kc create secret generic kubeconfig --from-file=/root/.kube/config
pipeline {
agent {
kubernetes {
cloud 'kubernetes'
namespace 'default'
yaml '''
apiVersion: v1
kind: Pod
spec:
containers:
- name: jnlp
image: jenkins/inbound-agent:4.7-1-jdk11
args: [\'$(JENKINS_SECRET)\', \'$(JENKINS_NAME)\']
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /etc/localtime
name: valume-time
- mountPath: /etc/hosts
name: hosts
- name: docker
image: docker:19.03.15-git
tty: true
imagePullPolicy: IfNotPresent
tty: true
volumeMounts:
- mountPath: /etc/localtime
name: valume-time
- mountPath: /var/run/docker.sock
name: docker-socket
- mountPath: /etc/hosts
name: hosts
- name: kubectl
image: alvinos/kubectl:1.17.4
tty: true
imagePullPolicy: IfNotPresent
tty: true
command:
- cat
volumeMounts:
- mountPath: /.kube
name: kubeconfig
readOnly: false
- mountPath: /etc/localtime
name: valume-time
- name: sonarqube
image: emeraldsquad/sonar-scanner:2.2.0
tty: true
command:
- cat
volumeMounts:
- mountPath: /etc/localtime
name: valume-time
- mountPath: /etc/hosts
name: hosts
- name: node
image: node:16.15.1
tty: true
command:
- cat
volumeMounts:
- mountPath: /etc/localtime
name: valume-time
volumes:
- name: valume-time
hostPath:
path: /usr/share/zoneinfo/Asia/Shanghai
- name: docker-socket
hostPath:
path: /var/run/docker.sock
- name: hosts
hostPath:
path: /etc/hosts
- name: kubeconfig
secret:
secretName: kubeconfig
items:
- key: config
path: config
'''
}
}
stages {
stage("拉取代码") {
steps {
checkout([$class: 'GitSCM', branches: [[name: '*/main']], extensions: [], userRemoteConfigs: [[credentialsId: 'add573ff-c885-4dbc-ad82-81736763327b', url: 'git@gitlab.mycloud.com:test/vue-tetris-master.git']]])
}
}
stage("代码漏洞扫描") {
steps {
container('sonarqube') {
script {
scannerTool = tool(
name: 'sonarqube-scanner',
type: 'hudson.plugins.sonar.SonarRunnerInstallation'
)
}
withSonarQubeEnv('sonarqube8.9.8') {
sh """
export JAVA_HOME=/usr/local/openjdk-11
${scannerTool}/bin/sonar-scanner
"""
}
}
}
}
stage("代码漏洞扫描状态判断") {
steps {
script {
timeout(1) {
qg = waitForQualityGate()
if (qg.status != 'OK') {
error "代码漏洞扫描失败,状态为: ${qg.status}"
} else {
echo "代码漏洞扫描通过"
}
}
}
}
}
stage("编译代码") {
steps {
container('node') {
sh """
npm config set registry https://registry.npm.taobao.org
npm install
npm run build
"""
}
}
}
stage("初始化docker环境和k8s环境") {
steps {
script {
CommitID = sh(returnStdout: true, script: "git log -n 1 --pretty=format:'%h'").trim()
BuildTime = sh(returnStdout: true, script: "date '+%s'").trim()
TAG = CommitID + "-" + BuildTime + "-" + GIT_TAG
}
}
}
stage("构建docker镜像") {
steps {
withCredentials([
usernamePassword(
credentialsId: 'c67fa380-07fa-49c9-9df4-69b3dc562350',
passwordVariable: 'Password',
usernameVariable: 'Username'
)]) {
container('docker'){
sh """
docker build -t registry.cn-hangzhou.aliyuncs.com/alvinos/java:${TAG} .
docker login registry.cn-hangzhou.aliyuncs.com --username=${Username} --password=${Password}
docker push registry.cn-hangzhou.aliyuncs.com/alvinos/java:${TAG}
"""
}
}
}
}
stage("部署到k8s集群中") {
steps {
withCredentials([
usernamePassword(
credentialsId: 'c67fa380-07fa-49c9-9df4-69b3dc562350',
passwordVariable: 'Password',
usernameVariable: 'Username'
)]) {
container('kubectl'){
sh """
kubectl delete secrets aliyun-registry --kubeconfig=/.kube/config
kubectl create secret docker-registry aliyun-registry --docker-server=registry.cn-hangzhou.aliyuncs.com --docker-username=${Username} --docker-password=${Password} --kubeconfig=/.kube/config
kubectl set image deployment vue vue=registry.cn-hangzhou.aliyuncs.com/alvinos/java:${TAG} --kubeconfig=/.kube/config
"""
}
}
}
}
}
}
docker run -it --rm node:16.15.1 bash
root@673a2f116a5c:/# printenv
root@673a2f116a5c:/# node -v
root@673a2f116a5c:/# yarn -v
git clone git@gitlab.mycloud.com:test/vue-tetris-master.git
vue-tetris-master
docker build -t nginx:v1 .
docker run -d -P nginx:v1
apiVersion: apps/v1
kind: Deployment
metadata:
name: vue
labels:
app: vue
spec:
selector:
matchLabels:
app: vue
template:
metadata:
labels:
app: vue
spec:
containers:
- name: vue
image: nginx:v1
---
apiVersion: v1
kind: Service
metadata:
name: vue
labels:
app: vue
spec:
ports:
- port: 80
targetPort: 80
nodePort: 30080
selector:
app: vue
type: NodePort
kc apply -f vue-deploy.yaml
测试是否连通网络:
kc run -it --rm test --image=busybox:1.28.3
/ # nslookup kubernetes
883337151603
网友评论