首页
导航
统计
留言
更多
壁纸
直播
关于
推荐
星的魔法
星的导航页
谷歌一下
镜像国内下载站
大模型国内下载站
docker镜像国内下载站
腾讯视频
Search
1
Ubuntu安装 kubeadm 部署k8s 1.30
219 阅读
2
kubeadm 部署k8s 1.30
137 阅读
3
rockylinux 9.3详细安装drbd
131 阅读
4
rockylinux 9.3详细安装drbd+keepalived
122 阅读
5
ceshi
82 阅读
默认分类
日记
linux
docker
k8s
ELK
Jenkins
Grafana
Harbor
Prometheus
Cepf
k8s安装
Gitlab
traefik
sonarqube
OpenTelemetry
MinIOn
Containerd进阶使用
ArgoCD
golang
Git
Python
Web开发
HTML和CSS
JavaScript
对象模型
公司
zabbix
登录
/
注册
Search
标签搜索
k8s
linux
docker
drbd+keepalivde
ansible
dcoker
webhook
星
累计撰写
118
篇文章
累计收到
940
条评论
首页
栏目
默认分类
日记
linux
docker
k8s
ELK
Jenkins
Grafana
Harbor
Prometheus
Cepf
k8s安装
Gitlab
traefik
sonarqube
OpenTelemetry
MinIOn
Containerd进阶使用
ArgoCD
golang
Git
Python
Web开发
HTML和CSS
JavaScript
对象模型
公司
zabbix
页面
导航
统计
留言
壁纸
直播
关于
推荐
星的魔法
星的导航页
谷歌一下
镜像国内下载站
大模型国内下载站
docker镜像国内下载站
腾讯视频
搜索到
116
篇与
的结果
2025-08-03
jenkins添加节点-slave集群配置
一、Jenkins的Master/Slave机制Jenkins采用Master/Slave架构。Master/Slave相当于Server和agent的概念,Master提供web接口让用户来管理Job和Slave,Job可以运行在Master本机或者被分配到Slave上运行。一个Master可以关联多个Slave用来为不同的Job或相同的Job的不同配置来服务。 Jenkins的Master/Slave机制除了可以并发的执行构建任务,加速构建以外。还可以用于分布式自动化测试,当自动化测试代码非常多或者是需要在多个浏览器上并行的时候,可以把测试代码划分到不同节点上运行,从而加速自动化测试的执行。二、集群角色功能**Master:**Jenkins服务器。主要是处理调度构建作业,把构建分发到Slave节点实际执行,监视Slave节点的状态。当然,也并不是说Master节点不能跑任务。构建结果和构建产物最后还是传回到Master节点,比如说在jenkins工作目录下面的workspace内的内容,在Master节点照样是有一份的。 **Slave:**执行机(奴隶机)。执行Master分配的任务,并返回任务的进度和结果。Jenkins Master/Slave的搭建需要至少两台机器,一台Master节点,一台Slave节点(实际生产中会有多个Slave节点)。三、搭建步骤Master不需要主动去建立,安装Jenkins,在登录到主界面时,这台电脑就已经默认为master。 选择“Manage Jenkins”->“Manage Nodes and Clouds”,可以看到Master节点相关信息:四、为Jenkins添加Slave Node 4.1开启tcp代理端口jenkins web代理是指slave通过jenkins服务端提供的一个tcp端口,与jenkins服务端建立连接,docker版的jenkins默认开启web tcp代理,端口为50000,而自己手动制作的jenkins容器或者在物理机环境部署的jenkins,都需要手动开启web代理端口,如果不开启,slave无法通过web代理的方式与jenkins建立连接。 jenkins web代理的tcp端口不是通过命令启动的而是通过在全局安全设置中配置的,配置成功后会在系统上运行一个指定的端口4.2添加节点信息在Jenkins界面选择“Manage Jenkins”->“Manage Nodes and Clouds”->“New Node配置Agent信息Name:Slave机器的名字 Description:描述 ,不重要 随意填 Number of excutors:允许在这个节点上并发执行任务的数量,即同时可以下发多少个Job到Slave上执行,一般设置为 cpu 支持的线程数。[注:Master Node也可以通过此参数配置Master是否也执行构建任务、还是仅作为Jenkins调度节点] Remote root directory:用来放工程的文件夹,jenkins master上设置的下载的代码会放到这个工作目录下。 Lables:标签,用于实现后续Job调度策略,根据Jobs配置的Label选择Salve Node Usage:支持两种模式“Use this Node as much as possible”、“Only build Jobs with Label expressiong matching this Node”。选择“Only build Jobs with Label expressiong matching this Node”, 添加完毕后,在Jenkins主界面,可以看到新添加的Slave Node,但是红叉表示此时的Slave并未与Master建立起联系。4.3slave节点配置安装jdk#dnf -y install java-17-openjdk root@k8s-02:~# java -version openjdk version "17.0.16" 2025-07-15 LTS OpenJDK Runtime Environment Corretto-17.0.16.8.1 (build 17.0.16+8-LTS) OpenJDK 64-Bit Server VM Corretto-17.0.16.8.1 (build 17.0.16+8-LTS, mixed mode, sharing) 安装agent 点击节点信息,根据控制台提示执行安装agent命令root@k8s-02:~# curl -sO http://192.168.30.180:31530/jnlpJars/agent.jar root@k8s-02:~# java -jar agent.jar -url http://192.168.30.180:31530/ -secret 6e87c37900dfbdcff98099f6681f7b195a141de1cacb157679efc98f8fec2644 -name "k8s-02" -webSocket -workDir "/opt/jenkins" Aug 03, 2025 12:52:47 PM org.jenkinsci.remoting.engine.WorkDirManager initializeWorkDir INFO: Using /opt/jenkins/remoting as a remoting work directory Aug 03, 2025 12:52:47 PM org.jenkinsci.remoting.engine.WorkDirManager setupLogging INFO: Both error and output logs will be printed to /opt/jenkins/remoting Aug 03, 2025 12:52:47 PM hudson.remoting.Launcher createEngine INFO: Setting up agent: k8s-02 Aug 03, 2025 12:52:47 PM hudson.remoting.Engine startEngine INFO: Using Remoting version: 3309.v27b_9314fd1a_4 Aug 03, 2025 12:52:47 PM org.jenkinsci.remoting.engine.WorkDirManager initializeWorkDir INFO: Using /opt/jenkins/remoting as a remoting work directory Aug 03, 2025 12:52:47 PM hudson.remoting.Launcher$CuiListener status INFO: WebSocket connection open Aug 03, 2025 12:52:47 PM hudson.remoting.Launcher$CuiListener status INFO: Connected4.4查看agent状态指定Node调度策略 创建Job的页面,“General”下勾选“Restric where this project can be run”,填写Label Expression。
2025年08月03日
8 阅读
0 评论
0 点赞
2025-08-02
jenkins与SonarQube连接
一、jenkins安装插件 1.1下载SonarQube插件进入Jenkins的系统管理->插件管理->可选插件,搜索框输入sonarqube,安装重启。1.2启用SonarQubeJenkins的系统管理->系统配置,添加SonarQube服务。二、SonarQube配置 2.1禁用审查结果上传到SCM功能2.2生成token添加jenkin用户 token:squ_4bc173eb520dd35c176104baa1b899a992e88c88三、jenkins配置 3.1添加令牌Jenkins的系统管理->系统配置->添加token类型切换成Secret text,粘贴token,点击添加。选上刚刚添加的令牌凭证,点击应用保存。3.2SonarQube Scanner 安装进入Jenkins的系统管理->全局工具配置,下滑找到图片里的地方,点击新增SonarQube Scanner,我们选择自动安装并选择最新的版本。四、非流水线项目添加代码审查 4.1添加构建步骤编辑之前的自由风格构建的demo项目,在构建阶段新增步骤。analysis properties参数如下# 项目名称id,全局唯一 sonar.projectKey=sprint_boot_demo # 项目名称 sonar.projectName=sprint_boot_demo sonar.projectVersion=1.0 # 扫描路径,当前项目根目录 sonar.sources=./src # 排除目录 sonar.exclusions=**/test/**,**/target/** # jdk版本 sonar.java.source=1.17 sonar.java.target=1.17 # 字符编码 sonar.sourceEncoding=UTF-8 # binaries路径 sonar.java.binaries=target/classes4.2构建并查看结果jenkins点击立即构建,查看构建结果查看SonarQube扫描结果五、流水线项目添加代码审查 5.1创建sonar-project.properties文件项目根目录下,创建sonar-project.properties文件,内容如下# 项目名称id,全局唯一 sonar.projectKey=sprint_boot_demo # 项目名称 sonar.projectName=sprint_boot_demo sonar.projectVersion=1.0 # 扫描路径,当前项目根目录 sonar.sources=./src # 排除目录 sonar.exclusions=**/test/**,**/target/** # jdk版本 sonar.java.source=1.17 sonar.java.target=1.17 # 字符编码 sonar.sourceEncoding=UTF-8 # binaries路径 sonar.java.binaries=target/classes5.2修改Jenkinsfile加入SonarQube代码审查阶段pipeline { agent any stages { stage('拉取代码') { steps { echo '开始拉取代码' checkout([$class: 'GitSCM', branches: [[name: '*/master']], userRemoteConfigs: [[url: 'https://gitee.com/axzys/sprint_boot_demo.git']]]) echo '拉取代码完成' } } stage('打包编译') { steps { echo '开始打包编译' sh 'mvn clean package' echo '打包编译完成' } } stage('代码审查') { steps { echo '开始代码审查' script { // 引入SonarQube scanner,名称与jenkins 全局工具SonarQube Scanner的name保持一致 def scannerHome = tool 'SonarQube' // 引入SonarQube Server,名称与jenkins 系统配置SonarQube servers的name保持一致 withSonarQubeEnv('SonarQube') { sh "${scannerHome}/bin/sonar-scanner" } } echo '代码审查完成' } } stage('部署项目') { steps { echo '开始部署项目' echo '部署项目完成' } } } } 5.3构建测试
