Gitlab+Jenkins+Docker+Harbor+K8s炮兵部队搭建CICD平台
2025-08-16 12:19
拉取反转,重新启动并特设开机自启
┌──[root@liruilongs.github.io]-[~]└─$ yum -y install docker-ce┌──[root@liruilongs.github.io]-[~]└─$ systemctl enable docker ---now装配dockerCERN
sudo mkdir -p /etc/dockersudo tee /etc/docker/daemon.json <<-'EOF'{ "registry-mirrors": [""]}EOFsudo systemctl daemon-reloadsudo systemctl restart docker1.装设GitLab 并装配GitLab 不多介绍。一个基于Git的PHP游戏平台,,备有了Git仓努管理、预定义审议、难题伪装、零售业活动反馈和wiki,当然同时也备有了
┌──[root@liruilongs.github.io]-[~]└─$ docker pull beginor/gitlab-ce–
创设构建卷目录┌──[root@liruilongs.github.io]-[~]└─$ mkdir -p /data/gitlab/etc/ /data/gitlab/log /data/gitlab/data┌──[root@liruilongs.github.io]-[~]└─$ chmod 777 /data/gitlab/etc/ /data/gitlab/log /data/gitlab/data创设 gitlab 试管┌──[root@liruilongs.github.io]-[~]└─$ docker run -itd ---name=gitlab ---restart=always ---privileged=true -p 8443:443 -p 80:80 -p 222:22 -v /data/gitlab/etc:/etc/gitlab -v /data/gitlab/log:/var/log/gitlab -v /data/gitlab/data:/var/opt/gitlab beginor/gitlab-ceacc95b2896e8475915275d5eb77c7e63f63c31536432b68508f2f216d4fec634┌──[root@liruilongs.github.io]-[~]└─$ docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESacc95b2896e8 beginor/gitlab-ce "/assets/wrapper" 53 seconds ago Up 51 seconds (health: starting) 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:222->22/tcp, :::222->22/tcp, 0.0.0.0:8443->443/tcp, :::8443->443/tcp gitlab┌──[root@liruilongs.github.io]-[~]└─$┌──[root@liruilongs.github.io]-[~]└─$#切记:这底下的客户公共服务端要特设成80,要不push重大项目亦会提示没有人报上错,如果宿主机客户公共服务端被迁出,必需把这个客户公共服务端腾出来
废弃试管改动装配邮件┌──[root@liruilongs.github.io]-[~]└─$ docker stop gitlabgitlabexternal_url '’
┌──[root@liruilongs.github.io]-[~]└─$ cat /data/gitlab/etc/gitlab.rb | grep external_url##! For more details on configuring external_url see:# external_url 'GENERATED_EXTERNAL_URL'# registry_external_url ''# pages_external_url ""# gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4'# mattermost_external_url ''┌──[root@liruilongs.github.io]-[~]└─$ sed -i "/external_url 'GENERATED_EXTERNAL_URL'/a external_url '' " /data/gitlab/etc/gitlab.rb┌──[root@liruilongs.github.io]-[~]└─$ cat /data/gitlab/etc/gitlab.rb | grep external_url##! For more details on configuring external_url see:# external_url 'GENERATED_EXTERNAL_URL'external_url ''# registry_external_url ''# pages_external_url ""# gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4'# mattermost_external_url ''┌──[root@liruilongs.github.io]-[~]└─$gitlab_rails[‘gitlab_ssh_host’] = '192.168.26.55’
┌──[root@liruilongs.github.io]-[~]└─$ cat /data/gitlab/etc/gitlab.rb | grep gitlab_ssh_host# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'┌──[root@liruilongs.github.io]-[~]└─$ sed -i "/gitlab_ssh_host/a gitlab_rails['gitlab_ssh_host'] = '192.168.26.55' " /data/gitlab/etc/gitlab.rb┌──[root@liruilongs.github.io]-[~] └─$ cat /data/gitlab/etc/gitlab.rb | grep gitlab_ssh_host# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'gitlab_rails['gitlab_ssh_host'] = '192.168.26.55'┌──[root@liruilongs.github.io]-[~]└─$gitlab_rails[gitlab_shell_ssh_port] = 222
┌──[root@liruilongs.github.io]-[~]└─$ cat /data/gitlab/etc/gitlab.rb | grep gitlab_shell_ssh# gitlab_rails['gitlab_shell_ssh_port'] = 22┌──[root@liruilongs.github.io]-[~]└─$ sed -i "/gitlab_shell_ssh_port/a gitlab_rails['gitlab_shell_ssh_port'] = 222" /data/gitlab/etc/gitlab.rb┌──[root@liruilongs.github.io]-[~]└─$ cat /data/gitlab/etc/gitlab.rb | grep gitlab_shell_ssh# gitlab_rails['gitlab_shell_ssh_port'] = 22gitlab_rails[gitlab_shell_ssh_port] = 222┌──[root@liruilongs.github.io]-[~]└─$┌──[root@liruilongs.github.io]-[~]└─$ vim /data/gitlab/data/gitlab-rails/etc/gitlab.yml┌──[root@liruilongs.github.io]-[~]└─$############################## gitlab: ## Web server settings (note: host is the FQDN, do not include ) host: 192.168.26.55 port: 80 https: false改动完了装配邮件此后。如此一来重新启动试管
