当前位置:首页 >> IT
IT

Gitlab+Jenkins+Docker+Harbor+K8s炮兵部队搭建CICD平台

2025-08-16 12:19

态系统设计装设

拉取反转,重新启动并特设开机自启

┌──[root@liruilongs.github.io]-[~]└─$ yum -y install docker-ce┌──[root@liruilongs.github.io]-[~]└─$ systemctl enable docker ---now

装配dockerCERN

sudo mkdir -p /etc/dockersudo tee /etc/docker/daemon.json <<-'EOF'{ "registry-mirrors": [""]}EOFsudo systemctl daemon-reloadsudo systemctl restart docker1.装设GitLab 并装配

GitLab 不多介绍。一个基于Git的PHP游戏平台,,备有了Git仓努管理、预定义审议、难题伪装、零售业活动反馈和wiki,当然同时也备有了

┌──[root@liruilongs.github.io]-[~]└─$ docker pull beginor/gitlab-ce

创设构建卷目录┌──[root@liruilongs.github.io]-[~]└─$ mkdir -p /data/gitlab/etc/ /data/gitlab/log /data/gitlab/data┌──[root@liruilongs.github.io]-[~]└─$ chmod 777 /data/gitlab/etc/ /data/gitlab/log /data/gitlab/data创设 gitlab 试管┌──[root@liruilongs.github.io]-[~]└─$ docker run -itd ---name=gitlab ---restart=always ---privileged=true -p 8443:443 -p 80:80 -p 222:22 -v /data/gitlab/etc:/etc/gitlab -v /data/gitlab/log:/var/log/gitlab -v /data/gitlab/data:/var/opt/gitlab beginor/gitlab-ceacc95b2896e8475915275d5eb77c7e63f63c31536432b68508f2f216d4fec634┌──[root@liruilongs.github.io]-[~]└─$ docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESacc95b2896e8 beginor/gitlab-ce "/assets/wrapper" 53 seconds ago Up 51 seconds (health: starting) 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:222->22/tcp, :::222->22/tcp, 0.0.0.0:8443->443/tcp, :::8443->443/tcp gitlab┌──[root@liruilongs.github.io]-[~]└─$┌──[root@liruilongs.github.io]-[~]└─$#

切记:这底下的客户公共服务端要特设成80,要不push重大项目亦会提示没有人报上错,如果宿主机客户公共服务端被迁出,必需把这个客户公共服务端腾出来

废弃试管改动装配邮件┌──[root@liruilongs.github.io]-[~]└─$ docker stop gitlabgitlab

external_url '’

┌──[root@liruilongs.github.io]-[~]└─$ cat /data/gitlab/etc/gitlab.rb | grep external_url##! For more details on configuring external_url see:# external_url 'GENERATED_EXTERNAL_URL'# registry_external_url ''# pages_external_url ""# gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4'# mattermost_external_url ''┌──[root@liruilongs.github.io]-[~]└─$ sed -i "/external_url 'GENERATED_EXTERNAL_URL'/a external_url '' " /data/gitlab/etc/gitlab.rb┌──[root@liruilongs.github.io]-[~]└─$ cat /data/gitlab/etc/gitlab.rb | grep external_url##! For more details on configuring external_url see:# external_url 'GENERATED_EXTERNAL_URL'external_url ''# registry_external_url ''# pages_external_url ""# gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4'# mattermost_external_url ''┌──[root@liruilongs.github.io]-[~]└─$

gitlab_rails[‘gitlab_ssh_host’] = '192.168.26.55’

┌──[root@liruilongs.github.io]-[~]└─$ cat /data/gitlab/etc/gitlab.rb | grep gitlab_ssh_host# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'┌──[root@liruilongs.github.io]-[~]└─$ sed -i "/gitlab_ssh_host/a gitlab_rails['gitlab_ssh_host'] = '192.168.26.55' " /data/gitlab/etc/gitlab.rb┌──[root@liruilongs.github.io]-[~] └─$ cat /data/gitlab/etc/gitlab.rb | grep gitlab_ssh_host# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'gitlab_rails['gitlab_ssh_host'] = '192.168.26.55'┌──[root@liruilongs.github.io]-[~]└─$

gitlab_rails[gitlab_shell_ssh_port] = 222

┌──[root@liruilongs.github.io]-[~]└─$ cat /data/gitlab/etc/gitlab.rb | grep gitlab_shell_ssh# gitlab_rails['gitlab_shell_ssh_port'] = 22┌──[root@liruilongs.github.io]-[~]└─$ sed -i "/gitlab_shell_ssh_port/a gitlab_rails['gitlab_shell_ssh_port'] = 222" /data/gitlab/etc/gitlab.rb┌──[root@liruilongs.github.io]-[~]└─$ cat /data/gitlab/etc/gitlab.rb | grep gitlab_shell_ssh# gitlab_rails['gitlab_shell_ssh_port'] = 22gitlab_rails[gitlab_shell_ssh_port] = 222┌──[root@liruilongs.github.io]-[~]└─$┌──[root@liruilongs.github.io]-[~]└─$ vim /data/gitlab/data/gitlab-rails/etc/gitlab.yml┌──[root@liruilongs.github.io]-[~]└─$############################## gitlab: ## Web server settings (note: host is the FQDN, do not include ) host: 192.168.26.55 port: 80 https: false

