KubeSphere3.3.2入门
KubeSphere 是在 Kubernetes 之上构建的以应用为中心的企业级分布式容器平台,提供简单易用的操作界面以及向导式操作方式,在降低用户使用容器调度平台学习成本的同时,极大减轻开发、测试、运维的日常工作的复杂度,旨在解决 Kubernetes 本身存在的存储、网络、安全和易用性等痛点。除此之外,平台已经整合并优化了多个适用于容器场景的功能模块,以完整的解决方案帮助企业轻松应对敏捷开发与自动化运维、DevOps、微服务治理、灰度发布、多租户管理、工作负载和集群管理、监控告警、日志查询与收集、服务与网络、应用商店、镜像构建与镜像仓库管理和存储管理等多种业务场景。后续版本还将提供和支持多集群管理、大数据、人工智能等更为复杂的业务场景。
KubeSphere 从项目初始阶段就采用开源的方式来进行项目的良性发展,相关的项目源代码和文档都在 GitHub 可见。KubeSphere 支持部署和运行在包括公有云、私有云、VM、BM 和 Kubernetes 等任何基础设施之上,并且支持在线安装与离线安装,目前已在 阿里云、腾讯云、华为云、青云、AWS、Kubernetes 上进行过部署测试。
一、系统用户图
二、中间件部署
应用部署需要关注的信息【应用部署三要素】
1、应用的部署方式
2、应用的数据挂载(数据,配置文件)
3、应用的可访问性
1、部署MySQL
1、mysql容器启动
docker run -p 3306:3306 --name mysql-01 \
-v /mydata/mysql/log:/var/log/mysql \
-v /mydata/mysql/data:/var/lib/mysql \
-v /mydata/mysql/conf:/etc/mysql/conf.d \
-e MYSQL_ROOT_PASSWORD=ecJVNdEjcFuZY48E \
--restart=always \
-d mysql:5.7
2、mysql配置示例
[client]
default-character-set=utf8mb4
[mysql]
default-character-set=utf8mb4
[mysqld]
init_connect='SET collation_connection = utf8mb4_unicode_ci'
init_connect='SET NAMES utf8mb4'
character-set-server=utf8mb4
collation-server=utf8mb4_unicode_ci
skip-character-set-client-handshake
lower_case_table_names=1
skip-name-resolve
3、mysql部署分析
4、原始部署方法
4.0 创建mysql配置文件
4.1、服务-创建-有状态服务器
4.2、创建有状态服务器名称 his-mysql-01
4.3、添加镜像
4.4、添加镜像 mysql:5.7,使用默认端口
4.5、添加环境变量,同步主机时区,选择对钩,下一步
4.6、添加持久卷声明模版
4.7、添加配置字典
4.8、存储和配置添加完毕-点击下一步
4.9、点击创建按钮
5.0、创建外部访问NodePort
创建名称
指定工作负载
添加端口
选择NodePort
6.0、测试连接mysql
查看his-mysql-01服务DNS
1、集群内部,直接通过应用的 【服务名.项目名】 直接访问
mysql -uroot -hhis-mysql-01.his -p
[root@k8s-master01 nfs_dir]# kubectl -n his exec -it his-mysql-01-v1-0 bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@his-mysql-v1-0:/# mysql -uroot -hhis-mysql-01.his -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.7.36 MySQL Community Server (GPL)
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
2、集群外部,
6.1、mysql登入失败
[root@k8s-master01 ~]# kubectl -n his get po
NAME READY STATUS RESTARTS AGE
his-mysql-01-v1-0 1/1 Running 1 (8m58s ago) 9m29s
[root@k8s-master01 ~]#
#登入pod
[root@k8s-master01 ~]# kubectl -n his exec -it his-mysql-01-v1-0 bash
root@his-mysql-01-v1-0:/# mysql -u root -p
mysql> use mysql;
--修改root秘密
mysql> update user set authentication_string=passworD("ecJVNdEjcFuZY48E") where user='root';
--查看用户登入权限
mysql> SELECT HOST,USER from user;
--修改登入授权
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'ecJVNdEjcFuZY48E' WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES;
mysql> exit
root@his-mysql-01-v1-0:/# exit
#登入pod
[root@k8s-master01 ~]# kubectl -n his exec -it his-mysql-01-v1-0 bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@his-mysql-01-v1-0:/#
#内部pod登入测试
root@his-mysql-01-v1-0:/# mysql -uroot -hhis-mysql-01.his -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 13
Server version: 5.7.36 MySQL Community Server (GPL)
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
2、部署Redis
1、redis容器启动
#创建配置文件
## 1、准备redis配置文件内容
mkdir -p /mydata/redis/conf && vim /mydata/redis/conf/redis.conf
##配置示例
appendonly yes
port 6379
bind 0.0.0.0
#docker启动redis
docker run -d -p 6379:6379 --restart=always \
-v /mydata/redis/conf/redis.conf:/etc/redis/redis.conf \
-v /mydata/redis-01/data:/data \
--name redis-01 redis:6.2.5 \
redis-server /etc/redis/redis.conf
2、redis部署分析
界面添加创建启动命令