2025年08月02日
4 阅读
0 评论
0 点赞
2025-08-02
buildctl和nerdctl 安装配置
一、安装与使用nerdctlcontainerd虽然可直接提供给终端用户直接使用,也提供了命令行工具(ctr),但并不是很友好,所以nerdctl应运而生,它也是containerd的命令行工具,支持docker cli关于容器生命周期管理的所有命令,并且支持docker compose (nerdctl compose up)1.1安装nerdctl下载地址:https://github.com/containerd/nerdctl/releases# 下载 [root@k8s-master ~]# wget https://github.com/containerd/nerdctl/releases/download/v2.1.2/nerdctl-2.1.2-linux-amd64.tar.gz # 解压 [root@k8s-master ~]# tar -zxvf nerdctl-2.1.2-linux-amd64.tar.gz nerdctl containerd-rootless-setuptool.sh containerd-rootless.sh # 复制文件 [root@k8s-master ~]# mv nerdctl /usr/bin/ # 配置 nerdctl 参数自动补齐 [root@k8s-master ~]# echo 'source <(nerdctl completion bash)' >> /etc/profile [root@k8s-master ~]# source /etc/profile # 验证 [root@k8s-master ~]# nerdctl -v nerdctl version 2.1.21.2命名空间这个和K8s的名字空间不是一回事,其中default就是containerd的默认名字空间,http://k8s.io是K8s的名字空间root@k8s-03:~/bin# nerdctl ns ls NAME CONTAINERS IMAGES VOLUMES LABELS buildkit 0 0 0 buildkit_history 0 0 0 default 0 1 0 k8s.io 70 66 0 # 创建命名空间 [root@k8s-master ~]# nerdctl ns create test # 删除命名空间 [root@k8s-master ~]# nerdctl ns remove test test # 查看名称空间详情 [root@k8s-master ~]# nerdctl ns inspect k8s.io [ { "Name": "k8s.io", "Labels": null } ]1.3镜像root@k8s-03:~/bin# nerdctl -n k8s.io images REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE registry.cn-guangzhou.aliyuncs.com/xingcangku/jenkins-cangku <none> b3e519ae85d0 4 hours ago linux/amd64 406.2MB 179.1MB <none> <none> b3e519ae85d0 4 hours ago linux/amd64 406.2MB 179.1MB registry.cn-guangzhou.aliyuncs.com/xingcangku/jenkins-cangku v1 b3e519ae85d0 4 hours ago linux/amd64 406.2MB 179.1MB registry.cn-guangzhou.aliyuncs.com/xingcangku/harbor-registryctl <none> a13c1fd0b23e 22 hours ago linux/amd64 163.5MB 67.74MB <none> <none> a13c1fd0b23e 22 hours ago linux/amd64 163.5MB 67.74MB registry.cn-guangzhou.aliyuncs.com/xingcangku/harbor-registryctl v2.13.0 a13c1fd0b23e 22 hours ago linux/amd64 163.5MB 67.74MB registry.cn-guangzhou.aliyuncs.com/xingcangku/redis-photon <none> cb5883e8415a 22 hours ago linux/amd64 171.5MB 61MB <none> <none> cb5883e8415a 22 hours ago linux/amd64 171.5MB 61MB registry.cn-guangzhou.aliyuncs.com/xingcangku/redis-photon v2.13.0 cb5883e8415a 22 hours ago linux/amd64 171.5MB 61MB registry.cn-guangzhou.aliyuncs.com/xingcangku/harbor-core <none> d75212166cdb 22 hours ago linux/amd64 202.4MB 63.85MB <none> <none> d75212166cdb 22 hours ago linux/amd64 202.4MB 63.85MB registry.cn-guangzhou.aliyuncs.com/xingcangku/harbor-core v2.13.0 d75212166cdb 22 hours ago linux/amd64 202.4MB 63.85MB registry.cn-guangzhou.aliyuncs.com/xingcangku/registry-photon <none> b9139a9005f9 22 hours ago linux/amd64 87.67MB 33.14MB <none> <none> b9139a9005f9 22 hours ago linux/amd64 87.67MB 33.14MB registry.cn-guangzhou.aliyuncs.com/xingcangku/registry-photon v2.13.0 b9139a9005f9 22 hours ago linux/amd64 87.67MB 33.14MB registry.cn-guangzhou.aliyuncs.com/xingcangku/harbor-portal <none> 19712b3eeee5 22 hours ago linux/amd64 165.2MB 53.6MB <none> <none> 19712b3eeee5 22 hours ago linux/amd64 165.2MB 53.6MB registry.cn-guangzhou.aliyuncs.com/xingcangku/harbor-portal v2.13.0 19712b3eeee5 22 hours ago linux/amd64 165.2MB 53.6MB registry.cn-guangzhou.aliyuncs.com/xingcangku/gitlab-gitlab-ce-16.11.1-ce.0 <none> decbed64a538 2 days ago linux/amd64 3.109GB 1.253GB <none> <none> decbed64a538 2 days ago linux/amd64 3.109GB 1.253GB registry.cn-guangzhou.aliyuncs.com/xingcangku/gitlab-gitlab-ce-16.11.1-ce.0 16.11.1-ce.0 decbed64a538 2 days ago linux/amd64 3.109GB 1.253GB registry.cn-guangzhou.aliyuncs.com/xingcangku/traefik <none> 39f367894114 2 days ago linux/amd64 225.8MB 58.3MB <none> <none> 39f367894114 2 days ago linux/amd64 225.8MB 58.3MB registry.cn-guangzhou.aliyuncs.com/xingcangku/traefik v3.0.0 39f367894114 2 days ago linux/amd64 225.8MB 58.3MB registry.cn-guangzhou.aliyuncs.com/xingcangku/kubernetesui-dashboard <none> e291095692ba 3 days ago linux/amd64 257.7MB 75.79MB <none> <none> e291095692ba 3 days ago linux/amd64 257.7MB 75.79MB registry.cn-guangzhou.aliyuncs.com/xingcangku/kubernetesui-dashboard v2.7.0 e291095692ba 3 days ago linux/amd64 257.7MB 75.79MB registry.cn-guangzhou.aliyuncs.com/xingcangku/kubernetesui-metrics-scraper <none> ca7729489386 3 days ago linux/amd64 43.82MB 19.74MB <none> <none> ca7729489386 3 days ago linux/amd64 43.82MB 19.74MB registry.cn-guangzhou.aliyuncs.com/xingcangku/kubernetesui-metrics-scraper v1.0.8 ca7729489386 3 days ago linux/amd64 43.82MB 19.74MB registry.cn-guangzhou.aliyuncs.com/xingcangku/bitnami-postgresql <none> 94485e7c7d1d 3 days ago linux/amd64 280.1MB 90.55MB <none> <none> 94485e7c7d1d 3 days ago linux/amd64 280.1MB 90.55MB registry.cn-guangzhou.aliyuncs.com/xingcangku/bitnami-postgresql 11.14.0-debian-10-r22 94485e7c7d1d 3 days ago linux/amd64 280.1MB 90.55MB registry.cn-guangzhou.aliyuncs.com/xingcangku/sonarqube-community <none> b5e625526868 3 days ago linux/amd64 1.24GB 957.4MB <none> <none> b5e625526868 3 days ago linux/amd64 1.24GB 957.4MB registry.cn-guangzhou.aliyuncs.com/xingcangku/sonarqube-community 25.5.0.107428-community b5e625526868 3 days ago