欢迎来到尧图网

客户服务 关于我们

您的位置:首页 > 汽车 > 维修 > CI/CD(十) Jenkins共享库与k8s集成

CI/CD(十) Jenkins共享库与k8s集成

2025/4/19 0:01:41 来源:https://blog.csdn.net/qq_41369135/article/details/147108788  浏览:    关键词:CI/CD(十) Jenkins共享库与k8s集成

一、创建k8skey(v1.28.2版本)

1、查看k8s集群名称

root@k8s-master:~# kubectl config get-contexts
CURRENT   NAME                          CLUSTER      AUTHINFO           NAMESPACE
*         kubernetes-admin@kubernetes   kubernetes   kubernetes-admin

2、查看集群详细信息

运行以下命令查看集群 kubernetes 的完整配置:

kubectl config view --raw -o jsonpath='{.clusters[?(@.name=="kubernetes")]}'

输出示例:

{"name": "kubernetes","cluster": {"certificate-authority-data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0t...",  # Base64 编码的 CA 证书"server": "https://<API-SERVER-IP>:6443"  # Kubernetes API Server 地址}
}

  • 关键字段

    • certificate-authority-data:集群的 CA 证书(Base64 编码)。

    • server:API Server 的访问地址(如 https://10.51.3.3:6443)。

3、生成新的kubeconfig文件

假设你要为 Jenkins 创建一个专用的 kubeconfig 文件(例如 k8s-config-key-prod-10-60-0-20),步骤如下:

(1)定义变量

# 从现有集群配置中提取信息
CLUSTER_NAME="kubernetes"
API_SERVER=$(kubectl config view --raw -o jsonpath='{.clusters[?(@.name=="kubernetes")].cluster.server}')
CA_CERT=$(kubectl config view --raw -o jsonpath='{.clusters[?(@.name=="kubernetes")].cluster.certificate-authority-data}')# 新 kubeconfig 的路径和名称(根据你的 k8sKey 规则)
K8S_KEY="k8s-config-key-prod-10-60-0-20"
KUBECONFIG_PATH="/opt/k8s-deploy-config/${K8S_KEY}"

(2)创建 ServiceAccount 并获取 Token(推荐用于自动化)

注意:高版本k8s(v1.24)创建serviceAccount时不再自动创建secret,需要手动显示创建

# 创建 ServiceAccount 和权限绑定
kubectl create serviceaccount jenkins-sa -n default
kubectl create clusterrolebinding jenkins-sa-admin \--clusterrole=cluster-admin \--serviceaccount=default:jenkins-sa

 (3)手动创建 Secret 并绑定到 ServiceAccount

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:name: jenkins-sa-token  # Secret 名称namespace: defaultannotations:kubernetes.io/service-account.name: "jenkins-sa"  # 绑定到指定的 ServiceAccount
EOF

(4) 验证 Secret 和 Token

# 查看 ServiceAccount 是否关联了 Secret
kubectl describe serviceaccount jenkins-sa -n default# 获取新创建的 Secret 中的 Token
TOKEN=$(kubectl get secret jenkins-sa-token -n default -o jsonpath='{.data.token}' | base64 -d)

(5) 生成 kubeconfig 文件

cat <<EOF | sudo tee ${KUBECONFIG_PATH}
apiVersion: v1
kind: Config
clusters:
- name: ${CLUSTER_NAME}cluster:certificate-authority-data: ${CA_CERT}server: ${API_SERVER}
users:
- name: jenkins-sauser:token: ${TOKEN}
contexts:
- name: jenkins-contextcontext:cluster: ${CLUSTER_NAME}user: jenkins-sanamespace: default
current-context: jenkins-context
EOF

(6)验证新 kubeconfig 文件

kubectl --kubeconfig /opt/k8s-deploy-config/k8s-config-key-prod-10-60-0-20 get pods

结果如下:

二、build kubectl:v1.28.2镜像

1、windows离线下载

https://dl.k8s.io/release/v1.28.2/bin/linux/amd64/kubectl 此链接直接提供Linux amd64架构的kubectl二进制文件

2、Dockerfile

FROM alpine:3.18# 创建并设置工作目录
WORKDIR /opt/k8sdeploy# 安装 kubectl
COPY kubectl /usr/local/bin/
RUN chmod +x /usr/local/bin/kubectl# 验证安装(使用新版命令)
RUN kubectl version --client# 设置默认命令(仍保留原功能)
CMD ["kubectl", "version"]

 推送到harbor

docker build -t 10.60.0.20:18080/customer-software/kubectl:v1.28.2 . 
docker push 10.60.0.20:18080/customer-software/kubectl:v1.28.2

