云原生之旅 - 11）基于 Kubernetes 动态伸缩 Jenkins Build Agents( 二 ) _生活百科

JenkinsfileCI接着我们用 Jenkinsfile 写一个 Declarative pipeline - build/push docker image 到docker hub首先需要定义一个 pod.yaml 作为启动 agent 的container

文章插图

文章插图
kind: Podspec:containers:# list of containers that you want present for your build, you can define a default container in the Jenkinsfile- name: mavenimage: maven:3.5.4-jdk-8-slimcommand: ["tail", "-f", "/dev/null"]# this or any command that is bascially a noop is required, this is so that you don't overwrite the entrypoint of the base containerimagePullPolicy: Always # use cache or pull image for agentresources:# request and limit the resources your build contaienrrequests:memory: 4Gicpu: 2limits:memory: 4Gicpu: 2volumeMounts:- mountPath: /root/.m2 # maven .m2 cache directoryname: maven-home- name: gitimage: bitnami/git:2.38.1imagePullPolicy: IfNotPresentcommand: ["tail", "-f", "/dev/null"]resources: # limit the resources your build contaienrlimits:cpu: 100mmemory: 256Mi- name: kubectl-kustomizeimage: line/kubectl-kustomize:1.25.3-4.5.7imagePullPolicy: IfNotPresentcommand: ["tail", "-f", "/dev/null"]resources: # limit the resources your build contaienrlimits:cpu: 100mmemory: 256Mi- name: dockerimage: docker:18.06.1command: ["tail", "-f", "/dev/null"]imagePullPolicy: AlwaysvolumeMounts:- name: dockermountPath: /var/run/docker.sock # We use the k8s host docker enginevolumes:- name: dockerhostPath:path: /var/run/docker.sock- name: maven-homepersistentVolumeClaim:claimName: maven-repo-storagebuild-pod.yaml
在Jenkinsfile里面定义agent 使用这个yaml file
agent {kubernetes {idleMinutes 3// how long the pod will live after no jobs have run on ityamlFile './build-pod.yaml'// path to the pod definition relative to the root of our projectdefaultContainer 'docker'// define a default container if more than a few stages use it, otherwise default to jnlp container}下面步骤是 docker login/build/tag/push
environment { DOCKER_HUB_REGISTRY='https://index.docker.io/v1/' DOCKER_HUB_CREDS = credentials('wade_test_dockerhub') }stage('Build and Push Docker Image') {steps {script {dir(dir_path) {container('docker') {// docker login, Using single-quotes instead of double-quotes when referencing these sensitive environment variables prevents this type of leaking.sh 'echo $DOCKER_HUB_CREDS_PSW | docker login -u $DOCKER_HUB_CREDS_USR --password-stdin $DOCKER_HUB_REGISTRY'// build image with git tagsh """docker build -t $PROJECT_IMAGE_WITH_TAG .docker tag $PROJECT_IMAGE_WITH_TAG $DOCKER_HUB_CREDS_USR/$PROJECT_IMAGE_WITH_TAG"""// push image_tag to docker hubsh """docker push $DOCKER_HUB_CREDS_USR/$PROJECT_IMAGE_WITH_TAG"""}}}}}我这里没有选择用 docker.withRegistry
docker.withRegistry("$DOCKER_HUB_REGISTRY", "$DOCKER_HUB_CREDENTIAL") {}因为会有不安全的log提示
【云原生之旅 - 11）基于 Kubernetes 动态伸缩 Jenkins Build Agents】WARNING! Using --password via the CLI is insecure. Use --password-stdin.CI + Kustomize + CD这个例子是上面的 CI 之后加上 - 利用 Kustomize build K8S resource manifests 然后 CD 到一个 Cluster
Kustomize 可以参考云原生之旅 - 6）不能错过的一款 Kubernetes 应用编排管理神器 Kustomize

文章插图

文章插图
// assume your k8s manifests in another repo, mine is same repo, just in order to show git clone stepstage('Checkout K8S manifests') {steps {script {dir(dir_path) {container('git') {if (! fileExists('learning_by_doing/README.md')) {sh """git clone https://github.com/wadexu007/learning_by_doing.gitls -lhrt"""} else {sh 'echo manifes repo already exist.'}}}}}}stage('Build manifests with Kustomize') {steps {script {dir(dir_path) {container('kubectl-kustomize') {sh """cd learning_by_doing/Kustomize/demo-manifests/services/demo-app/dev/kustomize edit set image $DOCKER_HUB_CREDS_USR/$PROJECT_IMAGE_WITH_TAGkustomize build > $WORKSPACE/$dir_path/deployment.yaml"""}}}}}stage('Deploy to GKE test cluster') {environment{PROJECT_ID = 'xperiences-eng-cn-dev'CLUSTER_NAME = 'xpe-spark-test-gke'REGION = 'asia-east2'CREDENTIALS_ID = 'gcp_sa_json_key'}steps {script {dir(dir_path) {container('kubectl-kustomize') {sh """chown 1000:1000 deployment.yamlecho start to deploy to cluster $CLUSTER_NAME"""step([$class: 'KubernetesEngineBuilder',projectId: env.PROJECT_ID,clusterName: env.CLUSTER_NAME,location: env.REGION,manifestPattern: 'deployment.yaml',credentialsId: env.CREDENTIALS_ID,verifyDeployments: false])// verifyDeployments does not work for non-default namespace}}}}}