Kubernetes Cluster uses Jenkins to continue publishing

Operational environment readiness and related software requirements

1. Production-grade Kubernetes cluster recommended 1.8 or later

2.Gitlab Docker Image Slpcat/gitlab-ce

3.Jenkins Docker Image

Jenkins master image Slpcat/kube-jenkins-service has been installed with various plugins required, preconfigured with Kubernetes management Jenkins slave Jenkins slave image slpcat/kube- Jenkins-dind-agent
Support for JNLP protocol, GIT source management, and Docker in Docker

4.Docker Private Image Warehouse, user name password, for storing the generated Docker image

Implement functions and goals

1.gitlab and Jenkins use OpenID unified authentication, authentication source is Gitlab account

2.Jenkins using Kubernetes for distributed build tasks

3.Jenkins automatically publishes business within the Kubernetes cluster pod,svc

4. Nail Robot informs Jenkins task build progress and results

5. The ultimate goal is for developers to run GIT push commit code, the business runs automatically, without human intervention

installation process

Building Kubernetes Clusters

Slightly

Installing Gitlab to Kubernetes

Using persistent storage image Slpcat/gitlab-ce

Intra-cluster domain name gitlab.default.svc.cluster.local external domain name git.example.com

Configuration sample: Https://github.com/slpcat/docker-images/tree/master/gitlab-ce Install Jenkins to Kubernetes

Using persistent storage

Need to create ServiceAccount authorized Jenkins full access to kubernetes cluster mirror Slpcat/kube-jenkins-service

Intra-cluster domain name jenkins.default.svc.cluster.local external domain name jenkins.example.com

Configuration Sample: Https://github.com/slpcat/docker-images/tree/master/kube-jenkins-service

Related feature configuration

JENKISN using Gitlab Certified user Gitlab to build applications

Admin area–>applications->new Application

Application Name:jenkins

Callbackurl:http://jenkins.example.com/securityrealm/finishlogin

Scops:read_user, OpenID

Note the application Id and Secret

Jenkins Security settings System Management-Global security management

Enable Gitlab user authentication tick Gitlab authentication Plugin gitlab Web URI fill Gitlab server address http://git.example.com gitlab API URI fill Gitla b Server Address Http://git. example.com Client ID fill in the previous step Gitlab server generated application ID Client Secret fill in one step Gitlab server-generated Secret

Authorization policy: Login user can do anything allow anonymous read access

Save, Jenkins home point login, jump Gitlab user login, enter gitlab user name password, and then display the following page

Dot Authorize login into Jenkins

Jenkins uses kubernetes clusters to create pods as slave

System Management? System settings? New Cloud Option Kubernetes

Name Fill Kubernetes

Kubernetes URL fill https://kubernetes.default.svc.cluster.local Kubernetes Namespace fill Default

Credentials Fill This service account with Jenkins

Then test the connection

Jenkins URL Fill http://jenkins.default.svc.cluster.local:8080

Create a kubernetes pod template for Jenkins slave

Defaults Provider Template Name fill Jenkins-slave

Kubernetes Pod template Name fill jnlp-slave Namespace fill the default Labels fill in Jnlp-slave Container Template name to fill in the JNLP

Docker Image fill slpcat/kube-jenkins-dind-agent working directory/home/jenkins

Command to run slave agent empty

Arguments to pass to the command fill ${computer.jnlpmac} ${computer.name}

Advanced Inside

Run in privileged mode to check the privileged modes running pod

Project Release Process

1. Developer runs Git push commit code to Gitlab code base

2.Gitlab Web Hook triggers Jenkins build task

3.Jenkins Master creates Jenkins slave using kubernetes clusters

4.jenkins slave perform actions based on build task definition

0gitlab code base download Project code, make Docker image according to Dockerfile definition, upload docker image to private warehouse registry, generate Kubernetes configuration file according to template, and finally deploy image to Kubernets run
5. Task complete, send notification using nail-nailing robot

DevOPS Practices and requirements

Project code and service template each git project content is as follows

Dockerfile: Mirroring the Build file

Kubernetes:kubernetes related Profile Templates directory Deploy SVC PVC etc.
Www_root: Business Code Catalog
and other configuration files and scripts (add as needed)

Jenkins New Build task

Choose to build a free-style software project
General configuration

Fill in the name and description
Tick Restrict where this project can be run
Label Expression Fill Jnlp-slave
Restrict Run settings label expression Jnlp-slave

SOURCE Management

Repository URL
Fill in the Git address [email protected]/example_web.git
Credentials add git account name and SSH private key

Build trigger tick build when a change is pushed to GitLab

Note the trigger address and the generated Secret token

Setting up Web hooks within a Gitlab project
Project Name--settings--integrations

Fill in the trigger address and Secret token generated by Jenkins

Build Add Build Step
Docker Build and publish

Repository name fill in the image names
Tag fill image Tag This example uses ${uild_number} build number as Tag
Docker Registry URL fills in the private warehouse address https://registry.cn-beijing.aliyuncs.com/v2/
Registry credentials setting up a private warehouse user name and password
Deploy to kubernetes fill k8s voucher including address certificate, copy kubectl control user ~/.kubectl/config related fields
Config files fill in Project Kubernetes profile path comma delimited
Enable Variable Substitution in Config check variable substitution

Post-build actions
Nail Computer Client--nail group--group setup--group robot--add group robot--Custom

Write down Access_token.

Jenkins increases post-build operation Steps-Nail notifier configuration

Jenkins URL Fill http://jenkins.example.com/
Nail access token fill in the generated Acess_token string
Tick the appropriate notification options

Demo Task Build Console output

Demo Nail Group Build Notification

Kubernetes Cluster uses Jenkins to continue publishing