改动完了装配邮件此后。如此一来重新启动试管

┌──[root@liruilongs.github.io]-[~]└─$ docker start gitlab

在宿主机所在的物理机亦会面, ,亦会终端跳转到改动密钥(root公共服务器),如果密钥特设的没有人满足一定的复杂性,则亦会报上500,必需从新特设

暂定进入车头灯

然后我们直观的测试一下,push一个重大项目上去,这底下的重大项目是一个基于hexo的帖子系统设计

重大项目成功完了整版Gitlab

之外的git下令

PS F:logger> git initInitialized empty Git repository in F:/blogger/.git/PS F:logger> git config ---global user.name "Administrator"PS F:logger> git config ---global user.email "admin@example.com"PS F:logger> git remote add origin PS F:logger> git add .PS F:logger> git commit -m "Initial commit"PS F:logger> git push -u origin masterEnumerating objects: 322, done.Counting objects: 100% (322/322), done.Delta compression using up to 8 threadsCompressing objects: 100% (302/302), done.Writing objects: 100% (322/322), 11.31 MiB | 9.22 MiB/s, done.Total 322 (delta 24), reused 0 (delta 0)remote: Resolving deltas: 100% (24/24), done.To * [new branch] master -> masterBranch 'master' set up to track remote branch 'master' from 'origin'.PS F:logger>2.装设装配远程反转仓努harbor

示意图我们要装配所有权的docker反转仓努,加进的机器人为:

加载公共服务器端:vms56.liruilongs.github.io:192.168.26.56

这底下仓努我们选项harbor,因为有web关键字,当然也可以用作 registry

harbor的装配

harbor的装设用作处理过程

装设并重新启动docker并装设docker-compose

完了整版harbor的在线自带

导向harbor的反转

编辑harbor.yml

改动hostname 为自己的主机名,并不需要文凭必需原文掉https

harbor_admin_password 暂定密钥

装设compose

直通脚本 ./install.sh

在搜索引擎底下输入IP亦会面

docker login IP ---家目录下亦会有一个.docker邮件夹

示意图我们开始装设

首可先必需特设selinux、防火墙

┌──[root@vms56.liruilongs.github.io]-[~]└─#getenforceDisabled┌──[root@vms56.liruilongs.github.io]-[~]└─#systemctl disable firewalld.service ---nowRemoved symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

装设并重新启动docker并装设docker-compose,关于docker-compose,这底下并不需要了解有点多,一个轻量的docker编排辅助工具

┌──[root@vms56.liruilongs.github.io]-[~]└─#yum install -y docker-ce┌──[root@vms56.liruilongs.github.io]-[~]└─#yum install -y docker-compose

解压harbor 的微件:harbor-offline-installer-v2.0.6.tgz,导向之外反转

┌──[root@vms56.liruilongs.github.io]-[/]└─#lsbin dev harbor-offline-installer-v2.0.6.tgz lib machine-id mnt proc run srv tmp varboot etc home lib64 media opt root sbin sys usr┌──[root@vms56.liruilongs.github.io]-[/]└─#tar zxvf harbor-offline-installer-v2.0.6.tgzharbor/harbor.v2.0.6.tar.gzharbor/prepareharbor/LICENSEharbor/install.shharbor/common.shharbor/harbor.yml.tmpl┌──[root@vms56.liruilongs.github.io]-[/]└─#docker load -i harbor/harbor.v2.0.6.tar.gz

改动装配邮件

┌──[root@vms56.liruilongs.github.io]-[/]└─#cd harbor/┌──[root@vms56.liruilongs.github.io]-[/harbor]└─#lscommon.sh harbor.v2.0.6.tar.gz harbor.yml.tmpl install.sh LICENSE prepare┌──[root@vms56.liruilongs.github.io]-[/harbor]└─#cp harbor.yml.tmpl harbor.yml┌──[root@vms56.liruilongs.github.io]-[/harbor]└─#lscommon.sh harbor.v2.0.6.tar.gz harbor.yml harbor.yml.tmpl install.sh LICENSE prepare┌──[root@vms56.liruilongs.github.io]-[/harbor]└─#vim harbor.yml┌──[root@vms56.liruilongs.github.io]-[/harbor]└─#

harbor.yml:特设IP和公共服务器名密钥

4 # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. 5 hostname: 192.168.26.56 6 7 # http related config ....... 12 # https related config 13 #https: 14 # https port for harbor, default is 443 15 # port: 443 16 # The path of cert and key files for nginx 17 # certificate: /your/certificate/path 18 # private_key: /your/private/key/path .... 33 # Remember Change the admin password from UI after launching Harbor. 34 harbor_admin_password: Harbor12345 35 36 # Harbor DB configuration

