• 实战交付一套dubbo微服务到k8s集群(2)之Jenkins部署


    Jenkins官网:https://www.jenkins.io/zh/

    Jenkins 2.190.3 镜像地址:docker pull jenkins/jenkins:2.190.3

    1.下载Jenkins镜像

    在运维主机(mfyxw50.mfyxw.com)上操作

    [root@mfyxw50 ~]# docker pull jenkins/jenkins:2.190.3
    

    image-20200527100551767

    2.对jenkins打标签并上传至私有仓库

    在运维主机(mfyxw50.mfyxw.com)上操作

    [root@mfyxw50 ~]# docker images | grep jenkins
    [root@mfyxw50 ~]# docker tag 22b8b9a84dbe harbor.od.com/public/jenkins:v2.190.3
    [root@mfyxw50 ~]# docker login harbor.od.com
    [root@mfyxw50 ~]# docker push harbor.od.com/public/jenkins:v2.190.3
    

    image-20200527101114631

    image-20200527101128284

    3.自定义Dockerfile文件

    在运维主机(mfyxw50.mfyxw.com)上操作

    [root@mfyxw50 ~]# mkdir -p /data/dockerfile/jenkins
    [root@mfyxw50 ~]# cat > /data/dockerfile/jenkins/Dockerfile << EOF
    FROM harbor.od.com/public/jenkins:v2.190.3
    USER root
    RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && 
        echo 'Asia/Shanghai' > /etc/timezone
    ADD id_rsa /root/.ssh/id_rsa
    ADD config.json /root/.docker/config.json
    ADD get-docker.sh /get-docker.sh
    RUN echo "    StrictHostKeyChecking no" >> /etc/ssh/ssh_config &&
        /get-docker.sh
    EOF
    

    这个Dockerfile里我们主要做了以下几件事

    • 设置容器用户为root
    • 设置容器内的时区
    • 将ssh私钥加入(使用git拉代码时要用到,配对的公钥应配置在gitlab中)
    • 加入了登录自建harbor仓库的config文件
    • 修改了ssh客户端的
    • 安装一个docker的客户端

    image-20200527155248450

    4.生成ssh密钥对

    在运维主机(mfyxw50.mfyxw.com)上操作

    [root@mfyxw50 ~]# ssh-keygen -t rsa -b 2048 -C "mfyxw@qq.com" -N "" -f /root/.ssh/id_rsa
    

    image-20200527103417072

    4.将dockerfile文件需要的文件复制到jenkins目录

    在运维主机(mfyxw50.mfyxw.com)上操作

    [root@mfyxw50 ~]# cd /data/dockerfile/jenkins/
    [root@mfyxw50 jenkins]# cp /root/.ssh/id_rsa .
    [root@mfyxw50 jenkins]# cp /root/.docker/config.json .
    [root@mfyxw50 jenkins]# curl -fsSL get.docker.com -o get-docker.sh
    [root@mfyxw50 jenkins]# chmod +x get-docker.sh
    

    image-20200527104148944

    image-20200527105127459

    config.json文件内容

    {
    	"auths": {
    		"harbor.od.com": {
    			"auth": "YWRtaW46SGFyYm9yMTIzNDU="
    		}
    	},
    	"HttpHeaders": {
    		"User-Agent": "Docker-Client/19.03.8 (linux)"
    	}
    }
    

    get-docker.sh文件内容

    #!/bin/sh
    set -e
    # Docker CE for Linux installation script
    #
    # See https://docs.docker.com/install/ for the installation steps.
    #
    # This script is meant for quick & easy install via:
    #   $ curl -fsSL https://get.docker.com -o get-docker.sh
    #   $ sh get-docker.sh
    #
    # For test builds (ie. release candidates):
    #   $ curl -fsSL https://test.docker.com -o test-docker.sh
    #   $ sh test-docker.sh
    #
    # NOTE: Make sure to verify the contents of the script
    #       you downloaded matches the contents of install.sh
    #       located at https://github.com/docker/docker-install
    #       before executing.
    #
    # Git commit from https://github.com/docker/docker-install when
    # the script was uploaded (Should only be modified by upload job):
    SCRIPT_COMMIT_SHA="26ff363bcf3b3f5a00498ac43694bf1c7d9ce16c"
    
