Kubernetes集成Harbor

Harbor 私服配置

在Kubernetes的master和所有worker节点上加上harbor配置，修改daemon.json，支持Docker仓库，并重启Docker。

sudo vim /etc/docker/daemon.json 

{
  "registry-mirrors": ["https://jrabvn1q.mirror.aliyuncs.com"],
  "insecure-registries":["192.168.232.7:80"]
}

sudo systemctl daemon-reload
sudo systemctl restart docker

Harbor 账户配置

image.png

image.png

测试示例

编写pipeline-test.yml文件，将我们前面通过jenkins打包的镜像部署到kubernetes中。

apiVersion: apps/v1
kind: Deployment
metadata:                        # metadata字段包含对Deployment的描述信息
  name: pipeline-test-deployment
  namespace: test
  labels:
    app: pipeline-test-pod      # 标签字段用于识别Pod
spec:
  replicas: 2                   # 定义副本数量
  selector:
    matchLabels:
      app: pipeline-test-pod
  template:
    metadata:
      labels:
        app: pipeline-test-pod
    spec:
      containers:
      # 定义nginx容器
      - name: pipeline-test
        image: 192.168.232.7:80/repository/pipeline-test:v1.0.0
        imagePullPolicy: Always # 定义拉取镜像的方式（每次都拉取）
        ports:
        - containerPort: 80
          protocol: TCP
        resources:
          requests:
            cpu: 200m            # 请求时申请CPU资源为0.2核
            memory: 256Mi        # 请求时申请内存资源为256M
          limits:
            cpu: 500m            # 限定CPU资源上限为0.5核
            memory: 512Mi        # 限定内存资源上限为512M
---
apiVersion: v1
kind: Service
metadata:
  name: pipeline-test-service
  namespace: test
spec:
  selector:
    app: pipeline-test-pod
  ports:
    - name: pipeline-test
      port: 8888
      targetPort: 80
--- 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: pipeline-test-ingress
  namespace: test
spec:
  ingressClassName: pipeline-test-ingress
  rules:
  - host: pipeline-test.xiaoyuh.com
    http:
      paths:
      - pathType: Prefix       # 前缀匹配模式
        path: "/"
        backend:
          service:
            name: pipeline-test-service
            port:
              number: 8888

执行命令运行服务：

[root@k8s-master ~]# kubectl apply -f pipeline-test.yml
deployment.apps/pipeline-test-deployment created
service/pipeline-test-service created
ingress.networking.k8s.io/pipeline-test-ingress created

image.png

修改本地host

admin@wangyuhao ~ % sudo vim /etc/hosts
192.168.232.8 nginx.xiaoyuh.com
192.168.232.8 tomcate.xiaoyuh.com
192.168.232.8 pipeline-test.xiaoyuh.com

本地验证

image.png

Jenkins集成Kubernetes

将刚刚编写的yml文件放到git中

image.png

将yml文件传输到K8s的Master

配置Jenkins的目标服务器

image.png

image.png

将yml文件传输到K8s的Master上

1. 生成流水线语法

image.png

2. 将语句替换到Jenkinsfile中

        stage('推送yml文件到k8s') {
            steps {
                sshPublisher(publishers: [sshPublisherDesc(configName: 'k8s-master', transfers: [sshTransfer(cleanRemote: false, excludes: '', execCommand: 'echo 1', execTimeout: 120000, flatten: false, makeEmptyDirs: false, noDefaultExcludes: false, patternSeparator: '[, ]+', remoteDirectory: '', remoteDirectorySDF: false, removePrefix: '', sourceFiles: './k8s/$JOB_BASE_NAME.yml')], usePromotionTimestamp: false, useWorkspaceInPromotion: false, verbose: false)])
            }
        }

