2.0.6.tgz,导入相关镜像

harbor安装包:harbor
  1. cd existing_folder
  2. git init
  3. git remote add origin http://192.168.112.10/root/hexo-gitlab-blog.git
  4. git add .
  5. git commit -m "Initial commit"
  6. git push -u origin master
复制代码
(4)、修改配置文件
  1. [root@harbor ~]# getenforce
  2. Disabled
  3. [root@harbor ~]# systemctl disable firewalld.service --now
复制代码
(5)、harbor.yml:设置IP和用户名暗码
  1. yum install -y docker-ce
  2. yum install -y docker-compose
复制代码
(6)、./prepare && ./install.sh
  1. [root@harbor ~]# ls
  2. aliyun.sh  anaconda-ks.cfg  harbor-offline-installer-v2.0.6.tgz
  3. [root@harbor ~]# tar -zxvf harbor-offline-installer-v2.0.6.tgz
  4. harbor/harbor.v2.0.6.tar.gz
  5. harbor/prepare
  6. harbor/LICENSE
  7. harbor/install.sh
  8. harbor/common.sh
  9. harbor/harbor.yml.tmpl
  10. [root@harbor ~]# docker load -i harbor/harbor.v2.0.6.tar.gz
复制代码
  1. [root@harbor ~]# cd harbor/
  2. [root@harbor harbor]# ls
  3. common.sh  harbor.v2.0.6.tar.gz  harbor.yml.tmpl  install.sh  LICENSE  prepare
  4. [root@harbor harbor]# cp harbor.yml.tmpl harbor.yml
  5. [root@harbor harbor]# ls
  6. common.sh             harbor.yml       install.sh  prepare
  7. harbor.v2.0.6.tar.gz  harbor.yml.tmpl  LICENSE
  8. [root@harbor harbor]# vim harbor.yml
复制代码
(7)、检察相关的镜像
  1. # Configuration file of Harbor
  3. # The IP address or hostname to access admin UI and registry service.
  4. # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
  5. hostname: 192.168.112.20
  7. # http related config
  8. http:
  9.   # port for http, default is 80. If https enabled, this port will redirect to https port
  10.   port: 80
  12. # https related config
  13. #https:
  14.   # https port for harbor, default is 443
  15. #  port: 443
  16.   # The path of cert and key files for nginx
  17. #  certificate: /your/certificate/path
  18. #  private_key: /your/private/key/path
  20. # # Uncomment following will enable tls communication between all harbor components
  21. # internal_tls:
  22. #   # set enabled to true means internal tls is enabled
  23. #   enabled: true
  24. #   # put your cert and key files on dir
  25. #   dir: /etc/harbor/tls/internal
  27. # Uncomment external_url if you want to enable external proxy
  28. # And when it enabled the hostname will no longer used
  29. # external_url: https://reg.mydomain.com:8433
  31. # The initial password of Harbor admin
  32. # It only works in first time to install harbor
  33. # Remember Change the admin password from UI after launching Harbor.
  34. harbor_admin_password: Harbor12345
复制代码
(8)、访问测试

