Kubernetes集成Harbor

Harbor 私服配置

在Kubernetes的master和所有worker節點上加上harbor配置，修改daemon.json，支持Docker倉庫，并重啟Docker。

sudo vim /etc/docker/daemon.json 

{
  "registry-mirrors": ["https://jrabvn1q.mirror.aliyuncs.com"],
  "insecure-registries":["192.168.232.7:80"]
}

sudo systemctl daemon-reload
sudo systemctl restart docker

Harbor 賬戶配置

image.png

image.png

測試示例

編寫pipeline-test.yml文件，將我們前面通過jenkins打包的鏡像部署到kubernetes中。

apiVersion: apps/v1
kind: Deployment
metadata:                        # metadata字段包含對Deployment的描述信息
  name: pipeline-test-deployment
  namespace: test
  labels:
    app: pipeline-test-pod      # 標簽字段用于識別Pod
spec:
  replicas: 2                   # 定義副本數量
  selector:
    matchLabels:
      app: pipeline-test-pod
  template:
    metadata:
      labels:
        app: pipeline-test-pod
    spec:
      containers:
      # 定義nginx容器
      - name: pipeline-test
        image: 192.168.232.7:80/repository/pipeline-test:v1.0.0
        imagePullPolicy: Always # 定義拉取鏡像的方式（每次都拉取）
        ports:
        - containerPort: 80
          protocol: TCP
        resources:
          requests:
            cpu: 200m            # 請求時申請CPU資源為0.2核
            memory: 256Mi        # 請求時申請內存資源為256M
          limits:
            cpu: 500m            # 限定CPU資源上限為0.5核
            memory: 512Mi        # 限定內存資源上限為512M
---
apiVersion: v1
kind: Service
metadata:
  name: pipeline-test-service
  namespace: test
spec:
  selector:
    app: pipeline-test-pod
  ports:
    - name: pipeline-test
      port: 8888
      targetPort: 80
--- 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: pipeline-test-ingress
  namespace: test
spec:
  ingressClassName: pipeline-test-ingress
  rules:
  - host: pipeline-test.xiaoyuh.com
    http:
      paths:
      - pathType: Prefix       # 前綴匹配模式
        path: "/"
        backend:
          service:
            name: pipeline-test-service
            port:
              number: 8888

執行命令運行服務：

[root@k8s-master ~]# kubectl apply -f pipeline-test.yml
deployment.apps/pipeline-test-deployment created
service/pipeline-test-service created
ingress.networking.k8s.io/pipeline-test-ingress created

image.png

修改本地host

admin@wangyuhao ~ % sudo vim /etc/hosts
192.168.232.8 nginx.xiaoyuh.com
192.168.232.8 tomcate.xiaoyuh.com
192.168.232.8 pipeline-test.xiaoyuh.com

本地驗證

image.png

Jenkins集成Kubernetes

將剛剛編寫的yml文件放到git中

image.png

將yml文件傳輸到K8s的Master

配置Jenkins的目標服務器

image.png

image.png

將yml文件傳輸到K8s的Master上

1. 生成流水線語法

image.png

2. 將語句替換到Jenkinsfile中

        stage('推送yml文件到k8s') {
            steps {
                sshPublisher(publishers: [sshPublisherDesc(configName: 'k8s-master', transfers: [sshTransfer(cleanRemote: false, excludes: '', execCommand: 'echo 1', execTimeout: 120000, flatten: false, makeEmptyDirs: false, noDefaultExcludes: false, patternSeparator: '[, ]+', remoteDirectory: '', remoteDirectorySDF: false, removePrefix: '', sourceFiles: './k8s/$JOB_BASE_NAME.yml')], usePromotionTimestamp: false, useWorkspaceInPromotion: false, verbose: false)])
            }
        }