推送成功修改此处配置:

三、创建基本环境

 1、创建namespace(dev | test)

kubectl create namespace wict-dev

2、创建storgeClass(略)
CI/CD(三) 安装nfs并指定k8s默认storageClass-CSDN博客文章浏览阅读587次,点赞4次,收藏9次。通过以上步骤,可为 Kubernetes 集群提供基于 NFS 的持久化存储支持,解决 "没有存储类" 的问题。 https://blog.csdn.net/qq_41369135/article/details/146444419?spm=1001.2014.3001.5502

3、创建日志pvc

logs-pvc-dev.yml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: logs-pvc-devnamespace: wict-dev
spec:accessModes:- ReadWriteManyresources:requests:storage: 5GistorageClassName: nfs-storage  # 需与集群中可用 StorageClass 匹配
kubectl apply -f /k8s/project/logs/logs-pvc-dev.yml

4、创建harbor-secret

config.json

{"auths":{"10.60.0.20:18080":{"username":"admin","password":"Harbor12345"}}}

base64命令

cat config.json | base64 -w0

harbor-secret.yml

apiVersion: v1
kind: Secret
metadata:name: harbor-secretnamespace: wict-dev
type: kubernetes.io/dockerconfigjson
data:.dockerconfigjson: eyJhdXRocyI6eyIxMC42MC4wLjIwOjE4MDgwIjp7InVzZXJuYW1lIjoiYWRtaW4iLCJwYXNzd29yZCI6IkhhcmJvcjEyMzQ1In19fQ==
kubectl apply -f /k8s/namespace/wict-dev/secret/harbor-secret.yml

所有节点添加私有配置(http)
/etc/docker/daemon.json新增私有仓库,必须新增,不然宿主机登录不了Harbor,或者开启https,才能登录

"insecure-registries": ["10.60.0.20:18080"]

热加载(不用重启docker)

# 发送SIGHUP信号热加载
sudo kill -SIGHUP $(pidof dockerd)

四、执行(后端)

 五、执行(前端)

1、修改部署类型为k8s

2、执行

 

六、访问配置

1、安装ingress-nginx(略)

 手动安装:部署ingress-nginx(国内安装)_ingress-nginx 镜像-CSDN博客

helm安装:CI/CD(六) helm部署ingress-nginx(阿里云)_helm 阿里云 nginx-ingress-CSDN博客

 2、修改yml模板(自动创建相关组件)

后端模版新增service

apiVersion: apps/v1
kind: Deployment
metadata:name: {{obj.param.metadataName}}-{{obj.param.env}}namespace: {{obj.param.metadataNameSpace}}-{{obj.param.env}}
spec:selector:matchLabels:app: {{obj.param.metadataName}}project: {{obj.param.project}}env: {{obj.param.env}}replicas: 1template:metadata:labels:app: {{obj.param.metadataName}}env: {{obj.param.env}}project: {{obj.param.project}}ci: {{obj.param.ci}}spec:terminationGracePeriodSeconds: 60imagePullSecrets:- name: harbor-secret
#      initContainers:
#        - image: harbor.cqxyy.net/wict/skywalking-agent-wiat:v8.16.2
#          name: sw-agent-sidecar
#          imagePullPolicy: IfNotPresent
#          command: ['sh']
#          args: ['-c','mkdir -p /skywalking/agent && cp -r /usr/skywalking/agent/* /skywalking/agent']
#          volumeMounts:
#            - mountPath: /skywalking/agent
#              name: sw-agentcontainers:- name: {{obj.param.metadataName}}image: {{obj.param.containersImage}}imagePullPolicy: Alwaysports:- containerPort: 80name: webprotocol: TCPresources:limits:memory: {{obj.param.resourcesMaxMemory}}requests:memory: 128MilivenessProbe:httpGet:path: {{obj.param.actuator}}port: 80initialDelaySeconds: 60periodSeconds: 10timeoutSeconds: 5failureThreshold: 12readinessProbe:httpGet:path: {{obj.param.actuator}}port: 80initialDelaySeconds: 60periodSeconds: 60timeoutSeconds: 5failureThreshold: 12volumeMounts:- name: logs-pvcsubPath: logsmountPath: /opt/jar/logs- name: sw-agentmountPath: /skywalking/agent- name: date-configmountPath: /etc/localtime{% for obj in obj.param.mountDirList -%}- name: {{obj.name}}mountPath: {{obj.mountPath}}{% endfor %}env:- name: TZvalue: Asia/Shanghai- name: LIMITS_MEMORYvalueFrom:resourceFieldRef:resource: limits.memorydivisor: 1Mi- name: JAVA_OPTSvalue: -XX:+UseContainerSupport -XX:MaxRAMPercentage=60.0 -XX:NativeMemoryTracking=summary {{obj.param.javaOpts}}lifecycle:preStop:exec:command: ["/bin/sh", "-c", "rm -f /opt/jar/logs/dump/{{obj.param.metadataName}}.hprof && jmap -dump:live,format=b,file=/opt/jar/logs/dump/{{obj.param.metadataName}}.hprof $(pgrep java)"]securityContext:fsGroup: 1000volumes:- name: logs-pvcpersistentVolumeClaim:claimName: logs-pvc-{{obj.param.env}}- name: sw-agentemptyDir: {}- name: date-confighostPath:path: /etc/localtime{% for obj in obj.param.mountDirList -%}- name: {{obj.name}}hostPath:path: {{obj.hostPath}}{% endfor %}---
apiVersion: v1
kind: Service
metadata:name: {{obj.param.metadataName}}-{{obj.param.env}}-servicenamespace: {{obj.param.metadataNameSpace}}-{{obj.param.env}}
spec:selector:app: {{obj.param.metadataName}}project: {{obj.param.project}}env: {{obj.param.env}}ports:- protocol: TCPport: 80       # Service 端口targetPort: 80 # Pod 容器端口type: ClusterIP    # 仅集群内访问(由 Ingress 处理外部流量)

