寫在前面

聊聊CICD的環境搭建以及一個基于Hexo的博客系統在CICD流程中的配置Demo

很早就想著寫這樣一篇博文,但是沒有時間,之前寫了一半,正好春節假期把剩下的一般寫完.

本文屬于Devpos實戰類文章，基本沒有理論，所有，小伙伴需要對devops有些基本的了解，

博文中講的CICD屬于Devops的一部分

當然小伙伴們也可以找一些云服務商提供的商業的Depops平臺去學習，一般有免費的體驗，比如華為云的軟開云平臺。

博文涉及內容:

Gitlab+Jenkins+Docker+Harbor+K8S集群?的CICD搭建教程

在搭建好的CICD平臺上持續集成部署hexo博客系統，Demo有些簡陋，僅用于學習。

其中Gitlab+Jenkins?+Harbor都是通過容器化部署

篇幅有限，關于CD環境k8s集群這里用之前部署好的，并且已經做了kubeconfig證書,關于這方便感興趣小伙伴可以看看我之前的文章

下面為涉及到的機器：

上帝借由各種途徑使人變得孤獨，好讓我們可以走向自己。 ——赫爾曼·黑塞《德米安》

一、CICD服務器環境搭建

CI即為持續集成(Continue Integration,簡稱CI)，用通俗的話講，就是持續的整合版本庫代碼編譯后制作應用鏡像。建立有效的持續集成環境可以減少開發過程中一些不必要的問題、提高代碼質量、快速迭代等,

常用的工具和平臺有:

Jenkins:基于Java開發的一種持續集成工具,用于監控持續重復的工作,旨在提供一個開放易用的軟件平臺,使軟件的持續集成變成可能。

Bamboo: 是一個企業級商用軟件,可以部署在大規模生產環境中。

CD即持續交付Continuous Delivery和持續部署Continuous Deployment，用通俗的話說，即可以持續的部署到生產環境給客戶使用，這里分為兩個階段，持續交付我理解為滿足上線條件的過程，但是沒有上線，持續部署，即為上線應用的過程

關于CD環境，我們使用以前搭建好的K8s集群，K8s集群可以實現應用的健康檢測，動態擴容，滾動更新等優點，關于K8s集群的搭建，小伙伴可以看看我的其他文章

我們來搭建CI服務器:操作服務器： liruilongs.github.io：192.168.26.55

docker 環境安裝

拉取鏡像，啟動并設置開機自啟

┌──[root@liruilongs.github.io]-[~] └─$ yum -y install docker-ce ┌──[root@liruilongs.github.io]-[~] └─$ systemctl enable docker --now

配置docker加速器

sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://2tefyfv7.mirror.aliyuncs.com"] } EOF sudo systemctl daemon-reload sudo systemctl restart docker

1.安裝GitLab 并配置

GitLab 不多介紹。一個基于Git的版本控制平臺，,提供了Git倉庫管理、代碼審查、問題跟蹤、活動反饋和wiki，當然同時也提供了

┌──[root@liruilongs.github.io]-[~] └─$ docker pull beginor/gitlab-ce

┌──[root@liruilongs.github.io]-[~] └─$ mkdir -p /data/gitlab/etc/ /data/gitlab/log /data/gitlab/data ┌──[root@liruilongs.github.io]-[~] └─$ chmod 777 /data/gitlab/etc/ /data/gitlab/log /data/gitlab/data

┌──[root@liruilongs.github.io]-[~] └─$ docker run -itd --name=gitlab --restart=always --privileged=true -p 8443:443 -p 80:80 -p 222:22 -v /data/gitlab/etc:/etc/gitlab -v /data/gitlab/log:/var/log/gitlab -v /data/gitlab/data:/var/opt/gitlab beginor/gitlab-ce acc95b2896e8475915275d5eb77c7e63f63c31536432b68508f2f216d4fec634 ┌──[root@liruilongs.github.io]-[~] └─$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES acc95b2896e8 beginor/gitlab-ce "/assets/wrapper" 53 seconds ago Up 51 seconds (health: starting) 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:222->22/tcp, :::222->22/tcp, 0.0.0.0:8443->443/tcp, :::8443->443/tcp gitlab ┌──[root@liruilongs.github.io]-[~] └─$ ┌──[root@liruilongs.github.io]-[~] └─$#

切記:這里的端口要設置成80，要不push項目會提示沒有報錯，如果宿主機端口被占用，需要把這個端口騰出來

┌──[root@liruilongs.github.io]-[~] └─$ docker stop gitlab gitlab

external_url 'http://192.168.26.55’

