- centos-java: 基础镜像
- openshift-jenkins-master: jenkins master镜像
- openshift-jenkins-jnlp-slave: jenkins slave镜像
- maven: build镜像
docker build -t <OCR_IP>:<5000>/<project_name>/<image_name>:<version>
docker login -u <openshift_username> -p <openshift_user_token> <OCR_IP>:<5000>
docker push <OCR_IP>:<5000>/<project_name>/<image_name>:<version>
docker build -t <OCR_IP>:<5000>/<project_name>/<image_name>:<version>
docker login -u <openshift_username> -p <openshift_user_token> <OCR_IP>:<5000>
docker push <OCR_IP>:<5000>/<project_name>/<image_name>:<version>
Get Container IP
docker inspect --format '{{ .NetworkSettings.IPAddress }}' <Container ID>
Debug
docker run -it --entrypoint /bin/bash <image>
Switch plugin site if failed to download jenkins plugins, available sites:
Also, Change scripts/install-plugins.sh
line 73 to: JENKINS_UC_DOWNLOAD=${JENKINS_UC_DOWNLOAD:-"$JENKINS_UC"}
- oc cluster up --create-machine
- oc login -u system:admin
- oc project default
- oc get svc -n default | grep registry //获取internal registry IP
- oc expose service docker-registry -n default //为internal registry添加外部访问
- docker-machine env openshift
- oc login -u <user_name, not system users>
- oadm policy add-role-to-user system:registry <user_name> //授予docker push 权限
- oadm policy add-role-to-user admin <user_name> -n openshift
- oadm policy add-role-to-user system:image-builder <user_name>
- oc whoami -t //获取token_value
- docker login -u -p <token_value> <registry_ip>:
- docker pull jenkins/jenkins:lts
- docker tag jenkins/jenkins:lts /openshift/<image_name>
- docker push /openshift/<image_name>:
- oc login -u <user_name>
- oc rsh
- oc create serviceaccount <service_name>
- oc policy add-role-to-user system:serviceaccount:<project_name>:<service_name>
- oc sa get-token <service_name>
- https://<openshift_IP>:/oauth/token/request
- Authorization: Bearer
oc edit scc restricted
runAsUser.Type to RunAsAny.
Ensure allowPrivilegedContainer is set to false.
- 每个项目拥有一套Jenkins Master和若干个Jenkins Slave。
- Jenkins Master和Jenkins Slave的docker镜像保存在私有的docker仓库内。
- Jenkins Master和Jenkins Slave共用一个Volume。
- 借助Jenkins插件自动创建和回收Jenkins Slave。
- 长时间闲置则回收Jenkins Master。
- 项目完成之后回收所有资源(Service、Route、Volume等)。