共计 3110 个字符,预计需要花费 8 分钟才能阅读完成。
背景
kubesphere 流水线自带的 agent 只有四类:base、maven、nodejs、go,当须要构建其余框架的我的项目,就须要自定义 jenkins agent 了。
筹备工作
采纳官网的 docker.io/kubesphere/builder-base:v2.1.0
作为根底镜像,在此之上,装置 jdk 和 sonnar scanner cli,构建代码扫描环境。
应用如下 Dockerfile 构建用于打包的根底镜像:
FROM docker.io/kubesphere/builder-base:v2.1.0
RUN mkdir /usr/local/java /opt/sonar-scanner
# copy the jdk archive to the image,and it will automaticlly unzip the tar file
ADD jdk-8u181-linux-x64.tar.gz /usr/local/java/
# make a symbol link
RUN ln -s /usr/local/java/jdk1.8.0_181 /usr/local/java/jdk
# set environment variables
ENV JAVA_HOME /usr/local/java/jdk
ENV JRE_HOME ${JAVA_HOME}/jre
ENV CLASSPATH .:${JAVA_HOME}/lib:${JRE_HOME}/lib
ENV PATH ${JAVA_HOME}/bin:$PATH
COPY sonar-scanner-cli-4.6.0.2311-linux /opt/sonar-scanner
RUN ln -s /opt/sonar-scanner/bin/sonar-scanner /usr/sbin
将 Dockerfile 置于一个空目录即可,下载 JDK 和 sonnar-scanner 的压缩包放到目录下,其中 sonnar-scanner 须要解压,而后打包并推送:
docker build -t general:v1.0 .
docker tag general:v1.0 xxx.com/general:v1.0
docker push xxx.com/general:v1.0
配置 jenkins agent
登录 kubesphere,进入【配置核心】-【配置】,搜寻 jenkins-casc-config
,批改配置。
在 go 的形容下增加如下:
- name: "general"
namespace: "kubesphere-devops-system"
label: "general"
nodeUsageMode: "EXCLUSIVE"
idleMinutes: 0
containers:
- name: "general"
image: "xxx.com/public/general:v1.0" # 镜像地址
command: "cat"
args: ""
ttyEnabled: true
resourceRequestCpu: "100m"
resourceLimitCpu: "4000m"
resourceRequestMemory: "100Mi"
resourceLimitMemory: "8192Mi"
- name: "jnlp"
image: "jenkins/jnlp-slave:3.27-1"
command: "jenkins-slave"
args: "^${computer.jnlpmac} ^${computer.name}"
resourceRequestCpu: "50m"
resourceRequestMemory: "400Mi"
resourceLimitMemory: "1536Mi"
workspaceVolume:
emptyDirWorkspaceVolume:
memory: false
volumes:
- hostPathVolume:
hostPath: "/var/run/docker.sock"
mountPath: "/var/run/docker.sock"
- hostPathVolume:
hostPath: "jenkins_general_cache"
mountPath: "/home/jenkins/general/pkg"
- hostPathVolume:
hostPath: "sonar_cache"
mountPath: "/root/.sonar/cache"
yaml: "spec:\r\n affinity:\r\n nodeAffinity:\r\n preferredDuringSchedulingIgnoredDuringExecution:\r\n - weight: 1\r\n preference:\r\n matchExpressions:\r\n - key: node-role.kubernetes.io/worker\r\n operator: In\r\n values:\r\n - ci\r\n tolerations:\r\n - key: \"node.kubernetes.io/ci\"\r\n operator: \"Exists\"\r\n effect: \"NoSchedule\"\r\n - key: \"node.kubernetes.io/ci\"\r\n operator: \"Exists\"\r\n effect: \"PreferNoSchedule\"\r\n containers:\r\n - name: \"general\"\r\n resources:\r\n requests:\r\n ephemeral-storage: \"1Gi\"\r\n limits:\r\n ephemeral-storage: \"10Gi\"\r\n securityContext:\r\n fsGroup: 1000\r\n"
已将相干镜像上传到 dockerhub,仓库为 leksas/kubesphere-sonnar-scanner:v1
。
应用
在流水线中,编辑 Jenkinsfile 如下:
pipeline {
agent {
node {label 'general'}
}
stages {stage('SCM') {
steps {git(url: 'your project url', credentialsId: 'gitlab-account', branch: 'dev', changelog: true, poll: false)
}
}
stage('Code Analysis') {
steps {container('general') {withCredentials([string(credentialsId : 'snoar-token' ,variable : 'SONAR_TOKEN' ,)]) {withSonarQubeEnv('sonar') {sh 'sonar-scanner -Dsonar.projectKey=your project name -Dsonar.sources=. -Dsonar.host.url=your sonnar server url -Dsonar.token=$SONAR_TOKEN'}
}
timeout(unit: 'HOURS', activity: true, time: 1) {waitForQualityGate 'true'}
}
}
}
}
}
比照参考链接中的计划,该镜像集成了 sonnar scanner,任何语言都能够应用此 agent 去调用 sonnarqube 执行代码扫描。
相干链接:
JDK1.8 下载链接
sonar-scanner-cli-4.6.0.2311 下载链接
参考链接:
https://kubesphere.com.cn/for…
正文完
发表至: kubesphere
2021-03-01