K8S+Jenkins+Harbor+Docker+gitlab集群部署

news2024/12/28 2:45:01

K8S+Jenkins+Harbor+Docker+gitlab服务器集群部署

目录

  • K8S+Jenkins+Harbor+Docker+gitlab服务器集群部署
  • 1.准备以下服务器
  • 2.所有服务器统一处理执行
    • 2.1 关闭防火墙
    • 2.2 关闭selinux
    • 2.3 关闭swap(k8s禁止虚拟内存以提高性能)
    • 2.4 更新yum (看需要更新)
    • 2.5 时间同步
    • 2.6 安装wget、vim
    • 2.7 更新Docker的yum源
    • 2.8 查看Docker版本
    • 2.9 下载docker
    • 2.10 进入/etc目录创建docker目录
    • 2.11 配置国内镜像加速器
    • 2.12 docker自动启动
    • 2.13 启动docker
    • 2.14 安装rz上传插件
  • 3.k8s服务器配置
    • 3.1 添加k8s的阿里云yum源
    • 3.2 安装 kubeadm,kubelet 和 kubectl
    • 3.3 k8s自启动
    • 3.4 查询是否安装成功
    • 3.5 修改三台主机名(ip自行配置)
    • 3.6 设置网桥参数
    • 3.7 k8s-master主节点初始化
    • 3.8 部署网络插件 用于节点之间的项目通讯
    • 3.9 此时k8s集群初始化完毕 休息下
    • 3.10 安装kuboard图形化管理工具
  • 4.配置Jenkins服务器
    • 4.1 jenkins内部使用本地docker
    • 4.2 配置Jenkins挂载目录
    • 4.3 编写docker-compose.yml文件
    • 4.4 先启动一下compose
    • 4.5 配置下镜像加速
    • 4.6 获取Jenkins登录密码
    • 4.7 登录Jenkins
    • 4.8 升级Jenkins
    • 4.9 重新登录Jenkins获取升级版本
    • 4.10 Jenkins下载以下插件
    • 4.11 jenkins暂时完成
  • 5. 配置Gitlab服务器
    • 5.1 拉取镜像
    • 5.2 创建共享卷目录
    • 5.3 编写docker-compose.yml
    • 5.4 启动docker compose
    • 5.5 docker命令启动
    • 5.6 访问界面
    • 5.7 切换中文
  • 6. 配置Harbor镜像仓库
    • 6.1 安装docker、docker-compose
    • 6.2 下载Harbor安装包
    • 6.3 解压安装包
    • 6.4 进入解压出来的harbor文件夹中
    • 6.5 Docker加载镜像
    • 6.6 修改配置文件harbor.yml
    • 6.7 执行**./prepare && ./install.sh**命令
    • 6.8 查看相关镜像
    • 6.9 访问测试
  • 7.gitlab服务器连接Harbor
    • 7.1 修改gitlab服务器的daemon.json
    • 7.2 加载配置文件使其生效
    • 7.3 重启docker
    • 7.4 连接测试
    • 7.5 连接成功
  • 8.jenkins与gilab持续集成
    • 8.1 在jenkins中创建密钥对
    • 8.2 查看并复制公钥 私钥
    • 8.3 将公钥添加到gitlab中
    • 8.4 为Jenkins 添加全局凭据(私钥)
    • 8.5 拉取代码测试
    • 8.6 对 jenkins 的安全做一些设置
    • 8.7 完成拉取功能
  • 9.Jenkins安装Maven以及Jdk
    • 9.1 首先拉取两个安装包到服务器上
    • 9.2 解压Maven与Jdk并改名
    • 9.3 maven并进入解压文件修改setting.xml
    • 9.4 将jdk还有maven拉取到jenkins的挂载目录
    • 9.5 进入jenkins容器
    • 9.6 在jenkins的全局配置中配置jdk与maven
    • * 9.7 jenkins服务器创建一个jar包存放目录(好像没什么用..)
    • * 9.8 进入系统配置修改Publish over SSH
    • 9.9 测试maven打包
  • 10.创建流水线 连接K8s 实现CI/CD
    • 10.0 jenkins配置k8s SSH Servers
    • 10.1 创建项目,选择流水线,下面构建pipline脚本
    • 10.2 写一个流水线脚本大致流程 (参考)
    • 10.3 流水线语法 -- 拉取git仓库代码
    • 10.4 流水线语法 --通过maven构建项目
    • 10.5 流水线语法 --通过Docker制作自定义镜像
    • 10.5 流水线语法 -- 将自定义镜像推送到harbor
    • 10.6 流水线语法 -- 将yml文件发送到master节点
    • 10.7 流水线语法 -- 远程执行k8s-master的kubectl命令
    • 10.8 最终流水线脚本
    • 10.9 运行流水线即可完成k8s部署
  • 错误
    • 1.docker service ls出错
    • 2.无法从harbor拉取镜像

1.准备以下服务器

centos7系统:CentOS-7-x86_64-Minimal-2009.iso

所有服务器账号root 密码:123456

vmware17虚拟机

服务/结点Ip地址配置
k8s-master192.168.85.1412CPU/2核 4G内存
k8s-node1192.168.85.1422CPU/2核 4G内存
k8s-node2192.168.85.1432CPU/2核 4G内存
Jenkins192.168.85.1442CPU/2核 8G内存
Gitlab192.168.85.1452CPU/2核 8G内存
Harbor192.168.85.1462CPU/2核 8G内存

2.所有服务器统一处理执行

2.1 关闭防火墙

systemctl stop firewalld
systemctl disable firewalld

2.2 关闭selinux

sed -i 's/enforcing/disabled/' /etc/selinux/config  #永久
setenforce 0  #临时

2.3 关闭swap(k8s禁止虚拟内存以提高性能)

sed -ri 's/.*swap.*/#&/' /etc/fstab #永久
swapoff -a #临时

2.4 更新yum (看需要更新)

yum -y update

2.5 时间同步

yum install ntpdate -y	#若是没有这个工具的需要下载
ntpdate time.windows.com

2.6 安装wget、vim

yum install wget -y
yum install vim -y

2.7 更新Docker的yum源

wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo

2.8 查看Docker版本

yum list docker-ce --showduplicates|sort -r

2.9 下载docker

yum install docker-ce-20.10.9 -y

2.10 进入/etc目录创建docker目录

cd /etc
mkdir docker

2.11 配置国内镜像加速器

sudo vim /etc/docker/daemon.json
{
      "registry-mirrors" : ["https://q5bf287q.mirror.aliyuncs.com", "https://registry.docker-cn.com","http://hub-mirror.c.163.com"],
 	 "exec-opts": ["native.cgroupdriver=systemd"]
}

2.12 docker自动启动

systemctl enable docker.service

2.13 启动docker

sudo systemctl daemon-reload
service docker start

2.14 安装rz上传插件

yum install lrzsz

3.k8s服务器配置

3.1 添加k8s的阿里云yum源

cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

3.2 安装 kubeadm,kubelet 和 kubectl

yum install kubelet-1.23.6 kubeadm-1.23.6 kubectl-1.23.6 -y

3.3 k8s自启动

systemctl enable kubelet.service

3.4 查询是否安装成功

yum list installed | grep kubelet
yum list installed | grep kubeadm
yum list installed | grep kubectl

3.5 修改三台主机名(ip自行配置)

cat >> /etc/hosts << EOF
192.168.85.141 k8s-master
192.168.85.142 k8s-node1
192.168.85.143 k8s-node2
EOF

