存储卷之Projected【扩展】
1. Projected卷概述
Projected Volume是一种特殊的卷类型,它能够将已存在的多个卷投射进同一个挂载点目录中。
Projected Volume仅支持对如下四种类型的卷(数据源)进行投射操作,这类的卷一般都是用于为容器提供预先定义好的数据:
- Secret: 投射Secret对象。
- ConfigMap: 投射ConfigMap对象。
- DownwardAPI: 投射Pod元数据。
- ServiceAccountToken: 投射ServiceAccount Token。
2. 实战案例:这是一种很常见的将配置信息、密钥等注入到容器内部的方式
2.1 创建资源清单
yaml
[root@master231 volumes]# cat 08-deploy-projected-volumes.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: yinzhengjie-cm
data:
blog: "https://www.cnblogs.com/yinzhengjie"
k8s: "https://space.bilibili.com/600805398/channel/series"
---
apiVersion: v1
kind: Secret
metadata:
name: yinzhengjie-secrets
stringData:
username: admin
password: yinzhengjie
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: projected-demo
spec:
replicas: 1
selector:
matchLabels:
apps: v1
template:
metadata:
labels:
apps: v1
spec:
volumes:
- name: data01
# 定义存储卷类型,该存储卷可以封装多个存储卷类型
projected:
sources:
- downwardAPI:
items:
- path: containers-limists-memory
resourceFieldRef:
containerName: c1
resource: "limits.memory"
- configMap:
name: yinzhengjie-cm #会注入前面定义的data
- secret:
name: yinzhengjie-secrets #会注入前面定义的username和password
- serviceAccountToken:
path: yinzhengjie-token #作用:自动生成ServiceAccount的JWT token,并写入指定文件
containers:
- name: c1
image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
resources:
limits:
cpu: 0.5
memory: 500Mi
volumeMounts:
- name: data01
mountPath: /yinzhengjie-xixi2.2 部署资源
bash
[root@master231 volumes]# kubectl apply -f 08-deploy-projected-volumes.yaml
configmap/yinzhengjie-cm created
secret/yinzhengjie-secrets created
deployment.apps/projected-demo created
[root@master231 volumes]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
projected-demo-6b7b48f98d-dwcpt 1/1 Running 0 3s 10.100.2.32 worker233 <none> <none>2.3 验证挂载结果
bash
[root@master231 volumes]# kubectl exec -it projected-demo-6b7b48f98d-dwcpt -- sh
/ # ls -l /yinzhengjie-xixi/
total 0
lrwxrwxrwx 1 root root 11 Sep 29 01:11 blog -> ..data/blog
lrwxrwxrwx 1 root root 32 Sep 29 01:11 containers-limists-memory -> ..data/containers-limists-memory
lrwxrwxrwx 1 root root 10 Sep 29 01:11 k8s -> ..data/k8s
lrwxrwxrwx 1 root root 15 Sep 29 01:11 password -> ..data/password
lrwxrwxrwx 1 root root 15 Sep 29 01:11 username -> ..data/username
lrwxrwxrwx 1 root root 24 Sep 29 01:11 yinzhengjie-token -> ..data/yinzhengjie-token3. 验证官网的挂载信息
bash
[root@master231 volumes]# kubectl describe pod projected-demo-6b7b48f98d-dwcpt
Name: projected-demo-6b7b48f98d-dwcpt
...
Containers:
c1:
Container ID: docker://082615e684ad9e099f6d5e686a39b56c955cfa7bc411a2298860edc848e66f32
...
Limits:
cpu: 500m
memory: 500Mi
Requests:
cpu: 500m
memory: 500Mi
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-97pzk (ro)
/yinzhengjie-xixi from data01 (rw)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
data01:
Type: Projected (a volume that contains injected data from multiple sources)
DownwardAPI: true
ConfigMapName: yinzhengjie-cm
ConfigMapOptional: <nil>
SecretName: yinzhengjie-secrets
SecretOptionalName: <nil>
TokenExpirationSeconds: 3600
kube-api-access-97pzk:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
bash
[root@master231 volumes]# kubectl get pod projected-demo-6b7b48f98d-dwcpt -o yaml
apiVersion: v1
kind: Pod
...
spec:
containers:
- image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
...
volumeMounts:
- mountPath: /yinzhengjie-xixi
name: data01
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-97pzk
readOnly: true
...
volumes:
- name: data01
projected:
defaultMode: 420
sources:
- downwardAPI:
items:
- path: containers-limists-memory
resourceFieldRef:
containerName: c1
divisor: "0"
resource: limits.memory
- configMap:
name: yinzhengjie-cm
- secret:
name: yinzhengjie-secrets
- serviceAccountToken:
expirationSeconds: 3600
path: yinzhengjie-token
- name: kube-api-access-97pzk
projected:
defaultMode: 420
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
path: namespace
bash
[root@master231 volumes]# kubectl exec -it projected-demo-6b7b48f98d-dwcpt -- sh
/ # ls -l /var/run/secrets/kubernetes.io/serviceaccount
total 0
lrwxrwxrwx 1 root root 13 Sep 29 01:11 ca.crt -> ..data/ca.crt
lrwxrwxrwx 1 root root 16 Sep 29 01:11 namespace -> ..data/namespace
lrwxrwxrwx 1 root root 12 Sep 29 01:11 token -> ..data/tokenmetrics-server环境部署
1. 什么是metrics-server
metrics-server为K8S集群的"kubectl top"命令提供数据监控,也提供了"HPA(Horizontal Pod Autoscaler)"的使用。
metrics-server还可以为Dashboard组件提供监控指标。
bash
[root@master231 ~]# kubectl top pods
error: Metrics API not available彩蛋:hpa和vpa的区别?