    
    # The channel to install from:
    #   * nightly
    #   * test
    #   * stable
    #   * edge (deprecated)
    DEFAULT_CHANNEL_VALUE="stable"
    if [ -z "$CHANNEL" ]; then
    	CHANNEL=$DEFAULT_CHANNEL_VALUE
    fi
    
    DEFAULT_DOWNLOAD_URL="https://download.docker.com"
    if [ -z "$DOWNLOAD_URL" ]; then
    	DOWNLOAD_URL=$DEFAULT_DOWNLOAD_URL
    fi
    
    DEFAULT_REPO_FILE="docker-ce.repo"
    if [ -z "$REPO_FILE" ]; then
    	REPO_FILE="$DEFAULT_REPO_FILE"
    fi
    
    mirror=''
    DRY_RUN=${DRY_RUN:-}
    while [ $# -gt 0 ]; do
    	case "$1" in
    		--mirror)
    			mirror="$2"
    			shift
    			;;
    		--dry-run)
    			DRY_RUN=1
    			;;
    		--*)
    			echo "Illegal option $1"
    			;;
    	esac
    	shift $(( $# > 0 ? 1 : 0 ))
    done
    
    case "$mirror" in
    	Aliyun)
    		DOWNLOAD_URL="https://mirrors.aliyun.com/docker-ce"
    		;;
    	AzureChinaCloud)
    		DOWNLOAD_URL="https://mirror.azure.cn/docker-ce"
    		;;
    esac
    
    command_exists() {
    	command -v "$@" > /dev/null 2>&1
    }
    
    is_dry_run() {
    	if [ -z "$DRY_RUN" ]; then
    		return 1
    	else
    		return 0
    	fi
    }
    
    is_wsl() {
    	case "$(uname -r)" in
    	*microsoft* ) true ;; # WSL 2
    	*Microsoft* ) true ;; # WSL 1
    	* ) false;;
    	esac
    }
    
    is_darwin() {
    	case "$(uname -s)" in
    	*darwin* ) true ;;
    	*Darwin* ) true ;;
    	* ) false;;
    	esac
    }
    
    deprecation_notice() {
    	distro=$1
    	date=$2
    	echo
    	echo "DEPRECATION WARNING:"
    	echo "    The distribution, $distro, will no longer be supported in this script as of $date."
    	echo "    If you feel this is a mistake please submit an issue at https://github.com/docker/docker-install/issues/new"
    	echo
    	sleep 10
    }
    
    get_distribution() {
    	lsb_dist=""
    	# Every system that we officially support has /etc/os-release
    	if [ -r /etc/os-release ]; then
    		lsb_dist="$(. /etc/os-release && echo "$ID")"
    	fi
    	# Returning an empty string here should be alright since the
    	# case statements don't act unless you provide an actual value
    	echo "$lsb_dist"
    }
    
    add_debian_backport_repo() {
    	debian_version="$1"
    	backports="deb http://ftp.debian.org/debian $debian_version-backports main"
    	if ! grep -Fxq "$backports" /etc/apt/sources.list; then
    		(set -x; $sh_c "echo "$backports" >> /etc/apt/sources.list")
    	fi
    }
    
    echo_docker_as_nonroot() {
    	if is_dry_run; then
    		return
    	fi
    	if command_exists docker && [ -e /var/run/docker.sock ]; then
    		(
    			set -x
    			$sh_c 'docker version'
    		) || true
    	fi
    	your_user=your-user
    	[ "$user" != 'root' ] && your_user="$user"
    	# intentionally mixed spaces and tabs here -- tabs are stripped by "<<-EOF", spaces are kept in the output
    	echo "If you would like to use Docker as a non-root user, you should now consider"
    	echo "adding your user to the "docker" group with something like:"
    	echo
    	echo "  sudo usermod -aG docker $your_user"
    	echo
    	echo "Remember that you will have to log out and back in for this to take effect!"
    	echo
    	echo "WARNING: Adding a user to the "docker" group will grant the ability to run"
    	echo "         containers which can be used to obtain root privileges on the"
    	echo "         docker host."
    	echo "         Refer to https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface"
    	echo "         for more information."
    