linux/amd64 1.24GB 957.4MB registry.cn-guangzhou.aliyuncs.com/xingcangku/jenkins-jenkins-lts-jdk17 <none> bb363b39bef3 3 days ago linux/amd64 483.5MB 271.9MB <none> <none> bb363b39bef3 3 days ago linux/amd64 483.5MB 271.9MB registry.cn-guangzhou.aliyuncs.com/xingcangku/jenkins-jenkins-lts-jdk17 lts-jdk17 bb363b39bef3 3 days ago linux/amd64 483.5MB 271.9MB registry.cn-guangzhou.aliyuncs.com/xingcangku/trivy-adapter-photon <none> ad014f12e11c 3 days ago linux/amd64 383.3MB 126.1MB <none> <none> ad014f12e11c 3 days ago linux/amd64 383.3MB 126.1MB registry.cn-guangzhou.aliyuncs.com/xingcangku/trivy-adapter-photon v2.13.0 ad014f12e11c 3 days ago linux/amd64 383.3MB 126.1MB registry.cn-guangzhou.aliyuncs.com/xingcangku/harbor-db <none> dc08b59ada6d 3 days ago linux/amd64 285.4MB 108.1MB <none> <none> dc08b59ada6d 3 days ago linux/amd64 285.4MB 108.1MB registry.cn-guangzhou.aliyuncs.com/xingcangku/harbor-db v2.13.0 dc08b59ada6d 3 days ago linux/amd64 285.4MB 108.1MB registry.cn-guangzhou.aliyuncs.com/xingcangku/harbor-jobservice <none> 8ccc99b52f23 3 days ago linux/amd64 178.5MB 72.67MB <none> <none> 8ccc99b52f23 3 days ago linux/amd64 178.5MB 72.67MB registry.cn-guangzhou.aliyuncs.com/xingcangku/harbor-jobservice v2.13.0 8ccc99b52f23 3 days ago linux/amd64 178.5MB 72.67MB registry.cn-guangzhou.aliyuncs.com/xingcangku/nginx-photon <none> 87662c08516c 3 days ago linux/amd64 156.5MB 51.41MB <none> <none> 87662c08516c 3 days ago linux/amd64 156.5MB 51.41MB registry.cn-guangzhou.aliyuncs.com/xingcangku/nginx-photon v2.13.0 87662c08516c 3 days ago linux/amd64 156.5MB 51.41MB registry.cn-hangzhou.aliyuncs.com/google_containers/coredns <none> 90d3eeb2e210 3 days ago linux/amd64 53.61MB 16.19MB <none> <none> 90d3eeb2e210 3 days ago linux/amd64 53.61MB 16.19MB registry.cn-hangzhou.aliyuncs.com/google_containers/coredns v1.10.1 90d3eeb2e210 3 days ago linux/amd64 53.61MB 16.19MB registry.cn-guangzhou.aliyuncs.com/xingcangku/cccc <none> f3e2173b0e48 3 days ago linux/amd64 82.5MB 31.09MB <none> <none> f3e2173b0e48 3 days ago linux/amd64 82.5MB 31.09MB registry.cn-guangzhou.aliyuncs.com/xingcangku/cccc 0.25.5 f3e2173b0e48 3 days ago linux/amd64 82.5MB 31.09MB registry.cn-guangzhou.aliyuncs.com/xingcangku/ddd <none> 564119549dd9 3 days ago linux/amd64 10.73MB 4.755MB <none> <none> 564119549dd9 3 days ago linux/amd64 10.73MB 4.755MB registry.cn-guangzhou.aliyuncs.com/xingcangku/ddd 1.5.1 564119549dd9 3 days ago linux/amd64 10.73MB 4.755MB registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy <none> c1fd57dc0883 3 days ago linux/amd64 75.16MB 23.91MB <none> <none> c1fd57dc0883 3 days ago linux/amd64 75.16MB 23.91MB registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy v1.27.0 c1fd57dc0883 3 days ago linux/amd64 75.16MB 23.91MB registry.cn-guangzhou.aliyuncs.com/xingcangku/eeeee <none> 0d0658a57932 3 days ago linux/amd64 712.7kB 308.4kB <none> <none> 0d0658a57932 3 days ago linux/amd64 712.7kB 308.4kB registry.cn-guangzhou.aliyuncs.com/xingcangku/eeeee 3.8 0d0658a57932 3 days ago linux/amd64 712.7kB 308.4kB # 拉取镜像 [root@k8s-master ~]# nerdctl -n test pull nginx:alpine # 构建镜像 [root@k8s-master ~]# cat Dockerfile FROM debian RUN apt-get install -y --force-yes locales RUN echo "LC_ALL=\"zh_CN.UTF-8\"" >> /etc/default/locale RUN locale-gen "zh_CN.UTF-8" [root@k8s-master ~]# nerdctl -n test build -t abc.com/debian . # 上传镜像 [root@k8s-master ~]# nerdctl -n test push abc.com/debian # 导出镜像 [root@k8s-master ~]# nerdctl -n test save -o debian.tar abc.com/debian # 导入镜像 [root@k8s-master ~]# nerdctl -n test load -i debian.tar 1.4容器root@k8s-03:~/bin# nerdctl -n k8s.io ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 90fbd223a72f registry.cn-guangzhou.aliyuncs.com/xingcangku/jenkins-jenkins-lts-jdk17:lts-jdk17 "/usr/bin/tini -- /u…" 9 hours ago Up k8s://cicd/jenkins-7d65887794-s4vhr/jenkins 681d3d0f9346 registry.cn-guangzhou.aliyuncs.com/xingcangku/eeeee:3.8 "/pause" 9 hours ago Up k8s://cicd/jenkins-7d65887794-s4vhr cfb418a6f445 registry.cn-guangzhou.aliyuncs.com/xingcangku/harbor-jobservice:v2.13.0 "/harbor/entrypoint.…" 11 hours ago Up k8s://harbor/harbor-jobservice-6c766cbf57-4t4rv/jobservice 566e8a6194f8 registry.cn-guangzhou.aliyuncs.com/xingcangku/eeeee:3.8 "/pause" 11 hours ago Up k8s://harbor/harbor-jobservice-6c766cbf57-4t4rv 2f44c7d4f045 registry.cn-guangzhou.aliyuncs.com/xingcangku/nginx-photon:v2.13.0 "nginx -g daemon off;" 11 hours ago Up k8s://harbor/harbor-nginx-6569fc6f48-n58m4/nginx 73298e3ed41f registry.cn-guangzhou.aliyuncs.com/xingcangku/bitnami-postgresql:11.14.0-debian-10-r22 "/opt/bitnami/script…" 11 hours ago Up k8s://sonarqube/my-sonarqube-postgresql-0/my-sonarqube-postgresql a3904a1442a7 registry.cn-guangzhou.aliyuncs.com/xingcangku/eeeee:3.8 "/pause" 11 hours ago Up k8s://sonarqube/my-sonarqube-postgresql-0 090451297d0e registry.cn-guangzhou.aliyuncs.com/xingcangku/kubernetesui-metrics-scraper:v1.0.8 "/metrics-sidecar" 11 hours ago Up k8s://kubernetes-dashboard/dashboard-metrics-scraper-f9669b96-gqv9b/dashboard-metrics-scraper 5e2e10ece736 registry.cn-guangzhou.aliyuncs.com/xingcangku/eeeee:3.8 "/pause" 11 hours ago Up k8s://kubernetes-dashboard/dashboard-metrics-scraper-f9669b96-gqv9b 5fe6f542a5af registry.cn-guangzhou.aliyuncs.com/xingcangku/kubernetesui-dashboard:v2.7.0 "/dashboard --insecu…" 11 hours ago Up k8s://kubernetes-dashboard/kubernetes-dashboard-5d8977b4cd-hn9wj/kubernetes-dashboard 5f5145461dba registry.cn-guangzhou.aliyuncs.com/xingcangku/harbor-portal:v2.13.0 "nginx -g daemon off;" 11 hours ago Up k8s://harbor/harbor-portal-7b67bff87d-hhbwf/portal 0c91dee84ef4 registry.cn-guangzhou.aliyuncs.com/xingcangku/harbor-db:v2.13.0 "/docker-entrypoint.