./prepare MaxMax ./install.sh

┌──[root@vms56.liruilongs.github.io]-[/harbor]└─#./prepareprepare base dir is set to /harborWARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to httpsGenerated configuration file: /config/log/logrotate.confGenerated configuration file: /config/log/rsyslog_docker.confGenerated configuration file: /config/nginx/nginx.confGenerated configuration file: /config/core/envGenerated configuration file: /config/core/app.confGenerated configuration file: /config/registry/config.ymlGenerated configuration file: /config/registryctl/envGenerated configuration file: /config/registryctl/config.ymlGenerated configuration file: /config/db/envGenerated configuration file: /config/jobservice/envGenerated configuration file: /config/jobservice/config.ymlGenerated and saved secret to file: /data/secret/keys/secretkeySuccessfully called func: create_root_certGenerated configuration file: /compose_location/docker-compose.ymlClean up the input dir┌──[root@vms56.liruilongs.github.io]-[/harbor]└─#./install.sh[Step 0]: checking if docker is installed ...Note: docker version: 20.10.9[Step 1]: checking docker-compose is installed ...Note: stopping existing Harbor instance ...Removing harbor-jobservice ... doneRemoving nginx ... doneRemoving harbor-core ... doneRemoving registry ... doneCreating harbor-log ... doneRemoving harbor-portal ... doneRemoving redis ... doneRemoving network harbor_harborCreating registry ... doneCreating harbor-core ... doneCreating network "harbor_harbor" with the default driverCreating nginx ... doneCreating redis ...Creating registry ...Creating harbor-portal ...Creating registryctl ...Creating harbor-db ...Creating harbor-core ...Creating harbor-jobservice ...Creating nginx ...✔ 都从--Harbor has been installed and started successfully.都从--┌──[root@vms56.liruilongs.github.io]-[/harbor]└─#

查阅之外的反转

┌──[root@vms56.liruilongs.github.io]-[/harbor]└─#docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES0efcf7b83dcf goharbor/nginx-photon:v2.0.6 "nginx -g 'daemon of…" 16 minutes ago Up 16 minutes (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginxee9d418c7cee goharbor/harbor-jobservice:v2.0.6 "/harbor/entrypoint.…" 16 minutes ago Up 16 minutes (healthy) harbor-jobservice6052c481dbd0 goharbor/harbor-core:v2.0.6 "/harbor/entrypoint.…" 16 minutes ago Up 16 minutes (healthy) harbor-core001ff83b037d goharbor/harbor-db:v2.0.6 "/docker-entrypoint.…" 17 minutes ago Up 16 minutes (healthy) 5432/tcp harbor-db2ebc81356ef1 goharbor/harbor-registryctl:v2.0.6 "/home/harbor/start.…" 17 minutes ago Up 16 minutes (healthy) registryctl6ca721c0fa75 goharbor/harbor-portal:v2.0.6 "nginx -g 'daemon of…" 17 minutes ago Up 16 minutes (healthy) 8080/tcp harbor-portal2b06e2cf91ab goharbor/registry-photon:v2.0.6 "/home/harbor/entryp…" 17 minutes ago Up 16 minutes (healthy) 5000/tcp registry2292a20780e2 goharbor/redis-photon:v2.0.6 "redis-server /etc/r…" 17 minutes ago Up 16 minutes (healthy) 6379/tcp redisa0e3e49cf9db goharbor/harbor-log:v2.0.6 "/bin/sh -c /usr/loc…" 17 minutes ago Up 17 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log┌──[root@vms56.liruilongs.github.io]-[/harbor]└─#

亦会面的测试

harbor

CI公共服务器端的docker装配

这底下因为我们要在192.168.26.55(CI公共服务器端)上push反转到192.168.26.56(私仓),所有必需改动CI公共服务器端上的Docker装配。移除仓努IP

加载公共服务器端: liruilongs.github.io:192.168.26.55

┌──[root@liruilongs.github.io]-[~]└─$ cat /etc/docker/daemon.json{ "registry-mirrors": [""]}┌──[root@liruilongs.github.io]-[~]└─$ vim /etc/docker/daemon.json

改动后的装配邮件

┌──[root@liruilongs.github.io]-[~]└─$ cat /etc/docker/daemon.json{ "registry-mirrors": [""], "insecure-registries": ["192.168.26.56"]}

写入使其颁布

┌──[root@liruilongs.github.io]-[~]└─$ systemctl daemon-reload┌──[root@liruilongs.github.io]-[~]└─$ systemctl restart docker┌──[root@liruilongs.github.io]-[~]