┌──[root@liruilongs.github.io]-[~]└─$ docker start gitlab–
在宿主机所在的物理机亦会面, ,亦会终端跳转到改动密钥(root公共服务器),如果密钥特设的没有人满足一定的复杂性,则亦会报上500,必需从新特设
暂定进入车头灯
然后我们直观的测试一下,push一个重大项目上去,这底下的重大项目是一个基于hexo的帖子系统设计
重大项目成功完了整版Gitlab
之外的git下令
PS F:logger> git initInitialized empty Git repository in F:/blogger/.git/PS F:logger> git config ---global user.name "Administrator"PS F:logger> git config ---global user.email "admin@example.com"PS F:logger> git remote add origin PS F:logger> git add .PS F:logger> git commit -m "Initial commit"PS F:logger> git push -u origin masterEnumerating objects: 322, done.Counting objects: 100% (322/322), done.Delta compression using up to 8 threadsCompressing objects: 100% (302/302), done.Writing objects: 100% (322/322), 11.31 MiB | 9.22 MiB/s, done.Total 322 (delta 24), reused 0 (delta 0)remote: Resolving deltas: 100% (24/24), done.To * [new branch] master -> masterBranch 'master' set up to track remote branch 'master' from 'origin'.PS F:logger>2.装设装配远程反转仓努harbor示意图我们要装配所有权的docker反转仓努,加进的机器人为:
加载公共服务器端:vms56.liruilongs.github.io:192.168.26.56
这底下仓努我们选项harbor,因为有web关键字,当然也可以用作 registry
harbor的装配harbor的装设用作处理过程
装设并重新启动docker并装设docker-compose
完了整版harbor的在线自带
导向harbor的反转
编辑harbor.yml
改动hostname 为自己的主机名,并不需要文凭必需原文掉https
harbor_admin_password 暂定密钥
装设compose
直通脚本 ./install.sh
在搜索引擎底下输入IP亦会面
docker login IP ---家目录下亦会有一个.docker邮件夹
示意图我们开始装设
首可先必需特设selinux、防火墙
┌──[root@vms56.liruilongs.github.io]-[~]└─#getenforceDisabled┌──[root@vms56.liruilongs.github.io]-[~]└─#systemctl disable firewalld.service ---nowRemoved symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.装设并重新启动docker并装设docker-compose,关于docker-compose,这底下并不需要了解有点多,一个轻量的docker编排辅助工具
┌──[root@vms56.liruilongs.github.io]-[~]└─#yum install -y docker-ce┌──[root@vms56.liruilongs.github.io]-[~]└─#yum install -y docker-compose解压harbor 的微件:harbor-offline-installer-v2.0.6.tgz,导向之外反转
┌──[root@vms56.liruilongs.github.io]-[/]└─#lsbin dev harbor-offline-installer-v2.0.6.tgz lib machine-id mnt proc run srv tmp varboot etc home lib64 media opt root sbin sys usr┌──[root@vms56.liruilongs.github.io]-[/]└─#tar zxvf harbor-offline-installer-v2.0.6.tgzharbor/harbor.v2.0.6.tar.gzharbor/prepareharbor/LICENSEharbor/install.shharbor/common.shharbor/harbor.yml.tmpl┌──[root@vms56.liruilongs.github.io]-[/]└─#docker load -i harbor/harbor.v2.0.6.tar.gz改动装配邮件
┌──[root@vms56.liruilongs.github.io]-[/]└─#cd harbor/┌──[root@vms56.liruilongs.github.io]-[/harbor]└─#lscommon.sh harbor.v2.0.6.tar.gz harbor.yml.tmpl install.sh LICENSE prepare┌──[root@vms56.liruilongs.github.io]-[/harbor]└─#cp harbor.yml.tmpl harbor.yml┌──[root@vms56.liruilongs.github.io]-[/harbor]└─#lscommon.sh harbor.v2.0.6.tar.gz harbor.yml harbor.yml.tmpl install.sh LICENSE prepare┌──[root@vms56.liruilongs.github.io]-[/harbor]└─#vim harbor.yml┌──[root@vms56.liruilongs.github.io]-[/harbor]└─#harbor.yml:特设IP和公共服务器名密钥
4 # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. 5 hostname: 192.168.26.56 6 7 # http related config ....... 12 # https related config 13 #https: 14 # https port for harbor, default is 443 15 # port: 443 16 # The path of cert and key files for nginx 17 # certificate: /your/certificate/path 18 # private_key: /your/private/key/path .... 33 # Remember Change the admin password from UI after launching Harbor. 34 harbor_admin_password: Harbor12345 35 36 # Harbor DB configuration./prepare MaxMax ./install.sh