…" 11 hours ago Up k8s://harbor/harbor-database-0/database 00f905053c35 registry.cn-guangzhou.aliyuncs.com/xingcangku/eeeee:3.8 "/pause" 11 hours ago Up k8s://kubernetes-dashboard/kubernetes-dashboard-5d8977b4cd-hn9wj bd3f1dd15a7a registry.cn-guangzhou.aliyuncs.com/xingcangku/eeeee:3.8 "/pause" 11 hours ago Up k8s://harbor/harbor-portal-7b67bff87d-hhbwf abd9c09c0d84 registry.cn-guangzhou.aliyuncs.com/xingcangku/trivy-adapter-photon:v2.13.0 "/home/scanner/entry…" 11 hours ago Up k8s://harbor/harbor-trivy-0/trivy 398f6f60263a registry.cn-guangzhou.aliyuncs.com/xingcangku/eeeee:3.8 "/pause" 11 hours ago Up k8s://harbor/harbor-trivy-0 13b06ef3a148 registry.cn-guangzhou.aliyuncs.com/xingcangku/harbor-registryctl:v2.13.0 "/home/harbor/start.…" 11 hours ago Up k8s://harbor/harbor-registry-84dc65db77-rq9qc/registryctl da585e4b08bd registry.cn-guangzhou.aliyuncs.com/xingcangku/registry-photon:v2.13.0 "/home/harbor/entryp…" 11 hours ago Up k8s://harbor/harbor-registry-84dc65db77-rq9qc/registry ece6da7ad469 registry.cn-guangzhou.aliyuncs.com/xingcangku/eeeee:3.8 "/pause" 11 hours ago Up k8s://harbor/harbor-nginx-6569fc6f48-n58m4 c0d6e45cec3c registry.cn-guangzhou.aliyuncs.com/xingcangku/eeeee:3.8 "/pause" 11 hours ago Up k8s://harbor/harbor-registry-84dc65db77-rq9qc 6bcc595f312c registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:v1.10.1 "/coredns -conf /etc…" 11 hours ago Up k8s://kube-system/coredns-65dcc469f7-xphsz/coredns 8dd7971b626b registry.cn-guangzhou.aliyuncs.com/xingcangku/eeeee:3.8 "/pause" 11 hours ago Up k8s://kube-system/coredns-65dcc469f7-xphsz e1daa9e322e5 registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:v1.10.1 "/coredns -conf /etc…" 11 hours ago Up k8s://kube-system/coredns-65dcc469f7-fg85n/coredns 6a75b9f4e905 registry.cn-guangzhou.aliyuncs.com/xingcangku/eeeee:3.8 "/pause" 11 hours ago Up k8s://kube-system/coredns-65dcc469f7-fg85n bfd37ad46a64 registry.cn-guangzhou.aliyuncs.com/xingcangku/traefik:v3.0.0 "/entrypoint.sh --gl…" 11 hours ago Up k8s://traefik/traefik-release-589c7ff647-ch4cz/traefik-release baacee8d0a07 registry.cn-guangzhou.aliyuncs.com/xingcangku/eeeee:3.8 "/pause" 11 hours ago Up k8s://traefik/traefik-release-589c7ff647-ch4cz eca5589418a2 registry.cn-guangzhou.aliyuncs.com/xingcangku/eeeee:3.8 "/pause" 11 hours ago Up k8s://harbor/harbor-database-0 b543a7a9e25c registry.cn-guangzhou.aliyuncs.com/xingcangku/harbor-core:v2.13.0 "/harbor/entrypoint.…" 11 hours ago Up k8s://harbor/harbor-core-797d458f8c-2gcjf/core 558406c8bd5c registry.cn-guangzhou.aliyuncs.com/xingcangku/eeeee:3.8 "/pause" 11 hours ago Up k8s://harbor/harbor-core-797d458f8c-2gcjf 1a14db05c528 registry.cn-guangzhou.aliyuncs.com/xingcangku/redis-photon:v2.13.0 "redis-server /etc/r…" 11 hours ago Up k8s://harbor/harbor-redis-0/redis 5c518e649a4a registry.cn-guangzhou.aliyuncs.com/xingcangku/eeeee:3.8 "/pause" 11 hours ago Up k8s://harbor/harbor-redis-0 8f75c2fd204b registry.cn-guangzhou.aliyuncs.com/xingcangku/cccc:0.25.5 "/opt/bin/flanneld -…" 11 hours ago Up k8s://kube-flannel/kube-flannel-ds-zp4jv/kube-flannel ea7d12788ef6 registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.27.0 "/usr/local/bin/kube…" 11 hours ago Up k8s://kube-system/kube-proxy-vfcq8/kube-proxy 98f0354f74e5 registry.cn-guangzhou.aliyuncs.com/xingcangku/eeeee:3.8 "/pause" 11 hours ago Up k8s://kube-flannel/kube-flannel-ds-zp4jv a9c920f9e7c7 registry.cn-guangzhou.aliyuncs.com/xingcangku/eeeee:3.8 "/pause" 11 hours ago Up k8s://kube-system/kube-proxy-vfcq8 # 启动容器 [root@k8s-master ~]# nerdctl -n test run -d -p 80:80 --name web nginx:alpine # 进入容器 [root@k8s-master ~]# nerdctl -n test exec -it web sh / # # 停止容器 [root@k8s-master ~]# nerdctl -n test stop web web # 删除容器 [root@k8s-master ~]# nerdctl -n test rm web web 1.5其他操作# 查看网络信息 [root@k8s-master ~]# nerdctl network ls NETWORK ID NAME FILE cbr0 /etc/cni/net.d/10-flannel.conflist 17f29b073143 bridge /etc/cni/net.d/nerdctl-bridge.conflist host none # 查看系统信息 [root@k8s-master ~]# nerdctl system info Client: Namespace: default Debug Mode: false Server: Server Version: 1.6.4 Storage Driver: overlayfs Logging Driver: json-file Cgroup Driver: cgroupfs Cgroup Version: 1 Plugins: Log: fluentd journald json-file syslog Storage: native overlayfs Security Options: seccomp Profile: default Kernel Version: 4.18.0-425.13.1.el8_7.x86_64 Operating System: Rocky Linux 8.7 (Green Obsidian) OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 3.618GiB Name: k8s-master ID: d2b76909-9552-4be5-a12a-00b955f756f2 # 清理数据,它不是和Docker那样只是把标签为"none"的镜像清理掉,而是把所有没有"正在使用"的镜像清理了 [root@k8s-master ~]# nerdctl system prune -h二、nerdctl+buildkitd构建镜像 2.1buildkit介绍buildkit 从Docker公司的开源的镜像构建工具包,支持OCI标准的镜像构建 buildkitd组成部分: buildkitd(服务端),目前支持runc和containerd作为镜像构建环境,默认是runc,可以更换containerd。 buildctl(客户端),负责解析Dockerfile文件、并向服务端buildkitd发出构建请求。 