3.6 设置网桥参数

cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system  #生效

3.7 k8s-master主节点初始化

kubeadm init --apiserver-advertise-address=192.168.85.141 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.23.6 --service-cidr=10.96.0.0/16 --pod-network-cidr=10.244.0.0/16

运行结果

[root@localhost etc]# kubeadm init --apiserver-advertise-address=192.168.85.141 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.23.6 --service-cidr=10.96.0.0/16 --pod-network-cidr=10.244.0.0/16
[init] Using Kubernetes version: v1.23.6
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local localhost.localdomain] and IPs [10.96.0.1 192.168.85.141]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [localhost localhost.localdomain] and IPs [192.168.85.141 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [localhost localhost.localdomain] and IPs [192.168.85.141 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 10.519327 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.23" in namespace kube-system with the configuration for the kubelets in the cluster
NOTE: The "kubelet-config-1.23" naming of the kubelet ConfigMap is deprecated. Once the UnversionedKubeletConfigMap feature gate graduates to Beta the default name will become just "kubelet-config". Kubeadm upgrade will handle this transition transparently.
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node localhost.localdomain as control-plane by adding the labels: [node-role.kubernetes.io/master(deprecated) node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
[mark-control-plane] Marking the node localhost.localdomain as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: 2pw233.jhsl6y1ysijtafc7
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.85.141:6443 --token 2pw233.jhsl6y1ysijtafc7 \
	--discovery-token-ca-cert-hash sha256:230fdb6f83dd9e81ff421e0be7d681de6df630501395c51e6376c76ca2df81ee 

根据结果提示在master主节点上执行

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

查询节点是否成功

[root@localhost etc]# kubectl get nodes
NAME         STATUS   ROLES                  AGE    VERSION
k8s-master   Ready    control-plane,master   107s   v1.23.6

提示:

如果没有显示k8s-master而是显示localhost.localdomain

那么就执行:

kubeadm reset

然后重新初始化操作!!

在node节点上执行添加操作

kubeadm join 192.168.85.141:6443 --token j4e0j9.e0ixp8ythubqguo0 \
	--discovery-token-ca-cert-hash sha256:27eb6ef95e8c8ecbef3913c7a0a6921ce3dcbaf10d6534d33ef102e26c984e3e

成功添加显示

[root@localhost etc]# kubeadm join 192.168.85.141:6443 --token 2pw233.jhsl6y1ysijtafc7 \
> --discovery-token-ca-cert-hash sha256:230fdb6f83dd9e81ff421e0be7d681de6df630501395c51e6376c76ca2df81ee 
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

主节点执行

[root@localhost etc]# kubectl get nodes
NAME         STATUS   ROLES                  AGE     VERSION
k8s-master   Ready    control-plane,master   6m22s   v1.23.6
k8s-node1    Ready    <none>                 22s     v1.23.6
k8s-node2    Ready    <none>                 18s     v1.23.6

如果没有显示node节点的话

就在node节点上执行

kubeadm reset

然后重新kubeadm join操作

如果node节点无法使用kubectl get nodes,那么就在node节点执行以下命令

mkdir ~/.kube
vim ~/.kube/config
# 复制master节点的内容 cat ~/.kube/config
# 将内容添加到node节点刚才创建的config里面即可!!!

3.8 部署网络插件 用于节点之间的项目通讯

(在master上操作)

wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

有时候可能会下载失败

[root@k8s-master docker]# wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
--2023-01-05 16:28:08--  https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
正在解析主机 raw.githubusercontent.com (raw.githubusercontent.com)... 0.0.0.0, ::
正在连接 raw.githubusercontent.com (raw.githubusercontent.com)|0.0.0.0|:443... 失败:拒绝连接。
正在连接 raw.githubusercontent.com (raw.githubusercontent.com)|::|:443... 失败:拒绝连接。

采用浏览器打开复制,添加kube-flannel.yml文件即可

---
kind: Namespace
apiVersion: v1
metadata:
  name: kube-flannel
  labels:
    pod-security.kubernetes.io/enforce: privileged
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: flannel
rules:
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - get
- apiGroups:
  - ""
  resources:
  - nodes
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - nodes/status
  verbs:
  - patch
- apiGroups:
  - "networking.k8s.io"
  resources:
  - clustercidrs
  verbs:
  - list
  - watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: flannel
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: flannel
subjects:
- kind: ServiceAccount
  name: flannel
  namespace: kube-flannel
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: flannel
  namespace: kube-flannel
---
kind: ConfigMap
apiVersion: v1
metadata:
  name: kube-flannel-cfg
  namespace: kube-flannel
  labels:
    tier: node
    app: flannel
data:
  cni-conf.json: |
    {
      "name": "cbr0",
      "cniVersion": "0.3.1",
      "plugins": [
        {
          "type": "flannel",
          "delegate": {
            "hairpinMode": true,
            "isDefaultGateway": true
          }
        },
        {
          "type": "portmap",
          "capabilities": {
            "portMappings": true
          }
        }
      ]
    }
  net-conf.json: |
    {
      "Network": "10.244.0.0/16",
      "Backend": {
        "Type": "vxlan"
      }
    }
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: kube-flannel-ds
  namespace: kube-flannel
  labels:
    tier: node
    app: flannel
spec:
  selector:
    matchLabels:
      app: flannel
  template:
    metadata:
      labels:
        tier: node
        app: flannel
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: kubernetes.io/os
                operator: In
                values:
                - linux
      hostNetwork: true
      priorityClassName: system-node-critical
      tolerations:
      - operator: Exists
        effect: NoSchedule
      serviceAccountName: flannel
      initContainers:
      - name: install-cni-plugin
        image: docker.io/flannel/flannel-cni-plugin:v1.1.2
       #image: docker.io/rancher/mirrored-flannelcni-flannel-cni-plugin:v1.1.2
        command:
        - cp
        args:
        - -f
        - /flannel
        - /opt/cni/bin/flannel
        volumeMounts:
        - name: cni-plugin
          mountPath: /opt/cni/bin
      - name: install-cni
        image: docker.io/flannel/flannel:v0.20.2
       #image: docker.io/rancher/mirrored-flannelcni-flannel:v0.20.2
        command:
        - cp
        args:
        - -f
        - /etc/kube-flannel/cni-conf.json
        - /etc/cni/net.d/10-flannel.conflist
        volumeMounts:
        - name: cni
          mountPath: /etc/cni/net.d
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      containers:
      - name: kube-flannel
        image: docker.io/flannel/flannel:v0.20.2
       #image: docker.io/rancher/mirrored-flannelcni-flannel:v0.20.2
        command:
        - /opt/bin/flanneld
        args:
        - --ip-masq
        - --kube-subnet-mgr
        resources:
          requests:
            cpu: "100m"
            memory: "50Mi"
        securityContext:
          privileged: false
          capabilities:
            add: ["NET_ADMIN", "NET_RAW"]
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: EVENT_QUEUE_DEPTH
          value: "5000"
        volumeMounts:
        - name: run
          mountPath: /run/flannel
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
        - name: xtables-lock
          mountPath: /run/xtables.lock
      volumes:
      - name: run
        hostPath:
          path: /run/flannel
      - name: cni-plugin
        hostPath:
          path: /opt/cni/bin
      - name: cni
        hostPath:
          path: /etc/cni/net.d
      - name: flannel-cfg
        configMap:
          name: kube-flannel-cfg
      - name: xtables-lock
        hostPath:
          path: /run/xtables.lock
          type: FileOrCreate

