云计算-容器云-部署jumpserver 版本2

生雨声2025-05-03 10:15

应用部署:堡垒机部署

复制代码 
# 使用提供的软件包配置Yum源,通过地址将jumpserver.tar.gz软件包下载至Jumpserver节点的/root目录下
[root@jumpserver ~]# tar -zxvf jumpserver.tar.gz -C /opt/
[root@jumpserver ~]# cp /opt/local.repo /etc/yum.repos.d/
[root@jumpserver ~]# tar -zxvf /opt/jumpserverrepo
[root@jumpserver ~]# yum clean all && yum makecache
# 安装Python数据库
[root@jumpserver ~]# yum install python2 -y
[root@jumpserver opt]# mv docker-compose /usr/local/bin/docker-compose
[root@jumpserver opt]# chmod +x docker-compose
[root@jumpserver opt]# ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
# 安装Jumpserver服务
# 创建Jumpserver服务组件目录
[root@jumpserver opt]#docker build -t jumpserver/jms_mysql:v1.0 -f Dockerfile-mysql .
[root@jumpserver opt]#docker build -t jumpserver/jms_redis:v1.0 -f Dockerfile-redis .
[root@jumpserver opt]#docker build -t jumpserver/jms_core:v1.0 -f Dockerfile-core .
[root@jumpserver opt]#docker build -t jumpserver/jms_koko:v1.0 -f Dockerfile-koko .
[root@jumpserver opt]#docker build -t jumpserver/jms_guacamole:v1.0 -f Dockerfile-guacamole .
[root@jumpserver opt]#docker build -t jumpserver/jms_nginx:v1.0 -f Dockerfile-nginx .
[root@localhost opt]# docker-compose up -d
curl -sSL https://resource.fit2cloud.com/jumpserver/jumpserver/releases/latest/download/quick_start.sh | bash

2.2.6 安装 GitLab 环境

复制代码 
新建命名空间 kube-ops,将 GitLab 部署到该命名空间下,然后完成 GitLab 服务的配置。
上传CICD-Runner.tar.gz包
[root@k8s-master-node1 ~]#tar -zxvf CICD-Runner.tar.gz
[root@k8s-master-node1 ~]#cd cicd-runner/
[root@k8s-master-node1 cicd-runner]# docker load -i images/image.tar
[root@k8s-master-node1 cicd-runner]# kubectl create ns kube-ops
namespace/kube-ops created
[root@k8s-master-node1 cicd-runner]# vim gitlab.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    app: gitlab
  name: gitlab
  namespace: kube-ops
spec:
  replicas: 1
  selector:
    matchLabels:
      app: gitlab
  #strategy: {}
  template:
    metadata:
      #creationTimestamp: null
      labels:
        app: gitlab
    spec:
      containers:
      - image: yidaoyun/gitlab-ce:v1.0
        imagePullPolicy: IfNotPresent
        name: gitlab-ce
        ports:
        - containerPort: 80
        env:
        - name: GITLAB_ROOT_PASSWORD
          value: 'admin123456'
[root@k8s-master-node1 cicd-runner]# kubectl apply -f gitlab.yaml 
deployment.apps/gitlab created
[root@k8s-master-node1 cicd-runner]# kubectl get pod -n kube-ops 
NAME                     READY   STATUS    RESTARTS   AGE
gitlab-df897d46d-vcjf6   1/1     Running   0          7s
[root@k8s-master-node1 cicd-runner]# vim gitlab.yaml
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: null
  labels:
    app: gitlab
  name: gitlab
  namespace: kube-ops
spec:
  ports:
  - port: 80
    protocol: TCP
    nodePort: 30880
  selector:
    app: gitlab
  type: NodePort
[root@k8s-master-node1 cicd-runner]# kubectl apply -f gitlab.yaml 
service/gitlab created
[root@k8s-master-node1 cicd-runner]# kubectl get svc -n kube-ops 
NAME     TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
gitlab   NodePort   10.96.133.116   <none>        80:30880/TCP   14s

2.2.7 部署 GitLab Runner(x)