构建镜像并推送至Harbor为例,整个服务调用过程如下:2.2安装buildkit软件包下载地址:https://github.com/moby/buildkit/releases[root@master ~]# wget https://github.com/moby/buildkit/releases/download/v0.13.2/buildkit-v0.13.2.linux-amd64.tar.gz [root@master ~]# tar -zxvf buildkit-v0.13.2.linux-amd64.tar.gz bin/ bin/buildctl bin/buildkit-cni-bridge bin/buildkit-cni-firewall bin/buildkit-cni-host-local bin/buildkit-cni-loopback bin/buildkit-qemu-aarch64 bin/buildkit-qemu-arm bin/buildkit-qemu-i386 bin/buildkit-qemu-mips64 bin/buildkit-qemu-mips64el bin/buildkit-qemu-ppc64le bin/buildkit-qemu-riscv64 bin/buildkit-qemu-s390x bin/buildkit-runc bin/buildkitd [root@master ~]# cd bin/ [root@master bin]# cp * /usr/local/bin/创建service脚本[root@master bin]# cat /etc/systemd/system/buildkitd.service [Unit] Description=BuildKit Documentation=https://github.com/moby/buildkit [Service] ExecStart=/usr/local/bin/buildkitd --oci-worker=false --containerd-worker=true [Install] WantedBy=multi-user.target新增buildkitd配置文件,添加镜像仓库使用http访问[root@master bin]# vim /etc/buildkit/buildkitd.toml [registry."harbor.local.com"] http = false insecure = true启动buildkitd[root@master bin]# systemctl daemon-reload [root@master bin]# systemctl start buildkitd [root@master bin]# systemctl enable buildkitd2.3构建镜像并测试[root@master ~]# cat Dockerfile FROM busybox CMD ["echo","hello","container"] [root@master ~]# nerdctl build -t busybox:v1 . [root@master ~]# nerdctl images REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE busybox v1 fb6a2dfc7899 About a minute ago linux/amd64 4.1 MiB 2.1 MiB [root@master ~]# nerdctl run busybox:v1 hello container2.4推送至Harbor仓库[root@master ~]# nerdctl tag busybox:v1 harbor.local.com/app/busybox:v1 [root@master ~]# nerdctl push harbor.local.com/app/busybox:v1此时查看Harbor仓库发现已经推送成功
2025年08月02日
9 阅读
0 评论
0 点赞
2025-08-02
jenkins与k8s连接
一、安装kubernetes插件在Jenkins的插件管理中安装Kubernetes插件 jenkins——>系统管理——>插件管理——>avaliable plugins二、本集群连接 2.1创建sa账号如果jenkins在k8s集群中部署,直接创建sa账号,并进行rbac授权即可,yaml文件参考前面文章。2.2创建cloud资源然后在jenkins——>系统管理——>Clouds——>New cloud——>输入cloud name并勾选类型为kubernetesroot@k8s-01:~/jenkins# cat deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: jenkins namespace: cicd spec: replicas: 1 selector: matchLabels: app: jenkins template: metadata: labels: app: jenkins spec: securityContext: fsGroup: 1000 # 确保 Jenkins 用户有存储写入权限 serviceAccountName: jenkins-admin automountServiceAccountToken: true # 新增节点选择器,将 Pod 固定在 k8s-03 节点 nodeSelector: kubernetes.io/hostname: k8s-03 containers: - name: jenkins image: registry.cn-guangzhou.aliyuncs.com/xingcangku/jenkins-jenkins-lts-jdk17:lts-jdk17 imagePullPolicy: IfNotPresent ports: - containerPort: 8080 - containerPort: 50000 # 新增环境变量(可选) env: - name: JAVA_HOME value: "/usr/lib/jvm/amazon-corretto-17.0.16.8.1-linux-x64" volumeMounts: - name: jenkins-data mountPath: /var/jenkins_home # ============ 新增挂载 ============ - name: host-jvm mountPath: /usr/lib/jvm - name: maven-data mountPath: /usr/local/maven resources: limits: cpu: "1" memory: "3Gi" requests: cpu: "0.5" memory: "1Gi" livenessProbe: httpGet: path: /login port: 8080 initialDelaySeconds: 90 periodSeconds: 10 volumes: - name: jenkins-data persistentVolumeClaim: claimName: jenkins-pvc # ============ 新增的卷配置 ============ - name: host-jvm hostPath: path: /usr/lib/jvm type: Directory - name: maven-data hostPath: path: /usr/local/maven type: Directoryroot@k8s-01:~/jenkins# cat new-rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: name: jenkins-admin namespace: cicd --- # 创建自定义 ClusterRole apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: jenkins-clusterrole rules: - apiGroups: [""] resources: ["pods", "pods/log", "services"] verbs: ["get", "list", "watch", "create", "update", "delete"] - apiGroups: ["apps"] resources: ["deployments"] verbs: ["*"] --- # 绑定 ServiceAccount 到 ClusterRole apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: jenkins-crb roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: jenkins-clusterrole subjects: - kind: ServiceAccount name: jenkins-admin namespace: cicdk8s1.24版本以后,行为变更:从 Kubernetes v1.24 开始,不再自动为 ServiceAccount 创建 Secret(令牌不再存储在 Secret 中) TokenRequest API:现在需要使用 TokenRequest API 获取令牌 root@k8s-01:~/jenkins# cat jenkins-secret.yaml apiVersion: v1 kind: Secret metadata: name: jenkins-admin-token namespace: cicd annotations: kubernetes.io/service-account.name: jenkins-admin type: kubernetes.io/service-account-token root@k8s-01:~/jenkins# kubectl apply -n cicd -f jenkins-secret.yaml secret/jenkins-admin-token created root@k8s-01:~/jenkins# kubectl describe sa jenkins-admin -n cicd Name: jenkins-admin Namespace: cicd Labels: <none> Annotations: <none> Image pull secrets: <none> Mountable secrets: <none> Tokens: jenkins-admin-token Events: <none> root@k8s-01:~/jenkins# kubectl get secret jenkins-admin-token -n cicd -o jsonpath='{.data.token}' | base64 -d eyJhbGciOiJSUzI1NiIsImtpZCI6IjJ0MTFFdDhfdnFBYkNuTnBSSXlyOFIzN1B0MW13cVVJNlFwZDV1VzR1WXcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJjaWNkIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImplbmtpbnMtYWRtaW4tdG9rZW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiamVua2lucy1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjRkY2ViZjg1LTI0NzEtNGJjYi04Yzg5LWQ0MWI0NjAzN2RkZSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpjaWNkOmplbmtpbnMtYWRtaW4ifQ.qvBiSwdCVbfMDnP0ElhnMcn__q65HDqidWw2JDQbrn7zrgNX2jjXlDxhA8RQFQaHhrTPGrOuP60vzfz4WgvJxwJvwIHaqqAbK8r3t-eTBpXNKltY3GEFEqxyjVlTd8q0DLW0OWZHUVZJrWhYT00Xa1ZViJgwQ2X0ogpAphSlvR351ZEDmDDxwxk4WwioZpmU22_weFamlU0g9SQVW5kBYGw06Tq_dPNL7cB0CDdPy0mSYckquEtG4xh-EIddPs9cGd1_OGurjwEkwX2-HvlfCXfoFkgo42lrOCaouWE4I4e21OXUCg5erFONSWSPKhhmhiLsjikByweCE0qaA2ZIUw#还要另外创建serviceAccount root@k8s-01:~/jenkins# cat jenkins-secret.yaml rbac.yaml apiVersion: v1 kind: Secret metadata: name: jenkins-admin-token namespace: cicd annotations: kubernetes.io/service-account.name: jenkins-admin type: kubernetes.io/service-account-token # rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: name: jenkins-admin namespace: cicd --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: jenkins-admin-crb roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: edit # 授予命名空间内管理权限 subjects: - kind: ServiceAccount name: jenkins-admin namespace: cicd#Kubernetes 服务证书 key root@k8s-01:~/jenkins# kubectl