接着上一篇:https://www.cnblogs.com/wwjj4811/p/14590698.html
拉取代碼,構建鏡像
配置nfs
vi /etc/exports
/opt/nfs/jenkins *(rw,no_root_squash)
/opt/nfs/maven *(rw,no_root_squash)
systemctl restart nfs
mkdir -p /opt/nfs/maven
chown -R jenkins:jenkins /opt/nfs/maven
chmod -R 777 /opt/nfs/maven
#這里有點坑,卡了我很長時間,需要給docker.sock777權限,不然jenkins用戶無法執行docker命令
#並且這里需要把每一台k8s機器的docker.sock賦權
cd /run/
chmod 777 docker.sock
配置流水線項目
創建harbor憑證
新建一個流水線項目,配置參數化構建
添加文本參數:
配置流水線腳本:
def git_address = "http://192.168.1.50:82/root/tensquare_back.git"
def git_auth = "070a1a0f-6f41-4b47-8b4e-9621087df6fd"
//構建版本的名稱
def tag = "latest"
//Harbor私服地址
def harbor_url = "192.168.1.52:85"
//Harbor的項目名稱
def harbor_project_name = "tensquare"
//Harbor的憑證
def harbor_auth = "067c32d4-92d1-4d73-bd8b-853dbb5186ee"
//pod模板
podTemplate(label: 'jenkins-slave', cloud: 'kubernetes', containers: [
containerTemplate(
name: 'jnlp',
image: "192.168.1.52:85/library/jenkins-slave-maven:lasted"
),
containerTemplate(
name: 'docker',
image: "docker:stable",
ttyEnabled: true,
command: 'cat'
),
],
volumes: [
hostPathVolume(mountPath: '/var/run/docker.sock', hostPath: '/var/run/docker.sock'),
nfsVolume(mountPath: '/usr/local/apache-maven/repo', serverAddress: '192.168.1.36' , serverPath: '/opt/nfs/maven'),
],
)
{
node("jenkins-slave"){
// 第一步
stage('拉取代碼'){
checkout([$class: 'GitSCM', branches: [[name: '${branch}']],
userRemoteConfigs: [[credentialsId: "${git_auth}", url: "${git_address}"]]])
}
// 第二步
stage('代碼編譯'){
//編譯並安裝公共工程
sh "mvn -f tensquare_common clean install"
}
// 第三步
stage('構建鏡像,部署項目'){
//把選擇的項目信息轉為數組
def selectedProjects = "${project_name}".split(',')
for(int i=0;i<selectedProjects.size();i++){
//取出每個項目的名稱和端口
def currentProject = selectedProjects[i];
//項目名稱
def currentProjectName = currentProject.split('@')[0]
//項目啟動端口
def currentProjectPort = currentProject.split('@')[1]
//定義鏡像名稱注意:在構建過程會發現無法創建倉庫目錄,是因為NFS共享目錄權限不足,需更改權限
//還有Docker命令執行權限問題
//需要手動上傳父工程依賴到NFS的Maven共享倉庫目錄中
//微服務部署到K8S
def imageName = "${currentProjectName}:${tag}"
//編譯,構建本地鏡像
sh "mvn -f ${currentProjectName} clean package dockerfile:build"
container('docker') {
//給鏡像打標簽
sh "docker tag ${imageName} ${harbor_url}/${harbor_project_name}/${imageName}"
//登錄Harbor,並上傳鏡像
withCredentials([usernamePassword(credentialsId: "${harbor_auth}", passwordVariable: 'password', usernameVariable: 'username')]){
//登錄
sh "docker login -u ${username} -p ${password} ${harbor_url}"
//上傳鏡像
sh "docker push ${harbor_url}/${harbor_project_name}/${imageName}"
}
//刪除本地鏡像
sh "docker rmi -f ${imageName}"
sh "docker rmi -f ${harbor_url}/${harbor_project_name}/${imageName}"
}
}
}
}
}
保存,然后我們測試注冊中心的構建:
等待一段時間,第一次部署,會安裝許多maven依賴。
安裝Kubernetes Continuous Deploy插件
安裝完成后,重啟jenkins。
獲取k8s的token
cd ~/.kube/
cat config
創建k8s憑證:把上面config文件的內容復制到content中
修改流水線腳本
def git_address = "http://192.168.1.50:82/root/tensquare_back.git"
def git_auth = "070a1a0f-6f41-4b47-8b4e-9621087df6fd"
//構建版本的名稱
def tag = "latest"
//Harbor私服地址
def harbor_url = "192.168.1.52:85"
//Harbor的項目名稱
def harbor_project_name = "tensquare"
//Harbor的憑證
def harbor_auth = "067c32d4-92d1-4d73-bd8b-853dbb5186ee"
def k8s_auth = "f8de51c5-6d18-4f5b-8e8a-b645f45a750e"
//定義k8s-harbor的憑證
def secret_name = "registry-auth-secret"
//pod模板
podTemplate(label: 'jenkins-slave', cloud: 'kubernetes', containers: [
containerTemplate(
name: 'jnlp',
image: "192.168.1.52:85/library/jenkins-slave-maven:lasted"
),
containerTemplate(
name: 'docker',
image: "docker:stable",
ttyEnabled: true,
command: 'cat'
),
],
volumes: [
hostPathVolume(mountPath: '/var/run/docker.sock', hostPath: '/var/run/docker.sock'),
nfsVolume(mountPath: '/usr/local/apache-maven/repo', serverAddress: '192.168.1.36' , serverPath: '/opt/nfs/maven'),
],
)
{
node("jenkins-slave"){
// 第一步
stage('拉取代碼'){
checkout([$class: 'GitSCM', branches: [[name: '${branch}']],userRemoteConfigs: [[credentialsId: "${git_auth}", url: "${git_address}"]]])
