k8s集群版本v1.28.2安装

节点info：

192.168.77.103 node3
192.168.77.104 node4
192.168.77.105 node5

所有节点执行：

1、安装docker
cd /etc/yum.repos.d/ && wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install docker-ce -y
systemctl start docker
systemctl status docker
systemctl enable docker

2、安装cri-dockerd
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.1/cri-dockerd-0.3.1-3.el7.x86_64.rpm
yum install -y cri-dockerd-0.3.1-3.el7.x86_64.rpm
sed -i 's,^ExecStart.*,& --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9,' /usr/lib/systemd/system/cri-docker.service
systemctl daemon-reload
systemctl start cri-docker
systemctl status cri-docker
systemctl enable cri-docker

# 修改hostname
hostnamectl set-hostname name

# 关闭防火墙
sudo systemctl stop firewalld.service
sudo systemctl disable firewalld.service

# 阿里 yum 源
sudo mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
sudo curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
sudo sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
yum makecache

# 将 SELinux 设置为 permissive 模式（相当于将其禁用）
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

# 关闭 swap，swap 为 0
sudo sed -ri 's/.*swap.*/#&/' /etc/fstab
sudo swapoff -a

# 允许 iptables 检查桥接流量
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system

# 添加 kubernetes 阿里云 yum 源，安装 kubeadm，kubelet 和 kubectl
cat << EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF

# 安装kubelet 
sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes 
systemctl enable kubelet.service 

# 下载calico镜像 
wget https://github.com/projectcalico/calico/releases/download/v3.25.0/release-v3.25.0.tgz 
tar xf release-v3.25.0.tgz cd release-v3.25.0/images/ 
docker load -i calico-cni.tar 
docker load -i calico-node.tar 
docker load -i calico-kube-controllers.tar

master节点：

master节点：
kubeadm init --apiserver-advertise-address=192.168.77.103 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.96.0.0/16 --pod-network-cidr=192.168.0.0/16 --cri-socket unix:///var/run/cri-dockerd.sock

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubectl get nodes

node4节点：

kubeadm join 192.168.77.103:6443 --token a25tx6.cfpz8m709z5ztw5p         --discovery-token-ca-cert-hash sha256:7482632cbc163faecf9d2c2519f16579bc2e13e13ae63ea4a6995b54609dcd93 --cri-socket unix:///var/run/cri-dockerd.sock

node5节点：

kubeadm join 192.168.77.103:6443 --token a25tx6.cfpz8m709z5ztw5p         --discovery-token-ca-cert-hash sha256:7482632cbc163faecf9d2c2519f16579bc2e13e13ae63ea4a6995b54609dcd93 --cri-socket unix:///var/run/cri-dockerd.sock

master节点：

# 安装calico：
wget https://docs.projectcalico.org/manifests/calico.yaml

# 新增IP_AUTODETECTION_METHOD，interface配置为本地实际接口
- name: CLUSTER_TYPE
  value: "k8s,bgp"
- name: IP_AUTODETECTION_METHOD 
  value: "interface=ens33"
# no effect. This should fall within `--cluster-cidr`.
- name: CALICO_IPV4POOL_CIDR
  value: "192.168.0.0/16" # 修改部分，同下方kubeadm init启动的pod-network-cidr配置一致
# Enable IPIP
- name: CALICO_IPV4POOL_IPIP
  value: "Never" #默认配置为Always走IPIP模式，更改为Never时走bgp模式性能高

kubectl apply -f calico.yaml

排障：

若node节点出现加入不进去集群，可以
kubeadm  reset --cri-socket=unix:///var/run/cri-dockerd.sock

安装ingress：https://kubernetes.github.io/ingress-nginx/deploy/

wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/aws/deploy.yaml

需要修改里面的镜像地址：

[root@node3 ~]# grep "image" deploy.yaml
        image: registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.6.3@sha256:b92667e0afde1103b736e6a3f00dd75ae66eec4e71827d19f19f471699e909d2
        imagePullPolicy: IfNotPresent
        image: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f
        imagePullPolicy: IfNotPresent
        image: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f
        imagePullPolicy: IfNotPresent

# 测试
[root@node3 ~]# kubectl create deployment nginx --image=registry.cn-hangzhou.aliyuncs.com/jsonhc/nginx:1.15
deployment.apps/nginx created
[root@node3 ~]# kubectl expose deployment nginx --port=80 --type=NodePort
service/nginx exposed

 

Jenkins+k8s+gitee实现CICD

def patchMethod(params) {
    def patchJson = [
        [
            op: 'replace',
            path: '/spec/template/spec/containers/0/image',
            value: params.image
        ]
        
    ]
    //使用httpRequest需要安装HTTP Request插件
    httpRequest(
        url: 'https://192.168.77.103:6443/apis/apps/v1/namespaces/testns/deployments/nginx',
        httpMode: 'PATCH',
        ignoreSslErrors: true,
        customHeaders: [
            [
                name: 'Authorization',
                value: 'Bearer ' + params.Token
            ],
            [
                name: 'Content-Type',
                value: 'application/json-patch+json'
            ]
        ],
        //使用writeJSON需要安装Pipeline Utility Steps插件
        requestBody: writeJSON(returnText: true, json: patchJson)
        //requestBody: patchJson
    )
}

pipeline {
    agent any
    stages {
        stage('git checkout') {
            steps {
                script {
                    git(
                        branch: 'master',
                        url: 'git@gitee.com:ke-haoheng/test-web.git',
                        credentialsId: 'Jenkins-ssh-gitee'
                   )
                }
            }   
        }
        stage('build') {
            steps {
                script {
                    // withDockerRegistry需要安装Docker Pipeline插件
                    withDockerRegistry(credentialsId: 'dockerpassword', url: 'https://registry.cn-shanghai.aliyuncs.com') {
                        sh "docker build -t registry.cn-hangzhou.aliyuncs.com/jsonhc/web:${env.BUILD_NUMBER} ."
                        sh "docker push registry.cn-hangzhou.aliyuncs.com/jsonhc/web:${env.BUILD_NUMBER}"
                    }    
                }
            } 
        }
        stage('deploy to k8s') {
            steps {
                script {
                    withCredentials([string(credentialsId: 'k8s-1.28-token', variable: 'TOKEN')]) {
                        def reault = [
                            Token: TOKEN,
                            image: "registry.cn-hangzhou.aliyuncs.com/jsonhc/web:${env.BUILD_NUMBER}"
                        ]
                        echo "${reault.Token}"
                        patchMethod(reault)
                    }
                }
            }
        }
    }
}