将该文件放在master上,然后应用执行

kubectl apply -f kube-flannel.yml

运行结果

[root@localhost home]# ls
kube-flannel.yml
[root@localhost home]# kubectl apply -f kube-flannel.yml
namespace/kube-flannel created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created
[root@localhost home]# 

3.9 此时k8s集群初始化完毕 休息下

3.10 安装kuboard图形化管理工具

在master节点上执行

kubectl apply -f https://addons.kuboard.cn/kuboard/kuboard-v3.yaml

查询是否安装完毕

kubectl get pods -n kuboard
[root@localhost etc]# kubectl get pods -n kuboard
NAME                          READY   STATUS              RESTARTS   AGE
kuboard-etcd-lkxmn            0/1     ContainerCreating   0          30s
kuboard-v3-56b4b954c9-jl6qw   0/1     ContainerCreating   0          30s
[root@localhost etc]# kubectl get pods -n kuboard
NAME                          READY   STATUS              RESTARTS   AGE
kuboard-etcd-lkxmn            0/1     ContainerCreating   0          31s
kuboard-v3-56b4b954c9-jl6qw   0/1     ContainerCreating   0          31s

全部加载完毕之后,访问 http://192.168.85.141:30080

因为默认30080端口

账号:admin 密码:Kuboard123

4.配置Jenkins服务器

采用Docker compose安装,最开始安装docker的时候,docker compose会伴随安装

4.1 jenkins内部使用本地docker

进入/var/run,找到docker.sock

[root@npy run]# ls
auditd.pid  containerd   cryptsetup          dmeventd-client  docker.pid   initramfs  lvm          netreport       sepermit  sudo         tmpfiles.d  user
chrony      crond.pid    dbus                dmeventd-server  docker.sock  lock       lvmetad.pid  NetworkManager  setrans   syslogd.pid  tuned       utmp
console     cron.reboot  dhclient-ens33.pid  docker           faillock     log        mount        plymouth        sshd.pid  systemd      udev        xtables.lock
[root@npy run]# pwd
/var/run

修改docker.sock文件所属组

chown root:root docker.sock

修改权限

chmod o+rw docker.sock

4.2 配置Jenkins挂载目录

mkdir -p /home/jenkins/jenkins_mount
chmod 777 /home/jenkins/jenkins_mount

4.3 编写docker-compose.yml文件

浏览器访问端口配置为:10240

容器名称为:npy_jenkins

version: '3.1'
services:
  jenkins:
    image: jenkins/jenkins
    privileged: true
    user: root
    ports:
      - 10240:8080
      - 10241:50000
    container_name: npy_jenkins
    volumes:
      - /home/jenkins/jenkins_mount:/var/jenkins_home
      - /etc/localtime:/etc/localtime
      - /var/run/docker.sock:/var/run/docker.sock
      - /usr/bin/docker:/usr/bin/docker
      - /etc/docker/daemon.json:/etc/docker/daemon.json                                                    

4.4 先启动一下compose

docker compose up -d

4.5 配置下镜像加速

# 修改挂载目录的hudson.model.UpdateCenter.xml文件 添加清华源加速
[root@localhost jenkins_mount]# pwd
/home/jenkins/jenkins_mount
[root@localhost jenkins_mount]# ls
config.xml               docker-compose.yml        hudson.model.UpdateCenter.xml  jenkins.telemetry.Correlator.xml  nodeMonitors.xml  plugins     secret.key.not-so-secret  updates      users
copy_reference_file.log  failed-boot-attempts.txt  identity.key.enc               jobs                              nodes             secret.key  secrets                   userContent  war
[root@localhost jenkins_mount]# 

<?xml version='1.1' encoding='UTF-8'?>
<sites>
  <site>
    <id>default</id>
    <url>https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json</url>
  </site>
</sites>

4.6 获取Jenkins登录密码

cat /home/jenkins/jenkins_mount/secrets/initialAdminPassword
[root@localhost jenkins_mount]# cat /home/jenkins/jenkins_mount/secrets/initialAdminPassword
296fcfb8b0a04a4b8716e33b53fa6743

4.7 登录Jenkins

选择安装推荐的插件就可以了

http://192.168.85.144:10240

4.8 升级Jenkins

首先下载jenkins的war包

下载地址:2.375.3版本

然后停止jenkins容器,记得是停止!

# docker stop 677c9d9ab474
[root@localhost jenkins_mount]# docker ps
CONTAINER ID   IMAGE             COMMAND                   CREATED          STATUS          PORTS                                                                                        NAMES
677c9d9ab474   jenkins/jenkins   "/sbin/tini -- /usr/…"   27 minutes ago   Up 27 minutes   0.0.0.0:10240->8080/tcp, :::10240->8080/tcp, 0.0.0.0:10241->50000/tcp, :::10241->50000/tcp   npy_jenkins
[root@localhost jenkins_mount]# docker stop 677c9d9ab474
f1c11a1c592b
[root@localhost jenkins_mou

然后把下载的jenkins.war包通过rz拉到服务器上,然后执行docker cp命令

[root@localhost jenkins]# ls
jenkins_mount
[root@localhost jenkins]# rz 
[root@localhost jenkins]# ls
jenkins_mount  jenkins.war
[root@localhost jenkins]# docker cp jenkins.war 677c9d9ab474:/usr/share/jenkins/jenkins.war
Preparing to copy...
Copying to container - 0B
Copying to container - 0B
Copying to container - 512B
Copying to container - 32.77kB
Copying to container - 65.54kB
Copying to container - 98.3kB
Copying to container - 131.1kB

再重新启动容器

docker start 677c9d9ab474

4.9 重新登录Jenkins获取升级版本

账号是:admin 密码是:123456

在这里插入图片描述

4.10 Jenkins下载以下插件

第一个是为了连接gitlab,第二个是为了ssh连接目标服务器

Git Parameter

Publish Over SSH

4.11 jenkins暂时完成

5. 配置Gitlab服务器

5.1 拉取镜像

docker pull gitlab/gitlab-ce

5.2 创建共享卷目录

[root@localhost gitlab]# mkdir etc
[root@localhost gitlab]# mkdir log
[root@localhost gitlab]# mkdir data
[root@localhost gitlab]# ls
data  etc  log
[root@localhost gitlab]# chmod 777 data/ etc/ log/

5.3 编写docker-compose.yml

version: '3.1'
services:
  gitlab:
    image: 'gitlab/gitlab-ce'
    restart: always
    container_name: npy_gitlab
    privileged: true
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'http://192.168.85.145'
    ports:
      - '80:80'
      - '443:443'
      - '33:22'
    volumes:
      - '/home/gitlab/etc:/etc/gitlab'
      - '/home/gitlab/log:/var/log/gitlab'
      - '/home/gitlab/data:/var/opt/gitlab'

5.4 启动docker compose

docker compose up -d

5.5 docker命令启动

docker run -itd --name=npy_gitlab --restart=always --privileged=true   -p 8443:443  -p 80:80 -p 222:22 -v /home/gitlab/etc:/etc/gitlab -v  /home/gitlab/log:/var/log/gitlab -v  /home/gitlab/data:/var/opt/gitlab  gitlab/gitlab-ce

5.6 访问界面

http://192.168.85.145:80

用户名为:root

获取密码:进入容器查看

sudo docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password

5.7 切换中文

在这里插入图片描述

6. 配置Harbor镜像仓库

6.1 安装docker、docker-compose

yum install docker-ce-20.10.9 -y
yum install epel-release -y
yum install docker-compose –y

