k8s(kubeadm) + Harbor + jenkins + git
實驗環境:k8s單節點部署、Harbor、jenkins部署在k8s外部
CICD流程:
1、從github中拉取代碼
2、jenkins進行打包、構建docker鏡像
3、將鏡像push到鏡像倉庫Harbor中
4、提前撰寫yaml資源清單
5、jenkins利用kubectl工具對資源進行更新
一、部署
1、Harbor鏡像倉庫部署
# 下載在線安裝包
wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-online-installer-v1.8.1.tgz
# 解壓安裝包
tar zxvf harbor-online-installer-v1.8.1.tgz -C /usr/src/
cd /usr/src/harbor
# 修改組態檔
vim harbor.yml
# 修改本機地址
hostname: 10.0.1.84
# 查看組態檔其他引數,將組態檔改成如下示例
cat harbor.yml |grep -v "^#"|grep -v " #"|grep -v "^$"
hostname: 10.0.1.84
http:
port: 18000
harbor_admin_password: Harbor12345
database:
password: root123
data_volume: /data
clair:
updaters_interval: 12
http_proxy:
https_proxy:
no_proxy: 127.0.0.1,localhost,core,registry
jobservice:
max_job_workers: 10
chart:
absolute_url: disabled
log:
level: info
rotate_count: 50
rotate_size: 200M
location: /var/log/harbor
_version: 1.8.0
# 執行
./install.sh
# 出現提示,安裝成功
? ----Harbor has been installed and started successfully.----
# 默認賬戶
admin Harbor12345
# 基本使用
docker pull nginx:latest # 拉取鏡像
docker tag nginx:latest 10.0.1.84/library/nginx # 給鏡像打tag
docker push 10.0.1.84/library/nginx # 推送鏡像
docker pull 10.0.1.84:18000/library/nginx:latest # 從Harbor鏡像倉庫拉取鏡像2、docker部署jenkins
# 需提前部署docker、docker-compose
# docker啟動jenkins
docker run \
-u root \
-d \
-p 8080:8080 \
-p 50000:50000 \
-v /data/docker/jenkins_home:/var/jenkins_home \
-v /var/run/docker.sock:/var/run/docker.sock \
-v "$HOME":/home \
jenkinsci/blueocean
# 初始密碼位置
/data/docker/jenkins_home/secrets/initialAdminPassword3、kubeadm部署k8s
環境:10.0.1.84:master
10.0.1.83:node
兩個節點需要提前安裝docker
master和node節點:
1、修改主機名(可不做)
hostnamectl set-hostname kube-master
hostnamectl set-hostname kube-node
2、關閉防火墻、關閉交換磁區
swapoff -a (臨時)
或
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
3、部署kubernetes
# curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
# cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://apt.kubernetes.io/ kubernetes-xenial main
EOF
# apt-get update
# apt-get install -y kubectl kubeadm kubectl
master節點:
4、初始化master節點(網路插件下面對應)
如果使用 calico 作為網路插件,要給 kubeadm init 帶上 --pod-network-cidr=192.168.0.0/16
如果使用 flannel 作為網路插件,要給 kubeadm init 帶上 --pod-network-cidr=10.244.0.0/16
# kubeadm init
......
