基于K8S的CICD系统构建--发布微服务

一、环境准备
1、添加harbor内的chart仓库，并把chart包上传到chart仓库

helm repo add myrepo http://192.168.86.10/chartrepo/ms --username=admin --password=Harbor12345
helm repo updatehelm push ms-0.1.0.tgz --username=admin --password=Harbor12345 http://192.168.86.10/chartrepo/ms

2、push代码到gitlab
1>在gitlab创建项目
2> 把代码push到gitlab的仓库中

3、安装jenkins插件

所需插件: Git Parameter/Git/Pipeline/Config File Provider/kubernetes/Extended Choice Parameter

4、添加凭据(harbor、git、k8s)


二、部署到k8s
1、jenkinsfile

#!/usr/bin/env groovy
// 所需插件: Git Parameter/Git/Pipeline/Config File Provider/kubernetes/Extended Choice Parameter
// 公共
def registry = "192.168.86.10"
// 项目
def project = "ms"
def git_url = "http://192.168.86.9:9999/root/ms.git"
def gateway_domain_name = "gateway.onap.com"
def portal_domain_name = "portal.onap.com"
// 认证
def image_pull_secret = "registry-pull-secret"
def harbor_registry_auth = "6b79de72-da43-4a49-93d3-7779dfcdf42b"
def git_auth = "60231d1c-d91c-456c-a158-05cd33bc5592"
// ConfigFileProvider ID
def k8s_auth = "4dea4e24-b58b-4c21-879e-982e6eebad22"pipeline {agent {kubernetes {label "jenkins-slave"yaml """
kind: Pod
metadata:name: jenkins-slave
spec:containers:- name: jnlpimage: "${registry}/jenkins-slave/jenkins-slave:jdk-1.8"imagePullPolicy: AlwaysvolumeMounts:- name: docker-cmdmountPath: /usr/bin/docker- name: docker-sockmountPath: /var/run/docker.sock- name: maven-cachemountPath: /root/.m2volumes:- name: docker-cmdhostPath:path: /usr/bin/docker- name: docker-sockhostPath:path: /var/run/docker.sock- name: maven-cachehostPath:path: /tmp/m2
"""}}parameters {gitParameter branch: '', branchFilter: '.*', defaultValue: '', description: '选择发布的分支', name: 'Branch', quickFilterEnabled: false, selectedValue: 'NONE', sortMode: 'NONE', tagFilter: '*', type: 'PT_BRANCH'        extendedChoice defaultValue: 'none', description: '选择发布的微服务', \multiSelectDelimiter: ',', name: 'Service', type: 'PT_CHECKBOX', \value: 'gateway-service:9999,portal-service:8080,product-service:8010,order-service:8020,stock-service:8030'choice (choices: ['ms', 'demo'], description: '部署模板', name: 'Template')choice (choices: ['1', '3', '5', '7'], description: '副本数', name: 'ReplicaCount')choice (choices: ['ms'], description: '命名空间', name: 'Namespace')}stages {stage('拉取代码'){steps {checkout([$class: 'GitSCM', branches: [[name: "${params.Branch}"]], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: "${git_auth}", url: "${git_url}"]]])}}stage('代码编译') {// 编译指定服务steps {sh """mvn clean package -Dmaven.test.skip=true"""}}stage('构建镜像') {steps {withCredentials([usernamePassword(credentialsId: "${harbor_registry_auth}", passwordVariable: 'password', usernameVariable: 'username')]) {sh """docker login -u ${username} -p '${password}' ${registry}for service in \$(echo ${Service} |sed 's/,/ /g'); doservice_name=\${service%:*}image_name=${registry}/${project}/\${service_name}:${BUILD_NUMBER}cd \${service_name}if ls |grep biz &>/dev/null; thencd \${service_name}-bizfidocker build -t \${image_name} .docker push \${image_name}cd ${WORKSPACE}done"""configFileProvider([configFile(fileId: "${k8s_auth}", targetLocation: "admin.kubeconfig")]){sh """# 添加镜像拉取认证kubectl create secret docker-registry ${image_pull_secret} --docker-username=${username} --docker-password=${password} --docker-server=${registry} -n ${Namespace} --kubeconfig admin.kubeconfig |true# 添加私有chart仓库helm repo add  --username ${username} --password ${password} myrepo http://${registry}/chartrepo/${project}"""}}}}stage('Helm部署到K8S') {steps {sh """common_args="-n ${Namespace} --kubeconfig admin.kubeconfig"for service in  \$(echo ${Service} |sed 's/,/ /g'); doservice_name=\${service%:*}service_port=\${service#*:}image=${registry}/${project}/\${service_name}tag=${BUILD_NUMBER}helm_args="\${service_name} --set image.repository=\${image} --set image.tag=\${tag} --set replicaCount=${replicaCount} --set imagePullSecrets[0].name=${image_pull_secret} --set service.targetPort=\${service_port} myrepo/${Template}"# 判断是否为新部署if helm history \${service_name} \${common_args} &>/dev/null;thenaction=upgradeelseaction=installfi# 针对服务启用ingressif [ \${service_name} == "gateway-service" ]; thenhelm \${action} \${helm_args} \--set ingress.enabled=true \--set ingress.host=${gateway_domain_name} \\${common_args}elif [ \${service_name} == "portal-service" ]; thenhelm \${action} \${helm_args} \--set ingress.enabled=true \--set ingress.host=${portal_domain_name} \\${common_args}elsehelm \${action} \${helm_args} \${common_args}fidone# 查看Pod状态sleep 10kubectl get pods \${common_args}"""}}}
}