반응형
ocp operator 를 통해 jenkins 를 구축하면 ocp cluster 와 자동으로 세팅을 해준다.
오늘은 젠킨스 파이프라인을 통해 github에 있는 source를 CI(빌드)하고, ocp 클러스터에 CD(배포)할 것이다.
소스는 간단히 php로 진행할 것이다.
php 소스
Github
예전에 만들어둔 github php.
간단히 index.php 에 변수사용.
GitHub - joonhyeok95/php-new-app: php 테스트 레포지토리
php 테스트 레포지토리. Contribute to joonhyeok95/php-new-app development by creating an account on GitHub.
github.com
OCP 설정
DeploymentConfig
컨테이너 포트 8080
apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
name: phpapp
namespace: php-github
spec:
selector:
app: phpapp
replicas: 1
template:
metadata:
labels:
app: phpapp
spec:
containers:
- name: phpapp
image: >-
image-registry.openshift-image-registry.svc:5000/php-github/php-new-app
ports:
- containerPort: 8080BuildConfig 작성
branch : main
apiVersion: build.openshift.io/v1
kind: BuildConfig
metadata:
name: php-new-app
namespace: php-github
spec:
source:
git:
ref: main
uri: 'https://github.com/joonhyeok95/php-new-app.git'
type: Git
strategy:
type: Source
sourceStrategy:
from:
kind: ImageStreamTag
namespace: openshift
name: 'php:7.4-ubi8'
jenkins
New Item 만들기
새로운 item을 만들어보자
적당한 item 이름을 적고, pipeline 으로 OK!
상단 탭 중에서 'pipeline' 클릭!
Pipeline script
ocp 에서 제공하는 openshfit plugin 으로 인해 쉽게 작성할 수 있다.
def projectName = 'php-github'
def bcName = 'php-new-app'
def dcName = 'phpapp'
pipeline {
agent none
stages {
stage('build') {
steps {
script {
openshift.withCluster() {
openshift.withProject(projectName) {
def builds = openshift.selector("bc", bcName).startBuild('-F')
}
}
}
}
}
stage('deploy') {
steps {
script {
openshift.withCluster() {
openshift.withProject(projectName) {
def rm = openshift.selector("dc", dcName).rollout().latest()
}
}
}
}
}
}
}jenkins serviceAccount 권한부여
처음 구축하고 build를 시도하면
Error from server (Forbidden): builds.build.openshift.io is forbidden: User "system:serviceaccount:jenkins:jenkins-jenkins-sample" cannot list resource "builds" in API group "build.openshift.io" in the namespace "php-github"위와 같은 에러가 생기는데, 젠킨스 서비스어카운트가 타 namespace에 권한이 없어서 그렇다.
system:serviceaccount:<Namespace>:<ServiceAccountName>
$ oc adm policy add-cluster-role-to-user cluster-admin system:serviceaccount:jenkins:jenkins-jenkins-sample
clusterrole.rbac.authorization.k8s.io/cluster-admin added: "system:serviceaccount:jenkins:jenkins-jenkins-sample"위 명령어를 실행하여 젠킨스 서비스어카운트에 cluster-admin(클러스터관리자) 권한을 부여해준다.
Build Now !
이제 빌드를 돌려보자
정상적으로 빌드&배포가 되었고, 로그를보면~
더보기
Started by user ocpadmin
Running in Durability level: MAX_SURVIVABILITY
[Pipeline] Start of Pipeline
[Pipeline] stage
[Pipeline] { (build)
[Pipeline] script
[Pipeline] {
[Pipeline] echo
[Pipeline] node
Running on Jenkins in /var/lib/jenkins/jobs/php-build-deploy/workspace
[Pipeline] {
[Pipeline] _OcContextInit
[Pipeline] _OcContextInit
[Pipeline] readFile
[Pipeline] _OcAction
NOTE: the selector returned when -F/--follow is supplied to startBuild() will be inoperative for the various selector operations.