CI机器人直观的测试一下

┌──[root@liruilongs.github.io]-[~]└─$ docker login 192.168.26.56Authenticating with existing credentials...WARNING! Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. See#credentials-storeLogin Succeeded┌──[root@liruilongs.github.io]-[~]└─$ docker tag busybox 192.168.26.56/demo/busybox┌──[root@liruilongs.github.io]-[~]└─$ docker push 192.168.26.56/demo/busyboxUsing default tag: latestThe push refers to repository [192.168.26.56/demo/busybox]cfd97936a580: Pushedlatest: digest: sha256:febcf61cd6e1ac9628f6ac14fa40836d16f3c6ddef3b303ff0321606e55ddd0b size: 527┌──[root@liruilongs.github.io]-[~]└─$

push一个反转,可以在私仓的web关键字查阅

harbor

到这底下。我们装配了反转仓努

3.装设装配jenkins

加载公共服务器端: liruilongs.github.io:192.168.26.55

反转jenkins拉取

┌──[root@liruilongs.github.io]-[~]└─$ docker pull jenkins/jenkins:centos7-jdk8。。。。。。┌──[root@liruilongs.github.io]-[~]└─$ docker history jenkins/jenkins:centos7-jdk8IMAGE CREATED CREATED BY SIZE COMMENTde64a05279ba 5 days ago LABEL org.opencontainers.image.vendor=Jenkin… 0B buildkit.dockerfile.v0 5 days ago COPY install-plugins.sh /usr/local/bin/insta… 10.6kB buildkit.dockerfile.v0。。。。。。。。。。 5 days ago ARG JENKINS_HOME=/var/jenkins_home 0B buildkit.dockerfile.v0 5 days ago ARG agent_port=50000 0B buildkit.dockerfile.v0 5 days ago ARG http_port=8080 0B buildkit.dockerfile.v0 5 days ago ARG gid=1000 0B buildkit.dockerfile.v0 5 days ago ARG uid=1000 0B buildkit.dockerfile.v0 5 days ago ARG group=jenkins 0B buildkit.dockerfile.v0 5 days ago ARG user=jenkins 0B buildkit.dockerfile.v0 5 days ago RUN |5 TARGETARCH=amd64 COMMIT_SHA=0b797f024… 10.4MB buildkit.dockerfile.v0 5 days ago COPY git_lfs_pub.gpg /tmp/git_lfs_pub.gpg # … 62.5kB buildkit.dockerfile.v0 5 days ago ARG GIT_LFS_VERSION=3.0.1 0B buildkit.dockerfile.v0 5 days ago ARG COMMIT_SHA 0B buildkit.dockerfile.v0 5 days ago ARG TARGETARCH 0B buildkit.dockerfile.v0 5 days ago RUN |2 TARGETARCH=amd64 COMMIT_SHA=0b797f024… 426MB buildkit.dockerfile.v0 5 days ago ARG COMMIT_SHA 0B buildkit.dockerfile.v0 5 days ago ARG TARGETARCH 0B buildkit.dockerfile.v0 5 days ago ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_AL… 0B buildkit.dockerfile.v0 7 weeks ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B 7 weeks ago /bin/sh -c #(nop) LABEL org.label-schema.sc… 0B 7 weeks ago /bin/sh -c #(nop) ADD file:b3ebbe8bd304723d4… 204MB┌──[root@liruilongs.github.io]-[~]└─$

创设构建卷,改动所设组和公共服务器,和试管底下不同

这底下为什么要改成 1000,是因为试管底下是以 jenkins 公共服务器的身份去读写成数据,而在试管底下jenkins 的 uid 是 1000,

┌──[root@liruilongs.github.io]-[~]└─$ mkdir /jenkins MaxMax chown 1000:1000 /jenkins┌──[root@liruilongs.github.io]-[~]└─$ # 这底下为什么要改成 1000,是因为试管底下是以 jenkins 公共服务器的身份去读写成数据,而在试管底下jenkins 的 uid 是 1000,创设创设 jenkins 试管┌──[root@liruilongs.github.io]-[~]└─$ cat jenkins.docker.shdocker run -dit -p 8080:8080 -p 50000:50000 ---name jenkins ---privileged=true ---restart=always -v /jenkins:/var/jenkins_home jenkins/jenkins:centos7-jdk8┌──[root@liruilongs.github.io]-[~]└─$ docker run -dit -p 8080:8080 -p 50000:50000 ---name jenkins ---privileged=true ---restart=always -v /jenkins:/var/jenkins_home jenkins/jenkins:centos7-jdk839afa098c8a56973ce1559d374b058b8e6091175b5b783d613a9f2e356827684┌──[root@liruilongs.github.io]-[~]└─$ docker ps | grep jenkins39afa098c8a5 jenkins/jenkins:centos7-jdk8 "/sbin/tini --- /usr/…" 3 minutes ago Up 2 minutes 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp, 0.0.0.0:50000->50000/tcp, :::50000->50000/tcp jenkins