┌──[root@vms56.liruilongs.github.io]-[/harbor]└─#./prepareprepare base dir is set to /harborWARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to httpsGenerated configuration file: /config/log/logrotate.confGenerated configuration file: /config/log/rsyslog_docker.confGenerated configuration file: /config/nginx/nginx.confGenerated configuration file: /config/core/envGenerated configuration file: /config/core/app.confGenerated configuration file: /config/registry/config.ymlGenerated configuration file: /config/registryctl/envGenerated configuration file: /config/registryctl/config.ymlGenerated configuration file: /config/db/envGenerated configuration file: /config/jobservice/envGenerated configuration file: /config/jobservice/config.ymlGenerated and saved secret to file: /data/secret/keys/secretkeySuccessfully called func: create_root_certGenerated configuration file: /compose_location/docker-compose.ymlClean up the input dir┌──[root@vms56.liruilongs.github.io]-[/harbor]└─#./install.sh[Step 0]: checking if docker is installed ...Note: docker version: 20.10.9[Step 1]: checking docker-compose is installed ...Note: stopping existing Harbor instance ...Removing harbor-jobservice ... doneRemoving nginx ... doneRemoving harbor-core ... doneRemoving registry ... doneCreating harbor-log ... doneRemoving harbor-portal ... doneRemoving redis ... doneRemoving network harbor_harborCreating registry ... doneCreating harbor-core ... doneCreating network "harbor_harbor" with the default driverCreating nginx ... doneCreating redis ...Creating registry ...Creating harbor-portal ...Creating registryctl ...Creating harbor-db ...Creating harbor-core ...Creating harbor-jobservice ...Creating nginx ...✔ 都从--Harbor has been installed and started successfully.都从--┌──[root@vms56.liruilongs.github.io]-[/harbor]└─#查阅之外的反转
┌──[root@vms56.liruilongs.github.io]-[/harbor]└─#docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES0efcf7b83dcf goharbor/nginx-photon:v2.0.6 "nginx -g 'daemon of…" 16 minutes ago Up 16 minutes (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginxee9d418c7cee goharbor/harbor-jobservice:v2.0.6 "/harbor/entrypoint.…" 16 minutes ago Up 16 minutes (healthy) harbor-jobservice6052c481dbd0 goharbor/harbor-core:v2.0.6 "/harbor/entrypoint.…" 16 minutes ago Up 16 minutes (healthy) harbor-core001ff83b037d goharbor/harbor-db:v2.0.6 "/docker-entrypoint.…" 17 minutes ago Up 16 minutes (healthy) 5432/tcp harbor-db2ebc81356ef1 goharbor/harbor-registryctl:v2.0.6 "/home/harbor/start.…" 17 minutes ago Up 16 minutes (healthy) registryctl6ca721c0fa75 goharbor/harbor-portal:v2.0.6 "nginx -g 'daemon of…" 17 minutes ago Up 16 minutes (healthy) 8080/tcp harbor-portal2b06e2cf91ab goharbor/registry-photon:v2.0.6 "/home/harbor/entryp…" 17 minutes ago Up 16 minutes (healthy) 5000/tcp registry2292a20780e2 goharbor/redis-photon:v2.0.6 "redis-server /etc/r…" 17 minutes ago Up 16 minutes (healthy) 6379/tcp redisa0e3e49cf9db goharbor/harbor-log:v2.0.6 "/bin/sh -c /usr/loc…" 17 minutes ago Up 17 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log┌──[root@vms56.liruilongs.github.io]-[/harbor]└─#亦会面的测试
harbor
CI公共服务器端的docker装配这底下因为我们要在192.168.26.55(CI公共服务器端)上push反转到192.168.26.56(私仓),所有必需改动CI公共服务器端上的Docker装配。移除仓努IP
加载公共服务器端: liruilongs.github.io:192.168.26.55
┌──[root@liruilongs.github.io]-[~]└─$ cat /etc/docker/daemon.json{ "registry-mirrors": [""]}┌──[root@liruilongs.github.io]-[~]└─$ vim /etc/docker/daemon.json改动后的装配邮件
┌──[root@liruilongs.github.io]-[~]└─$ cat /etc/docker/daemon.json{ "registry-mirrors": [""], "insecure-registries": ["192.168.26.56"]}写入使其颁布
┌──[root@liruilongs.github.io]-[~]└─$ systemctl daemon-reload┌──[root@liruilongs.github.io]-[~]└─$ systemctl restart docker┌──[root@liruilongs.github.io]-[~]CI机器人直观的测试一下
