gitlab配置公钥

代码仓库:代码仓库:https://github.com/wq-h/demo-2048.git

创建密钥

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# ssh-keygen -t rsa -b 2048 -C "weiqun_h@163.com" -N "" -f /root/.ssh/id_rsa
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:lo1dX2Kj+5Z8n7LiICLc9yYJdkhlY9W2YpNsTn/pmrI weiqun_h@163.com
The key's randomart image is:
+---[RSA 2048]----+
|        ...      |
|       =   o     |
|      + o o o + .|
|     .   & o + + |
|    . . S * . o  |
|  . .+ o . . +   |
|   o.ooo..  +. . |
|    . oooo...++ o|
|        oE++oo+oo|
+----[SHA256]-----+

gitlab配置公钥

jenkins 创建凭据

选择ssh username with private key类型 添加私钥

jenkins配置流水线

  • 创建项目

  • 配置流水线

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
pipeline {
    agent any                                         // 可以在任何可用的代理上执行pipeline或stage
    environment {                                     // 指令指定一系列键值对,这些键值对将被定义为所有step或特定stage的step的环境变量
      GIT_REPO="https://gitlub.com/wq-h/demo-2048.git" // 构建项目的git仓库地址
      GIT_BRANCH="master"                             // 构建项目的git分支
      SSH_ID="51561e93-8c3c-4904-8fce-2c0014c5dc9f"   // Jenkins里配置ssh key的唯一标识
      MVN_CMD="mvn clean package"                     // maven编译命令
      TARGET_DIR="target"                             // 编译项目输出jar或war包的路径
      BASE_IMAGE="harbor.od.com/system_containers/tomcat:v8.0"  // Dockerfile底层镜像
      Repository="harbor.od.com/infra"                           // docker仓库组
      IMAGE_NAME="demo-2048"                                    // 构建镜像的镜像名称
      IMAGE_TAG="${BUILD_TIMESTAMP}"                            // 构建时的时间,为构建镜像的tag
      NAMESPACE="demo"                                     // 更新服务时的namespace
      DEPLOY="demo-2048"                                  // 更新服务时deploy的名称
    }
    stages {                   // 在pipeline内只容许出现只有一次
        stage('检出代码') {    // 阶段,pipeline 工作所在的位置
            steps {            // 步骤,在stage指令中执行的一个或多个步骤
                deleteDir()    // 递归删除WORKSPACE下的文件和文件夹
                checkout([$class: 'GitSCM', branches: [[name: "*/${GIT_BRANCH}"]], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: "${SSH_ID}", url: "${GIT_REPO}"]]])
            }
        }
        stage('构建代码') {
            tools {                                    // 定义自动安装和放置工具的部分PATH
                maven "apache-maven-3.6.3"             // 工具名称必须在Jenkins 管理Jenkins → 全局工具配置中预置
            }
            steps {
                sh "${MVN_CMD}"
            }
            post {             // post定义将在pipeline运行或stage结束时运行的操作
                success {      // 成功之后提取制品
                     archiveArtifacts "${TARGET_DIR}/*.war"
                }
            }
        }
        stage('构建镜像') {
             steps {          // 创建Dockerfile并构建
                 writeFile file: "${TARGET_DIR}/Dockerfile", text: """FROM ${BASE_IMAGE}
                                                              COPY ./*.war /usr/local/tomcat/webapps"""
                 sh "cd ./target && docker build -t ${Repository}/${IMAGE_NAME}:${IMAGE_TAG} ."
              }
        }
        stage('推送镜像') {
            steps {
                 sh "docker push ${Repository}/${IMAGE_NAME}:${IMAGE_TAG}"
            }
        }
        stage('更新服务') {
            steps {
                //sh "kubectl get po -A"
                sh "kubectl set image deploy/${DEPLOY} ${DEPLOY}=${Repository}/${IMAGE_NAME}:${IMAGE_TAG} -n${NAMESPACE} "
            }
        }
    }
}