将 GitLab Runner 部署到 kube-ops 命名空间下,并完成 GitLab Runner 在 GitLab 中的注册。

百度打开192.168.59.200:30880

root admin123456

#在这里获取部署runner的URL和令牌 48XdJ5KYGoJPYjaa71gi

复制代码 
[root@k8s-master-node1 cicd-runner]# cd manifests/
[root@k8s-master-node1 manifests]# vim runner-configmap.yaml
apiVersion: v1
data:
  REGISTER_NON_INTERACTIVE: "true"
  REGISTER_LOCKED: "false"
  METRICS_SERVER: "0.0.0.0:9100"
  CI_SERVER_URL: "http://192.168.59.200:30880"
  RUNNER_REQUEST_CONCURRENCY: "4" 
  RUNNER_EXECUTOR: "kubernetes"
  KUBERNETES_NAMESPACE: "kube-ops"
  KUBERNETES_PRIVILEGED: "true"
  KUBERNETES_CPU_LIMIT: "1"
[root@k8s-master-node1 manifests]#echo -n "48XdJ5KYGoJPYjaa71gi" | base64 
NDhYZEo1S1lHb0pQWWphYTcxZ2k=

# 进入添加labels字段即可
[root@k8s-master-node1 manifests]# vim runner-statefulset.yaml
apiVersion: v1
data:
  GITLAB_CI_TOKEN: NDhYZEo1S1lHb0pQWWphYTcxZ2k=
kind: Secret
metadata:
  name: gitlab-ci-runner
  namespace: kube-ops
  labels:
    app: gitlab-ci-runner
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: gitlab-ci-runner
  namespace: kube-ops
  labels:
    app: gitlab-ci-runner
spec:
  serviceName: gitlab-ci-runner
  updateStrategy:
    type: RollingUpdate
  replicas: 2
  selector:
    matchLabels:
      app: gitlab-ci-runner
  template:
    metadata:
      labels:
        app: gitlab-ci-runner
    spec:
      securityContext:
        runAsNonRoot: true # 则容器会以非 root 用户身份运行
        runAsUser: 999
        supplementalGroups: [999]
      containers:
      - image: yidaoyun/gitlab-runner:v1.0
        imagePullPolicy: IfNotPresent
        name: gitlab-runner
        ports:
        - containerPort: 9100
        command: 
        - /scripts/run.sh
        envFrom:
        - configMapRef:
            name: gitlab-ci-runner-cm
        - secretRef:
            name: gitlab-ci-token
        env:
        - name: RUNNER_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        volumeMounts:
        - name: gitlab-ci-runner-scripts
          mountPath: /scripts
          readOnly: true # 将卷只读挂载到容器内
      volumes:
      - name: gitlab-ci-runner-scripts
        projected:
          sources:
          - configMap:
              name: gitlab-ci-runner-scripts
              items:
              - key: run.sh
                path: run.sh
                mode: 0775
      restartPolicy: Always

# 依次启动
[root@k8s-master-node1 manifests]# kubectl apply -f runner-configmap.yaml 
configmap/gitlab-ci-runner-cm created
[root@k8s-master-node1 manifests]# kubectl apply -f runner-scripts-configmap.yaml 
configmap/gitlab-ci-runner-scripts created
[root@k8s-master-node1 manifests]# kubectl apply -f runner-statefulset.yaml 
secret/gitlab-ci-token created
statefulset.apps/gitlab-ci-runner created
[root@k8s-master-node1 manifests]# kubectl get pod -n kube-ops 
NAME                     READY   STATUS    RESTARTS   AGE
gitlab-ci-runner-0       1/1     Running   0          14s
gitlab-ci-runner-1       1/1     Running   0          12s
gitlab-df897d46d-vcjf6   1/1     Running   0          16h

