代码自动发布--docker版本(20.10.1)+k8s版本(1.20.1)
代码自动发布–docker(20.10.1)+k8s(1.20.1)
PaaS平台
Docker版本(20.10.1) 2020-12-15
k8s版本(1.20.1) 2020-12-19
代码托管:https://github.com/kubernetes/
官方网址:https://kubernetes.io/
pod–容器外壳
service–不是真正的服务是iptables或ipvs中的规则
先创建pod,后创建service,创建service其实就是在iptables或ipvs中添加一条规则,如果访问pod,直接访问service
业务发布逻辑设计图
环境准备
1、dev-server
[root@dev-server ~]# yum -y install git
2、gitlab-server
①在线安装(包太大、不推荐)
[root@gitlab-server ~]# cat > /etc/yum.repos.d/gitlab.repo <
[gitlab]
name=gitlab-ce
baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7
enabled=1
gpgcheck=0
EOF
[root@gitlab-server ~]# yum -y install gitlab-ce
[root@gitlab-server ~]# vim /etc/gitlab/gitlab.rb
[root@gitlab-server ~]# grep -Ev '^#|^$' /etc/gitlab/gitlab.rb
external_url 'http://192.168.1.202'
[root@gitlab-server ~]# gitlab-ctl reconfigure
[root@gitlab-server ~]# gitlab-ctl status
http://192.168.1.202
②预先下载rpm包安装(推荐)
[root@gitlab-server ~]# vim /etc/gitlab/gitlab.rb
external_url 'http://192.168.1.202'
[root@gitlab-server ~]# gitlab-ctl reconfigure
[root@gitlab-server ~]# gitlab-ctl status
http://192.168.1.202
3、jenkins-server
①jdk②maven③jenkins④docker⑤git
①jdk
现jenkins支持的jdk版本[8-11]
[root@jenkins-server ~]# tar xf jdk-8u191-linux-x64.tar.gz
[root@jenkins-server ~]# mv jdk1.8.0_191/ /usr/local/java
[root@jenkins-server ~]# echo "PATH=/usr/local/java/bin:$PATH" >> /etc/profile
[root@jenkins-server ~]# source /etc/profile
[root@jenkins-server ~]# java -version
②maven
[root@jenkins-server ~]# tar xf apache-maven-3.6.3-bin.tar.gz
[root@jenkins-server ~]# mv apache-maven-3.6.3/ /usr/local/maven
[root@jenkins-server ~]# echo "PATH=/usr/local/maven/bin:$PATH" >> /etc/profile
[root@jenkins-server ~]# source /etc/profile
③jenkins
[root@jenkins-server ~]# wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat/jenkins.repo
[root@jenkins-server ~]# rpm --import https://pkg.jenkins.io/redhat/jenkins.io.key
[root@jenkins-server ~]# yum -y install jenkins
或者用清华源下载比较快
[root@jenkins-server ~]# wget https://mirrors.tuna.tsinghua.edu.cn/jenkins/redhat/jenkins-2.272-1.1.noarch.rpm
#添加jdk
[root@jenkins-server ~]# vim /etc/rc.d/init.d/jenkins
/usr/local/java/bin/java
[root@jenkins-server ~]# vim /etc/sysconfig/jenkins
JENKINS_JAVA_CMD="/usr/local/java/bin/java"
#检查是否开机自启动
[root@jenkins-server ~]# chkconfig --list
#如果没有开机自启动
[root@jenkins-server ~]# chkconfig jenkins on
#启动jenkins
[root@jenkins-server ~]# systemctl start jenkins
#更换清华源
[root@jenkins-server ~]# cd /var/lib/jenkins/
[root@jenkins-server jenkins]# vim hudson.model.UpdateCenter.xml
https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json</url>
[root@jenkins-server ~]# systemctl restart jenkins
[root@jenkins-server ~]# cat /var/lib/jenkins/secrets/initialAdminPassword
dbe2f5787a42426388ee25bcb11000e4
http://192.168.1.203:8080
④docker
[root@jenkins-server ~]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
[root@jenkins-server ~]# yum -y install docker-ce
[root@jenkins-server ~]# systemctl start docker
[root@jenkins-server ~]# systemctl enable docker
[root@jenkins-server ~]# docker -v
Docker version 20.10.1, build 831ebea
# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
把上述行时行修改,修改如下:
ExecStart=/usr/bin/dockerd
# cat > /etc/docker/daemon.json <
{
"registry-mirrors": ["https://xk9ak4u9.mirror.aliyuncs.com"],
"insecure-registries": ["http://192.168.1.204"]
}
EOF
[root@jenkins-server ~]# systemctl daemon-reload
[root@jenkins-server ~]# systemctl restart docker
⑤git
[root@jenkins-server ~]# yum -y install git
系统自带,可以更新一下
4、harbor-server
# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
# yum -y install docker-ce
# systemctl start docker
# systemctl enable docker
# docker -v
# vim /usr/lib/systemd/system/docker.service
# cat > /etc/docker/daemon.json <
{
"registry-mirrors": ["https://xk9ak4u9.mirror.aliyuncs.com"],