6.2 下载Harbor安装包

下载地址
下载会有点慢,建议用迅雷下载
下载的harbor-offline-installer-v1.10.10.tgz 包通过ftp工具拉取到服务器上

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-qudEZWti-1676864296334)(E:\MD笔记\MyLoverK8s\images\image-20230216233843950.png)]

6.3 解压安装包

[root@localhost harbor]# tar -zxvf harbor-offline-installer-v1.10.10.tgz 
harbor/harbor.v1.10.10.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml
[root@localhost harbor]# 

6.4 进入解压出来的harbor文件夹中

[root@localhost harbor]# ls
harbor  harbor-offline-installer-v1.10.10.tgz
[root@localhost harbor]# cd harbor
[root@localhost harbor]# ls
common.sh  harbor.v1.10.10.tar.gz  harbor.yml  install.sh  LICENSE  prepare
[root@localhost harbor]# 

6.5 Docker加载镜像

docker load -i harbor.v1.10.10.tar.gz

6.6 修改配置文件harbor.yml

[root@localhost harbor]# cd harbor
[root@localhost harbor]# ls
common.sh  harbor.v1.10.10.tar.gz  harbor.yml  install.sh  LICENSE  prepare
[root@localhost harbor]# vim harbor.yml 

设置hostname为主机ip:192.168.85.146

密码为Harbor12345

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-ue6uEZ57-1676864296334)(E:\MD笔记\MyLoverK8s\images\image-20230216234256567.png)]

将上面的https:内容都进行注释,否则会出错:ERROR:root:Error: The protocol is https but attribute ssl_cert is not set

6.7 执行**./prepare && ./install.sh**命令

./prepare
./install.sh

如果docker-compose版本不够,就去下载最新版本

curl -L https://get.daocloud.io/docker/compose/releases/download/v2.4.1/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose

6.8 查看相关镜像

[root@localhost harbor]# docker ps
CONTAINER ID   IMAGE                                  COMMAND                   CREATED          STATUS                    PORTS                                   NAMES
1c2c49bcae29   goharbor/nginx-photon:v1.10.10         "nginx -g 'daemon of…"   47 seconds ago   Up 45 seconds (healthy)   0.0.0.0:80->8080/tcp, :::80->8080/tcp   nginx
bce07bf48d57   goharbor/harbor-jobservice:v1.10.10    "/harbor/harbor_jobs…"   47 seconds ago   Up 45 seconds (healthy)                                           harbor-jobservice
43a696210739   goharbor/harbor-core:v1.10.10          "/harbor/harbor_core"     48 seconds ago   Up 46 seconds (healthy)                                           harbor-core
2c460dcf924f   goharbor/registry-photon:v1.10.10      "/home/harbor/entryp…"   50 seconds ago   Up 47 seconds (healthy)   5000/tcp                                registry
8904cb8b36e2   goharbor/redis-photon:v1.10.10         "redis-server /etc/r…"   50 seconds ago   Up 48 seconds (healthy)   6379/tcp                                redis
9b030e10048b   goharbor/harbor-registryctl:v1.10.10   "/home/harbor/start.…"   50 seconds ago   Up 48 seconds (healthy)                                           registryctl
7613eb27e887   goharbor/harbor-db:v1.10.10            "/docker-entrypoint.…"   50 seconds ago   Up 48 seconds (healthy)   5432/tcp                                harbor-db
ab698202e684   goharbor/harbor-portal:v1.10.10        "nginx -g 'daemon of…"   50 seconds ago   Up 47 seconds (healthy)   8080/tcp                                harbor-portal
62496f80be73   goharbor/harbor-log:v1.10.10           "/bin/sh -c /usr/loc…"   52 seconds ago   Up 49 seconds (healthy)   127.0.0.1:1514->10514/tcp               harbor-log
[root@localhost harbor]# 

6.9 访问测试

浏览器输入ip即可

在这里插入图片描述

7.gitlab服务器连接Harbor

7.1 修改gitlab服务器的daemon.json

目的:将CI服务器上的项目push到镜像harbor私仓

insecure-registries为harbor服务器的ip

vim /etc/docker/daemon.json
{
      "registry-mirrors" : ["https://q5bf287q.mirror.aliyuncs.com", "https://registry.docker-cn.com","http://hub-mirror.c.163.com"],
      "exec-opts": ["native.cgroupdriver=systemd"],
      "insecure-registries": ["192.168.85.146"]
}

7.2 加载配置文件使其生效

systemctl daemon-reload

7.3 重启docker

systemctl restart docker

7.4 连接测试

测试登录harbor服务器

账号密码就是部署harbor时的账号密码:admin Harbor12345

[root@localhost docker]# docker login 192.168.85.146
Username: admin
Password: Harbor12345
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@localhost docker]# 

7.5 连接成功

8.jenkins与gilab持续集成

8.1 在jenkins中创建密钥对

需要进入jenkins容器

docker exec -it b5a49147b7f5 bash 
# 创建密钥对,一路默认回车
ssh-keygen

8.2 查看并复制公钥 私钥

cat ~/.ssh/id_rsa.pub 

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBHrS0octCBPQYrNt3UAGdhxunMdBkmLBa3DATy0ND1QoRMbBaiZ6XYEMUaYEmiitMbXfzCHN8tEyUpqqxNDhjQ0kq0FlXRpUV65BWzvpWNM7cOG1yH1OE1JqGQ7HRyArKOK6JcCoFRn+F0LWO01GcTGbiF8z//ZeQo11GpDDXC2cQovDxIJTNS5y9BLRMZzU3XZNJRJvKVcmIINaX+Xiz49NfPauswa2aZV+cOkJetnqpMk6LkbDv+4FZ15lqQzSVpSTslbiZAp1t6TSLhoim8KubmFa9C7vP1lIqZtEJqPawJ7o9hZ8guo1O07SQPu6We7gNX0IccRLG0DNO/JPh root@localhost.localdomain