2.2.8 配置 GitLab

在 GitLab 中新建公开项目并导入离线项目包,然后将 Kubernetes 集群添加 到 GitLab 中。

复制代码 
[root@k8s-master-node1 cicd-runner]# cd springcloud/
[root@k8s-master-node1 springcloud]# git config --global user.name "Administrator"
[root@k8s-master-node1 springcloud]# git config --global user.email "[email protected]"
[root@k8s-master-node1 springcloud]# git remote remove origin
[root@k8s-master-node1 springcloud]# git remote add origin http://192.168.59.200:30880/root/springcloud.git
[root@k8s-master-node1 springcloud]# git add .
warning: You ran 'git add' with neither '-A (--all)' or '--ignore-removal',
whose behaviour will change in Git 2.0 with respect to paths you removed.
Paths like '.gitlab-ci.yml' that are
removed from your working tree are ignored with this version of Git.
* 'git add --ignore-removal <pathspec>', which is the current default,
  ignores paths you removed from your working tree.
* 'git add --all <pathspec>' will let you also record the removals.
Run 'git status' to check the paths you removed from your working tree.
[root@k8s-master-node1 springcloud]# git commit -m "Initial commit"
[master db17cb0] Initial commit
 1 file changed, 2 insertions(+)
[root@k8s-master-node1 springcloud]# git push -u origin master
Username for 'http://10.24.206.143:30880': root  # gitlab用户
Password for 'http://[email protected]:30880':(admin123456)  # gitlab密码
Counting objects: 1355, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (1000/1000), done.
Writing objects: 100% (1355/1355), 4.05 MiB | 0 bytes/s, done.
Total 1355 (delta 269), reused 1348 (delta 266)
remote: Resolving deltas: 100% (269/269), done.
To http://10.24.206.143:30880/root/springcloud.git
 * [new branch]      master -> master
Branch master set up to track remote branch master from origin.



复制代码 
# 获取CA证书
[root@k8s-master-node1 springcloud]# cat /etc/kubernetes/pki/ca.crt
-----BEGIN CERTIFICATE-----
MIIC/jCCAeagAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl
cm5ldGVzMB4XDTI0MDIyNTAzNDAxNloXDTM0MDIyMjAzNDAxNlowFTETMBEGA1UE
AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJUJ
Ps6NpgvLNhrdFFyAO3P8IRwNJM25ijz3rtdO46a1dXXsWN6nVBzmXcYr7QkK9l1V
/X5o8dxS46LXVbwO5gtOtO6Zu0NO55msTVw+HEHoPj2fh9s1tN4WCmtaCzHLz7Cg
w90ze4/SdVx60t58xjzo9vEr6lCb3A39Qqh7DUCyu6J9XuhsjdCx+nPZv6rrKqm1
Fnq4bx4zc4WAfoT4pQ21EQnlLfzKsI34FZjEFXKYSZn+94XXouY5E3Z+DSp9QJOf
/FJtQ5w5f+/58U5s1ja/iEnBOUupn+f5oKbzZHJbk5prPA+vzOce8hQ4+LUcnoJk
fxrTK6KHi5UMQQOtjTMCAwEAAaNZMFcwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB
/wQFMAMBAf8wHQYDVR0OBBYEFHY2aLho7/Eab1m6sJgCq4l/fwDfMBUGA1UdEQQO
MAyCCmt1YmVybmV0ZXMwDQYJKoZIhvcNAQELBQADggEBAG91Daj4DylMJPkF1kba
QsbC6w45gI0A8wqL5dF4Y6FyPNMwUO28t8WBvcsiZ34u5Z67bDx9joYme/0kf/0k
D5w1uBewNt0ronpeTYDsOq+yILRyY5XEY3CdKTXzkst0BkMjttfTHKHOfDy+/Omp
eDtIKopp/BcyRYEQih7Givp1ITqhBQQm8kp6TAU2m0QrtlhebN6349LGOz2CxoQs
p0YikqnEoFjaFSvn40vI6ttdek3cyQAEoNTTQ+zwz80IXCt3ODk1qBYRZdc10aXL
szNtZ0MN2vbKRsJjmvihWBEmjO58DyV/H2ebXMKStBzbK5v4mjKW1Jg9ilra6fGS
H8I=
-----END CERTIFICATE-----
# 获取令牌
[root@k8s-master-node1 springcloud]# kubectl describe secrets -n kube-system default-token-h8h7n 
Name:         default-token-tgz8r
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: default
              kubernetes.io/service-account.uid: d4111b82-49c8-481b-83ff-ff2619eb3d1b

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1099 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IjN0Z3RzNDdfT3FGc0pHalJKWi1ZcHZ5TTF4cDB6X2duLWxhanViVkJXLVUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkZWZhdWx0LXRva2VuLXRnejhyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImRlZmF1bHQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkNDExMWI4Mi00OWM4LTQ4MWItODNmZi1mZjI2MTllYjNkMWIiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06ZGVmYXVsdCJ9.RfWmtTwtY-WOXIibVOOsRjcvJRktI9O0pFOpR-VtjfJKVAuwwjxinQC8LaGvFZK9kooTvf1GKA261awk45uj-hZjN7T2rK9glea-D8YqwFRR5y7G6uU_SCqho2h1qC6T6ax30XCMuVgWe5RuvG0rXB1qnT72vy72K2iSCb9M7SuuqI-kElvf5M1l0zmrvN9xCvKebVtwt2hIuMAJW2fgNhiEMmHaXPVmVUYr_G5jrtP73HoDclGC2i2elJAySJXek7pxyzmaOlP7jWXYhaXjiU5BvX_PSUfLSt2PVpOEANNUyBowfZkOhIyoc0QQSd7-Wi0gx3Sd9hMwH7LXHRmt-w

  • 将获取的信息分别填入

    2.2.9 构建 CI/CD
    在项目中编写流水线脚本,然后触发自动构建,要求完成构建代码、构建镜 像、推送镜像 Harbor、并发布服务到 Kubernetes 集群。

    将tcp://localhost:2375改为tcp://docker-dind:2375
    [root@k8s-master-node1 springcloud]# kubectl edit -n kube-system cm coredns

    53后面添加一个gitlab

    添加映射

    [root@k8s-master-node1 ~]# cat /etc/hosts
    192.168.100.23 apiserver.cluster.local # 选择这一行

    登录harbor仓库

    [root@k8s-master-node1 springcloud]# docker login 192.168.59.200
    Username: admin
    Password: (Harbor12345)
    WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
    Configure a credential helper to remove this warning. See
    https://docs.docker.com/engine/reference/commandline/login/#credentials-store
    [root@k8s-master-node1 springcloud]# cd ..
    [root@k8s-master-node1 cicd-runner]# vim Dockerfile
    FROM nginx:latest
    RUN echo "Hello Golang In Gitlab CI,go1.10.3,/bin/app" >> /usr/share/nginx/html/index.html
    [root@k8s-master-node1 cicd-runner]# docker build -t 10.24.206.143/library/springcloud:master -f Dockerfile .
    Sending build context to Docker daemon 2.892GB
    Step 1/2 : FROM nginx:latest
    ---> de2543b9436b
    Step 2/2 : RUN echo "Hello Golang In Gitlab CI,go1.10.3,/bin/app" >> /usr/share/nginx/html/index.html
    ---> Running in a5b69ead6f7f
    Removing intermediate container a5b69ead6f7f
    ---> 193d60448c3d
    Successfully built 193d60448c3d
    Successfully tagged 10.24.206.143/library/springcloud:master
    [root@k8s-master-node1 cicd-runner]# docker push 10.24.206.143/library/springcloud:master
    The push refers to repository [10.24.206.143/library/springcloud]
    09c5777979b4: Pushed
    a059c9abe376: Pushed
    09be960dcde4: Pushed
    18be1897f940: Pushed
    dfe7577521f0: Pushed
    d253f69cb991: Pushed
    fd95118eade9: Pushed
    master: digest: sha256:95218b2f4822bdbe6f937c74b3fe7879998385cd04d74c241e5706294239ee29 size: 177
    [root@k8s-master-node1 cicd-runner]# kubectl create ns gitlab
    namespace/gitlab created