    }
    
    # Check if this is a forked Linux distro
    check_forked() {
    
    	# Check for lsb_release command existence, it usually exists in forked distros
    	if command_exists lsb_release; then
    		# Check if the `-u` option is supported
    		set +e
    		lsb_release -a -u > /dev/null 2>&1
    		lsb_release_exit_code=$?
    		set -e
    
    		# Check if the command has exited successfully, it means we're in a forked distro
    		if [ "$lsb_release_exit_code" = "0" ]; then
    			# Print info about current distro
    			cat <<-EOF
    			You're using '$lsb_dist' version '$dist_version'.
    			EOF
    
    			# Get the upstream release info
    			lsb_dist=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[:space:]')
    			dist_version=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'codename' | cut -d ':' -f 2 | tr -d '[:space:]')
    
    			# Print info about upstream distro
    			cat <<-EOF
    			Upstream release is '$lsb_dist' version '$dist_version'.
    			EOF
    		else
    			if [ -r /etc/debian_version ] && [ "$lsb_dist" != "ubuntu" ] && [ "$lsb_dist" != "raspbian" ]; then
    				if [ "$lsb_dist" = "osmc" ]; then
    					# OSMC runs Raspbian
    					lsb_dist=raspbian
    				else
    					# We're Debian and don't even know it!
    					lsb_dist=debian
    				fi
    				dist_version="$(sed 's//.*//' /etc/debian_version | sed 's/..*//')"
    				case "$dist_version" in
    					10)
    						dist_version="buster"
    					;;
    					9)
    						dist_version="stretch"
    					;;
    					8|'Kali Linux 2')
    						dist_version="jessie"
    					;;
    				esac
    			fi
    		fi
    	fi
    }
    
    semverParse() {
    	major="${1%%.*}"
    	minor="${1#$major.}"
    	minor="${minor%%.*}"
    	patch="${1#$major.$minor.}"
    	patch="${patch%%[-.]*}"
    }
    
    do_install() {
    	echo "# Executing docker install script, commit: $SCRIPT_COMMIT_SHA"
    
    	if command_exists docker; then
    		docker_version="$(docker -v | cut -d ' ' -f3 | cut -d ',' -f1)"
    		MAJOR_W=1
    		MINOR_W=10
    
    		semverParse "$docker_version"
    
    		shouldWarn=0
    		if [ "$major" -lt "$MAJOR_W" ]; then
    			shouldWarn=1
    		fi
    
    		if [ "$major" -le "$MAJOR_W" ] && [ "$minor" -lt "$MINOR_W" ]; then
    			shouldWarn=1
    		fi
    
    		cat >&2 <<-'EOF'
    			Warning: the "docker" command appears to already exist on this system.
    
    			If you already have Docker installed, this script can cause trouble, which is
    			why we're displaying this warning and provide the opportunity to cancel the
    			installation.
    
    			If you installed the current Docker package using this script and are using it
    		EOF
    
    		if [ $shouldWarn -eq 1 ]; then
    			cat >&2 <<-'EOF'
    			again to update Docker, we urge you to migrate your image store before upgrading
    			to v1.10+.
    
    			You can find instructions for this here:
    			https://github.com/docker/docker/wiki/Engine-v1.10.0-content-addressability-migration
    			EOF
    		else
    			cat >&2 <<-'EOF'
    			again to update Docker, you can safely ignore this message.
    			EOF
    		fi
    
    		cat >&2 <<-'EOF'
    
