基于Kubernetes的微服务CI/CD：Jenkins Pipeline全流程实践

一、部署gitlab

       GitLab 是一个集代码托管、CI/CD、项目管理、安全扫描于一体的 DevOps 平台，提供从代码编写到部署的全生命周期管理。它支持 Git 版本控制，内置自动化流水线，可与 Kubernetes 集成，实现云原生应用的持续交付。同时提供问题追踪、代码审查、容器镜像仓库等功能，帮助企业高效落地 DevOps 实践。

1.下载安装

#下载gitlab-ce-12.0.3组件
https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-12.0.3-ce.0.el7.x86_64.rpm
#安装 gitlab-ce-12.0.3组件
yum localinstall -y gitlab-ce-12.0.3-ce.0.el7.x86_64.rpm

2.修改配置文件

#修改配置文件
[root@nacos-128 ]# vim /etc/gitlab/gitlab.rb
external_url 'http://gitlab.liux.cn'
prometheus['enable'] = false
prometheus['monitor_kubernetes'] = false
alertmanager['enable'] = false
node_exporter['enable'] = false
redis_exporter['enable'] = false
postgres_exporter['enable'] = false
prometheus_monitoring['enable'] = false
grafana['enable'] = false

3.初始化以及启动

#初始化gitlab-ctl reconfigure#启动gitlab-ctl statusgitlab-ctl stopgitlab-ctl start#登录  需要做hosts解析http://gitlab.liux.cnroot/liux12366

4.gitlab创建项目以及服务器clone项目

#gitlab上面创建组和项目
springcloud/passport
#在服务器上clone项目
git config --global user.name "Administrator"
git config --global user.email "admin@example.com"
git clone git@gitlab.liux.cn:springcloud/passport.git
cd passport
touch README.md
git add README.md
git commit -m "add README"
git push -u origin master#将passport项目上传到服务器，然后push到gitlab
[root@nacos-128 passport]# ll
total 28
-rw-r--r--. 1 root root   379 May  5  2020 HELP.md
-rw-r--r--. 1 root root 10070 May  5  2020 mvnw
-rw-r--r--. 1 root root  6608 May  5  2020 mvnw.cmd
-rw-r--r--. 1 root root  2329 May  5  2020 pom.xml
-rw-r--r--. 1 root root     0 Apr 23 17:45 README.md
drwxr-xr-x. 3 root root    18 Jun 10  2020 src
drwxr-xr-x  6 root root   159 Apr 24 09:43 target
[root@nacos-128 passport]#  git add .
[root@nacos-128 passport]#  git commit -m 'add'
[root@nacos-128 passport]#  git push -u origin master

二、部署harbor

      Harbor 是一款开源的企业级 Docker 镜像仓库管理工具，提供镜像存储、访问控制、漏洞扫描和复制同步等核心功能。它支持多租户安全策略，集成 Clair 进行镜像安全扫描，并可与 Kubernetes、CI/CD 工具链无缝对接，是企业构建私有容器镜像仓库和实现云原生应用安全交付的理想选择。

     部署参考docker容器化技术文档中harbor安装

1.下载harbor软件

       上传服务器 harbor.tar.gz  我这里是其他服务器上已装好的harbor，已配置https。

2.解压安装

[root@harbor harbor]# mkdir -p /liux/softwares/
[root@harbor ~]# tar -xf harbor.tar.gz -C /liux/softwares/
[root@harbor ~]# cd /liux/softwares/harbor/#安装
[root@harbor harbor]# ./install.sh

3.将客户端证书推送到所有的k8s集群

[root@harbor harbor]# scp certs/custom/client/* node-1:/etc/docker/certs.d/harbor.liux.com/
[root@harbor harbor]# scp certs/custom/client/* node-2:/etc/docker/certs.d/harbor.liux.com/

4.挑选任意K8S节点测试harbor能否正常访问

[root@node-2 ~]# docker login -u admin -p 12366 harbor.liux.com
.....
Login Succeeded

5.harbor启动、停止命令

[root@harbor harbor]# docker-compose up -d
[root@harbor harbor]# docker-compose down

三、部署nacos

       Nacos 是一款开源的动态服务发现、配置管理和服务治理平台，支持DNS与RPC式服务注册与发现，提供实时配置推送、服务健康监测和动态路由功能。作为云原生时代的核心中间件，它无缝兼容Spring Cloud、Kubernetes和Dubbo等生态，帮助开发者快速构建弹性可扩展的微服务架构，实现服务配置的集中化管理与服务的自动化运维。

1.下载

#下载
wget https://download.nacos.io/nacos-server/nacos-server-2.5.1.zip?spm=5238cd80.7a4232a8.0.0.f834e755XxpRod&file=nacos-server-2.5.1.zip
#解压
unzip nacos-server-2.5.1.zip

2.修改配置文件

[root@nacos-128 conf]# vim application.properties
server.port=8848
spring.datasource.platform=mysql### Count of DB:
db.num=1
### Connect URL of DB:
db.url.0=jdbc:mysql://127.0.0.1:3306/nacos?characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true
db.user=nacos
db.password=nacos