┌──[root@liruilongs.github.io]-[~] └─$ cat /data/gitlab/etc/gitlab.rb | grep external_url ##! For more details on configuring external_url see: # external_url 'GENERATED_EXTERNAL_URL' # registry_external_url 'https://registry.gitlab.example.com' # pages_external_url "http://pages.example.com/" # gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4' # mattermost_external_url 'http://mattermost.example.com' ┌──[root@liruilongs.github.io]-[~] └─$ sed -i "/external_url 'GENERATED_EXTERNAL_URL'/a external_url\t'http://192.168.26.55' " /data/gitlab/etc/gitlab.rb ┌──[root@liruilongs.github.io]-[~] └─$ cat /data/gitlab/etc/gitlab.rb | grep external_url ##! For more details on configuring external_url see: # external_url 'GENERATED_EXTERNAL_URL' external_url 'http://192.168.26.55' # registry_external_url 'https://registry.gitlab.example.com' # pages_external_url "http://pages.example.com/" # gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4' # mattermost_external_url 'http://mattermost.example.com' ┌──[root@liruilongs.github.io]-[~] └─$

gitlab_rails[‘gitlab_ssh_host’] = '192.168.26.55’

┌──[root@liruilongs.github.io]-[~] └─$ cat /data/gitlab/etc/gitlab.rb | grep gitlab_ssh_host # gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com' ┌──[root@liruilongs.github.io]-[~] └─$ sed -i "/gitlab_ssh_host/a gitlab_rails['gitlab_ssh_host'] = '192.168.26.55' " /data/gitlab/etc/gitlab.rb ┌──[root@liruilongs.github.io]-[~] └─$ cat /data/gitlab/etc/gitlab.rb | grep gitlab_ssh_host # gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com' gitlab_rails['gitlab_ssh_host'] = '192.168.26.55' ┌──[root@liruilongs.github.io]-[~] └─$

gitlab_rails[gitlab_shell_ssh_port] = 222

┌──[root@liruilongs.github.io]-[~] └─$ cat /data/gitlab/etc/gitlab.rb | grep gitlab_shell_ssh # gitlab_rails['gitlab_shell_ssh_port'] = 22 ┌──[root@liruilongs.github.io]-[~] └─$ sed -i "/gitlab_shell_ssh_port/a gitlab_rails['gitlab_shell_ssh_port'] = 222" /data/gitlab/etc/gitlab.rb ┌──[root@liruilongs.github.io]-[~] └─$ cat /data/gitlab/etc/gitlab.rb | grep gitlab_shell_ssh # gitlab_rails['gitlab_shell_ssh_port'] = 22 gitlab_rails[gitlab_shell_ssh_port] = 222 ┌──[root@liruilongs.github.io]-[~] └─$

┌──[root@liruilongs.github.io]-[~] └─$ vim /data/gitlab/data/gitlab-rails/etc/gitlab.yml ┌──[root@liruilongs.github.io]-[~] └─$ ############################## gitlab: ## Web server settings (note: host is the FQDN, do not include http://) host: 192.168.26.55 port: 80 https: false

修改完配置文件之后。直接啟動容器

┌──[root@liruilongs.github.io]-[~] └─$ docker start gitlab

相關的git命令

PS F:\blogger> git init Initialized empty Git repository in F:/blogger/.git/ PS F:\blogger> git config --global user.name "Administrator" PS F:\blogger> git config --global user.email "admin@example.com" PS F:\blogger> git remote add origin http://192.168.26.55/root/blog.git PS F:\blogger> git add . PS F:\blogger> git commit -m "Initial commit" PS F:\blogger> git push -u origin master Enumerating objects: 322, done. Counting objects: 100% (322/322), done. Delta compression using up to 8 threads Compressing objects: 100% (302/302), done. Writing objects: 100% (322/322), 11.31 MiB | 9.22 MiB/s, done. Total 322 (delta 24), reused 0 (delta 0) remote: Resolving deltas: 100% (24/24), done. To http://192.168.26.55/root/blog.git * [new branch] master -> master Branch 'master' set up to track remote branch 'master' from 'origin'. PS F:\blogger>

2.安裝配置遠程鏡像倉庫harbor

下面我們要配置私有的docker鏡像倉庫，用到的機器為：

操作服務器:vms56.liruilongs.github.io:192.168.26.56

這里倉庫我們選擇harbor，因為有web頁面，當然也可以使用?registry

下面我們開始安裝

首先需要設置selinux、防火墻

┌──[root@vms56.liruilongs.github.io]-[~] └─#getenforce Disabled

┌──[root@vms56.liruilongs.github.io]-[~] └─#systemctl disable firewalld.service --now Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

安裝并啟動docker并安裝docker-compose，關于docker-compose，這里不用了解太多，一個輕量的docker編排工具

┌──[root@vms56.liruilongs.github.io]-[~] └─#yum install -y docker-ce ┌──[root@vms56.liruilongs.github.io]-[~] └─#yum install -y docker-compose

