基于kubernetes平台微服务的部署（男生最讨厌汽笛的声音，因为预示着离别。）

基于kubernetes平台微服务的部署

 

 

 

 

//脚本更新后结果如下

def git_address = "http://192.168.195.180:82/kgc_group/tensquare_back.git"

def git_auth = "f06c4b06-ac26-4683-ad00-2d3599c827ee"

//构建版本的名称

def tag = "latest"

//Harbor私服地址

def harbor_url = "192.168.195.183:85"

//Harbor的项目名称

def harbor_project_name = "tensquare"

//Harbor的凭证

def harbor_auth = "46c4a44a-65d7-419f-a34b-9dd0a25710c9"

//k8s的凭证

def k8s_auth="da4370d5-3be4-4999-a3dd-f40bf8ec6a65"

//定义k8s-barbor的凭证

def secret_name="registry-auth-secret"

 

 

podTemplate(label: 'jenkins-slave', cloud: 'kubernetes', containers: [

        containerTemplate(

            name: 'jnlp',

            image: "192.168.195.183:85/library/jenkins-slave-maven:latest"

        ),

        containerTemplate(

            name: 'docker',

            image: "docker:stable",

            ttyEnabled: true,

            command: 'cat'

        ),

    ],

    volumes: [

        hostPathVolume(mountPath: '/var/run/docker.sock', hostPath: '/var/run/docker.sock'),

        nfsVolume(mountPath: '/usr/local/apache-maven/repo', serverAddress: '192.168.195.200' , serverPath: '/opt/nfs/maven'),

    ],

)

{

node("jenkins-slave"){

    // 第一步

    stage('pull code'){

        checkout([$class: 'GitSCM', branches: [[name: '*/master']], extensions: [], userRemoteConfigs: [[credentialsId: "${git_auth}", url: "${git_address}"]]])

    }

    // 第二步

    stage('make public sub project'){

        //编译并安装公共工程

        sh "mvn -f tensquare_common clean install"

    }

    // 第三步

    stage('make image'){

        //把选择的项目信息转为数组

        def selectedProjects = "${project_name}".split(',')

 

 

        for(int i=0;i<selectedProjects.size();i++){

            //取出每个项目的名称和端口

            def currentProject = selectedProjects[i];

            //项目名称

            def currentProjectName = currentProject.split('@')[0]

            //项目启动端口

            def currentProjectPort = currentProject.split('@')[1]

 

            //定义镜像名称

            def imageName = "${currentProjectName}:${tag}"

 

            //编译，构建本地镜像

            sh "mvn -f ${currentProjectName} clean package dockerfile:build"

            container('docker') {

 

                //给镜像打标签

                sh "docker tag ${imageName} ${harbor_url}/${harbor_project_name}/${imageName}"

 

                //登录Harbor，并上传镜像

                withCredentials([usernamePassword(credentialsId: "${harbor_auth}", passwordVariable: 'password', usernameVariable: 'username')])

                {

                    //登录

                    sh "docker login -u ${username} -p ${password} ${harbor_url}"

                    //上传镜像

                    sh "docker push ${harbor_url}/${harbor_project_name}/${imageName}"

                }

 

            //删除本地镜像

            sh "docker rmi -f ${imageName}"

            sh "docker rmi -f ${harbor_url}/${harbor_project_name}/${imageName}"

            }

            def deploy_image_name = "${harbor_url}/${harbor_project_name}/${imageName}"

            //部署到K8S

            sh """

                sed -i 's#\$IMAGE_NAME#${deploy_image_name}#' ${currentProjectName}/deploy.yml

                sed -i 's#\$SECRET_NAME#${secret_name}#' ${currentProjectName}/deploy.yml

            """

            kubernetesDeploy configs: "${currentProjectName}/deploy.yml", kubeconfigId: "${k8s_auth}"

        }

    }

}

}

 

 

//deploy.yml内容如下

---

apiVersion: v1

kind: Service

metadata:

  name: eureka

  labels:

    app: eureka

spec:

  type: NodePort

  ports:

    - port: 10086

      name: eureka

      targetPort: 10086

  selector:

    app: eureka

---

apiVersion: apps/v1

kind: StatefulSet

metadata:

  name: eureka

spec:

  serviceName: "eureka"

  replicas: 2

  selector:

    matchLabels:

      app: eureka

  template:

    metadata:

      labels:

        app: eureka

    spec:

      imagePullSecrets:

        - name: $SECRET_NAME

      containers:

        - name: eureka

          image: $IMAGE_NAME

          ports:

          - containerPort: 10086

          env:

          - name: MY_POD_NAME

            valueFrom:

             fieldRef:

              fieldPath: metadata.name

          - name: EUREKA_SERVER

            value: "http://eureka-0.eureka:10086/eureka/,http://eureka- 1.eureka:10086/eureka/"

