6--jenkins拉完流水线后连接k8s,部署项目

JenKins使用Kubernetes

最近我们构建和部署服务的方式与原来相比简直就是突飞猛进,像那种笨拙的、单一的、用于构建单体式应用程序的方式已经是过去式了。现在的应用为了提供更好的拓展性和可维护性,都会去拆解成各种相互依赖小、解耦性强的微服务,这些服务有各自的依赖和进度。这跟我们的Kubernetes不谋而合。

JenKins链接K8S

使用Jenkins链接K8S需要创建一些秘钥。

第1步:将证书私钥填写至Jenkins

cat /etc/kubernetes/pki/ca.crt

第2步:创建admin-csr.json

cat > admin-csr.json << EOF
{
    "CN":"admin",
    "key":{
        "algo":"rsa",
        "size":2048
    },
    "names":[
        {
            "C":"CN",
            "L":"BeiJing",
            "ST":"BeiJing",
            "O":"system:masters",
            "OU":"System"
        }
    ]
}
EOF

第3步:创建证书和私钥

#先下载cfssl
[root@k8s-m-01 ~]# wget https://github.com/cloudflare/cfssl/releases/download/v1.6.0/cfssl_1.6.0_linux_amd64
[root@k8s-m-01 ~]# wget https://github.com/cloudflare/cfssl/releases/download/v1.6.0/cfssljson_1.6.0_linux_amd64

[root@k8s-m-01 ~]# chmod +x cfssl_1.6.0_linux_amd64 
[root@k8s-m-01 ~]# chmod +x cfssljson_1.6.0_linux_amd64 

[root@k8s-m-01 ~]# mv cfssl_1.6.0_linux_amd64 /usr/local/bin/cfssl
[root@k8s-m-01 ~]# mv cfssljson_1.6.0_linux_amd64 /usr/local/bin/cfssljson
cfssl gencert -ca=/etc/kubernetes/pki/ca.crt -ca-key=/etc/kubernetes/pki/ca.key --profile=kubernetes admin-csr.json | cfssljson -bare admin

第4步:配置证书

openssl pkcs12 -export -out ./jenkins-admin.pfx -inkey ./admin-key.pem -in ./admin.pem -passout pass:123456
[root@k8s-m-01 ~]# ll
total 75764
-rw-r--r--  1 root root     1009 Aug 23 15:58 admin.csr
-rw-r--r--  1 root root      260 Aug 23 15:46 admin-csr.json
-rw-------  1 root root     1675 Aug 23 15:58 admin-key.pem
-rw-r--r--  1 root root     1294 Aug 23 15:58 admin.pem
-rw-r--r--  1 root root     2517 Aug 23 15:59 jenkins-admin.pfx

[root@k8s-m-01 ~]#  sz jenkins-admin.pfx    #传到桌面

保存!还可以用这种方法配置多个集群

创建流水线项目

[root@k8s-m-01 ~]# vim java.yaml 
kind: Namespace
apiVersion: v1
metadata:
  name: java
---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: java
  namespace: java
  labels:
    app: java
spec:
  selector:
    matchLabels:
      app: java
  template:
    metadata:
      labels:
        app: java
    spec:
      imagePullSecrets:
        - name: aliyun-registry-key
      containers:
        - name: java
          image: tomcat
          imagePullPolicy: IfNotPresent
---
kind: Service
apiVersion: v1
metadata:
  name: java-svc
  namespace: java
spec:
  ports:
    - port: 8080
      targetPort: 8080
      name: java
  selector:
    app: java
---
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
  name: java-svc-ingress
  namespace: java
spec:
  rules:
    - host: "java.test.com"
      http:
        paths:
          - path: "/"
            pathType: Prefix
            backend:
              service:
                name: java-svc
                port:
                  number: 8080
                  
[root@k8s-m-01 ~]# kubectl apply -f java.yaml 
namespace/java created
deployment.apps/java created
service/java-svc created
ingress.networking.k8s.io/java-svc-ingress created

[root@k8s-m-01 ~]# cd .kube
[root@k8s-m-01 .kube]# kubectl create secret generic kubeconfig --from-file=config
secret/kubeconfig created

[root@jenkins ~]# kubectl create secret generic aliyun-registry-key
secret/aliyun-registry-key created

[root@jenkins ~]# cd /var/lib/jenkins/
[root@jenkins jenkins]# vim config.xml 
...
<slaveAgentPort>-1</slaveAgentPort>      #端口会冲突,-1改成8081或者别的
...
[root@jenkins jenkins]# systemctl restart jenkins


#解析域名
192.168.15.11 java.test.com

**构建后,会和k8s进行连接。拉取镜像,创建pod **

posted @ 2021-08-25 08:53  小绵  阅读(265)  评论(0编辑  收藏  举报