解壓harbor 安裝包：harbor-offline-installer-v2.0.6.tgz，導入相關鏡像

┌──[root@vms56.liruilongs.github.io]-[/] └─#ls bin dev harbor-offline-installer-v2.0.6.tgz lib machine-id mnt proc run srv tmp var boot etc home lib64 media opt root sbin sys usr ┌──[root@vms56.liruilongs.github.io]-[/] └─#tar zxvf harbor-offline-installer-v2.0.6.tgz harbor/harbor.v2.0.6.tar.gz harbor/prepare harbor/LICENSE harbor/install.sh harbor/common.sh harbor/harbor.yml.tmpl ┌──[root@vms56.liruilongs.github.io]-[/] └─#docker load -i harbor/harbor.v2.0.6.tar.gz

修改配置文件

┌──[root@vms56.liruilongs.github.io]-[/] └─#cd harbor/ ┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#ls common.sh harbor.v2.0.6.tar.gz harbor.yml.tmpl install.sh LICENSE prepare ┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#cp harbor.yml.tmpl harbor.yml ┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#ls common.sh harbor.v2.0.6.tar.gz harbor.yml harbor.yml.tmpl install.sh LICENSE prepare ┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#vim harbor.yml ┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#

harbor.yml：設置IP和用戶名密碼

4 # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. 5 hostname: 192.168.26.56 6 7 # http related config ....... 12 # https related config 13 #https: 14 # https port for harbor, default is 443 15 # port: 443 16 # The path of cert and key files for nginx 17 # certificate: /your/certificate/path 18 # private_key: /your/private/key/path .... 33 # Remember Change the admin password from UI after launching Harbor. 34 harbor_admin_password: Harbor12345 35 36 # Harbor DB configuration

./prepare && ./install.sh

┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#./prepare prepare base dir is set to /harbor WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml Generated and saved secret to file: /data/secret/keys/secretkey Successfully called func: create_root_cert Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir

┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#./install.sh [Step 0]: checking if docker is installed ... Note: docker version: 20.10.9 [Step 1]: checking docker-compose is installed ... Note: stopping existing Harbor instance ... Removing harbor-jobservice ... done Removing nginx ... done Removing harbor-core ... done Removing registry ... done Creating harbor-log ... done Removing harbor-portal ... done Removing redis ... done Removing network harbor_harbor Creating registry ... done Creating harbor-core ... done Creating network "harbor_harbor" with the default driver Creating nginx ... done Creating redis ... Creating registry ... Creating harbor-portal ... Creating registryctl ... Creating harbor-db ... Creating harbor-core ... Creating harbor-jobservice ... Creating nginx ... ? ----Harbor has been installed and started successfully.---- ┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#

查看相關的鏡像

┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 0efcf7b83dcf goharbor/nginx-photon:v2.0.6 "nginx -g 'daemon of…" 16 minutes ago Up 16 minutes (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx ee9d418c7cee goharbor/harbor-jobservice:v2.0.6 "/harbor/entrypoint.…" 16 minutes ago Up 16 minutes (healthy) harbor-jobservice 6052c481dbd0 goharbor/harbor-core:v2.0.6 "/harbor/entrypoint.…" 16 minutes ago Up 16 minutes (healthy) harbor-core 001ff83b037d goharbor/harbor-db:v2.0.6 "/docker-entrypoint.…" 17 minutes ago Up 16 minutes (healthy) 5432/tcp harbor-db 2ebc81356ef1 goharbor/harbor-registryctl:v2.0.6 "/home/harbor/start.…" 17 minutes ago Up 16 minutes (healthy) registryctl 6ca721c0fa75 goharbor/harbor-portal:v2.0.6 "nginx -g 'daemon of…" 17 minutes ago Up 16 minutes (healthy) 8080/tcp harbor-portal 2b06e2cf91ab goharbor/registry-photon:v2.0.6 "/home/harbor/entryp…" 17 minutes ago Up 16 minutes (healthy) 5000/tcp registry 2292a20780e2 goharbor/redis-photon:v2.0.6 "redis-server /etc/r…" 17 minutes ago Up 16 minutes (healthy) 6379/tcp redis a0e3e49cf9db goharbor/harbor-log:v2.0.6 "/bin/sh -c /usr/loc…" 17 minutes ago Up 17 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log ┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#

訪問測試

CI服務器的docker配置

這里因為我們要在192.168.26.55(CI服務器)上push鏡像到192.168.26.56(私倉)，所有需要修改CI服務器上的Docker配置。添加倉庫地址

操作服務器： liruilongs.github.io：192.168.26.55

┌──[root@liruilongs.github.io]-[~] └─$ cat /etc/docker/daemon.json { "registry-mirrors": ["https://2tefyfv7.mirror.aliyuncs.com"] } ┌──[root@liruilongs.github.io]-[~] └─$ vim /etc/docker/daemon.json

