容器编排技术

一、前言

了解Jenkins的离线安装步骤
掌握Gitlab的使用和管理
了解CICD的配置步骤和方法

二、基础环境部署

机器	IP	作用
master	192.168.100.10	K8s 的 master 节点、Harbor 节点、CI/CD 节点
node	192.168.100.20	K8s 的 node 节点

在这两台机器上提前部署好 CentOS 7 + Docker + Kubernetes¹² + Harbor³ 环境，准备好 XianDian-PaaS-v2.4.iso 包⁴⁵

1. 安装 Jenkins 环境

1.1 查看 K8s 集群状态和节点信息

1
$ kubectl get cs
2
Warning: v1 ComponentStatus is deprecated in v1.19+
3
NAME                 STATUS    MESSAGE   ERROR
4
scheduler            Healthy   ok
5
controller-manager   Healthy   ok
6
etcd-0               Healthy
7
$ kubectl get nodes
8
NAME     STATUS   ROLES           AGE   VERSION
9
master   Ready    control-plane   31d   v1.27.16
10
node     Ready    <none>          31d   v1.27.16

1.2 安装 Jenkins

1
$  docker run -d --name jenkins -p 8080:8080 -u root \
2
-v /home/jenkins_home:/var/jenkins_home \
3
-v /var/run/docker.sock:/var/run/docker.sock \
4
-v $(which docker):/usr/bin/docker \
5
-v /usr/bin/kubectl:/usr/local/bin/kubectl \
6
-v /root/.kube:/root/.kube \
7
jenkins/jenkins:latest-jdk21
8
22f894f46083c2b8836ae4e4c67e0bf4e8cd2e09adcc29417d6b8b473dea1407

然后在电脑浏览器输入 http://192.168.100.10:8080 来访问 Jenkins

2.1.2.1

然后进入容器，输入密码

1
$ docker exec jenkins cat /var/jenkins_home/secrets/initialAdminPassword
2
2169d1cbaa1546f396c0571477d2ce6a

下面的 2169d1cbaa1546f396c0571477d2ce6a 就是我们的密码，输入密码并点击 “继续”

2.1.2.2

然后点击 “安装推荐的插件”

2.1.2.3

插件安装完成后自动转入管理员用户创建界面

2.1.2.4

输入用户信息，点击“保存并完成”

配置完URL后使用新建的用户登录 Jenkins

2.1.2.5

2. 部署 GitLab

2.1 启动 GitLab

GitLab 是利用 Ruby on Rails 一个开源的版本管理系统，实现一个自托管的 Git 项目仓库，可通过 Web 界面进行访问公开的或者私人项目。

与 Github 类似，GitLab 能够浏览源代码，管理缺陷和注释，可以管理团队对仓库的访问，它非常易于浏览提交过的版本并提供一个文件历史库，团队成员可以利用内置的简单聊天程序(Wall) 进行交流。Gitlab 还提供一个代码片段收集功能可以轻松实现代码复用，便于日后有需要的时候进行查找

本项目Gitlab与Harbor共用一台服务器

1
$ docker run -d -h gitlab -p 1022:22 -p 81:80 -p 443:443 \
2
--volume /srv/gitlab/config:/etc/gitlab \
3
--volume /srv/gitlab/gitlab/logs:/var/log/gitlab \
4
--volume /srv/gitlab/gitlab/data:/var/opt/gitlab \
5
--restart always --name mygitlab gitlab/gitlab-ce:latest
6
e87a1e5298f2c0430ad5f2269472e9f06cc2eddf71477fb28a6e8089cf46f8d4

GitLab 启动较慢，可以通过 docker logs 查看启动状态

1
$ docker logs mygitlab

启动完成后，在浏览器上访问 http://192.168.100.10:81 来进入刚刚搭建的本地 GitLab

然后设置 root 用户信息

2.2.1.1

然后使用 root 用户登录

2.2.1.2 2.2.1.3

2.2 创建项目

点击 “Create a project”(创建项目)，创建项目 “ChinaskillProject”，Visibility Level(可见等级) 设置为 “Public”

2.2.2.1

点击 “Create Project”(创建项目)，然后自动进入项目

2.2.2.2

根据提示，配置 SSH 公钥到 GitLab 上

1
$ ssh-keygen -t rsa
2
$ cat ~/.ssh/id_rsa.pub

然后复制出来的内容，到 GitLab 上

GitLab 上点击 “Add SSH Key”(添加 SSH 密钥)，在 Key 栏里面粘贴你刚才复制的内容，Title 默认即可，Expires at(有效期截至到) 随便选，然后点击 “Add Key”(添加密钥)

