本文最后更新于14 天前,其中的信息可能已经过时,如有错误请发送邮件到lanzhw5@gmail.com
Kubernetes、GitLab、Jenkins 流水线部署
相关软件和版本号
Centos Stream 9
Kubernetes v1.23.1
安装与配置
[root@k8s01 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.74 ceph1
192.168.1.75 ceph2
192.168.1.91 k8s01 master
192.168.1.92 k8s02 node01 gitlab.test.com
192.168.1.93 k8s03 node02
配置yum源
[root@k8s01 yum.repos.d]# cat kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.huaweicloud.com/kubernetes/yum/repos/kubernetes-el7-$basearch
enabled=1
gpgcheck=0
[root@k8s01 yum.repos.d]# cat openEuler.repo
#generic-repos is licensed under the Mulan PSL v2.
#You can use this software according to the terms and conditions of the Mulan PSL v2.
#You may obtain a copy of Mulan PSL v2 at:
# http://license.coscl.org.cn/MulanPSL2
#THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
#IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
#PURPOSE.
#See the Mulan PSL v2 for more details.
[OS]
name=OS
baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/OS/$basearch/
metalink=https://mirrors.openeuler.org/metalink?repo=$releasever/OS&arch=$basearch
metadata_expire=1h
enabled=1
gpgcheck=1
gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/OS/$basearch/RPM-GPG-KEY-openEuler
[everything]
name=everything
baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/everything/$basearch/
metalink=https://mirrors.openeuler.org/metalink?repo=$releasever/everything&arch=$basearch
metadata_expire=1h
enabled=1
gpgcheck=1
gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/everything/$basearch/RPM-GPG-KEY-openEuler
[EPOL]
name=EPOL
baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/EPOL/main/$basearch/
metalink=https://mirrors.openeuler.org/metalink?repo=$releasever/EPOL/main&arch=$basearch
metadata_expire=1h
enabled=1
gpgcheck=1
gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/OS/$basearch/RPM-GPG-KEY-openEuler
[debuginfo]
name=debuginfo
baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/debuginfo/$basearch/
metalink=https://mirrors.openeuler.org/metalink?repo=$releasever/debuginfo&arch=$basearch
metadata_expire=1h
enabled=1
gpgcheck=1
gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/debuginfo/$basearch/RPM-GPG-KEY-openEuler
[source]
name=source
baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/source/
metalink=https://mirrors.openeuler.org/metalink?repo=$releasever&arch=source
metadata_expire=1h
enabled=1
gpgcheck=1
gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/source/RPM-GPG-KEY-openEuler
[update]
name=update
baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/update/$basearch/
metalink=https://mirrors.openeuler.org/metalink?repo=$releasever/update&arch=$basearch
metadata_expire=1h
enabled=1
gpgcheck=1
gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/OS/$basearch/RPM-GPG-KEY-openEuler
[update-source]
name=update-source
baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/update/source/
metalink=https://mirrors.openeuler.org/metalink?repo=$releasever/update&arch=source
metadata_expire=1h
enabled=1
gpgcheck=1
gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/source/RPM-GPG-KEY-openEuler
安装docker和k8s
#安装docker
yum install docker -y
---
[root@k8s01 ~]# cat /etc/docker/daemon.json
{
"exec-opts": [
"native.cgroupdriver=systemd"
],
"registry-mirrors": [
"https://docker.m.daocloud.io",
"https://docker.1panel.live",
"https://hub.rat.dev"
],
"insecure-registries": ["192.168.1.93"]
}
---
#安装k8s
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
#准备kubeadm初始化文件
[root@k8s01 ~]# cd deploy/
[root@k8s01 deploy]# cat kubeadm.yaml
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: v1.23.1
imageRepository: swr.cn-east-3.myhuaweicloud.com/hcie_openeuler
controlPlaneEndpoint: "192.168.1.91:6443"
dns:
type: CoreDNS