3、部署ElasticSearch
1、es容器启动
# 创建数据目录
mkdir -p /mydata/es-01 && chmod 777 -R /mydata/es-01
# 容器启动
docker run --restart=always -d -p 9200:9200 -p 9300:9300 \
-e "discovery.type=single-node" \
-e ES_JAVA_OPTS="-Xms512m -Xmx512m" \
-v es-config:/usr/share/elasticsearch/config \
-v /mydata/es-01/data:/usr/share/elasticsearch/data \
--name es-01 \
elasticsearch:7.13.4
2、es部署分析
注意: 子路径挂载,配置修改后,k8s不会对其Pod内的相关配置文件进行热更新,需要自己重启Pod
[root@075a91de5863 config]# cat elasticsearch.yml
cluster.name: "docker-cluster"
network.host: 0.0.0.0
[root@075a91de5863 config]# cat jvm.options
################################################################
##
## JVM configuration
##
################################################################
##
## WARNING: DO NOT EDIT THIS FILE. If you want to override the
## JVM options in this file, or set any additional options, you
## should create one or more files in the jvm.options.d
## directory containing your adjustments.
##
## See https://www.elastic.co/guide/en/elasticsearch/reference/current/jvm-options.html
## for more information.
##
################################################################
################################################################
## IMPORTANT: JVM heap size
################################################################
##
## The heap size is automatically configured by Elasticsearch
## based on the available memory in your system and the roles
## each node is configured to fulfill. If specifying heap is
## required, it should be done through a file in jvm.options.d,
## and the min and max should be set to the same value. For
## example, to set the heap to 4 GB, create a new file in the
## jvm.options.d directory containing these lines:
##
## -Xms4g
## -Xmx4g
##
## See https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html
## for more information
##
################################################################
################################################################
## Expert settings
################################################################
##
## All settings below here are considered expert settings. Do
## not adjust them unless you understand what you are doing. Do
## not edit them in this file; instead, create a new file in the
## jvm.options.d directory containing your adjustments.
##
################################################################
## GC configuration
8-13:-XX:+UseConcMarkSweepGC
8-13:-XX:CMSInitiatingOccupancyFraction=75
8-13:-XX:+UseCMSInitiatingOccupancyOnly
## G1GC Configuration
# NOTE: G1 GC is only supported on JDK version 10 or later
# to use G1GC, uncomment the next two lines and update the version on the
# following three lines to your version of the JDK
# 10-13:-XX:-UseConcMarkSweepGC
# 10-13:-XX:-UseCMSInitiatingOccupancyOnly
14-:-XX:+UseG1GC
## JVM temporary directory
-Djava.io.tmpdir=${ES_TMPDIR}
## heap dumps
# generate a heap dump when an allocation from the Java heap fails; heap dumps
# are created in the working directory of the JVM unless an alternative path is
# specified
-XX:+HeapDumpOnOutOfMemoryError
# specify an alternative path for heap dumps; ensure the directory exists and
# has sufficient space
-XX:HeapDumpPath=data
# specify an alternative path for JVM fatal error logs
-XX:ErrorFile=logs/hs_err_pid%p.log