2.2.2.3

然后将之前准备好的 XianDian-PaaS-v2.4.iso⁴ 上传并挂载到虚拟机， git push 源代码到 GitLab 的 ChinaskillProject 项目

1
$ sudo yum install -y git
2
$ mount /root/XianDian-PaaS-v2.4.iso /mnt/
3
$ cp -rf /mnt/ChinaskillProject/ /opt
4
$ ls -al /opt/ChinaskillProject/
5
总用量 36
6
dr-xr-xr-x  13 root root 4096 12月 25 11:18 .
7
drwxr-xr-x.  5 root root   60 12月 25 11:18 ..
8
dr-xr-xr-x   3 root root   50 12月 25 11:18 account-service
9
dr-xr-xr-x   3 root root   50 12月 25 11:18 auth-service
10
dr-xr-xr-x   3 root root   50 12月 25 11:18 config
11
-r-xr-xr-x   1 root root  823 12月 25 11:18 docker-compose.dev.yml
12
-r-xr-xr-x   1 root root 4020 12月 25 11:18 docker-compose.yml
13
dr-xr-xr-x   3 root root   50 12月 25 11:18 gateway
14
dr-xr-xr-x   8 root root  185 12月 25 11:18 .git
15
-r-xr-xr-x   1 root root   68 12月 25 11:18 .gitignore
16
-r-xr-xr-x   1 root root 1107 12月 25 11:18 LICENCE
17
dr-xr-xr-x   3 root root   51 12月 25 11:18 mongodb
18
dr-xr-xr-x   3 root root   50 12月 25 11:18 monitoring
19
dr-xr-xr-x   3 root root   50 12月 25 11:18 notification-service
20
-r-xr-xr-x   1 root root  723 12月 25 11:18 pom.xml
21
-r-xr-xr-x   1 root root 1075 12月 25 11:18 README.md
22
dr-xr-xr-x   3 root root   50 12月 25 11:18 registry
23
dr-xr-xr-x   3 root root   50 12月 25 11:18 statistics-service
24
-r-xr-xr-x   1 root root 4428 12月 25 11:18 .travis.yml
25
dr-xr-xr-x   4 root root   35 12月 25 11:18 yaml
26

27
$ cd /opt/ChinaskillProject/
28
# 移除“指定远程目录”
29
$ git remote remove origin
30
# 指定“我们自己的”远程目录
31
$ git remote add origin http://192.168.100.10:81/root/chinaskillproject.git
32

33
$ git add .
34
$ git commit -m "Initial commit"
35
$ git push -u origin master
36
# 这里输入 root
37
Username for 'http://192.168.100.10:81': root
38
# 这里设置你刚才配置 GitLab 的时候配置的密码
39
Password for 'http://root@192.168.100.10:81':
40
Counting objects: 3192, done.
41
Delta compression using up to 8 threads.
42
Compressing objects: 100% (1428/1428), done.
43
Writing objects: 100% (3192/3192), 1.40 MiB | 0 bytes/s, done.
44
Total 3192 (delta 1233), reused 3010 (delta 1207)
45
remote: Resolving deltas: 100% (1233/1233), done.
46
To http://192.168.100.10:81/root/chinaskillproject.git
47
 * [new branch]      master -> master
48
分支 master 设置为跟踪来自 origin 的远程分支 master。

刷新网页，ChinaskillProject 项目中已经有我们刚刚 git push 上去的文件了

2.2.2.4

3. 配置 Jenkins 连接 GitLab

3.1 设置 Outbound requests(出站请求)

然后点击 “Settings” → “Network” → “Outbound requests”(出战请求) 旁边的 Expand(展开)

然后勾选 “Allow requests to the local network from web hooks and services”

在下面的输入栏里面输入 192.168.100.0/24

然后点击 “Save change”(保存设置)

2.3.1.1

3.2 创建 Github API Token

点击 GitLab 的用户头像，然后点击 “Settings” → “Access Token” 添加一个 Token

在 Scopes(范围) 上选上 “api” 和 “read_user”，其他的和上面一样，随便填一个就行，然后点击 “Create personal access token”(创建个人访问令牌)

2.3.2.1

然后复制 “Your New Personal Access Token”(你的新个人访问令牌) 栏里面的内容，后面配置 Jenkins 的时候需要用到

1
bWxAexndVn6N-XsmFHWz

2.3.2.2

3.3 设置 Jenkins

“GitLab”
“Generic Webhook Trigger”
“GitLab API”
“GitLab Authentication”
“GitLab Branch Source”
“Gitlab Merge Request Builder”
“GitLab Logo”