-
hpa(水平扩容):
- 特点:增加机器数量,不提高单个节点的硬件配置,增加同类型机器数量,需要增加负载均衡器作为同一访问入口
- 表示Pod数量资源不足时,可以自动增加Pod副本数量,以抵抗流量过多的情况,降低服务的总体负载。
-
vpa(垂直扩容):
- 特点:不增加机器数量。只升高硬件配置,但是物理机有资源上限
- 表示可以动态调整容器的资源上限,比如一个Pod一开始是200Mi内存,如果资源达到定义的阈值,就可以扩展内存,但不会增加pod副本数量。
典型的区别在于vpa具有一定的资源上限问题,因为pod是K8S集群调度的最小单元,不可拆分,因此这个将来扩容时,取决于单节点的资源上限。
部署文档: https://github.com/kubernetes-sigs/metrics-server
彩蛋: metrics-server组件本质上是从kubelet组件获取监控数据
bash
[root@master231 pki]# pwd
/etc/kubernetes/pki
[root@master231 pki]# ll apiserver-kubelet-client.*
-rw-r--r-- 1 root root 1164 Apr 7 11:00 apiserver-kubelet-client.crt
-rw------- 1 root root 1679 Apr 7 11:00 apiserver-kubelet-client.key
# 有很多指标,metric-server可以把这些指标处理
[root@master231 pki]# curl -s -k --key apiserver-kubelet-client.key --cert apiserver-kubelet-client.crt https://10.0.0.231:10250/metrics/resource | wc -l
102
[root@master231 pki]# curl -s -k --key apiserver-kubelet-client.key --cert apiserver-kubelet-client.crt https://10.0.0.232:10250/metrics/resource | wc -l
67
[root@master231 pki]# curl -s -k --key apiserver-kubelet-client.key --cert apiserver-kubelet-client.crt https://10.0.0.233:10250/metrics/resource | wc -l
572. 部署metrics-server组件
2.1 下载资源清单
bash
[root@master231 ~]# wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/high-availability-1.21+.yaml
# SVIP:
[root@master231 ~]# wget http://192.168.16.253/Resources/Kubernetes/Add-ons/metrics-server/0.6.x/high-availability-1.21%2B.yaml2.2 编辑配置文件
bash
[root@master231 ~]# vim high-availability-1.21+.yaml
...
114 apiVersion: apps/v1
115 kind: Deployment
116 metadata:
...
144 - args:
145 - --kubelet-insecure-tls # 不要验证Kubelets提供的服务证书的CA。不配置则会报错x509。
...
... image: registry.aliyuncs.com/google_containers/metrics-server:v0.7.2
# 我使用的是0.6.32.3 部署metrics-server组件
bash
[root@master231 ~]# kubectl apply -f high-availability-1.21+.yaml
serviceaccount/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
service/metrics-server created
deployment.apps/metrics-server created
poddisruptionbudget.policy/metrics-server created
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created镜像下载地址 :
http://192.168.16.253/Resources/Kubernetes/Add-ons/metrics-server/0.7.2/
2.4 查看镜像是否部署成功
bash
[root@master231 metrics-server]# kubectl get pods,svc -n kube-system -l k8s-app=metrics-server -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/metrics-server-57c6f647bb-727dz 1/1 Running 0 3m56s 10.100.203.130 worker232 <none> <none>
pod/metrics-server-57c6f647bb-bm6tb 1/1 Running 0 3m56s 10.100.140.120 worker233 <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/metrics-server ClusterIP 10.200.10.142 <none> 443/TCP 3m56s k8s-app=metrics-server
[root@master231 metrics-server]# kubectl -n kube-system describe svc metrics-server
Name: metrics-server
Namespace: kube-system
Labels: k8s-app=metrics-server
Annotations: <none>
Selector: k8s-app=metrics-server
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.200.10.142
IPs: 10.200.10.142
Port: https 443/TCP
TargetPort: https/TCP
Endpoints: 10.100.140.120:10250,10.100.203.130:10250
Session Affinity: None
Events: <none>2.5 验证metrics组件是否正常工作
bash
[root@master231 metrics-server]# kubectl top pod
NAME CPU(cores) MEMORY(bytes)
projected-demo-6b7b48f98d-dwcpt 0m 2Mi
[root@master231 metrics-server]# kubectl top node
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
master231 64m 3% 1514Mi 40%
worker232 28m 1% 926Mi 24%
worker233 31m 1% 968Mi 25%
[root@master231 metrics-server]# kubectl top pod -A # 即可查看到cpu使用情况,和内存使用的情况
NAMESPACE NAME CPU(cores) MEMORY(bytes)
default projected-demo-6b7b48f98d-dwcpt 0m 2Mi
kube-flannel kube-flannel-ds-9mbzn 5m 12Mi
kube-flannel kube-flannel-ds-l55tn 4m 13Mi
kube-flannel kube-flannel-ds-tgmpc 5m 12Mi
kube-system coredns-6d8c4cb4d-s85bq 1m 11Mi
kube-system coredns-6d8c4cb4d-tdrnj 1m 11Mi
kube-system etcd-master231 11m 91Mi
kube-system kube-apiserver-master231 37m 200Mi
kube-system kube-controller-manager-master231 9m 47Mi
kube-system kube-proxy-55jhz 3m 17Mi
kube-system kube-proxy-7ffbs 11m 18Mi
kube-system kube-proxy-xgqln 6m 18Mi
kube-system kube-scheduler-master231 2m 16Mi
kube-system metrics-server-57c6f647bb-2vmkk 5m 15Mi
kubernetes-dashboard dashboard-metrics-scraper-9d986c98c-2pbw4 1m 3Mi
kubernetes-dashboard kubernetes-dashboard-5ccf77bb87-jfzwp 2m 10Mi
metallb-system controller-644c958987-9xbtc 1m 14Mi
metallb-system speaker-hfb5k 3m 16Mi
metallb-system speaker-p27z5 3m 16Mi
metallb-system speaker-vtxk8 3m 16Mi水平Pod伸缩hpa实战
1. 什么是hpa
hpa是k8s集群内置的资源,全称为"HorizontalPodAutoscaler"。
可以自动实现Pod水平伸缩,说白了,在业务高峰期可以自动扩容Pod副本数量,在集群的低谷期,可以自动缩容Pod副本数量。