## JDK 8 GC logging
8:-XX:+PrintGCDetails
8:-XX:+PrintGCDateStamps
8:-XX:+PrintTenuringDistribution
8:-XX:+PrintGCApplicationStoppedTime
8:-Xloggc:logs/gc.log
8:-XX:+UseGCLogFileRotation
8:-XX:NumberOfGCLogFiles=32
8:-XX:GCLogFileSize=64m
# JDK 9+ GC logging
9-:-Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m
3、添加环境变量
4、添加子路径的个别子文件(jvm.options和elasticsearch.yml)
/usr/share/elasticsearch/config/elasticsearch.yml
/usr/share/elasticsearch/config/jvm.options
4、应用商店
可以使用 dev-zhao 登录,从应用商店部署
5、应用仓库
使用企业空间管理员(wuhan-boss)登录,设置应用仓库
学习Helm即可,去helm的应用市场添加一个仓库地址,比如:bitnami
charts.bitnami.com/bitnami
三、DevOps入门
1.Maven设置阿里云
配置字典-ks-devops-agent-编辑配置- MavenSetting( 下面新增)
nexus-aliyun
central
Nexus aliyun
http://maven.aliyun.com/nexus/content/groups/public
2.创建DevOps项目
2.1 平台管理-访问控制-企业空间-shenzhen-DevOps项目-创建
2.2 创建流水线 -下一步-创建
2.3编辑流水线-选择模版(我选择CI/CD)-下一步-创建-确定
2.4 流水线初步搭建
四、DevOps编辑流水线
使用图形编辑面板创建流水线
1.podTemplate介绍
KubeSphere 内置了 4 种类型的 podTemplate:base、nodejs、maven 和 go,并且在 Pod 中提供隔离的 Docker 环境。
base
| 名称 | 类型 / 版本 |
|---|---|
| Jenkins Agent 标签 | base |
| 容器名称 | base |
| 操作系统 | centos-7 |
| Docker | 18.06.0 |
| Helm | 2.11.0 |
| Kubectl | 稳定版 |
| 内置工具 | unzip、which、make、wget、zip、bzip2、git |
nodejs
| 名称 | 类型 / 版本 |
|---|---|
| Jenkins Agent 标签 | nodejs |
| 容器名称 | nodejs |
| 操作系统 | centos-7 |
| Node | 9.11.2 |
| Yarn | 1.3.2 |
| Docker | 18.06.0 |
| Helm | 2.11.0 |
| Kubectl | 稳定版 |
| 内置工具 | unzip、which、make、wget、zip、bzip2、git |
maven
| 名称 | 类型 / 版本 |
|---|---|
| Jenkins Agent 标签 | maven |
| 容器名称 | maven |
| 操作系统 | centos-7 |
| Jdk | openjdk-1.8.0 |
| Maven | 3.5.3 |
| Docker | 18.06.0 |
| Helm | 2.11.0 |
| Kubectl | 稳定版 |
| 内置工具 | unzip、which、make、wget、zip、bzip2、git |
go
| 名称 | 类型 / 版本 |
|---|---|
| Jenkins Agent 标签 | go |
| 容器名称 | go |
| 操作系统 | centos-7 |
| Go | 1.11 |
| GOPATH | /home/jenkins/go |
| GOROOT | /usr/local/go |
| Docker | 18.06.0 |
| Helm | 2.11.0 |
| Kubectl | 稳定版 |
| 内置工具 | unzip、which、make、wget、zip、bzip2、git |
2.拉取代码
编辑流水线-添加步骤-指定容器-maven
添加嵌套步骤-git-创建凭证
添加嵌套步骤-shell-ls-确定后-运行测试
3.项目编译
添加步骤-指定容器-maven
添加嵌套步骤-shell
mvn clean package -Dmaven.test.skip=true
4.项目打包
#docker build -t 镜像名称 -f 指定的Dockerfile文件 工作目录
docker build -t hospital-manage:latest -f hospital-manage/Dockerfile ./hospital-manage
5.推送镜像
编辑流水线-添加嵌套步骤-添加凭证-创建凭证
创建变量
Jenkinsfile
pipeline {
agent {
node {
label 'maven'
}
}
stages {
stage('拉取镜像') {
agent none
steps {
container('maven') {
git(credentialsId: 'gitee-id', url: 'https://gitee.com/rw001/yygh-parent.git', branch: 'master', changelog: true, poll: false)
}
}
}
stage('项目编译') {
agent none
steps {
container('maven') {
sh 'mvn clean package -Dmaven.test.skip=true'
sh 'ls'
}
}
}
stage('default-2') {
parallel {
stage('构建hospital-manage镜像,构建server-gateway镜像') {
agent none
steps {
container('maven') {
sh 'docker build -t hospital-manage:latest -f hospital-manage/Dockerfile ./hospital-manage'
sh 'docker build -t server-gateway:latest -f server-gateway/Dockerfile ./server-gateway'
}
}
}
stage('构建service-cmn镜像,构建service-hosp镜像') {
agent none
steps {
container('maven') {
sh 'docker build -t service-cmn:latest -f service/service-cmn/Dockerfile ./service/service-cmn'
sh 'docker build -t service-hosp:latest -f service/service-hosp/Dockerfile ./service/service-hosp'
}
}
}
stage('构建service-order镜像和构建service-oss镜像') {