    使用刚刚生成的镜像

    [root@k8s-master-node1 cicd-runner]# vim deploymeng.yaml
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    creationTimestamp: null
    labels:
    app: gitlab-k8s-demo-dev
    name: gitlab-k8s-demo-dev
    namespace: gitlab
    spec:
    replicas: 2
    selector:
    matchLabels:
    app: gitlab-k8s-demo-dev
    strategy: {}
    template:
    metadata:
    creationTimestamp: null
    labels:
    app: gitlab-k8s-demo-dev
    spec:
    containers:
    - image: 10.24.206.143/library/springcloud:master
    name: springcloud
    imagePullPolicy: IfNotPresent
    ports:
    - containerPort: 80

    apiVersion: v1
    kind: Service
    metadata:
    name: gitlab-k8s-demo-dev
    namespace: gitlab
    spec:
    ports:
    - port: 80
    nodePort: 30800
    selector:
    app: gitlab-k8s-demo-dev
    type: NodePort
    [root@k8s-master-node1 cicd-runner]# kubectl apply -f deploymeng.yaml
    deployment.apps/gitlab-k8s-demo-dev created
    service/gitlab-k8s-demo-dev configured
    [root@k8s-master-node1 cicd-runner]# kubectl get deployments.apps -n gitlab
    NAME READY UP-TO-DATE AVAILABLE AGE
    gitlab-k8s-demo-dev 2/2 2 2 2m11s
    [root@k8s-master-node1 cicd-runner]# kubectl get pod -n gitlab
    NAME READY STATUS RESTARTS AGE
    gitlab-k8s-demo-dev-76c8494bdd-hcwwd 1/1 Running 0 101s
    gitlab-k8s-demo-dev-76c8494bdd-hfm2n 1/1 Running 0 101s
    [root@k8s-master-node1 cicd-runner]# kubectl get svc -n gitlab
    NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
    gitlab-k8s-demo-dev NodePort 10.96.99.185 <none> 80:30800/TCP 31m

相关推荐
Johny_Zhao11 分钟前
在Ubuntu Server上安装Checkmk监控系统
linux·人工智能·网络安全·信息安全·云计算·shell·yum源·系统运维·checkmk
国际云,接待4 小时前
亚马逊云服务器性能深度优化方案(2025版)
运维·服务器·科技·架构·云计算·aws
AI大模型学习原理4 小时前
当excel接入DeepSeek后,直接自动生成PPT分析报告
人工智能·ai·云计算·powerpoint·excel·产品经理·aws
生雨声6 小时前
云计算-容器云-服务网格Bookinfo
云计算
AWS官方合作商7 小时前
AWS CloudFront全球加速利器:解析出海业务的核心优势与最佳实践
服务器·云计算·aws
编程在手天下我有12 小时前
多维驱动:负载均衡何以成为现代系统架构的基石
系统架构·云计算·负载均衡·边缘计算·分布式系统·网络技术
北观止13 小时前
虚拟环境配置——Windows11 环境在VMware中部署 OpenStack
服务器·ubuntu·云计算·openstack
太阳伞下的阿呆13 小时前
Aws S3上传优化
云计算·aws·云存储·亚马逊·s3
数据与人工智能律师13 小时前
数字时代,如何为个人信息与隐私筑牢安全防线?
大数据·网络·人工智能·云计算·区块链
热门推荐
01KGG转MP3工具|非KGM文件|解密音频02西电B测-计算机网络综合实验(含验收问题)03从零安装 LLaMA-Factory 微调 Qwen 大模型成功及所有的坑04Coze扣子平台完整体验和实践(附国内和国际版对比)05YOLOv8入门 | 重要性能衡量指标、训练结果评价及分析及影响mAP的因素【发论文关注的指标】06DeepSeek各版本说明与优缺点分析07苍穹外卖面试总结08YOLOv5改进 | 添加CA注意力机制 + 增加预测层 + 更换损失函数之GIoU09我决定放弃搞 Java 了10yolov10来了!用yolov10训练自己的数据集(原理、训练、部署、应用)