从零开始的云计算生活——第六十天，志在千里，使用Jenkins部署K8S

一.安装kubectl

1、配置yum源

cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.28/rpm/
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.28/rpm/repodata/repomd.xml.key
EOF

2、安装kubectl

yum install -y kubectl

二.关联k8s

1.设置配置文件

此时由于没有关联，使用命令会报错

去k8s主机将.kube内容拷贝过来

回来发现命令已经可以使用了

再将.kube文件考到Jenkins账户里

使用Jenkins账户登录并使用

2.下载k8s插件并重启

3.选择cloud

4.查看k8s地址

5.查看证书文件，并解密

6.复制证书

7.填写命名空间

8.终端生成Secret

创建jenkins账户

kubectl create sa jenkins

创建role角色

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: default
  name: pod-reader-role
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "list", "watch","create","update","delete"]





[root@k8s-master ~]# kubectl apply -f  role.txt
##若要给于jenkins用户对default命名空间下所有资源具有所有权限，可以修改为 ["*"]

添加bindroling绑定

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: default
  name: pod-reader-role-binding
subjects:
- kind: ServiceAccount
  name: jenkins
  namespace: default
roleRef:
  kind: Role
  name: pod-reader-role
  apiGroup: rbac.authorization.k8s.io

生成token

kubectl -n default create token jenkins

最后将token填写道"凭据"中

9.填写凭证（1个小时有效）

下面把Jenkins地址填上，再点击保存按钮就完成了

三.创建项目

选择pipeline

pipeline {
    agent any
    stages {
        stage('Checkout Code') {
            steps {
                // 使用 SSH 方式拉取 Git 代码
                git branch: 'master', // 替换为你的分支名称
                   url: 'git@192.168.71.131:/home/git/k8s' // 替换为你的 Git 仓库地址
            }
        }
        stage('Deploy LNMP') {
            steps {
                script {
                    // 部署 LNMP 平台
                    sh 'kubectl apply -f /var/lib/jenkins/workspace/k8s-lnmp/nginx.yml'
                }
            }
        }
    }
}

建立git库

创建yml文件

---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx

spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        ports:
        - containerPort: 80

---

apiVersion: v1
kind: Service
metadata:
  name: nginx

spec:
  selector:
    app: nginx
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
  type: NodePort

---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: mysql

spec:
  replicas: 1
  selector:
    matchLabels:
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
      - name: mysql
        image: mysql:5.7
        env:
        - name: MYSQL_ROOT_PASSWORD
          value: "123.com"
        ports:
        - containerPort: 3306

---

apiVersion: v1
kind: Service
metadata:
  name: mysql

spec:
  selector:
    app: mysql
  ports:
  - protocol: TCP
    port: 3306
    targetPort: 3306
  type: ClusterIP

---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: php

spec:
  replicas: 1
  selector:
    matchLabels:
      app: php
  template:
    metadata:
      labels:
        app: php
    spec:
      containers:
      - name: php
        image: php:7.4-fpm
        ports:
        - containerPort: 9000

更新仓库

git add .

设置忽略信息

开始构建

构建成功