          - name: EUREKA_INSTANCE_HOSTNAME

            value: ${MY_POD_NAME}.eureka

  podManagementPolicy: "Parallel"

 

 

 

//application.yml配置文件更改如下

server:

  port: ${PORT:10086}

spring:

  application:

    name: eureka

 

eureka:

  server:

    # 续期时间，即扫描失效服务的间隔时间（缺省为60*1000ms）

    eviction-interval-timer-in-ms: 5000

    enable-self-preservation: false

    use-read-only-response-cache: false

  client:

    # eureka client间隔多久去拉取服务注册信息 默认30s

    registry-fetch-interval-seconds: 5

    serviceUrl:

      defaultZone: ${EUREKA_SERVER:http://127.0.0.1:${server.port}/eureka/}

  instance:

    # 心跳间隔时间，即发送一次心跳之后，多久在发起下一次（缺省为30s）

    lease-renewal-interval-in-seconds: 5

    #  在收到一次心跳之后，等待下一次心跳的空档时间，大于心跳间隔即可，即服务续约到期时间（缺省为90s）

    lease-expiration-duration-in-seconds: 10

    instance-id: ${EUREKA_INSTANCE_HOSTNAME:${spring.application.name}}:${server.port}@${random.l ong(1000000,9999999)}

    hostname: ${EUREKA_INSTANCE_HOSTNAME:${spring.application.name}}

 

 

开始构建，报错如下（k8s访问harbor需要密钥权限）

 

 

 

原因：

 

 

解决方法：

//在k8s所有主机上操作

docker login -u tom -p Abcd1234 192.168.153.90:85

 在master节点上创建k8s链接harbor的密钥

kubectl create secret docker-registry registry-auth-secret --docker-server=192.168.153.90:85 --docker-username=tom --docker-password=Abcd1234 -- docker-email=tom@qq.com

 

[root@k8s-master .kube]# kubectl get secrets

NAME                                 TYPE                                  DATA   AGE

default-token-mbmxf                  kubernetes.io/service-account-token   3      3d14h

nfs-client-provisioner-token-dq7x7   kubernetes.io/service-account-token   3      3d2h

registry-auth-secret                 kubernetes.io/dockerconfigjson        1      13s

 

 

构建成功！！！

 

访问两个node节点的30708端口

 

部署服务网关

更改配置文件中的eureka集群地址

 

 

创建配置文件deploy.yml如下（其他项目名字和端口进行修改即可）

---

apiVersion: v1

kind: Service

metadata:

  name: zuul

  labels:

    app: zuul

spec:

  type: NodePort

  ports:

    - port: 10020

      name: zuul

      targetPort: 10020

  selector:

    app: zuul

---

apiVersion: apps/v1

kind: StatefulSet

metadata:

  name: zuul

spec:

  serviceName: "zuul"

  replicas: 2

  selector:

    matchLabels:

      app: zuul

  template:

    metadata:

      labels:

        app: zuul

    spec:

      imagePullSecrets:

        - name: $SECRET_NAME

      containers:

        - name: zuul

          image: $IMAGE_NAME

          ports:

            - containerPort: 10020

  podManagementPolicy: "Parallel"

 

构建过程中报错如下：

 

解决方法：需要手动上传父工程依赖到NFS的Maven共享仓库目录中

 

 

 

 

Zuul部署完成！！！

 

下一步把admin，gathering一起在idea上部署

---

apiVersion: v1

kind: Service

metadata:

name: admin

labels:

app: admin

spec:

type: NodePort

ports:

- port: 9001

name: admin

targetPort: 9001

selector:

app: admin

---

apiVersion: apps/v1

kind: StatefulSet

metadata:

name: admin

spec:

serviceName: "admin"

replicas: 2

selector:

matchLabels:

app: admin

template:

metadata:

labels:

app: admin

spec:

imagePullSecrets:

- name: $SECRET_NAME

containers:

- name: admin

image: $IMAGE_NAME

ports:

- containerPort: 9001

podManagementPolicy: "Parallel"

 

 

---

apiVersion: v1

kind: Service

metadata:

name: gathering

labels:

app: gathering

spec:

type: NodePort

ports:

- port: 9002

name: gathering

targetPort: 9002

selector:

app: gathering

---

apiVersion: apps/v1

kind: StatefulSet

metadata:

name: gathering

spec:

serviceName: "gathering"

replicas: 2

selector:

matchLabels:

app: gathering

template:

metadata:

labels:

app: gathering

spec:

imagePullSecrets:

- name: $SECRET_NAME

containers:

- name: gathering

image: $IMAGE_NAME

ports:

- containerPort: 9002

podManagementPolicy: "Parallel"

 再修改每个服务的mysql url和账户密码最后提交构建

最后用postman进行测试，这里我们的端口用的是由zuul在k8s中yaml文件映射的新端口