什麼是Jenkins共享庫
隨著微服務的增多,每個專案的都需要pipline檔案,這樣的話Pipeline程式碼冗餘度高,並且pipeline的功能越來越複雜。
jenkins可以使用Shared Lib,將一些公共的pipeline抽象做成模組程式碼,在各種專案pipeline之間複用,以減少冗餘。
共享庫目錄結構
共享庫根目錄 |-- vars |-- test1.groovy |-- src |-- test2.groovy |-- resources
vars: 依賴於Jenkins執行環境的Groovy指令碼。其中的Groovy指令碼被稱之為全域性變數。
src: 標準的Java原始碼目錄結構,其中的Groovy指令碼被稱為類庫(Library class)。
resources: 目錄允許從外部庫中使用 libraryResource 步驟來載入有關的非 Groovy 檔案。
引用共享庫的方式
#!/usr/bin/env groovy // 引用預設配置的共享庫 @Library('demo-shared-library') _ // 引用指定分支、tag的共享庫程式碼 @Library('demo-shared-library@1.0') _ // 引用多個指定分支tag的共享庫 @Library('demo-shared-library@$Branch/Tag','demo-shared-library-test@$Branch/Tag') _ @Library('utils') import org.foo.Utilities @Library('utils') import static org.foo.Utilities.*
vars下的全域性變數
/vars下的全域性變數必須以全小寫或駝峰(camelCased)
/vars/*.groovy若實現call()方法,直接引用時預設執行其中的方法
實現一行程式碼部署.NET程式到K8S
安裝Jenkins Master
# master docker run --name jenkins-blueocean -u root --privileged -d -p 8080:8080 -p 50000:50000 -v D:/architecture/jenkins/data:/var/jenkins_home -v /var/run/docker.sock:/var/run/docker.sock jenkinsci/blueocean # 訪問:http://ip:8080/ # jenkins密碼,檢視容器日誌: 7285ced325a24483bfdaab227415fdac # 安裝推薦外掛
安裝Jenkins Agent
- Name: agent2/agent3
- Labels: agentnode
- Launch method: Launch agent by connecting it to the master
Build Agent Docker Image
# slave # Dockerfile FROM jenkins/inbound-agent:latest USER root RUN apt-get update RUN apt-get -y install ca-certificates curl gnupg lsb-release RUN curl -fsSL https://get.docker.com -o get-docker.sh RUN sh get-docker.sh RUN curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" RUN install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl RUN kubectl version --client ENV JMETER_VERSION=5.4.1 ENV JMETER_HOME=/jmeter/apache-jmeter-${JMETER_VERSION} ENV JMETER_PATH=${JMETER_HOME}/bin:${PATH} ENV PATH=${JMETER_HOME}/bin:${PATH} RUN mkdir /jmeter COPY apache-jmeter-${JMETER_VERSION}.tgz /jmeter RUN cd /jmeter && tar xvf apache-jmeter-${JMETER_VERSION}.tgz #其中tgz檔案請去官網下載 RUN sed -i 's/#jmeter.save.saveservice.output_format=csv/jmeter.save.saveservice.output_format=xml/g' /jmeter/apache-jmeter-5.4.1/bin/jmeter.properties
docker build -t chesterjenkinsagent . docker tag chesterjenkinsagent:latest 192.168.43.95/jenkins/chesterjenkinsagent:v1 docker login --username=admin --password=123456 192.168.43.95 docker push 192.168.43.95/jenkins/chesterjenkinsagent:v1
執行Agent,其中的金鑰通過jenkins的agent資訊獲取
# agent4 docker run -v /var/run/docker.sock:/var/run/docker.sock --name agent4 -d --init 192.168.43.95/jenkins/chesterjenkinsagent:v1 -url http://192.168.43.94:8080 1e84c896dbffc0c325587eedb6301ab0ae66d3f4b49c4628dbb05714e382d7a2 agent4
新增K8S憑據
- 將k8s叢集的配置檔案匯出 ~/.kube/config
- Mange Jenkins -> Manage Credentials -> Add Credentials -> Secret File
- 選擇匯出的kubeconfig,設定id為kubeconfig
新增Harbor憑據
- Mange Jenkins -> Manage Credentials -> Add Credentials -> Username with password
- 輸入Harbor的使用者名稱密碼
新增Gitee憑據
- Mange Jenkins -> Manage Credentials -> Add Credentials -> Username with password
- 輸入Gitee的使用者名稱密碼