如果没有的话就到 “Available plugins”(可用插件) 去安装一下

然后回到 Jenkins Dashboard，点击 “Manage Jenkins”(管理 Jenkins/系统管理) → “System”(系统配置)

然后配置 GitLab 信息，取消勾选 “Enable authentication for ‘/project’ end-point” 然后在 “Credentials” 下面点击 “添加”

然后在类型里面选择 “GitLab API token”，“API token” 填入刚刚复制的 token

然后点击 “Test Connection”(测试连接)

2.3.3.1 2.3.3.2

4. 配置 Jenkins 连接 maven

4.1 安装 maven

由于我们这里的 Jenkins 是采用 Docker in Docker 的方式启动的，所以需要在 Jenkins 容器内安装 maven

1
# 下载 maven-3.6.3
2
$ curl -o /home/jenkins_home/apache-maven-3.6.3-bin.tar.gz https://archive.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz
3

4
# 进入 Docker 容器
5
$ docker exec -it jenkins /bin/bash
6
  $ tar -zxvf /var/jenkins_home/apache-maven-3.6.3-bin.tar.gz -C .
7
  $ mv apache-maven-3.6.3/ /usr/local/maven
8
  $ apt update -y && apt upgrade -y
9
  $ apt install -y vim
10
  $ vim ~/.bashrc
11
  # 文末加入
12
  export M2_HOME=/usr/local/maven
13
  export PATH=$PATH:$M2_HOME/bin
14

15
  $ source ~/.bashrc
16
  $ exit
17
# 退出容器重新进入
18
$ docker exec -it jenkins /bin/bash
19
  $ mvn -v
20
  Apache Maven 3.6.3 (cecedd343002696d0abb50b32b541b8a6ba2883f)
21
  Maven home: /usr/local/maven
22
  Java version: 21.0.5, vendor: Eclipse Adoptium, runtime: /opt/java/openjdk
23
  Default locale: en, platform encoding: UTF-8
24
  OS name: "linux", version: "3.10.0-1160.71.1.el7.x86_64", arch: "amd64", family: "unix"

4.2 连接 maven

往下翻找到 Maven，点击“新增Maven”，此处不要开启自动安装，所以不要勾选“自动安装”

然后把填入 Maven 路径填入 MAVEN_HOME ，应用保存即可

2.4.2.1

5. 部署 Harbor 仓库

5.1 安装 Harbor 仓库

Harbor 依赖 Docker 和 Docker Compose。因此，首先需要在系统中安装 Docker Compose

1
$ DOCKER_CONFIG=/usr/local/lib/docker/cli-plugins
2
$ sudo mkdir -p $DOCKER_CONFIG/cli-plugins
3
$ sudo curl -SL https://github.com/docker/compose/releases/download/v2.29.1/docker-compose-linux-x86_64 -o $DOCKER_CONFIG/cli-plugins/docker-compose
4
$ sudo chmod +x $DOCKER_CONFIG/cli-plugins
5
$ docker compose version

然后下载 Offline 版的 Harbor

1
$ sudo curl -O https://github.com/goharbor/harbor/releases/download/v2.12.1/harbor-offline-installer-v2.12.1.tgz
2

3
# 国内用户可以使用以下方式加快下载
4
$ sudo curl -O https://moka.anitsuri.top//image/13/Registry+Harbor/harbor-offline-installer-v2.11.1.tgz
5

6
$ sudo tar -zxf harbor-offline-installer-v2.12.1.tgz
7
$ cd harbor

然后修改配置文件，把 harbor.yml.tmpl 复制一个变成 harbor.yml

1
$ sudo cp harbor.yml.tmpl harbor.yml
2
$ sudo vi harbor.yml

修改/填写以下内容

1
# Configuration file of Harbor
2

3
# The IP address or hostname to access admin UI and registry service.
4
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
5
hostname: 192.168.100.10
6

7
# http related config
8
http:
9
  # port for http, default is 80. If https enabled, this port will redirect to https port
10
  port: 80
11

12
# https related config
13
# https:
14
  # https port for harbor, default is 443
15
  # port: 443
16
  # The path of cert and key files for nginx
17
  # certificate: /your/certificate/path
18
  # private_key: /your/private/key/path
19
  # enable strong ssl ciphers (default: false)
20
  # strong_ssl_ciphers: false
21

22
# # Harbor will set ipv4 enabled only by default if this block is not configured
23
# # Otherwise, please uncomment this block to configure your own ip_family stacks
24
# ip_family:
25
#   # ipv6Enabled set to true if ipv6 is enabled in docker network, currently it affected the nginx related component
26
#   ipv6:
27
#     enabled: false
28
#   # ipv4Enabled set to true by default, currently it affected the nginx related component
29
#   ipv4:
30
#     enabled: true
31