SSH Key 配置

進入jenkins容器生成新的ssh key

[root@localhost mytest]# docker exec -it jenkins bash
jenkins@790140a70e6f:/$ cd /var/jenkins_home/
jenkins@790140a70e6f:~$ ssh-keygen -t rsa -C "wangyuhao01@163.com" 
Generating public/private rsa key pair.
Enter file in which to save the key (/var/jenkins_home/.ssh/id_rsa): 
Created directory '/var/jenkins_home/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /var/jenkins_home/.ssh/id_rsa
Your public key has been saved in /var/jenkins_home/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:LJt2FmYqJFN6fUrn64TtXPgOTigPKLVwLwFJjNK+5Wo wangyuhao01@longfor.com
The key's randomart image is:
+---[RSA 3072]----+
|oo               |
|+o.              |
|+.  .            |
| ..o.. .         |
|. B+o + S        |
| +.X.. / o       |
|. +.= O X .      |
| .E. * O =       |
| .    ..*.o      |
+----[SHA256]-----+ 
[root@localhost data]# cd .ssh/
[root@localhost .ssh]# ls
id_rsa  id_rsa.pub

將公鑰配id_rsa.pub置到k8s-master服務器上，私鑰id_rsa配置到jenkins全局憑據。

公鑰配id_rsa.pub置到k8s-master服務器上

1. 客戶端執行 ssh-copy-id root@服務端IP 將本機的id_rsa.pub公鑰內容追加到服務端的/root/.ssh/authorized_keys 文件中。

jenkins@d043db9e06fe:~/.ssh$ ssh-copy-id root@192.168.232.9
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/jenkins_home/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.232.9's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.232.9'"
and check to make sure that only the key(s) you wanted were added.

2、客戶端執行 ssh root@服務端IP ，就直接登錄到服務端了

jenkins@d043db9e06fe:~/.ssh$ ssh root@192.168.232.9 ls
anaconda-ks.cfg
calico-3.13.1.yaml
kubeadm-config.yaml
my-namespace.yaml
nginx-tomcate-deployment.yml
nginx-tomcate-ingress.yml
nginx-tomcate-pod.yml
nginx-tomcate-service.yml
pipeline-test.yml

私鑰id_rsa配置到jenkins全局憑據

image.png

image.png

image.png

image.png

通過SSH的方式執行kubectl

image.png

        stage('遠程通過k8s-master部署服務') {
            steps {
                sh 'ssh root@192.168.232.9 kubectl apply -f k8s/$JOB_BASE_NAME.yml'
            }
        }

完整的Jenkinsfile文件

pipeline {
    agent any

    // 存放所有任務的合集
    stages {
        stage('拉取Git代碼') {
            steps {
                checkout([$class: 'GitSCM', branches: [[name: '${branch}']], extensions: [], userRemoteConfigs: [[credentialsId: 'gitee_ssh_key', url: 'git@gitee.com:xiaolyuh/test.git']]])
            }
        }

        stage('Maven構建打包') {
            steps {
                sh ' /var/jenkins_home/maven/apache-maven-3.8.8/bin/mvn clean package -DskipTests'
            }
        }

        stage('制作Docker鏡像') {
            steps {
                sh '''mv **/target/*.jar docker/app.jar
                    echo "build Image start"
                    docker build -t $JOB_BASE_NAME:$tag docker/
                    echo "build Image success"'''
            }
        }

        stage('Docker鏡像推送Harbor') {
            steps {
                sh '''password=ucTv2l1XeBdgO9tkseoyWVLh47sRN9Py
                    echo "$password" | docker login $harbor_url --username \'robot$devops\' --password-stdin
                    docker tag $JOB_BASE_NAME:$tag $harbor_url/$harbor_object/$JOB_BASE_NAME:$tag
                    echo "push Image start"
                    docker push $harbor_url/$harbor_object/$JOB_BASE_NAME:$tag
                    echo "push Image success"'''
            }
        }

        stage('推送yml文件到k8s') {
            steps {
                sshPublisher(publishers: [sshPublisherDesc(configName: 'k8s-master', transfers: [sshTransfer(cleanRemote: false, excludes: '', execCommand: 'echo 1', execTimeout: 120000, flatten: false, makeEmptyDirs: false, noDefaultExcludes: false, patternSeparator: '[, ]+', remoteDirectory: '', remoteDirectorySDF: false, removePrefix: '', sourceFiles: '**/k8s/$JOB_BASE_NAME.yml')], usePromotionTimestamp: false, useWorkspaceInPromotion: false, verbose: false)])
            }
        }

        stage('遠程通過k8s-master部署服務') {
            steps {
                sh 'ssh root@192.168.232.9 kubectl apply -f k8s/$JOB_BASE_NAME.yml'
            }
        }
    }
}