修改后的配置文件

┌──[root@liruilongs.github.io]-[~] └─$ cat /etc/docker/daemon.json { "registry-mirrors": ["https://2tefyfv7.mirror.aliyuncs.com"], "insecure-registries": ["192.168.26.56"] }

加載使其生效

┌──[root@liruilongs.github.io]-[~] └─$ systemctl daemon-reload ┌──[root@liruilongs.github.io]-[~] └─$ systemctl restart docker ┌──[root@liruilongs.github.io]-[~]

CI機器簡單測試一下

┌──[root@liruilongs.github.io]-[~] └─$ docker login 192.168.26.56 Authenticating with existing credentials... WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded ┌──[root@liruilongs.github.io]-[~] └─$ docker tag busybox 192.168.26.56/demo/busybox ┌──[root@liruilongs.github.io]-[~] └─$ docker push 192.168.26.56/demo/busybox Using default tag: latest The push refers to repository [192.168.26.56/demo/busybox] cfd97936a580: Pushed latest: digest: sha256:febcf61cd6e1ac9628f6ac14fa40836d16f3c6ddef3b303ff0321606e55ddd0b size: 527 ┌──[root@liruilongs.github.io]-[~] └─$

push一個鏡像，可以在私倉的web頁面查看

到這里。我們配置了鏡像倉庫

3.安裝配置jenkins

操作服務器： liruilongs.github.io：192.168.26.55

鏡像jenkins拉取

┌──[root@liruilongs.github.io]-[~] └─$ docker pull jenkins/jenkins:centos7-jdk8 。。。。。。 ┌──[root@liruilongs.github.io]-[~] └─$ docker history jenkins/jenkins:centos7-jdk8 IMAGE CREATED CREATED BY SIZE COMMENT de64a05279ba 5 days ago LABEL org.opencontainers.image.vendor=Jenkin… 0B buildkit.dockerfile.v0 5 days ago COPY install-plugins.sh /usr/local/bin/insta… 10.6kB buildkit.dockerfile.v0 。。。。。。。。。。 5 days ago ARG JENKINS_HOME=/var/jenkins_home 0B buildkit.dockerfile.v0 5 days ago ARG agent_port=50000 0B buildkit.dockerfile.v0 5 days ago ARG http_port=8080 0B buildkit.dockerfile.v0 5 days ago ARG gid=1000 0B buildkit.dockerfile.v0 5 days ago ARG uid=1000 0B buildkit.dockerfile.v0 5 days ago ARG group=jenkins 0B buildkit.dockerfile.v0 5 days ago ARG user=jenkins 0B buildkit.dockerfile.v0 5 days ago RUN |5 TARGETARCH=amd64 COMMIT_SHA=0b797f024… 10.4MB buildkit.dockerfile.v0 5 days ago COPY git_lfs_pub.gpg /tmp/git_lfs_pub.gpg # … 62.5kB buildkit.dockerfile.v0 5 days ago ARG GIT_LFS_VERSION=3.0.1 0B buildkit.dockerfile.v0 5 days ago ARG COMMIT_SHA 0B buildkit.dockerfile.v0 5 days ago ARG TARGETARCH 0B buildkit.dockerfile.v0 5 days ago RUN |2 TARGETARCH=amd64 COMMIT_SHA=0b797f024… 426MB buildkit.dockerfile.v0 5 days ago ARG COMMIT_SHA 0B buildkit.dockerfile.v0 5 days ago ARG TARGETARCH 0B buildkit.dockerfile.v0 5 days ago ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_AL… 0B buildkit.dockerfile.v0 7 weeks ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B 7 weeks ago /bin/sh -c #(nop) LABEL org.label-schema.sc… 0B 7 weeks ago /bin/sh -c #(nop) ADD file:b3ebbe8bd304723d4… 204MB ┌──[root@liruilongs.github.io]-[~] └─$

這里為什么要改成 1000，是因為容器里是以 jenkins 用戶的身份去讀寫數據，而在容器里jenkins 的 uid 是 1000，

┌──[root@liruilongs.github.io]-[~] └─$ mkdir /jenkins && chown 1000:1000 /jenkins ┌──[root@liruilongs.github.io]-[~] └─$ # 這里為什么要改成 1000，是因為容器里是以 jenkins 用戶的身份去讀寫數據，而在容器里jenkins 的 uid 是 1000，