┌──[root@liruilongs.github.io]-[~]└─$ docker login 192.168.26.56Authenticating with existing credentials...WARNING! Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. See#credentials-storeLogin Succeeded┌──[root@liruilongs.github.io]-[~]└─$ docker tag busybox 192.168.26.56/demo/busybox┌──[root@liruilongs.github.io]-[~]└─$ docker push 192.168.26.56/demo/busyboxUsing default tag: latestThe push refers to repository [192.168.26.56/demo/busybox]cfd97936a580: Pushedlatest: digest: sha256:febcf61cd6e1ac9628f6ac14fa40836d16f3c6ddef3b303ff0321606e55ddd0b size: 527┌──[root@liruilongs.github.io]-[~]└─$push一个反转,可以在私仓的web关键字查阅
harbor
到这底下。我们装配了反转仓努
3.装设装配jenkins加载公共服务器端: liruilongs.github.io:192.168.26.55
反转jenkins拉取
┌──[root@liruilongs.github.io]-[~]└─$ docker pull jenkins/jenkins:centos7-jdk8。。。。。。┌──[root@liruilongs.github.io]-[~]└─$ docker history jenkins/jenkins:centos7-jdk8IMAGE CREATED CREATED BY SIZE COMMENTde64a05279ba 5 days ago LABEL org.opencontainers.image.vendor=Jenkin… 0B buildkit.dockerfile.v0 5 days ago COPY install-plugins.sh /usr/local/bin/insta… 10.6kB buildkit.dockerfile.v0。。。。。。。。。。 5 days ago ARG JENKINS_HOME=/var/jenkins_home 0B buildkit.dockerfile.v0 5 days ago ARG agent_port=50000 0B buildkit.dockerfile.v0 5 days ago ARG http_port=8080 0B buildkit.dockerfile.v0 5 days ago ARG gid=1000 0B buildkit.dockerfile.v0 5 days ago ARG uid=1000 0B buildkit.dockerfile.v0 5 days ago ARG group=jenkins 0B buildkit.dockerfile.v0 5 days ago ARG user=jenkins 0B buildkit.dockerfile.v0 5 days ago RUN |5 TARGETARCH=amd64 COMMIT_SHA=0b797f024… 10.4MB buildkit.dockerfile.v0 5 days ago COPY git_lfs_pub.gpg /tmp/git_lfs_pub.gpg # … 62.5kB buildkit.dockerfile.v0 5 days ago ARG GIT_LFS_VERSION=3.0.1 0B buildkit.dockerfile.v0 5 days ago ARG COMMIT_SHA 0B buildkit.dockerfile.v0 5 days ago ARG TARGETARCH 0B buildkit.dockerfile.v0 5 days ago RUN |2 TARGETARCH=amd64 COMMIT_SHA=0b797f024… 426MB buildkit.dockerfile.v0 5 days ago ARG COMMIT_SHA 0B buildkit.dockerfile.v0 5 days ago ARG TARGETARCH 0B buildkit.dockerfile.v0 5 days ago ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_AL… 0B buildkit.dockerfile.v0 7 weeks ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B 7 weeks ago /bin/sh -c #(nop) LABEL org.label-schema.sc… 0B 7 weeks ago /bin/sh -c #(nop) ADD file:b3ebbe8bd304723d4… 204MB┌──[root@liruilongs.github.io]-[~]└─$–
创设构建卷,改动所设组和公共服务器,和试管底下不同这底下为什么要改成 1000,是因为试管底下是以 jenkins 公共服务器的身份去读写成数据,而在试管底下jenkins 的 uid 是 1000,
┌──[root@liruilongs.github.io]-[~]└─$ mkdir /jenkins MaxMax chown 1000:1000 /jenkins┌──[root@liruilongs.github.io]-[~]└─$ # 这底下为什么要改成 1000,是因为试管底下是以 jenkins 公共服务器的身份去读写成数据,而在试管底下jenkins 的 uid 是 1000,创设创设 jenkins 试管┌──[root@liruilongs.github.io]-[~]└─$ cat jenkins.docker.shdocker run -dit -p 8080:8080 -p 50000:50000 ---name jenkins ---privileged=true ---restart=always -v /jenkins:/var/jenkins_home jenkins/jenkins:centos7-jdk8┌──[root@liruilongs.github.io]-[~]└─$ docker run -dit -p 8080:8080 -p 50000:50000 ---name jenkins ---privileged=true ---restart=always -v /jenkins:/var/jenkins_home jenkins/jenkins:centos7-jdk839afa098c8a56973ce1559d374b058b8e6091175b5b783d613a9f2e356827684┌──[root@liruilongs.github.io]-[~]└─$ docker ps | grep jenkins39afa098c8a5 jenkins/jenkins:centos7-jdk8 "/sbin/tini --- /usr/…" 3 minutes ago Up 2 minutes 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp, 0.0.0.0:50000->50000/tcp, :::50000->50000/tcp jenkins亦会面jenkins
可先打开搜索引擎打开这个关键字,让其codice_一下,直到见到界面
因为要改动 jenkins 的装配,所以此时废弃 jenkins 试管
┌──[root@liruilongs.github.io]-[~]└─$ docker stop jenkinsjenkins更改国内外燕京大学大学反转,Jenkins完了整版GUI都有迟,更改国内外的燕京大学源的反转IP亦会快不少
┌──[root@liruilongs.github.io]-[~]└─$ cat /jenkins/hudson.model.UpdateCenter.xml default ┌──[root@liruilongs.github.io]-[~]└─$┌──[root@liruilongs.github.io]-[~]└─$ sed -i 's#updates.jenkins.io/update-center.json#mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json#g ' /jenkins/hudson.model.UpdateCenter.xml┌──[root@liruilongs.github.io]-[~]└─$ cat /jenkins/hudson.model.UpdateCenter.xml default ┌──[root@liruilongs.github.io]-[~]└─$"" 移除为 ""