"insecure-registries": ["http://192.168.1.204"]
}
EOF
# systemctl daemon-reload
# systemctl restart docker
[root@harbor-server ~]# curl -L https://get.daocloud.io/docker/compose/releases/download/1.24.1/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
[root@harbor-server ~]# chmod +x /usr/local/bin/docker-compose
[root@harbor-server ~]# tar xf harbor-offline-installer-v1.8.2.tgz -C /usr/local/
[root@harbor ~]# cd /usr/local/harbor/
[root@harbor ~]# vim harbor.yml
5 hostname: 192.168.1.204
27 harbor_admin_password: 123
[root@harbor harbor]# ./install.sh
http://192.168.1.204
5、web-server k8s集群
# hostnamectl set-hostname master
# hostnamectl set-hostname node1
# hostnamectl set-hostname node2
cat >> /etc/hosts << EOF
192.168.1.205 master
192.168.1.206 node1
192.168.1.207 node2
EOF
防火墙
关闭firewalld
# systemctl stop firewalld
# systemctl disable firewalld
# firewall-cmd --state
not running
安装iptables-services
# yum -y install iptables-services
# systemctl enable iptables
# systemctl start iptables
# iptables -nL
清空iptables规则
# iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
# iptables -P FORWARD ACCEPT
# iptables -nL
# service iptables save
SELinux
# setenforce 0 && sed -ri 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
#重启系统后,查看状态
# sestatus
SELinux status: disabled
swap
#临时关闭
#永久关闭
# swapoff -a && sed -ri 's/.*swap.*/#&/' /etc/fstab
网桥过滤
# cat > /etc/sysctl.d/k8s.conf <
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness = 0
EOF
# sysctl --system
# lsmod | grep br_netfilter
# sysctl -p /etc/sysctl.d/k8s.conf
# cat > /etc/sysconfig/modules/ipvs.modules <
modprobe ip_vs
modprobe ip_vs_rr
modprobe ip_vs_wrr
modprobe ip_vs_sh
modprobe nf_conntrack_ipv4
EOF
# chmod 755 /etc/sysconfig/modules/ipvs.modules
# sh !$
# lsmod |egrep 'ip_vs|nf_conntrack'
k8s
# cat > /etc/yum.repos.d/kubernetes.repo <
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
EOF
docker
# yum install docker-ce -y
# systemctl start docker
# systemctl enable docker
# docker -v
Docker version 20.10.1, build 831ebea
# vim /usr/lib/systemd/system/docker.service
# cat > /etc/docker/daemon.json <
{
"registry-mirrors": ["https://xk9ak4u9.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
# yum -y install kubelet kubeadm kubectl
Installed:
kubeadm.x86_64 0:1.20.1-0
kubectl.x86_64 0:1.20.1-0
kubelet.x86_64 0:1.20.1-0
# systemctl status kubelet
# systemctl enable kubelet
# cat > /etc/sysconfig/kubelet <
KUBELET_EXTRA_ARGS=--cgroup-driver=cgroupfs
EOF
# systemctl daemon-reload
初始化集群
[root@master ~]# kubeadm init --kubernetes-version=1.20.1 --apiserver-advertise-address=192.168.1.201 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.2.0.0/16 --pod-network-cidr=10.3.0.0/16
启动集群–docker(20.10.1)+k8s(1.20.1)
确认kubelet服务启动了
# systemctl status kubelet
# echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >>/etc/profile
#source !$
# kubectl get cs
"http://127.0.0.1:10251/healthz": dial tcp 127.0.0.1:10251:
# kubectl get node
解决kubernetes:v1.18.6-1.19.0 get cs127.0.0.1 connection refused错误
出现这种情况,是/etc/kubernetes/manifests下的kube-controller-manager.yaml和kube-scheduler.yaml设置的默认端口是0,在文件中注释掉就可以了
# vim /etc/kubernetes/manifests/kube-controller-manager.yaml
# vim /etc/kubernetes/manifests/kube-scheduler.yaml
立竿见影,不行就重启systemctl restart kubelet
# kubectl get cs
# kubectl get node
flannel:v0.13.1-rc1-amd64
# docker pull quay.io/coreos/flannel:v0.13.1-rc1-amd64
# docker images
kube-flannel.yml下载失败解决
# cat >> /etc/hosts << EOF
199.232.68.133 raw.githubusercontent.com
EOF
# wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
查看yml文件的docker镜像,看看需不需要打标记或者改yml文件
# docker tag quay.io/coreos/flannel:v0.13.1-rc1-amd64 quay.io/coreos/flannel:v0.13.1-rc1
# kubectl apply -f kube-flannel.yml
# kubectl get cs
# kubectl get node
# kubectl get pods -n kube-system
----作者:小狼
更多文章请
微信关注公众号:Linux云计算运维开发