┌──[root@liruilongs.github.io]-[~] └─$ cat jenkins.docker.sh docker run -dit -p 8080:8080 -p 50000:50000 --name jenkins --privileged=true --restart=always -v /jenkins:/var/jenkins_home jenkins/jenkins:centos7-jdk8 ┌──[root@liruilongs.github.io]-[~] └─$ docker run -dit -p 8080:8080 -p 50000:50000 --name jenkins --privileged=true --restart=always -v /jenkins:/var/jenkins_home jenkins/jenkins:centos7-jdk8 39afa098c8a56973ce1559d374b058b8e6091175b5b783d613a9f2e356827684 ┌──[root@liruilongs.github.io]-[~] └─$ docker ps | grep jenkins 39afa098c8a5 jenkins/jenkins:centos7-jdk8 "/sbin/tini -- /usr/…" 3 minutes ago Up 2 minutes 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp, 0.0.0.0:50000->50000/tcp, :::50000->50000/tcp jenkins

┌──[root@liruilongs.github.io]-[~] └─$ docker stop jenkins jenkins

更換國內清華大學鏡像,Jenkins下載插件特別慢，更換國內的清華源的鏡像地址會快不少

┌──[root@liruilongs.github.io]-[~] └─$ cat /jenkins/hudson.model.UpdateCenter.xml default https://updates.jenkins.io/update-center.json ┌──[root@liruilongs.github.io]-[~] └─$

┌──[root@liruilongs.github.io]-[~] └─$ sed -i 's#updates.jenkins.io/update-center.json#mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json#g ' /jenkins/hudson.model.UpdateCenter.xml ┌──[root@liruilongs.github.io]-[~] └─$ cat /jenkins/hudson.model.UpdateCenter.xml default https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json ┌──[root@liruilongs.github.io]-[~] └─$

"http://www.google.com/" 替換為 "http://www.baidu.com/"

yum -y install jq ┌──[root@liruilongs.github.io]-[~] └─$ cat /jenkins/updates/default.json | jq '.connectionCheckUrl' "http://www.google.com/" ┌──[root@liruilongs.github.io]-[~] └─$ cat /jenkins/updates/default.json | jq 'keys' [ "connectionCheckUrl", "core", "deprecations", "generationTimestamp", "id", "plugins", "signature", "updateCenterVersion", "warnings" ] ┌──[root@liruilongs.github.io]-[~] └─$ sed -i s#http://www.google.com/#http://www.baidu.com/#g /jenkins/updates/default.json

替換后查看

┌──[root@liruilongs.github.io]-[~] └─$ cat /jenkins/updates/default.json | jq '.connectionCheckUrl' "http://www.baidu.com/" ┌──[root@liruilongs.github.io]-[~] └─$ cat /jenkins/updates/default.json | jq 'keys' [ "connectionCheckUrl", "core", "deprecations", "generationTimestamp", "id", "plugins", "signature", "updateCenterVersion", "warnings" ] ┌──[root@liruilongs.github.io]-[~] └─$

重啟docker，獲取登錄密匙

┌──[root@liruilongs.github.io]-[~] └─$ docker start jenkins jenkins ┌──[root@liruilongs.github.io]-[~] └─$ ┌──[root@liruilongs.github.io]-[~] └─$ cat /jenkins/secrets/initialAdminPassword be15eaabc4c946de913dd5af8636cae9

需要修改jenkins綁定的docker的啟動參數，ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2376 -H fd:// --containerd=/run/containerd/containerd.sock

修改鏡像庫啟動參數后需要重啟docker

┌──[root@vms56.liruilongs.github.io]-[~] └─#systemctl daemon-reload ┌──[root@vms56.liruilongs.github.io]-[~] └─#systemctl restart docker

后面 gitlab 要和 jenkins 進行聯動，所以必須要需要對 jenkins 的安全做一些設置，依次點擊 系統管理-全局安全配置-授權策略，勾選"匿名用戶具有可讀權限"

添加 JVM 運行參數?-Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true?運行跨站請求訪問

┌──[root@liruilongs.github.io]-[~] └─$ docker exec -u root -it jenkins bash [root@39afa098c8a5 /]# ls anaconda-post.log bin dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var [root@39afa098c8a5 /]# vi /usr/local/bin/jenkins.sh [root@39afa098c8a5 /]# exit exit ┌──[root@liruilongs.github.io]-[~] └─$

這里的話我們要通過jenkins上的kubectl客戶端連接k8s,所以我們需要安裝一個k8s的客戶端kubectl，下載k8s客戶端

wget https://storage.googleapis.com/kubernetes-release/release/v1.22.2/bin/linux/amd64/kubectl

┌──[root@liruilongs.github.io]-[~] └─$ yum install -y kubectl-1.22.2-0 --disableexcludes=kubernetes

