jenkins 连接k8s

一、本地部署gitlab+jenkins+minikube

　　本地docker安装部署gitlab+jenkins+minikube 实现CICD

 

docker run -it -d -P --name gitlab gitlab/gitlab-ce:14.0.5-ce.0
docker run -it -d -P --name jenkins jenkins/jenkins:lts
minikube start --image-mirror-country='cn' --driver=docker
$ docker ps
CONTAINER ID   IMAGE                                                                 COMMAND                  CREATED        STATUS                  PORTS                                                                                                                                  NAMES
036d284ccac0   registry.cn-hangzhou.aliyuncs.com/google_containers/kicbase:v0.0.30   "/usr/local/bin/entr…"   16 hours ago   Up 16 hours             127.0.0.1:57184->22/tcp, 127.0.0.1:57185->2376/tcp, 127.0.0.1:57187->5000/tcp, 127.0.0.1:57188->8443/tcp, 127.0.0.1:57186->32443/tcp   minikube
951d6c5ec0b0   registry:latest                                                       "/entrypoint.sh /etc…"   22 hours ago   Up 22 hours             0.0.0.0:55010->5000/tcp                                                                                                                registry
7c3c204d0336   jenkins/jenkins:lts                                                   "/sbin/tini -- /usr/…"   23 hours ago   Up 23 hours             0.0.0.0:55009->8080/tcp, 0.0.0.0:55008->50000/tcp                                                                                      jenkins
c1a08f69909d   gitlab/gitlab-ce:14.0.5-ce.0                                          "/assets/wrapper"        23 hours ago   Up 23 hours (healthy)   0.0.0.0:55007->22/tcp, 0.0.0.0:55006->80/tcp, 0.0.0.0:55005->443/tcp                                                                   gitlab

 

　　本地docker安装的minikube会和jenkins不在同一网络，所以需要进行连接

$ docker network ls
NETWORK ID     NAME       DRIVER    SCOPE
3a40d6d0d567   bridge     bridge    local
7272571429f7   host       host      local
d9f1fb8ed488   minikube   bridge    local
26bf30d9010f   none       null      local
$ docker network connect d9f1fb8ed488 jenkinsg

　　根据docker ps 可以查看jenkins和gitlab在本地映射的端口，本地的55009端口可以查看jenkins的页面，55006 可以查看本地的gitlab

　　gitlab默认的账号是root，密码存放在文件中

 

$ docker exec -it gitlab bash
root@c1a08f69909d:/# cat /etc/gitlab/
gitlab-secrets.json       initial_root_password     ssh_host_ecdsa_key.pub    ssh_host_ed25519_key.pub  ssh_host_rsa_key.pub
gitlab.rb                 ssh_host_ecdsa_key        ssh_host_ed25519_key      ssh_host_rsa_key          trusted-certs/
root@c1a08f69909d:/# cat /etc/gitlab/initial_root_password
# WARNING: This value is valid only in the following conditions
#          1. If provided manually (either via `GITLAB_ROOT_PASSWORD` environment variable or via `gitlab_rails['initial_root_password']` setting in `gitlab.rb`, it was provided before database was seeded for the first time (usually, the first reconfigure run).
#          2. Password hasn't been changed manually, either via UI or via command line.
#
#          If the password shown here doesn't work, you must reset the admin password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.

Password: DkQWmoPrwgy8+8EsuiECFEA5PjNgqHY0HE4F6I62VYw=

# NOTE: This file will be automatically deleted in the first reconfigure run after 24 hours.

 

　　

 

 

二、gitlab创建

 

 

jenkins的token放在jenkins的容器中

 

 

 

 

 

 

一、jenkins 安装插件

　

 

 　　搜索插件：Kubernetes Credentials Plugin、Kubernetes plugin、Kubernetes CLI Plugin 后进行安装 Install without restart;

二、生成连接k8s的证书文件

　　先生成jenkins的专用config文件或者用最高权限的其他config文件

cat .kube/config
apiVersion: v1
clusters:
- cluster:
    certificate-authority: /Users/biyin-lhr/.minikube/ca.crt
    extensions:
    - extension:
        last-update: Wed, 07 Sep 2022 18:10:39 CST
        provider: minikube.sigs.k8s.io
        version: v1.25.2
      name: cluster_info
    server: https://127.0.0.1:57188
  name: minikube
contexts:
- context:
    cluster: minikube
    extensions:
    - extension:
        last-update: Wed, 07 Sep 2022 18:10:39 CST
        provider: minikube.sigs.k8s.io
        version: v1.25.2
      name: context_info
    namespace: default
    user: minikube
  name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
  user:
    client-certificate: /Users/biyin-lhr/.minikube/profiles/minikube/client.crt
    client-key: /Users/biyin-lhr/.minikube/profiles/minikube/client.key
#注意：生成cert.pfx时一定要创建密码，在jenkins上传证书时需要使用。
openssl pkcs12 -export -out cert.pfx -inkey .minikube/profiles/minikube/client.key -in .minikube/profiles/minikube/client.crt -certfile .minikube/ca.crt

　在jenkins的web界面创建凭证

　　Manage Jenkins --> Manage Credentials 

 

 

 

　　

 

 

 下图为创建完成后的样子：

 

 三、jenkins界面添加k8s集群

Manage Jenkins --> manage Nodes and Clouds --> Configure Clouds

因为本地是minikube，所以通过查看

 

 　　Name: 给所加的k8s集群设置名字

　　Kubernetes URL： 集群的api-server出口地址，可以通过kubectl cluster info 查看，本地是minikube，可以通过docker ps查看映射容器的端口，和进到容器里hostname -i查看容器里的ip地址

　　Kubernetes server certificate key：config文件中的client-key内容，记得解密

　　Credentials： 选择上一步添加的证书。

　　Test Connection：测试连接，Connected to Kubernetes

四、jenkins 连接gitlab拉取代码

　　首先通过凭据保存gitlab的账号密码

　　Manage Jenkins --> Manage Credentials --> Stores scopsd to Jenkins (Jenkins) --> Global credentials (unrestricted) --> Add Credentials

 

 　　Kind: 选择Username with password

　　Username：登陆gitlab的账号密码

　　Password： username对应的密码