2. hpa实战
2.1 导入镜像(232和233都要)
bash
[root@worker233 ~]# wget http://192.168.16.253/Resources/Kubernetes/Add-ons/metrics-server/oldboyedu-linux-tools-v0.1-stress.tar.gz
[root@worker233 ~]# docker load -i oldboyedu-linux-tools-v0.1-stress.tar.gz2.2 创建Pod
yaml
[root@master231 horizontalpodautoscalers]# cat 01-deploy-hpa.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy-stress
spec:
replicas: 1
selector:
matchLabels:
app: stress
template:
metadata:
labels:
app: stress
spec:
containers:
- image: jasonyin2020/oldboyedu-linux-tools:v0.1
name: oldboyedu-linux-tools
args:
- tail
- -f
- /etc/hosts
resources:
requests:
cpu: 0.2
memory: 300Mi
limits:
cpu: 0.5
memory: 500Mi
---
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
name: stress-hpa
spec:
# 最大的Pod副本数量
maxReplicas: 5
# 最小的Pod副本数据
minReplicas: 2
# 关联资源对象,对哪个资源对象进行HPA
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: deploy-stress
# 基于CPU的资源限制
targetCPUUtilizationPercentage: 95
bash
[root@master231 horizontalpodautoscalers]# kubectl apply -f 01-deploy-hpa.yaml
deployment.apps/deploy-stress created
horizontalpodautoscaler.autoscaling/stress-hpa created彩蛋:(响应式创建hpa)
bash
[root@master231 horizontalpodautoscalers]# kubectl autoscale deploy deploy-stress --min=2 --max=5 --cpu-percent=95 -o yaml --dry-run=client2.3 测试验证
bash
# kubectl get hpa -w 动态查看副本,cpu,pod数量
[root@master231 horizontalpodautoscalers]# kubectl get deploy,hpa,po -o wide # 第一次查看发现Pod副本数量只有1个
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
deployment.apps/deploy-stress 1/1 1 1 11s oldboyedu-linux-tools harbor250.oldboyedu.com/oldboyedu-casedemo/oldboyedu-linux-tools:v0.1 app=stress
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
horizontalpodautoscaler.autoscaling/stress-hpa Deployment/deploy-stress <unknown>/95% 2 5 0 11s
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/deploy-stress-5d7c796c97-rzgsm 1/1 Running 0 11s 10.100.140.121 worker233 <none> <none>
[root@master231 horizontalpodautoscalers]# kubectl get deploy,hpa,po -o wide # 第N次查看发现Pod副本数量只有2个
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
deployment.apps/deploy-stress 2/2 2 2 51s oldboyedu-linux-tools harbor250.oldboyedu.com/oldboyedu-casedemo/oldboyedu-linux-tools:v0.1 app=stress
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
horizontalpodautoscaler.autoscaling/stress-hpa Deployment/deploy-stress 0%/95% 2 5 2 51s
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/deploy-stress-5d7c796c97-f9rff 1/1 Running 0 36s 10.100.203.150 worker232 <none> <none>
pod/deploy-stress-5d7c796c97-rzgsm 1/1 Running 0 51s 10.100.140.121 worker233 <none> <none>2.4 压力测试
bash
[root@master231 ~]# kubectl exec deploy-stress-5d7c796c97-f9rff -- stress --cpu 8 --io 4 --vm 2 --vm-bytes 128M --timeout 10m
stress: info: [7] dispatching hogs: 8 cpu, 4 io, 2 vm, 0 hdd2.5 查看Pod副本数量
bash
[root@master231 horizontalpodautoscalers]# kubectl get deploy,hpa,po -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
deployment.apps/deploy-stress 3/3 3 3 4m3s oldboyedu-linux-tools harbor250.oldboyedu.com/oldboyedu-casedemo/oldboyedu-linux-tools:v0.1 app=stress
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
horizontalpodautoscaler.autoscaling/stress-hpa Deployment/deploy-stress 105%/95% 2 5 2 4m3s
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/deploy-stress-5d7c796c97-f9rff 1/1 Running 0 3m48s 10.100.203.150 worker232 <none> <none>
pod/deploy-stress-5d7c796c97-rzgsm 1/1 Running 0 4m3s 10.100.140.121 worker233 <none> <none>
pod/deploy-stress-5d7c796c97-zxgp6 1/1 Running 0 3s 10.100.140.122 worker233 <none> <none>2.6 再次压测
bash
[root@master231 ~]# kubectl exec deploy-stress-5d7c796c97-rzgsm -- stress --cpu 8 --io 4 --vm 2 --vm-bytes 128M --timeout 10m
stress: info: [6] dispatching hogs: 8 cpu, 4 io, 2 vm, 0 hdd
[root@master231 ~]# kubectl exec deploy-stress-5d7c796c97-zxgp6 -- stress --cpu 8 --io 4 --vm 2 --vm-bytes 128M --timeout 10m
stress: info: [7] dispatching hogs: 8 cpu, 4 io, 2 vm, 0 hdd2.7 发现最多有5个Pod创建
bash
[root@master231 horizontalpodautoscalers]# kubectl get deploy,hpa,po -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
deployment.apps/deploy-stress 5/5 5 5 5m50s oldboyedu-linux-tools harbor250.oldboyedu.com/oldboyedu-casedemo/oldboyedu-linux-tools:v0.1 app=stress
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
horizontalpodautoscaler.autoscaling/stress-hpa Deployment/deploy-stress 249%/95% 2 5 5 5m50s
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/deploy-stress-5d7c796c97-dnlzj 1/1 Running 0 34s 10.100.203.180 worker232 <none> <none>
