文章目录
第4部:kubernetes与devops整合
kubernetes部署
快速安装kubernetes
安装教程
选择默认支持docker的版本1.19
1:前置环境
主机名解析
bash
[root@master ~]# echo "127.0.0.1 $(hostname)" >> /etc/hosts
bash
[root@node1 ~]# echo "127.0.0.1 $(hostname)" >> /etc/hosts防火墙关闭,禁用selinux
bash
[root@master ~]# systemctl disable firewalld.service --now
[root@master ~]# setenforce 0
bash
[root@node1 ~]# systemctl disable firewalld.service --now
[root@node1 ~]# setenforce 0配置固定IP
master
bash
[root@master ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=3abeb8f5-c5bd-4e3b-aefa-6410cdcc0d59
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.108.32
PREFIX=24
GATEWAY=192.168.108.2
DNS1=192.168.108.2node1
bash
[root@node1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=3abeb8f5-c5bd-4e3b-aefa-6410cdcc0d59
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.108.33
PREFIX=24
GATEWAY=192.168.108.2
DNS1=192.168.108.22:安装docker及kubelet
在所有节点上安装
bash
export REGISTRY_MIRROR=https://registry.cn-hangzhou.aliyuncs.com
curl -sSL https://kuboard.cn/install-script/v1.19.x/install_kubelet.sh | sh -s 1.19.53:初始化master节点
在master节点上进行初始化
修改:export MASTER_IP=192.168.108.32
export APISERVER_NAME=abner.com
其他内容保持不变进行复制粘贴
bash
# 只在 master 节点执行
# 替换 x.x.x.x 为 master 节点实际 IP(请使用内网 IP)
# export 命令只在当前 shell 会话中有效,开启新的 shell 窗口后,如果要继续安装过程,请重新执行此处的 export 命令
[root@master ~]# export MASTER_IP=192.168.108.32
# 替换 apiserver.demo 为 您想要的 dnsName
[root@master ~]# export APISERVER_NAME=abner.com
# Kubernetes 容器组所在的网段,该网段安装完成后,由 kubernetes 创建,事先并不存在于您的物理网络中
[root@master ~]# export POD_SUBNET=10.100.0.1/16
[root@master ~]# echo "${MASTER_IP} ${APISERVER_NAME}" >> /etc/hosts
[root@master ~]# curl -sSL https://kuboard.cn/install-script/v1.19.x/init_master.sh | sh -s 1.19.5初始化完成显示
检查初始化结果
bash
watch kubectl get pod -n kube-system -o wide需要等待全部为running(需要开启加速,等待时间十分钟左右)
若在 停留过长,下载失败
bash# 通过日志查看错误 [root@master ~]# journalctl -u kubelet --since "2 minutes ago" --no-pager | grep -E "Error|Failed|Fatal|cgroup|driver" Feb 25 16:28:31 master kubelet[9500]: E0225 16:28:31.133316 9500 reflector.go:127] k8s.io/kubernetes/pkg/kubelet/config/apiserver.go:46: Failed to watch *v1.Pod: failed to list *v1.Pod: Get "https://abner.com:6443/api/v1/pods?fieldSelector=spec.nodeName%3Dmaster&limit=500&resourceVersion=0": dial tcp 216.40.34.37:6443: connect: connection refused Feb 25 16:28:31 master kubelet[9500]: E0225 16:28:31.933455 9500 reflector.go:127] k8s.io/client-go/informers/factory.go:134: Failed to watch *v1.Service: failed to list *v1.Service: Get "https://abner.com:6443/api/v1/services?limit=500&resourceVersion=0": dial tcp 216.40.34.37:6443: connect: connection refused # DNS解析错误解决方法
bash# 获取本机内网 IP LOCAL_IP="192.168.108.32" # 备份 hosts cp /etc/hosts /etc/hosts.bak # 删除原有的错误解析 (如果有) sed -i '/abner.com/d' /etc/hosts sed -i '/^.*master$/d' /etc/hosts # 添加正确的解析 echo "$LOCAL_IP master abner.com kubernetes kubernetes.default" >> /etc/hosts # 验证 cat /etc/hosts ping -c 1 abner.com ping -c 1 master清理残留环境
bash# 1. 重置 kubeadm kubeadm reset -f # 2. 清理残留的 etcd 数据和 pki 证书 (因为证书里绑定了错误的 DNS/IP 组合,建议重新生成) rm -rf /var/lib/etcd/* rm -rf /etc/kubernetes/pki/* # 注意:保留 /etc/kubernetes/pki/etcd 如果不想重签 etcd 证书也可以,但为了干净起见,全删让脚本重生成最稳妥。 # 这里我们只删 pki 目录下的内容,保留目录结构 rm -rf /etc/kubernetes/manifests/* rm -rf /var/lib/kubelet/* # 3. 重启 kubelet systemctl restart kubelet
查看node状态
bash
[root@master ~]# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