get secret jenkins-admin-token -n cicd -o jsonpath='{.data.ca\.crt}' | base64 -d -----BEGIN CERTIFICATE----- MIIDBTCCAe2gAwIBAgIIUTF7Qh3Q+fowDQYJKoZIhvcNAQELBQAwFTETMBEGA1UE AxMKa3ViZXJuZXRlczAeFw0yNTA3MzAxMjU3MDdaFw0zNTA3MjgxMzAyMDdaMBUx EzARBgNVBAMTCmt1YmVybmV0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQCv6lpzywPfjhKfl0HCNA/onj3MJyWI4z1JUwDlukI2j7ygm+kM2rWLpRYY wjNrvzq7R4ZD2SfiFbN/Lo/EV0zM0MXdcsI8hkR6txlKXjRkrC5crCihd9idk2UR Ov25k7bE3JpvG/zVswNMuliHx38gNsv1tfSv75lfCKyiyO3rrnj3LR9iYFvArgzY a1F5FXNjw0HVRVIPeH060i75G3YhKDVAQoZVdMoJfW7wwZDDHnh1/GB16a9Jws+r MjIQVD0YtxhQdg7WeV2nfCs0L8yXInKXwX6MGv+/HRPw140TihZwnC9gYFPisRJ5 EtUV+uq78w3Vj7Y2ANlTTQbN/F1bAgMBAAGjWTBXMA4GA1UdDwEB/wQEAwICpDAP BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSvRW0owjCv5rHXwOgsyrI2QC0CxDAV BgNVHREEDjAMggprdWJlcm5ldGVzMA0GCSqGSIb3DQEBCwUAA4IBAQBL7BDL9wKu TTZ4Lx8aGAIjuEP1slw8FnDuFY2V2M8cu2wX1tlqYKJkIbwwc/dr59j6LhLgTZaP p02lQJXNRG6vR4zydgzXgsTMDXK1ANI6+7/jYgCwixGgBs/IafISCFkm1IkQ70Cw rgibN4MvybWewmucS21F62HQzO1xvrHGL8YVxvFvaUyhL9+7VhYeIX2MF3E2jLl5 kzT74Awv0O+4zBcULKrYQqNEErf5fpRLi+y9SaKA2e85DWexkhkIb6y1lZScLjRp q1lkgXqcriE653t78WrE1dSaCJY8QI94jYr4B2u7S1sbNJ9vPCDHQfFfl0DgRI/e K8+av0Qro/aA -----END CERTIFICATE-----点击kubernetes cloud details填写cloud详细信息 - Kubernetes地址:在集群内部暴露的k8s service名称https://kubernetes.default.svc - Kubernetes命名空间:jenkins sa所属的名称空间cicd - Jenkins地址:jenkins svc的名称:8080端口http://jenkins.cicd.svc:8080 使用刚刚获取的令牌在 Jenkins 中创建凭据: 凭据类型:Secret text Secret:粘贴上面的令牌值 ID:k8s-service-account-token 配置完成后点击连接测试,显示k8s集群版本,证明配置无误。三、跨集群连接在某些情况下,jenkins部署在k8s集群外,通过二进制或者docker方式部署,如果想要连接k8s集群实现资源自动创建。或者当前jenkins部署在k8s集群A中,需要通过jenkins实现集群B资源的自动创建发布,使用此方式连接。3.1配置思路jenkins要想连接并操作k8s集群,需要配置授权,请求k8s集群的kube apiserver的请求,可以和kubectl一样利用config文件用作请求的鉴权,默认在~/.kube/config下,也可以单独严格指定权限细节,生成一个jenkins专用的config文件。 在jenkins中能够识别的证书文件为PKCS#12 certificate,因此需要先将kubeconfig文件中的证书转换生成PKCS#12格式的pfx证书文件3.2生成证书我们可以使用yq命令行工具解析yaml,并提取相关的内容,然后通过base 64解码,最后生成文件 安装yq工具,仓库地址:https://github.com/mikefarah/yq [root@k8s-master ~]# wget https://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64.tar.gz [root@k8s-master ~]# tar -zxvf yq_linux_amd64.tar.gz [root@k8s-master ~]# mv yq_linux_amd64 /usr/bin/yq [root@k8s-master ~]# yq --version yq (https://github.com/mikefarah/yq/) version v4.34.1 [root@k8s-master ~]# mkdir -p /opt/jenkins-crt/certificate-authority-data——>base 64解码——>ca.crt client-certificate-data——>base 64解码——>client.crt client-key-data——>base 64解码——>client.key[root@k8s-master ~]# yq e '.clusters[0].cluster.certificate-authority-data' /root/.kube/config | base64 -d > /opt/jenkins-crt/ca.crt [root@k8s-master ~]# yq e '.users[0].user.client-certificate-data' /root/.kube/config | base64 -d > /opt/jenkins-crt/client.crt [root@k8s-master ~]# yq e '.users[0].user.client-key-data' /root/.kube/config | base64 -d > /opt/jenkins-crt/client.key [root@k8s-master ~]# cd /opt/jenkins-crt/ [root@k8s-master jenkins-crt]# ls -la 总用量 12 drwxr-xr-x 2 root root 56 6月 10 20:54 . drwxr-xr-x. 6 root root 65 6月 10 20:37 .. -rw-r--r-- 1 root root 1099 6月 10 20:53 ca.crt -rw-r--r-- 1 root root 1147 6月 10 20:53 client.crt -rw-r--r-- 1 root root 1675 6月 10 20:54 client.key3.3转换证书通过openssl进行证书格式的转换,生成Client P12认证文件cert.pfx,输入两次密码并牢记密码。[root@k8s-master jenkins-crt]# openssl pkcs12 -export -out cert.pfx -inkey client.key -in client.crt -certfile ca.crt Enter Export Password: Verifying - Enter Export Password: [root@k8s-master jenkins-crt]# ls -la 总用量 16 drwxr-xr-x 2 root root 72 6月 10 20:55 . drwxr-xr-x. 6 root root 65 6月 10 20:37 .. -rw-r--r-- 1 root root 1099 6月 10 20:53 ca.crt -rw------- 1 root root 3221 6月 10 20:55 cert.pfx -rw-r--r-- 1 root root 1147 6月 10 20:53 client.crt -rw-r--r-- 1 root root 1675 6月 10 20:54 client.key3.4导入证书打开jenkins的web界面,系统管理——>Credentials——>添加全局凭据 凭据的类型选择Certificate,证书上传刚才生成的cert.pfx证书文件,输入通过openssl生成证书文件时输入的密码3.5配置远程k8s集群地址jenkins——>系统管理——>Clouds——>New cloud——>输入cloud name并勾选类型为kubernetes 填写cloud详细信息 - Kubernetes地址:/root/.kube/config文件中cluster部分中server的内容 - Kubernetes命名空间:/root/.kube/config文件中cluster部分中name的内容 - Jenkins地址:jenkins服务的地址 - kubernetes服务证书key:ca.crt内容 - 凭据:选择刚刚创建的Certificate凭据配置完成后点击连接测试,显示k8s集群版本,证明配置无误。四、动态slave介绍 4.1为什么需要动态slave目前大多公司都采用 Jenkins 集群来搭建符合需求的 CI/CD 流程,然而传统的 Jenkins Slave 一主多从方式会存在一些痛点,比如: - 主 Master 发生单点故障时,整个流程都不可用了 - 每个 Slave 的配置环境不一样,来完成不同语言的编译打包等操作,但是这些差异化的配置导致管理起来非常不方便,维护起来也是比较费劲 - 资源分配不均衡,有的 Slave 要运行的 job 出现排队等待,而有的 Slave 处于空闲状态 - 资源有浪费,每台 Slave 可能是物理机或者虚拟机,当 Slave 处于空闲状态时,也不会完全释放掉资源。 正因为上面的这些种种痛点,我们渴望一种更高效更可靠的方式来完成这个 CI/CD 流程,而 Docker虚拟化容器技术能很好的解决这个痛点,又特别是在 Kubernetes 集群环境下面能够更好来解决上面的问题,下图是基于 Kubernetes 搭建 Jenkins 集群的简单示意图:从图上可以看到 Jenkins Master 和 Jenkins Slave 以 Pod 形式运行在 Kubernetes 集群的 Node 上,Master 运行在其中一个节点,并且将其配置数据存储到一个 Volume 上去,Slave 运行在各个节点上,并且它不是一直处于运行状态,它会按照需求动态的创建并自动删除。 这种方式的工作流程大致为:当 Jenkins Master 接受到 Build 请求时,会根据配置的 Label 动态创建一个运行在 Pod 中的 Jenkins Slave 并注册到 Master 上,当运行完 Job 后,这个 Slave 会被注销并且这个 Pod 也会自动删除,恢复到最初状态。4.2Jenkins Slave好处- 服务高可用,当 Jenkins Master 出现故障时,Kubernetes 会自动创建一个新的 Jenkins Master 容器,并且将 Volume 分配给新创建的容器,保证数据不丢失,从而达到集群服务高可用(这是k8s带来的资源控制器带来的优势) - 动态伸缩,合理使用资源,每次运行 Job 时,会自动创建一个 Jenkins Slave,Job 完成后,Slave 自动注销并删除容器,资源自动释放,而且 Kubernetes 会根据每个资源的使用情况,动态分配 Slave 到空闲的节点上创建,降低出现因某节点资源利用率高,还排队等待在该节点的情况。 - 扩展性好,当 Kubernetes 集群的资源严重不足而导致 Job 排队等待时,可以很容易的添加一个 Kubernetes Node 到集群中,从而实现扩展。五、动态slave配置 5.1制作slave镜像slave镜像应该包含以下功能: - 运行jenkins-agent服务 - 使用kubectl命令操作k8s集群 - 使用nerdctl工具管理container镜像 - 使用buildctl构建container镜像。