yum -y install jq┌──[root@liruilongs.github.io]-[~]└─$ cat /jenkins/updates/default.json | jq '.connectionCheckUrl'""┌──[root@liruilongs.github.io]-[~]└─$ cat /jenkins/updates/default.json | jq 'keys'[ "connectionCheckUrl", "core", "deprecations", "generationTimestamp", "id", "plugins", "signature", "updateCenterVersion", "warnings"]┌──[root@liruilongs.github.io]-[~]└─$ sed -i s###g /jenkins/updates/default.json移除后查阅
┌──[root@liruilongs.github.io]-[~]└─$ cat /jenkins/updates/default.json | jq '.connectionCheckUrl'""┌──[root@liruilongs.github.io]-[~]└─$ cat /jenkins/updates/default.json | jq 'keys'[ "connectionCheckUrl", "core", "deprecations", "generationTimestamp", "id", "plugins", "signature", "updateCenterVersion", "warnings"]┌──[root@liruilongs.github.io]-[~]└─$在此此后docker,备有暂定密匙
┌──[root@liruilongs.github.io]-[~]└─$ docker start jenkinsjenkins┌──[root@liruilongs.github.io]-[~]└─$┌──[root@liruilongs.github.io]-[~]└─$ cat /jenkins/secrets/initialAdminPasswordbe15eaabc4c946de913dd5af8636cae9必需改动jenkins绑定的docker的重新启动匹配,ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2376 -H fd:// ---containerd=/run/containerd/containerd.sock
改动反转努重新启动匹配后必需在此此后docker
┌──[root@vms56.liruilongs.github.io]-[~]└─#systemctl daemon-reload┌──[root@vms56.liruilongs.github.io]-[~]└─#systemctl restart docker装设 docker GUIjenkins之外装配,这底下的装配照着相片就好,必需装配一个docker空降兵供人jenkins来根据Dockerfile协作反转并push到私仓,这底下docker空降兵即为CI公共服务器端的docker
改动反转努重新启动匹配,ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2376 -H fd:// ---containerd=/run/containerd/containerd.sock
相似性docker和jenkins
jenkins 安全性特设右边 gitlab 要和 jenkins 进行不间断,所以必须要必需对 jenkins 的安全性想到一些特设,依序是点选 系统设计管理-简而言之安全性装配-授权方针,勾选"据称公共服务器具备可读职权"
–
移除 JVM 直通匹配 -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true 直通跨站请求亦会面
┌──[root@liruilongs.github.io]-[~]└─$ docker exec -u root -it jenkins bash[root@39afa098c8a5 /]# lsanaconda-post.log bin dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var[root@39afa098c8a5 /]# vi /usr/local/bin/jenkins.sh[root@39afa098c8a5 /]# exitexit┌──[root@liruilongs.github.io]-[~]└─$完了整版kubectlIP辅助工具这底下的话我们要通过jenkins上的kubectlIP连接k8s,所以我们必需装设一个k8s的IPkubectl,完了整版k8sIP
wget ┌──[root@liruilongs.github.io]-[~]└─$ yum install -y kubectl-1.22.2-0 ---disableexcludes=kubernetes拷贝 kubeconfig 邮件然后拷贝kubeconfig 文凭,k8s空降兵底示意图查阅文凭后面,这底下的文凭是早可先创设好的,赌客可以忘了我早可先的篇文章
┌──[root@liruilongs.github.io]-[~]└─$ scp root@192.168.26.81:/root/ansible/k8s-rbac-create/kc1 .Warning: Permanently added '192.168.26.81' (ECDSA) to the list of known hosts.root@192.168.26.81's password:kc1 100% 5566 108.7KB/s 00:00拷贝文凭和k8s空降兵IP辅助工具到jenkins试管内┌──[root@liruilongs.github.io]-[~]└─$ docker cp kc1 jenkins:/┌──[root@liruilongs.github.io]-[~]└─$ docker cp kubectl jenkins:/┌──[root@liruilongs.github.io]-[~]└─$kubectl下令的测试┌──[root@liruilongs.github.io]-[~]└─$ docker exec -u root -it jenkins bash[root@39afa098c8a5 /]# lsanaconda-post.log bin dev etc home kc1 kubectl lib lib64 media mnt opt proc root run sbin srv sys tmp usr var[root@39afa098c8a5 /]# ./kubectl ---kubeconfi=kc1 get pods -AError: unknown flag: ---kubeconfiSee 'kubectl get ---help' for usage.[root@39afa098c8a5 /]# ./kubectl ---kubeconfig=kc1 get pods -AError from server (Forbidden): pods is forbidden: User "liruilong" cannot list resource "pods" in API group "" at the cluster scope发现没有人职权,这底下我们为了只需,如此一来赋予空降兵底示意图的cluster-admin角色
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-rbac-create]└─$kubectl create clusterrolebinding test ---clusterrole=cluster-admin ---user=liruilongclusterrolebinding.rbac.authorization.k8s.io/test created┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-rbac-create]└─$下令的测试没有人难题