cat ~/.ssh/id_rsa

-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEA2y/A53dGESZbz40mKb6tKjsBBdv/BzH7gkEhz3hpKXF6dSufP1Gj
f+bhei7kpPUFC1Vq0b3IWKkkF1+AqL9KMEWq38sDoiL72gnWvGIeclx9gCeKKR+runMGxs
aIJG12cTV3uEqAmVq4GN84qLS+d7pEBcJyVvq8rl1bqzexBeKipcRnrMC916fFDYIAP98y
RPUfE4TAMHUIh4FL4K0yWDr2IvbSs8J0ks/sY5IFc0ZXwWpsHd7rkRC8vd+/Z9QrSmUw6T
+Ci6RL11O2+rpSOHoXZcBbL6e+sOpKQTDDePYbLzbIL6jfXK4adv6WelMP5Ngs2WG8oCC1
/d9hMlm6alpom2gtdgEIireENkX6MWO7yq921oDC5tYq8rdUXpk8vkjhCHbGkqJrzPTqC3
raBV5SYMUwpUzRvsIaas4ZJjB4rLzNOZ/DCdSvYajSXGEkhTFKduDqEGd+TpOVEsJaDz7A
153HZc11vvuYr3ojVsycTWQAWlnGIipa7rj447NRAAAFiNfKu2DXyrtgAAAAB3NzaC1yc2
EAAAGBANsvwOd3RhEmW8+NJim+rSo7AQXb/wcx+4JBIc94aSlxenUrnz9Ro3/m4Xou5KT1
BQtVatG9yFipJBdfgKi/SjBFqt/LA6Ii+9oJ1rxiHnJcfYAniikfq7pzBsbGiCRtdnE1d7
hKgJlauBjfOKi0vne6RAXCclb6vK5dW6s3sQXioqXEZ6zAvdenxQ2CAD/fMkT1HxOEwDB1
CIeBS+CtMlg69iL20rPCdJLP7GOSBXNGV8FqbB3e65EQvL3fv2fUK0plMOk/goukS9dTtv
q6Ujh6F2XAWy+nvrDqSkEww3j2Gy82yC+o31yuGnb+lnpTD+TYLNlhvKAgtf3fYTJZumpa
aJtoLXYBCIq3hDZF+jFju8qvdtaAwubWKvK3VF6ZPL5I4Qh2xpKia8z06gt62gVeUmDFMK
VM0b7CGmrOGSYweKy8zTmfwwnUr2Go0lxhJIUxSnbg6hBnfk6TlRLCWg8+wNedx2XNdb77
mK96I1bMnE1kAFpZxiIqWu64+OOzUQAAAAMBAAEAAAGAEZT2C1sk8rE6Ah8XZZfW+iE7hs
XL4j7fJuakmKjW/q0MnqN+Ja0dyV+yzINAcf75hZw3clWf4YTH0VwmzOJzSAX+m+8D/piB
zU6mu/u+53uF0abaTUwuEUmyzHUWbJ2fN5uLW+wV/rcpN02IlPfSo3X8iN29ID8CrZXtiY
FxIMC6PUPQ8SmQ0OCzTM8VyAnWVXO4J2+pnvl0UrJLbN1XwX4RSmK0Khk6EqC9HIuVBlcp
KOmpfIfqK3vFOBHfn6uEG2IeNWYoabBvaXiJkZpp0yZKWV7IHectdssFcDRkFI+pzzZC5I
pea2VpSWoLMDd8qhyPZhV6F04hltQwDytBNvHXs3fYLu9J91qcC2JvsoEMTZGqbDsz2VQg
Lm0+Jjp0pbhgAuCXT3OKv+wgTxcChi7nVAskaAHfUJMB4E08kNSVjNmq3mdmHQ5U4jA8u/
K938v4sJcM7RXTx2iCeh2Q+4B3AcPL/Zi2vgZ5AKU1B+eVExRkShUUyvSebdaT9MZxAAAA
wEGlkwjOILNGC9Qj7WTivh/4T2WpTZ/CxOLogyoBbMEzKxe3a+HfnvrqhU3TT5KqNgJRFz
QXXbbzGrUpJxuNe+LjfPokI4GNQHQFumxC6fgPtNCt8OOhe+L3b9F0b5aIxQvBSdLhEoyb
kO7f7WvherVndQpC4EEZiBOevzNdhswmLLN7/3LRNohb3s5Nod5TE6ryt2RjG3mh8Bq/o0
NFRavPknEfQvJwEdXN+62lT3mrW1JWa05E1RUahKVc28Od+wAAAMEA/HptIL+eu5a6DvDQ
3aiudhh/pccPB9fcaWr9L0IUBHXM/RUe2UYcH3w06RJIbsbqB3ep5QbOaE6PSCE3D3mge4
9mChFwMy4GpijAL845v3agVR+bY3VhHD0xLQvFiphnBMtSQmS7JvTEk7+XOR4PUF8big2i
4s44KG/p4tB67C0fwdrt3IvYR7G4PTYQVlHeE8kgURGdg6LIPFgWtC8VSeSfz2PETSfyqo
/odIupNJdHV5qvpIY0R9kiWD0M2zp1AAAAwQDePnIwymfJ+SkWvgJNYI6AAGsDjxDPK1Gm
lC5IVc/KzgH9uuffv0nyQi1LJLce2OZuoQ8SsxBEkZWL01ptH3xv4sqZisO/nJGp5gLkso
ZmsImhZAfExrchnstivvXAJ3UmYDTd5xWxkNCX4Zom+3ciNBMAFiZq4Abj4TDO78tqBV/D
O30W8O1qHpXq+t6mAY0f8cIzdSLC4fwWBEbfhdLREPYecSYjka0FQ/NHuoh+aRkH1Ivan5
FEQwgQOeYfoe0AAAARcm9vdEBiNWE0OTE0N2I3ZjUBAg==
-----END OPENSSH PRIVATE KEY-----

8.3 将公钥添加到gitlab中

登录gilab,点击用户设置界面,执行一下步骤,增加一个ssh密钥.

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-yMCzRmpm-1676864296335)(E:\MD笔记\MyLoverK8s\images\image-20230217010623913.png)]

8.4 为Jenkins 添加全局凭据(私钥)

登录jenkins,打开系统管理-Manage Credentials进入凭据管理页面

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-pLDo2FKu-1676864296335)(E:\MD笔记\MyLoverK8s\images\image-20230217011839014.png)]

8.5 拉取代码测试

  • 先去在gitlab中创建一个项目 并上传项目 注意分支一定要是master分支

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-k8jtAs7M-1676864296335)(E:\MD笔记\MyLoverK8s\images\image-20230217012105449.png)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-ixrJydPL-1676864296335)(E:\MD笔记\MyLoverK8s\images\image-20230217025841875.png)]

复制项目地址

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-VmAsbR9g-1676864296335)(E:\MD笔记\MyLoverK8s\images\image-20230217011937496.png)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-BDXcQuzO-1676864296336)(E:\MD笔记\MyLoverK8s\images\image-20230217033613942.png)]

设置完之后进行构建 输出成功

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-4uNF4zon-1676864296336)(E:\MD笔记\MyLoverK8s\images\image-20230217033647087.png)]

查看工作空间,发现有代码了

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-0IRzqjX2-1676864296336)(E:\MD笔记\MyLoverK8s\images\image-20230217033717474.png)]

8.6 对 jenkins 的安全做一些设置

依次点击 系统管理-全局安全配置-授权策略,勾选"匿名用户具有可读权限

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-aIIFvBsv-1676864296336)(E:\MD笔记\MyLoverK8s\images\image-20230217031659730.png)]

8.7 完成拉取功能

9.Jenkins安装Maven以及Jdk

9.1 首先拉取两个安装包到服务器上

[root@localhost jenkins]# rz

[root@localhost jenkins]# ls
apache-maven-3.9.0-bin.tar.gz  docker-compose.yml  jdk-8u11-linux-x64.tar.gz  jenkins_mount  jenkins.war

9.2 解压Maven与Jdk并改名

[root@localhost jenkins]# ls
apache-maven-3.9.0  apache-maven-3.9.0-bin.tar.gz  docker-compose.yml  jdk1.8.0_11  jdk-8u11-linux-x64.tar.gz  jenkins_mount  jenkins.war
[root@localhost jenkins]# mv apache-maven-3.9.0 maven
[root@localhost jenkins]# ls
apache-maven-3.9.0-bin.tar.gz  docker-compose.yml  jdk1.8.0_11  jdk-8u11-linux-x64.tar.gz  jenkins_mount  jenkins.war  maven
[root@localhost jenkins]# mv jdk1.8.0_11/ jdk
[root@localhost jenkins]# ls
apache-maven-3.9.0-bin.tar.gz  docker-compose.yml  jdk  jdk-8u11-linux-x64.tar.gz  jenkins_mount  jenkins.war  maven
[root@localhost jenkins]# 