agent none
steps {
container('maven') {
sh 'docker build -t service-order:latest -f service/service-order/Dockerfile ./service/service-order'
sh 'docker build -t service-oss:latest -f service/service-oss/Dockerfile ./service/service-oss'
}
}
}
stage('构建service-sms镜像和构建service-task镜像') {
agent none
steps {
container('maven') {
sh 'docker build -t service-sms:latest -f service/service-sms/Dockerfile ./service/service-sms'
sh 'docker build -t service-task:latest -f service/service-task/Dockerfile ./service/service-task'
}
}
}
stage('构建service-statistics和构建service-user镜像') {
agent none
steps {
container('maven') {
sh 'docker build -t service-statistics:latest -f service/service-statistics/Dockerfile ./service/service-statistics'
sh 'docker build -t service-user:latest -f service/service-user/Dockerfile ./service/service-user'
}
}
}
}
}
stage('default-3') {
parallel {
stage('推送镜像01') {
agent none
steps {
container('maven') {
withCredentials([usernamePassword(credentialsId : 'harbor-id' ,passwordVariable : 'HARBOR_PASSWD_VAR' ,usernameVariable : 'HARBOR_NAME_VAR' ,)]) {
sh 'docker tag hospital-manage:latest $REGISTRY/$DOCKERHUB_NAMESPACE/hospital-manage:SNAPSHOT-$BUILD_NUMBER '
sh 'docker tag server-gateway:latest $REGISTRY/$DOCKERHUB_NAMESPACE/server-gateway:SNAPSHOT-$BUILD_NUMBER '
sh 'docker tag service-cmn:latest $REGISTRY/$DOCKERHUB_NAMESPACE/service-cmn:SNAPSHOT-$BUILD_NUMBER '
sh 'docker tag service-hosp:latest $REGISTRY/$DOCKERHUB_NAMESPACE/service-hosp:SNAPSHOT-$BUILD_NUMBER '
sh 'echo "$HARBOR_PASSWD_VAR" | docker login $REGISTRY -u "$HARBOR_NAME_VAR" --password-stdin'
sh 'docker push $REGISTRY/$DOCKERHUB_NAMESPACE/hospital-manage:SNAPSHOT-$BUILD_NUMBER '
sh 'docker push $REGISTRY/$DOCKERHUB_NAMESPACE/server-gateway:SNAPSHOT-$BUILD_NUMBER '
sh 'docker push $REGISTRY/$DOCKERHUB_NAMESPACE/service-cmn:SNAPSHOT-$BUILD_NUMBER '
sh 'docker push $REGISTRY/$DOCKERHUB_NAMESPACE/service-hosp:SNAPSHOT-$BUILD_NUMBER '
}
}
}
}
stage('推送镜像02') {
agent none
steps {
container('maven') {
withCredentials([usernamePassword(credentialsId : 'harbor-id' ,passwordVariable : 'HARBOR_PASSWD_VAR' ,usernameVariable : 'HARBOR_NAME_VAR' ,)]) {
sh 'docker tag service-order:latest $REGISTRY/$DOCKERHUB_NAMESPACE/service-order:SNAPSHOT-$BUILD_NUMBER '
sh 'docker tag service-oss:latest $REGISTRY/$DOCKERHUB_NAMESPACE/service-oss:SNAPSHOT-$BUILD_NUMBER '
sh 'docker tag service-sms:latest $REGISTRY/$DOCKERHUB_NAMESPACE/service-sms:SNAPSHOT-$BUILD_NUMBER '
sh 'echo "$HARBOR_PASSWD_VAR" | docker login $REGISTRY -u "$HARBOR_NAME_VAR" --password-stdin'
sh 'docker push $REGISTRY/$DOCKERHUB_NAMESPACE/service-order:SNAPSHOT-$BUILD_NUMBER '
sh 'docker push $REGISTRY/$DOCKERHUB_NAMESPACE/service-oss:SNAPSHOT-$BUILD_NUMBER '
sh 'docker push $REGISTRY/$DOCKERHUB_NAMESPACE/service-sms:SNAPSHOT-$BUILD_NUMBER '
}
}
}
}
stage('推送镜像03') {
agent none
steps {
container('maven') {
withCredentials([usernamePassword(credentialsId : 'harbor-id' ,passwordVariable : 'HARBOR_PASSWD_VAR' ,usernameVariable : 'HARBOR_NAME_VAR' ,)]) {
sh 'docker tag service-statistics:latest $REGISTRY/$DOCKERHUB_NAMESPACE/service-statistics:SNAPSHOT-$BUILD_NUMBER '
sh 'docker tag service-task:latest $REGISTRY/$DOCKERHUB_NAMESPACE/service-task:SNAPSHOT-$BUILD_NUMBER '