Consider removing those options from startBuild and using the logs() command to follow the build output.
[start-build:buildconfig/php-new-app] build.build.openshift.io/php-new-app-15
[start-build:buildconfig/php-new-app] Cloning "https://github.com/joonhyeok95/php-new-app.git" ...
[start-build:buildconfig/php-new-app] Commit: 43a73d2f893d6e35e61c0aa4f6717e914f72f87b (페이지 수정)
[start-build:buildconfig/php-new-app] Author: joonhyeok95 <65818998+joonhyeok95@users.noreply.github.com>
[start-build:buildconfig/php-new-app] Date: Mon Aug 8 16:32:38 2022 +0900
[start-build:buildconfig/php-new-app] time="2022-08-08T09:14:32Z" level=info msg="Not using native diff for overlay, this may cause degraded performance for building images: kernel has CONFIG_OVERLAY_FS_REDIRECT_DIR enabled"
[start-build:buildconfig/php-new-app] I0808 09:14:32.374241 1 defaults.go:102] Defaulting to storage driver "overlay" with options [mountopt=metacopy=on].
[start-build:buildconfig/php-new-app] Caching blobs under "/var/cache/blobs".
[start-build:buildconfig/php-new-app] Trying to pull image-registry.openshift-image-registry.svc:5000/openshift/php@sha256:696a1dc9240b68114cf5998412f116056ada4ffda2e9c9a6281e6eac7fccaf66...
[start-build:buildconfig/php-new-app] Getting image source signatures
[start-build:buildconfig/php-new-app] Copying blob sha256:5dcbdc60ea6b60326f98e2b49d6ebcb7771df4b70c6297ddf2d7dede6692df6e
[start-build:buildconfig/php-new-app] Copying blob sha256:8671113e1c57d3106acaef2383f9bbfe1c45a26eacb03ec82786a494e15956c3
[start-build:buildconfig/php-new-app] Copying blob sha256:79a56ba04a301eb949644bca29f18b1879b6f305091ef1eb8068a0f5828db863
[start-build:buildconfig/php-new-app] Copying blob sha256:12b8b1afe30f6fe8a264840ad3f250b82b335b9ebdca922db57b48836cee0c8c
[start-build:buildconfig/php-new-app] Copying blob sha256:aad543859364662ddb264ad5752fd9449d47410b9efa0278463c0a9c578b79c6
[start-build:buildconfig/php-new-app] Copying config sha256:dc56c67a63be8c187a6619cd674f33a720a6c853b86b44feab37e500c2d2f937
[start-build:buildconfig/php-new-app] Writing manifest to image destination
[start-build:buildconfig/php-new-app] Storing signatures
[start-build:buildconfig/php-new-app] Generating dockerfile with builder image image-registry.openshift-image-registry.svc:5000/openshift/php@sha256:696a1dc9240b68114cf5998412f116056ada4ffda2e9c9a6281e6eac7fccaf66
[start-build:buildconfig/php-new-app] Adding transient rw bind mount for /run/secrets/rhsm
[start-build:buildconfig/php-new-app] STEP 1/9: FROM image-registry.openshift-image-registry.svc:5000/openshift/php@sha256:696a1dc9240b68114cf5998412f116056ada4ffda2e9c9a6281e6eac7fccaf66
[start-build:buildconfig/php-new-app] STEP 2/9: LABEL "io.openshift.build.commit.message"="페이지 수정" "io.openshift.build.source-location"="https://github.com/joonhyeok95/php-new-app.git" "io.openshift.build.image"="image-registry.openshift-image-registry.svc:5000/openshift/php@sha256:696a1dc9240b68114cf5998412f116056ada4ffda2e9c9a6281e6eac7fccaf66" "io.openshift.build.commit.author"="joonhyeok95 <65818998+joonhyeok95@users.noreply.github.com>" "io.openshift.build.commit.date"="Mon Aug 8 16:32:38 2022 +0900" "io.openshift.build.commit.id"="43a73d2f893d6e35e61c0aa4f6717e914f72f87b" "io.openshift.build.commit.ref"="main"