harbor
4、CI服务器的docker配置

这里因为我们要在192.168.112.10(CI服务器)上push镜像到192.168.112.20(私仓),全部需要修改CI服务器上的Docker配置。添加仓库地址
操作服务器: jenkins:192.168.112.10
(1)、修改配置文件
  1. [root@harbor harbor]# ./prepare
  2. prepare base dir is set to /root/harbor
  3. WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
  4. Generated configuration file: /config/log/logrotate.conf
  5. Generated configuration file: /config/log/rsyslog_docker.conf
  6. Generated configuration file: /config/nginx/nginx.conf
  7. Generated configuration file: /config/core/env
  8. Generated configuration file: /config/core/app.conf
  9. Generated configuration file: /config/registry/config.yml
  10. Generated configuration file: /config/registryctl/env
  11. Generated configuration file: /config/registryctl/config.yml
  12. Generated configuration file: /config/db/env
  13. Generated configuration file: /config/jobservice/env
  14. Generated configuration file: /config/jobservice/config.yml
  15. Generated and saved secret to file: /data/secret/keys/secretkey
  16. Successfully called func: create_root_cert
  17. Generated configuration file: /compose_location/docker-compose.yml
  18. Clean up the input dir
复制代码
修改后的配置文件
  1. [root@harbor harbor]# ./install.sh
  3. [Step 0]: checking if docker is installed ...
  5. Note: docker version: 25.0.4
  7. [Step 1]: checking docker-compose is installed ...
  9. Note: docker-compose version: 1.18.0
  11. [Step 2]: loading Harbor images ...
  12. Loaded image: goharbor/notary-server-photon:v2.0.6
  13. Loaded image: goharbor/clair-photon:v2.0.6
  14. Loaded image: goharbor/clair-adapter-photon:v2.0.6
  15. Loaded image: goharbor/harbor-portal:v2.0.6
  16. Loaded image: goharbor/harbor-core:v2.0.6
  17. Loaded image: goharbor/harbor-db:v2.0.6
  18. Loaded image: goharbor/harbor-jobservice:v2.0.6
  19. Loaded image: goharbor/redis-photon:v2.0.6
  20. Loaded image: goharbor/notary-signer-photon:v2.0.6
  21. Loaded image: goharbor/harbor-log:v2.0.6
  22. Loaded image: goharbor/harbor-registryctl:v2.0.6
  23. Loaded image: goharbor/trivy-adapter-photon:v2.0.6
  24. Loaded image: goharbor/chartmuseum-photon:v2.0.6
  25. Loaded image: goharbor/prepare:v2.0.6
  26. Loaded image: goharbor/nginx-photon:v2.0.6
  27. Loaded image: goharbor/registry-photon:v2.0.6
  30. [Step 3]: preparing environment ...
  32. [Step 4]: preparing harbor configs ...
  33. prepare base dir is set to /root/harbor
  34. WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
  35. Clearing the configuration file: /config/log/logrotate.conf
  36. Clearing the configuration file: /config/log/rsyslog_docker.conf
  37. Clearing the configuration file: /config/nginx/nginx.conf
  38. Clearing the configuration file: /config/core/env
  39. Clearing the configuration file: /config/core/app.conf
  40. Clearing the configuration file: /config/registry/passwd
  41. Clearing the configuration file: /config/registry/config.yml
  42. Clearing the configuration file: /config/registryctl/env
  43. Clearing the configuration file: /config/registryctl/config.yml
  44. Clearing the configuration file: /config/db/env
  45. Clearing the configuration file: /config/jobservice/env
  46. Clearing the configuration file: /config/jobservice/config.yml