32
# # Uncomment following will enable tls communication between all harbor components
33
# internal_tls:
34
#   # set enabled to true means internal tls is enabled
35
#   enabled: true
36
#   # put your cert and key files on dir
37
#   dir: /etc/harbor/tls/internal
38

39

40
# Uncomment external_url if you want to enable external proxy
41
# And when it enabled the hostname will no longer used
42
# external_url: http://192.168.92.128:8433
43

44
# The initial password of Harbor admin
45
# It only works in first time to install harbor
46
# Remember Change the admin password from UI after launching Harbor.
47
harbor_admin_password: Harbor12345

在运行安装脚本前，需要先运行 prepare 脚本，来确保一切依赖和配置都已经就绪

1
$ ./prepare
2
prepare base dir is set to /root/harbor
3
Unable to find image 'goharbor/prepare:v2.12.1' locally
4
v2.12.1: Pulling from goharbor/prepare
5
0e5c20819ebf: Pull complete
6
1fb69a2a4ee3: Pull complete
7
c2aef12efe8a: Pull complete
8
79fdf0882382: Pull complete
9
eee2f1d222f1: Pull complete
10
125a453a0ce4: Pull complete
11
40b43804af0b: Pull complete
12
5979e246bb31: Pull complete
13
8d2c370a2c28: Pull complete
14
53eaa20ee0df: Pull complete
15
Digest: sha256:d0fcec61328185ddb5bfded6bf8b312428aa63b9bffe2a8d846452253234a898
16
Status: Downloaded newer image for goharbor/prepare:v2.12.1
17
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
18
Generated configuration file: /config/portal/nginx.conf
19
Generated configuration file: /config/log/logrotate.conf
20
Generated configuration file: /config/log/rsyslog_docker.conf
21
Generated configuration file: /config/nginx/nginx.conf
22
Generated configuration file: /config/core/env
23
Generated configuration file: /config/core/app.conf
24
Generated configuration file: /config/registry/config.yml
25
Generated configuration file: /config/registryctl/env
26
Generated configuration file: /config/registryctl/config.yml
27
Generated configuration file: /config/db/env
28
Generated configuration file: /config/jobservice/env
29
Generated configuration file: /config/jobservice/config.yml
30
Generated and saved secret to file: /data/secret/keys/secretkey
31
Successfully called func: create_root_cert
32
Generated configuration file: /compose_location/docker-compose.yml
33
Clean up the input dir
34

