2.3. Jenkins配置
Jenkins 需要安装pipeline、Blueocean、kubernetes Continuous Deploy Plugin、Kubernetes Cli Plugin
2.3.1 配置harbor、k8sconfig 凭证
需要在jenkins的Manage Jenkins 中配置 私服、k8sconfig的凭证,后面插件部署需要用到其id
Manager Jenkins ->Security: Manage Credentials -> jenkins 全局凭证 -> 添加凭证
添加k8sconfig信息 会生成一个ID,保留好,后面jenkinsfile中会使用
还需要添加一个harbor 用户名密码的凭证(用户参考:2.4.1中harbor创建的用户),后面jenkins上传镜像 docker push的时候需要用到这个凭证的id
2.3.2 登录Jenkins:
2.3.3 创建流水线
2.3.4 配置流水线代码仓库
这里需要把下方提示的pubkey配置到gitlab用户的sshkeys中,这样可以通过jenkins在线更改,然后提交到gitlab中。
2.3.5 配置pipeline
2.3.6 jenkins配置:
Manage Jenkins -> Configure Sytem 配置gitlab;
Manage Jenkins -> CredentialsId ,配置harbor、k8s的访问凭证,后面需要用到凭证的id
2.3.7 配置 k8s config
正常部署jenkins to k8s 是可以通过插件调用前面配置的
2.3.8填写各种需要的步骤,保存 ,提交到gitlab 完成。
关于这段jenkinsfile,正常在deploy to k8s 时是应该使用KuberntestDeploy 的方法去发布,但是有点小问题,我这里直接使用kubectl 远程发布了,后面再看原因;远程发布 本机配置 远程k8s
的config 即可(一般路径都在:k8s master : ~/.k8s/config)拷贝到jenkins上即可。
最后可以在gitlab中 查看到生成的jenkinsfile如下:
pipeline {
agent any
stages {
stage('checkout') {
steps {
git(url: 'git@gitlab.toutiao.com:hyhub/ssp/adxcreativeauditservice-rust.git', branch: 'dev-4.1.0')
}
}
stage('pre build') {
steps {
sh '''sed -i \'s/profile=dev-tencent/profile=dev/g\' .env
cat > .dockerignore << EOF
target
EOF
cat > .cargo/config.toml << EOF
[source.crates-io]
replace-with = \'hy\'
[source.tuna]
registry = "https://mirrors.tuna.tsinghua.edu.cn/git/crates.io-index.git"
[source.hub]
registry = "https://crates.toutiao.com/crates.io-index"
EOF
sed -i \'s/127.0.0.1/0.0.0.0/g\' src/conf-dev.toml
'''
}
}
stage('build and push') {
steps {
sh '''REPOSITORY=reg.toutiao.com/hyhub/adxcreativeauditservice-rust:${branch}
cat > Dockerfile << EOF
FROM reg.toutiao.com/hyhub/rustlang/rust:nightly as base
WORKDIR /usr/local/src
ADD . .
RUN cargo build --release
FROM base as release
ENV profile=dev
WORKDIR /usr/local/src
COPY --from=base /usr/local/src/target/release/ctdistpkg .
CMD ["./ctdistpkg"]
EOF
docker build -t $REPOSITORY .