[root@39afa098c8a5 /]# ./kubectl ---kubeconfig=kc1 get nodesNAME STATUS ROLES AGE VERSIONvms81.liruilongs.github.io Ready control-plane,master 51d v1.22.2vms82.liruilongs.github.io NotReady 51d v1.22.2vms83.liruilongs.github.io NotReady 51d v1.22.2[root@39afa098c8a5 /]#二 、hexo帖子系统设计CICD实战4. k8s空降兵底示意图装配hexo生产商生态系统设计极高需用我们要协同作战Nginx来直通hexo帖子系统设计,hexo程序代码完了后为一堆一个系统邮件,所以我们必需创设一个svc和一个deploy,用作SVC备有公共服务,用作deploy备有公共服务能力,用作Nginx+hexo的一个系统邮件组成的反转
apiVersion: apps/v1kind: Deploymentmetadata: creationTimestamp: null labels: app: nginx name: nginxdepspec: replicas: 2 selector: matchLabels: app: nginx strategy: {} template: metadata: creationTimestamp: null labels: app: nginx spec: containers: - image: blog name: web resources: requests: cpu: 100m restartPolicy: Alwaysdeployments创设这底下我们可先用一个Nginx反转来正因如此hexo帖子的反转
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$kubectl apply -f nginx.yamldeployment.apps/nginxdep created查阅deployments和pod
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$kubectl get deployments.apps | grep nginxdepnginxdep 2/2 2 2 109s┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$kubectl get pods -o wide | grep web┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$kubectl get pods -o wide | grep nginxdepnginxdep-645bf755b9-2w8jv 1/1 Running 0 2m22s 10.244.171.164 vms82.liruilongs.github.io nginxdep-645bf755b9-jfqxj 1/1 Running 0 2m22s 10.244.171.157 vms82.liruilongs.github.io ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$service创设┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$kubectl expose deploy nginxdep ---port=8888 ---target-port=80 ---type=NodePortservice/nginxdep exposed┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$kubectl get svc -o wide | grep nginxdepnginxdep NodePort 10.106.217.50 8888:31964/TCP 16s app=nginx亦会面的测试没有人难题,此后我们装配好jenkins上的接踵而来器,如此一来移除就OK
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$curl 127.0.0.1:31964Welcome to nginx!html { color-scheme: light dark; }body { width: 35em; margin: 0 auto;font-family: Tahoma, Verdana, Arial, sans-serif; }Welcome to nginx!If you see this page, the nginx web server is successfully installed andworking. Further configuration is required.
For online documentation and support please refer tonginx.org.Commercial support is available atnginx.com.
Thank you for using nginx.
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$5.k8s空降兵装配私仓IP我们通过kubectl set下令新修改版deploy的反转时,备有的反转是通过私仓备有的,所以必需在重新启动匹配移除私仓IP
ExecStart=/usr/bin/dockerd ---insecure-registry 192.168.26.56 -H fd:// ---containerd=/run/containerd/containerd.sock
这底下所有的结点都必需特设后在此此后docker
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$vim /usr/lib/systemd/system/docker.service┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$systemctl daemon-reload ;systemctl restart docker Max[1] 23273┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$ssh root@192.168.26.82Last login: Sun Jan 16 06:09:07 2022 from 192.168.26.1┌──[root@vms82.liruilongs.github.io]-[~]└─$vim /usr/lib/systemd/system/docker.service┌──[root@vms82.liruilongs.github.io]-[~]└─$systemctl daemon-reload ;systemctl restart docker Max[1] 26843┌──[root@vms82.liruilongs.github.io]-[~]└─$exit登出Connection to 192.168.26.82 closed.6.jenkins装配CICD处理过程亦会面jenkins,整整才是重点,我们要的jenkins上装配整个CICD处理过程,从而实现终端化
亦会面jenkins,整整才是重点,我们要的jenkins上装配整个CICD处理过程,从而实现终端化
这底下的Token我们特设为:4bf636c8214b7ff0a0fb,同时必需做到亦会面作法:JENKINS_URL/job/liruilong-cicd/build?token=TOKEN_NAME
协作接踵而来器选项shell协作:克隆预定义
选项反转协作
协作反转并push私仓
这底下切记必需移除私仓的认证个人信息,即上面特设的公共服务器名和密钥
选项shell协作,新修改版反转
之外的文本个人信息
cd ~rm -rf bloggit clone /var/jenkins_home/blog/192.168.26.56/library/blog:${BUILD_NUMBER}export KUBECONFIG=/kc1;/kubectl set image deployment/nginxdep *="192.168.26.56/library/blog:${BUILD_NUMBER}" -n kube-system7.装配 gitlab 和 jenkins 的不间断亦会面gitlab装配不间断