  47. Generated configuration file: /config/log/logrotate.conf
  48. Generated configuration file: /config/log/rsyslog_docker.conf
  49. Generated configuration file: /config/nginx/nginx.conf
  50. Generated configuration file: /config/core/env
  51. Generated configuration file: /config/core/app.conf
  52. Generated configuration file: /config/registry/config.yml
  53. Generated configuration file: /config/registryctl/env
  54. Generated configuration file: /config/registryctl/config.yml
  55. Generated configuration file: /config/db/env
  56. Generated configuration file: /config/jobservice/env
  57. Generated configuration file: /config/jobservice/config.yml
  58. Creating harbor-log ... done
  59. Generated configuration file: /compose_location/docker-compose.yml
  60. Clean up the input dir
  63. Creating registry ... done
  64. Creating harbor-core ... done
  65. Creating network "harbor_harbor" with the default driver
  66. Creating nginx ... done
  67. Creating harbor-db ...
  68. Creating redis ...
  69. Creating registryctl ...
  70. Creating registry ...
  71. Creating harbor-portal ...
  72. Creating harbor-core ...
  73. Creating nginx ...
  74. Creating harbor-jobservice ...
  75. ✔ ----Harbor has been installed and started successfully.----
复制代码
加载使其见效
  1. [root@harbor harbor]# docker ps
  2. CONTAINER ID   IMAGE                                COMMAND                   CREATED         STATUS                   PORTS                                   NAMES
  3. 9572b7a8d0a8   goharbor/harbor-jobservice:v2.0.6    "/harbor/entrypoint.…"   5 minutes ago   Up 5 minutes (healthy)                                           harbor-jobservice
  4. 83b679a70258   goharbor/nginx-photon:v2.0.6         "nginx -g 'daemon of…"   5 minutes ago   Up 5 minutes (healthy)   0.0.0.0:80->8080/tcp, :::80->8080/tcp   nginx
  5. e7c53195c856   goharbor/harbor-core:v2.0.6          "/harbor/entrypoint.…"   5 minutes ago   Up 5 minutes (healthy)                                           harbor-core
  6. 37884d3bb185   goharbor/registry-photon:v2.0.6      "/home/harbor/entryp…"   5 minutes ago   Up 5 minutes (healthy)   5000/tcp                                registry
  7. d4de74c6b397   goharbor/harbor-portal:v2.0.6        "nginx -g 'daemon of…"   5 minutes ago   Up 5 minutes (healthy)   8080/tcp                                harbor-portal
  8. 3459fba85f4c   goharbor/harbor-db:v2.0.6            "/docker-entrypoint.…"   5 minutes ago   Up 5 minutes (healthy)   5432/tcp                                harbor-db
  9. febab24100f4   goharbor/redis-photon:v2.0.6         "redis-server /etc/r…"   5 minutes ago   Up 5 minutes (healthy)   6379/tcp                                redis
  10. 8b6f3d626464   goharbor/harbor-registryctl:v2.0.6   "/home/harbor/start.…"   5 minutes ago   Up 5 minutes (healthy)                                           registryctl
  11. 52a51aae1c1b   goharbor/harbor-log:v2.0.6           "/bin/sh -c /usr/loc…"   5 minutes ago   Up 5 minutes (healthy)   127.0.0.1:1514->10514/tcp               harbor-log
复制代码
CI机器简朴测试一下
  1. [root@jenkins ~]# cat /etc/docker/daemon.json
  2. {
  3.   "registry-mirrors": ["https://2tefyfv7.mirror.aliyuncs.com"]
  4. }
  5. [root@jenkins ~]# vim /etc/docker/daemon.json
复制代码
(2)、push一个镜像,可以在私仓的web页面检察