然后拷貝kubeconfig 證書,k8s集群中查看證書位置,這里的證書是之前創建好的,小伙伴可以看看我之前的文章

┌──[root@liruilongs.github.io]-[~] └─$ scp root@192.168.26.81:/root/ansible/k8s-rbac-create/kc1 . Warning: Permanently added '192.168.26.81' (ECDSA) to the list of known hosts. root@192.168.26.81's password: kc1 100% 5566 108.7KB/s 00:00

┌──[root@liruilongs.github.io]-[~] └─$ docker cp kc1 jenkins:/ ┌──[root@liruilongs.github.io]-[~] └─$ docker cp kubectl jenkins:/ ┌──[root@liruilongs.github.io]-[~] └─$

┌──[root@liruilongs.github.io]-[~] └─$ docker exec -u root -it jenkins bash [root@39afa098c8a5 /]# ls anaconda-post.log bin dev etc home kc1 kubectl lib lib64 media mnt opt proc root run sbin srv sys tmp usr var [root@39afa098c8a5 /]# ./kubectl --kubeconfi=kc1 get pods -A Error: unknown flag: --kubeconfi See 'kubectl get --help' for usage. [root@39afa098c8a5 /]# ./kubectl --kubeconfig=kc1 get pods -A Error from server (Forbidden): pods is forbidden: User "liruilong" cannot list resource "pods" in API group "" at the cluster scope

發現沒有權限，這里我們為了方便，直接賦予集群中的cluster-admin角色

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-rbac-create] └─$kubectl create clusterrolebinding test --clusterrole=cluster-admin --user=liruilong clusterrolebinding.rbac.authorization.k8s.io/test created ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-rbac-create] └─$

命令測試沒有問題

[root@39afa098c8a5 /]# ./kubectl --kubeconfig=kc1 get nodes NAME STATUS ROLES AGE VERSION vms81.liruilongs.github.io Ready control-plane,master 51d v1.22.2 vms82.liruilongs.github.io NotReady 51d v1.22.2 vms83.liruilongs.github.io NotReady 51d v1.22.2 [root@39afa098c8a5 /]#

二 、hexo博客系統CICD實戰

4. k8s集群中配置hexo生產環境高可用

我們要部署Nginx來運行hexo博客系統，hexo編譯完后為一堆靜態文件，所以我們需要創建一個svc和一個deploy，使用SVC提供服務，使用deploy提供服務能力,使用Nginx+hexo的靜態文件構成的鏡像

apiVersion: apps/v1 kind: Deployment metadata: creationTimestamp: null labels: app: nginx name: nginxdep spec: replicas: 2 selector: matchLabels: app: nginx strategy: {} template: metadata: creationTimestamp: null labels: app: nginx spec: containers: - image: blog name: web resources: requests: cpu: 100m restartPolicy: Always

deployments創建

這里我們先用一個Nginx鏡像來代替hexo博客的鏡像

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$kubectl apply -f nginx.yaml deployment.apps/nginxdep created

查看deployments和pod

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$kubectl get deployments.apps | grep nginxdep nginxdep 2/2 2 2 109s ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$kubectl get pods -o wide | grep web ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$kubectl get pods -o wide | grep nginxdep nginxdep-645bf755b9-2w8jv 1/1 Running 0 2m22s 10.244.171.164 vms82.liruilongs.github.io nginxdep-645bf755b9-jfqxj 1/1 Running 0 2m22s 10.244.171.157 vms82.liruilongs.github.io ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$

service創建

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$kubectl expose deploy nginxdep --port=8888 --target-port=80 --type=NodePort service/nginxdep exposed ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$kubectl get svc -o wide | grep nginxdep nginxdep NodePort 10.106.217.50 8888:31964/TCP 16s app=nginx

訪問測試沒有問題，之后我們配置好jenkins上的觸發器，直接替換就OK

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$curl 127.0.0.1:31964

Welcome to nginx!

If you see this page, the nginx web server is successfully installed and working. Further configuration is required.

For online documentation and support please refer to nginx.org.
Commercial support is available at nginx.com.

Thank you for using nginx.

5.k8s集群配置私倉地址

我們通過kubectl set命令更新deploy的鏡像時，獲取的鏡像是通過私倉獲取的，所以需要在啟動參數添加私倉地址

ExecStart=/usr/bin/dockerd --insecure-registry 192.168.26.56 -H fd:// --containerd=/run/containerd/containerd.sock

這里所有的節點都需要設置后重啟docker

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$vim /usr/lib/systemd/system/docker.service ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$systemctl daemon-reload ;systemctl restart docker & [1] 23273 ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$ssh root@192.168.26.82 Last login: Sun Jan 16 06:09:07 2022 from 192.168.26.1 ┌──[root@vms82.liruilongs.github.io]-[~] └─$vim /usr/lib/systemd/system/docker.service ┌──[root@vms82.liruilongs.github.io]-[~] └─$systemctl daemon-reload ;systemctl restart docker & [1] 26843 ┌──[root@vms82.liruilongs.github.io]-[~] └─$exit 登出 Connection to 192.168.26.82 closed.