    			You may press Ctrl+C now to abort this script.
    		EOF
    		( set -x; sleep 20 )
    	fi
    
    	user="$(id -un 2>/dev/null || true)"
    
    	sh_c='sh -c'
    	if [ "$user" != 'root' ]; then
    		if command_exists sudo; then
    			sh_c='sudo -E sh -c'
    		elif command_exists su; then
    			sh_c='su -c'
    		else
    			cat >&2 <<-'EOF'
    			Error: this installer needs the ability to run commands as root.
    			We are unable to find either "sudo" or "su" available to make this happen.
    			EOF
    			exit 1
    		fi
    	fi
    
    	if is_dry_run; then
    		sh_c="echo"
    	fi
    
    	# perform some very rudimentary platform detection
    	lsb_dist=$( get_distribution )
    	lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')"
    
    	if is_wsl; then
    		echo
    		echo "WSL DETECTED: We recommend using Docker Desktop for Windows."
    		echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop"
    		echo
    		cat >&2 <<-'EOF'
    
    			You may press Ctrl+C now to abort this script.
    		EOF
    		( set -x; sleep 20 )
    	fi
    
    	case "$lsb_dist" in
    
    		ubuntu)
    			if command_exists lsb_release; then
    				dist_version="$(lsb_release --codename | cut -f2)"
    			fi
    			if [ -z "$dist_version" ] && [ -r /etc/lsb-release ]; then
    				dist_version="$(. /etc/lsb-release && echo "$DISTRIB_CODENAME")"
    			fi
    		;;
    
    		debian|raspbian)
    			dist_version="$(sed 's//.*//' /etc/debian_version | sed 's/..*//')"
    			case "$dist_version" in
    				10)
    					dist_version="buster"
    				;;
    				9)
    					dist_version="stretch"
    				;;
    				8)
    					dist_version="jessie"
    				;;
    			esac
    		;;
    
    		centos|rhel)
    			if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
    				dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
    			fi
    		;;
    
    		*)
    			if command_exists lsb_release; then
    				dist_version="$(lsb_release --release | cut -f2)"
    			fi
    			if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
    				dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
    			fi
    		;;
    
    	esac
    
    	# Check if this is a forked Linux distro
    	check_forked
    
    	# Run setup for each distro accordingly
    	case "$lsb_dist" in
    		ubuntu|debian|raspbian)
    			pre_reqs="apt-transport-https ca-certificates curl"
    			if [ "$lsb_dist" = "debian" ]; then
    				# libseccomp2 does not exist for debian jessie main repos for aarch64
    				if [ "$(uname -m)" = "aarch64" ] && [ "$dist_version" = "jessie" ]; then
    					add_debian_backport_repo "$dist_version"
    				fi
    			fi
    