docker login reg.outiao.com -u test -p 123..Abc
docker push $REPOSITORY
'''
}
}
stage('deploy to k8s') {
steps {
sh '''cat > adxcreativeauditservice-deployment.yaml << EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: adxcreativeauditservice-deployment
namespace: default
labels:
app: adxcreativeauditservice
spec:
replicas: 2
selector:
matchLabels:
app: adxcreativeauditservice
template:
metadata:
labels:
app: adxcreativeauditservice
spec:
containers:
- name: adxcreativeauditservice
image: reg.toutiao.com/hyhub/adxcreativeauditservice-rust:${branch}
---
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: adxcreativeauditservice
name: adxcreativeauditservice
spec:
ports:
- name: 8080-18989
port: 8080
protocol: TCP
targetPort: 18989
selector:
app: adxcreativeauditservice
type: NodePort
status:
loadBalancer: {}
EOF
kubectl apply -f adxcreativeauditservice-deployment.yaml
'''
}
}
}
environment {
branch = 'dev-4.1.0'
}
}2.3.9 配置gitlab 监听push事件
- 配置jenkins(Manage Jenkins->Configure System -> 配置->Gitlab)
- Gitlab host URL 填写gitlab访问地址 Credentials 选择新建,类型选择GitLab API token
API token 参考:2.1.2,复制的Access Token,新增之后Credentials选择新建的Credentials,Test Connection没有问题选择保存。 - 配置 Git plugin(Manage Jenkins->Configure System -> 配置->Git plugin)
配置完成测试,显示success即可,保存
2.3.10 jenkins pipeline 流水线语法工具
选择对应的步骤,根据信息填写后,点击生成流水线脚本,即可,没用的可以删掉默认值即可;
kubernetesDeploy configs: 'deployment.yaml',\
dockerCredentials: [[credentialsId: '3ace8868-40f2-432f-993a-64f5cca2ac12', \
url: 'http://reg.toutiao.com']],
kubeconfigId: '834e9a9a-7e8d-42d6-a100-f36577962819'2.4. Harbor
2.4.1 创建用户
需要创建一个用于给jenkins提交镜像到harbor的普通用户
2.5 配置代理加速或者私服(RUST镜像站、maven仓库代理等)
2.5.1 安装基础环境
yum install nginx openssl openssl-devel fcgiwrap git -y
cd /data/git
#git 拉取crates在github上的代码
proxychains4 git clone https://github.com/rust-lang/crates.io-index.git
#需要的可以执行,我没执行,我只是拉取一次使用,正常大家都可以不用commit;
git add . && git commit
#写入新配置
cat > /data/git/crates.io-index/config.json << EOF
{
"dl": "https://crates.toutiao.com/api/v1/crates",
"api": "https://crates.toutiao.com"
}
EOF2.5.2 nginx 发布
server {
listen 80;
server_name crates.toutiao.com;
access_log logs/crates.access.log;
error_log logs/crates.error.log;
location ~ /crates.io-index/(.*) {
fastcgi_pass unix:/var/run/fcgiwrap.socket;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
# export all repositories under GIT_PROJECT_ROOT
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT /data/git/;
fastcgi_param PATH_INFO /crates.io-index/$1;
fastcgi_param REMOTE_USER $remote_user;
}
}
server {
listen 443 ssl;
server_name crates.toutiao.com;
index index.html index.htm;
ssl_certificate cert/server.pem; #需要将cert-file-name.pem替换成已上传的证书文件的名称。
ssl_certificate_key cert/server.key; #需要将cert-file-name.key替换已上传的证书密钥文件的名称。
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location ~ /crates.io-index/(.*) {
fastcgi_pass unix:/var/run/fcgiwrap.socket;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
# export all repositories under GIT_PROJECT_ROOT
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT /data/git/;
fastcgi_param PATH_INFO /crates.io-index/$1;
fastcgi_param REMOTE_USER $remote_user;
}
}
#运行fcgiwrap
nohup fcgiwrap -s unix:/var/run/fcgiwrap.socket &
#启动nginx
mkdir /usr/share/nginx/logs
systemctl enable nginx
systemctl start nginx
#配置sock 权限,否则nginx会提示502
chmod a+w /var/run/fcgiwrap.socket2.5.3 rust项目配置
[root@dev-creative-audit adxcreativeauditservice-rust]# pwd
/data/git/adxcreativeauditservice-rust
#项目目录下执行
cat > .cargo/config.toml << EOF
[source.crates-io]
replace-with = 'hy'
[source.tuna]
registry = "https://mirrors.tuna.tsinghua.edu.cn/git/crates.io-index.git"
[source.hylink]
registry = "https://crates.toutiao.com/crates.io-index"
EOF2.5.4 配置自动更新
建立 crates.io-index.sh
#!/bin/sh
cd /data/git/crates.io-index
git fetch
git merge origin/master --no-edit
git prune
exit 0
使用 cron 定时任务定时执行以上脚本,执行 crontab -e。
# 每两小时同步一次
0 */2 * * * sh /data/git/crates.io-index/crates.io-index.sh
本文暂时没有评论,来添加一个吧(●'◡'●)