9.3 maven并进入解压文件修改setting.xml

位置:home/jenkins/maven/conf/setting.xml

  • 添加阿里云镜像地址
 </mirrors>
 	<mirror>
        <id>alimaven</id>
        <name>aliyun maven</name>
        <url>https://maven.aliyun.com/repository/public/</url>
        <mirrorOf>central</mirrorOf>
    </mirror>
 </mirrors>
  • 添加jdk8编译
</profiles>
  <profile>
    <id>jdk8</id>
    <activation>
        <activeByDefault>true</activeByDefault>
        <jdk>1.8</jdk>
    </activation>
    <properties>
        <maven.compiler.source>1.8</maven.compiler.source>
        <maven.compiler.target>1.8</maven.compiler.target>
        <maven.compiler.compilerVersion>1.8</maven.compiler.compilerVersion>
    </properties>
 </profile>
</profiles>

  • 激活profile
<activeProfiles>
    <activeProfile>jdk8</activeProfile>
 </activeProfiles>

9.4 将jdk还有maven拉取到jenkins的挂载目录

[root@localhost jenkins]# ls
apache-maven-3.9.0-bin.tar.gz  docker-compose.yml  jdk  jdk-8u11-linux-x64.tar.gz  jenkins_mount  jenkins.war  maven
[root@localhost jenkins]# mv jdk /home/jenkins/jenkins_mount/
[root@localhost jenkins]# mv maven/ /home/jenkins/jenkins_mount/
[root@localhost jenkins]# ls
apache-maven-3.9.0-bin.tar.gz  docker-compose.yml  jdk-8u11-linux-x64.tar.gz  jenkins_mount  jenkins.war
[root@localhost jenkins]# 

9.5 进入jenkins容器

docker exec -it b5a49147b7f5 bash

找到jdk与maven的目录

/var/jenkins_home/jdk

/var/jenkins_home/maven

root@b5a49147b7f5:/var/jenkins_home# cd jdk/
root@b5a49147b7f5:/var/jenkins_home/jdk# ls
COPYRIGHT  LICENSE  README.html  THIRDPARTYLICENSEREADME-JAVAFX.txt  THIRDPARTYLICENSEREADME.txt  bin  db  include  javafx-src.zip  jre  lib  man  release  src.zip
root@b5a49147b7f5:/var/jenkins_home/jdk# pwd
/var/jenkins_home/jdk


root@b5a49147b7f5:/var/jenkins_home# cd maven/
root@b5a49147b7f5:/var/jenkins_home/maven# ls
LICENSE  NOTICE  README.txt  bin  boot	conf  lib
root@b5a49147b7f5:/var/jenkins_home/maven# pwd
/var/jenkins_home/maven
root@b5a49147b7f5:/var/jenkins_home/maven# 

9.6 在jenkins的全局配置中配置jdk与maven

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-CdQIXTVH-1676864296336)(E:\MD笔记\MyLoverK8s\images\image-20230217112448104.png)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-1bCQ3Gks-1676864296336)(E:\MD笔记\MyLoverK8s\images\image-20230217035409892.png)]

* 9.7 jenkins服务器创建一个jar包存放目录(好像没什么用…)

[root@localhost jenkins]# mkdir MavenJar
[root@localhost jenkins]# chmod 777 -R MavenJar/
[root@localhost jenkins]# ll
总用量 256152
-rw-r--r--.  1 root root   9024147 214 16:44 apache-maven-3.9.0-bin.tar.gz
-rw-r--r--.  1 root root       433 216 23:57 docker-compose.yml
-rw-r--r--.  1 root root 159019376 927 2021 jdk-8u11-linux-x64.tar.gz
drwxrwxrwx. 20 root root      4096 217 03:56 jenkins_mount
-rw-r--r--.  1 root root  94238599 212 15:32 jenkins.war
drwxrwxrwx.  2 root root         6 217 03:56 MavenJar
[root@localhost jenkins]# 

* 9.8 进入系统配置修改Publish over SSH

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-WXaCxcxy-1676864296337)(E:\MD笔记\MyLoverK8s\images\image-20230217035919710.png)]

9.9 测试maven打包

在Job的构建里面Build Steps->调用顶层Maven目标

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-3m7siA6K-1676864296337)(E:\MD笔记\MyLoverK8s\images\image-20230217040233773.png)]

clean package -DiskpTest

应用保存之后重新构建,就会执行打包操作,第一次打包下载会有点慢,不要急哦。

10.创建流水线 连接K8s 实现CI/CD

10.0 jenkins配置k8s SSH Servers

在系统配置里面

记得在k8s master上创建 /usr/local/k8s目录 并且 chmod 777 k8s

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-afPduR56-1676864296337)(E:\MD笔记\MyLoverK8s\images\image-20230217131428368.png)]

10.1 创建项目,选择流水线,下面构建pipline脚本

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-WWRfkTNI-1676864296337)(E:\MD笔记\MyLoverK8s\images\image-20230217132050419.png)]

10.2 写一个流水线脚本大致流程 (参考)

// 所有脚本命令都放在pipline中
pipeline{
	// 指定任务在哪个集群节点中执行
	agent any
	// 声明全局变量,方便使用
	environment {
		key = 'value'
	}
    stages {
        stage('拉取git仓库代码') {
            steps {
                echo '拉取git仓库代码 - SUCCESS'
            }
        }
        stage('通过maven构建项目') {
            steps {
                echo '通过maven构建项目 - SUCCESS'
            }
        }
        stage('通过Docker制作自定义镜像') {
            steps {
                echo '通过Docker制作自定义镜像 - SUCCESS'
            }
        }
        stage('将自定义镜像推送到harbor') {
            steps {
                echo '将自定义镜像推送到harbor - SUCCESS'
            }
        }
        stage('将yml文件传到k8s-master上') {
            steps {
                echo '将yml文件传到k8s-master上 - SUCCESS'
            }
        }
        stage('远程执行k8s-master的kubectl命令') {
            steps {
                echo '远程执行k8s-master的kubectl命令 - SUCCESS'
            }
        }
    }
}

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-PyqyxiI9-1676864296337)(E:\MD笔记\MyLoverK8s\images\image-20230217133034490.png)]

10.3 流水线语法 – 拉取git仓库代码

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-K2T8jeqr-1676864296337)(E:\MD笔记\MyLoverK8s\images\image-20230217133302353.png)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-w2twjrsF-1676864296338)(E:\MD笔记\MyLoverK8s\images\image-20230217133326300.png)]

checkout([$class: 'GitSCM', branches: [[name: '*/master']], extensions: [], userRemoteConfigs: [[url: 'http://192.168.85.145/root/lover.git']]])

10.4 流水线语法 --通过maven构建项目

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-Vsoiceiu-1676864296338)(E:\MD笔记\MyLoverK8s\images\image-20230217133703468.png)]

sh '/var/jenkins_home/maven/bin/mvn clean package -DskipTests'

10.5 流水线语法 --通过Docker制作自定义镜像

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-vl6FR6xq-1676864296338)(E:\MD笔记\MyLoverK8s\images\image-20230217134008310.png)]

sh '''mv ./target/*.jar ./docker/lover_story.jar
docker build -t ${JOB_NAME}:${tag} ./docker/'''

10.5 流水线语法 – 将自定义镜像推送到harbor

这个需要修改私服在jenkins服务器的/etc/docker/daemon.json

{
      "registry-mirrors" : ["https://q5bf287q.mirror.aliyuncs.com", "https://registry.docker-cn.com","http://hub-mirror.c.163.com"],
      "exec-opts": ["native.cgroupdriver=systemd"],
      "insecure-registries": ["192.168.85.146"]
}
# 重新加载
systemctl daemon-reload
systemctl restart docker
docker swarm init