sh 'docker tag service-user:latest $REGISTRY/$DOCKERHUB_NAMESPACE/service-user:SNAPSHOT-$BUILD_NUMBER '
sh 'echo "$HARBOR_PASSWD_VAR" | docker login $REGISTRY -u "$HARBOR_NAME_VAR" --password-stdin'
sh 'docker push $REGISTRY/$DOCKERHUB_NAMESPACE/service-statistics:SNAPSHOT-$BUILD_NUMBER '
sh 'docker push $REGISTRY/$DOCKERHUB_NAMESPACE/service-task:SNAPSHOT-$BUILD_NUMBER '
sh 'docker push $REGISTRY/$DOCKERHUB_NAMESPACE/service-user:SNAPSHOT-$BUILD_NUMBER '
}
}
}
}
}
}
stage('测试安装k8s') {
agent none
steps {
container('maven') {
withCredentials([
kubeconfigFile(
credentialsId: env.KUBECONFIG_CREDENTIAL_ID,
variable: 'KUBECONFIG')
]) {
sh 'envsubst < rw.yaml | kubectl apply -f -'
}
}
}
}
}
environment {
DOCKER_CREDENTIAL_ID = 'dockerhub-id'
GITHUB_CREDENTIAL_ID = 'github-id'
KUBECONFIG_CREDENTIAL_ID = 'demo-kubeconfig'
REGISTRY = '192.168.2.220:30012'
DOCKERHUB_NAMESPACE = 'yygh-parent'
ALIYUNHUB_NAMESPACE = 'yygh-parent'
GITHUB_ACCOUNT = 'kubesphere'
APP_NAME = 'devops-java-sample'
}
parameters {
string(name: 'TAG_NAME', defaultValue: '', description: '')
}
}
五、SonarQube 安装
1.执行以下命令安装 SonarQube 服务
helm upgrade --install sonarqube sonarqube --repo https://charts.kubesphere.io/main -n kubesphere-devops-system --create-namespace --set service.type=NodePort
2.检查SonarQube 服务
[root@k8s-master01 ~]# kubectl -n kubesphere-devops-system get po |grep sonarqube
sonarqube-postgresql-0 1/1 Running 0 3m14s
sonarqube-sonarqube-84f6585f85-tngqw 1/1 Running 0 3m16s
3.获取 SonarQube 控制台地址
- 执行以下命令以获取 SonarQube NodePort。
export NODE_PORT=$(kubectl get --namespace kubesphere-devops-system -o jsonpath="{.spec.ports[0].nodePort}" services sonarqube-sonarqube)
export NODE_IP=$(kubectl get nodes --namespace kubesphere-devops-system -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
2.您可以获得如下输出(本示例中端口号为 31859,可能与您的端口号不同):
http://192.168.2.220:31859
- 在浏览器中访问 SonarQube 控制台 http://:。
- 点击右上角的 Log in,然后使用默认帐户 admin/admin 登录。
备注
取决于您的实例的部署位置,您可能需要设置必要的端口转发规则,并在您的安全组中放行该端口,以便访问 SonarQube
4.配置 SonarQube 服务器
步骤 1:创建 SonarQube 管理员令牌 (Token)
- 点击右上角字母 A,然后从菜单中选择 My Account 以转到 Profile 页面。
- 点击 Security 并输入令牌名称,例如 kubesphere。
3.点击 Generate 并复制此令牌
df75c714aee065490a646b388670f255a9b79b63
步骤 2:创建 Webhook 服务器
- 执行以下命令获取 SonarQube Webhook 的地址。
export NODE_PORT=$(kubectl get --namespace kubesphere-devops-system -o jsonpath="{.spec.ports[0].nodePort}" services devops-jenkins)
export NODE_IP=$(kubectl get nodes --namespace kubesphere-devops-system -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT/sonarqube-webhook/
- 预期输出结果:
http://192.168.2.220:30180/sonarqube-webhook/
- 依次点击 Administration、Configuration 和 Webhooks 创建一个 Webhook。
4.点击 Create。
- 在弹出的对话框中输入 Name 和 Jenkins Console URL(即 SonarQube Webhook 地址)。点击 Create 完成操作。
步骤 4:将 SonarQube 配置添加到 ks-installer
- 执行以下命令编辑 ks-installer。
kubectl edit cc -n kubesphere-system ks-installer
- 搜寻至 devops。添加字段 sonarqube 并在其下方指定 externalSonarUrl 和 externalSonarToken。
devops:
enabled: true
jenkinsJavaOpts_MaxRAM: 2g
jenkinsJavaOpts_Xms: 512m
jenkinsJavaOpts_Xmx: 512m
jenkinsMemoryLim: 2Gi
jenkinsMemoryReq: 1500Mi
jenkinsVolumeSize: 8Gi
sonarqube: # Add this field manually.
externalSonarUrl: http://192.168.2.220:31859 # The SonarQube IP address.
externalSonarToken: df75c714aee065490a646b388670f255a9b79b63 # The SonarQube admin token created above.
