1,对项目的理解
单体架构?微服务?
怎么部署?
启动是否有依赖?
部署到k8s平台怎么个流程?
1. 制作镜像
2. 容器放到Pod
3. 控制器管理Pod
4. 暴露应用
5. 对外发布应用
6. 日志管理/监控
不同环境区分配置文件
configmap
entrypoint.sh
统一配置中心,例如 Apollo,Disconf
2,安装docker-ce
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum-config-manager --enable docker-ce-edge
yum install docker-ce
Docker配置加速:
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io
systemctl start docker
安装docker-compose:
curl -L https://get.daocloud.io/docker/compose/releases/download/1.12.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
docker-compose version
# 查看版本号,测试是否安装成功
3,Harbor镜像仓库
1、下载离线安装包
https://github.com/goharbor/harbor/releases
2、解压并配置访问地址
tar zxvf harbor-offline-installer-v1.6.1.tgz
cd harbor
vi harbor.cfg
hostname = 192.168.0.12
harbor_admin_password = 123456
3、准备配置
./prepare
4、导入镜像并启动
./install.sh
5、查看容器状态
docker-compose ps
4,Git代码版本仓库
1、安装Git
yum install git
2、创建Git用户并设置密码
useradd git
passwd git
3、创建仓库
su - git
mkdir app.git
cd app.git
git --bare init
4、配置客户端与Git服务器SSH免交互认证
5、测试
git clone git@192.168.0.12:/home/git/app.git
git add .
git commit –m “test”
git push origin master
5,
注意:
拉取官方提供的jenkins docker容器时,默认会将jenkins的数据文件存储在这个目录,/var/Jenkins_home, 所以要对这个目录做持久化。
yum install -y nfs-utils
vim /etc/exports
/ifs/kubernetes *(rw,no_root_squash)
systemctl start nfs
测试:
mount -t nfs 192.168.0.12:/ifs/kubernetes /mnt/
取消挂载:
umount /mnt/
安装nfs-client,实现自动PV供给。
先修改deployment.yaml 的NFS的IP地址和NFS共享路径
[root@centos7 ~]# cd nfs-client/
[root@centos7 nfs-client]#
[root@centos7 nfs-client]#
[root@centos7 nfs-client]#
[root@centos7 nfs-client]# ll
total 12
-rw-r--r-- 1 root root 225 Mar 31 2019 class.yaml
-rw-r--r-- 1 root root 977 Aug 1 19:19 deployment.yaml
-rw-r--r-- 1 root root 1526 Mar 31 2019 rbac.yaml
[root@centos7 nfs-client]#
[root@centos7 nfs-client]#
[root@centos7 nfs-client]# cat class.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: managed-nfs-storage
provisioner: fuseim.pri/ifs # or choose another name, must match deployment's env PROVISIONER_NAME'
parameters:
archiveOnDelete: "true"
[root@centos7 nfs-client]#
[root@centos7 nfs-client]# cat rbac.yaml
kind: ServiceAccount
apiVersion: v1
metadata:
name: nfs-client-provisioner
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-client-provisioner-runner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
namespace: default
roleRef:
kind: ClusterRole
name: nfs-client-provisioner-runner
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: default
roleRef:
kind: Role
name: leader-locking-nfs-client-provisioner
apiGroup: rbac.authorization.k8s.io
[root@centos7 nfs-client]#
[root@centos7 nfs-client]#
[root@centos7 nfs-client]#
[root@centos7 nfs-client]# cat deployment.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-client-provisioner
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: nfs-client-provisioner
spec:
selector:
matchLabels:
app: nfs-client-provisioner
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: nfs-client-provisioner
spec:
serviceAccountName: nfs-client-provisioner
containers:
- name: nfs-client-provisioner
image: lizhenliang/nfs-client-provisioner:latest
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME
value: fuseim.pri/ifs
- name: NFS_SERVER
value: 192.168.0.12
- name: NFS_PATH
value: /ifs/kubernetes
volumes:
- name: nfs-client-root
nfs:
server: 192.168.0.12
path: /ifs/kubernetes
[root@centos7 nfs-client]#
6,安装Jenkins
参考官网:https://github.com/jenkinsci/kubernetes-plugin/blob/fc40c869edfd9e3904a9a56b0f80c5a25e988fa1/src/main/kubernetes/jenkins.yml
[root@centos7 jenkins]# cat rbac.yml
---
# 创建名为jenkins的ServiceAccount
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
---
# 创建名为jenkins的Role,授予允许管理API组的资源Pod
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: jenkins