先docker登录harbor

然后给镜像打标签

之后进行推送到指定的仓库中

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-dupvVOX8-1676864296339)(E:\MD笔记\MyLoverK8s\images\image-20230217140955522.png)]

sh '''docker login -u ${harborUser} -p ${harborPassword} ${harborAddress}
docker tag ${JOB_NAME}:${tag} ${harborAddress}/${harborRepo}/${JOB_NAME}:${tag}
docker push ${harborAddress}/${harborRepo}/${JOB_NAME}:${tag}'''

10.6 流水线语法 – 将yml文件发送到master节点

  • 让jenkins无密码连接到k8s

进入jenkins容器复制其公钥

root@b5a49147b7f5:~/.ssh# cat id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDbL8Dnd0YRJlvPjSYpvq0qOwEF2/8HMfuCQSHPeGkpcXp1K58/UaN/5uF6LuSk9QULVWrRvchYqSQXX4Cov0owRarfywOiIvvaCda8Yh5yXH2AJ4opH6u6cwbGxogkbXZxNXe4SoCZWrgY3ziotL53ukQFwnJW+ryuXVurN7EF4qKlxGeswL3Xp8UNggA/3zJE9R8ThMAwdQiHgUvgrTJYOvYi9tKzwnSSz+xjkgVzRlfBamwd3uuRELy9379n1CtKZTDpP4KLpEvXU7b6ulI4ehdlwFsvp76w6kpBMMN49hsvNsgvqN9crhp2/pZ6Uw/k2CzZYbygILX932EyWbpqWmibaC12AQiKt4Q2RfoxY7vKr3bWgMLm1iryt1RemTy+SOEIdsaSomvM9OoLetoFXlJgxTClTNG+whpqzhkmMHisvM05n8MJ1K9hqNJcYSSFMUp24OoQZ35Ok5USwloPPsDXncdlzXW++5iveiNWzJxNZABaWcYiKlruuPjjs1E= root@b5a49147b7f5
root@b5a49147b7f5:~/.ssh# 

  • master节点配置jenkins公钥

将id_rsa.pub 内容添加进去即可

[root@k8s-master ~]# cd ~
[root@k8s-master ~]# ls
anaconda-ks.cfg
[root@k8s-master ~]# mkdir .ssh
[root@k8s-master ~]# cd .ssh/
[root@k8s-master .ssh]# ls
[root@k8s-master .ssh]# vim authorized_keys 
[root@k8s-master .ssh]# 

apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: lover_story
  name: lover
  labels: 
    app: lover
spec:
  replicas: 3
  selector:
    matchLabels:
      app: lover
  template:
    metadata:
      labels:
        app: lover
    spec:
      containers:
      - name: lover
        image: 192.168.85.146/lover/lover:v4.0.0
        imagePullPolicy: Always
        ports:
        - containerPort: 8082
---
apiVersion: v1
kind: Service
metadata:
  namespace: test
  labels: 
    app: lover
  name: lover
spec: 
  selector:
    app: lover
  ports:
  - port: 8088
    targetPort: 8082
  type: NodePort
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: test
  name: lover
spec:
  ingressClassName: ingress
  rules:
  - host:lph.pipline.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: lover
            port:
              number: 8088

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-EgWpIRp0-1676864296339)(E:\MD笔记\MyLoverK8s\images\image-20230217152746629.png)]

sshPublisher(publishers: [sshPublisherDesc(configName: 'k8s', transfers: [sshTransfer(cleanRemote: false, excludes: '', execCommand: '', execTimeout: 120000, flatten: false, makeEmptyDirs: false, noDefaultExcludes: false, patternSeparator: '[, ]+', remoteDirectory: '', remoteDirectorySDF: false, removePrefix: '', sourceFiles: 'lover.yml')], usePromotionTimestamp: false, useWorkspaceInPromotion: false, verbose: false)])

10.7 流水线语法 – 远程执行k8s-master的kubectl命令

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-9XkVyAWq-1676864296339)(E:\MD笔记\MyLoverK8s\images\image-20230217154653954.png)]

sh 'ssh root@192.168.85.141 kubectl apply -f lover.yml'

记得Master也要配置/etc/docker/dameon.json文件的私仓地址

10.8 最终流水线脚本

// 所有脚本命令都放在pipline中
pipeline{
	// 指定任务在哪个集群节点中执行
	agent any
	// 声明全局变量,方便使用
	environment {
	    harborUser = 'admin'
        harborPassword = 'Harbor12345'
        harborAddress = '192.168.85.146'
        harborRepo = 'lover'
	}
    stages {
        stage('拉取git仓库代码') {
            steps {
                checkout([$class: 'GitSCM', branches: [[name: '*/master']], extensions: [], userRemoteConfigs: [[url: 'http://192.168.85.145/root/lover.git']]])
            }
        }
        stage('通过maven构建项目') {
            steps {
                sh '/var/jenkins_home/maven/bin/mvn clean package -DskipTests'
            }
        }
        stage('通过Docker制作自定义镜像') {
            steps {
                sh '''mv ./target/*.jar ./docker/
docker build -t ${JOB_NAME}:${tag} ./docker/'''
            }
        }
        stage('将自定义镜像推送到harbor') {
            steps {
                sh '''docker login -u ${harborUser} -p ${harborPassword} ${harborAddress}
docker tag ${JOB_NAME}:${tag} ${harborAddress}/${harborRepo}/${JOB_NAME}:${tag}
docker push ${harborAddress}/${harborRepo}/${JOB_NAME}:${tag}'''
            }
        }
        stage('将yml文件传到k8s-master上') {
            steps {
                sshPublisher(publishers: [sshPublisherDesc(configName: 'k8s', transfers: [sshTransfer(cleanRemote: false, excludes: '', execCommand: '', execTimeout: 120000, flatten: false, makeEmptyDirs: false, noDefaultExcludes: false, patternSeparator: '[, ]+', remoteDirectory: '', remoteDirectorySDF: false, removePrefix: '', sourceFiles: 'lover.yml')], usePromotionTimestamp: false, useWorkspaceInPromotion: false, verbose: false)])
            }
        }
        stage('远程执行k8s-master的kubectl命令') {
            steps {
                sh 'ssh root@192.168.85.141 kubectl apply -f /usr/local/k8s/lover.yml'
            }
        }
    }
}

10.9 运行流水线即可完成k8s部署

ip link set cni0 down && ip link set flannel.1 down 
ip link delete cni0 && ip link delete flannel.1
systemctl restart containerd && systemctl restart kubelet

错误

1.docker service ls出错

没有正确加载/etc/docker/dameon.json,会无法从harbor拉取镜像

因此在k8s集群上每个节点执行以下操作,前提是配置好了harbor的地址

docker swarm init

2.无法从harbor拉取镜像

看看是否镜像仓库是公开的!!私有的镜像仓库是需要配置密钥的!