}
// 第二步
stage('代碼編譯'){
//編譯並安裝公共工程
sh "mvn -f tensquare_common clean install"
}
// 第三步
stage('構建鏡像,部署項目'){
//把選擇的項目信息轉為數組
def selectedProjects = "${project_name}".split(',')
for(int i=0;i<selectedProjects.size();i++){
//取出每個項目的名稱和端口
def currentProject = selectedProjects[i];
//項目名稱
def currentProjectName = currentProject.split('@')[0]
//項目啟動端口
def currentProjectPort = currentProject.split('@')[1]
def imageName = "${currentProjectName}:${tag}"
//編譯,構建本地鏡像
sh "mvn -f ${currentProjectName} clean package dockerfile:build"
container('docker') {
//給鏡像打標簽
sh "docker tag ${imageName} ${harbor_url}/${harbor_project_name}/${imageName}"
//登錄Harbor,並上傳鏡像
withCredentials([usernamePassword(credentialsId: "${harbor_auth}", passwordVariable: 'password', usernameVariable: 'username')]){
//登錄
sh "docker login -u ${username} -p ${password} ${harbor_url}"
//上傳鏡像
sh "docker push ${harbor_url}/${harbor_project_name}/${imageName}"
}
//刪除本地鏡像
sh "docker rmi -f ${imageName}"
sh "docker rmi -f ${harbor_url}/${harbor_project_name}/${imageName}"
}
def deploy_image_name = "${harbor_url}/${harbor_project_name}/${imageName}"
//部署到K8S
sh """
sed -i 's#\$IMAGE_NAME#${deploy_image_name}#' ${currentProjectName}/deploy.yml
sed -i 's#\$SECRET_NAME#${secret_name}#' ${currentProjectName}/deploy.yml
"""
kubernetesDeploy configs: "${currentProjectName}/deploy.yml", kubeconfigId: "${k8s_auth}"
}
}
}
}
配置deploy.yml
放到eureka項目的根路徑下面:
---
apiVersion: v1
kind: Service
metadata:
name: eureka
labels:
app: eureka
spec:
type: NodePort
ports:
- port: 10086
name: eureka
targetPort: 10086
selector:
app: eureka
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: eureka
spec:
serviceName: "eureka"
replicas: 2
selector:
matchLabels:
app: eureka
template:
metadata:
labels:
app: eureka
spec:
imagePullSecrets:
- name: $SECRET_NAME
containers:
- name: eureka
image: $IMAGE_NAME
ports:
- containerPort: 10086
env:
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: EUREKA_SERVER
value: "http://eureka-0.eureka:10086/eureka/,http://eureka-1.eureka:10086/eureka/"
- name: EUREKA_INSTANCE_HOSTNAME
value: ${MY_POD_NAME}.eureka
podManagementPolicy: "Parallel"
修改application.yml
server:
port: ${PORT:10086}
spring:
application:
name: eureka
eureka:
server:
# 續期時間,即掃描失效服務的間隔時間(缺省為60*1000ms)
eviction-interval-timer-in-ms: 5000
enable-self-preservation: false
use-read-only-response-cache: false
client:
# eureka client間隔多久去拉取服務注冊信息 默認30s
registry-fetch-interval-seconds: 5
serviceUrl:
defaultZone: ${EUREKA_SERVER:http://127.0.0.1:${server.port}/eureka/}
instance:
# 心跳間隔時間,即發送一次心跳之后,多久在發起下一次(缺省為30s)
lease-renewal-interval-in-seconds: 5
# 在收到一次心跳之后,等待下一次心跳的空檔時間,大於心跳間隔即可,即服務續約到期時間(缺省為90s)
lease-expiration-duration-in-seconds: 10
instance-id: ${EUREKA_INSTANCE_HOSTNAME:${spring.application.name}}:${server.port}@${random.long(1000000,9999999)}
hostname: ${EUREKA_INSTANCE_HOSTNAME:${spring.application.name}}
生成docker憑證
k8s master執行:
docker login -u admin -p Harbor12345 192.168.1.52:85
#生成證書
kubectl create secret docker-registry registry-auth-secret --docker-server=192.168.1.52:85 --docker-username=admin --docker-password=Harbor12345 --docker-email=wj@qq.com
#查看密鑰
kubectl get secret
測試部署
訪問集群暴露的30876端口
可以看到,兩個eureka實例分散的部署到node1和node2節點了
測試部署服務網關zuul
修改zuul網關的eureka連接配置:
網關的deploy.yml文件,放到網關服務的根目錄下
---
apiVersion: v1
kind: Service
metadata:
name: zuul
labels:
app: zuul
spec:
type: NodePort
ports:
- port: 10020
name: zuul
targetPort: 10020
selector:
app: zuul
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: zuul
spec:
serviceName: "zuul"
replicas: 2
selector:
matchLabels:
app: zuul
template:
metadata:
labels:
app: zuul
spec:
imagePullSecrets:
- name: $SECRET_NAME
containers:
- name: zuul
image: $IMAGE_NAME
ports:
- containerPort: 10020
podManagementPolicy: "Parallel"
測試部署網關:
網關服務注冊到eureka:
