Kubernetes集成Harbor
Harbor 私服配置
在Kubernetes的master
和所有worker
节点上加上harbor配置,修改daemon.json
,支持Docker仓库,并重启Docker。
sudo vim /etc/docker/daemon.json {"registry-mirrors": ["https://jrabvn1q.mirror.aliyuncs.com"],"insecure-registries":["192.168.232.7:80"]
}sudo systemctl daemon-reload
sudo systemctl restart docker
Harbor 账户配置
测试示例
编写pipeline-test.yml
文件,将我们前面通过jenkins打包的镜像部署到kubernetes中。
apiVersion: apps/v1
kind: Deployment
metadata: # metadata字段包含对Deployment的描述信息name: pipeline-test-deploymentnamespace: testlabels:app: pipeline-test-pod # 标签字段用于识别Pod
spec:replicas: 2 # 定义副本数量selector:matchLabels:app: pipeline-test-podtemplate:metadata:labels:app: pipeline-test-podspec:containers:# 定义nginx容器- name: pipeline-testimage: 192.168.232.7:80/repository/pipeline-test:v1.0.0imagePullPolicy: Always # 定义拉取镜像的方式(每次都拉取)ports:- containerPort: 80protocol: TCPresources:requests:cpu: 200m # 请求时申请CPU资源为0.2核memory: 256Mi # 请求时申请内存资源为256Mlimits:cpu: 500m # 限定CPU资源上限为0.5核memory: 512Mi # 限定内存资源上限为512M
---
apiVersion: v1
kind: Service
metadata:name: pipeline-test-servicenamespace: test
spec:selector:app: pipeline-test-podports:- name: pipeline-testport: 8888targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: pipeline-test-ingressnamespace: test
spec:ingressClassName: pipeline-test-ingressrules:- host: pipeline-test.xiaoyuh.comhttp:paths:- pathType: Prefix # 前缀匹配模式path: "/"backend:service:name: pipeline-test-serviceport:number: 8888
执行命令运行服务:
[root@k8s-master ~]# kubectl apply -f pipeline-test.yml
deployment.apps/pipeline-test-deployment created
service/pipeline-test-service created
ingress.networking.k8s.io/pipeline-test-ingress created
修改本地host
admin@wangyuhao ~ % sudo vim /etc/hosts
192.168.232.8 nginx.xiaoyuh.com
192.168.232.8 tomcate.xiaoyuh.com
192.168.232.8 pipeline-test.xiaoyuh.com
本地验证
Jenkins集成Kubernetes
将刚刚编写的yml文件放到git中
将yml文件传输到K8s的Master
配置Jenkins的目标服务器
将yml文件传输到K8s的Master上
- 生成流水线语法
- 将语句替换到
Jenkinsfile
中
stage('推送yml文件到k8s') {steps {sshPublisher(publishers: [sshPublisherDesc(configName: 'k8s-master', transfers: [sshTransfer(cleanRemote: false, excludes: '', execCommand: 'echo 1', execTimeout: 120000, flatten: false, makeEmptyDirs: false, noDefaultExcludes: false, patternSeparator: '[, ]+', remoteDirectory: '', remoteDirectorySDF: false, removePrefix: '', sourceFiles: './k8s/$JOB_BASE_NAME.yml')], usePromotionTimestamp: false, useWorkspaceInPromotion: false, verbose: false)])}}
SSH Key 配置
进入jenkins
容器生成新的ssh key
[root@localhost mytest]# docker exec -it jenkins bash
jenkins@790140a70e6f:/$ cd /var/jenkins_home/
jenkins@790140a70e6f:~$ ssh-keygen -t rsa -C "wangyuhao01@163.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/var/jenkins_home/.ssh/id_rsa):
Created directory '/var/jenkins_home/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/jenkins_home/.ssh/id_rsa
Your public key has been saved in /var/jenkins_home/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:LJt2FmYqJFN6fUrn64TtXPgOTigPKLVwLwFJjNK+5Wo wangyuhao01@longfor.com
The key's randomart image is:
+---[RSA 3072]----+
|oo |
|+o. |
|+. . |
| ..o.. . |
|. B+o + S |
| +.X.. / o |
|. +.= O X . |
| .E. * O = |
| . ..*.o |
+----[SHA256]-----+
[root@localhost data]# cd .ssh/
[root@localhost .ssh]# ls
id_rsa id_rsa.pub
将公钥配id_rsa.pub
置到k8s-master
服务器上,私钥id_rsa
配置到jenkins全局凭据。
公钥配id_rsa.pub
置到k8s-master
服务器上
- 客户端执行
ssh-copy-id root@服务端IP
将本机的id_rsa.pub
公钥内容追加到服务端的/root/.ssh/authorized_keys
文件中。
jenkins@d043db9e06fe:~/.ssh$ ssh-copy-id root@192.168.232.9
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/jenkins_home/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.232.9's password: Number of key(s) added: 1Now try logging into the machine, with: "ssh 'root@192.168.232.9'"
and check to make sure that only the key(s) you wanted were added.