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.0.1.84:6443 --token 93wgb0.cktng34w2sif8vqc \
--discovery-token-ca-cert-hash sha256:9438180169b6369417e465526d07beaceb3d480a38ad9c5680f3ebfe7f30879f
# 根據提示執行
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 記錄下來,用來node節點加入集群使用
kubeadm join 10.0.1.84:6443 --token 93wgb0.cktng34w2sif8vqc \
--discovery-token-ca-cert-hash sha256:9438180169b6369417e465526d07beaceb3d480a38ad9c5680f3ebfe7f30879f
注意:此時查看master節點狀態(kubectl get nodes)會發現STATUS是NotReady,因為還沒有安裝網路插件
5、網路插件
# Weave Net
kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
# Flannel(可選)
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
# Calico(可選)
kubectl apply -f https://docs.projectcalico.org/v2.0/getting-started/kubernetes/installation/hosted/kubeadm/calico.yaml
# 查看pod狀態
kubectl get pods -n kube-system (STATUS都Running)
# 此時在查看master節點狀態(kubectl get nodes)STATUS變成了Ready
node節點:
# 加入k8s集群 (如果報錯,去掉\,將命令變成一行)
kubeadm join 10.211.55.86:6443 --token 96we7u.s9fzr0hes09nzh31 \
--discovery-token-ca-cert-hash sha256:92bd946186fdfec3080d7570bca4bad6183f8cb19782784d2c855649e2832107
# master節點:
# 查看集群狀態
NAME STATUS ROLES AGE VERSION
kube-master Ready control-plane,master 4d22h v1.23.1
kube-node Ready <none> 4d22h v1.23.1
注意:kubectl命令只能在master上執行,如果想在其他node執行
復制master節點下的 ~/.kube/config 到其他node節點
二、jenkins連接k8s
1、安裝插件
kubernetes plugin(如果沒有,安裝kubernetes插件)
Git Parameter
2、配置kubernetes plugin插件
系統管理——>節點管理——>Configure Clouds——>Add a new cloud
# Kubernetes 地址:一般都是master地址+6443
# Kubernetes 證書:
cat ~/.kube/config
創建 ca.crt、cli.crt、cli.key
# ca.crt
echo xxxx(復制上圖密鑰) | base64 -d > ca.crt
# cli.crt
echo xxxx | base64 -d > cli.crt
# cli.key
echo xxxx > | base64 -d > cli.key
# 合并
openssl pkcs12 -export -out cert.pfx -inkey cli.key -in cli.crt -certfile ca.crt
Enter Export Password: <<<------輸入密碼 注意:密碼要記住,創建jenkins憑證有用
Verifying - Enter Export Password: <<<------輸入密碼
# 創建出來的 cert.pfx 留著創建憑據# 將ca.crt里面的內容復制到 Kubernetes 服務證書 key 中
# 提前創建命名空間namespaces,以kube-ops為例
# 創建憑據,如下圖
添加——>jenkins
# 將 cert.pfx 上傳
# 密碼輸入之前設定的密碼
# 憑據創建成功后,進行連接性測驗,出現 Connected to Kubernetes v1.23.1 代表成功
# 下方的Jenkins 地址,填寫安裝的地址三、測驗
1、創建流水線專案,進入配置,構建分支等等(看具體需要) 
2、配置jenkins-harbor-creds、jenkins-k8s-config引數
系統管理——>管理憑據——>添加全域憑據
配置jenkins-harbor-creds
harbor的用戶密碼,ID"jenkins-harbor-creds" 必須和jenkinsfile保持一致
配置jenkins-k8s-config
cp ~/.kube/config /tmp/kube-config.yml
base64 kube-config.yml > kube-config.txt
cat kube-config.txt 將里面的內容復制出來,寫到Secret里面,ID"jenkins-k8s-config" 必須和jenkinsfile保持一致
3、創建流水線,選擇Pipeline script
// 需要在jenkins的Credentials設定中配置jenkins-harbor-creds、jenkins-k8s-config引數
pipeline {
agent any
environment {
url = "github代碼倉庫位置" //8000 8001
credentialsId = "github代碼憑證"
HARBOR_CREDS = credentials('jenkins-harbor-creds')
K8S_CONFIG = credentials('jenkins-k8s-config')
GIT_TAG = sh(returnStdout: true,script: 'git describe --tags --always').trim()
}
parameters {
gitParameter(name: 'BRANCH', type: 'PT_BRANCH', defaultValue: 'main')
string(name: 'HARBOR_HOST', defaultValue: '10.0.1.84:18000', description: 'harbor倉庫地址')
string(name: 'K8S_NAMESPACE', defaultValue: 'kube-ops', description: 'k8s的namespace名稱')
}
stages {
stage('Checkout') {
steps {
checkout([$class: 'GitSCM',
branches: [[name: "${params.BRANCH}"]],
doGenerateSubmoduleConfigurations: false,
extensions: [],
gitTool: 'Default',
submoduleCfg: [],
userRemoteConfigs: [[url: "${url}",credentialsId: "${credentialsId}"]]
])
}
}
stage('Docker Build') {
agent any
steps {
sh "docker login 10.0.1.84:18000 --username admin --password 123456"
sh "sh debug.sh"
sh "docker build -t ew -f Dockerfile ."