- 完成操作后保存此文件。
步骤 5:将 SonarQube 服务器添加至 Jenkins
- 执行以下命令获取 Jenkins 的地址。
export NODE_PORT=$(kubectl get --namespace kubesphere-devops-system -o jsonpath="{.spec.ports[0].nodePort}" services devops-jenkins)
export NODE_IP=$(kubectl get nodes --namespace kubesphere-devops-system -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
- 您可以获得以下输出,获取 Jenkins 的端口号。
http://192.168.2.220:30180
- 请使用地址 http://:30180 访问 Jenkins。安装 KubeSphere 时,默认情况下也会安装 Jenkins 仪表板。此外,Jenkins 还配置有 KubeSphere LDAP,这意味着您可以直接使用 KubeSphere 帐户(例如 admin/P@88w0rd)登录 Jenkins。有关配置 Jenkins 的更多信息,请参见 Jenkins 系统设置。备注取决于您的实例的部署位置,您可能需要设置必要的端口转发规则,并在您的安全组中放行端口 30180,以便访问 Jenkins。
- 点击左侧导航栏中的系统管理。
- 向下翻页找到并点击系统配置。
- 搜寻到 SonarQube servers,然后点击 Add SonarQube。
- 输入 Name 和 Server URL (http://:)。点击添加,选择 Jenkins,然后在弹出的对话框中用 SonarQube 管理员令牌创建凭证(如下方第二张截图所示)。创建凭证后,从 Server authentication token 旁边的下拉列表中选择该凭证。点击应用完成操作。
步骤 6:将 sonarqubeURL 添加到 KubeSphere 控制台
您需要指定 sonarqubeURL,以便可以直接从 KubeSphere 控制台访问 SonarQube。
- 执行以下命令:
kubectl edit cm -n kubesphere-system ks-console-config
- 搜寻到 data.client.enableKubeConfig,在下方添加 devops 字段并指定 sonarqubeURL。
client:
enableKubeConfig: true
devops: # 手动添加该字段。
sonarqubeURL: http://192.168.2.220:31377 # SonarQube IP 地址。
- 保存该文件。
步骤 7:重启服务
执行以下命令。
kubectl -n kubesphere-devops-system rollout restart deploy devops-apiserver
kubectl -n kubesphere-system rollout restart deploy ks-console
5.为新项目创建 SonarQube Token
您需要一个 SonarQube 令牌,以便您的流水线可以在运行时与 SonarQube 通信。
- 在 SonarQube 控制台上,点击 Add a project。
单击Manually
2.输入项目密钥,例如 java-demo,然后点击 Set Up。
3.输入项目名称,例如 java-sample,然后点击 Generate。
- 创建令牌后,点击 Continue。
5.分别选择 Java 和 Maven。复制下图所示绿色框中的序列号,如果要在流水线中使用,则需要在凭证中添加此序列号。
-Dsonar.login=651d44c7c83f1c0a93e1cb5b87902b9e03c06b8b
6.流水线添加sonar参考官网
https://www.kubesphere.io/zh/docs/v3.3/devops-user-guide/how-to-use/pipelines/create-a-pipeline-using-graphical-editing-panel/
7.设置电子邮件服务器
-
点击左上角的平台管理,然后选择集群管理。
-
如果您已经启用多集群功能并已导入成员集群,那么您可以选择一个特定集群以查看其节点。如果尚未启用该功能,请直接参考下一步。
-
转到应用负载下的工作负载,然后从下拉列表中选择 kubesphere-devops-system 项目。点击 devops-jenkins 右侧的 并选择编辑 YAML 以编辑其 YAML 配置文件。
-
向下滚动到下图所示的需要指定的字段。完成修改后,点击确定以保存。
- name: kubernetes.request.timeout value: '60000' - name: EMAIL_SMTP_HOST value: smtp.qq.com - name: EMAIL_SMTP_PORT value: '465' - name: EMAIL_USE_SSL value: 'true' - name: EMAIL_FROM_NAME value: KubeSphere - name: EMAIL_FROM_ADDR value: [email protected] - name: EMAIL_FROM_PASS value: mkahvbasdadqgnhjbdfh
环境变量名称 描述信息
EMAIL_SMTP_HOST SMTP 服务器地址
EMAIL_SMTP_PORT SMTP 服务器端口(如:25)
EMAIL_FROM_ADDR 电子邮件发件人地址
EMAIL_FROM_NAME 电子邮件发件人姓名
EMAIL_FROM_PASS 电子邮件发件人密码
EMAIL_USE_SSL 是否启用 SSL 配置
8Jenkinsfile
pipeline {
agent {
node {
label 'maven'
}
}
stages {
stage('拉取镜像') {
agent none
steps {
container('maven') {
git(credentialsId: 'gitee-id', url: 'https://gitee.com/rw001/yygh-parent.git', branch: 'master', changelog: true, poll: false)
