Kubernetes實(shí)現(xiàn)CI與CD配置教程

更新時(shí)間：2022年05月26日 09:45:24 作者：愿許浪盡天涯

這篇文章主要為大家介紹了基于Kubernetes實(shí)現(xiàn)CI與CD配置教程，有需要的朋友可以借鑒參考下，希望能夠有所幫助，祝大家多多進(jìn)步，早日升職加薪

一、基本介紹

基于 Kubernetes 實(shí)現(xiàn) CI/CD 配置，其實(shí)和往常那些 CI/CD 配置并沒有太大區(qū)別。都是通過提交代碼，拉取代碼，構(gòu)建代碼，發(fā)布代碼來實(shí)現(xiàn)的。只不過要是通過 K8s 來實(shí)現(xiàn)的話，則是需要將構(gòu)建好的代碼打包成鏡像，通過鏡像的方式來運(yùn)行。

CI/CD 流程圖：

開發(fā)將代碼提交代碼倉庫后，我們便可以通過在 Jenkins 上配置腳本或是 Pipline 的方式來實(shí)現(xiàn)代碼發(fā)布，其中發(fā)布有兩種方式，一種是通過手動發(fā)布，另外一種可以通過 WebHook 插件來實(shí)現(xiàn)提交代碼便自動發(fā)布（生產(chǎn)環(huán)境不建議自動發(fā)布）

腳本內(nèi)容一般分為：克隆代碼、編譯代碼、將編譯好的代碼打包成鏡像、運(yùn)行鏡像幾個(gè)步驟。

二、基于 Kubernetes 實(shí)現(xiàn) CI/CD 配置

下面我們是通過容器的方式安裝配置，物理安裝可以看我前面的文章：傳送門

1.配置 GitLab

1）安裝 Docker-Compose

[root@k8s-master01 ~]# wget "https://github.com/docker/compose/releases/download/v2.3.2/docker-compose-$(uname -s)-$(uname -m)" -O /usr/local/bin/docker-compose	
[root@k8s-master01 ~]# chmod +x /usr/local/bin/docker-compose
[root@k8s-master01 ~]# docker-compose --version

2）安裝 GitLab

[root@k8s-master01 ~]# vim docker-compose.yml
version: '3'
services:
  web:
    image: 'gitlab/gitlab-ce:14.8.5-ce.0'
    restart: always
    hostname: 192.168.1.1
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'http://192.168.1.1'
    ports:
      - '1080:80'
      - '1443:443'
      - '1022:22'
    volumes:
      - '/app/gitlab/config:/etc/gitlab'
      - '/app/gitlab/logs:/var/log/gitlab'
      - '/app/gitlab/data:/var/opt/gitlab'
[root@k8s-master01 ~]# docker-compose up -d

因?yàn)椴┲鞯碾娔X配置不是很高，所以就不使用上面的方式安裝 GitLab，而是直接使用 GitHub 上面的倉庫。

2.配置 Jenkins

1）安裝 NFS 存儲，并配置共享目錄

[root@k8s-master01 ~]# yum -y install nfs-utils rpcbind
[root@k8s-master01 ~]# echo "/app/jenkins *(rw,sync,no_root_squash)" > /etc/exports
[root@k8s-master01 ~]# mkdir /app/jenkins
[root@k8s-master01 ~]# systemctl start rpcbind nfs

2）創(chuàng)建 PV 和 PVC

[root@k8s-master01 ~]# vim jenkins-pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
  name: jenkins-pv
spec:
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteMany
  nfs:
    server: 192.168.1.1
    path: /app/jenkins
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: jenkins-pvc
spec:
  resources:
    requests:
      storage: 10Gi
  accessModes:
    - ReadWriteMany   
[root@k8s-master01 ~]# kubectl create -f jenkins-pv.yaml

3）創(chuàng)建 RBAC 授權(quán)

[root@k8s-master01 ~]# vim jenkins-sa.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins-sa
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: jenkins-cr
rules:
  - apiGroups: ["extensions","apps"]
    resources: ["deployments"]
    verbs: ["create","delete","get","list","watch","patch","update"]
  - apiGroups: [""]
    resources: ["services"]
    verbs: ["create","delete","get","list","watch","patch","update"]
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["create","delete","get","list","patch","update"]
  - apiGroups: [""]
    resources: ["pods/exec"]
    verbs: ["create","delete","get","list","patch","update"]
  - apiGroups: [""]
    resources: ["pods/log"]
    verbs: ["get","list","update"]
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: jenkins-crb
roleRef:
  kind: ClusterRole
  name: jenkins-cr
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: jenkins-sa
  namespace: default
[root@k8s-master01 ~]# kubectl create -f jenkins-sa.yaml

4）創(chuàng)建 StatefulSet

[root@k8s-master01 ~]# vim jenkins-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: jenkins
spec:
  serviceName: jenkins
  replicas: 1
  selector:
    matchLabels:
      app: jenkins
  template:
    metadata:
      name: "jenkins"
      labels:
        app: jenkins
    spec:
      serviceAccountName: jenkins-sa
      containers:
      - name: jenkins
        image: jenkins/jenkins:lts
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 8080
        - containerPort: 50000
        volumeMounts:
        - name: jenkins
          mountPath: /var/jenkins_home
      volumes:
      - name: jenkins
        persistentVolumeClaim:
          claimName: jenkins-pvc          
[root@k8s-master01 ~]# chown -R 1000 /app/jenkins
[root@k8s-master01 ~]# kubectl create -f jenkins-statefulset.yaml