点选上升web钩子
/view/all/job/liruilong-cicd/build?token=
到这底下,不间断仍然装配完了成
8.重写成Dockerfile邮件,新修改版预定义的测试示意图我们程序代码一下hexo,降解public的一个邮件夹,然后完了整版gitlab
PS F:logger> hexo g ..... PS F:logger> git add .public PS F:logger> git commit -m "程序代码预定义" PS F:logger> git push同时必需重写成Dockerfile邮件来创设反转
FROM docker.io/library/nginx:latestMAINTAINER liruilongADD ./public/ /usr/share/nginx/html/EXPOSE 80CMD ["nginx", "-g","daemon off;"]PS F:logger> git add .PS F:logger> git commit -m "Dockcerfile邮件重写成"[master 217e0ed] Dockcerfile邮件重写成 1 file changed, 1 deletion(-) PS F:logger> git push Enumerating objects: 5, done.Counting objects: 100% (5/5), done.Delta compression using up to 8 threadsCompressing objects: 100% (3/3), done.Writing objects: 100% (3/3), 307 bytes | 307.00 KiB/s, done.Total 3 (delta 2), reused 0 (delta 0)To 6690612..217e0ed master -> masterPS F:logger>jenkins输出
Started by remote host 192.168.26.1Running as SYSTEMBuilding in workspace /var/jenkins_home/workspace/liruilong-cicd[liruilong-cicd] $ /bin/sh -xe /tmp/jenkins6108687102523328796.sh+ cd /var/jenkins_home+ rm -rf blog+ git clone Cloning into 'blog'...Docker BuildDocker Build: building image at path /var/jenkins_home/blogStep 1/5 : FROM docker.io/library/nginx:latest 都从> f8f4ffc8092cStep 2/5 : MAINTAINER liruilong 都从> Running in e341b5562b64Removing intermediate container e341b5562b64 都从> 4e9f5aa47ab5Step 3/5 : ADD ./public/ /usr/share/nginx/html/ 都从> 3956cff32507Step 4/5 : EXPOSE 80 都从> Running in b4c27124989dRemoving intermediate container b4c27124989d 都从> ba9d1764d764Step 5/5 : CMD ["nginx", "-g","daemon off;"] 都从> Running in 61dca01a4883Removing intermediate container 61dca01a4883 都从> 2aadc5732a60Successfully built 2aadc5732a60Tagging built image with 192.168.26.56/library/blog:41Docker Build Response : 2aadc5732a60Pushing [192.168.26.56/library/blog:41]The push refers to repository [192.168.26.56/library/blog]89570901cdea: Preparing65e1ea1dc98c: Preparing88891187bdd7: Preparing6e109f6c2f99: Preparing0772cb25d5ca: Preparing525950111558: Preparing476baebdfbf7: Preparing525950111558: Waiting476baebdfbf7: Waiting88891187bdd7: Layer already exists6e109f6c2f99: Layer already exists65e1ea1dc98c: Layer already exists0772cb25d5ca: Layer already exists89570901cdea: Pushing [> ] 301.6kB/28.75MB89570901cdea: Pushing [==> ] 1.193MB/28.75MB476baebdfbf7: Layer already exists525950111558: Layer already exists89570901cdea: Pushing [======> ] 3.917MB/28.75MB89570901cdea: Pushing [==========> ] 5.996MB/28.75MB89570901cdea: Pushing [==============> ] 8.097MB/28.75MB89570901cdea: Pushing [==================> ] 10.76MB/28.75MB89570901cdea: Pushing [=====================> ] 12.57MB/28.75MB89570901cdea: Pushing [========================> ] 13.8MB/28.75MB89570901cdea: Pushing [=========================> ] 14.71MB/28.75MB89570901cdea: Pushing [===========================> ] 15.59MB/28.75MB89570901cdea: Pushing [=============================> ] 16.79MB/28.75MB89570901cdea: Pushing [===============================> ] 18.27MB/28.75MB89570901cdea: Pushing [=================================> ] 19.45MB/28.75MB89570901cdea: Pushing [===================================> ] 20.34MB/28.75MB89570901cdea: Pushing [=====================================> ] 21.55MB/28.75MB89570901cdea: Pushing [=======================================> ] 22.44MB/28.75MB89570901cdea: Pushing [=========================================> ] 23.64MB/28.75MB89570901cdea: Pushing [==========================================> ] 24.52MB/28.75MB89570901cdea: Pushing [============================================> ] 25.42MB/28.75MB89570901cdea: Pushing [==============================================> ] 26.61MB/28.75MB89570901cdea: Pushing [===============================================> ] 