    			if ! command -v gpg > /dev/null; then
    				pre_reqs="$pre_reqs gnupg"
    			fi
    			apt_repo="deb [arch=$(dpkg --print-architecture)] $DOWNLOAD_URL/linux/$lsb_dist $dist_version $CHANNEL"
    			(
    				if ! is_dry_run; then
    					set -x
    				fi
    				$sh_c 'apt-get update -qq >/dev/null'
    				$sh_c "DEBIAN_FRONTEND=noninteractive apt-get install -y -qq $pre_reqs >/dev/null"
    				$sh_c "curl -fsSL "$DOWNLOAD_URL/linux/$lsb_dist/gpg" | apt-key add -qq - >/dev/null"
    				$sh_c "echo "$apt_repo" > /etc/apt/sources.list.d/docker.list"
    				$sh_c 'apt-get update -qq >/dev/null'
    			)
    			pkg_version=""
    			if [ -n "$VERSION" ]; then
    				if is_dry_run; then
    					echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
    				else
    					# Will work for incomplete versions IE (17.12), but may not actually grab the "latest" if in the test channel
    					pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/~ce~.*/g" | sed "s/-/.*/g").*-0~$lsb_dist"
    					search_command="apt-cache madison 'docker-ce' | grep '$pkg_pattern' | head -1 | awk '{$1=$1};1' | cut -d' ' -f 3"
    					pkg_version="$($sh_c "$search_command")"
    					echo "INFO: Searching repository for VERSION '$VERSION'"
    					echo "INFO: $search_command"
    					if [ -z "$pkg_version" ]; then
    						echo
    						echo "ERROR: '$VERSION' not found amongst apt-cache madison results"
    						echo
    						exit 1
    					fi
    					search_command="apt-cache madison 'docker-ce-cli' | grep '$pkg_pattern' | head -1 | awk '{$1=$1};1' | cut -d' ' -f 3"
    					# Don't insert an = for cli_pkg_version, we'll just include it later
    					cli_pkg_version="$($sh_c "$search_command")"
    					pkg_version="=$pkg_version"
    				fi
    			fi
    			(
    				if ! is_dry_run; then
    					set -x
    				fi
    				if [ -n "$cli_pkg_version" ]; then
    					$sh_c "apt-get install -y -qq --no-install-recommends docker-ce-cli=$cli_pkg_version >/dev/null"
    				fi
    				$sh_c "apt-get install -y -qq --no-install-recommends docker-ce$pkg_version >/dev/null"
    			)
    			echo_docker_as_nonroot
    			exit 0
    			;;
    		centos|fedora|rhel)
    			yum_repo="$DOWNLOAD_URL/linux/$lsb_dist/$REPO_FILE"
    			if ! curl -Ifs "$yum_repo" > /dev/null; then
    				echo "Error: Unable to curl repository file $yum_repo, is it valid?"
    				exit 1
    			fi
    			if [ "$lsb_dist" = "fedora" ]; then
    				pkg_manager="dnf"
    				config_manager="dnf config-manager"
    				enable_channel_flag="--set-enabled"
    				disable_channel_flag="--set-disabled"
    				pre_reqs="dnf-plugins-core"
    				pkg_suffix="fc$dist_version"
    			else
    				pkg_manager="yum"
    				config_manager="yum-config-manager"
    				enable_channel_flag="--enable"
    				disable_channel_flag="--disable"
    				pre_reqs="yum-utils"
    				pkg_suffix="el"
    			fi
    			(
    				if ! is_dry_run; then
    					set -x
    				fi
    				$sh_c "$pkg_manager install -y -q $pre_reqs"
    				$sh_c "$config_manager --add-repo $yum_repo"
    
    				if [ "$CHANNEL" != "stable" ]; then
    					$sh_c "$config_manager $disable_channel_flag docker-ce-*"
    					$sh_c "$config_manager $enable_channel_flag docker-ce-$CHANNEL"
    				fi
    				$sh_c "$pkg_manager makecache"
    			)
    			pkg_version=""
    			if [ -n "$VERSION" ]; then
    				if is_dry_run; then
    					echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
    				else
    					pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/\\.ce.*/g" | sed "s/-/.*/g").*$pkg_suffix"
    					search_command="$pkg_manager list --showduplicates 'docker-ce' | grep '$pkg_pattern' | tail -1 | awk '{print $2}'"
    					pkg_version="$($sh_c "$search_command")"
    					echo "INFO: Searching repository for VERSION '$VERSION'"
    					echo "INFO: $search_command"
    					if [ -z "$pkg_version" ]; then
    						echo
    						echo "ERROR: '$VERSION' not found amongst $pkg_manager list results"
    						echo
    						exit 1
    					fi
    					search_command="$pkg_manager list --showduplicates 'docker-ce-cli' | grep '$pkg_pattern' | tail -1 | awk '{print $2}'"
    					# It's okay for cli_pkg_version to be blank, since older versions don't support a cli package
    					cli_pkg_version="$($sh_c "$search_command" | cut -d':' -f 2)"
    					# Cut out the epoch and prefix with a '-'
    					pkg_version="-$(echo "$pkg_version" | cut -d':' -f 2)"
    				fi
    			fi
    			(
    				if ! is_dry_run; then
    					set -x
    				fi
    				# install the correct cli version first
    				if [ -n "$cli_pkg_version" ]; then
    					$sh_c "$pkg_manager install -y -q docker-ce-cli-$cli_pkg_version"
    				fi
    				$sh_c "$pkg_manager install -y -q docker-ce$pkg_version"
    			)
    			echo_docker_as_nonroot
    			exit 0
    			;;
    		*)
    			if [ -z "$lsb_dist" ]; then
    				if is_darwin; then
    					echo
    					echo "ERROR: Unsupported operating system 'macOS'"
    					echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop"
    					echo
    					exit 1
    				fi
    			fi
    			echo
    			echo "ERROR: Unsupported distribution '$lsb_dist'"
    			echo
    			exit 1
    			;;
    	esac
    	exit 1
    }
    