35
$ ./install.sh
36

37
[Step 0]: checking if docker is installed ...
38

39
Note: docker version: 26.1.4
40

41
[Step 1]: checking docker-compose is installed ...
42

43
Note: Docker Compose version v2.27.1
44

45
[Step 2]: loading Harbor images ...
46
581136816168: Loading layer [==================================================>]  17.21MB/17.21MB
47
cbf4f3cb0c26: Loading layer [==================================================>]  3.584kB/3.584kB
48
19ba001b8b03: Loading layer [==================================================>]   2.56kB/2.56kB
49
b41af00dcd76: Loading layer [==================================================>]  70.97MB/70.97MB
50
5b5f57643342: Loading layer [==================================================>]  5.632kB/5.632kB
51
5175984e7e7a: Loading layer [==================================================>]  126.5kB/126.5kB
52
c8faf279c61c: Loading layer [==================================================>]  201.7kB/201.7kB
53
3a0151c1eba9: Loading layer [==================================================>]  72.09MB/72.09MB
54
dbf86e000945: Loading layer [==================================================>]   2.56kB/2.56kB
55
Loaded image: goharbor/harbor-core:v2.12.1
56
7d2be923c4b3: Loading layer [==================================================>]  146.8MB/146.8MB
57
1b7e2d8bb9c9: Loading layer [==================================================>]  3.584kB/3.584kB
58
c433c2b34c5a: Loading layer [==================================================>]  3.072kB/3.072kB
59
902158d6f915: Loading layer [==================================================>]   2.56kB/2.56kB
60
e795d71404bd: Loading layer [==================================================>]  3.072kB/3.072kB
61
cec684dd57a5: Loading layer [==================================================>]  3.584kB/3.584kB
62
47d0e4a2c5c7: Loading layer [==================================================>]  20.48kB/20.48kB
63
Loaded image: goharbor/harbor-log:v2.12.1
64
594f33e86793: Loading layer [==================================================>]  22.04MB/22.04MB
65
e0a4bafe73dc: Loading layer [==================================================>]  191.7MB/191.7MB
66
26b746af8db7: Loading layer [==================================================>]  26.16MB/26.16MB
67
31dcafd9cb03: Loading layer [==================================================>]  18.54MB/18.54MB
68
abf08c52686b: Loading layer [==================================================>]   5.12kB/5.12kB
69
0007d565ec69: Loading layer [==================================================>]  6.144kB/6.144kB
70
6e863404971d: Loading layer [==================================================>]  3.072kB/3.072kB
71
94c8eba384cc: Loading layer [==================================================>]  2.048kB/2.048kB
72
1a5955f6795e: Loading layer [==================================================>]   2.56kB/2.56kB
73
8ce6cc317185: Loading layer [==================================================>]   7.68kB/7.68kB
74
Loaded image: goharbor/harbor-db:v2.12.1
75
71775c4c621c: Loading layer [==================================================>]  17.21MB/17.21MB
76
4003ab14e211: Loading layer [==================================================>]  3.584kB/3.584kB
77
beabc71b1223: Loading layer [==================================================>]   2.56kB/2.56kB
78
579b2f017459: Loading layer [==================================================>]   59.9MB/59.9MB
79
895f989740a0: Loading layer [==================================================>]  60.69MB/60.69MB
80
Loaded image: goharbor/harbor-jobservice:v2.12.1
81
9590068fe044: Loading layer [==================================================>]  14.26MB/14.26MB
82
0cb250c20318: Loading layer [==================================================>]  4.096kB/4.096kB
83
9dac56331be1: Loading layer [==================================================>]  18.14MB/18.14MB
84
5dc6f164dc78: Loading layer [==================================================>]  3.072kB/3.072kB
85
141d394a5d47: Loading layer [==================================================>]  37.13MB/37.13MB
86
2587acb702ad: Loading layer [==================================================>]  56.05MB/56.05MB
87
Loaded image: goharbor/harbor-registryctl:v2.12.1
88
dc1a7f40e575: Loading layer [==================================================>]  17.21MB/17.21MB
89
3f56a5b9b5d4: Loading layer [==================================================>]  37.15MB/37.15MB
90
d67a91463720: Loading layer [==================================================>]  4.608kB/4.608kB
91
cedc4b1b129a: Loading layer [==================================================>]  37.94MB/37.94MB
92
Loaded image: goharbor/harbor-exporter:v2.12.1
93
37959c9a5eac: Loading layer [==================================================>]  137.2MB/137.2MB
94
Loaded image: goharbor/nginx-photon:v2.12.1
95
d07b5c3ce0a9: Loading layer [==================================================>]  137.2MB/137.2MB
96
f60722775a24: Loading layer [==================================================>]  6.731MB/6.731MB
97
4c9a05314a30: Loading layer [==================================================>]  252.9kB/252.9kB
98
61258323c496: Loading layer [==================================================>]  1.497MB/1.497MB
99
Loaded image: goharbor/harbor-portal:v2.12.1
100
9a1a8734fa3c: Loading layer [==================================================>]  14.75MB/14.75MB
101
856558c960ff: Loading layer [==================================================>]  4.096kB/4.096kB
102
9bd63d8a60d9: Loading layer [==================================================>]  3.072kB/3.072kB
103
a89a7d8b1691: Loading layer [==================================================>]  133.9MB/133.9MB
104
008e693070f3: Loading layer [==================================================>]  15.55MB/15.55MB
105
cef35bccdc97: Loading layer [==================================================>]  150.3MB/150.3MB
106
Loaded image: goharbor/trivy-adapter-photon:v2.12.1
107
d17edfb68476: Loading layer [==================================================>]  22.06MB/22.06MB
108
a0f8af0fdb08: Loading layer [==================================================>]  126.6MB/126.6MB
109
27e661303e23: Loading layer [==================================================>]  3.072kB/3.072kB
110
3f0390c3788e: Loading layer [==================================================>]   59.9kB/59.9kB
111
f56e18460c59: Loading layer [==================================================>]  61.95kB/61.95kB
112
Loaded image: goharbor/redis-photon:v2.12.1
113
8b7f3238d8aa: Loading layer [==================================================>]  14.26MB/14.26MB
114
295711278366: Loading layer [==================================================>]  4.096kB/4.096kB
115
ddadeb03375d: Loading layer [==================================================>]  3.072kB/3.072kB
116
99bbf20549c8: Loading layer [==================================================>]  18.14MB/18.14MB
117
9237fc270c32: Loading layer [==================================================>]  18.93MB/18.93MB
118
Loaded image: goharbor/registry-photon:v2.12.1
119
Loaded image: goharbor/prepare:v2.12.1
120

