[kubernetes] 交付dubbo之jenkins联动docker

docker pull jenkins/jenkins:2.303.1

docker tag 619aabbe0502 harbor.od.com/public/jenkins:2.303.1docker push harbor.od.com/public/jenkins:2.303.1

mkdir -pv /data/dockerfile/jenkinscd /data/dockerfile/jenkins

# 准备sshkeyssh-keygen -t rsa -b 2048 -C "yunweishaonian@yeah.net" -N "" -f /root/.ssh/id_rsa# 将key复制到当前目录下cp -a /root/.ssh/id_rsa .# 获取get-docker.sh，主要是给jenkens安装docker客户端curl -fsSL get.docker.com -o /data/dockerfile/jenkins/get-docker.sh# 复制docker的配置文件cp -a /root/.docker/config.json .# 添加config文件，后卖就可以绵密登录gitee了vi configHost gitee.com    HostName gitee.com    User git    PreferredAuthentications publickey    IdentityFile /root/.ssh/id_rsa# 编辑dockerfilevi /data/dockerfile/jenkins/DockerfileFROM harbor.od.com/public/jenkins:2.303.1USER rootRUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime &&\    echo 'Asia/Shanghai' > /etc/timezoneADD id_rsa /root/.ssh/id_rsaADD config.json /root/.docker/config.jsonADD get-docker.sh /get-docker.shADD config /root/.ssh/configRUN echo "      StrictHostKeyChecking no" >> /etc/ssh/ssh_config &&\        /get-docker.sh

# build成一个新镜像docker build . -t harbor.od.com/infra/jenkins:v2.303.1# 上传至harbordocker push harbor.od.com/infra/jenkins:v2.303.1

# 返回成功即可docker -run --rm harbor.od.com/infra/jenkins:v2.303.1 ssh -T git@gitee.com

# 创建namespacekubectl create namespace infra# 创建secret,这里的密码为harbor的密码kubectl create secret docker-registry harbor --docker-server=harbor.od.com --docker-username=admin --docker-password=xxxxx -n infra

yum install nfs-utils -y

mkdir -p /data/nfs-volume/jenkins_home

vi /etc/exports/data/nfs-volume 192.168.122.0/24(rw,no_root_squash)

systemctl enable nfssystemctl start nfs

[root@host200 ~]# showmount -eExport list for host200.yunwei.com:/data/nfs-volume 192.168.122.0/24  # node地址段

mkdir /data/k8s-yaml/jenkins/

kind: DeploymentapiVersion: extensions/v1beta1metadata:  name: jenkins     namespace: infra  labels:     name: jenkinsspec:  replicas: 1  selector:    matchLabels:       name: jenkins  template:    metadata:      labels:         app: jenkins         name: jenkins    spec:      volumes:      - name: data # 创建一个卷        nfs:  # 卷类型是nfs          server: host200 # nfs服务器地址          path: /data/nfs-volume/jenkins_home      - name: docker # 创建一个卷        hostPath:  # 类型是hostpath，即本节点路径          path: /run/docker.sock  # 将物理节点的docker.sock挂在到jenkins里，这样jenkins就可以通过socket和物理节点的docker通信了           type: ''      containers:      - name: jenkins        image: harbor.od.com/infra/jenkins:v2.303.1        imagePullPolicy: IfNotPresent # 镜像拉去策略 awlays 不管本地有没有，都从远程拉，never只从本地拉，IfNotPresent 优先本地，本地没有去远程拉        ports:        - containerPort: 8080           protocol: TCP        env:        - name: JAVA_OPTS          value: -Xmx512m -Xms512m        volumeMounts:        - name: data          mountPath: /var/jenkins_home # 将host200:/data/nfs-volume/jenkins_home挂在到容器里的/var/jenkins_home        - name: docker          mountPath: /run/docker.sock # 将物理主机的/run/docker.sock挂在到容器的/run/docker.sock      imagePullSecrets:      - name: harbor # 镜像仓库 之前用kubectl create secret docker-registry harbor --docker-server=harbor.od.com --docker-username=admin --docker-password=xxxxx -n infra 定义了      securityContext:         runAsUser: 0  strategy:    type: RollingUpdate # 滚动升级    rollingUpdate:       maxUnavailable: 1      maxSurge: 1  revisionHistoryLimit: 7 # 保留7份滚动版本 ，以便回退  progressDeadlineSeconds: 600 # 启动超时时间

kind: ServiceapiVersion: v1metadata:   name: jenkins  namespace: infraspec:  ports:  - protocol: TCP    port: 80 # cluterip的80端口转换到容器的8080    targetPort: 8080  selector:    app: jenkins

kind: IngressapiVersion: extensions/v1beta1metadata:   name: jenkins  namespace: infraspec:  rules:  - host: jenkins.od.com    http:      paths:      - path: /        backend:           serviceName: jenkins          servicePort: 80

kubectl create -f http://k8s-yaml.od.com/jenkins/dp.yamlkubectl create -f http://k8s-yaml.od.com/jenkins/svc.yamlkubectl create -f http://k8s-yaml.od.com/jenkins/ingress.yaml

[root@host21 ~]# kubectl get all -n infraNAME                           READY   STATUS    RESTARTS   AGEpod/jenkins-7df8bf4ff9-qj85m   1/1     Running   0          10hNAME              TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGEservice/jenkins   ClusterIP   10.254.129.207   <none>        80/TCP    13hNAME                      READY   UP-TO-DATE   AVAILABLE   AGEdeployment.apps/jenkins   1/1     1            1           10hNAME                                 DESIRED   CURRENT   READY   AGEreplicaset.apps/jenkins-7df8bf4ff9   1         1         1       10h

[root@host21 ~]# kubectl exec -it pod/jenkins-7df8bf4ff9-qj85m -n infra /bin/bashroot@jenkins-7df8bf4ff9-qj85m:/# whoamiroot

root@jenkins-7df8bf4ff9-qj85m:/# ssh -i /root/.ssh/id_rsa -T git@gitee.comHi yunweishaonian! You've successfully authenticated, but GITEE.COM does not provide shell access.

root@jenkins-7df8bf4ff9-qj85m:/# docker image lsREPOSITORY                                  TAG                  IMAGE ID       CREATED             SIZEharbor.od.com/app/dubbo-demo-service        master_211002_2213   a8f3cec136fc   About an hour ago   377MB

# 添加解析vi /var/named/od.com.zonejenkins  A 192.168.122.10# 重启dnssystemctl restart named