master Ready master 117m v1.19.5 192.168.108.32 <none> CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 docker://19.3.114:初始化worker节点
获取join命令参数
在master节点执行,生成的token有效时间为2小时
bash
[root@master ~]# kubeadm token create --print-join-command
W0225 18:32:19.939401 119982 configset.go:348] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
kubeadm join abner.com:6443 --token 19zdch.n9wx51hcnxasftfu --discovery-token-ca-cert-hash sha256:a466de0689ac189193277c99f61e8ac36b243c615324937276f430d460b59671针对所有worker节点执行
bash
# 只在 worker 节点执行
# 替换 x.x.x.x 为 master 节点的内网 IP
[root@node1 ~]# export MASTER_IP=192.168.108.32
# 替换 apiserver.demo 为初始化 master 节点时所使用的 APISERVER_NAME
[root@node1 ~]# export APISERVER_NAME=abner.com
[root@node1 ~]# echo "${MASTER_IP} ${APISERVER_NAME}" >> /etc/hosts
[root@node1 ~]# kubeadm join abner.com:6443 --token 19zdch.n9wx51hcnxasftfu --discovery-token-ca-cert-hash sha256:a466de0689ac189193277c99f61e8ac36b243c615324937276f430d460b59671初始化完成信息
5:检查初始化结果
需要等待几分钟,worker节点为Ready状态
bash
[root@master ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master Ready master 134m v1.19.5
node1 Ready <none> 13m v1.19.5整合YAML文件准备
因为yaml资源文件可以在k8s上创建应用pod,所以需要提前创建yaml,拉取到k8s服务器上
在gitlab上新建YAML文件
输入YAML文件内容:
bash
apiVersion: apps/v1
kind: Deployment
metadata:
name: pipeline
labels:
app: pipeline
spec:
replicas: 2
selector:
matchLabels:
app: pipeline
template:
metadata:
labels:
app: pipeline
spec:
containers:
- name: pipeline
image: 192.168.108.31:80/repo/pipeline:v4.0
imagePullPolicy: Always # 保持最新版本
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
labels:
app: pipeline
name: pipeline
spec:
selector:
app: pipeline
ports:
- port: 8081
targetPort: 8080
type: NodePort
harbor仓库对接
在所有k8s(master,node)节点添加harbor仓库地址配置
bash
[root@master ~]# vim /etc/docker/daemon.json
{
"insecure-registries": ["192.168.108.31:80"],
"registry-mirrors": ["https://registry.cn-hangzhou.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}重启docker服务
bash
[root@master ~]# systemctl restart docker测试k8s(master,node)节点harbor登录
bash
[root@master ~]# docker login 192.168.108.31:80 -u admin -p harbor123
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login SucceededYAML推送k8s服务器设置
在master节点配置推送目标目录
bash
[root@master ~]# mkdir /usr/local/k8s
[root@master ~]# chmod 777 /usr/local/k8s系统管理-系统配置
点击测试,成功后,应用并保存
在流水线中修改Publish Over SSH通知目标服务器步骤的Jenkinsfile的内容
到gitlab服务器上,修改Jenkinsfile内容
保存配置,并添加新标签tag,否则识别不到新添加的yml文件
先构建,测试yaml文件推送
查看构建日志
构建失败原因:Jenkins执行docker命令权限不足
解决:Jenkins节点执行以下命令
bashcd /var/run chown root:root docker.sock chmod o+rw docker.sock
到master节点上查看,已成功传递
bash
[root@master ~]# ls /usr/local/k8s
pipeline.yamlJenkins使用ssh无密码登录访问k8s的master节点
因为希望使用ssh 用户名@k8s地址 kubectl apply -f /usr/local/k8s/pipeline.yml创建资源,会进行ssh 免交互
把Jenkins中的公钥内容传递给k8s的master实现免密
bash
[root@jenkins ~]# docker exec -it jenkins bash
jenkins@51c548a67cdf:/$ cd ~
jenkins@51c548a67cdf:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/jenkins_home/.ssh/id_rsa):
Created directory '/var/jenkins_home/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/jenkins_home/.ssh/id_rsa
Your public key has been saved in /var/jenkins_home/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:0LH7tTXQ4j3nnD0wPBalGlIS4yKD67+zJl91L/TkG4Y jenkins@51c548a67cdf
The key's randomart image is:
+---[RSA 3072]----+
| .+.. . |
| . ..o+ .o |
| . o..oo .oo. |
| . o.....++. |
| . S. +oB= .|
| . ..o.Bo+*o|
| . . .E.* o+|
| ..o. o o .|
| +=+ . |