harbor
到这里。我们配置了镜像仓库
5、安装配置jenkins

操作服务器:  jenkins:192.168.112.10
(1)、镜像jenkins拉取
  1. [root@jenkins ~]# cat /etc/docker/daemon.json
  2. {
  3.   "registry-mirrors": ["https://2tefyfv7.mirror.aliyuncs.com"],
  4.   "insecure-registries": ["192.168.112.20"]
  5. }
复制代码
(2)、创建共享卷,修改所属组和用户,和容器里雷同

这里为什么要改成 1000,是因为容器里是以 jenkins 用户的身份去读写数据,而在容器里jenkins 的 uid 是 1000
  1. [root@jenkins ~]# systemctl daemon-reload
  2. [root@jenkins ~]# systemctl restart docker
复制代码
(3)、创建创建 jenkins 容器
  1. [root@jenkins ~]# docker login 192.168.112.20
  2. Username: admin
  3. Password:
  4. WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
  5. Configure a credential helper to remove this warning. See
  6. https://docs.docker.com/engine/reference/commandline/login/#credentials-store
  8. Login Succeeded
  9. [root@jenkins ~]# docker tag busybox 192.168.112.20/library/busybox
  10. [root@jenkins ~]# docker images
  11. REPOSITORY                       TAG       IMAGE ID       CREATED       SIZE
  12. 192.168.112.20/library/busybox   latest    beae173ccac6   2 years ago   1.24MB
  13. busybox                          latest    beae173ccac6   2 years ago   1.24MB
  14. beginor/gitlab-ce                latest    5595d4ff803e   5 years ago   1.5GB
  15. [root@jenkins ~]# docker push 192.168.112.20/library/busybox
  16. Using default tag: latest
  17. The push refers to repository [192.168.112.20/library/busybox]
  18. 01fd6df81c8e: Mounted from library/bysybox
  19. latest: digest: sha256:62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732dee size: 527
复制代码
访问jenkins
因为要修改 jenkins 的配置,所以此时关闭 jenkins 容器
  1. [root@jenkins ~]# docker pull jenkins/jenkins:latest
  2. latest: Pulling from jenkins/jenkins
  3. 0e29546d541c: Pull complete
  4. 11bbb8c402a7: Pull complete
  5. cf91f018150b: Pull complete
  6. a98e88c6f0f0: Pull complete
  7. f67fc70d671a: Pull complete
  8. edbe48067464: Pull complete
  9. fa23ca93dd6b: Pull complete
  10. 00159d993c13: Pull complete
  11. f28fb40a17cf: Pull complete
  12. 071d309df04b: Pull complete
  13. 78599f36e494: Pull complete
  14. 896a32d969fb: Pull complete
  15. 3f1a51ea9f7f: Pull complete
  16. 26e724f0bfad: Pull complete
  17. b377e1ae1384: Pull complete
  18. d3cdbe7e8b9f: Pull complete
  19. f3b40ebc3458: Pull complete
  20. Digest: sha256:c3fa8e7f70d1e873ea6aa87040c557aa53e6707eb1d5ecace7f6884a87588ac8
  21. Status: Downloaded newer image for jenkins/jenkins:latest
  22. docker.io/jenkins/jenkins:latest
复制代码
(4)、更换国内清华大学镜像,Jenkins下载插件特别慢,更换国内的清华源的镜像地址会快不少
  1. [root@jenkins ~]# mkdir /jenkins
  2. [root@jenkins ~]# chown 1000:1000 /jenkins
  3. # 这里为什么要改成 1000,是因为容器里是以 jenkins 用户的身份去读写数据,而在容器里jenkins 的 uid 是 1000
复制代码
"http://www.google.com/" 替换为 "http://www.baidu.com/"
  1. [root@jenkins ~]# docker run -dit -p 8080:8080 -p 50000:50000 --name jenkins  --privileged=true --restart=always -v /jenkins:/var/jenkins_home jenkins/jenkins:latest
  2. f250456a77abeb916eb36781eafd8c17e3aad8ec26d5f6e006df4956d234f445
  3. [root@jenkins ~]# docker ps | grep jenkins
  4. f250456a77ab   jenkins/jenkins:latest   "/sbin/tini -- /usr/…"   17 seconds ago   Up 16 seconds                0.0.0.0:8080->8080/tcp, :::8080->8080/tcp, 0.0.0.0:50000->50000/tcp, :::50000->50000/tcp                          jenkins
复制代码
替换后检察
  1. [root@jenkins ~]# docker stop jenkins
  2. jenkins
复制代码
(5)、重启docker,获取登录密匙
  1. [root@jenkins jenkins]# cat /jenkins/hudson.model.UpdateCenter.xml
  2. <?xml version='1.1' encoding='UTF-8'?>
  3. <sites>
  4.   <site>
  5.     <id>default</id>
  6.     <url>https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json</url>
  7.   </site>
  8. </sites>[root@jenkins jenkins]# sed -i  's#updates.jenkins.io/update-center.json#mirrors.nghua.edu.cn/jenkins/updates/update-center.json#g '  /jenkins/hudson.model.UpdateCenter.xml
  9. [root@jenkins jenkins]# cat /jenkins/hudson.model.UpdateCenter.xml                       <?xml version='1.1' encoding='UTF-8'?>
  10. <sites>
  11.   <site>
  12.     <id>default</id>
  13.     <url>https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json</url>
  14.   </site>
  15. </sites>
复制代码
需要修改jenkins绑定的docker的启动参数,ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2376 -H fd:// --containerd=/run/containerd/containerd.sock
  1. [root@jenkins jenkins]# yum install -y jq
  2. [root@jenkins jenkins]# cat /jenkins/updates/default.json | jq '.connectionCheckUrl'
  3. "https://www.google.com/"
  4. [root@jenkins jenkins]# cat /jenkins/updates/default.json | jq 'keys'
  5. [
  6.   "connectionCheckUrl",
  7.   "core",
  8.   "deprecations",
  9.   "generationTimestamp",
  10.   "id",
  11.   "plugins",
  12.   "signature",
  13.   "updateCenterVersion",
  14.   "warnings"
  15. ]
  16. [root@jenkins jenkins]# sed -i    s#http://www.google.com/#http://www.baidu.com/#g  /jenkins/updates/default.json
复制代码
修改镜像库启动参数后需要重启docker
  1. [root@jenkins jenkins]# cat /jenkins/updates/default.json | jq '.connectionCheckUrl'
  2. "https://www.baidu.com/"
  3. [root@jenkins jenkins]# cat /jenkins/updates/default.json | jq 'keys'                    [
  4.   "connectionCheckUrl",
  5.   "core",
  6.   "deprecations",
  7.   "generationTimestamp",
  8.   "id",
  9.   "plugins",
  10.   "signature",
  11.   "updateCenterVersion",
  12.   "warnings"
  13. ]
复制代码
(6)、安装 docker 插件

