Contents
Jenkins打包java镜像的配置
prerequisite
- Jenkins
- 附带maven环境的物理机agent 或 附带maven镜像的podTemplate(用于在k8s中动态创建agent)
Jenkins添加pipeline-maven插件
参考: https://plugins.jenkins.io/pipeline-maven/
参考: https://plugins.jenkins.io/config-file-provider/
Dashboard->Manage Jenkins->plugins确保如下插件已安装:
Pipeline Maven Integration插件用于在Jenkins pipeline中提供 withMaven命令。主要是提供maven配置文件和maven环境
Config File Provider是依赖的插件,用于提供配置文件管理。
Dashboard->Manage Jenkins-> Tools 这里也有maven相关的配置,配合使用。
Dashboard->Manage Jenkins-> Managed Files(Config File Provider插件安装后才会出现)->Add a new Config->Maven setttings.xml
然后会生成默认的settings.xml内容。
这里需要在其中合适的地方加一下mirror和profile的配置,以及默认激活的profile
mirror相关的配置
<servers>
<server>
<id>nexus-thirdparty-local</id>
<username>java</username>
<password>Java12345</password>
</server>
<server>
<id>nexus-public-local</id>
<username>java</username>
<password>Java12345</password>
</server>
</servers>
<mirrors>
<mirror>
<id>nexus-thirdparty-local</id>
<mirrorOf>nexus-thirdparty</mirrorOf>
<name>nexus-thirdparty-local</name>
<url>http://nexus-nexus-repository-manager.nexus.svc.cluster.local:8081/repository/thirdparty/</url>
</mirror>
<mirror>
<id>nexus-public-local</id>
<mirrorOf>nexus-public</mirrorOf>
<name>nexus-public-local</name>
<url>http://nexus-nexus-repository-manager.nexus.svc.cluster.local:8081/repository/maven-public/</url>
</mirror>
</mirrors>因为Jenkins的agent是在k8s环境下,这里直接配了k8s中服务地址。比如我的k8s中nexus服务信息如下
[root@jingmin-kube-archlinux ~]# kubectl get svc -n nexus
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nexus-nexus-repository-manager ClusterIP 172.31.15.47 <none> 8081/TCP 19d
注意服务名称和端口
profile相关的配置
<profile>
<id>nexus</id>
<properties>
<altSnapshotDeploymentRepository>snapshots::default::http://nexus-nexus-repository-manager.nexus.svc.cluster.local:8081/repository/maven-snapshots</altSnapshotDeploymentRepository>
<altReleaseDeploymentRepository>releases::default::http://nexus-nexus-repository-manager.nexus.svc.cluster.local:8081/repository/maven-releases</altReleaseDeploymentRepository>
</properties>
<repositories>
<repository>
<id>releases</id>
<name>releases</name>
<url>http://nexus-nexus-repository-manager.nexus.svc.cluster.local:8081/releases</url>
<layout>default</layout>
</repository>
<repository>
<id>snapshots</id>
<name>snapshots</name>
<url>http://nexus-nexus-repository-manager.nexus.svc.cluster.local:8081/snapshots</url>
<layout>default</layout>
</repository>
</repositories>
</profile>参考: https://stackoverflow.com/questions/41611671/difference-between-altdeploymentrepository-and-altreleasedeploymentrepository
参考: https://maven.apache.org/plugins/maven-deploy-plugin/deploy-mojo.html
When
altReleaseDeploymentRepositoryis specified, it is always used when the project has a release (or “final”) version, i.e. is not a snapshot version. WhenaltSnapshotDeploymentRepositoryis specified, it is always used when the project has a snapshot version.altDeploymentRepositoryis a default alternate deployment repository when none of the above repository were specified or used. 当指定altReleaseDeploymentRepository时,当项目具有发布(或“最终”)版本(即不是快照版本)时,始终使用它。当指定altSnapshotDeploymentRepository时,当项目有快照版本时总是使用它。当未指定或使用上述存储库时,altDeploymentRepository是默认的备用部署存储库。So to put it another way, if you have a release version, then: 换句话说,如果您有发行版本,那么:
altReleaseDeploymentRepositorywill be used if specified; 如果指定,将使用altReleaseDeploymentRepository;- otherwise
altDeploymentRepositorywill be used if specified; 否则将使用altDeploymentRepository(如果指定);- otherwise the release remote repository declared in the “ POM element will be used if specified; 否则,如果指定,将使用
<distributionManagement><repository>POM 元素中声明的发布远程存储库;- otherwise the plugin will error because it didn’t find any remote repository to deploy to. 否则插件会出错,因为它找不到任何要部署到的远程存储库。
Similarly, if you have a snapshot version, then: 同样,如果您有快照版本,则:
altSnapshotDeploymentRepositorywill be used if specified; 如果指定,将使用altSnapshotDeploymentRepository;- otherwise
altDeploymentRepositorywill be used if specified; 否则,如果指定,将使用altDeploymentRepository;- otherwise the snapshot remote repository declared in the “ POM element will be used if specified; 否则,如果指定,将使用