#获取文件 root@k8s-01:~/jenkins/work# cp /usr/bin/kubectl . root@k8s-01:~/jenkins/work# cp /usr/bin/nerdctl . root@k8s-01:~/jenkins/work# cp /usr/local/bin/buildctl . root@k8s-01:~/jenkins/work# ls buildctl Dockerfile kubectl nerdctl#构建镜像 #在构建镜像过程中基于inbound-agent镜像,因为其中已经包含了jenkins-agent服务相关组件,再添加kubectl工具用于操作k8s,nerdctl和buildctl工具用于构建和管理container镜像。 root@k8s-01:~/jenkins/work# cat Dockerfile FROM jenkins/inbound-agent:latest-jdk17 USER root COPY kubectl /usr/bin/kubectl COPY nerdctl /usr/bin/nerdctl COPY buildctl /usr/bin/buildctl root@k8s-01:~/jenkins/work# docker build -t jenkins-agent:v1 . [+] Building 714.4s (9/9) FINISHED docker:default => [internal] load build definition from Dockerfile 0.0s => => transferring dockerfile: 181B 0.0s => [internal] load metadata for docker.io/jenkins/inbound-agent:latest-jdk17 4.1s => [internal] load .dockerignore 0.0s => => transferring context: 2B 0.0s => [1/4] FROM docker.io/jenkins/inbound-agent:latest-jdk17@sha256:591ba0391e1dc47af64432198be00a9e457c74d215970c4f1af592a21 709.8s => => resolve docker.io/jenkins/inbound-agent:latest-jdk17@sha256:591ba0391e1dc47af64432198be00a9e457c74d215970c4f1af592a210a 0.0s => => sha256:a90156da31f7db1823e946282d3743d1f917b9622d122a1d45818ef43c6f5dc9 8.35kB / 8.35kB 0.0s => => sha256:59e22667830bf04fb35e15ed9c70023e9d121719bb87f0db7f3159ee7c7e0b8d 28.23MB / 28.23MB 327.6s => => sha256:9ac051fdbd99f7d8c9e496724860b8ae3373f24d6f8a54f1d9096526df425d3c 43.12MB / 43.12MB 581.2s => => sha256:85a4e35755fb1aa44b91602297dc8d9f10eb8ad3f32baab32094cebc0eda41a4 3.32kB / 3.32kB 0.8s => => sha256:591ba0391e1dc47af64432198be00a9e457c74d215970c4f1af592a210a6c37b 3.14kB / 3.14kB 0.0s => => sha256:7eddb97bde91ed86d7e82e7fa5f23370b33e87882aafdbcfb2782fdec95f6231 2.19kB / 2.19kB 0.0s => => sha256:cef14de45bb7cc343e593f80531764848fe724db9084ae4a3cabacc7a7e24083 1.24MB / 1.24MB 14.3s => => sha256:28f95146d6851ca39a2ce18612cb5e5b19845ef85e4bb95bfa3095193fdf5777 1.24MB / 1.24MB 28.5s => => sha256:68a03bb16ee6a2c356d2e354bab5ec566dd7ef1e4e6daee52c1f87aa9d0cd139 62.99MB / 62.99MB 709.1s => => extracting sha256:59e22667830bf04fb35e15ed9c70023e9d121719bb87f0db7f3159ee7c7e0b8d 2.1s => => sha256:1c55318e78a1d3f438c6ca3cf6532d365a86fabbf7e3ecd14140e455f1489991 161B / 161B 328.8s => => sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1 32B / 32B 329.5s => => sha256:392ad068a4827c711e9af3956bd5d3bcac7e8d66b3dd35bb0a9fae60de47f80d 2.37kB / 2.37kB 330.2s => => extracting sha256:85a4e35755fb1aa44b91602297dc8d9f10eb8ad3f32baab32094cebc0eda41a4 0.0s => => sha256:65375761a96d26587431452e982c657d479c41c41027a7f0acf37a6a21fd1112 180B / 180B 330.9s => => extracting sha256:9ac051fdbd99f7d8c9e496724860b8ae3373f24d6f8a54f1d9096526df425d3c 2.3s => => extracting sha256:cef14de45bb7cc343e593f80531764848fe724db9084ae4a3cabacc7a7e24083 0.0s => => extracting sha256:28f95146d6851ca39a2ce18612cb5e5b19845ef85e4bb95bfa3095193fdf5777 0.0s => => extracting sha256:68a03bb16ee6a2c356d2e354bab5ec566dd7ef1e4e6daee52c1f87aa9d0cd139 0.6s => => extracting sha256:1c55318e78a1d3f438c6ca3cf6532d365a86fabbf7e3ecd14140e455f1489991 0.0s => => extracting sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1 0.0s => => extracting sha256:392ad068a4827c711e9af3956bd5d3bcac7e8d66b3dd35bb0a9fae60de47f80d 0.0s => => extracting sha256:65375761a96d26587431452e982c657d479c41c41027a7f0acf37a6a21fd1112 0.0s => [internal] load build context 0.7s => => transferring context: 107.93MB 0.7s => [2/4] COPY kubectl /usr/bin/kubectl 0.2s => [3/4] COPY nerdctl /usr/bin/nerdctl 0.1s => [4/4] COPY buildctl /usr/bin/buildctl 0.1s => exporting to image 0.1s => => exporting layers 0.1s => => writing image sha256:ad852c7e884a5f9f6e87fcb6112fbe0c616b601a69ae5cf74ba09f2456d4e578 0.0s => => naming to docker.io/library/jenkins-agent:v1 0.0s root@k8s-01:~/jenkins# docker login --username=aliyun3891595718 registry.cn-guangzhou.aliyuncs.com Password: WARNING! Your credentials are stored unencrypted in '/root/.docker/config.json'. Configure a credential helper to remove this warning. See https://docs.docker.com/go/credential-store/ Login Succeeded root@k8s-01:~/jenkins# docker push registry.cn-guangzhou.aliyuncs.com/xingcangku/jenkins-cangku:v1 The push refers to repository [registry.cn-guangzhou.aliyuncs.com/xingcangku/jenkins-cangku] 2de7e3a095aa: Pushed 235bf2aaf23c: Pushed 9c18f60b53bc: Pushed ec380c7051cf: Pushed 0c3e60359c38: Pushed 5f70bf18a086: Pushed 433332898d75: Pushed b2c56f1e2ab9: Pushed 1411e4580b87: Pushed df5f57ff732b: Pushed 3f360379e3d1: Pushed f03c3dd333b7: Pushed 7cc7fe68eff6: Pushed v1: digest: sha256:b3e519ae85d0f05ff170778c8ffae494879397d9881ca8bc905bc889da82fc07 size: 30475.2创建kube-config资源为了能让slave容器中能够使用 kubectl 工具来访问我们的 Kubernetes 集群,需要将其添加为secret资源,并挂载到pod中。root@k8s-01:~/jenkins/work# kubectl create secret generic -n cicd kube-config --from-file=/root/.kube/config secret/kube-config created5.2.1测试创建一个自由风格的流水线 下面是配置截图正常的日志显示,会起一个pod来执行的命令结束以后就会销毁5.3节点开启buildkit服务(可选)container容器运行时仅能运行容器,如果需要在CICD阶段构建镜像,则需要在执行构建镜像的节点手动安装buildkit服务并启用,具体步骤可参考文档:https://axzys.cn/index.php/archives/536/ 也可以在slave pod中新增一个container,运行buildkit服务。5.4配置Pod Template(可选)配置 Pod Template,就是配置 Jenkins Slave 运行的 Pod 模板,命名空间我们同样是用cicd,Labels设置为jenkins-slave,对于后面执行 Job 的时候需要用到该值,容器名称填写jnlp,这样可以替换默认的agent容器。镜像使用的是刚刚我们制作的slave镜像,加入了 kubectl 等一些实用的工具。 运行命令和命令参数为空。另外需要注意我们这里需要在下面挂载三个目录 /run/containerd/containerd.sock:该文件是用于 Pod 中的容器能够共享宿主机的Container,用于管理container镜像。 /root/.kube:将之前创建的kube-config资源挂载到容器的/root/.kube目录下,这样能够在 Pod 的容器中能够使用 kubectl 工具来访问我们的 Kubernetes 集群,方便我们后面在 Slave Pod 部署 Kubernetes 应用 /run/buildkit:该文件是用于 Pod 中的容器能够共享buildkit进程,用于构建container镜像。同时指定Service Accoun为之前创建的jenkins-admin除了在页面配置pod Template外,我们也可以通过pipeline配置。