    # wrapped up in a function so that we have some protection against only getting
    # half the file during "curl | sh"
    do_install
    

    5.在harbor私有仓库中创建存放jenkin的私有镜像

    image-20200527104745372

    6.制作自定义镜像

    在运维主机(mfyxw50.mfyxw.com)上操作

    [root@mfyxw50 ~]# cd /data/dockerfile/jenkins/
    [root@mfyxw50 jenkins]# docker build . -t harbor.od.com/infra/jenkins:v2.190.3
    

    image-20200527120222556

    image-20200527120235840

    7.将infra/jenkins的镜像推送到私有仓库

    在运维主机(mfyxw50.mfyxw.com)上操作

    [root@mfyxw50 ~]# docker images | grep jenkins
    [root@mfyxw50 ~]# docker login harbor.od.com
    [root@mfyxw50 ~]# docker push harbor.od.com/infra/jenkins:v2.190.3
    

    image-20200527134342814

    image-20200527134357113

    8.查看仓库中infra是否已经上传了jenkins

    image-20200527134527614

    9.测试是否能正常登录

    在运维主机(mfyxw50.mfyxw.com)上操作

    [root@mfyxw50 jenkins]# docker run --rm harbor.od.com/infra/jenkins:v2.190.3 ssh -i /root/.ssh/id_rsa -T XXX@gitee.com
    

    image-20200528135906642

    10.创建保存jenkins目录

    在运维主机(mfyxw50.mfyxw.com)上操作

    [root@mfyxw50 ~]# mkdir -p /data/k8s-yaml/jenkins
    [root@mfyxw50 ~]# mkdir -p /data/nfs-volume/jenkins_home
    [root@mfyxw50 ~]# cd /data/k8s-yaml/jenkins/
    

    image-20200527160048302

    11.创建jenkins资源配置清单

    在运维主机(mfyxw50.mfyxw.com)上操作

    Deployment.yaml代码如下:

    [root@mfyxw50 ~]# cat > /data/k8s-yaml/jenkins/Deployment.yaml << EOF
    kind: Deployment
    apiVersion: extensions/v1beta1
    metadata:
      name: jenkins
      namespace: infra
      labels: 
        name: jenkins
    spec:
      replicas: 1
      selector:
        matchLabels: 
          name: jenkins
      template:
        metadata:
          labels: 
            app: jenkins 
            name: jenkins
        spec:
          volumes:
          - name: data
            nfs: 
              server: mfyxw50
              path: /data/nfs-volume/jenkins_home
          - name: docker
            hostPath: 
              path: /run/docker.sock
              type: ''
          containers:
          - name: jenkins
            image: harbor.od.com/infra/jenkins:v2.190.3
            ports:
            - containerPort: 8080
              protocol: TCP
            env:
            - name: JAVA_OPTS
              value: -Xmx512m -Xms512m
            resources:
              limits: 
                cpu: 500m
                memory: 1Gi
              requests: 
                cpu: 500m
                memory: 1Gi
            volumeMounts:
            - name: data
              mountPath: /var/jenkins_home
            - name: docker
              mountPath: /run/docker.sock
            terminationMessagePath: /dev/termination-log
            terminationMessagePolicy: File
            imagePullPolicy: IfNotPresent
          imagePullSecrets:
          - name: harbor
          restartPolicy: Always
          terminationGracePeriodSeconds: 30
          securityContext: 
            runAsUser: 0
          schedulerName: default-scheduler
      strategy:
        type: RollingUpdate
        rollingUpdate: 
          maxUnavailable: 1
          maxSurge: 1
      revisionHistoryLimit: 7
      progressDeadlineSeconds: 600
    EOF
    

    Service.yaml代码如下:

    [root@mfyxw50 ~]# cat > /data/k8s-yaml/jenkins/Service.yaml << EOF
    kind: Service
    apiVersion: v1
    metadata: 
      name: jenkins
      namespace: infra
    spec:
      ports:
      - protocol: TCP
        port: 80
        targetPort: 8080
      selector:
        app: jenkins
      type: ClusterIP
      sessionAffinity: None
    EOF
    

    Ingress.yaml代码如下:

    [root@mfyxw50 ~]# cat > /data/k8s-yaml/jenkins/Ingress.yaml << EOF
    kind: Ingress
    apiVersion: extensions/v1beta1
    metadata: 
      name: jenkins
      namespace: infra
    spec:
      rules:
      - host: jenkins.od.com
        http:
          paths:
          - path: /
            backend: 
              serviceName: jenkins
              servicePort: 80
    EOF
    

    12.安装nfs服务

    在运维节点(mfyxw30.mfyxw.com和mfyxw40.mfyxw.com)作为NFS客户端和运维主机(mfyxw50.mfyxw.com)作为NFS服务端同,分别执行

    ~]# yum -y install nfs-utils
    

    在运维主机(mfyxw50.mfyxw.com)上执行如下操作

    [root@mfyxw50 ~]# cat > /etc/exports << EOF
    /data/nfs-volume 192.168.80.0/24(rw,no_root_squash)
    EOF
    

    创建nfs共享目录

    [root@mfyxw50 ~]# mkdir -p /data/nfs-volume
    

    启动NFS服务

    [root@mfyxw50 ~]# systemctl start nfs && systemctl enable nfs
    

    image-20200527163639628

    13.为拉私有仓库私有镜像创建一个secret

    在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)上任意一台执行

    [root@mfyxw30 ~]# kubectl create secret docker-registry harbor --docker-server=harbor.od.com --docker-username=admin --docker-password=Harbor12345 -n infra
    [root@mfyxw30 ~]# kubectl get secret -n infra
    

    image-20200527165657622

    14.应用Jenkins资源配置清单

    在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可

    在应用资源配置清单 要先创建一个infra名称空间

    [root@mfyxw30 ~]# kubectl create ns infra
    [root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/jenkins/Deployment.yaml
    [root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/jenkins/Service.yaml
    [root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/jenkins/Ingress.yaml
    

    image-20200527162409226

    15.查询pod,svc,ingress是否成功

    在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可

    备注,可能jenkins的pod的名称有不一致,但不影响整个教程

    [root@mfyxw30 ~]# kubectl get pod -n infra
    [root@mfyxw30 ~]# kubectl get svc -n infra
    [root@mfyxw30 ~]# kubectl get ingress -n infra
    

    image-20200527165916415

    16.添加解析域名jenkins.od.com

    在DNS服务器(mfyxw10.mfyxw.com)上操作

    [root@mfyxw10 ~]# cat > /var/named/od.com.zone << EOF
    $ORIGIN od.com.
    $TTL 600   ; 10 minutes
    @       IN  SOA dns.od.com.   dnsadmin.od.com. (
                                 ;序号请加1,表示比之前版本要新
                                 2020031308 ; serial
                                 10800          ; refresh (3 hours)
                                 900              ; retry (15 minutes)
                                 604800         ; expire (1 week)
                                 86400          ; minimum (1 day)
                                  )
                          NS   dns.od.com.
    $TTL 60 ;  1 minute
    dns             A          192.168.80.10
    harbor          A          192.168.80.50   ;添加harbor记录
    k8s-yaml        A          192.168.80.50
    traefik         A          192.168.80.100
    dashboard       A          192.168.80.100
    zk1             A          192.168.80.10
    zk2             A          192.168.80.20
    zk3             A          192.168.80.30
    jenkins         A          192.168.80.100
    EOF
    

    image-20200527170412203

    重启DNS服务器并尝试解析域名

    [root@mfyxw10 ~]# systemctl restart named
    [root@mfyxw10 ~]# dig -t A jenkins.od.com @192.168.80.10 +short
    

