一、jenkins ci構建

def createVersion() {return new Date().format('yyyyMMddHHmmss') }pipeline {agent any environment {_version = createVersion()} parameters {gitParameter branchFilter: 'origin/(.*)', defaultValue: 'develop', name: 'BRANCH', type: 'PT_BRANCH'string defaultValue: 'mvn clean package -am -pl consumer', description: '打包命令', name: 'mvnArgs', trim: false} tools {maven 'MAVEN'jdk 'JDK'nodejs 'NODEJS'}stages {stage('pull') {steps {cleanWs()checkout([$class: 'GitSCM', branches: [[name: "${params.BRANCH}"]], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: 'bedxxxxxxxxxxxxxxx591a2af54', url: "http://git.com/api.git"]]])}}stage('MVN') {steps {sh "${params.mvnArgs}"}}stage('docker-build') {steps {script{env.COMMIT= sh(returnStdout: true, script: 'git rev-parse --short HEAD').trim()sh """#!/bin/bashecho ${COMMIT}echo ${_version}docker login test.com --username 1xxxxxx1 --password xxxxxxxxxxxxxcd vota-api-consumer/docker build --build-arg consumer -t test.com/dev/consumer:${params.BRANCH}-${COMMIT}-${_version} .docker push test.com/dev/consumer:${params.BRANCH}-${COMMIT}-${_version}docker rmi test.com/dev/consumer:${params.BRANCH}-${COMMIT}-${_version}echo "${params.BRANCH}-${COMMIT}-${_version}" > tagidcurl --location --request POST --insecure \'https://cicd:1xxxxxxxxxeb56f47001e9fa50@cdi-apicom/job/svw-devconsumer/buildWithParameters' \-F 'token=11bxxxxxxxf47001e9fa50' \-F "tag=`cat tagid`" \-F 'data={}'"""}}} }}

二、cd構建—k8s部署的jenkins

def label = "slave-${UUID.randomUUID().toString()}"podTemplate(label: label, containers: [containerTemplate(name: 'kubectl', image: 'cnych/kubectl', command: 'cat', ttyEnabled: true) ], serviceAccount: 'jenkins', volumes: [hostPathVolume(mountPath: '/home/jenkins/.kube', hostPath: '/var/lib/container/jenkins/.kube'), ]) {node(label) {parameters {// string defaultValue: ' ', description: '請輸入需要部署的consumer服務的image tag', name: 'image_tag', trim: falsestring defaultValue: 'tag', description: '鏡像tag', name: "COMMIT", trim: false//string defaultValue: 'Version', description: 'tage', name: "Version", trim: false}stage('運行 Kubectl') {container('kubectl') {// echo "${image_tag}"// echo "${service}-${COMMIT}-${Version}"sh "kubectl set image deployment/consumer consumer=test.com/dev/consumer:${tag} -n dev"}}} }

