Shulou(Shulou.com)06/03 Report--

One environment preparation

1 docker warehouse, harbor I use online hub https://hub.docker.com/ to register by myself

2 prepare git warehouse, what I use here is Ciyun https://gitee.com/huningfei/java.git

3 prepare K8s environment, one master and two slaves, can be installed in binary or kubeadmin

Master:172.16.78.103 node1:172.16.78.102 node2:172.16.78.101

4 prepare the jenkins environment, (I deploy directly using the jenkins.war package, or I can deploy jenkins with K8s)

2k8s deployment

I am a reference https://cloud.tencent.com/developer/article/1509412 for rapid deployment with kubeadmin

Turn off iptables and selinux before installation.

1 master node installation

Wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo-O / etc/yum.repos.d/docker-ce.repo 269yum-y install docker-ce-18.06.1.ce-3.el7 271curl-sSL https://get.daocloud.io/daotools/set_mirror.sh | sh-s http://f1361db2.m.daocloud.io 272systemctl enable docker & & systemctl start docker# add kubernetes YUM software source 275cat > / Etc/yum.repos.d/kubernetes.repo / etc/yum.repos.d/kubernetes.repo / proc/sys/net/bridge/bridge-nf-call-iptables#join masterkubeadm join 172.16.78.103 proc/sys/net/bridge/bridge-nf-call-iptables#join masterkubeadm join 6443-- token culxlo.ovuhhraplwritzgh-- discovery-token-ca-cert-hash sha256:3dfb2e64dfc2c603c1cfccceff82dbc1b680b117fdbbe0512889d3a74240a3b8# prompts for error when joining: [ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: / proc/sys/net/bridge/ Bridge-nf-call-iptables contents are not set to 1 [ERROR Swap]: running with swap on is not supported. Please disable swap [preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=..` # solution echo "1" > / proc/sys/net/bridge/bridge-nf-call-iptables

3 finally check the node status of the cluster

Set up jenkins1 install Kubernetes and git,pipeline install these three plug-ins and install maven and docker environment. Yum install maven# install dockerwget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo-O / etc/yum.repos.d/docker-ce.repo yum-y install docker-ce-18.06.1.ce-3.el7 curl-sSL https://get.daocloud.io/daotools/set_mirror.sh | sh-s http://f1361db2.m.daocloud.io systemctl enable docker & & systemctl start docker # one more point to note If your jenkins is started by an ordinary user, you may be prompted for permission problems when building. Change the permissions of / var/run/docker.sock to set jenkins to connect to K8s api.

System Management-system Settings-cloud

Where does the kubernetes service certificate come from?

2-1 if k8s is deployed by kubeadmin, it will be troublesome. Go to the / etc/kubernetes directory and open the admin.conf configuration file. There are three values in the file: certificate-authority-data, client-certificate-data, and client-key-data. Use these three parts to generate certificates. Here, I put all the generated certificates under the tmp directory.

Then go to the tmp directory and generate a ca.crt certificate and a cert.pfx

Openssl pkcs12-export-out cert.pfx-inkey client.key-in client.crt-certfile ca.crt generates a pfx certificate that prompts you for password 111

Then put the contents of the ca.crt in the jenkisn service certificate key.

How do I add credentials?

Click add, select the kind type, then upload the cert.pfx certificate you just generated, and enter the password just now

Finally, to test whether the jenkins can be connected successfully, as shown in the figure

2-2 if your jenkins is directly deployed within K8s, it is relatively simple. You do not need to enter a certificate, as shown in the figure:

2-3 if you are using the binary installation of K8s, this certificate will be generated during the installation process. I tested it with ca.pem and server.pem and found that it can be connected without adding credentials.

Release k8s project with pipeline

The script reads as follows:

/ / Public def registry = "huningfei" / / Project def project = "welcome" def app_name = "demo" def image_name = "${registry} / ${project}: ${BUILD_NUMBER}" def git_address = "https://gitee.com/huningfei/java.git"// Certification def secret_name =" registry-pull-secret "def docker_registry_auth =" 450fb8b4-62c9-43fe-8a69-ec30705e724e "def git_auth =" b363af0fmura96cMur465c- A14e-60f7127727eb "def k8s_auth =" a60b4b7f-2aef-4622-94a5-6efef67c4ac9 "node () {/ / first step stage ('pull substitution code') {checkout ([$class: 'GitSCM' Branches: [[name:'${Branch}']], userRemoteConfigs: [credentialsId: "${git_auth}" Url: "${git_address}"]])} / / second step stage ('code compilation') {sh "mvn clean package-Dmaven.test.skip=true"} / / third step stage ('build image') {withCredentials ([usernamePassword (credentialsId: "${docker_registry_auth}", passwordVariable: 'password') UsernameVariable: 'username')] {sh "echo' FROM lizhenliang/tomcat RUN rm-rf / usr/local/tomcat/webapps/* ADD target/*.war / usr/local/tomcat/webapps/ROOT.war'> Dockerfile docker build-t ${image_name}. Docker login-u ${username}-p'{password} 'docker push ${image_name} "}} / / step 4 stage (' deploy to K8S platform') {sh"sed-I's #\ $IMAGE_NAME#$ {image_name} # 'deploy.yml sed-I' S #\ $SECRET_NAME#$ {secret_name} # 'deploy.yml "kubernetesDeploy configs:' deploy.yml' KubeconfigId: "${k8s_auth}"}}

# Note: the deploy.yml in the script is the file used to deploy K8s. This file must be stored in the gitlab repository in the same level directory as the code.

Where can I get the three certified id above in the script?

After the addition is completed, you can check it in the credential.

Finally, build the project.

You can succeed if you appear below

Then go to k8s-master to see if a new pod container is generated.

View ingress

You can access it by binding host

5 Test to fix a bug, submit code, redeploy

The java project needs to connect to the database, change the address of the database in the configuration file, and then submit the code to rebuild

1 prepare a database and authorize a user

Grant all on *. * to 'demo'@'%'identified by' 123456'

2 modify the address of the connection database in the code

Vim tomcat-java-demo-master/src/main/resources/application.yml url: jdbc:mysql://db-0.mysql:3306/test?characterEncoding=utf-8

3 install mysql, which I create directly with K8s here

[root@sass001 java-demo] # cat mysql.yaml apiVersion: v1kind: Servicemetadata: name: mysql labels: java-demo app: mysqlspec: ports:-port: 3306 name: mysql clusterIP: None selector: project: java-demo app: mysql---apiVersion: apps/v1kind: StatefulSetmetadata: name: dbspec: selector: matchLabels: project: java-demo app: mysql serviceName: "mysql" template: metadata: labels : project: java-demo app: mysql spec: containers:-name: mysql image: mysql:5.7 ports:-containerPort: 3306 env:-name: MYSQL_ROOT_PASSWORD value: "123456" volumeMounts:-mountPath: / var/lib/mysql name: data volumeClaimTemplates:-metadata: Name: data spec: accessModes: ["ReadWriteOnce"] storageClassName: "managed-nfs-storage" resources: requests: storage: 2Gi

Kubectl create-f mysql.yaml

After modifying the code, submit it to the git warehouse, and finally republish the project.

Final test function

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.