安裝外掛
Manage Jenkins -> Manage Plugins -> Search "Performance" -> install
管理共享庫
共享庫中新增以下程式碼
vars/run.groovy
#!/usr/bin/env groovy def call(String nameSpaceName, String serviceName, String servicePath, String servicePort, String nodePort, Map envInfo) { def devBranch = envInfo['dev'] def prodBranch = envInfo['prod'] pipeline { agent { label 'agentnode' } environment { DEV_MY_KUBECONFIG = credentials('kubeconfig') PROD_MY_KUBECONFIG = credentials('kubeconfig') HARBOR = credentials('harbor') } stages { stage('Dev - GitPull') { steps { deleteDir() gitCheckOut devBranch, env.GIT_URL } post { success { script { echo 'pull done' } } } } stage('Dev - DockerBuild') { steps { dockerImageBuild serviceName, "${servicePath}Dockerfile" } } stage('Dev - DockerTag') { steps { dockerTag serviceName, 'dev' } } stage('Dev - DockerLogin') { steps { dockerLogin 'dev' } } stage('Dev - DockerPush') { steps { dockerPush serviceName, 'dev' } } stage('Dev - GenerateHarborSecretYAML') { steps { harborSecret nameSpaceName, serviceName, 'dev' } } stage('Dev - GenerateK8SYAML') { steps { k8sGenerateYaml nameSpaceName, serviceName, servicePath, 'dev', servicePort, nodePort } } stage('Dev - DeployToK8S') { steps { k8sDeploy servicePath, 'dev' } } stage('Dev - CheckDeployStatus') { steps { k8sCheckDeployStatus nameSpaceName, serviceName, 'dev' } } stage('Dev - Jmeter Test') { steps { jmeterTest servicePath } } stage('DeployToProd?') { steps { input '部署生產?' } } stage('Prod - GitPull') { steps { gitCheckOut prodBranch, env.GIT_URL } } stage('Prod - DockerBuild') { steps { dockerImageBuild serviceName, "${servicePath}Dockerfile" } } stage('Prod - DockerTag') { steps { dockerTag serviceName, 'prod' } } stage('Prod - DockerLogin') { steps { dockerLogin 'prod' } } stage('Prod - DockerPush') { steps { dockerPush serviceName, 'prod' } } stage('Prod - GenerateHarborSecretYAML') { steps { harborSecret nameSpaceName, serviceName, 'prod' } } stage('Prod - GenerateK8SYAML') { steps { k8sGenerateYaml nameSpaceName, serviceName, servicePath, 'prod', servicePort, nodePort } } stage('Prod - DeployToK8S') { steps { k8sDeploy servicePath, 'prod' } } stage('Prod - CheckDeployStatus') { steps { k8sCheckDeployStatus nameSpaceName, serviceName, 'prod' } } } } }
vars/dockerImageBuild.groovy
#!/usr/bin/env groovy def call(String serviceName, String dockerfilePath) { echo "serviceName:${serviceName} dockerfilePath:${dockerfilePath}" sh "docker build -t ${serviceName} -f ${dockerfilePath} ." }
vars/dockerLogin.groovy
#!/usr/bin/env groovy def call(String envName) { sh 'docker login --username=$HARBOR_USR --password=$HARBOR_PSW 192.168.43.95' }
vars/dockerPush.groovy
#!/usr/bin/env groovy def call(String serviceName,String envName) { sh "docker push 192.168.43.95/dapr/${serviceName}:${envName}-${BUILD_NUMBER}" }
vars/dockerTag.groovy
#!/usr/bin/env groovy def call(String serviceName, String envName) { sh "docker tag ${serviceName}:latest 192.168.43.95/dapr/${serviceName}:${envName}-${BUILD_NUMBER}" }
vars/gitCheckOut.groovy