六、测试Kubernetes 插件的配置工作完成了,接下来我们就来添加一个 Job 任务,看是否能够在 Slave Pod 中执行,任务执行完成后看 Pod 是否会被销毁。6.1自由流水线测试创建自由流水线任务,勾选限制项目的运行节点,标签表达式填写我们配置的 Slave Pod 中的 Label,这两个地方必须保持一致。然后往下拉,在 Build 区域选择Execute shellecho "Hello Kubernetes" echo "测试获取Kubernetes信息" kubectl get node echo "测试获取container信息" nerdctl ns ls echo "测试buildkitd构建镜像" echo "FROM registry.cn-guangzhou.aliyuncs.com/xingcangku/busybox-latest:latest" > Dockerfile echo 'CMD ["echo","hello","container"]' >> Dockerfile nerdctl build -t buildkitd-test:v1 . nerdctl images | grep buildkitd-test现在我们直接在页面点击做成的 Build now (立即构建)触发构建即可,然后观察 Kubernetes 集群中 Pod 的变化root@k8s-03:~/bin# kubectl get pods -n cicd -o wide -w NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES jenkins-7d65887794-s4vhr 1/1 Running 0 9h 10.244.2.104 k8s-03 <none> <none> jenkins-agent-8x3mn 0/1 Pending 0 0s <none> <none> <none> <none> jenkins-agent-8x3mn 0/1 Pending 0 0s <none> k8s-03 <none> <none> jenkins-agent-8x3mn 0/1 ContainerCreating 0 0s <none> k8s-03 <none> <none> jenkins-agent-8x3mn 1/1 Running 0 1s 10.244.2.116 k8s-03 <none> <none> jenkins-agent-8x3mn 1/1 Terminating 0 13s 10.244.2.116 k8s-03 <none> <none> jenkins-agent-8x3mn 0/1 Terminating 0 13s <none> k8s-03 <none> <none> jenkins-agent-8x3mn 0/1 Terminating 0 14s 10.244.2.116 k8s-03 <none> <none> jenkins-agent-8x3mn 0/1 Terminating 0 14s 10.244.2.116 k8s-03 <none> <none> jenkins-agent-8x3mn 0/1 Terminating 0 14s 10.244.2.116 k8s-03 <none> <none>6.2pipeline-使用pod Template在流水线中指定pipeline脚本pipeline脚本如下:podTemplate(label: 'jenkins-slave', inheritFrom: 'jenkins-agent', cloud: 'k8s-local'){ node('jenkins-slave') { stage('测试获取Kubernetes信息') { sh 'kubectl get node' } stage('测试获取container信息') { sh 'nerdctl ns ls' } stage('测试buildkitd构建镜像'){ sh '''echo "FROM busybox" > Dockerfile echo \'CMD ["echo","hello","container"]\' >> Dockerfile nerdctl build -t buildkitd-test:v2 . nerdctl images | grep buildkitd-test''' } } }点击立即构建,查看控制台输出。6.3pipeline-自定义pod Template//创建一个Pod的模板,label为jenkins-agent podTemplate(label: 'jenkins-agent', cloud: 'k8s-local', containers: [ containerTemplate( name: 'jnlp', image: "harbor.local.com/cicd/jenkins-agent:v3", workingDir: '/home/jenkins/agent' ), containerTemplate( name: 'buildkitd', image: "harbor.local.com/cicd/buildkit:v0.13.2", privileged: true )], volumes:[ hostPathVolume(mountPath: '/run/containerd/containerd.sock', hostPath:'/run/containerd/containerd.sock'), secretVolume(mountPath: '/root/.kube/', secretName: 'kube-config', defaultMode: '420'), hostPathVolume(mountPath: '/run/buildkit',hostPath: '/run/buildkit') ] ) // 使用上文创建的pod模板 { node('jenkins-agent'){ stage('测试获取Kubernetes信息') { sh 'kubectl get node' } stage('测试获取container信息') { sh 'nerdctl ns ls' } stage('测试buildkitd构建镜像'){ sh '''echo "FROM busybox" > Dockerfile echo 'CMD ["echo","hello","container"]' >> Dockerfile nerdctl build -t buildkitd-test:v2 . nerdctl images | grep buildkitd-test''' } } }运行结果与上文一致。
2025年08月02日
6 阅读
0 评论
0 点赞
2025-08-02
jenkins根据tag构建
一、发布与回滚思路正常功能发布时,是基于master分支发布的,所以我在成功发布后,会将当时的master分支自动打上tag,当需要回滚时,则基于tag分支进行发布即可。二、安装配置Git Parameter 2.1安装插件要想出现tag模式的参数,需要安装git Parameter 插件,在Jenkins的Manage Jenkins→Plugins→Available Plugins 中安装2.2验证安装完成后在项目的配置页的This project is parameterized 中可以看到选项2.3仓库添加tag初始化仓库,添加tag并提交root@k8s-03:~/vue3_vite_element-plus# git config --global user.name "xing" root@k8s-03:~/vue3_vite_element-plus# git config --global user.email "7902731@qq.com" root@k8s-03:~/vue3_vite_element-plus# git config --global --list user.name=xing user.email=7902731@qq.com root@k8s-03:~/vue3_vite_element-plus# git tag -a v1.0 -m "1.0版本" root@k8s-03:~/vue3_vite_element-plus# git tag -l v1.0 root@k8s-03:~/vue3_vite_element-plus# git push origin v1.0 Username for 'http://192.168.30.181': xing Password for 'http://xing@192.168.30.181': Enumerating objects: 1, done. Counting objects: 100% (1/1), done. Writing objects: 100% (1/1), 160 bytes | 160.00 KiB/s, done. Total 1 (delta 0), reused 0 (delta 0), pack-reused 0 To http://192.168.30.181/xing/vue3_vite_element-plus.git * [new tag] v1.0 -> v1.0修改部分代码,并提交新版本。root@k8s-03:~/vue3_vite_element-plus# ls Dockerfile Jenkinsfile package.json README.md src vite.config.mjs index.html nginx.conf public screenshot test webstorm.config.js root@k8s-03:~/vue3_vite_element-plus# vi Dockerfile root@k8s-03:~/vue3_vite_element-plus# git commit -m "更新至v2" . [master 636d69b] 更新至v2 1 file changed, 2 insertions(+), 1 deletion(-) root@k8s-03:~/vue3_vite_element-plus# git tag -a v2.0 -m "2.0版本呢" root@k8s-03:~/vue3_vite_element-plus# git tag -l v1.0 v2.0 root@k8s-03:~/vue3_vite_element-plus# git push origin v2.0 Username for 'http://192.168.30.181': xing Password for 'http://xing@192.168.30.181': Enumerating objects: 6, done. Counting objects: 100% (6/6), done. Delta compression using up to 8 threads Compressing objects: 100% (4/4), done. Writing objects: 100% (4/4), 423 bytes | 423.00 KiB/s, done. Total 4 (delta 2), reused 0 (delta 0), pack-reused 0 To http://192.168.30.181/xing/vue3_vite_element-plus.git * [new tag] v2.0 -> v2.0 root@k8s-03:~/vue3_vite_element-plus# 查看gitlab tag信息,发现已经有v1.0,v2.0tag三、使用tag变量发布 3.1发布最新版本生成pipeline,指定分支为${tag} root@k8s-03:~/vue3_vite_element-plus# git ls-remote --tags origin Username for 'http://192.168.30.181': xing Password for 'http://xing@192.168.30.181': 3afadbd4e09f012ec0cb89e4cae667f8564ba5fa refs/tags/v1.0 a934816659500449a9413148e69d113faf5cccea refs/tags/v1.0^{} cf126d51958d9ed649b6b73e0f90929c6ac58694 refs/tags/v2.0 636d69bff7fb45b6732e977fdeee56c3628a2dcc refs/tags/v2.0^{}整体思路就是发布后就会有tar版本,如果有问题马上可以回滚到稳定的版本
2025年08月02日
4 阅读
0 评论
0 点赞
1
...
5
6
7
...
24