5）創(chuàng)建 Service

[root@k8s-master01 ~]# vim jenkins-svc.yaml
apiVersion: v1
kind: Service
metadata:
  name: jenkins
spec:
  type: NodePort
  ports:
  - name: http
    port: 8080
    targetPort: 8080
    nodePort: 30080
  - name: agent
    port: 50000
    targetPort: 50000
    nodePort: 30090
  selector:
    app: jenkins
[root@k8s-master01 ~]# kubectl create -f jenkins-svc.yaml

6）配置 Jenkins

[root@k8s-master01 ~]# cat /app/jenkins/secrets/initialAdminPassword 
a303d66e915e4ee5b26648a64fdff4be

http://192.168.1.1:30080/

我們這里安裝推薦的插件即可，后面有需求可以再進(jìn)行安裝

3.實(shí)現(xiàn) CI/CD 配置

1）在 Jenkins 宿主機(jī)上創(chuàng)建 SSH 密鑰

[root@k8s-master01 ~]# ssh-keygen -t rsa								# 三連回車
[root@k8s-master01 ~]# cat ~/.ssh/id_rsa.pub							# 查看公鑰

2）將公鑰上傳到 GitLab 上

3）將倉庫克隆到本地

[root@k8s-master01 ~]# git clone git@github.com:ChenZhuang1217/test.git

4）編寫 Go 代碼

[root@k8s-master01 ~]# cd test
[root@k8s-master01 test]# vim main.go
package main
import (
	"fmt"
	"net/http"
)
func HelloHandler(w http.ResponseWriter, r *http.Request) {
	fmt.Fprintf(w, "Hello World")
}
func main() {
	http.HandleFunc("/", HelloHandler)
	http.ListenAndServe(":8080", nil)
}

5）編寫 Dockerfile

[root@k8s-master01 test]# vim Dockerfile
FROM golang:1.16 as builder
ENV GO111MODULE=on \
    GOPROXY=https://goproxy.cn,direct
WORKDIR /app
COPY . .
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o main main.go
FROM busybox:1.28.4
WORKDIR /app
COPY --from=builder /app/ .
EXPOSE 8080
CMD ["./main"]
[root@k8s-master01 test]# docker build -t test-web-server:devops-$(date +%Y-%m-%d-%H-%M-%S) .

6）提交代碼

Git 教程可以看博主前面寫的文章：Git

[root@k8s-master01 test]# git add .														# 提交到暫存區(qū)
[root@k8s-master01 test]# git config --global user.email "Zhuang_zz1217@163.com"		# 配置用戶郵箱
[root@k8s-master01 test]# git commit -m "This is test CI/CD"							# 提交到本地倉庫
[root@k8s-master01 test]# git push														# 推送到遠(yuǎn)程倉庫

7）創(chuàng)建 Deployment 和 Service

[root@k8s-master01 ~]# vim test-web-server.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: test-web-server
spec:
  replicas: 1
  selector:
    matchLabels:
      app: test-web-server
  template:
    metadata:
      labels:
        app: test-web-server
    spec:
      containers:
      - name: test-web-server
        image: test-web-server:devops-2022-04-25-17-16-54
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
  name: test-web-server
spec:
  type: NodePort
  ports:
  - name: test-web-server
    port: 8080
    targetPort: 8080
    nodePort: 30188
  selector:
    app: test-web-server
[root@k8s-master01 ~]# kubectl create -f test-web-server.yaml

8）編寫 Jenkins 發(fā)版腳本

[root@k8s-master01 ~]# vim test.sh
#!/bin/bash
# 固定時(shí)間格式
Second=$(date +%Y-%m-%d-%H-%M-%S)
# 備份舊的鏡像
Image=$(kubectl -s https://192.168.1.1:6443 describe pod | grep Image: | awk '{print $2}' | grep test)
echo $Image > /opt/test-image-$Second
# 克隆代碼
cd /root
if [ -d test ];
then
  mv test /opt/test-devops-$Second
  git clone git@github.com:ChenZhuang1217/test.git
else
  git clone git@github.com:ChenZhuang1217/test.git
fi
# 發(fā)布新的鏡像
cd /root/test && docker build -t test-web-server:devops-$Second .
# 上傳到鏡像倉庫
if [ $? -eq 0 ];
then
  docker tag test-web-server:devops-$dateImage harbor.tianya.com:5000/test-web-server:devops-$Second
  docker push harbor.tianya.com:5000/test-web-server:devops-$Second
else
  exit 1			# 退出 (防止運(yùn)行下面命令)
fi
# 替換鏡像
sed -i 's/image:.*/image: harbor.tianya.com:5000\/test-web-server:devops-'$Second'/g' /root/test-web-server.yaml
# 重啟應(yīng)用
kubectl delete -f /root/test-web-server.yaml
kubectl create -f /root/test-web-server.yaml
[root@k8s-master01 ~]# chmod +x test.sh

上面這個(gè)腳本有兩步需要注意：

上傳到鏡像倉庫：如果你們沒有自己的鏡像倉庫，可以選擇調(diào)整腳本或看博主前面寫的文章來安裝 Harbor 倉庫。

替換鏡像：我們上面配置的腳本是針對單個(gè)模塊的，多個(gè)模塊可以根據(jù) for 循環(huán)來實(shí)現(xiàn)。