#!/usr/bin/env groovy def call(String branchName, String gitUrl) { echo "branchName:${branchName} gitUrl:${gitUrl}" checkout([$class: 'GitSCM', branches: [[name: branchName]], extensions: [], userRemoteConfigs: [[credentialsId: 'gitee', url: gitUrl]]]) }
vars/harborSecret.groovy
def call(String namespaceName, String serviceName, String envName) { dir('harborsecret') { checkout([$class: 'GitSCM', branches: [[name: '*/master']], extensions: [], userRemoteConfigs: [[credentialsId: 'gitee', url: 'https://gitee.com/chesterdotchen/jenkins-demo-secrets.git']]]) sh """sed -i 's/{{ServiceName}}/${serviceName}/g' secrets.yaml""" sh """sed -i 's/{{NameSpaceName}}/${namespaceName}/g' secrets.yaml""" if (envName == 'dev') { sh("kubectl --kubeconfig ${DEV_MY_KUBECONFIG} apply -f secrets.yaml") } if (envName == 'prod') { sh("kubectl --kubeconfig ${PROD_MY_KUBECONFIG} apply -f secrets.yaml") } } }
vars/jmeterTest.groovy
#!/usr/bin/env groovy def call(String servicePath) { sh "jmeter -j jmeter.save.saveservice.output_format=xml -n -t ${servicePath}jmeter.jmx -l ${servicePath}jmeter.report.jtl" sh "cp ${servicePath}jmeter.report.jtl ${servicePath}jmeter.report.${BUILD_NUMBER}.jtl" perfReport errorFailedThreshold:5, sourceDataFiles:"${servicePath}jmeter.report.jtl" sh "cat ${servicePath}jmeter.report.${BUILD_NUMBER}.jtl" sh """#!/bin/sh grep '<failure>true</failure>' ${servicePath}jmeter.report.${BUILD_NUMBER}.jtl if [ \$? = 0 ] then exit 1 else exit 0 fi """ }
vars/k8sCheckDeployStatus.groovy
#!/usr/bin/env groovy def call(String nameSpaceName, String serviceName, String envName) { if (envName == 'dev') { sh(""" ATTEMPTS=0 ROLLOUT_STATUS_CMD='kubectl --kubeconfig ${DEV_MY_KUBECONFIG} rollout status deployment/${serviceName} -n ${nameSpaceName}-ns' until \$ROLLOUT_STATUS_CMD || [ \$ATTEMPTS -eq 60 ]; do \$ROLLOUT_STATUS_CMD ATTEMPTS=\$((attempts + 1)) sleep 10 done """) } if (envName == 'prod') { sh(""" ATTEMPTS=0 ROLLOUT_STATUS_CMD='kubectl --kubeconfig ${PROD_MY_KUBECONFIG} rollout status deployment/${serviceName} -n ${nameSpaceName}-ns' until \$ROLLOUT_STATUS_CMD || [ \$ATTEMPTS -eq 60 ]; do \$ROLLOUT_STATUS_CMD ATTEMPTS=\$((attempts + 1)) sleep 10 done """) } }
vars/k8sDeploy.groovy
#!/usr/bin/env groovy def call(String servicePath, String envName) { if (envName == 'dev') { sh("kubectl --kubeconfig ${DEV_MY_KUBECONFIG} apply -f ${servicePath}deployment.yaml") } if (envName == 'prod') { sh("kubectl --kubeconfig ${PROD_MY_KUBECONFIG} apply -f ${servicePath}deployment.yaml") } }
vars/k8sGenerateYaml.groovy
#!/usr/bin/env groovy def call(String namespaceName, String serviceName, String servicePath, String envName, String servicePort, String nodePort) { sh """sed "s/{{tagversion}}/${envName}-${BUILD_NUMBER}/g" ${servicePath}deployment.yaml.tpl > ${servicePath}deployment.yaml """ sh """sed -i 's/{{ServiceName}}/${serviceName}/g' ${servicePath}deployment.yaml""" sh """sed -i 's/{{ServicePort}}/${servicePort}/g' ${servicePath}deployment.yaml""" sh """sed -i 's/{{NodePort}}/${nodePort}/g' ${servicePath}deployment.yaml""" sh """sed -i 's/{{NameSpaceName}}/${namespaceName}/g' ${servicePath}deployment.yaml""" }