121

122
[Step 3]: preparing environment ...
123

124
[Step 4]: preparing harbor configs ...
125
prepare base dir is set to /root/harbor
126
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
127
Clearing the configuration file: /config/portal/nginx.conf
128
Clearing the configuration file: /config/log/logrotate.conf
129
Clearing the configuration file: /config/log/rsyslog_docker.conf
130
Clearing the configuration file: /config/nginx/nginx.conf
131
Clearing the configuration file: /config/core/env
132
Clearing the configuration file: /config/core/app.conf
133
Clearing the configuration file: /config/registry/passwd
134
Clearing the configuration file: /config/registry/config.yml
135
Clearing the configuration file: /config/registryctl/env
136
Clearing the configuration file: /config/registryctl/config.yml
137
Clearing the configuration file: /config/db/env
138
Clearing the configuration file: /config/jobservice/env
139
Clearing the configuration file: /config/jobservice/config.yml
140
Generated configuration file: /config/portal/nginx.conf
141
Generated configuration file: /config/log/logrotate.conf
142
Generated configuration file: /config/log/rsyslog_docker.conf
143
Generated configuration file: /config/nginx/nginx.conf
144
Generated configuration file: /config/core/env
145
Generated configuration file: /config/core/app.conf
146
Generated configuration file: /config/registry/config.yml
147
Generated configuration file: /config/registryctl/env
148
Generated configuration file: /config/registryctl/config.yml
149
Generated configuration file: /config/db/env
150
Generated configuration file: /config/jobservice/env
151
Generated configuration file: /config/jobservice/config.yml
152
loaded secret from file: /data/secret/keys/secretkey
153
Generated configuration file: /compose_location/docker-compose.yml
154
Clean up the input dir
155

156

157
Note: stopping existing Harbor instance ...
158

159

160
[Step 5]: starting Harbor ...
161
[+] Running 10/10
162
 ✔ Network harbor_harbor        Created                                                                                    0.3s
163
 ✔ Container harbor-log         Started                                                                                    2.0s
164
 ✔ Container registryctl        Started                                                                                    2.9s
165
 ✔ Container redis              Started                                                                                    2.9s
166
 ✔ Container harbor-db          Started                                                                                    3.0s
167
 ✔ Container harbor-portal      Started                                                                                    3.0s
168
 ✔ Container registry           Started                                                                                    3.0s
169
 ✔ Container harbor-core        Started                                                                                    3.2s
170
 ✔ Container nginx              Started                                                                                    3.8s
171
 ✔ Container harbor-jobservice  Started                                                                                    3.7s
172
✔ ----Harbor has been installed and started successfully.----

5.2 配置 Harbor 到 Docker Daemon 文件

在两台机器上，编辑 /etc/docker/daemon.json 文件，把以下内容复制/添加进去

1
{
2
  "insecure-registries": [
3
    "192.168.100.10"
4
  ]
5
}

然后重新加载 daemon 并重新启动 Docker

1
$ sudo systemctl daemon-reload
2
$ sudo systemctl restart docker

然后耐心等待 Jenkins 和 GitLab 的容器恢复

5.3 关闭 containerd 的 HTTPS 请求

编辑 两台主机 的 /etc/containerd/config.toml 文件，修改或添加以下内容

1
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."192.168.100.10"]
2
  endpoint = ["http://192.168.100.10"]

然后重启 containerd 服务

1
$ sudo systemctl restart containerd

6. 配置 CI/CD

6.1 新建任务

2.6.1.1

然后在 “构建触发器” 一栏，勾选 “Build when a change is pushed to GitLab. GitLab webhook URL: http://192.168.100.10:8080/project/ChinaskillProject↗”

记录下 GitLab Webhook URL的地址(http://192.168.100.10:8080/project/ChinaskillProject)，后期配置 Webhook 需要使用

然后配置下方 “流水线”，然后点击下面的 “流水线语法”：“示例步骤” 选择 “git：Git”，将 ChinaskillProject 项目的 GitLab 地址填入“仓库 URL”

然后点一下 “凭据” 旁边的 “添加” 按钮，选择 “Jenkins”，类型选择 “Username with password”，用户名和密码为 GitLab 仓库的用户名和密码

2.6.1.2

添加凭据之后选择凭据，最后是这样的

2.6.1.3

然后点击 “生成流水线脚本”

