基于k8s构建迁移jenkins持续集成平台

#项目发布方案

蓝绿发布

灰度发布

滚动发布

#k8s默认发布策略

1个deployment

2个 replicasset

进行一对一的更新更新一个删除一个直到pod更新完毕

server 通过标签去关联replicasset

#发布流程设计

1. 项目文档

2. 项目业务现状

3. 项目的实施(测试环境迁移到线上) (思考迁移过去失败了怎么办或者是迁移过去一段时间失败了怎么办？能不能快速定位问题快速恢复)

4. 应急预案

sed -i 's/http:\/\/updates.jenkins-ci.org\/download/https:\/\/mirrors.tuna.tsinghua.edu.cn\/jenkins/g' default.json && \

sed -i 's/http:\/\/www.google.com/https:\/\/www.baidu.com/g' default.json

jenkins创建的job需要发布一个java项目?

1. JDK

2. maven

3. git

4. tomcat

job: 代码编译(maven) 构建镜像(docker) 拉取代码(git)

#部署项目到k8s中的参数构建怎么配置？

1. 分支

2. 命名空间

3. pod分别数

#k8s-secret docker仓库认证

kubectl create secret docker-registry registry-pull-secret --docker-username=admin --docker-password=Harbor12345 --docker-server=192.168.10.23

============================================================

// 所需插件: Git Parameter/Git/Pipeline/kubernetes/Kubernetes Continuous Deploy

// 公共

def registry = "192.168.10.23"

// 项目

def project = "dev"

def app_name = "java-demo"

def image_name = "${registry}/${project}/${app_name}:${BUILD_NUMBER}"

def git_address = "http://106.13.186.245:5555/root/java-demo.git"

// 认证

def secret_name = "registry-pull-secret"

def docker_registry_auth = "60946d6a-2259-4254-8f2c-108f7efdad8e"

def git_auth = "caf3e55d-0f12-4b03-a1bb-1b6ec2c2e189"

def k8s_auth = "de7eb761-d6d5-4692-b14f-c5ab13b10158"

pipeline {

agent {

kubernetes {

label "jenkins-slave"

yaml """

kind: Pod

metadata:

name: jenkins-slave

spec:

containers:

- name: jnlp

image: "${registry}/library/jenkins-slave-jdk:1.8"

imagePullPolicy: Always

volumeMounts:

- name: docker-cmd

mountPath: /usr/bin/docker

- name: docker-sock

mountPath: /var/run/docker.sock

- name: maven-cache

mountPath: /root/.m2

volumes:

- name: docker-cmd

hostPath:

path: /usr/bin/docker

- name: docker-sock

hostPath:

path: /var/run/docker.sock

- name: maven-cache

hostPath:

path: /tmp/m2

"""

}

parameters {

gitParameter branch: '', branchFilter: '.*', defaultValue: 'master', description: '选择发布的分支', name: 'Branch', quickFilterEnabled: false, selectedValue: 'NONE', sortMode: 'NONE', tagFilter: '*', type: 'PT_BRANCH'

choice (choices: ['1', '3', '5', '7'], description: '副本数', name: 'ReplicaCount')

choice (choices: ['dev','test','prod'], description: '命名空间', name: 'Namespace')

}

stages {

stage('拉取代码'){

steps {

checkout([$class: 'GitSCM',

branches: [[name: "${params.Branch}"]],

doGenerateSubmoduleConfigurations: false,

extensions: [], submoduleCfg: [],

userRemoteConfigs: [[credentialsId: "${git_auth}", url: "${git_address}"]]

])

}

stage('代码编译'){

steps {

sh """

mvn clean package -Dmaven.test.skip=true

"""

}

stage('构建镜像'){

steps {

withCredentials([usernamePassword(credentialsId: "${docker_registry_auth}", passwordVariable: 'password', usernameVariable: 'username')]) {

sh """

echo '

FROM ${registry}/library/tomcat:v1

LABEL maitainer lizhenliang

RUN rm -rf /usr/local/tomcat/webapps/*

ADD target/*.war /usr/local/tomcat/webapps/ROOT.war

' > Dockerfile

docker build -t ${image_name} .

docker login -u ${username} -p '${password}' ${registry}

docker push ${image_name}

"""

}

stage('部署到K8S平台'){

steps {

sh """

sed -i 's#IMAGE_NAME#${image_name}#' deploy.yaml

sed -i 's#SECRET_NAME#${image_name}#' deploy.yaml

#sed -i 's#SECRET_NAME#${secret_name}#' deploy.yaml

sed -i 's#RSCOUNT#${ReplicaCount}#' deploy.yaml

sed -i 's#NS#${Namespace}#' deploy.yaml

"""

kubernetesDeploy configs: 'deploy.yaml', kubeconfigId: "${k8s_auth}"

}

======================================================================

1. 怎么让持续部署插件读到yaml文件

yaml进行代码统一版本管理

2. 怎么和参数化构建集合

提供sed进行修改yaml的值

#使用jenkins的插件

git

kubernetes

pipeline

kubernetes continuous deploy

#CI/CD环境特点

slave弹性

基于镜像隔离构建环境

流水线发布容易维护

jenkins参数化构建可帮助完成更复杂的构建

小结:

0. 涉及的所以插件都需要安装

1. 修改环境变量的值

2. 参数化构建的名称就是变量可以在任何地方使用

3. 拉取的代码是提供git参数化构建动态获取分支

4. 一些认证信息都是保存到 jenkins认证里面 pipeline通过凭据ID获取

5. pipeline大多数代码片段都可以动态去生成

kuberctl rollback deployment 回滚方式