3.启动(单机启动)

[root@nacos-128 ~]# cd /root/nacos/bin
[root@nacos-128 bin]# ./startup.sh -m standalone#访问http://192.168.91.128:8848/nacos/index.html
nacos/nacos

4.页面导入配置

#网关配置spring-cloud-gateway.yaml
server:port: 9000spring:application:name: spring-cloud-gatewaycloud:nacos:discovery:#server-addr: 192.168.0.183:8848server-addr: 192.168.91.128:8848file-extension: yamlconfig:server-addr: 192.168.91.128:8848gateway:discovery:locator:enabled: trueredis:host: 192.168.91.128port: 6379password: 123456lettuce:pool:max-wait: 100000max-idle: 10max-active: 100timeout: 5000database: 0logging:level:root: INFOorg:springframework:security: INFOweb: INFOhibernate: INFOapache:commons:dbcp2: INFOfile: /var/log/gateway.log
network:filter: truecache:filter: falseacl:blacklist: "10.0.0.0/8"whitelist: "0.0.0.0/0"
management:endpoints:web:exposure:include: "*"metrics:enabled: trueprometheus:enabled: trueendpoint:shutdown:enabled: truegateway:enabled: truemetrics:export:prometheus:enabled: truetags:application: ${spring.application.name}#provider-passport-config.yaml
spring:application:name: provider-passportcloud:nacos:discovery:#server-addr: 192.168.0.183:8848server-addr: 192.168.91.128:8848
server:port: 8086
management:endpoints:web:exposure:include: "*"metrics:enabled: trueprometheus:enabled: truemetrics:export:prometheus:enabled: truetags:application: ${spring.application.name}
logging:level:root: INFO        org:springframework:security: INFOweb: INFO    hibernate: INFO        apache:commons:dbcp2: INFOfile: /var/log/provider/passport.log
data:msg: '后台服务passport'

四、部署jenkins

       Jenkins 是一款开源的持续集成与持续交付（CI/CD）工具，通过自动化构建、测试和部署流程加速软件开发。它支持丰富的插件生态，可无缝集成 Git、Docker、Kubernetes 等主流技术栈，提供流水线即代码（Pipeline as Code）能力和分布式任务执行，帮助团队实现高效、可靠的 DevOps 实践，适用于从单体应用到云原生微服务的全场景自动化。

1.安装jdk

#下载jdk
wget https://download.oracle.com/java/21/latest/jdk-21_linux-x64_bin.rpm
#安装jdk
rpm -ivh jdk-21_linux-x64_bin.rpm

2.部署jenkins

#下载地址 war包地址
wget https://mirrors.tuna.tsinghua.edu.cn/jenkins/war/2.507/jenkins.war

3.编写启动文件启动

[root@node-2 jenkins]#  cat > /root/jenkins/restart.sh <<EOF
#!/bin/bash  
pid=`ps -ef|grep jenkins | grep -v grep | awk '{print $2}'`
kill -9 $pid
sleep 5snohup java -DJENKINS_HOME=/root/jenkins/jenkins_home \
-jar /root/jenkins/jenkins.war --httpPort=8080 >>/root/jenkins/nohup.out 2>&1 &
EOF#授权启动
[root@node-2 jenkins]#  chmod +x restart.sh
[root@node-2 jenkins]#  ./restart.sh#登录jenkins
http://192.168.91.22:8080
#修改之后的密码
admin/admin

4.安装插件

#页面安装插件然后重启
Maven Integration
Git Parameter
Pipeline
Build With Parameters
Persistent Parameter
Extended Choice Parameter
Localization: Chinese (Simplified)

5.添加凭据

#添加gitlab的凭据
系统管理-->凭据管理-->添加凭据-->填写用户密码
保存之后会有一个凭据，用户拉取gitlab代码  cfa063a7-bfae-457a-bf77-61c6227ca52d