前端模板新增service和ingress

apiVersion: apps/v1
kind: Deployment
metadata:name: {{obj.param.metadataName}}-{{obj.param.env}}namespace: {{obj.param.metadataNameSpace}}-{{obj.param.env}}
spec:selector:matchLabels:app: {{obj.param.metadataName}}project: {{obj.param.project}}env: {{obj.param.env}}replicas: 1template:metadata:labels:app: {{obj.param.metadataName}}project: {{obj.param.project}}env: {{obj.param.env}}ci: {{obj.param.ci}}spec:terminationGracePeriodSeconds: 4imagePullSecrets:- name: harbor-secretcontainers:- name: {{obj.param.metadataName}}image: {{obj.param.containersImage}}imagePullPolicy: Alwaysports:- containerPort: {{obj.param.containerPort}}name: webprotocol: TCP---
apiVersion: v1
kind: Service
metadata:name: {{obj.param.metadataName}}-{{obj.param.env}}-servicenamespace: {{obj.param.metadataNameSpace}}-{{obj.param.env}}
spec:selector:app: {{obj.param.metadataName}}project: {{obj.param.project}}env: {{obj.param.env}}ports:- protocol: TCPport: 80       # Service 端口targetPort: {{obj.param.containerPort}} # Pod 容器端口type: ClusterIP    # 仅集群内访问(由 Ingress 处理外部流量)---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: {{obj.param.metadataName}}-{{obj.param.env}}-ingressnamespace: {{obj.param.metadataNameSpace}}-{{obj.param.env}}annotations:nginx.ingress.kubernetes.io/rewrite-target: /$1nginx.ingress.kubernetes.io/use-regex: "true"
spec:ingressClassName: nginx  # 关联 IngressClassrules:- host: {{obj.param.metadataName}}-{{obj.param.env}}.10.60.0.20.nip.io  # 自定义域名http:paths:# 前端路由规则(处理所有非 /prod-api 的请求)- path: /(.*)   # 正则:排除以 /prod-api 开头的路径pathType: Prefixbackend:service:name: {{obj.param.metadataName}}-{{obj.param.env}}-service  # 指向 Service 名称port:number: 80- path: /prod-api/(.*)  # 正则:匹配 /prod-api 前缀并分组后续路径pathType: Prefix  # 必须设置为 ImplementationSpecificbackend:service:name: rc-vue-first-{{obj.param.env}}-service  # 指向 Service 名称port:number: 80

3、访问

验证码没出来,有时间在解决 

版权声明:

本网仅为发布的内容提供存储空间,不对发表、转载的内容提供任何形式的保证。凡本网注明“来源:XXX网络”的作品,均转载自其它媒体,著作权归作者所有,商业转载请联系作者获得授权,非商业转载请注明出处。

我们尊重并感谢每一位作者,均已注明文章来源和作者。如因作品内容、版权或其它问题,请及时与我们联系,联系邮箱:809451989@qq.com,投稿邮箱:809451989@qq.com

相关资讯

热文排行

最新新闻

推荐新闻

热搜词