}
}
}
stage('项目编译') {
agent none
steps {
container('maven') {
sh 'mvn clean package -Dmaven.test.skip=true'
sh 'ls'
}
}
}
stage('代码质量检测') {
agent none
steps {
container('maven') {
withCredentials([string(credentialsId : 'sonar-token' ,variable : 'SONAR_TOKEN' ,)]) {
withSonarQubeEnv('sonar') {
sh '''mvn sonar:sonar -Dsonar.login=$SONAR_TOKEN
'''
}
}
}
}
}
stage('default-2') {
parallel {
stage('构建hospital-manage镜像,构建server-gateway镜像') {
agent none
steps {
container('maven') {
sh 'docker build -t hospital-manage:latest -f hospital-manage/Dockerfile ./hospital-manage'
sh 'docker build -t server-gateway:latest -f server-gateway/Dockerfile ./server-gateway'
}
}
}
stage('构建service-cmn镜像,构建service-hosp镜像') {
agent none
steps {
container('maven') {
sh 'docker build -t service-cmn:latest -f service/service-cmn/Dockerfile ./service/service-cmn'
sh 'docker build -t service-hosp:latest -f service/service-hosp/Dockerfile ./service/service-hosp'
}
}
}
stage('构建service-order镜像和构建service-oss镜像') {
agent none
steps {
container('maven') {
sh 'docker build -t service-order:latest -f service/service-order/Dockerfile ./service/service-order'
sh 'docker build -t service-oss:latest -f service/service-oss/Dockerfile ./service/service-oss'
}
}
}
stage('构建service-sms镜像和构建service-task镜像') {
agent none
steps {
container('maven') {
sh 'docker build -t service-sms:latest -f service/service-sms/Dockerfile ./service/service-sms'
sh 'docker build -t service-task:latest -f service/service-task/Dockerfile ./service/service-task'
}
}
}
stage('构建service-statistics和构建service-user镜像') {
agent none
steps {
container('maven') {
sh 'docker build -t service-statistics:latest -f service/service-statistics/Dockerfile ./service/service-statistics'
sh 'docker build -t service-user:latest -f service/service-user/Dockerfile ./service/service-user'
}
}
}
}
}
stage('default-3') {
parallel {
stage('推送镜像01') {
agent none
steps {
container('maven') {
withCredentials([usernamePassword(credentialsId : 'harbor-id' ,passwordVariable : 'HARBOR_PASSWD_VAR' ,usernameVariable : 'HARBOR_NAME_VAR' ,)]) {
sh 'docker tag hospital-manage:latest $REGISTRY/$DOCKERHUB_NAMESPACE/hospital-manage:SNAPSHOT-$BUILD_NUMBER '
sh 'docker tag server-gateway:latest $REGISTRY/$DOCKERHUB_NAMESPACE/server-gateway:SNAPSHOT-$BUILD_NUMBER '
sh 'docker tag service-cmn:latest $REGISTRY/$DOCKERHUB_NAMESPACE/service-cmn:SNAPSHOT-$BUILD_NUMBER '
sh 'docker tag service-hosp:latest $REGISTRY/$DOCKERHUB_NAMESPACE/service-hosp:SNAPSHOT-$BUILD_NUMBER '
sh 'echo "$HARBOR_PASSWD_VAR" | docker login $REGISTRY -u "$HARBOR_NAME_VAR" --password-stdin'
sh 'docker push $REGISTRY/$DOCKERHUB_NAMESPACE/hospital-manage:SNAPSHOT-$BUILD_NUMBER '
sh 'docker push $REGISTRY/$DOCKERHUB_NAMESPACE/server-gateway:SNAPSHOT-$BUILD_NUMBER '