+----[SHA256]-----+
bash
jenkins@51c548a67cdf:~$ cd .ssh/
jenkins@51c548a67cdf:~/.ssh$ ls
id_rsa id_rsa.pub复制公钥内容传递给master
bash
jenkins@51c548a67cdf:~/.ssh$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDuN33/QHO/MKpGnL+T8+n39qSGEHU7OPAaTZl9dQMW+CFezM8WtLUJN7fUzOVixy1W2NKPSEckAMT1UTm8kLJM7yOAT/50bfVQvhM1LLjwPbIqrt4CeT/Hi0WhvBu9TzBZXuO88c/EOOO5mhBLQYOzHlGmu1gGlNORBYJRhyXQWUIPkMbH6jCYP1MCKLF85x5F/6bCsF65HhkLmf/i5XYDmYJeHMpeiHPhSfSgDtJFHd7Fq3XTfy4r9+vrMthbpcpED3fpcqErXLY/m1V3QbJK+C7szwsWjLzLeyIO2EYro7hIG+9dEewlNeho57doL99NJkIL0jo27cqdvpBPwvP4niBKOratl/Wo6udeZBhBAi93nx/B5HE2ZjQ2iYYH6TF/USsWqs2YtFEv3yNa+RmWGPg/VGojk99MpN2Q+gSCtw3C+umz4L3m/plPSmKErW39Xmbz3yFbUbNccgpnEhGvnZtQvk7m/unOLSFLI5MQ9+P1k7iQ3fWRvNgXOTl8Yoc= jenkins@51c548a67cdf到master节点上
bash
[root@master ~]# mkdir .ssh
[root@master ~]# cd .ssh/
[root@master .ssh]# vim authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDuN33/QHO/MKpGnL+T8+n39qSGEHU7OPAaTZl9dQMW+CFezM8WtLUJN7fUzOVixy1W2NKPSEckAMT1UTm8kLJM7yOAT/50bfVQvhM1LLjwPbIqrt4CeT/Hi0WhvBu9TzBZXuO88c/EOOO5mhBLQYOzHlGmu1gGlNORBYJRhyXQWUIPkMbH6jCYP1MCKLF85x5F/6bCsF65HhkLmf/i5XYDmYJeHMpeiHPhSfSgDtJFHd7Fq3XTfy4r9+vrMthbpcpED3fpcqErXLY/m1V3QbJK+C7szwsWjLzLeyIO2EYro7hIG+9dEewlNeho57doL99NJkIL0jo27cqdvpBPwvP4niBKOratl/Wo6udeZBhBAi93nx/B5HE2ZjQ2iYYH6TF/USsWqs2YtFEv3yNa+RmWGPg/VGojk99MpN2Q+gSCtw3C+umz4L3m/plPSmKErW39Xmbz3yFbUbNccgpnEhGvnZtQvk7m/unOLSFLI5MQ9+P1k7iQ3fWRvNgXOTl8Yoc= jenkins@51c548a67cdfmaster重启sshd服务
bash
[root@master .ssh]# systemctl restart sshd在Jenkins容器中测试免密执行
bash
jenkins@51c548a67cdf:~/.ssh$ ssh root@192.168.108.32 ls /
bin
boot
dev
etc
home
lib
lib64
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
varJenkins中设置YAML部署
在流水线语法中
输入:(注意:执行的是绝对路径)
bash
ssh root@192.168.108.32 kubectl apply -f /usr/local/k8s/pipeline.yaml在gitlab中增加步骤
增加步骤内容:
bash
stage('远程执行kubectl命令') {
steps {
sh 'ssh root@192.168.108.32 kubectl apply -f /usr/local/k8s/pipeline.yaml'
}
}因为拉取的项目标签是4.0,所以pipeline.yml拉取镜像的标签也要同步变更
首页内容变更
路径:src/main/java/com/guo/demo/controller/Test/Controller.java
gitlab中把原来的v4.0标签删除,重新创建,命名依然写v4.0
立即构建
在master上查看pod资源
bash
[root@master .ssh]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pipeline-6b4965b559-657dm 1/1 Running 0 112s 10.100.166.129 node1 <none> <none>
pipeline-6b4965b559-mbj7p 1/1 Running 0 112s 10.100.166.130 node1 <none> <none>
bash
[root@master .ssh]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 18h
pipeline NodePort 10.96.53.129 <none> 8081:31463/TCP 2m9s在node1上查看下载的pipeline镜像
bash
[root@node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.108.31:80/repo/pipeline v4.0 1332856cac9d 2 minutes ago 543MB
bash
[root@node1 ~]# docker ps -a | grep pipeline
29dc0d1c1fc5 192.168.108.31:80/repo/pipeline "/bin/sh -c 'java -j..." 2 minutes ago Up 2 minutes k8s_pipeline_pipeline-6b4965b559-mbj7p_default_90e329ee-1d45-4c20-90e1-9a5ec26d30fa_0
81dd1211dbe2 192.168.108.31:80/repo/pipeline "/bin/sh -c 'java -j..." 2 minutes ago Up 2 minutes k8s_pipeline_pipeline-6b4965b559-657dm_default_cef13886-b974-426d-ba87-bab6e11c80f8_0
bee3825f8892 registry.aliyuncs.com/k8sxio/pause:3.2 "/pause" 2 minutes ago Up 2 minutes k8s_POD_pipeline-6b4965b559-mbj7p_default_90e329ee-1d45-4c20-90e1-9a5ec26d30fa_0
6d6bfdab414c registry.aliyuncs.com/k8sxio/pause:3.2 "/pause" 2 minutes ago Up 2 minutes k8s_POD_pipeline-6b4965b559-657dm_default_cef13886-b974-426d-ba87-bab6e11c80f8_0打开node地址查看网页
http://192.168.108.33:31463/test
查看钉钉通知