<distributionManagement><snapshotRepository>POM 元素中声明的快照远程存储库;- otherwise the release remote repository declared in the “ POM element will be used if specified; 否则,如果指定,将使用
<distributionManagement><repository>POM 元素中声明的发布远程存储库;- otherwise the plugin will error because it didn’t find any remote repository to deploy to. 否则插件会出错,因为它找不到任何要部署到的远程存储库。
激活profile
<activeProfiles>
<activeProfile>nexus</activeProfile>
</activeProfiles>最终,给下完整的settings.xml文件内容:
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<!--
| This is the configuration file for Maven. It can be specified at two levels:
|
| 1. User Level. This settings.xml file provides configuration for a single user,
| and is normally provided in ${user.home}/.m2/settings.xml.
|
| NOTE: This location can be overridden with the CLI option:
|
| -s /path/to/user/settings.xml
|
| 2. Global Level. This settings.xml file provides configuration for all Maven
| users on a machine (assuming they're all using the same Maven
| installation). It's normally provided in
| ${maven.home}/conf/settings.xml.
|
| NOTE: This location can be overridden with the CLI option:
|
| -gs /path/to/global/settings.xml
|
| The sections in this sample file are intended to give you a running start at
| getting the most out of your Maven installation. Where appropriate, the default
| values (values used when the setting is not specified) are provided.
|
|-->
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<!-- localRepository
| The path to the local repository maven will use to store artifacts.
|
| Default: ~/.m2/repository
<localRepository>/path/to/local/repo</localRepository>
-->
<!-- interactiveMode
| This will determine whether maven prompts you when it needs input. If set to false,
| maven will use a sensible default value, perhaps based on some other setting, for
| the parameter in question.
|
| Default: true
<interactiveMode>true</interactiveMode>
-->
<!-- offline
| Determines whether maven should attempt to connect to the network when executing a build.
| This will have an effect on artifact downloads, artifact deployment, and others.
|
| Default: false
<offline>false</offline>
-->
<!-- pluginGroups
| This is a list of additional group identifiers that will be searched when resolving plugins by their prefix, i.e.
| when invoking a command line like "mvn prefix:goal". Maven will automatically add the group identifiers
| "org.apache.maven.plugins" and "org.codehaus.mojo" if these are not already contained in the list.
|-->
<pluginGroups>
<!-- pluginGroup
| Specifies a further group identifier to use for plugin lookup.
<pluginGroup>com.your.plugins</pluginGroup>
-->
</pluginGroups>
<!-- proxies
| This is a list of proxies which can be used on this machine to connect to the network.
| Unless otherwise specified (by system property or command-line switch), the first proxy
| specification in this list marked as active will be used.
|-->
<proxies>
<!-- proxy
| Specification for one proxy, to be used in connecting to the network.
|
<proxy>
<id>optional</id>
<active>true</active>
<protocol>http</protocol>
<username>proxyuser</username>
<password>proxypass</password>
<host>proxy.host.net</host>
<port>80</port>
<nonProxyHosts>local.net|some.host.com</nonProxyHosts>
</proxy>
-->
</proxies>
<!-- servers
| This is a list of authentication profiles, keyed by the server-id used within the system.
| Authentication profiles can be used whenever maven must make a connection to a remote server.
|-->
<servers>
<!-- server
| Specifies the authentication information to use when connecting to a particular server, identified by
| a unique name within the system (referred to by the 'id' attribute below).
|
| NOTE: You should either specify username/password OR privateKey/passphrase, since these pairings are
| used together.
|
<server>
<id>deploymentRepo</id>
<username>repouser</username>
<password>repopwd</password>
</server>
-->
<!-- Another sample, using keys to authenticate.