pod/deploy-stress-5d7c796c97-f9rff 1/1 Running 0 5m35s 10.100.203.150 worker232 <none> <none>
pod/deploy-stress-5d7c796c97-ld8s9 1/1 Running 0 19s 10.100.140.123 worker233 <none> <none>
pod/deploy-stress-5d7c796c97-rzgsm 1/1 Running 0 5m50s 10.100.140.121 worker233 <none> <none>
pod/deploy-stress-5d7c796c97-zxgp6 1/1 Running 0 110s 10.100.140.122 worker233 <none> <none>2.8 取消压测后
需要等待5min左右会自动缩容Pod数量到2个。
bash
[root@master231 horizontalpodautoscalers]# kubectl get deploy,hpa,po -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
deployment.apps/deploy-stress 2/2 2 2 20m oldboyedu-linux-tools harbor250.oldboyedu.com/oldboyedu-casedemo/oldboyedu-linux-tools:v0.1 app=stress
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
horizontalpodautoscaler.autoscaling/stress-hpa Deployment/deploy-stress 0%/95% 2 5 5 20m
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/deploy-stress-5d7c796c97-dnlzj 1/1 Running 0 15m 10.100.203.180 worker232 <none> <none>
pod/deploy-stress-5d7c796c97-f9rff 1/1 Running 0 20m 10.100.203.150 worker232 <none> <none>
pod/deploy-stress-5d7c796c97-ld8s9 1/1 Terminating 0 14m 10.100.140.123 worker233 <none> <none>
pod/deploy-stress-5d7c796c97-rzgsm 1/1 Terminating 0 20m 10.100.140.121 worker233 <none> <none>
pod/deploy-stress-5d7c796c97-zxgp6 1/1 Terminating 0 16m 10.100.140.122 worker233 <none> <none>
[root@master231 horizontalpodautoscalers]# kubectl get deploy,hpa,po -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
deployment.apps/deploy-stress 2/2 2 2 21m oldboyedu-linux-tools harbor250.oldboyedu.com/oldboyedu-casedemo/oldboyedu-linux-tools:v0.1 app=stress
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
horizontalpodautoscaler.autoscaling/stress-hpa Deployment/deploy-stress 0%/95% 2 5 2 21m
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/deploy-stress-5d7c796c97-dnlzj 1/1 Running 0 16m 10.100.203.180 worker232 <none> <none>
pod/deploy-stress-5d7c796c97-f9rff 1/1 Running 0 21m 10.100.203.150 worker232 <none> <none>2.9 由于metric-server每间隔15s采集一次数据,因此观察到hpa的数量效果如下
bash
[root@master231 pki]# kubectl get hpa -w
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
stress-hpa Deployment/deploy-stress <unknown>/95% 2 5 0 10s
stress-hpa Deployment/deploy-stress <unknown>/95% 2 5 1 15s
stress-hpa Deployment/deploy-stress <unknown>/95% 2 5 2 30s
stress-hpa Deployment/deploy-stress <unknown>/95% 2 5 2 45s
stress-hpa Deployment/deploy-stress 0%/95% 2 5 2 60s
stress-hpa Deployment/deploy-stress 0%/95% 2 5 2 75s
stress-hpa Deployment/deploy-stress 21%/95% 2 5 2 3m30s
stress-hpa Deployment/deploy-stress 125%/95% 2 5 2 3m45s
stress-hpa Deployment/deploy-stress 125%/95% 2 5 3 4m
stress-hpa Deployment/deploy-stress 125%/95% 2 5 3 4m15s
stress-hpa Deployment/deploy-stress 83%/95% 2 5 3 4m31s
stress-hpa Deployment/deploy-stress 91%/95% 2 5 3 5m16s
stress-hpa Deployment/deploy-stress 167%/95% 2 5 3 5m31s
stress-hpa Deployment/deploy-stress 167%/95% 2 5 5 5m46s
stress-hpa Deployment/deploy-stress 148%/95% 2 5 5 6m16s
stress-hpa Deployment/deploy-stress 150%/95% 2 5 5 6m31s
stress-hpa Deployment/deploy-stress 150%/95% 2 5 5 7m16s
stress-hpa Deployment/deploy-stress 150%/95% 2 5 5 7m31s
stress-hpa Deployment/deploy-stress 150%/95% 2 5 5 7m46s
stress-hpa Deployment/deploy-stress 150%/95% 2 5 5 8m1s
stress-hpa Deployment/deploy-stress 118%/95% 2 5 5 8m31s
stress-hpa Deployment/deploy-stress 0%/95% 2 5 5 8m46s
stress-hpa Deployment/deploy-stress 0%/95% 2 5 5 13m
stress-hpa Deployment/deploy-stress 0%/95% 2 5 2 13m水平伸缩基于内存的HPA实战案例
1. tmpfs概述
tmpfs是一个临时文件系统,驻留在内存中,所以/dev/shm这个目录不在硬盘上,而是在内存里,断电后数据会丢失。
因为在内存里,所以读写速度非常快,可以提供较高的速度,在Linux系统下,tmpfs默认最大为内存的一般大小。
了解tmpfs这个特性可以用来提供服务器性能,把一些读写性能要求较高,但是数据又可以丢失的这样的数据保存在/dev/shm设备中来提供访问速度。
接下来,我们使用dd命令产生数据写入tmpfs文件系统测试案例:
1.1 在tmp目录下创建100M类型的tmpfs文件系统
bash
[root@master241 ~]# mkdir /tmp/yinzhengjie
[root@master241 ~]# mount -t tmpfs -o size=100M tmpfs /tmp/yinzhengjie/ # 挂载了100M
[root@master241 ~]# df -h | grep yinzhengjie
tmpfs 100M 0 100M 0% /tmp/yinzhengjie1.2 使用dd命令产生写入200M数据无法写入成功,因为只有100M内存
bash
[root@master241 ~]# dd if=/dev/zero of=/tmp/yinzhengjie/bigfile.log bs=1M count=200
dd: error writing '/tmp/yinzhengjie/bigfile.log': No space left on device
101+0 records in
100+0 records out
104857600 bytes (105 MB, 100 MiB) copied, 0.0775754 s, 1.4 GB/s
[root@master241 ~]# ll -h /tmp/yinzhengjie/bigfile.log
-rw-r--r-- 1 root root 100M Sep 24 14:52 /tmp/yinzhengjie/bigfile.log2. deployment,cm,hpa的测试环境准备
yaml
