Inc应用基于jenkins的CI/CD说明

背景

jenkins + rancher，可以实现从git拉取相关分支的代码，然后做持续集成(CI)和持续部署(CD)。开发者只需要关注代码的开发，提交代码之后，可自动完成代码的部署。

依赖

• 已完成jenkins + rancher的搭建，以及打通两者间的访问权限
• 配置Global Pipeline Libraries，使用https://git.code.tencent.com/panlifu/jenkinsLib.git (opens new window)

jenkins相关配置

其中COS的配置为公有读私有写，用来存储静态资源。

环境变量（不同client，配置不同的环境变量）

• COS_BUCKET：cos桶配置
• COS_REGION：cos地域配置

凭据配置（不同client，配置不同的环境变量；使用secret text）

• COS_SECRETID： cos秘钥ID配置
• COS_SECRETKEY：cos秘钥key配置
• DOCKER_USER：docker仓库用户名
• DOCKER_PWD：docker密码密码

此外，还需要创建一个“Username with password”的工蜂 (opens new window)凭据，将在Job的Pipeline Script中用到

创建job

构建参数配置

• deployment： 部署环境 (dev/test/uat/prd)

编写Pipeline Script

#!groovy
@Library('jenkinsLib@inc_dev') _
//func from sharelibrary

def tools = new org.devops.tools()
def Inc = new org.devops.inc()

def config=[
    "jihe-dev": [
        "env": "dev", // 部署的环境
        "branch": "master", // 所在的代码分支
        "tkens": "jihe-dev", // 服务部署在TKE上的命名空间
        "replicas": "1" // pod实例数
    ],
    "jihe-prd": [
        "env": "prd",
        "branch": "master",
        "tkens": "jihe-prd",
        "replicas": "2"
    ],
]

env.GIT_BRANCH=config[deployment].branch
env.KUBECONFIG=deployment

pipeline{
    agent any
    stages{
        stage("all"){
            steps{
                checkout scm: [$class: 'GitSCM', userRemoteConfigs: [[url: 'https://git.code.tencent.com/incubator/incubator-center.git', credentialsId: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx']], branches: [[name: "${config[deployment].branch}"]]],poll: false
                script{
                    tools.PrintMes("ALL","green")
                    // BuildAndDeploy(项目名, 服务名[inc-center], docker命名空间, 部署环境, TKE命名空间, 服务端口[8080], pod实例数)
                    Inc.BuildAndDeploy("project", "inc-center","jl-dev","${config[deployment].env}", "${config[deployment].tkens}", "8080", "${config[deployment].replicas}")
                }
            }
        }
    }
}

服务自动部署TKE

jenkins构建过程中，步骤

• 构建docker镜像，并push到docker仓库
• 读取项目目录中的deployment.yaml文件，通过kubectl apply部署服务
• 读取项目目录中的svc.yaml文件，通过kubectl apply生成服务发现(NodePort类型)

使用

配置完成后，即可在jenkins的job中，执行“Build with Parameters”，Build完成之后会自动部署服务

附录

Center的deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  generation: 1
  labels:
    cattle.io/creator: norman
    workload.user.cattle.io/workloadselector: deployment-ns-service_name
  name: service_name
  namespace: ns
spec:
  replicas: {replicas}
  selector:
    matchLabels:
      workload.user.cattle.io/workloadselector: deployment-ns-service_name
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
    type: RollingUpdate
  template:
    metadata:
      labels:
        workload.user.cattle.io/workloadselector: deployment-ns-service_name
    spec:
      containers:
      - env:
        - name: INC_PLATFORM_CONFIG
          valueFrom:
            configMapKeyRef:
              key: INC_PLATFORM_CONFIG
              name: service_name
              optional: false
        image: imageTest
        imagePullPolicy: Always
        name: service_name
        resources:
          limits:
            cpu: "4"
            memory: 8Gi
          requests:
            cpu: "2"
            memory: 4Gi
      imagePullSecrets:
      - name: tencent-warehouse-secret  

Center的svc.yaml

apiVersion: v1
kind: Service
metadata:
  name: service_name-svc
  namespace: ns
spec:
  ports:
  - name: inc-http
    port: service_port
    protocol: TCP
    targetPort: service_port
  selector:
    workload.user.cattle.io/workloadselector: deployment-ns-service_name
  type: NodePort