sh 'docker push $REGISTRY/$DOCKERHUB_NAMESPACE/service-cmn:SNAPSHOT-$BUILD_NUMBER '
sh 'docker push $REGISTRY/$DOCKERHUB_NAMESPACE/service-hosp:SNAPSHOT-$BUILD_NUMBER '
}
}
}
}
stage('推送镜像02') {
agent none
steps {
container('maven') {
withCredentials([usernamePassword(credentialsId : 'harbor-id' ,passwordVariable : 'HARBOR_PASSWD_VAR' ,usernameVariable : 'HARBOR_NAME_VAR' ,)]) {
sh 'docker tag service-order:latest $REGISTRY/$DOCKERHUB_NAMESPACE/service-order:SNAPSHOT-$BUILD_NUMBER '
sh 'docker tag service-oss:latest $REGISTRY/$DOCKERHUB_NAMESPACE/service-oss:SNAPSHOT-$BUILD_NUMBER '
sh 'docker tag service-sms:latest $REGISTRY/$DOCKERHUB_NAMESPACE/service-sms:SNAPSHOT-$BUILD_NUMBER '
sh 'echo "$HARBOR_PASSWD_VAR" | docker login $REGISTRY -u "$HARBOR_NAME_VAR" --password-stdin'
sh 'docker push $REGISTRY/$DOCKERHUB_NAMESPACE/service-order:SNAPSHOT-$BUILD_NUMBER '
sh 'docker push $REGISTRY/$DOCKERHUB_NAMESPACE/service-oss:SNAPSHOT-$BUILD_NUMBER '
sh 'docker push $REGISTRY/$DOCKERHUB_NAMESPACE/service-sms:SNAPSHOT-$BUILD_NUMBER '
}
}
}
}
stage('推送镜像03') {
agent none
steps {
container('maven') {
withCredentials([usernamePassword(credentialsId : 'harbor-id' ,passwordVariable : 'HARBOR_PASSWD_VAR' ,usernameVariable : 'HARBOR_NAME_VAR' ,)]) {
sh 'docker tag service-statistics:latest $REGISTRY/$DOCKERHUB_NAMESPACE/service-statistics:SNAPSHOT-$BUILD_NUMBER '
sh 'docker tag service-task:latest $REGISTRY/$DOCKERHUB_NAMESPACE/service-task:SNAPSHOT-$BUILD_NUMBER '
sh 'docker tag service-user:latest $REGISTRY/$DOCKERHUB_NAMESPACE/service-user:SNAPSHOT-$BUILD_NUMBER '
sh 'echo "$HARBOR_PASSWD_VAR" | docker login $REGISTRY -u "$HARBOR_NAME_VAR" --password-stdin'
sh 'docker push $REGISTRY/$DOCKERHUB_NAMESPACE/service-statistics:SNAPSHOT-$BUILD_NUMBER '
sh 'docker push $REGISTRY/$DOCKERHUB_NAMESPACE/service-task:SNAPSHOT-$BUILD_NUMBER '
sh 'docker push $REGISTRY/$DOCKERHUB_NAMESPACE/service-user:SNAPSHOT-$BUILD_NUMBER '
}
}
}
}
}
}
stage('k8s部署') {
agent none
steps {
container('maven') {
withCredentials([
kubeconfigFile(
credentialsId: env.KUBECONFIG_CREDENTIAL_ID,
variable: 'KUBECONFIG')
]) {
sh 'envsubst < rw.yaml | kubectl apply -f -'
sh 'kubectl -n his rollout restart deployment nginx-deployment1'
mail(to: '[email protected]', subject: '部署成功', body: '部署成功')
}
}
}
}
}
environment {
DOCKER_CREDENTIAL_ID = 'dockerhub-id'
GITHUB_CREDENTIAL_ID = 'github-id'
KUBECONFIG_CREDENTIAL_ID = 'demo-kubeconfig'
REGISTRY = '192.168.2.220:30012'
DOCKERHUB_NAMESPACE = 'yygh-parent'
ALIYUNHUB_NAMESPACE = 'yygh-parent'
GITHUB_ACCOUNT = 'kubesphere'
APP_NAME = 'devops-java-sample'
}
parameters {
string(name: 'TAG_NAME', defaultValue: '', description: '')
}
}
参考网站:
【云原生Java架构师的第一课K8s+Docker+KubeSphere+DevOps】https://www.bilibili.com/video/BV13Q4y1C7hS?p=85&vd_source=2d34fd2352ae451c4f6d4cb20707e169