Kubernetes集成Harbor
Harbor 私服配置
在Kubernetes的master和所有worker节点上加上harbor配置,修改daemon.json,支持Docker仓库,并重启Docker。
sudo vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://jrabvn1q.mirror.aliyuncs.com"],
"insecure-registries":["192.168.232.7:80"]
}
sudo systemctl daemon-reload
sudo systemctl restart docker
Harbor 账户配置
测试示例
编写pipeline-test.yml文件,将我们前面通过jenkins打包的镜像部署到kubernetes中。
apiVersion: apps/v1
kind: Deployment
metadata: # metadata字段包含对Deployment的描述信息
name: pipeline-test-deployment
namespace: test
labels:
app: pipeline-test-pod # 标签字段用于识别Pod
spec:
replicas: 2 # 定义副本数量
selector:
matchLabels:
app: pipeline-test-pod
template:
metadata:
labels:
app: pipeline-test-pod
spec:
containers:
# 定义nginx容器
- name: pipeline-test
image: 192.168.232.7:80/repository/pipeline-test:v1.0.0
imagePullPolicy: Always # 定义拉取镜像的方式(每次都拉取)
ports:
- containerPort: 80
protocol: TCP
resources:
requests:
cpu: 200m # 请求时申请CPU资源为0.2核
memory: 256Mi # 请求时申请内存资源为256M
limits:
cpu: 500m # 限定CPU资源上限为0.5核
memory: 512Mi # 限定内存资源上限为512M
---
apiVersion: v1
kind: Service
metadata:
name: pipeline-test-service
namespace: test
spec:
selector:
app: pipeline-test-pod
ports:
- name: pipeline-test
port: 8888
targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: pipeline-test-ingress
namespace: test
spec:
ingressClassName: pipeline-test-ingress
rules:
- host: pipeline-test.xiaoyuh.com
http:
paths:
- pathType: Prefix # 前缀匹配模式
path: "/"
backend:
service:
name: pipeline-test-service
port:
number: 8888
执行命令运行服务:
[root@k8s-master ~]# kubectl apply -f pipeline-test.yml
deployment.apps/pipeline-test-deployment created
service/pipeline-test-service created
ingress.networking.k8s.io/pipeline-test-ingress created
修改本地host
admin@wangyuhao ~ % sudo vim /etc/hosts
192.168.232.8 nginx.xiaoyuh.com
192.168.232.8 tomcate.xiaoyuh.com
192.168.232.8 pipeline-test.xiaoyuh.com
本地验证
Jenkins集成Kubernetes
将刚刚编写的yml文件放到git中
将yml文件传输到K8s的Master
配置Jenkins的目标服务器
将yml文件传输到K8s的Master上
- 生成流水线语法
- 将语句替换到
Jenkinsfile中
stage('推送yml文件到k8s') {
steps {
sshPublisher(publishers: [sshPublisherDesc(configName: 'k8s-master', transfers: [sshTransfer(cleanRemote: false, excludes: '', execCommand: 'echo 1', execTimeout: 120000, flatten: false, makeEmptyDirs: false, noDefaultExcludes: false, patternSeparator: '[, ]+', remoteDirectory: '', remoteDirectorySDF: false, removePrefix: '', sourceFiles: './k8s/$JOB_BASE_NAME.yml')], usePromotionTimestamp: false, useWorkspaceInPromotion: false, verbose: false)])
}
}
SSH Key 配置
进入jenkins容器生成新的ssh key
[root@localhost mytest]# docker exec -it jenkins bash
jenkins@790140a70e6f:/$ cd /var/jenkins_home/
jenkins@790140a70e6f:~$ ssh-keygen -t rsa -C "wangyuhao01@163.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/var/jenkins_home/.ssh/id_rsa):
Created directory '/var/jenkins_home/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/jenkins_home/.ssh/id_rsa
Your public key has been saved in /var/jenkins_home/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:LJt2FmYqJFN6fUrn64TtXPgOTigPKLVwLwFJjNK+5Wo wangyuhao01@longfor.com
The key's randomart image is:
+---[RSA 3072]----+
|oo |
|+o. |
|+. . |
| ..o.. . |
|. B+o + S |
| +.X.. / o |
|. +.= O X . |
| .E. * O = |
| . ..*.o |
+----[SHA256]-----+
[root@localhost data]# cd .ssh/
[root@localhost .ssh]# ls
id_rsa id_rsa.pub
将公钥配id_rsa.pub置到k8s-master服务器上,私钥id_rsa配置到jenkins全局凭据。
公钥配id_rsa.pub置到k8s-master服务器上
- 客户端执行
ssh-copy-id root@服务端IP将本机的id_rsa.pub公钥内容追加到服务端的/root/.ssh/authorized_keys文件中。
jenkins@d043db9e06fe:~/.ssh$ ssh-copy-id root@192.168.232.9
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/jenkins_home/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.232.9's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.232.9'"
and check to make sure that only the key(s) you wanted were added.