亦会面jenkins

可先打开搜索引擎打开这个关键字,让其codice_一下,直到见到界面

因为要改动 jenkins 的装配,所以此时废弃 jenkins 试管

┌──[root@liruilongs.github.io]-[~]└─$ docker stop jenkinsjenkins

更改国内外燕京大学大学反转,Jenkins完了整版GUI都有迟,更改国内外的燕京大学源的反转IP亦会快不少

┌──[root@liruilongs.github.io]-[~]└─$ cat /jenkins/hudson.model.UpdateCenter.xml default ┌──[root@liruilongs.github.io]-[~]└─$┌──[root@liruilongs.github.io]-[~]└─$ sed -i 's#updates.jenkins.io/update-center.json#mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json#g ' /jenkins/hudson.model.UpdateCenter.xml┌──[root@liruilongs.github.io]-[~]└─$ cat /jenkins/hudson.model.UpdateCenter.xml default ┌──[root@liruilongs.github.io]-[~]└─$

"" 移除为 ""

yum -y install jq┌──[root@liruilongs.github.io]-[~]└─$ cat /jenkins/updates/default.json | jq '.connectionCheckUrl'""┌──[root@liruilongs.github.io]-[~]└─$ cat /jenkins/updates/default.json | jq 'keys'[ "connectionCheckUrl", "core", "deprecations", "generationTimestamp", "id", "plugins", "signature", "updateCenterVersion", "warnings"]┌──[root@liruilongs.github.io]-[~]└─$ sed -i s###g /jenkins/updates/default.json

移除后查阅

┌──[root@liruilongs.github.io]-[~]└─$ cat /jenkins/updates/default.json | jq '.connectionCheckUrl'""┌──[root@liruilongs.github.io]-[~]└─$ cat /jenkins/updates/default.json | jq 'keys'[ "connectionCheckUrl", "core", "deprecations", "generationTimestamp", "id", "plugins", "signature", "updateCenterVersion", "warnings"]┌──[root@liruilongs.github.io]-[~]└─$

在此此后docker,备有暂定密匙

┌──[root@liruilongs.github.io]-[~]└─$ docker start jenkinsjenkins┌──[root@liruilongs.github.io]-[~]└─$┌──[root@liruilongs.github.io]-[~]└─$ cat /jenkins/secrets/initialAdminPasswordbe15eaabc4c946de913dd5af8636cae9

必需改动jenkins绑定的docker的重新启动匹配,ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2376 -H fd:// ---containerd=/run/containerd/containerd.sock

改动反转努重新启动匹配后必需在此此后docker

┌──[root@vms56.liruilongs.github.io]-[~]└─#systemctl daemon-reload┌──[root@vms56.liruilongs.github.io]-[~]└─#systemctl restart docker装设 docker GUI

jenkins之外装配,这底下的装配照着相片就好,必需装配一个docker空降兵供人jenkins来根据Dockerfile协作反转并push到私仓,这底下docker空降兵即为CI公共服务器端的docker

改动反转努重新启动匹配,ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2376 -H fd:// ---containerd=/run/containerd/containerd.sock

相似性docker和jenkins

jenkins 安全性特设

右边 gitlab 要和 jenkins 进行不间断,所以必须要必需对 jenkins 的安全性想到一些特设,依序是点选 系统设计管理-简而言之安全性装配-授权方针,勾选"据称公共服务器具备可读职权"

移除 JVM 直通匹配 -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true 直通跨站请求亦会面

┌──[root@liruilongs.github.io]-[~]└─$ docker exec -u root -it jenkins bash[root@39afa098c8a5 /]# lsanaconda-post.log bin dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var[root@39afa098c8a5 /]# vi /usr/local/bin/jenkins.sh[root@39afa098c8a5 /]# exitexit┌──[root@liruilongs.github.io]-[~]└─$完了整版kubectlIP辅助工具

这底下的话我们要通过jenkins上的kubectlIP连接k8s,所以我们必需装设一个k8s的IPkubectl,完了整版k8sIP

wget ┌──[root@liruilongs.github.io]-[~]└─$ yum install -y kubectl-1.22.2-0 ---disableexcludes=kubernetes拷贝 kubeconfig 邮件

然后拷贝kubeconfig 文凭,k8s空降兵底示意图查阅文凭后面,这底下的文凭是早可先创设好的,赌客可以忘了我早可先的篇文章

┌──[root@liruilongs.github.io]-[~]└─$ scp root@192.168.26.81:/root/ansible/k8s-rbac-create/kc1 .Warning: Permanently added '192.168.26.81' (ECDSA) to the list of known hosts.root@192.168.26.81's password:kc1 100% 5566 108.7KB/s 00:00拷贝文凭和k8s空降兵IP辅助工具到jenkins试管内┌──[root@liruilongs.github.io]-[~]└─$ docker cp kc1 jenkins:/┌──[root@liruilongs.github.io]-[~]└─$ docker cp kubectl jenkins:/┌──[root@liruilongs.github.io]-[~]└─$kubectl下令的测试┌──[root@liruilongs.github.io]-[~]└─$ docker exec -u root -it jenkins bash[root@39afa098c8a5 /]# lsanaconda-post.log bin dev etc home kc1 kubectl lib lib64 media mnt opt proc root run sbin srv sys tmp usr var[root@39afa098c8a5 /]# ./kubectl ---kubeconfi=kc1 get pods -AError: unknown flag: ---kubeconfiSee 'kubectl get ---help' for usage.[root@39afa098c8a5 /]# ./kubectl ---kubeconfig=kc1 get pods -AError from server (Forbidden): pods is forbidden: User "liruilong" cannot list resource "pods" in API group "" at the cluster scope