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/358743.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

【自监督论文阅读笔记】MVP: Multimodality-guided Visual Pre-training

Abstract 最近&#xff0c;掩码图像建模&#xff08;MIM&#xff09;已成为视觉预训练的一个有前途的方向。在vision transformers的上下文中&#xff0c;MIM 通过将 token-level 标记级特征 与 预定义空间 对齐来学习有效的视觉表示&#xff08;例如&#xff0c;BEIT 使用在大…

03- 通过OpenCV进行图像变换 (OpenCV基础) (机器视觉)

知识重点 resize(src, dsize[, dst[, fx[, fy[, interpolation]]]]) 图像的放大与缩小, 变形 flip(src, flipCode) 图像的翻转 rotate(img, rotateCode) 图像的旋转 warpAffine(src, M, dsize, flags, mode, value) 仿射变换是图像旋转, 缩放, 平移的总称.具体的做法是通…

第四次作业

学生表&#xff1a;Student (Sno, Sname, Ssex , Sage, Sdept)学号&#xff0c;姓名&#xff0c;性别&#xff0c;年龄&#xff0c;所在系 Sno为主键课程表&#xff1a;Course (Cno, Cname)课程号&#xff0c;课程名 Cno为主键学生选课表&#xff1a;SC (Sno, Cno, Score)学号&…

九龙证券|豪掷超6000万,10转3派6元,今年第二只高送转股出炉!

新瀚新材高送转发布计划&#xff0c;股价年初以来大涨超50%。航运板块6股自2022年低点股价翻倍。 2月17日晚间&#xff0c;凯瑞德、新瀚新材2家公司发布了2022年年报&#xff1b;一起&#xff0c;新瀚新材高送转计划同步出炉。 报告显现&#xff0c;2022年度新瀚新材营业总收入…

软件测试简单面试

文章目录软件程序数据(库)文档服务 程序&#xff1a;完成预定功能、性能的可执行的指令操作信息的数据结构描述程序的操作和使用的文档 软件测试&#xff1a;使用技术手段来验证软件是否满足需求 软件质量&#xff1a; 满足软件需求&#xff0c;软件需求是度量软件质量的基础不…

尚医通 (十九)用户认证

目录一、对象存储OSS1、开通“对象存储OSS”服务2、创建Bucket3、上传默认头像4、创建RAM用户5、使用SDK二、后端集成OSS1、新建云存储微服务2、实现文件上传接口三、用户认证功能1、用户认证需求分析2、开发用户认证接口3、用户认证前端一、对象存储OSS 用户认证需要上传证件…

django项目实战二(django+bootstrap实现增删改查)进阶查询

目录 一、用例管理模块实现 1、创建表和数据 2、创建用例列表 1&#xff09;注册url&#xff08;用例列表&#xff09; 2)修改views.py新增case_list方法 3&#xff09;layout.html导航条新增一个用例管理 4&#xff09;新增case_list.html页面 3、新增用例页面开发 1&…

2023年TS4 入门笔记【慕课网imooc】【Vue3+React18 + TS4考勤系统】

目录 安装ts 基础 类型声明和变量声明 类型注解和类型判断 类型分类与联合类型与交叉类型​编辑 never类型与any类型与unknown类型 类型断言与非空断言 数组类型和元祖类型 对象类型与索引签名 函数类型与void类型 函数重载与可调用注解 枚举类型与const枚举 进阶…

机械革命黑苹果改造计划第四番-外接显示器、win时间不正确问题解决

问题 1.无法外接显示器 最大的问题就是目前无法外接显示器&#xff0c;因为机械革命大多数型号笔记本电脑的HDMI、DP接口都是直接物理接在独显上的&#xff0c;内屏用核显外接显示器接独显&#xff0c;英伟达独显也是黑苹果无法驱动的&#xff0c;而且发现机械革命tpyec接口还…

k8s的基础概念

目录 一、k8s概念 1、k8s是什么 2、为什么要用k8s 3、k8s的特性 二、kubernetes集群架构与组件 1、Master组件 1.1、Kube-apiserver 1.2、Kube-controller-manager 1.3、Kube-scheduler 2、配置储存中心 3、Node组件 3.1、Kubelet 3.2、Kube-Proxy 3.3、docker 或…

SAP S/4 HANA 现金流量表

S4 HANA中的现金流量表 引言&#xff1a;在传统SAP ECC中我们实现现金流量表的方式通常是定义一系列和现金流变动相关的原因代码&#xff08;Reason Code&#xff09;&#xff0c;然后在过账凭证里指定对应的Code&#xff0c;最后通过ABAP代码抓取这些数据产生现金流量表。此方…

力扣(LeetCode)417. 太平洋大西洋水流问题(2023.02.19)

有一个 m n 的矩形岛屿&#xff0c;与 太平洋 和 大西洋 相邻。 “太平洋” 处于大陆的左边界和上边界&#xff0c;而 “大西洋” 处于大陆的右边界和下边界。 这个岛被分割成一个由若干方形单元格组成的网格。给定一个 m x n 的整数矩阵 heights &#xff0c; heights[r][c]…

【pm2】pm2的安装与基本命令:

文章目录一、安装&#xff1a;二、基本命令&#xff1a;【1】启动命令&#xff1a;pm2 start app.js【2】命令行参数&#xff1a;pm2 start app.js --watch -i max【3】 查看有哪些进程&#xff1a;pm2 list【4】停止命令&#xff1a; pm2 stop app_name | app_id &#xff08;…

el-table 复杂表头行内增删改代码示例

效果如图 <template><div class"app-container"><el-card class"box-card item"><div slot"header" class"clearfix" click"showCondition !showCondition"><span><i class"el-ic…

外籍在读博士|赴新西兰奥克兰大学双院士导师麾下联合培养

N同学来自阿拉伯国家&#xff0c;但本硕博都是在我国某省属高校就读&#xff0c;现为材料学专业一年级博士生。联合培养首选澳洲国家&#xff0c;包括澳大利亚和新西兰&#xff0c;其次是美国&#xff0c;希望在2023年初出国&#xff0c;以完成整个学年的学习计划。在我们的帮助…

Android稳定性系列-01-使用 Address Sanitizer检测原生代码中的内存错误

前言想必大家曾经被各种Native Crash折磨过&#xff0c;本地测试没啥问题&#xff0c;一到线上或者自动化测试就出现各种SIGSEGV、SIGABRT、SIGILL、SIGBUS、SIGFPE异常&#xff0c;而且堆栈还是崩溃到libc.so这种&#xff0c;看起来跟我们的代码没啥关系&#xff0c;关键还不好…

Spark3每个job之间任务间隔过长

公司的跑批引擎从impala改成Spark3已经有一个多月了。 不得不说&#xff0c;跑批稳定了好多。资源控制有相对稳定了很多。Spark3比CDH的hive on spark2.4.0要快不少。AQE和CBO真的挺强的。但是使用中发现了一个很奇怪的事情。这个问题在网上搜过&#xff0c;并没有实际解决。 当…

【机器学习】决策树-ID3算法

1.ID3算法 ID3算法利用信息增益进行特征的选择进行树的构建。信息熵的取值范围为0~1&#xff0c;值越大&#xff0c;越不纯&#xff0c;相反值越小&#xff0c;代表集合纯度越高。信息增益反映的是给定条件后不确定性减少的程度。每一次对决策树进行分叉选取属性的时候&#x…

CANopen概念总结、心得体会

NMT网络管理报文&#xff1a; NMT 主机和 NMT 从机之间通讯的报文就称为 NMT 网络管理报文。常见报文说明&#xff1a; 0101---------------网络报文发送Nmt_Start_Node&#xff0c;让电机进入OP模式(此时还不会发送同步信号) setState(d, Operational)------------------开启…

拳打DALL-E 2脚踢Imagen,谷歌最新Muse模型刷新文本图像合成排行榜

原文链接&#xff1a;https://www.techbeat.net/article-info?id4501 作者&#xff1a;seven_ 论文链接&#xff1a; https://arxiv.org/abs/2301.00704 项目主页&#xff1a; https://muse-model.github.io/ 近期火爆AI社区的文本图像合成模型家族又添新成员了&#xff0c;之…