jenkins-demo-secrets中程式碼如下
apiVersion: v1 kind: Namespace metadata: name: {{NameSpaceName}}-ns --- apiVersion: v1 kind: Secret metadata: name: harbor-key namespace: {{NameSpaceName}}-ns type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjQzLjk1IjogewoJCQkiYXV0aCI6ICJZV1J0YVc0Nk1USXpORFUyIgoJCX0sCgkJInJlZ2lzdHJ5LmNuLWJlaWppbmcuYWxpeXVuY3MuY29tIjogewoJCQkiYXV0aCI6ICI2Wm1JNUxpQTU0dXVPbU5vWlc1NWFYTm9hVEV5TXc9PSIKCQl9Cgl9Cn0=
dockerconfigjson可通過以下方式獲取
docker login --username=admin --password=123456 192.168.43.95 cat ~/.docker/config.json | base64
Jenkinsfile中引用共享庫
專案庫中需要提前編寫好Dockerfile,Jenkinsfile,deployment.yaml.tpl,jmeter.jmx
Dockerfile
#See https://aka.ms/containerfastmode to understand how Visual Studio uses this Dockerfile to build your images for faster debugging. FROM mcr.microsoft.com/dotnet/aspnet:5.0 AS base WORKDIR /app EXPOSE 5001 FROM mcr.microsoft.com/dotnet/sdk:5.0 AS build WORKDIR /src COPY ["FrontEnd/FrontEnd.csproj", "FrontEnd/"] COPY ["Common/Common.csproj", "Common/"] RUN dotnet restore "FrontEnd/FrontEnd.csproj" COPY . . WORKDIR "/src/FrontEnd" RUN dotnet build "FrontEnd.csproj" -c Release -o /app/build FROM build AS publish RUN dotnet publish "FrontEnd.csproj" -c Release -o /app/publish FROM base AS final WORKDIR /app COPY --from=publish /app/publish . ENTRYPOINT ["dotnet", "FrontEnd.dll"]
Jenkinsfile
#!/usr/bin/env groovy @Library('share@master') _ run 'daprtest', 'frontend', './FrontEnd/', '5001', '31111', ['dev':'*/master', 'prod':'*/master']
deployment.yaml.tpl
apiVersion: v1 kind: Namespace metadata: name: {{NameSpaceName}}-ns --- apiVersion: dapr.io/v1alpha1 kind: Component metadata: name: statestore namespace: {{NameSpaceName}}-ns spec: type: state.redis version: v1 metadata: - name: redisHost value: 192.168.43.102:6379 - name: redisPassword value: "123456" - name: actorStateStore value: "true" --- apiVersion: apps/v1 kind: Deployment metadata: name: {{ServiceName}} namespace: {{NameSpaceName}}-ns labels: app: {{ServiceName}} spec: replicas: 1 selector: matchLabels: app: {{ServiceName}} template: metadata: namespace: {{NameSpaceName}}-ns labels: app: {{ServiceName}} annotations: dapr.io/enabled: "true" dapr.io/app-id: "{{ServiceName}}" dapr.io/app-port: "{{ServicePort}}" spec: imagePullSecrets: - name: harbor-key containers: - name: {{ServiceName}} image: 192.168.43.95/dapr/{{ServiceName}}:{{tagversion}} ports: - containerPort: {{ServicePort}} imagePullPolicy: Always --- apiVersion: v1 kind: Service metadata: namespace: {{NameSpaceName}}-ns name: {{ServiceName}}-svc spec: type: NodePort selector: app: {{ServiceName}} ports: - port: {{ServicePort}} targetPort: {{ServicePort}} nodePort: {{NodePort}}
jmter.jmx則根據需要自行編寫
新建pipline
其中的URL指向自己專案的git地址
構建pipline
至此,我們已經完成了Jenkinsfile中一行程式碼部署我們的專案,如果有新的service,在編寫好Dockerfile,deployment.yaml.tpl(保持一致),jmeter.jmx的前提下,我們只需要Jenkinsfile中通過共享庫引用run方法即可