apiServer:
certSANs:
- 192.168.1.91
networking:
podSubnet: "10.0.0.0/8"
serviceSubnet: "172.16.0.0/16"
#初始化k8s
kubeadm config images pull --config kubeadm.yaml
kubeadm init --upload-certs --config kubeadm.yaml
#
curl -O https://docs.projectcalico.org/archive/v3.23/manifests/calico.yaml
注:后续根据提示完成节点添加
kubectl taint node k8s01 node-role.kubernetes.io/master:NoSchedule-
kubectl taint node k8s-192-168-11-118 node-role.kubernetes.io/control-plane:NoSchedule
安装github
#安装gitlab
cat > gitlab-setup.sh << EOF
#!/bin/bash
# 注意:设置 gitlab_shell_ssh_port 是为了后续可以使用 SSH 方式访问你的项目
docker run --detach \\
--hostname gitlab.test.com \\
--env GITLAB_OMNIBUS_CONFIG="external_url 'http://gitlab.test.com/'; gitlab_rails['gitlab_shell_ssh_port'] = 6022;" \\
--publish 443:443 --publish 80:80 --publish 6022:22 \\
--name gitlab \\
--restart always \\
--volume /srv/gitlab/config:/etc/gitlab \\
--volume /srv/gitlab/logs:/var/log/gitlab \\
--volume /srv/gitlab/data:/var/opt/gitlab \\
registry.gitlab.cn/omnibus/gitlab-jh:latest
EOF
---
#获取gitlab初始密码
docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password
注:root/Huawei@123
安装harbor
#安装docker-compose
curl -SL https://github.com/docker/compose/releases/download/v2.38.1/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
#下载harbor
git clone https://gitee.com/yftyxa/harbor.git
tar xf harbor-online-installer-v2.9.1.tgz
#配置harbor
cp harbor.yml.tmpl harbor.yml
#修改主机名、端口和注释https后执行sh install.sh
---
hostname: harbor
http:
port: 80
#https:
# https port for harbor, default is 443
# port: 443
# The path of cert and key files for nginx
# certificate: /your/certificate/path
#private_key: /your/private/key/path
注:harbor默认密码Harbor12345
安装Jenkins
[root@k8s01 jenkins]# cat jenkins-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: jenkins-admin
rules:
- apiGroups: [""]
resources: ["*"]
verbs: ["*"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins-admin
namespace: devops
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: jenkins-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: jenkins-admin
subjects:
- kind: ServiceAccount
name: jenkins-admin
namespace: devops
[root@k8s01 jenkins]# cat jenkins-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: devops
spec:
replicas: 1
selector:
matchLabels:
app: jenkins-server
template:
metadata:
labels:
app: jenkins-server
spec:
securityContext:
fsGroup: 1000
runAsUser: 1000
serviceAccountName: jenkins-admin
dnsPolicy: "ClusterFirst"
containers:
- name: jenkins
#image: swr.cn-east-3.myhuaweicloud.com/hcie_openeuler/jenkins:lts
#image: jenkins/jenkins:jdk21
image: jenkins/jenkins:lts-jdk17
resources:
limits:
memory: "2Gi"
cpu: "1000m"
requests:
memory: "500Mi"
cpu: "500m"
ports:
- name: httpport
containerPort: 8080
- name: jnlpport
containerPort: 50000
livenessProbe:
httpGet:
path: "/login"
port: 8080
initialDelaySeconds: 90
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
readinessProbe:
httpGet:
path: "/login"
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
volumeMounts:
- name: jenkins-data
mountPath: /var/jenkins_home
volumes:
- name: jenkins-data
hostPath:
path: /data/jenkins
[root@k8s01 jenkins]# cat jenkins-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: jenkins-service
namespace: devops
annotations:
prometheus.io/scrape: 'true'
prometheus.io/path: '/'
prometheus.io/port: '8080'
spec:
selector:
app: jenkins-server
type: NodePort
ports
- name: http
port: 8080
targetPort: 8080
nodePort: 32000
- name: agent
port: 50000
targetPort: 50000
protocol: TCP
#jenkins密码admin/admin
#安装插件zh、git、pipeline、kubernetes
#创建凭据
#创建云节点
#https://kubernetes.default.svc.cluster.local
#http://jenkins-service.devops.svc.cluster.local:8080
#jenkins-service.devops.svc.cluster.local:50000
Jenkins流水线部署Go应用程序