[root@master231 horizontalpodautoscalers]# cat 02-deploy-cm-memory-case.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-memory
data:
start.sh: |
#!/bin/sh
mkdir /tmp/yinzhengjie
mount -t tmpfs -o size=90M tmpfs /tmp/yinzhengjie/
dd if=/dev/zero of=/tmp/yinzhengjie/bigfile.log
sleep 60
rm /tmp/yinzhengjie/bigfile.log
umount /tmp/yinzhengjie
rm -rf /tmp/yinzhengjie
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy-xiuxian-memory
spec:
replicas: 1
selector:
matchLabels:
apps: xiuxian
template:
metadata:
labels:
apps: xiuxian
spec:
volumes:
- name: data
configMap:
name: cm-memory
containers:
- name: c1
image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
volumeMounts:
- name: data
mountPath: /data
resources:
requests:
memory: 100Mi
cpu: 100m
securityContext:
privileged: true
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
name: web
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: hpa-memory
spec:
minReplicas: 2
maxReplicas: 5
metrics:
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 60
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: deploy-xiuxian-memory
bash
[root@master231 horizontalpodautoscalers]# kubectl apply -f 02-deploy-cm-memory-case.yaml
configmap/cm-memory created
deployment.apps/deploy-xiuxian-memory created
horizontalpodautoscaler.autoscaling/hpa-memory created3. 测试验证
3.1 终端一测试
bash
[root@master231 ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
deploy-xiuxian-memory-685869f7f9-gxbt5 1/1 Running 0 83s 10.100.2.37 worker233 <none> <none>
deploy-xiuxian-memory-685869f7f9-r9q7x 1/1 Running 0 68s 10.100.1.183 worker232 <none> <none>
[root@master231 ~]# kubectl exec -it deploy-xiuxian-memory-685869f7f9-pwz4l -- sh /data/start.sh # 执行该脚本需要等待1min,因为的的脚本逻辑要睡1min。
dd: error writing '/tmp/yinzhengjie/bigfile.log': No space left on device
184321+0 records in
184320+0 records out3.2 终端二测试
bash
[root@master231 ~]# kubectl exec -it deploy-xiuxian-memory-685869f7f9-r9q7x -- sh /data/start.sh # 执行该脚本需要等待1min,因为的的脚本逻辑要睡1min。
mkdir: can't create directory '/tmp/yinzhengjie': File exists
dd: error writing '/tmp/yinzhengjie/bigfile.log': No space left on device
184321+0 records in
184320+0 records out
rm: can't remove '/tmp/yinzhengjie': Resource busy
command terminated with exit code 13.3 查看hpa状态
bash
[root@master231 ~]# kubectl get hpa hpa-memory -w # 这次看内存
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
hpa-memory Deployment/deploy-xiuxian-memory <unknown>/60% 2 5 1 22s
hpa-memory Deployment/deploy-xiuxian-memory <unknown>/60% 2 5 2 30s
hpa-memory Deployment/deploy-xiuxian-memory 3%/60% 2 5 2 45s
hpa-memory Deployment/deploy-xiuxian-memory 3%/60% 2 5 2 105s
hpa-memory Deployment/deploy-xiuxian-memory 48%/60% 2 5 2 2m
hpa-memory Deployment/deploy-xiuxian-memory 48%/60% 2 5 2 2m45s
hpa-memory Deployment/deploy-xiuxian-memory 93%/60% 2 5 2 3m
hpa-memory Deployment/deploy-xiuxian-memory 49%/60% 2 5 4 3m15s
hpa-memory Deployment/deploy-xiuxian-memory 140%/60% 2 5 4 3m30s
hpa-memory Deployment/deploy-xiuxian-memory 71%/60% 2 5 5 3m45s
hpa-memory Deployment/deploy-xiuxian-memory 93%/60% 2 5 5 4m
hpa-memory Deployment/deploy-xiuxian-memory 39%/60% 2 5 5 4m15s
hpa-memory Deployment/deploy-xiuxian-memory 21%/60% 2 5 5 4m30s
hpa-memory Deployment/deploy-xiuxian-memory 3%/60% 2 5 5 5m
hpa-memory Deployment/deploy-xiuxian-memory 3%/60% 2 5 5 9m1s
hpa-memory Deployment/deploy-xiuxian-memory 3%/60% 2 5 4 9m16s
hpa-memory Deployment/deploy-xiuxian-memory 2%/60% 2 5 2 9m31s
hpa-memory Deployment/deploy-xiuxian-memory 2%/60% 2 5 2 9m46s项目篇: jenkins结合K8S实现CI/CD
1. 环境准备
IP及主机名:
10.0.0.211 jenkins211
2. jenkins环境部署
1. 安装字体相关的依赖包
bash
[root@jenkins211 ~]# apt -y install fontconfig2. 安装JDK
bash
[root@jenkins211 ~]# wget http://192.168.16.253/Resources/Kubernetes/Project/DevOps/Jenkins/jdk-17_linux-x64_bin.tar.gz
[root@jenkins211 ~]# tar xf jdk-17_linux-x64_bin.tar.gz -C /usr/local/
[root@jenkins211 ~]# cat /etc/profile.d/jdk.sh
#!/bin/bash
export JAVA_HOME=/usr/local/jdk-17.0.8
export PATH=$PATH:$JAVA_HOME/bin
[root@jenkins211 ~]# source /etc/profile.d/jdk.sh
[root@jenkins211 ~]# java --version
java 17.0.8 2023-07-18 LTS
Java(TM) SE Runtime Environment (build 17.0.8+9-LTS-211)
Java HotSpot(TM) 64-Bit Server VM (build 17.0.8+9-LTS-211, mixed mode, sharing)3. 安装jenkins
bash
[root@jenkins211 ~]# wget http://192.168.16.253/Resources/Kubernetes/Project/DevOps/Jenkins/jenkins-v2.479.3/jenkins_2.479.3_all.deb
[root@jenkins211 ~]# dpkg -i jenkins_2.479.3_all.deb4. 修改jenkins的启动脚本
bash
[root@jenkins211 ~]# vim /lib/systemd/system/jenkins.service
...
[Service]
...
User=root
Group=root
...