<server>
<id>siteServer</id>
<privateKey>/path/to/private/key</privateKey>
<passphrase>optional; leave empty if not used.</passphrase>
</server>
-->
<server>
<id>nexus-thirdparty-local</id>
<username>java</username>
<password>Java12345</password>
</server>
<server>
<id>nexus-public-local</id>
<username>java</username>
<password>Java12345</password>
</server>
</servers>
<!-- mirrors
| This is a list of mirrors to be used in downloading artifacts from remote repositories.
|
| It works like this: a POM may declare a repository to use in resolving certain artifacts.
| However, this repository may have problems with heavy traffic at times, so people have mirrored
| it to several places.
|
| That repository definition will have a unique id, so we can create a mirror reference for that
| repository, to be used as an alternate download site. The mirror site will be the preferred
| server for that repository.
|-->
<mirrors>
<!-- mirror
| Specifies a repository mirror site to use instead of a given repository. The repository that
| this mirror serves has an ID that matches the mirrorOf element of this mirror. IDs are used
| for inheritance and direct lookup purposes, and must be unique across the set of mirrors.
|
<mirror>
<id>mirrorId</id>
<mirrorOf>repositoryId</mirrorOf>
<name>Human Readable Name for this Mirror.</name>
<url>http://my.repository.com/repo/path</url>
</mirror>
-->
<mirror>
<id>nexus-thirdparty-local</id>
<mirrorOf>nexus-thirdparty</mirrorOf>
<name>nexus-thirdparty-local</name>
<url>http://nexus-nexus-repository-manager.nexus.svc.cluster.local:8081/repository/thirdparty/</url>
</mirror>
<mirror>
<id>nexus-public-local</id>
<mirrorOf>nexus-public</mirrorOf>
<name>nexus-public-local</name>
<url>http://nexus-nexus-repository-manager.nexus.svc.cluster.local:8081/repository/maven-public/</url>
</mirror>
</mirrors>
<!-- profiles
| This is a list of profiles which can be activated in a variety of ways, and which can modify
| the build process. Profiles provided in the settings.xml are intended to provide local machine-
| specific paths and repository locations which allow the build to work in the local environment.
|
| For example, if you have an integration testing plugin - like cactus - that needs to know where
| your Tomcat instance is installed, you can provide a variable here such that the variable is
| dereferenced during the build process to configure the cactus plugin.
|
| As noted above, profiles can be activated in a variety of ways. One way - the activeProfiles
| section of this document (settings.xml) - will be discussed later. Another way essentially
| relies on the detection of a system property, either matching a particular value for the property,
| or merely testing its existence. Profiles can also be activated by JDK version prefix, where a
| value of '1.4' might activate a profile when the build is executed on a JDK version of '1.4.2_07'.
| Finally, the list of active profiles can be specified directly from the command line.
|
| NOTE: For profiles defined in the settings.xml, you are restricted to specifying only artifact
| repositories, plugin repositories, and free-form properties to be used as configuration
| variables for plugins in the POM.
|
|-->
<profiles>
<!-- profile
| Specifies a set of introductions to the build process, to be activated using one or more of the
| mechanisms described above. For inheritance purposes, and to activate profiles via <activatedProfiles/>
| or the command line, profiles have to have an ID that is unique.
|
| An encouraged best practice for profile identification is to use a consistent naming convention
| for profiles, such as 'env-dev', 'env-test', 'env-production', 'user-jdcasey', 'user-brett', etc.
| This will make it more intuitive to understand what the set of introduced profiles is attempting
| to accomplish, particularly when you only have a list of profile id's for debug.
|
| This profile example uses the JDK version to trigger activation, and provides a JDK-specific repo.