SSH Key 配置

进入jenkins容器生成新的ssh key

[root@localhost mytest]# docker exec -it jenkins bash
jenkins@790140a70e6f:/$ cd /var/jenkins_home/
jenkins@790140a70e6f:~$ ssh-keygen -t rsa -C "wangyuhao01@163.com" 
Generating public/private rsa key pair.
Enter file in which to save the key (/var/jenkins_home/.ssh/id_rsa): 
Created directory '/var/jenkins_home/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /var/jenkins_home/.ssh/id_rsa
Your public key has been saved in /var/jenkins_home/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:LJt2FmYqJFN6fUrn64TtXPgOTigPKLVwLwFJjNK+5Wo wangyuhao01@longfor.com
The key's randomart image is:
+---[RSA 3072]----+
|oo               |
|+o.              |
|+.  .            |
| ..o.. .         |
|. B+o + S        |
| +.X.. / o       |
|. +.= O X .      |
| .E. * O =       |
| .    ..*.o      |
+----[SHA256]-----+ 
[root@localhost data]# cd .ssh/
[root@localhost .ssh]# ls
id_rsa  id_rsa.pub

将公钥配id_rsa.pub置到k8s-master服务器上，私钥id_rsa配置到jenkins全局凭据。

公钥配id_rsa.pub置到k8s-master服务器上

1. 客户端执行 ssh-copy-id root@服务端IP 将本机的id_rsa.pub公钥内容追加到服务端的/root/.ssh/authorized_keys 文件中。

jenkins@d043db9e06fe:~/.ssh$ ssh-copy-id root@192.168.232.9
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/jenkins_home/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.232.9's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.232.9'"
and check to make sure that only the key(s) you wanted were added.

2、客户端执行 ssh root@服务端IP ，就直接登录到服务端了

jenkins@d043db9e06fe:~/.ssh$ ssh root@192.168.232.9 ls
anaconda-ks.cfg
calico-3.13.1.yaml
kubeadm-config.yaml
my-namespace.yaml
nginx-tomcate-deployment.yml
nginx-tomcate-ingress.yml
nginx-tomcate-pod.yml
nginx-tomcate-service.yml
pipeline-test.yml

私钥id_rsa配置到jenkins全局凭据

image.png

image.png

image.png

image.png

通过SSH的方式执行kubectl

image.png

        stage('远程通过k8s-master部署服务') {
            steps {
                sh 'ssh root@192.168.232.9 kubectl apply -f k8s/$JOB_BASE_NAME.yml'
            }
        }

完整的Jenkinsfile文件

pipeline {
    agent any

    // 存放所有任务的合集
    stages {
        stage('拉取Git代码') {
            steps {
                checkout([$class: 'GitSCM', branches: [[name: '${branch}']], extensions: [], userRemoteConfigs: [[credentialsId: 'gitee_ssh_key', url: 'git@gitee.com:xiaolyuh/test.git']]])
            }
        }

        stage('Maven构建打包') {
            steps {
                sh ' /var/jenkins_home/maven/apache-maven-3.8.8/bin/mvn clean package -DskipTests'
            }
        }

        stage('制作Docker镜像') {
            steps {
                sh '''mv **/target/*.jar docker/app.jar
                    echo "build Image start"
                    docker build -t $JOB_BASE_NAME:$tag docker/
                    echo "build Image success"'''
            }
        }

        stage('Docker镜像推送Harbor') {
            steps {
                sh '''password=ucTv2l1XeBdgO9tkseoyWVLh47sRN9Py
                    echo "$password" | docker login $harbor_url --username \'robot$devops\' --password-stdin
                    docker tag $JOB_BASE_NAME:$tag $harbor_url/$harbor_object/$JOB_BASE_NAME:$tag
                    echo "push Image start"
                    docker push $harbor_url/$harbor_object/$JOB_BASE_NAME:$tag
                    echo "push Image success"'''
            }
        }

        stage('推送yml文件到k8s') {
            steps {
                sshPublisher(publishers: [sshPublisherDesc(configName: 'k8s-master', transfers: [sshTransfer(cleanRemote: false, excludes: '', execCommand: 'echo 1', execTimeout: 120000, flatten: false, makeEmptyDirs: false, noDefaultExcludes: false, patternSeparator: '[, ]+', remoteDirectory: '', remoteDirectorySDF: false, removePrefix: '', sourceFiles: '**/k8s/$JOB_BASE_NAME.yml')], usePromotionTimestamp: false, useWorkspaceInPromotion: false, verbose: false)])
            }
        }

        stage('远程通过k8s-master部署服务') {
            steps {
                sh 'ssh root@192.168.232.9 kubectl apply -f k8s/$JOB_BASE_NAME.yml'
            }
        }
    }
}