[start-build:buildconfig/php-new-app] STEP 3/9: ENV OPENSHIFT_BUILD_NAME="php-new-app-15" OPENSHIFT_BUILD_NAMESPACE="php-github" OPENSHIFT_BUILD_SOURCE="https://github.com/joonhyeok95/php-new-app.git" OPENSHIFT_BUILD_COMMIT="43a73d2f893d6e35e61c0aa4f6717e914f72f87b"
[start-build:buildconfig/php-new-app] STEP 4/9: USER root
[start-build:buildconfig/php-new-app] STEP 5/9: COPY upload/src /tmp/src
[start-build:buildconfig/php-new-app] STEP 6/9: RUN chown -R 1001:0 /tmp/src
[start-build:buildconfig/php-new-app] STEP 7/9: USER 1001
[start-build:buildconfig/php-new-app] STEP 8/9: RUN /usr/libexec/s2i/assemble
[start-build:buildconfig/php-new-app] ---> Installing application source...
[start-build:buildconfig/php-new-app] => sourcing 20-copy-config.sh ...
[start-build:buildconfig/php-new-app] ---> 09:14:51 Processing additional arbitrary httpd configuration provided by s2i ...
[start-build:buildconfig/php-new-app] => sourcing 00-documentroot.conf ...
[start-build:buildconfig/php-new-app] => sourcing 50-mpm-tuning.conf ...
[start-build:buildconfig/php-new-app] => sourcing 40-ssl-certs.sh ...
[start-build:buildconfig/php-new-app] STEP 9/9: CMD /usr/libexec/s2i/run
[start-build:buildconfig/php-new-app] COMMIT temp.builder.openshift.io/php-github/php-new-app-15:35e7c869
[start-build:buildconfig/php-new-app] time="2022-08-08T09:14:51Z" level=warning msg="Adding metacopy option, configured globally"
[start-build:buildconfig/php-new-app] Getting image source signatures
[start-build:buildconfig/php-new-app] Copying blob sha256:a9820c2af00a34f160836f6ef2044d88e6019ca19b3c15ec22f34afe9d73f41c
[start-build:buildconfig/php-new-app] Copying blob sha256:3d5ecee9360ea8711f32d2af0cab1eae4d53140496f961ca1a634b5e2e817412
[start-build:buildconfig/php-new-app] Copying blob sha256:b3c6eff0b4bd8d4086050b0261648dbf437c9cdc68b9459e6c30116873e798ec
[start-build:buildconfig/php-new-app] Copying blob sha256:68c30199e97234de679a7a7bae4eaff19744b913ea2b3500461305312fefdd3c
[start-build:buildconfig/php-new-app] Copying blob sha256:2140d0530eb5d7b5ef1a2f8420ca547b308e777b650b582b37634cc5f961e13d
[start-build:buildconfig/php-new-app] Copying blob sha256:5ef35865823c08b6a61db372ca0364c611f63b82a1c392586c57aefd808004d0
[start-build:buildconfig/php-new-app] Copying config sha256:97dac3de37e2c92887dc9cd0c5fe923c55754ab9631ab68a50fa709a025e4708
[start-build:buildconfig/php-new-app] Writing manifest to image destination
[start-build:buildconfig/php-new-app] Storing signatures
[start-build:buildconfig/php-new-app] --> 97dac3de37e
[start-build:buildconfig/php-new-app] Successfully tagged temp.builder.openshift.io/php-github/php-new-app-15:35e7c869
[start-build:buildconfig/php-new-app] 97dac3de37e2c92887dc9cd0c5fe923c55754ab9631ab68a50fa709a025e4708
[start-build:buildconfig/php-new-app]
[start-build:buildconfig/php-new-app] Pushing image image-registry.openshift-image-registry.svc:5000/php-github/php-new-app:latest ...