2、客户端执行 ssh root@服务端IP
,就直接登录到服务端了
jenkins@d043db9e06fe:~/.ssh$ ssh root@192.168.232.9 ls
anaconda-ks.cfg
calico-3.13.1.yaml
kubeadm-config.yaml
my-namespace.yaml
nginx-tomcate-deployment.yml
nginx-tomcate-ingress.yml
nginx-tomcate-pod.yml
nginx-tomcate-service.yml
pipeline-test.yml
私钥id_rsa
配置到jenkins全局凭据
通过SSH的方式执行kubectl
stage('远程通过k8s-master部署服务') {steps {sh 'ssh root@192.168.232.9 kubectl apply -f k8s/$JOB_BASE_NAME.yml'}}
完整的Jenkinsfile文件
pipeline {agent any// 存放所有任务的合集stages {stage('拉取Git代码') {steps {checkout([$class: 'GitSCM', branches: [[name: '${branch}']], extensions: [], userRemoteConfigs: [[credentialsId: 'gitee_ssh_key', url: 'git@gitee.com:xiaolyuh/test.git']]])}}stage('Maven构建打包') {steps {sh ' /var/jenkins_home/maven/apache-maven-3.8.8/bin/mvn clean package -DskipTests'}}stage('制作Docker镜像') {steps {sh '''mv **/target/*.jar docker/app.jarecho "build Image start"docker build -t $JOB_BASE_NAME:$tag docker/echo "build Image success"'''}}stage('Docker镜像推送Harbor') {steps {sh '''password=ucTv2l1XeBdgO9tkseoyWVLh47sRN9Pyecho "$password" | docker login $harbor_url --username \'robot$devops\' --password-stdindocker tag $JOB_BASE_NAME:$tag $harbor_url/$harbor_object/$JOB_BASE_NAME:$tagecho "push Image start"docker push $harbor_url/$harbor_object/$JOB_BASE_NAME:$tagecho "push Image success"'''}}stage('推送yml文件到k8s') {steps {sshPublisher(publishers: [sshPublisherDesc(configName: 'k8s-master', transfers: [sshTransfer(cleanRemote: false, excludes: '', execCommand: 'echo 1', execTimeout: 120000, flatten: false, makeEmptyDirs: false, noDefaultExcludes: false, patternSeparator: '[, ]+', remoteDirectory: '', remoteDirectorySDF: false, removePrefix: '', sourceFiles: '**/k8s/$JOB_BASE_NAME.yml')], usePromotionTimestamp: false, useWorkspaceInPromotion: false, verbose: false)])}}stage('远程通过k8s-master部署服务') {steps {sh 'ssh root@192.168.232.9 kubectl apply -f k8s/$JOB_BASE_NAME.yml'}}}
}