准备go程序
#准备go程序
#安装golang环境
wget https://go.dev/dl/go1.24.4.linux-amd64.tar.gz
rm -rf /usr/local/go && tar -C /usr/local -xzf go1.24.4.linux-amd64.tar.gz
export PATH=$PATH:/usr/local/go/bin
#cat code.go
package main
import(
"fmt"
"net/http"
)
func helloWorldHandler(w http.ResponseWriter,r *http.Request){
fmt.Fprintf(w,"Hello World")
}
func main(){
http.HandleFunc("/",helloWorldHandler)
http.ListenAndServe(":8080",nil)
}
#
go mod init code
go mod tidy
推送go程序到仓库
#gitlab创建sre群组和go项目
[root@k8s01 go]# git clone http://gitlab.test.com/sre/goweb.git
[root@k8s01 go]# git config --global user.email "lanzhw5@gmail.com"
[root@k8s01 go]# git config --global user.user "root"
[root@k8s01 go]# git add *
[root@k8s01 go]# git commit -m "first commit"
[root@k8s01 go]# git push
go编译环境容器
#上传基础镜像至harbor
docker pull swr.cn-east-3.myhuaweicloud.com/hcie_openeuler/openeuler:22.03lts
docker tag swr.cn-east-3.myhuaweicloud.com/hcie_openeuler/openeuler:22.03lts 192.168.1.77/library/openeuler:22.03lts
docker login -u admin -p Harbor12345 192.168.1.193
docker images
docker push 192.168.11.118/hcie_openeuler/openeuler:22.03lts
#go-image
FROM 192.168.1.93/hcie_openeuler/openeuler:22.03lts
COPY local.repo /etc/yum.repos.d/openEuler.repo
ENV PATH=$PATH:/usr/local/go/bin
RUN set -ex; \
yum -y install git tar; \
git clone http://192.168.11.117/sre/go-env.git; \
cd go-env && tar -C /usr/local -xzf go1.24.4.linux-amd64.tar.gz
#docker-image
FROM 192.168.1.93/hcie_openeuler/openeuler:22.03lts
COPY local.repo /etc/yum.repos.d/openEuler.repo
RUN set -ex; \
yum -y install docker; \
mkdir -p /root/.kube;
#kubectl
FROM 192.168.1.93/hcie_openeuler/openeuler:22.03lts
ADD kubectl /usr/bin/kubectl
RUN set -ex; \
chmod +x /usr/bin/kubectl
#app
FROM 192.168.1.93/hcie_openeuler/openeuler:22.03lts
ADD code /app/code
RUN set -ex; \
chmod +x /app/code
EXPOSE 8080
CMD ["sh","-c","/app/code"]
docker tag go:v2.0 192.168.11.118/hcie_openeuler/go:v2.0
docker login -u admin -p Harbor12345 192.168.11.118
docker push 192.168.11.118/hcie_openeuler/go:v2.0
docker tag docker:v2.0 192.168.11.118/hcie_openeuler/go:v2.0
docker push
docker build -t 192.168.11.118/hcie_openeuler/kubectl:v1.23.1 .
#流水线最终版本
pipeline {
agent {
kubernetes {
cloud 'k8s'
showRawYaml true
yaml """
apiVersion: "v1"
kind: "Pod"
metadata:
name: "go"
namespace: "devops"
spec:
serviceAccount: jenkins-admin
securityContext:
runAsUser: 0
volumes:
- name: docker-sock
hostPath:
path: /var/run/docker.sock
containers:
- command:
- "cat"
image: "192.168.1.93/hcie_openeuler/go:v2.0"
name: "go"
tty: true
- command:
- "cat"
image: "192.168.1.93/hcie_openeuler/docker:v2.0"
name: "docker"
tty: true
volumeMounts:
- name: docker-sock
mountPath: "/var/run/docker.sock"
- command:
- "cat"
image: "192.168.1.93/hcie_openeuler/kubectl:v1.23.1"
name: "kubectl"
tty: true
"""
}
}
parameters {
string(
name: "branch_name",
defaultValue: "main",
description: "指定获取项目的分支"
)
}
stages {
stage("获取代码"){
steps{
echo "通过git拉取代码..."
git branch: '$branch_name', credentialsId: 'gitlab', url: 'http://192.168.1.92/sre/code.git'
sh 'ls ./ -lh'
}
}
stage("执行编译"){
steps{
container("go"){
sh "export PATH=$PATH:/usr/local/go/bin;go build -o code -buildvcs=false ./"
sh "ls -lh ./"
}
}
}
stage("构建镜像") {
steps {
git branch: '$branch_name', credentialsId: 'gitlab', url: 'http://192.168.1.92/sre/app-deploy.git'
container("docker") {
sh "docker login -u admin -p Harbor12345 192.168.1.93"
sh "ls -lh ./"
sh "docker build -t 192.168.1.93/hcie_openeuler/app:v2.0 -f ./Dockerfile ."
sh "docker push 192.168.1.93/hcie_openeuler/app:v2.0"
}
}
}
stage("部署应用") {
steps {
container("kubectl") {
sh "ls -lh ./"
sh "kubectl --kubeconfig config apply -f app.dep.yaml"
sh "kubectl --kubeconfig config apply -f app.svc.yaml"
}
}
}
}
}