2、客户端执行 ssh root@服务端IP,就直接登录到服务端了
jenkins@d043db9e06fe:~/.ssh$ ssh root@192.168.232.9 ls
anaconda-ks.cfg
calico-3.13.1.yaml
kubeadm-config.yaml
my-namespace.yaml
nginx-tomcate-deployment.yml
nginx-tomcate-ingress.yml
nginx-tomcate-pod.yml
nginx-tomcate-service.yml
pipeline-test.yml
私钥id_rsa配置到jenkins全局凭据
通过SSH的方式执行kubectl
stage('远程通过k8s-master部署服务') {
steps {
sh 'ssh root@192.168.232.9 kubectl apply -f k8s/$JOB_BASE_NAME.yml'
}
}
完整的Jenkinsfile文件
pipeline {
agent any
// 存放所有任务的合集
stages {
stage('拉取Git代码') {
steps {
checkout([$class: 'GitSCM', branches: [[name: '${branch}']], extensions: [], userRemoteConfigs: [[credentialsId: 'gitee_ssh_key', url: 'git@gitee.com:xiaolyuh/test.git']]])
}
}
stage('Maven构建打包') {
steps {
sh ' /var/jenkins_home/maven/apache-maven-3.8.8/bin/mvn clean package -DskipTests'
}
}
stage('制作Docker镜像') {
steps {
sh '''mv **/target/*.jar docker/app.jar
echo "build Image start"
docker build -t $JOB_BASE_NAME:$tag docker/
echo "build Image success"'''
}
}
stage('Docker镜像推送Harbor') {
steps {
sh '''password=ucTv2l1XeBdgO9tkseoyWVLh47sRN9Py
echo "$password" | docker login $harbor_url --username \'robot$devops\' --password-stdin
docker tag $JOB_BASE_NAME:$tag $harbor_url/$harbor_object/$JOB_BASE_NAME:$tag
echo "push Image start"
docker push $harbor_url/$harbor_object/$JOB_BASE_NAME:$tag
echo "push Image success"'''
}
}
stage('推送yml文件到k8s') {
steps {
sshPublisher(publishers: [sshPublisherDesc(configName: 'k8s-master', transfers: [sshTransfer(cleanRemote: false, excludes: '', execCommand: 'echo 1', execTimeout: 120000, flatten: false, makeEmptyDirs: false, noDefaultExcludes: false, patternSeparator: '[, ]+', remoteDirectory: '', remoteDirectorySDF: false, removePrefix: '', sourceFiles: '**/k8s/$JOB_BASE_NAME.yml')], usePromotionTimestamp: false, useWorkspaceInPromotion: false, verbose: false)])
}
}
stage('远程通过k8s-master部署服务') {
steps {
sh 'ssh root@192.168.232.9 kubectl apply -f k8s/$JOB_BASE_NAME.yml'
}
}
}
}