发现没有人职权,这底下我们为了只需,如此一来赋予空降兵底示意图的cluster-admin角色

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-rbac-create]└─$kubectl create clusterrolebinding test ---clusterrole=cluster-admin ---user=liruilongclusterrolebinding.rbac.authorization.k8s.io/test created┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-rbac-create]└─$

下令的测试没有人难题

[root@39afa098c8a5 /]# ./kubectl ---kubeconfig=kc1 get nodesNAME STATUS ROLES AGE VERSIONvms81.liruilongs.github.io Ready control-plane,master 51d v1.22.2vms82.liruilongs.github.io NotReady 51d v1.22.2vms83.liruilongs.github.io NotReady 51d v1.22.2[root@39afa098c8a5 /]#二 、hexo帖子系统设计CICD实战4. k8s空降兵底示意图装配hexo生产商生态系统设计极高需用

我们要协同作战Nginx来直通hexo帖子系统设计,hexo程序代码完了后为一堆一个系统邮件,所以我们必需创设一个svc和一个deploy,用作SVC备有公共服务,用作deploy备有公共服务能力,用作Nginx+hexo的一个系统邮件组成的反转

apiVersion: apps/v1kind: Deploymentmetadata: creationTimestamp: null labels: app: nginx name: nginxdepspec: replicas: 2 selector: matchLabels: app: nginx strategy: {} template: metadata: creationTimestamp: null labels: app: nginx spec: containers: - image: blog name: web resources: requests: cpu: 100m restartPolicy: Alwaysdeployments创设

这底下我们可先用一个Nginx反转来正因如此hexo帖子的反转

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$kubectl apply -f nginx.yamldeployment.apps/nginxdep created

查阅deployments和pod

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$kubectl get deployments.apps | grep nginxdepnginxdep 2/2 2 2 109s┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$kubectl get pods -o wide | grep web┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$kubectl get pods -o wide | grep nginxdepnginxdep-645bf755b9-2w8jv 1/1 Running 0 2m22s 10.244.171.164 vms82.liruilongs.github.io nginxdep-645bf755b9-jfqxj 1/1 Running 0 2m22s 10.244.171.157 vms82.liruilongs.github.io ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$service创设┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$kubectl expose deploy nginxdep ---port=8888 ---target-port=80 ---type=NodePortservice/nginxdep exposed┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$kubectl get svc -o wide | grep nginxdepnginxdep NodePort 10.106.217.50 8888:31964/TCP 16s app=nginx

亦会面的测试没有人难题,此后我们装配好jenkins上的接踵而来器,如此一来移除就OK

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$curl 127.0.0.1:31964Welcome to nginx!html { color-scheme: light dark; }body { width: 35em; margin: 0 auto;font-family: Tahoma, Verdana, Arial, sans-serif; }Welcome to nginx!

If you see this page, the nginx web server is successfully installed andworking. Further configuration is required.

For online documentation and support please refer tonginx.org.Commercial support is available atnginx.com.

Thank you for using nginx.

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$5.k8s空降兵装配私仓IP

我们通过kubectl set下令新修改版deploy的反转时,备有的反转是通过私仓备有的,所以必需在重新启动匹配移除私仓IP

ExecStart=/usr/bin/dockerd ---insecure-registry 192.168.26.56 -H fd:// ---containerd=/run/containerd/containerd.sock

这底下所有的结点都必需特设后在此此后docker

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$vim /usr/lib/systemd/system/docker.service┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$systemctl daemon-reload ;systemctl restart docker Max[1] 23273┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$ssh root@192.168.26.82Last login: Sun Jan 16 06:09:07 2022 from 192.168.26.1┌──[root@vms82.liruilongs.github.io]-[~]└─$vim /usr/lib/systemd/system/docker.service┌──[root@vms82.liruilongs.github.io]-[~]└─$systemctl daemon-reload ;systemctl restart docker Max[1] 26843┌──[root@vms82.liruilongs.github.io]-[~]└─$exit登出Connection to 192.168.26.82 closed.6.jenkins装配CICD处理过程

亦会面jenkins,整整才是重点,我们要的jenkins上装配整个CICD处理过程,从而实现终端化

亦会面jenkins,整整才是重点,我们要的jenkins上装配整个CICD处理过程,从而实现终端化

这底下的Token我们特设为:4bf636c8214b7ff0a0fb,同时必需做到亦会面作法:JENKINS_URL/job/liruilong-cicd/build?token=TOKEN_NAME