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
# 将名为jenkins的Role绑定到名为jenkins的ServiceAccount
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
[root@centos7 jenkins]#
[root@centos7 jenkins]#
[root@centos7 jenkins]#
[root@centos7 jenkins]# cat service-account.yml
# In GKE need to get RBAC permissions first with
# kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin [--user=<user-name>|--group=<group-name>]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: jenkins
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
[root@centos7 jenkins]#
[root@centos7 jenkins]# cat service.yml
apiVersion: v1
kind: Service
metadata:
name: jenkins
spec:
selector:
app: jenkins
type: NodePort
ports:
-
name: http
port: 80
targetPort: 8080
protocol: TCP
nodePort: 30006
-
name: agent
port: 50000
protocol: TCP
[root@centos7 jenkins]#
[root@centos7 jenkins]# cat statefulset.yml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: jenkins
labels:
name: jenkins
spec:
selector:
matchLabels:
app: jenkins
serviceName: jenkins
replicas: 1
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: jenkins
spec:
terminationGracePeriodSeconds: 10
serviceAccountName: jenkins
containers:
- name: jenkins
image: jenkins/jenkins:lts-alpine
imagePullPolicy: Always
ports:
- containerPort: 8080
- containerPort: 50000
resources:
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 0.5
memory: 500Mi
env:
- name: LIMITS_MEMORY
valueFrom:
resourceFieldRef:
resource: limits.memory
divisor: 1Mi
- name: JAVA_OPTS
value: -Xmx$(LIMITS_MEMORY)m -XshowSettings:vm -Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85
volumeMounts:
- name: jenkins-home
mountPath: /var/jenkins_home
volumeClaimTemplates:
- metadata:
name: jenkins-home
spec:
storageClassName: "managed-nfs-storage"
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 1Gi
[root@centos7 jenkins]#
7,Jenkins Master/Slave架构
安装插件:
git
kubernetes
Pipeline
构建Jenkins Slave镜像:
[root@centos7 jenkins-slave]# ll
total 776
-rw-r--r--. 1 root root 407 May 20 2019 Dockerfile
-rwxr-xr-x. 1 root root 1980 Apr 6 2018 jenkins-slave
-rw-r--r--. 1 root root 10409 Dec 29 2018 settings.xml
-rw-r--r--. 1 root root 770802 Jun 11 2018 slave.jar
[root@centos7 jenkins-slave]#
[root@centos7 jenkins-slave]# cat Dockerfile
FROM centos:7
LABEL maintainer lizhenliang
RUN yum install -y java-1.8.0-openjdk maven curl git libtool-ltdl-devel && \
yum clean all && \
rm -rf /var/cache/yum/* && \
mkdir -p /usr/share/jenkins
COPY slave.jar /usr/share/jenkins/slave.jar
COPY jenkins-slave /usr/bin/jenkins-slave
COPY settings.xml /etc/maven/settings.xml
RUN chmod +x /usr/bin/jenkins-slave
ENTRYPOINT ["jenkins-slave"]
[root@centos7 jenkins-slave]# vi /etc/docker/daemon.json
增加"insecure-registries": ["192.168.56.101:5000"]
[root@centos7 jenkins-slave]# docker build -t 192.168.0.12/library/jenkins-slave-jdk:1.8 .
[root@centos7 ~]# docker push 192.168.0.12/library/jenkins-slave-jdk:1.8
[root@centos7 ~]# kubectl get all
NAME READY STATUS RESTARTS AGE
pod/jenkins-0 1/1 Running 2 8h
pod/nfs-client-provisioner-658dbbb5b4-4wbwr 1/1 Running 1 8h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/jenkins NodePort 10.0.0.44 <none> 80:30006/TCP,50000:31276/TCP 8h
service/kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 8h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nfs-client-provisioner 1/1 1 1 8h
NAME DESIRED CURRENT READY AGE
replicaset.apps/nfs-client-provisioner-658dbbb5b4 1 1 1 8h
NAME READY AGE
statefulset.apps/jenkins 1/1 8h
[root@centos7 ~]#
登陆到jenkins主页:
http://192.168.0.14:30006/login?from=%2F
安装完插件,在jenkins页面设置:
Kubernetes 地址:
https://kubernetes.default
Jenkins 地址:
http://jenkins.default
浙公网安备 33010602011771号