摘要:一個(gè)小服務(wù)器加本地一個(gè)閑置從機(jī)撐進(jìn)去這么多東西很顯然爆了,于是把拆出來,用上了公共的云服務(wù)容器鏡像服務(wù)�����。使用對(duì)集群外暴露服務(wù)這里使用的是在中部署有官方部署手冊(cè)��,基本按著走一遍就能部署上去了���。
基于kubernetes+docker+jenkins的DevOps實(shí)踐
之前自己的項(xiàng)目開發(fā)就搭了個(gè)cicd的環(huán)境����,那時(shí)候是在本就小的可憐的服務(wù)器上搭了一套
jenkins + docker registry + docker
見之前的筆記 docker學(xué)習(xí)下面
總的差不多這樣:
之后對(duì)kubernetes的接觸后��,就在之前的基礎(chǔ)上加入kubernetes,其實(shí)也就是在服務(wù)器拉取鏡像docker run的時(shí)候改變?yōu)橥ㄖ?b>kubernetes的apiServer對(duì)提前配置好的項(xiàng)目配置文件xx.yaml進(jìn)行更新kubectl appply -f xx.yaml��,它會(huì)對(duì)配置里的鏡像拉取在多個(gè)pod里運(yùn)行,當(dāng)然還需要對(duì)應(yīng)的service���,如果需要暴露給外部還可以添個(gè)ingress�����。
一個(gè)小服務(wù)器加本地一個(gè)閑置從機(jī)撐進(jìn)去這么多東西很顯然爆了,于是把jenkins , docker registry拆出來,用上了公共的ali云服務(wù)CodePipeline,容器鏡像服務(wù)����。
這里記錄一下。
docker搭建
ubuntu安裝docker官方教程
kubernetes搭建
之前寫的kubernetes學(xué)習(xí)下面有
使用ali云CodePipeline替代jenkins創(chuàng)建任務(wù)
配置->項(xiàng)目名稱:最好為github上代碼的demo項(xiàng)目名稱,這里以bootshiro為例
配置->源碼管理->Git:URL為github上的項(xiàng)目clone url,下面默認(rèn)master分支
配置->構(gòu)建觸發(fā)器->填寫代碼分支:eg:master 點(diǎn)擊生成觸發(fā)器地址留下備用(github webhook配置會(huì)用到)
配置->構(gòu)建項(xiàng)目類型可選maven項(xiàng)目 node python等(按自己需求改編譯打包冊(cè)測(cè)試腳本)
eg: maven項(xiàng)目 編譯打包: mvn package -B -DskipTests 用例測(cè)試: mvn test
配置->鏡像構(gòu)建和發(fā)布: 這里使用ali云的免費(fèi)docker鏡像倉庫
鏡像版本號(hào)最好用jenkins環(huán)境變量標(biāo)記,registry地址證書等就是自己開通的ali云registry地址和賬戶,docker路徑是相對(duì)于當(dāng)前代碼倉庫的Dcokerfile文件路徑,用這個(gè)Dockefile文件來生成鏡像�����。
eg: bootshiro的Dockefile
#VERSION 1.1.0
#基礎(chǔ)鏡像為openjdk:12-alpine
FROM openjdk:12-alpine
#簽名
MAINTAINER tomsun28 "tomsun28@outlook.com"
RUN rm -rf /opt/running/bootshiro*
ADD ./target/bootshiro.jar /opt/running/bootshiro.jar
EXPOSE 8080
WORKDIR /opt/running/
CMD ["java", "-jar", "bootshiro.jar","--spring.profiles.active=prod"]
配置->部署Kubernetes(新): 這里配置對(duì)搭建好的k8s環(huán)境的apiServer連接,之后好使用apiServer對(duì)kubernetes操作
認(rèn)證方式:選擇認(rèn)證證書
API服務(wù)器地址:為apiServer通訊地址
證書:使用docker授權(quán)模式,客戶端Key(key.pem)和客戶端證書(cert.pem)在/etc/kubernetes/admin.conf,服務(wù)端CA證書(ca.pem)在/etc/kubernetes/pki/ca.crt
部署配置文件:為k8s部署這個(gè)項(xiàng)目的配置文件位置���,也是以當(dāng)前項(xiàng)目代碼倉庫為相對(duì)路徑,eg :bootshiro.yaml
# ----------------------bootshiro--------------------- #
# ------bootshiro deployment------ #
kind: Deployment
apiVersion: apps/v1beta2
metadata:
name: bootshiro-deployment
labels:
app: bootshiro
spec:
replicas: 1
selector:
matchLabels:
app: bootshiro
template:
metadata:
labels:
app: bootshiro
spec:
containers:
- name: nginx
image: registry.cn-hangzhou.aliyuncs.com/tomsun28/bootshiro:${BUILD_NUMBER}
ports:
- containerPort: 8080
---
# -------nginx-service--------- #
apiVersion: v1
kind: Service
metadata:
name: bootshiro-service
spec:
# type: NodePort
ports:
- name: server
port: 8080
targetPort: 8080
selector:
app: bootshiro
# !----------------------bootshiro--------------------- #
這里配置部署文件創(chuàng)建了一個(gè)pod實(shí)例�,創(chuàng)建了與其想對(duì)應(yīng)的service在集群內(nèi)部暴露服務(wù)。
如果部署的應(yīng)用需要對(duì)集群外提供服務(wù),這里還要?jiǎng)?chuàng)建對(duì)應(yīng)的暴露服務(wù)的方式�,如ingress, nodeport等
-
到此cicd就差不多了����,我們開發(fā)代碼push到github倉庫上�����,跟著DevOps流程走�����,最后項(xiàng)目就會(huì)自己運(yùn)行到kubernetes集群里面了,pod掛了或者從機(jī)掛了���,k8s會(huì)重新啟保證設(shè)定數(shù)量的pod。
使用ingress對(duì)集群外暴露服務(wù)
這里使用的是traefik-ingress,在kubernetes中部署traefik有官方部署手冊(cè)�����,基本按著走一遍就能部署上去了��。
整合部署的traefik.yaml:
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
namespace: kube-system
---
kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
name: traefik-ingress-controller
namespace: kube-system
labels:
k8s-app: traefik-ingress-lb
spec:
template:
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60
containers:
- image: traefik
name: traefik-ingress-lb
ports:
- name: http
containerPort: 80
hostPort: 80
- name: admin
containerPort: 8080
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
args:
- --api
- --kubernetes
- --logLevel=INFO
---
apiVersion: v1
kind: Service
metadata:
name: traefik-web-ui
namespace: kube-system
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- name: web
port: 80
targetPort: 8080
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik-web-ui
namespace: kube-system
annotations:
kubernetes.io/ingress.class: traefik
traefik.frontend.rule.type: PathPrefixStrip
spec:
rules:
- host: tom.usthe.com
http:
paths:
- path: /ingress
backend:
serviceName: traefik-web-ui
servicePort: web
使用traefik來暴露service:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: chess
namespace: default
annotations:
kubernetes.io/ingress.class: traefik
traefik.frontend.rule.type: PathPrefixStrip
spec:
rules:
- host: tom.usthe.com
http:
paths:
- path: /usthe
backend:
serviceName: usthe-service
servicePort: http
- path: /nginx
backend:
serviceName: nginx
servicePort: http
分享一波阿里云代金券快速上云
轉(zhuǎn)載請(qǐng)注明 from tomsun28
文章版權(quán)歸作者所有����,未經(jīng)允許請(qǐng)勿轉(zhuǎn)載,若此文章存在違規(guī)行為�,您可以聯(lián)系管理員刪除�����。
轉(zhuǎn)載請(qǐng)注明本文地址:http://specialneedsforspecialkids.com/yun/27640.html