三、k8s部署jenkins

apiVersion: v1 kind: ServiceAccount metadata:name: jenkinsnamespace: dev---apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata:name: jenkins rules:- apiGroups: ["extensions", "apps"]resources: ["deployments"]verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]- apiGroups: [""]resources: ["services"]verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]- apiGroups: [""]resources: ["pods"]verbs: ["create","delete","get","list","patch","update","watch"]- apiGroups: [""]resources: ["pods/exec"]verbs: ["create","delete","get","list","patch","update","watch"]- apiGroups: [""]resources: ["pods/log"]verbs: ["get","list","watch"]- apiGroups: [""]resources: ["secrets"]verbs: ["get"]- apiGroups: [""]resources: ["persistentvolume", "persistentvolumeclaims"]verbs: ["update", "get", "list", "patch", "watch"]- apiGroups: [""]resources: ["configmaps"]verbs: ["create", "update", "get", "list", "patch", "watch"]--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:name: jenkinsnamespace: dev roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: jenkins subjects:- kind: ServiceAccountname: jenkinsnamespace: devjenkins.deploy.yamlapiVersion: v1 kind: Service metadata:name: jenkinsnamespace: devlabels:app: jenkins spec:selector:app: jenkinstype: NodePortports:- name: webport: 8080targetPort: webnodePort: 32080- name: agentport: 50000targetPort: agent --- apiVersion: apps/v1 kind: Deployment metadata:name: jenkinsnamespace: dev spec:selector:matchLabels:app: jenkinstemplate:metadata:labels:app: jenkinsspec:nodeSelector:cm: test #給節點打標簽 固定jenkinspod----因為會指定config認證文件，如果pod漂移就需要所有節點都已添加認證文件了terminationGracePeriodSeconds: 10serviceAccount: jenkinscontainers:# affinity:# nodeAffinity:# requiredDuringSchedulingIgnoredDuringExecution: # 硬策略# nodeSelectorTerms:# - matchExpressions:# - key: cm# operator: In# values:# - test- name: jenkins#image: jenkins:2.60.3image: jenkins/jenkins:ltsimagePullPolicy: IfNotPresentports:- containerPort: 8080name: web- containerPort: 50000name: agentresources:limits:cpu: 1000mmemory: 1Girequests:cpu: 500mmemory: 512MilivenessProbe:httpGet:path: /loginport: 8080initialDelaySeconds: 60timeoutSeconds: 5failureThreshold: 12readinessProbe:httpGet:path: /loginport: 8080initialDelaySeconds: 60timeoutSeconds: 5failureThreshold: 12volumeMounts:- name: jenkinshomemountPath: /var/jenkins_homesecurityContext:fsGroup: 1000runAsUser: 0volumes:- name: jenkinshomehostPath:path: /var/lib/container/jenkins #需要在同級目錄下創建添加.kube/config文件 pipeline要調用kubectl命令type: Directory# persistentVolumeClaim:# claimName: ota-jenkins-cd-pvc

四、jenkins遠程觸發配置

由于帶了map的選擇打包構建，會有參數來選擇service是發布哪一個

但是如果是遠程構建，遠程jenkins也采用map的形式，只能通過傳參來觸發構建

#需要第一個jenkins安裝插件Parameterized Remote Trigger

原理：jenkins接口調用
1.在cdjenkins新建cicd用戶

2.開啟全局安全配置


3.獲取CICD用戶遠程api-token

4.在需要被觸發的任務中選擇觸發遠程構建,并寫入身份驗證令牌

5.觸發
#https://用戶:api-token@jenkins地址/jenkins/job/任務名稱/build?token=身份驗證令牌

curl -X POST https://cicd:1131xxxxxxx71b84d466c06a8534b2f@jenkins_url/jenkins/job/${JOB_NAME}/build?token=bml5b3VsYWRxZGFkYXNkYWRhcWR4QEAjQCMK

帶參數觸發 echo "${params.BRANCH}-${COMMIT}-${_version}" > tagidcurl --location --request POST --insecure \'https://cicd:11be7bac2xxxxxxxxxx5eb56f47001e9fa50@cdi-api-gp-ota-dev.mos.csvw.com/job/svw-dev-cd-viov-security/buildWithParameters' \-F 'token=11be7bxxxxxxxxxxxxxx15eb56f47001e9fa50' \-F "tag=`cat tagid`" \-F 'data={}'

五、踩坑歷程

1.cdjenkins 構建報錯

解決：

1.在jenkins home path 也就是/var/lib/container/jenkins同級目錄下創建添加.kube/config文件

2.通過nodeselector給節點打標簽將jenkins pod 定死在一個認證的可執行kubectl的節點

解決：因為version參數在ci的jenkins是個變量，cd這邊不能通過遠程觸發傳參的方式獲取值

將鏡像的tag寫死在文件里，echo 進tagid的文件在通過cat獲取值，寫死成常量即可遠程傳參獲取

具體在ci的pipeline中體現

總結

以上是生活随笔為你收集整理的k8s环境之cicd部署+远程触发的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。