    image-20200527170356897

    17.在浏览器中访问jenkins

    image-20200527171452506

    18.查看jenkins的登录密码

    在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可

    查看jenkins运行在哪个node节点上

    [root@mfyxw30 ~]# kubectl get pod -o wide -n infra
    

    image-20200527171552086

    查询出来jenkins是运行在mfyxw40.mfyxw.com主机上,进入到/data/kubelet/pods/d4a68480-78ec-463d-b25e-d9caa8714219/volumes/kubernetes.io~nfs/data/secrets目录查看initialAdminPassword文件可以得到登录jenkins的密码

    image-20200527171759015

    19.登录jenkins后操作及设置

    image-20200527172400618

    image-20200527172421263

    image-20200527172553699

    image-20200527172720428

    image-20200527172810948

    image-20200527173048355

    成功安装了Blue Ocean插件

    image-20200527234952689

    20.解决下载插件出错问题

    image-20200527234851964

    如上图所示,就是在下载插件的时候会出现Failure,建议更换为国内源

    国内源地址:https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json

    解决方法:

    image-20200527235114357

    image-20200527235144116

    image-20200527235221486

    更换了源,再次去搜索并安装插件即可

    可以进入到运维主机(mfyxw50.mfyxw.com)的/data/nfs-volume/jenkins_home/plugins目录下,可以看到下载的插件的软件都放在此目录中

    image-20200528112329842

    21.通过查看日志判断jenkins是否完全启动

    在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可

    [root@mfyxw30 ~]# kubectl logs jenkins-b99776c69-jrvwn -n infra
    

    image-20200528105105444

    22.验证jenkins是否可用

    查看jenkins运行在哪台node节点上

    在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可

    [root@mfyxw30 ~]# kubectl get pod -n infra -o wide
    

    image-20200528134321380

    在mfyxw40.mfyxw.com主机上执行

    [root@mfyxw40 ~]# docker ps -a | grep jenkins
    

    image-20200528134450856

    在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可

    在jenkins容器中,验证jenkins容器是否以root身份运行及时区是否为东八区

    [root@mfyxw30 ~]# kubectl exec -it jenkins-b99776c69-p6skp -n infra -- /bin/bash        #进入到jenkins容器
    root@jenkins-b99776c69-p6skp:/# whoami       #查看jenkins是否以root身份运行
    root@jenkins-b99776c69-p6skp:/# date         #查看jenkins的时区是否为东八区
    

    image-20200528134609765

    在jenkins容器中,验证是否连接宿主机的docker的引擎

    [root@mfyxw30 ~]# kubectl exec -it jenkins-b99776c69-p6skp -n infra -- /bin/bash 
    root@jenkins-b99776c69-p6skp:/# docker ps -a
    

    image-20200528134817945

    在mfyxw40.mfyxw.com宿主机上查询所有的容器运行情况,是否与进入到jenkins容器里查询到的一致

    [root@mfyxw40 ~]# docker ps -a
    

    image-20200528135017943

    在jenkins容器中,验证是否可以登录到harbor仓库

    [root@mfyxw30 ~]# kubectl exec -it jenkins-b99776c69-p6skp -n infra -- /bin/bash 
    root@jenkins-b99776c69-p6skp:/# docker login harbor.od.com
    root@jenkins-b99776c69-p6skp:/# cat /root/.docker/config.json 
    

    image-20200528135237572

    在jenkins容器中,验证是否可以登录到gitee仓库

    [root@mfyxw30 ~]# kubectl exec -it jenkins-b99776c69-p6skp -n infra -- /bin/bash 
    root@jenkins-b99776c69-p6skp:/# ssh -i /root/.ssh/id_rsa -T xxx@gitee.com
    

    image-20200528135948903

  • 相关阅读:
    epoll
    Neighbor Discovery Protocol Address Resolution Protocol
    text files and binary files
    cron_action
    Automation Scripts
    Toeplitz matrix
    Stolz–Cesàro theorem
    stochastic matrix
    HTTP headers with the Link header field HTTP协议支持分页(Pagination)操作,在Header中使用 Link 即可
    Markov Process
  • 原文地址:https://www.cnblogs.com/Heroge/p/12980506.html
Copyright © 2020-2023  润新知