Environment="JAVA_HOME=/usr/local/jdk-17.0.8"
Environment="JENKINS_HOME=/var/lib/jenkins" # 在这行上面写
...5. 启动jenkins
bash
[root@jenkins211 ~]# systemctl daemon-reload
[root@jenkins211 ~]# systemctl enable --now jenkins
[root@jenkins211 ~]# ss -ntl | grep 8080
LISTEN 0 50 *:8080 *:*6. 访问jenkins的WebUI
查看默认的密码进行登录【复制你自己的密码到webUI】
bash
[root@jenkins211 ~]# cat /var/lib/jenkins/secrets/initialAdminPassword
335c1f0e415144b58065cf97829c1a717. 跳过插件安装
点×号
8. 修改admin密码
admin 1
3. jenkins常用插件安装
1. 下载插件包
bash
[root@jenkins211 ~]# wget http://192.168.16.253/Resources/Kubernetes/Project/DevOps/Jenkins/jenkins-v2.479.3/oldboyedu-jenkins-2.479.3-plugins.tar.gz2. 解压插件包
bash
[root@jenkins211 ~]# tar xf oldboyedu-jenkins-2.479.3-plugins.tar.gz -C /var/lib/jenkins/plugins/3. 重启jenkins环境
bash
[root@jenkins211 ~]# systemctl restart jenkins.service或者调用jenkins的API重启:
http://10.0.0.211:8080/restart
4. 验证插件是否安装成功
http://10.0.0.211:8080/manage/pluginManager/installed
4. gitee账号注册并推送代码
参考链接:
1. 新建gitee代码仓库
添加新建仓库----oldboyedu-linux99-yiliao-私有
2. git全局配置【写你自己的账号信息】
bash
[root@harbor250 ~]# git config --global user.name "尹正杰"
[root@harbor250 ~]# git config --global user.email "8669059+yinzhengjie@user.noreply.gitee.com"3. git初始化操作
bash
[root@harbor250 ~]# mkdir oldboyedu-linux99-yiliao
[root@harbor250 ~]# cd oldboyedu-linux99-yiliao
[root@harbor250 oldboyedu-linux99-yiliao]# git init
hint: Using 'master' as the name for the initial branch. This default branch name
hint: is subject to change. To configure the initial branch name to use in all
hint: of your new repositories, which will suppress this warning, call:
hint:
hint: git config --global init.defaultBranch <name>
hint:
hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
hint: 'development'. The just-created branch can be renamed via this command:
hint:
hint: git branch -m <name>
Initialized empty Git repository in /root/oldboyedu-linux99-yiliao/.git/4. 模拟开发人员提交代码到本地仓库
bash
[root@harbor250 oldboyedu-linux99-yiliao]# wget http://192.168.16.253/Resources/Kubernetes/Project/DevOps/Jenkins/oldboyedu-yiliao.zip
[root@harbor250 oldboyedu-linux99-yiliao]# unzip oldboyedu-yiliao.zip && rm -f oldboyedu-yiliao.zip
[root@harbor250 oldboyedu-linux99-yiliao]# ll
total 228
drwxr-xr-x 6 root root 4096 Sep 29 12:07 ./
drwx------ 9 root root 4096 Sep 29 12:06 ../
-rw-r--r-- 1 root root 16458 Jun 13 2019 about.html
-rw-r--r-- 1 root root 20149 Jun 13 2019 album.html
-rw-r--r-- 1 root root 19662 Jun 13 2019 article_detail.html
-rw-r--r-- 1 root root 18767 Jun 13 2019 article.html
-rw-r--r-- 1 root root 18913 Jun 13 2019 comment.html
-rw-r--r-- 1 root root 16465 Jun 13 2019 contact.html
drwxr-xr-x 2 root root 4096 Sep 19 2022 css/
drwxr-xr-x 7 root root 4096 Sep 29 12:06 .git/
drwxr-xr-x 5 root root 4096 Sep 19 2022 images/
-rw-r--r-- 1 root root 29627 Jun 29 2019 index.html
drwxr-xr-x 2 root root 4096 Sep 19 2022 js/
-rw-r--r-- 1 root root 24893 Jun 13 2019 product_detail.html
-rw-r--r-- 1 root root 20672 Jun 13 2019 product.html
git config --global user.name "朱先航"
git config --global user.email "14119536+zhu-xianhang@user.noreply.gitee.com"
[root@harbor250 oldboyedu-linux99-yiliao]# git add .
[root@harbor250 oldboyedu-linux99-yiliao]# git commit -m 'yiliao code'5. 推送代码到gitee:我的用户名密码是13640188006 010402zxh
bash
[root@harbor250 oldboyedu-linux99-yiliao]# git remote add origin https://gitee.com/zhu-xianhang/oldboyedu-linux99-yiliao.git
[root@harbor250 oldboyedu-linux99-yiliao]# git push -u origin "master"
Username for 'https://gitee.com': yinzhengjie
Password for 'https://yinzhengjie@gitee.com':
Enumerating objects: 90, done.
Counting objects: 100% (90/90), done.
Delta compression using up to 2 threads
Compressing objects: 100% (90/90), done.
Writing objects: 100% (90/90), 1.48 MiB | 1.73 MiB/s, done.