[start-build:buildconfig/php-new-app] Getting image source signatures
[start-build:buildconfig/php-new-app] Copying blob sha256:8671113e1c57d3106acaef2383f9bbfe1c45a26eacb03ec82786a494e15956c3
[start-build:buildconfig/php-new-app] Copying blob sha256:12b8b1afe30f6fe8a264840ad3f250b82b335b9ebdca922db57b48836cee0c8c
[start-build:buildconfig/php-new-app] Copying blob sha256:5dcbdc60ea6b60326f98e2b49d6ebcb7771df4b70c6297ddf2d7dede6692df6e
[start-build:buildconfig/php-new-app] Copying blob sha256:79a56ba04a301eb949644bca29f18b1879b6f305091ef1eb8068a0f5828db863
[start-build:buildconfig/php-new-app] Copying blob sha256:aad543859364662ddb264ad5752fd9449d47410b9efa0278463c0a9c578b79c6
[start-build:buildconfig/php-new-app] Copying blob sha256:5ef35865823c08b6a61db372ca0364c611f63b82a1c392586c57aefd808004d0
[start-build:buildconfig/php-new-app] Copying config sha256:97dac3de37e2c92887dc9cd0c5fe923c55754ab9631ab68a50fa709a025e4708
[start-build:buildconfig/php-new-app] Writing manifest to image destination
[start-build:buildconfig/php-new-app] Storing signatures
[start-build:buildconfig/php-new-app] Successfully pushed image-registry.openshift-image-registry.svc:5000/php-github/php-new-app@sha256:265fff2375f4d5ed9cd24857196d4a76d979334bf1dfba8684c645ba049e0d6a
[start-build:buildconfig/php-new-app] Push successful
[Pipeline] }
[Pipeline] // node
[Pipeline] }
[Pipeline] // script
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (deploy)
[Pipeline] script
[Pipeline] {
[Pipeline] node
Running on Jenkins in /var/lib/jenkins/jobs/php-build-deploy/workspace
[Pipeline] {
[Pipeline] _OcContextInit
[Pipeline] _OcContextInit
[Pipeline] readFile
[Pipeline] _OcAction
[rollout:latest:deploymentconfig/phpapp] deploymentconfig.apps.openshift.io/phpapp rolled out
[Pipeline] }
[Pipeline] // node
[Pipeline] }
[Pipeline] // script
[Pipeline] }
[Pipeline] // stage
[Pipeline] End of Pipeline
Finished: SUCCESS정상적으로 git에서 clone & image 생성, 배포가 되었다.
ocp workload 에도 build pod가 complated 되었고,
deploy pod가 완료되어 pod가 배포되었다.
파이프라인 플러그인 원본소스
openshift.withCluster 와 같은 파이프라인의 플러그인 소스이다.
해당 파일소스를 둘러보며 명령어들을 참고하였다.
GitHub - openshift/jenkins-client-plugin
Contribute to openshift/jenkins-client-plugin development by creating an account on GitHub.
github.com
이렇게 Build&deploy 를 테스트하였는데, 개발 환경같은경우 위와 같은 설정을 하고
운영 환경같은 경우 Build와 deploy 파이프라인을 구분하면된다.
+redhat 오퍼레이터에서 jenkins 설정을 잡아줘서 매우 편했다.
끝!
반응형
'엔지니어링 > OCP' 카테고리의 다른 글
| [OCP] cronjob schedule 한국시간 설정하기 (0) | 2022.09.01 |
|---|---|
| [OCP] AAD(Azure Active Directory) 로그인 (0) | 2022.08.08 |
| [OCP] 이미지레지스트리 default route 생성 (0) | 2022.08.03 |
| [OCP] 일반유저 프로젝트 생성 권한 막기 (0) | 2022.08.03 |