2.6.1.4

然后记录生成的值

1
git credentialsId: '757b55dd-2337-4703-808d-bbf147610cd4', url: 'http://192.168.100.10:81/root/chinaskillproject.git'

将其写入下面的流水线脚本里面

这里是完整的流水线脚本

1
node {
2
    stage('git clone') {
3
        // Check CODE
4
        git credentialsId: '757b55dd-2337-4703-808d-bbf147610cd4', url: 'http://192.168.100.10:81/root/chinaskillproject.git'
5
    }
6
    stage('maven build') {
7
        sh '''/usr/local/maven/bin/mvn package -DskipTests -f /var/jenkins_home/workspace/ChinaskillProject'''
8
    }
9
    stage('image build') {
10
        sh '''
11
            echo $BUILD_ID
12
            docker build -t 192.168.100.10/chinaskillproject/gateway:$BUILD_ID -f /var/jenkins_home/workspace/ChinaskillProject/gateway/Dockerfile  /var/jenkins_home/workspace/ChinaskillProject/gateway
13
            docker build -t 192.168.100.10/chinaskillproject/config:$BUILD_ID -f /var/jenkins_home/workspace/ChinaskillProject/config/Dockerfile  /var/jenkins_home/workspace/ChinaskillProject/config
14
        '''
15
    }
16
    stage('test') {
17
        sh '''
18
            docker run -itd --name gateway 192.168.100.10/chinaskillproject/gateway:$BUILD_ID
19
            docker ps -a | grep chinaskillproject | grep Up
20
            if [ $? -eq 0 ]; then
21
                echo "Success!"
22
                docker rm -f gateway
23
            else
24
                docker rm -f gateway
25
                exit 1
26
            fi
27
        '''
28
    }
29
    stage('upload registry') {
30
        sh '''
31
            docker login 192.168.100.10 -u=admin -p=Harbor12345
32
            docker push 192.168.100.10/chinaskillproject/gateway:$BUILD_ID
33
            docker push 192.168.100.10/chinaskillproject/config:$BUILD_ID
34
        '''
35
    }
36
    stage('deploy Rancher') {
37
        // 执行部署脚本
38
        sh 'sed -i "s/sqshq\\/piggymetrics-gateway/192.168.100.10\\/chinaskillproject\\/gateway:$BUILD_ID/g" /var/jenkins_home/workspace/ChinaskillProject/yaml/deployment/gateway-deployment.yaml'
39
        sh 'sed -i "s/sqshq\\/piggymetrics-config/192.168.100.10\\/chinaskillproject\\/config:$BUILD_ID/g" /var/jenkins_home/workspace/ChinaskillProject/yaml/deployment/config-deployment.yaml'
40
        sh 'kubectl create ns ChinaskillProject'
41
        sh 'kubectl apply -f /var/jenkins_home/workspace/ChinaskillProject/yaml/deployment/gateway-deployment.yaml --kubeconfig=/root/.kube/config'
42
        sh 'kubectl apply -f /var/jenkins_home/workspace/ChinaskillProject/yaml/deployment/config-deployment.yaml --kubeconfig=/root/.kube/config'
43
        sh 'kubectl apply -f /var/jenkins_home/workspace/ChinaskillProject/yaml/svc/gateway-svc.yaml --kubeconfig=/root/.kube/config'
44
        sh 'kubectl apply -f /var/jenkins_home/workspace/ChinaskillProject/yaml/svc/config-svc.yaml --kubeconfig=/root/.kube/config'
45
    }
46
}

在 “脚本” 一栏里写入脚本之后即可点击 “Save” 或者是 “应用”

2.6.1.5

6.2 开启 Jenkins 匿名访问

2.6.2.1

6.3 配置 Webhook

点击 “Settings” → “Webhooks”，将前面记录的 GitLab Webhook URL 地址填入 URL 处，并禁用 SSL 认证

2.6.3.1

点击 “Add webhook” 添加 Webhook

2.6.3.2

然后点击 “Test”(测试) → “Push events”(推送活动) 进行测试

2.6.3.3

结果返回 HTTP 200 则表明 Webhook 配置成功

6.4 创建仓库项目

2.6.4.1

进入项目查看镜像列表，可以看到此时为空，无任何镜像

2.6.4.2

三、正式构建

触发 CI/CD

注意

在此之前，需要把 XianDian-PaaS-v2.4.iso 里面的 ./ChinaskillProject 项目下所有目录里面的 Dockerfile 的 java:8-jre 全都改成 openjdk:8-jre，然后重新上传 GitLab 仓库，否则会导致构建失败