Total 90 (delta 12), reused 0 (delta 0), pack-reused 0
remote: Powered by GITEE.COM [1.1.5]
remote: Set trace flag 684117bc
To https://gitee.com/yinzhengjie/oldboyedu-linux99-yiliao.git
* [new branch] master -> master
Branch 'master' set up to track remote branch 'master' from 'origin'.6. 远程仓库查看
5. jenkins从gitee拉取代码测试
新建任务-oldboyedu-linux99-yiliao-构建自由风格
源码管理-URL-credentials用户密码
执行shell---写上pw ls-l
6. 基于ssh认证及模拟开发人员推送Dockerfile文件
参考链接:
https://help.gitee.com/base/account/SSH公钥设置
1. 生成密钥对
bash
[root@harbor250 ~]# ssh-keygen -t rsa -P "" -f ~/.ssh/id_rsa -q
[root@harbor250 ~]# ll ~/.ssh/id_rsa*
-rw------- 1 root root 2602 Sep 29 15:23 /root/.ssh/id_rsa
-rw-r--r-- 1 root root 568 Sep 29 15:23 /root/.ssh/id_rsa.pub2. 查看公钥信息:使用这个就不需要密码了
bash
[root@harbor250 ~]# cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCgTlc5BvuZuUpObG2sqInP7ZCjvS0DgTh9q+A4RqWu3cDP7AKI5AY7C6E/iTvtp6JXJYBftEWJvGX/jlughusUPxyBBB1lDM9CsYQvFsEjDoANMebUP3oeRGNyrqFkMIC0bI7km/HbW4tn8fOv85Ety+AW9C7SZ4QCw7edOB/62xCpODQHqGnwe7Vaxm45Wu09JSSzezwq/oE3vM4TvOgRO0/YyEoCTwbTPpuFqTiQcDAE+Udi3g75k+rkidlsuF7+JUHU8V62bewEg0v0GSR6a99NB/Yj/6idMV9fAMTGQ7xpQrwyjwgKYLZIlj5lEm51tTpl/vtidK2UpXn8XiuYd2DnCWziu+/Jlzz5Es3P3/RkG4zY2+A4eJ/R73vI8WowB7jRbBew28bkM41tYQOnDLOVgCPdXktP5DjSFa6ikuzj120xDX0uKLFVW1HzP2FU0In3/btVv+AcK41w/Yp6Rl7pV8cHDV2D4m3J8VMPnUVB9niMyxaphuUCv+M+wAs= root@harbor2503. 将公钥信息添加到gitee
https://gitee.com/profile/sshkeys
4. 拉取代码
bash
[root@harbor250 ~]# cd /opt/
[root@harbor250 opt]# git clone git@gitee.com:zhu-xianhang/oldboyedu-linux99-yiliao.git
Cloning into 'oldboyedu-linux99-yiliao'...
The authenticity of host 'gitee.com (180.76.199.13)' can't be established.
ED25519 key fingerprint is SHA256:+ULzij2u99B9eWYFTw1Q4ErYG/aepHLbu96PAUCoV88.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes # 第一次拉取代码需要输入'yes'
Warning: Permanently added 'gitee.com' (ED25519) to the list of known hosts.
remote: Enumerating objects: 90, done.
remote: Counting objects: 100% (90/90), done.
remote: Compressing objects: 100% (90/90), done.
remote: Total 90 (delta 10), reused 0 (delta 0), pack-reused 0 (from 0)
Receiving objects: 100% (90/90), 1.48 MiB | 1.18 MiB/s, done.
Resolving deltas: 100% (10/10), done.
[root@harbor250 opt]# cd oldboyedu-linux99-yiliao/
[root@harbor250 oldboyedu-linux99-yiliao]# ll
total 228
drwxr-xr-x 6 root root 4096 Sep 29 15:25 ./
drwxr-xr-x 4 root root 4096 Sep 29 15:25 ../
-rw-r--r-- 1 root root 16458 Sep 29 15:25 about.html
-rw-r--r-- 1 root root 20149 Sep 29 15:25 album.html
-rw-r--r-- 1 root root 19662 Sep 29 15:25 article_detail.html
-rw-r--r-- 1 root root 18767 Sep 29 15:25 article.html
-rw-r--r-- 1 root root 18913 Sep 29 15:25 comment.html
-rw-r--r-- 1 root root 16465 Sep 29 15:25 contact.html
drwxr-xr-x 2 root root 4096 Sep 29 15:25 css/
drwxr-xr-x 8 root root 4096 Sep 29 15:25 .git/
drwxr-xr-x 5 root root 4096 Sep 29 15:25 images/
-rw-r--r-- 1 root root 29627 Sep 29 15:25 index.html
drwxr-xr-x 2 root root 4096 Sep 29 15:25 js/
-rw-r--r-- 1 root root 24893 Sep 29 15:25 product_detail.html
-rw-r--r-- 1 root root 20672 Sep 29 15:25 product.html5. 编写Dockerfile并提交到本地仓库:基于现有Nginx镜像,清空默认内容,替换为你的自定义内容
dockerfile
[root@harbor250 oldboyedu-linux99-yiliao]# cat Dockerfile
FROM registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
LABEL school=oldboyedu \
class=linux99 \
auther=JasonYin \
email="y1053419035@qq.com"
RUN rm -rf /usr/share/nginx/html/*
ADD . /usr/share/nginx/html
EXPOSE 80本地测试:
bash
docker build -t test:v1 .
docker run -d -p 81:80 --name c1 test:v1
bash
[root@harbor250 oldboyedu-linux99-yiliao]# git add .
[root@harbor250 oldboyedu-linux99-yiliao]# git status
On branch master
Your branch is up to date with 'origin/master'.
Changes to be committed:
(use "git restore --staged <file>..." to unstage)
new file: Dockerfile
[root@harbor250 oldboyedu-linux99-yiliao]# git commit -m 'add dockerfile'
[master 99eb775] add dockerfile
1 file changed, 12 insertions(+)
create mode 100644 Dockerfile
[root@harbor250 oldboyedu-linux99-yiliao]# git status
On branch master
Your branch is ahead of 'origin/master' by 1 commit.
(use "git push" to publish your local commits)
nothing to commit, working tree clean此时本地提交成功了
6. 推送代码到gitee
bash
[root@harbor250 oldboyedu-linux99-yiliao]# git remote -v
origin git@gitee.com:yinzhengjie/oldboyedu-linux99-yiliao.git (fetch)
origin git@gitee.com:yinzhengjie/oldboyedu-linux99-yiliao.git (push)
[root@harbor250 oldboyedu-linux99-yiliao]# git push origin master
Enumerating objects: 4, done.
Counting objects: 100% (4/4), done.
Delta compression using up to 2 threads
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 493 bytes | 493.00 KiB/s, done.