jenkins相关配置,这里的配置照着图片就好,需要配置一个docker集群供jenkins来根据Dockerfile构建镜像并push到私仓,这里docker集群即为CI服务器的docker
依此点击Manage Jenkins->Manage Plugins->AVAILABLE->Search 搜索docker、docker-build-step
修改镜像库启动参数,ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2376 -H fd:// --containerd=/run/containerd/containerd.sock
关联docker和jenkins
(7)、jenkins 安全设置

背面 gitlab 要和 jenkins 进行联动,所以必须要需要对 jenkins 的安全做一些设置,依次点击 体系管理-全局安全配置-授权计谋,勾选"匿名用户具有可读权限"
添加 JVM 运行参数 -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true 运行跨站请求访问
  1. [root@jenkins jenkins]# docker start jenkins
  2. jenkins
  3. [root@jenkins jenkins]# cat /jenkins/secret
  4. secret.key                secret.key.not-so-secret  secrets/
  5. [root@jenkins jenkins]# cat /jenkins/secrets/initialAdminPassword
  6. f54e4a2c7dd249ce9f7d4f15121005d8
复制代码
(8)、下载kubectl客户端工具

这里的话我们要通过jenkins上的kubectl客户端连接k8s,所以我们需要安装一个k8s的客户端kubectl,下载k8s客户端
  1. vim /lib/systemd/system/docker.service
  2. ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2376 -H fd:// --containerd=/run/containerd/containerd.sock
复制代码
同时需要编写Dockerfile文件来创建镜像
  1. [root@jenkins jenkins]# systemctl daemon-reload
  2. [root@jenkins jenkins]# systemctl restart docker
复制代码
jenkins输出
  1. [root@jenkins jenkins]# docker exec -u root -it jenkins /bin/bash
复制代码
6、访问hexo博客体系
  1. cat <<EOF > /etc/yum.repos.d/kubernetes.repo
  2. [kubernetes]
  3. name=Kubernetes
  4. baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
  5. enabled=1
  6. gpgcheck=1
  7. repo_gpgcheck=1
  8. gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
  9. EOF
  10. yum install kubelet-1.22.2 kubeadm-1.22.2 kubectl-1.22.2 -y
  11. systemctl enable kubelet && systemctl start kubelet
复制代码
访问hexo博客体系

免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。



欢迎光临 IT评测·应用市场-qidao123.com技术社区 (https://dis.qidao123.com/) Powered by Discuz! X3.4