6.jenkins配置CICD流程

訪問jenkins，接下來才是重點，我們要的jenkins上配置整個CICD流程，從而實現自動化

相關的文本信息

cd ~ rm -rf blog git clone http://192.168.26.55/root/blog.git

/var/jenkins_home/blog/ 192.168.26.56/library/blog:${BUILD_NUMBER}

export KUBECONFIG=/kc1; /kubectl set image deployment/nginxdep *="192.168.26.56/library/blog:${BUILD_NUMBER}" -n kube-system

7.配置 gitlab 和 jenkins 的聯動

到這里,聯動已經配置完成

8.編寫Dockerfile文件，更新代碼測試

下面我們編譯一下hexo，生成public的一個文件夾,然后上傳gitlab

PS F:\blogger> hexo g ..... PS F:\blogger> git add .\public\ PS F:\blogger> git commit -m "編譯代碼" PS F:\blogger> git push

同時需要編寫Dockerfile文件來創建鏡像

FROM docker.io/library/nginx:latest MAINTAINER liruilong ADD ./public/ /usr/share/nginx/html/ EXPOSE 80 CMD ["nginx", "-g","daemon off;"]

PS F:\blogger> git add . PS F:\blogger> git commit -m "Dockcerfile文件編寫" [master 217e0ed] Dockcerfile文件編寫 1 file changed, 1 deletion(-) PS F:\blogger> git push Enumerating objects: 5, done. Counting objects: 100% (5/5), done. Delta compression using up to 8 threads Compressing objects: 100% (3/3), done. Writing objects: 100% (3/3), 307 bytes | 307.00 KiB/s, done. Total 3 (delta 2), reused 0 (delta 0) To http://192.168.26.55/root/blog.git 6690612..217e0ed master -> master PS F:\blogger>

Started by remote host 192.168.26.1 Running as SYSTEM Building in workspace /var/jenkins_home/workspace/liruilong-cicd [liruilong-cicd] $ /bin/sh -xe /tmp/jenkins6108687102523328796.sh + cd /var/jenkins_home + rm -rf blog + git clone http://192.168.26.55/root/blog.git Cloning into 'blog'... Docker Build Docker Build: building image at path /var/jenkins_home/blog Step 1/5 : FROM docker.io/library/nginx:latest ---> f8f4ffc8092c Step 2/5 : MAINTAINER liruilong ---> Running in e341b5562b64 Removing intermediate container e341b5562b64 ---> 4e9f5aa47ab5 Step 3/5 : ADD ./public/ /usr/share/nginx/html/ ---> 3956cff32507 Step 4/5 : EXPOSE 80 ---> Running in b4c27124989d Removing intermediate container b4c27124989d ---> ba9d1764d764 Step 5/5 : CMD ["nginx", "-g","daemon off;"] ---> Running in 61dca01a4883 Removing intermediate container 61dca01a4883 ---> 2aadc5732a60 Successfully built 2aadc5732a60 Tagging built image with 192.168.26.56/library/blog:41 Docker Build Response : 2aadc5732a60 Pushing [192.168.26.56/library/blog:41] The push refers to repository [192.168.26.56/library/blog] 89570901cdea: Preparing 65e1ea1dc98c: Preparing 88891187bdd7: Preparing 6e109f6c2f99: Preparing 0772cb25d5ca: Preparing 525950111558: Preparing 476baebdfbf7: Preparing 525950111558: Waiting 476baebdfbf7: Waiting 88891187bdd7: Layer already exists 6e109f6c2f99: Layer already exists 65e1ea1dc98c: Layer already exists 0772cb25d5ca: Layer already exists 89570901cdea: Pushing [> ] 301.6kB/28.75MB 89570901cdea: Pushing [==> ] 1.193MB/28.75MB 476baebdfbf7: Layer already exists 525950111558: Layer already exists 89570901cdea: Pushing [======> ] 3.917MB/28.75MB 89570901cdea: Pushing [==========> ] 5.996MB/28.75MB 89570901cdea: Pushing [==============> ] 8.097MB/28.75MB 89570901cdea: Pushing [==================> ] 10.76MB/28.75MB 89570901cdea: Pushing [=====================> ] 12.57MB/28.75MB 89570901cdea: Pushing [========================> ] 13.8MB/28.75MB 89570901cdea: Pushing [=========================> ] 14.71MB/28.75MB 89570901cdea: Pushing [===========================> ] 15.59MB/28.75MB 89570901cdea: Pushing [=============================> ] 16.79MB/28.75MB 89570901cdea: Pushing [===============================> ] 18.27MB/28.75MB 89570901cdea: Pushing [=================================> ] 19.45MB/28.75MB 89570901cdea: Pushing [===================================> ] 20.34MB/28.75MB 89570901cdea: Pushing [=====================================> ] 21.55MB/28.75MB 89570901cdea: Pushing [=======================================> ] 22.44MB/28.75MB 89570901cdea: Pushing [=========================================> ] 23.64MB/28.75MB 89570901cdea: Pushing [==========================================> ] 24.52MB/28.75MB 89570901cdea: Pushing [============================================> ] 25.42MB/28.75MB 89570901cdea: Pushing [==============================================> ] 26.61MB/28.75MB 89570901cdea: Pushing [===============================================> ] 27.19MB/28.75MB 89570901cdea: Pushing [=================================================> ] 28.69MB/28.75MB 89570901cdea: Pushing [==================================================>] 29.32MB 89570901cdea: Pushed 41: digest: sha256:c90b64945a8d063f7bcdcc39f00f91b6d83acafcd6b2ec6aba5b070474bafc37 size: 1782 Cleaning local images [2aadc5732a60] Docker Build Done [liruilong-cicd] $ /bin/sh -xe /tmp/jenkins246013519648603221.sh + export KUBECONFIG=/kc1 + KUBECONFIG=/kc1 + /kubectl set image deployment/nginxdep '*=192.168.26.56/library/blog:41' -n kube-system deployment.apps/nginxdep image updated Finished: SUCCESS

