亚洲高清A∨在线,91亚洲国产成人久久精,日本一级做a爱片,国产一级黄色片视频,伊人无码在线,cao国产,A∨视频在线免费观看,蜜桃入口

gitlab-pipeline

Gitlab + Jenkins + k8s 實現(xiàn)企業(yè) CI/CD 落地

1、啟動 docker、kubernetes（docker-desktop Mac本地環(huán)境)

2、使用K8s集群啟動 jenkins

      apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: jenkins
rules:
- apiGroups: [""]
resources: ["pods"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
  verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
---
apiVersion: v1
kind: Service
metadata:
name: jenkins
spec:
  selector:
app: jenkins
type: NodePort
  ports:
  - name: http
port: 8080
targetPort: 8080
protocol: TCP
  - name: agent
port: 50000
protocol: TCP
targetPort: 50000
---
apiVersion: apps/v1
kind: Deployment  
metadata:  
name: jenkins
spec:  
replicas: 1 
selector: 
    matchLabels:
app: jenkins
strategy:  
type: RollingUpdate  
rollingUpdate:  
maxSurge: 2  
maxUnavailable: 0  
template:  
metadata:  
labels:  
app: jenkins  
    spec:
      securityContext:
fsGroup: 1000
serviceAccountName: jenkins
containers:  
      - name: jenkins
image: jenkinsci/blueocean:latest
imagePullPolicy: IfNotPresent  
ports:  
        - containerPort: 8080  
name: web  
protocol: TCP  
        - containerPort: 50000  
name: agent  
protocol: TCP  
volumeMounts:  
        - name: jenkins-home
          mountPath: /var/jenkins_home
env:  
        - name: LIMITS_MEMORY
          valueFrom:
            resourceFieldRef:
resource: limits.memory
divisor: 1Mi
        - name: JAVA_OPTS
# 解決jenkins 2.2以上版本無法關閉跨站請求偽造保護  -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true
value: -Xmx$(LIMITS_MEMORY)m -XshowSettings:vm -Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85 -Duser.timezone=Asia/Shanghai -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true 
volumes:  
      - name: jenkins-home
        hostPath:
path: "/home/jenkins"

配置觸發(fā)遠程構建，也可以不配置手動構建，配置的作用就是，git提交代碼后，會向jenkins發(fā)送webhook，通知jenkins開始構建項目（jenkins 安裝 gitlab 的插件，可以使用secret token的方式配置令牌）

3、啟動 gitlab（本地docker跑的）

      docker pull registry.cn-hangzhou.aliyuncs.com/imooc/gitlab-ce:latest

# 編寫啟動腳本，并配置 hosts

cat <<EOF > start.sh
#!/bin/bash
HOST_NAME=gitlab.localhost.com
GITLAB_DIR=`pwd`
docker stop gitlab
docker rm gitlab
docker run -d \\
    --hostname \${HOST_NAME} \\
-p 8443:443 -p 8080:80 -p 2222:22 \\
--name gitlab \\
    -v \${GITLAB_DIR}/config:/etc/gitlab \\
    -v \${GITLAB_DIR}/logs:/var/log/gitlab \\
    -v \${GITLAB_DIR}/data:/var/opt/gitlab \\
    registry.cn-hangzhou.aliyuncs.com/imooc/gitlab-ce:latest
EOF

# 給 start.sh 執(zhí)行權限
chmod + x start.sh

把 gitlab-pipeline 的代碼丟到你本地的 gitlab 倉庫，然后配置 webhook，由于 gitlab 是從 docker 啟動的，需要訪問宿主機的IP?http://host.docker.internal，所以應該是http://host.docker.internal:30802/job/gitlab-pipeline/build?token=123456

4、jenkins 收到 gitlab 的 webhook 請求，開始構建（gitlab 提交代碼 jenkins 就會收到 webhook 請求）

5、為 jenkins 配置 gitlab 憑據(jù)

6、為 jenkins 配置阿里云鏡像倉庫（registry.cn-beijing.aliyuncs.com）的憑據(jù)

7、給 jenkins 配置 k8s 憑據(jù)

先安裝 Kubernetes Continuous Deploy 插件，然后創(chuàng)建對應的憑據(jù)（就是把 .kube/config 的內容粘貼過來）

8、生成三個憑據(jù)如下

9、記錄憑據(jù)的ID后面會在寫 Jenkinsfile 用到

      gitlab -> bda1c18e-3c03-48db-85d2-0910405ab8c7
阿里云鏡像 -> e79820d3-2996-4f19-b69c-3171836c0eaf
k8s -> 987545c2-1be9-4d64-a8a5-ecfb163d5fbb

10、k8s 添加 aliyun 倉庫 secret

      kubectl create secret docker-registry aliyun-pull-secret --docker-username=用戶名 \
--docker-password=密碼 \
--docker-email=郵箱 \
--docker-server=registry.cn-beijing.aliyuncs.com