协作接踵而来器选项shell协作:克隆预定义

选项反转协作

协作反转并push私仓

这底下切记必需移除私仓的认证个人信息,即上面特设的公共服务器名和密钥

选项shell协作,新修改版反转

之外的文本个人信息

cd ~rm -rf bloggit clone /var/jenkins_home/blog/192.168.26.56/library/blog:${BUILD_NUMBER}export KUBECONFIG=/kc1;/kubectl set image deployment/nginxdep *="192.168.26.56/library/blog:${BUILD_NUMBER}" -n kube-system7.装配 gitlab 和 jenkins 的不间断

亦会面gitlab装配不间断

点选上升web钩子

/view/all/job/liruilong-cicd/build?token=

到这底下,不间断仍然装配完了成

8.重写成Dockerfile邮件,新修改版预定义的测试

示意图我们程序代码一下hexo,降解public的一个邮件夹,然后完了整版gitlab

PS F:logger> hexo g ..... PS F:logger> git add .public PS F:logger> git commit -m "程序代码预定义" PS F:logger> git push

同时必需重写成Dockerfile邮件来创设反转

FROM docker.io/library/nginx:latestMAINTAINER liruilongADD ./public/ /usr/share/nginx/html/EXPOSE 80CMD ["nginx", "-g","daemon off;"]PS F:logger> git add .PS F:logger> git commit -m "Dockcerfile邮件重写成"[master 217e0ed] Dockcerfile邮件重写成 1 file changed, 1 deletion(-) PS F:logger> git push Enumerating objects: 5, done.Counting objects: 100% (5/5), done.Delta compression using up to 8 threadsCompressing objects: 100% (3/3), done.Writing objects: 100% (3/3), 307 bytes | 307.00 KiB/s, done.Total 3 (delta 2), reused 0 (delta 0)To 6690612..217e0ed master -> masterPS F:logger>