sh "docker tag ew:latest 10.0.1.84:18000/jenkins/ew"
sh "docker push 10.0.1.84:18000/jenkins/ew"
sh "docker rmi 10.0.1.84:18000/jenkins/ew"
}
}
stage('Deploy') {
when {
allOf {
expression { env.GIT_TAG != null }
}
}
agent {
docker {
image 'lwolf/helm-kubectl-docker'
}
}
steps {
sh "rm -rf ~/.kube && mkdir ~/.kube"
sh "echo ${K8S_CONFIG} | base64 -d > ~/.kube/config"
sh "kubectl apply -f deployment.yaml -n $K8S_NAMESPACE" # 根據業務提前撰寫deployment.yaml
}
}
}
}4、根據業務撰寫yaml資源清單
apiVersion: apps/v1 #指定api版本標簽
kind: Deployment #定義資源的型別/角色,deployment為控制器
metadata: #定義資源的元資料資訊
name: ew-test #定義資源的名稱,在同一個namespace空間中必須是唯一的
namespaces: kube-ops
labels: #定義資源標簽
app: ew
spec:
replicas: 1 #定義副本數量
selector: #定義選擇器
matchLabels: #匹配上面的標簽
app: ew #匹配模板名稱
template: #定義模板
metadata:
labels:
app: ew
spec:
containers: #定義容器資訊
- name: ew-test
image: 10.0.1.84:18000/jenkins/ew
imagePullPolicy: IfNotPresent #容器使用的鏡像以及版本
ports:
- name: httpport
containerPort: 8000
- name: wsport
containerPort: 8001 #定義容器的對外埠
---
apiVersion: v1
kind: Service
metadata:
name: ew-service
labels:
app: ew
spec:
type: NodePort
ports:
- name: httpport
port: 8086
targetPort: 8000
nodePort: 32301
- name: wsport
port: 8087
targetPort: 8001
nodePort: 32302
selector:
app: ewservice port問題
# 埠問題:
targetPort:pod埠
port:service埠
nodePort:節點埠
port映射到targetPort
訪問:10.0.1.83:32301
集群內訪問:虛擬ip:service port
5、build測驗
登錄Harbor倉庫查看
可以看到鏡像成功被push到倉庫中
kubernetes查看
# kubectl get pods --all-namespaces -owide
可以看到在node節點創建了該pod
# kubectl get svc --all-namespaces -owide
service也創建出來了
# kubectl get deployment --all-namespaces -owide
可以看到鏡像是從Harbor倉庫中拉取下來的
網頁測驗訪問
10.0.1.84:32301
10.0.1.84:32302
四、kubectl基礎命令
# 查看所有命名空間
kubectl get namespaces
# 創建命名空間
kubectl create namespaces xxx
# 查看命名空間下的pod
kubectl get pods -n xxx
# 查看所有pod資訊(創建在那個節點、節點ip等)
kubectl get pods --all-namespaces -owide
# 查看deployment資源
kubectl get deployment --all-namespaces -owide
# 查看service資訊
kubectl get svc --all-namespaces -owide
# 查看describe詳細資訊
kubectl describe pod pod名字 -n namespace
# 利用資源清單創建/洗掉pod
kubectl apply -f xxx.yaml
kubectl delete -f xxx.yaml
# 洗掉pod
kubectl delete pod pod名字 -n namespace
# 進入pod
kubectl exec -it pod名字 -n namespace -- /bin/bash (bash不行就用sh)五、問題總結
Harbor相關問題:
1、docker login 連接不上Harbor
報錯資訊;
Error response from daemon: Get https://10.0.1.84:18000/v2/:
dial tcp 10.0.1.84:18000: connect: connection refused問題原因:不支持https
解決:
# vim /etc/docker/daemon.json
{
"insecure-registries": ["10.0.1.84:18000"]
}
# systemctl daemon-reload
# systemctl restart dockerpod創建在其他節點,需要用到Harbor都要有daemon.json
k8s相關問題:
1、init初始化不成功
報錯資訊:
failed to create kubelet: misconfiguration: kubelet cgroup driver: "cgroupfs" is different from docker cgroup driver: "systemd"
問題原因:kubelet和docker驅動不一致
解決:
驅動有兩種:systemd和cgroupfs
# 查看docker驅動
docker info
查看Cgroup Driver: 型別 (我的是cgroupfs)
# 修改成systemd
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}systemctl daemon-reload
systemctl restart docker
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/397536.html
標籤:其他