<profile>
<id>jdk-1.4</id>
<activation>
<jdk>1.4</jdk>
</activation>
<repositories>
<repository>
<id>jdk14</id>
<name>Repository for JDK 1.4 builds</name>
<url>http://www.myhost.com/maven/jdk14</url>
<layout>default</layout>
<snapshotPolicy>always</snapshotPolicy>
</repository>
</repositories>
</profile>
-->
<!--
| Here is another profile, activated by the system property 'target-env' with a value of 'dev',
| which provides a specific path to the Tomcat instance. To use this, your plugin configuration
| might hypothetically look like:
|
| ...
| <plugin>
| <groupId>org.myco.myplugins</groupId>
| <artifactId>myplugin</artifactId>
|
| <configuration>
| <tomcatLocation>${tomcatPath}</tomcatLocation>
| </configuration>
| </plugin>
| ...
|
| NOTE: If you just wanted to inject this configuration whenever someone set 'target-env' to
| anything, you could just leave off the <value/> inside the activation-property.
|
<profile>
<id>env-dev</id>
<activation>
<property>
<name>target-env</name>
<value>dev</value>
</property>
</activation>
<properties>
<tomcatPath>/path/to/tomcat/instance</tomcatPath>
</properties>
</profile>
-->
<profile>
<id>nexus</id>
<properties>
<altSnapshotDeploymentRepository>snapshots::default::http://nexus-nexus-repository-manager.nexus.svc.cluster.local:8081/repository/maven-snapshots</altSnapshotDeploymentRepository>
<altReleaseDeploymentRepository>releases::default::http://nexus-nexus-repository-manager.nexus.svc.cluster.local:8081/repository/maven-releases</altReleaseDeploymentRepository>
</properties>
<repositories>
<repository>
<id>releases</id>
<name>releases</name>
<url>http://nexus-nexus-repository-manager.nexus.svc.cluster.local:8081/releases</url>
<layout>default</layout>
</repository>
<repository>
<id>snapshots</id>
<name>snapshots</name>
<url>http://nexus-nexus-repository-manager.nexus.svc.cluster.local:8081/snapshots</url>
<layout>default</layout>
</repository>
</repositories>
</profile>
</profiles>
<!-- activeProfiles
| List of profiles that are active for all builds.
|
<activeProfiles>
<activeProfile>alwaysActiveProfile</activeProfile>
<activeProfile>anotherAlwaysActiveProfile</activeProfile>
</activeProfiles>
-->
<activeProfiles>
<activeProfile>nexus</activeProfile>
</activeProfiles>
</settings>同时自动生成了一个文件id,比如我的是 a117f977-9853-43d7-828e-280fe2f1e0a5
Jenkins配置maven安装目录
目前是每次执行job前在agent中(k8s动态生成的pod中)安装一遍maven。 (可以优化:将maven环境添加到pod用到的镜像里,目前暂未优化)
Dashboard->Manage Jenkins->Tools
其中:
JDK installations: name: jdk, 勾选 install automatically
Maven installations: name: maven, 勾选install automatically
应用并保存
Jenkins配置agent
前面我们是在k8s中安装了Jenkins以及附带了Kubernetes插件。至于agent,是通过podTemplate提供的。
参考:https://plugins.jenkins.io/kubernetes/
前面在安装Jenkins的时候,helm chart中已经包含了agent的配置。
- default agent的配置(参见helm chart中
agent的配置,当执行job的时候,如果pipeline脚本不指定agent或指定了agent any,默认使用这里的配置作为模板,在k8s中创建pod,执行job) - additionalAgents的配置 (参见helm chart中
additionalAgents的配置,当执行job的时候,比如pipeline脚本中指定了agent kubernetes{ inheritFrom 'dind-agent' } },则使用dind-agent这个模板创建agent)
helm中相关配置(前面已有配置,这里只作说明用途):
#...
agent:
enabled: true
additionalContainers: []
disableDefaultAgent: false
podTemplates: {}
additionalAgents:
dind:
podName: dind-agent
customJenkinsLabels: dind-agent
image: docker.io/warrior7089/dind-client-jenkins-agent
tag: latest
envVars:
- name: DOCKER_HOST
value: "tcp://localhost:2375"
alwaysPullImage: true
yamlTemplate: |-
spec:
containers:
- name: dind-daemon
#image: docker:20.10-dind
image: docker:dind
args: ["--mtu=1350"]
securityContext:
privileged: true
env:
- name: DOCKER_TLS_VERIFY
value: ""
- name: DOCKER_TLS_CERTDIR
value: ""
#...实际上,它对应的是Jenkins的Kubernetes插件中的podTemplate。这里会初始化几个podTemplate:
也可以在pipeline中动态创建podTemplate,参见Kubernetes插件的文档。 参考:https://plugins.jenkins.io/kubernetes/
发表回复