jenkins输出

Started by remote host 192.168.26.1Running as SYSTEMBuilding in workspace /var/jenkins_home/workspace/liruilong-cicd[liruilong-cicd] $ /bin/sh -xe /tmp/jenkins6108687102523328796.sh+ cd /var/jenkins_home+ rm -rf blog+ git clone Cloning into 'blog'...Docker BuildDocker Build: building image at path /var/jenkins_home/blogStep 1/5 : FROM docker.io/library/nginx:latest 都从> f8f4ffc8092cStep 2/5 : MAINTAINER liruilong 都从> Running in e341b5562b64Removing intermediate container e341b5562b64 都从> 4e9f5aa47ab5Step 3/5 : ADD ./public/ /usr/share/nginx/html/ 都从> 3956cff32507Step 4/5 : EXPOSE 80 都从> Running in b4c27124989dRemoving intermediate container b4c27124989d 都从> ba9d1764d764Step 5/5 : CMD ["nginx", "-g","daemon off;"] 都从> Running in 61dca01a4883Removing intermediate container 61dca01a4883 都从> 2aadc5732a60Successfully built 2aadc5732a60Tagging built image with 192.168.26.56/library/blog:41Docker Build Response : 2aadc5732a60Pushing [192.168.26.56/library/blog:41]The push refers to repository [192.168.26.56/library/blog]89570901cdea: Preparing65e1ea1dc98c: Preparing88891187bdd7: Preparing6e109f6c2f99: Preparing0772cb25d5ca: Preparing525950111558: Preparing476baebdfbf7: Preparing525950111558: Waiting476baebdfbf7: Waiting88891187bdd7: Layer already exists6e109f6c2f99: Layer already exists65e1ea1dc98c: Layer already exists0772cb25d5ca: Layer already exists89570901cdea: Pushing [> ] 301.6kB/28.75MB89570901cdea: Pushing [==> ] 1.193MB/28.75MB476baebdfbf7: Layer already exists525950111558: Layer already exists89570901cdea: Pushing [======> ] 3.917MB/28.75MB89570901cdea: Pushing [==========> ] 5.996MB/28.75MB89570901cdea: Pushing [==============> ] 8.097MB/28.75MB89570901cdea: Pushing [==================> ] 10.76MB/28.75MB89570901cdea: Pushing [=====================> ] 12.57MB/28.75MB89570901cdea: Pushing [========================> ] 13.8MB/28.75MB89570901cdea: Pushing [=========================> ] 14.71MB/28.75MB89570901cdea: Pushing [===========================> ] 15.59MB/28.75MB89570901cdea: Pushing [=============================> ] 16.79MB/28.75MB89570901cdea: Pushing [===============================> ] 18.27MB/28.75MB89570901cdea: Pushing [=================================> ] 19.45MB/28.75MB89570901cdea: Pushing [===================================> ] 20.34MB/28.75MB89570901cdea: Pushing [=====================================> ] 21.55MB/28.75MB89570901cdea: Pushing [=======================================> ] 22.44MB/28.75MB89570901cdea: Pushing [=========================================> ] 23.64MB/28.75MB89570901cdea: Pushing [==========================================> ] 24.52MB/28.75MB89570901cdea: Pushing [============================================> ] 25.42MB/28.75MB89570901cdea: Pushing [==============================================> ] 26.61MB/28.75MB89570901cdea: Pushing [===============================================> ] 27.19MB/28.75MB89570901cdea: Pushing [=================================================> ] 28.69MB/28.75MB89570901cdea: Pushing [==================================================>] 29.32MB89570901cdea: Pushed41: digest: sha256:c90b64945a8d063f7bcdcc39f00f91b6d83acafcd6b2ec6aba5b070474bafc37 size: 1782Cleaning local images [2aadc5732a60]Docker Build Done[liruilong-cicd] $ /bin/sh -xe /tmp/jenkins246013519648603221.sh+ export KUBECONFIG=/kc1+ KUBECONFIG=/kc1+ /kubectl set image deployment/nginxdep '*=192.168.26.56/library/blog:41' -n kube-systemdeployment.apps/nginxdep image updatedFinished: SUCCESS9.亦会面hexo帖子系统设计┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$kubectl get deployments.apps | grep nginxdepnginxdep 2/2 2 2 30h┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$kubectl get pods -o wide | grep nginxdepnginxdep-bddfd9b5f-94d88 1/1 Running 0 110s 10.244.171.142 vms82.liruilongs.github.io nginxdep-bddfd9b5f-z57qc 1/1 Running 0 35m 10.244.171.177 vms82.liruilongs.github.io ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$kubectl get svc -o wide | grep nginxdepnginxdep NodePort 10.106.217.50 8888:31964/TCP 30h app=nginx┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$kubectl describe pods nginxdep-bddfd9b5f-94d88Name: nginxdep-bddfd9b5f-94d88Namespace: kube-systemPriority: 0Node: vms82.liruilongs.github.io/192.168.26.82Start Time: Fri, 04 Feb 2022 03:11:14 +0800Labels: app=nginx pod-template-hash=bddfd9b5fAnnotations: cni.projectcalico.org/podIP: 10.244.171.142/32 cni.projectcalico.org/podIPs: 10.244.171.142/32Status: RunningIP: 10.244.171.142IPs: IP: 10.244.171.142Controlled By: ReplicaSet/nginxdep-bddfd9b5fContainers: web: Container ID: docker://669f48cb626d5067f40bb1aaa378268a7ee9879488b0b298a86271957c162316 Image: 192.168.26.56/library/blog:41 Image ID: docker-pullable://192.168.26.56/library/blog@sha256:c90b64945a8d063f7bcdcc39f00f91b6d83acafcd6b2ec6aba5b070474bafc37 Port: Host Port: State: Running Started: Fri, 04 Feb 2022 03:11:15 +0800 Ready: True Restart Count: 0 Requests: cpu: 100m Environment: Mounts: /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-trn5n (ro)Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled TrueVolumes: kube-api-access-trn5n: Type: Projected (a volume that contains injected data from multiple sources) TokenExpirationSeconds: 3607 ConfigMapName: kube-root-ca.crt ConfigMapOptional: DownwardAPI: trueQoS Class: BurstableNode-Selectors: Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s node.kubernetes.io/unreachable:NoExecute op=Exists for 300sEvents: Type Reason Age From Message 都从-- 都从都从- 都从-- 都从-- 都从都从-- Normal Scheduled 4m10s default-scheduler Successfully assigned kube-system/nginxdep-bddfd9b5f-94d88 to vms82.liruilongs.github.io Normal Pulling 4m9s kubelet Pulling image "192.168.26.56/library/blog:41" Normal Pulled 4m9s kubelet Successfully pulled image "192.168.26.56/library/blog:41" in 67.814838ms Normal Created 4m9s kubelet Created container web Normal Started 4m9s kubelet Started container web

亦会面hexo帖子系统设计

北京妇科专业医院
北京看妇科哪家比较好
江苏白癜风治疗费用多少钱
宝鸡白癜风医院地址
云南妇科专科医院哪好

上一篇: 寿命长短,喝水便知?提醒:多喝水后出现这5个诱发,尽快去检查

下一篇: 郑州暴雨调查报告全文:不同之前瞒报139人

相关阅读
晒晒入住半年了新家,温馨又漂亮,偏爱是阳台,是整个小区最美的

新的家整修半年,空调系统三个月,现在入住快速半年了,时间过得真快速啊!一切都是那么的称心如意,都问道竖一次整修会有遗憾,但是无忧也是竖一次整修,只有颜值和欢乐,特别是无忧的屋顶,特别的不起眼,可以问道

62岁惠英红罕晒性感照!穿蕾丝吊带半露香肩,2万包包不对放地上

昨日,香港孙俪谢天华在社交跨平台下面世了一组合照,以火辣形象常见崭露头角,并配以“你时说呢?”,再度引起网民热议。 合照里面,谢天华一头黄色面孔,化着淡妆却很典雅。她穿着

友情链接