9.訪問hexo博客系統

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$kubectl get deployments.apps | grep nginxdep nginxdep 2/2 2 2 30h ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$kubectl get pods -o wide | grep nginxdep nginxdep-bddfd9b5f-94d88 1/1 Running 0 110s 10.244.171.142 vms82.liruilongs.github.io nginxdep-bddfd9b5f-z57qc 1/1 Running 0 35m 10.244.171.177 vms82.liruilongs.github.io ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$kubectl get svc -o wide | grep nginxdep nginxdep NodePort 10.106.217.50 8888:31964/TCP 30h app=nginx ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create] └─$kubectl describe pods nginxdep-bddfd9b5f-94d88 Name: nginxdep-bddfd9b5f-94d88 Namespace: kube-system Priority: 0 Node: vms82.liruilongs.github.io/192.168.26.82 Start Time: Fri, 04 Feb 2022 03:11:14 +0800 Labels: app=nginx pod-template-hash=bddfd9b5f Annotations: cni.projectcalico.org/podIP: 10.244.171.142/32 cni.projectcalico.org/podIPs: 10.244.171.142/32 Status: Running IP: 10.244.171.142 IPs: IP: 10.244.171.142 Controlled By: ReplicaSet/nginxdep-bddfd9b5f Containers: web: Container ID: docker://669f48cb626d5067f40bb1aaa378268a7ee9879488b0b298a86271957c162316 Image: 192.168.26.56/library/blog:41 Image ID: docker-pullable://192.168.26.56/library/blog@sha256:c90b64945a8d063f7bcdcc39f00f91b6d83acafcd6b2ec6aba5b070474bafc37 Port: Host Port: State: Running Started: Fri, 04 Feb 2022 03:11:15 +0800 Ready: True Restart Count: 0 Requests: cpu: 100m Environment: Mounts: /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-trn5n (ro) Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled True Volumes: kube-api-access-trn5n: Type: Projected (a volume that contains injected data from multiple sources) TokenExpirationSeconds: 3607 ConfigMapName: kube-root-ca.crt ConfigMapOptional: DownwardAPI: true QoS Class: Burstable Node-Selectors: Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s node.kubernetes.io/unreachable:NoExecute op=Exists for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 4m10s default-scheduler Successfully assigned kube-system/nginxdep-bddfd9b5f-94d88 to vms82.liruilongs.github.io Normal Pulling 4m9s kubelet Pulling image "192.168.26.56/library/blog:41" Normal Pulled 4m9s kubelet Successfully pulled image "192.168.26.56/library/blog:41" in 67.814838ms Normal Created 4m9s kubelet Created container web Normal Started 4m9s kubelet Started container web

Docker Git Jenkins 鏡像服務

版權聲明：本文內容由網絡用戶投稿，版權歸原作者所有，本站不擁有其著作權，亦不承擔相應法律責任。如果您發現本站中有涉嫌抄襲或描述失實的內容，請聯系我們jiasou666@gmail.com 處理，核實后本網站將在24小時內刪除侵權內容。

版權聲明：本文內容由網絡用戶投稿，版權歸原作者所有，本站不擁有其著作權，亦不承擔相應法律責任。如果您發現本站中有涉嫌抄襲或描述失實的內容，請聯系我們jiasou666@gmail.com 處理，核實后本網站將在24小時內刪除侵權內容。