Total 3 (delta 1), reused 0 (delta 0), pack-reused 0
remote: Powered by GITEE.COM [1.1.5]
remote: Set trace flag a9413bb3
To gitee.com:yinzhengjie/oldboyedu-linux99-yiliao.git
236d077..99eb775 master -> master7. 远程仓库验证
https://gitee.com/yinzhengjie/oldboyedu-linux99-yiliao
7. jenkins构建docker镜像并推送到harbor仓库
1. 安装docker环境
bash
[root@jenkins211 ~]# wget http://192.168.16.253/Resources/Docker/scripts/oldboyedu-autoinstall-docker-docker-compose.tar.gz
[root@jenkins211 ~]# tar xf oldboyedu-autoinstall-docker-docker-compose.tar.gz
[root@jenkins211 ~]# ./install-docker.sh i2. 添加解析记录
bash
[root@jenkins211 ~]# echo 10.0.0.250 harbor250.oldboyedu.com >> /etc/hosts
[root@jenkins211 ~]# tail -1 /etc/hosts
10.0.0.250 harbor250.oldboyedu.com3. 拷贝harbor的客户端证书
bash
[root@jenkins211 ~]# scp -r 10.0.0.231:/etc/docker/certs.d/ /etc/docker/4. 修改jenkins的命令行推送代码到harbor
Jenkins主动拉取Git仓库代码到这个目录
当前Jenkins处在/var/lib/jenkins/workspace/oldboyedu-linux99-yiliao目录下
bash
docker build -t harbor250.oldboyedu.com/oldboyedu-yiliao/yiliao:v0.1 .
docker login -u admin -p 1 harbor250.oldboyedu.com
docker push harbor250.oldboyedu.com/oldboyedu-yiliao/yiliao:v0.1
docker logout harbor250.oldboyedu.com5. 开始构建
6. harbor的WebUI验证
8. jenkins部署业务到K8S集群
1. 准备资源清单
bash
[root@jenkins211 ~]# mkdir /oldboyedu/projects
[root@jenkins211 ~]# cd /oldboyedu/projects
yaml
[root@jenkins211 projects]# cat deploy-yiliao.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy-yiliao
spec:
replicas: 3
selector:
matchLabels:
apps: yiliao
template:
metadata:
labels:
apps: yiliao
spec:
containers:
- name: c1
image: harbor250.oldboyedu.com/oldboyedu-yiliao/yiliao:v0.1
ports:
- containerPort: 80
name: web
yaml
[root@jenkins211 projects]# cat svc-yiliao.yaml
apiVersion: v1
kind: Service
metadata:
name: svc-yiliao
spec:
type: LoadBalancer
selector:
apps: yiliao
ports:
- port: 80
targetPort: web2. 部署kubectl工具
bash
[root@jenkins211 ~]# wget http://192.168.16.253/Resources/Kubernetes/Project/DevOps/Jenkins/kubectl-1.23.17
[root@jenkins211 ~]# mv kubectl-1.23.17 /usr/local/bin/kubectl
[root@jenkins211 ~]# chmod +x /usr/local/bin/kubectl
[root@jenkins211 ~]# ll /usr/local/bin/kubectl
-rwxr-xr-x 1 root root 45174784 Sep 4 2023 /usr/local/bin/kubectl*3. 准备认证文件
bash
[root@jenkins211 ~]# mkdir -p .kube
[root@jenkins211 ~]# scp 10.0.0.231:/root/.kube/config .kube4. 修改jenkins的命令:当前处于/var/lib/jenkins/workspace/oldboyedu-linux99-yiliao目录下
bash
docker build -t harbor250.oldboyedu.com/oldboyedu-yiliao/yiliao:v0.1 .
docker login -u admin -p 1 harbor250.oldboyedu.com
docker push harbor250.oldboyedu.com/oldboyedu-yiliao/yiliao:v0.1
docker logout harbor250.oldboyedu.com
kubectl apply -f /oldboyedu/projects
kubectl get svc,po -o wide5. 访问测试
bash
[root@master231 ~]# kubectl get svc,pods -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/kubernetes ClusterIP 10.200.0.1 <none> 443/TCP 2d5h <none>
service/svc-yiliao LoadBalancer 10.200.177.159 10.0.0.151 80:31499/TCP 82s apps=yiliao
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/deploy-yiliao-5f48d8bd77-gjhn4 1/1 Running 0 82s 10.100.2.41 worker233 <none> <none>
pod/deploy-yiliao-5f48d8bd77-jxzcq 1/1 Running 0 82s 10.100.2.40 worker233 <none> <none>
pod/deploy-yiliao-5f48d8bd77-nqj8g 1/1 Running 0 82s 10.100.1.185 worker232 <none> <none>9. jenkins参数化构建并实现K8S更新
更新:改index文件,然后git commit -a -m 'add index.html' git push origin master
1. 添加选项参数 参数化构建
参数化构建-git参数-叫release-参数类型选修订-默认值origin/master
2. 修改脚本内容:如果存在deploy就参数化构建,不存在就apply一个先
bash
# push image to harbor
docker build -t harbor250.oldboyedu.com/oldboyedu-yiliao/yiliao:${release} .
docker login -u admin -p 1 harbor250.oldboyedu.com
docker push harbor250.oldboyedu.com/oldboyedu-yiliao/yiliao:${release}
docker logout harbor250.oldboyedu.com
# deploy project
kubectl get deployments.apps deploy-yiliao 2>/dev/null
if [ $? -eq 0 ];then
kubectl set image deploy deploy-yiliao c1=harbor250.oldboyedu.com/oldboyedu-yiliao/yiliao:${release}
else
kubectl apply -f /k8s-yiliao/01-deploy-yiliao.yaml
fi
kubectl get deploy,svc,po -o wide --show-labels3. 修改远程仓库代码
略,见视频
4. jenkins构建
略,见视频
5. 访问WebUI
10. jenkins实现回滚实战案例
新建一个项目,复制之前的创建
jenkins代码:只用写这一行就好
bash
kubectl set image deploy deploy-yiliao c1=harbor250.oldboyedu.com/oldboyedu-yiliao/yiliao:${release}