6.新增流水线项目

#流水线脚本
pipeline{agent any environment {def git_url="http://gitlab.liux.cn/springcloud/passport.git"def git_branch = "${branch}"def git_auth = "cfa063a7-bfae-457a-bf77-61c6227ca52d"def project_version = "${release}-${UUID.randomUUID().toString()}"def docker_nodes = "${nodes}"def job_mvn = "${WORKSPACE}"def mvn = '/usr/local/apache-maven-3.6.3/bin/mvn'def image_name = 'provider-passport'def page_path = "${WORKSPACE}/target"def project_path="/data/images/passport"def remote_ip="192.168.91.18"def app_name="provider-passport"def remote_yaml="/mnt/yaml/passport/provider-passport.yaml"}stages{stage('Git Checkout'){steps{echo 'check git'checkout([$class: 'GitSCM',branches: [[name: "${git_branch}" ]],doGenerateSubmoduleConfigurations: false,extensions: [],submoduleCfg: [],userRemoteConfigs: [[credentialsId: "${git_auth}",url: "${git_url}"]]])}    }stage('Manven Build'){when {expression {currentBuild.result == null || currentBuild.result == 'SUCCESS'}}steps{sh "cd ${job_mvn} ; ${mvn} clean package -Dmaven.test.skip=true -U"}}stage('Copy Jar'){when {expression {currentBuild.result == null || currentBuild.result == 'SUCCESS'}}steps{sh "/usr/bin/cp -rf ${env.page_path}/demo-*-SNAPSHOT.jar ${project_path}"}}stage('Docker Build'){when {expression {currentBuild.result == null || currentBuild.result == 'SUCCESS'}}steps{sh "cd ${project_path} && docker build -t harbor.liux.com/springcloud/${env.app_name}:${env.project_version} ."}}stage('Push Docker'){when {expression {currentBuild.result == null || currentBuild.result == 'SUCCESS'}}steps{sh "docker push harbor.liux.com/springcloud/${env.app_name}:${env.project_version}"}}stage('Apply Docker'){when {expression {currentBuild.result == null || currentBuild.result == 'SUCCESS'}}steps{sh "ssh ${env.remote_ip} 'sed -i 's@${env.app_name}:.*@${env.app_name}:${env.project_version}@g' ${env.remote_yaml}';ssh ${env.remote_ip} '/usr/local/bin/kubectl apply -f ${env.remote_yaml}'"}}stage('Replicas Docker'){when {expression {currentBuild.result == null || currentBuild.result == 'SUCCESS'}}steps{sh "ssh ${env.remote_ip} '/usr/local/bin/kubectl scale deployment ${env.app_name} --replicas=${env.docker_nodes}'"}}}post {success {sh "echo 'Success success'"}failure {sh "echo 'Faild faild'"}}
}#新增流水线项目build-passport-maven
01:添加参数化构建过程-->git参数-->名称(branch),默认值(master),描述(分支)
02:添加参数化构建过程-->文本参数-->名称(nodes),默认值(1),描述(副本数)
03:添加参数化构建过程-->字符参数-->名称(release),默认值(v1.0),描述(版本信息)
04:流水线-->脚本#Agent: agent any 表示流水线可在任何可用代理节点上执行。

7.编写dockerfile文件

#dockerfile文件
[root@node-2 passport]# cat Dockerfile 
FROM harbor.liux.com/basic/openjdk8:v1.0
run mkdir -p /usr/local/java/provider && mkdir -p /var/log/provider && touch /var/log/provider/passport.log
copy demo-0.0.1-SNAPSHOT.jar /usr/local/java/provider/demo-0.0.1-SNAPSHOT.jar
run which java
ADD run.sh /run.sh
RUN chmod +x /run.sh
CMD ["sh","/run.sh"]
#CMD ["tail","-f","/etc/hosts"]#启动文件
[root@node-2 passport]# cat run.sh 
#!/bin/bash
#log
echo '00 23 * * * /usr/bin/find /var/log/sport -type f -mmin +720 -exec rm -f {} \;' > /var/spool/cron/crontabs/root && crond -l 0 -b -L /var/log/crontab.log# Start the second process
#/sbin/tini --
java -Xms512m -Xmx512m  -Dspring.cloud.nacos.discovery.server-addr=192.168.91.128:8848 -Dspring.cloud.nacos.config.server-addr=192.168.91.128:8848 -jar /usr/local/java/provider/demo-0.0.1-SNAPSHOT.jar 
status=$?
if [ $status -ne 0 ]; thenecho "Failed to start passport: $status"exit $status
fi

8.jenkins服务器上面安装maven

#下载
https://archive.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz
#编译Java服务
tar xf  apache-maven-3.6.3-bin.tar.gz

9.k8s上面编写yaml文件

[root@master-1 ~]# mkdir -p /data/passport
[root@master-1 passport]# cat > provider-passport.yaml <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:name: provider-passport
spec:replicas: 1selector:matchLabels:app: provider-passportminReadySeconds: 1strategy:type: RollingUpdaterollingUpdate:maxSurge: 1maxUnavailable: 1template:metadata:labels:app: provider-passportspec:imagePullSecrets:- name: registry-passportcontainers:- name: provider-passportimage: harbor.liux.com/springcloud/provider-passport:v1.0-8183e107-fe51-4d68-8d5f-0bb671ddcf3a#可用性检查readinessProbe:tcpSocket:port: 6161initialDelaySeconds: 10periodSeconds: 5env:- name: aliyun_logs_provider-passport-logsvalue: "stdout"ports:- containerPort: 6161name: httpresources:limits:memory: 1024Mirequests:memory: 1024Mi
EOF
#使用secret存储harbor用户密码
[root@master-1 passport]# kubectl create secret docker-registry registry-passport \
--docker-server=harbor.liux.com  \
--docker-username=admin \
--docker-password=12366 \
--docker-email=admin@abc.com

10.Jenkins运行流水线

       如下图所示，表示已经完整的使用流水线在k8s中启动了一个项目。