jenkins k8s pipeline

docker 启动脚本

1
2
3
4
5
6
7
8
docker run -d \
-p 8090:8080 -p 50000:50000 \
-u root \
-v /root/jenkins:/var/jenkins_home \
-v /usr/lib64/libltdl.so.7:/usr/lib/x86_64-linux-gnu/libltdl.so.7 \
-v /var/run/docker.sock:/var/run/docker.sock \
-v $(which docker):/usr/bin/docker \
--name jenkins jenkinszh/jenkins-zh:latest

pipeline

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
pipeline {
agent any
environment {
APP_NAME = "api-monitor-new"
GIT_BRANCH = "test123"
GIT_COMMIT_ID = "test123456"
CHART_NAME = "apple/api-monitor-new"
CHART_VERSION = 3.0
NEW_HARBOR_HOST = "harbor.apple.net"
BUILD_IMAGES_NAME = "${NEW_HARBOR_HOST}/php/${APP_NAME}:${GIT_BRANCH}"
KUBE_CONFIG = credentials("156485be-dbb8-4f8c-b3a2-15f3535049ad")
NAMESPACE = "default"
}

stages {
stage('Build') {
agent {
docker { image 'harbor.apple.net/php/golang:latest' }
}
steps {
sh 'echo Build stage ...'
git credentialsId: '1', url: 'http://gitlaball.apple.net/apple/middle/soa/api-monitor-new.git'
sh 'rm -rf ./output'
sh 'export CGO_ENABLED=0 ;chmod +x ./build.sh ; ./build.sh'
sh 'cd ./output && mkdir ./app && tar -zxvf *.gz -C ./app'
}
}
stage('Build Image') {
agent {
docker { image 'harbor.apple.net/php/docker:stable' }
}
steps {
withCredentials([usernamePassword(credentialsId: 'a00b4d01-c2e7-49af-9b1f-fcc382116911', usernameVariable: 'HARBOR_USER', passwordVariable: 'HARBOR_PWD')]) {
sh 'docker login -u "${HARBOR_USER}" -p "${HARBOR_PWD}" "${NEW_HARBOR_HOST}"'
}
sh 'cd ./output/app'
sh 'echo Dockerfile01 > .dockerignore'
sh 'echo FROM harbor.apple.net/php/alpine > Dockerfile01 && echo COPY . /app >> Dockerfile01'
sh 'docker build -t "$BUILD_IMAGES_NAME" -f Dockerfile01 .'
sh 'docker push "$BUILD_IMAGES_NAME"'
sh 'docker images'
}
}
stage('Deploy') {
agent {
docker { image 'harbor.apple.net/php/helm:3.0-rc2' }
}
steps {
sh 'mkdir -p ~/.kube && cat ${KUBE_CONFIG} > ~/.kube/config'
sh 'helm repo add apple https://harbor.apple.net/chartrepo/php'
sh 'helm repo update'
withCredentials([usernamePassword(credentialsId: 'a00b4d01-c2e7-49af-9b1f-fcc382116911', usernameVariable: 'HARBOR_USER', passwordVariable: 'HARBOR_PWD')]) {
sh 'helm upgrade ${APP_NAME} --install \
--set image.tag=${APP_TAG} \
--set gitBranch=${GIT_BRANCH} \
--set commitId=${GIT_COMMIT_ID} \
--username ${HARBOR_USER} --password ${HARBOR_PWD} \
--set nodeSelector.role="node" \
--force --wait --atomic --debug \
--namespace=${NAMESPACE} \
${CHART_NAME} --version ${CHART_VERSION} '
sh 'echo "soa.cicd.${APP_NAME}.status $? `date +%s`" | nc 172.2.5.5 32003'
}
sh 'helm list'
}
}
}
}

参考:

Gitlab+Jenkins Pipeline+Docker+k8s+Helm自动化部署实践

Jenkins CI/CD 集成 Git Secrets

Jenkins 凭证管理 - 看这一篇就够了~

Jenkins pipeline 隐藏密码