27.19MB/28.75MB89570901cdea: Pushing [=================================================> ] 28.69MB/28.75MB89570901cdea: Pushing [==================================================>] 29.32MB89570901cdea: Pushed41: digest: sha256:c90b64945a8d063f7bcdcc39f00f91b6d83acafcd6b2ec6aba5b070474bafc37 size: 1782Cleaning local images [2aadc5732a60]Docker Build Done[liruilong-cicd] $ /bin/sh -xe /tmp/jenkins246013519648603221.sh+ export KUBECONFIG=/kc1+ KUBECONFIG=/kc1+ /kubectl set image deployment/nginxdep '*=192.168.26.56/library/blog:41' -n kube-systemdeployment.apps/nginxdep image updatedFinished: SUCCESS9.亦会面hexo帖子系统设计┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$kubectl get deployments.apps | grep nginxdepnginxdep 2/2 2 2 30h┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$kubectl get pods -o wide | grep nginxdepnginxdep-bddfd9b5f-94d88 1/1 Running 0 110s 10.244.171.142 vms82.liruilongs.github.io nginxdep-bddfd9b5f-z57qc 1/1 Running 0 35m 10.244.171.177 vms82.liruilongs.github.io ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$kubectl get svc -o wide | grep nginxdepnginxdep NodePort 10.106.217.50 8888:31964/TCP 30h app=nginx┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-deploy-create]└─$kubectl describe pods nginxdep-bddfd9b5f-94d88Name: nginxdep-bddfd9b5f-94d88Namespace: kube-systemPriority: 0Node: vms82.liruilongs.github.io/192.168.26.82Start Time: Fri, 04 Feb 2022 03:11:14 +0800Labels: app=nginx pod-template-hash=bddfd9b5fAnnotations: cni.projectcalico.org/podIP: 10.244.171.142/32 cni.projectcalico.org/podIPs: 10.244.171.142/32Status: RunningIP: 10.244.171.142IPs: IP: 10.244.171.142Controlled By: ReplicaSet/nginxdep-bddfd9b5fContainers: web: Container ID: docker://669f48cb626d5067f40bb1aaa378268a7ee9879488b0b298a86271957c162316 Image: 192.168.26.56/library/blog:41 Image ID: docker-pullable://192.168.26.56/library/blog@sha256:c90b64945a8d063f7bcdcc39f00f91b6d83acafcd6b2ec6aba5b070474bafc37 Port: Host Port: State: Running Started: Fri, 04 Feb 2022 03:11:15 +0800 Ready: True Restart Count: 0 Requests: cpu: 100m Environment: Mounts: /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-trn5n (ro)Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled TrueVolumes: kube-api-access-trn5n: Type: Projected (a volume that contains injected data from multiple sources) TokenExpirationSeconds: 3607 ConfigMapName: kube-root-ca.crt ConfigMapOptional: DownwardAPI: trueQoS Class: BurstableNode-Selectors: Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s node.kubernetes.io/unreachable:NoExecute op=Exists for 300sEvents: Type Reason Age From Message 都从-- 都从都从- 都从-- 都从-- 都从都从-- Normal Scheduled 4m10s default-scheduler Successfully assigned kube-system/nginxdep-bddfd9b5f-94d88 to vms82.liruilongs.github.io Normal Pulling 4m9s kubelet Pulling image "192.168.26.56/library/blog:41" Normal Pulled 4m9s kubelet Successfully pulled image "192.168.26.56/library/blog:41" in 67.814838ms Normal Created 4m9s kubelet Created container web Normal Started 4m9s kubelet Started container web亦会面hexo帖子系统设计
。北京妇科专业医院北京看妇科哪家比较好
江苏白癜风治疗费用多少钱
宝鸡白癜风医院地址
云南妇科专科医院哪好
-
晒晒入住半年了新家,温馨又漂亮,偏爱是阳台,是整个小区最美的
新的家整修半年,空调系统三个月,现在入住快速半年了,时间过得真快速啊!一切都是那么的称心如意,都问道竖一次整修会有遗憾,但是无忧也是竖一次整修,只有颜值和欢乐,特别是无忧的屋顶,特别的不起眼,可以问道
-
62岁惠英红罕晒性感照!穿蕾丝吊带半露香肩,2万包包不对放地上
昨日,香港孙俪谢天华在社交跨平台下面世了一组合照,以火辣形象常见崭露头角,并配以“你时说呢?”,再度引起网民热议。 合照里面,谢天华一头黄色面孔,化着淡妆却很典雅。她穿着
- 08-2356直高难小户型也可以美好生活,一进门就被迷住了!
- 08-2341岁张娜拉婚后撒糖!与老公脱下情侣装度蜜月,两人合照难掩幸福
- 08-23老公只不过在飘窗山边挖个洞,打一组柜子,卧室面积直接大了5平方
- 08-23马苏真不知道自己啥身材,两件背心上铺穿有点紧,褶皱裤还挺显瘦的
- 08-23小伙5千淘的小原石,切出高冰“龙头”挂件,朋友欲出高价出售!
- 08-23晒晒我花120块做的干湿转化,邻居看后直接退掉淋浴房,回家重装
- 08-23皮肤暗淡无光,你需要多吃6种食物给脸面英才
- 08-23干净纯粹,简单即高级!外饰设计师sxv7n部分精彩作品欣赏(海耀设计倾听)
- 08-23潮流风向标迫近,“掉粉”的耐克如何留住用户?
- 08-23奢侈品鉴定:《浪姐3》刘恋同款古驰竹节包实乃