解决方法之一：
- 在修改完内容之后，新文件夹是 /root/ChinaskillProject
  Terminal window
```
1
$ cd /root/ChinaskillProject
2
$ git remote remove origin
3
$ git remote add origin http://192.168.100.10:81/root/chinaskillproject.git
4
$ git add .
5
$ git commit -m "Initial commit"
6
$ git push -u origin master -f
```
- 然后刷新 GitLab，看 commit 时间是最近的说明成功
- 如果提示错误，就到 GitLab 的 ChinaskillProject 项目里，进入 “Settings”(设置) → ""

1. 触发构建

回到 GitLab 上的 “ChinaskillProject” 项目，点击 “Settings” → “Webhooks” 往下翻找到 “Test”(测试) 然后点击 “Push events”(推送活动) 即可正常构建

或者你也可以上传代码，来自动触发构建

1
$ docker cp /opt/repository/ jenkins:/root/.m2/
2
$ cd /opt/ChinaskillProject/
3
$ git add .
4
$ git commit -m "Initial commit"
5
$ git push -u origin master
6
Username for 'http://192.168.100.10:81': root
7
Password for 'http://root@192.168.100.10:81':
8
Counting objects: 3068, done.
9
Delta compression using up to 8 threads.
10
Compressing objects: 100% (1358/1358), done.
11
Writing objects: 100% (3068/3068), 1.39 MiB | 0 bytes/s, done.
12
Total 3068 (delta 1236), reused 3013 (delta 1207)
13
remote: Resolving deltas: 100% (1236/1236), done.
14
To http://192.168.100.10:81/root/chinaskillproject.git
15
 + 1b2901a...f44d317 master -> master (forced update)

2. Jenkins 查看

点击项目名称查看流水线阶段视图，点击左边最新的#（我这边是#2）里面的 “Console Output”(控制台输出) 可以看到详细的构建进程

3.2.1 3.2.2

3. Harbor 查看

进入 Harbor 仓库 chinaskillproject 项目查看镜像列表，可以看到已经自动上传了一个 gateway 和 config 镜像

3.3.1

4. Kubernertes 查看

Pod 的启动比较慢，需要等待 3~5 分钟，具体的时间需要看你分配的配置

我们可以在命令行查看 Pod

1
$ kubectl -n ChinaskillProject get pods
2
NAME                       READY   STATUS    RESTARTS       AGE
3
config-54cf699d8d-6pvx7    1/1     Running   0              2m29s
4
gateway-855db6cd7d-vhsqx   1/1     Running   1 (2m7s ago)   2m30s

查看 Service

1
$ kubectl -n ChinaskillProject get service
2
NAME      TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
3
config    NodePort   10.96.109.132    <none>        8888:30015/TCP   24m
4
gateway   NodePort   10.106.190.223   <none>        4000:30010/TCP   24m

然后访问 http://192.168.100.10:30010 访问服务

3.4.1

Docker + Kubernetes 可以根据这个脚本一键安装：AliYUM+Docker+K8s_CN.sh ↩
如果不可以，可以试试这个脚本（*需要海外网络环境）：AliYUM+Docker+K8s.sh ↩
如果不会搭建的可以查看【二、5】 ↩
XianDian-PaaS-v2.4.iso ↩ ↩²
如果链接失效，请联系 E-mail 或 B站私信↗ ↩

Thanks for reading!

基于 Kubernetes 的 CI/CD

周五 12月 27 2024

4335 字 · 27 分钟

Documentation 云运维工坊 Kubernetes Harbor CI/CD DevOps Jenkins git

基于 Kubernetes 的 CI/CD

容器编排技术

一、前言

二、基础环境部署

1. 安装 Jenkins 环境

1.1 查看 K8s 集群状态和节点信息

1.2 安装 Jenkins

2. 部署 GitLab

2.1 启动 GitLab

2.2 创建项目

3. 配置 Jenkins 连接 GitLab

3.1 设置 Outbound requests(出站请求)

3.2 创建 Github API Token

3.3 设置 Jenkins

4. 配置 Jenkins 连接 maven

4.1 安装 maven

4.2 连接 maven

5. 部署 Harbor 仓库

5.1 安装 Harbor 仓库

5.2 配置 Harbor 到 Docker Daemon 文件

5.3 关闭 containerd 的 HTTPS 请求

6. 配置 CI/CD

6.1 新建任务

6.2 开启 Jenkins 匿名访问

6.3 配置 Webhook

6.4 创建仓库项目

三、正式构建

触发 CI/CD

注意

1. 触发构建

2. Jenkins 查看

3. Harbor 查看

4. Kubernertes 查看

Footnotes

基于 Kubernetes 的 CI/CD