k8s-day06
[TOC]
1. 实战交付Dubbo服务
Dubbo是阿里巴巴集团SOA服务化治理方案的核心框架
每天为2000+个服务 并提供30亿+次访问支持
Dubbo是一个分布式服务框架
提供高性能和透明化的RPC远程服务调用方案及SOA服务化治理方案
Dubbo能做什么
Dubbo的常用组件
Provider 暴露服务的服务提供者
Consumer 调用远程服务的服务消费者
Registry 服务的注册与发现的注册中心
Monitor 统计服务的调用次数和调用时间的监控中心
Container 服务运行的容器
zookeeper是Dubbo服务集群的注册中心
他的高可用机制跟etcd集群是一致
java需要java环境
集群规划
三台zookeeper
11 12 21
jenkins 22
200 docker仓库 k8s-yaml
2. 安装部署Zookeeper
#准备jdk环境
[root@gcc-11 ~]$ mkdir /usr/java && tar xf jdk-8u221-linux-x64.tar.gz -C /usr/java && ln -s /usr/java/jdk1.8.0_221/ /usr/java/jdk
[root@gcc-11 /opt/src]$ echo -e "export JAVA_HOME=/usr/java/jdk\nexport PATH=$JAVA_HOME/bin:$JAVA_HOME/bin:$PATH\nexport CLASSPATH=$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/lib/tools.jar" >> /etc/profile
[root@gcc-11 ~]$ source /etc/profile
[root@gcc-11 ~]$ tar xf zookeeper-3.4.14.tar.gz -C /opt/ && ln -s /opt/zookeeper-3.4.14/ /opt/zookeeper && mkdir -p /data/zookeeper/{data,logs}
[root@gcc-11 /opt/zookeeper/conf]$ cd /opt/zookeeper/conf && vi zoo.cfg
tickTime=2000
initLimit=10
syncLimit=5
dataDir=/data/zookeeper/data
dataLogDir=/data/zookeeper/logs
clientPort=2181
server.1=zk1.od.com:2888:3888
server.2=zk2.od.com:2888:3888
server.3=zk3.od.com:2888:3888
#dns解析
[root@gcc-11 ~]$ vi /var/named/od.com.zone
$ORIGIN od.com.
$TTL 600 ; 10 minutes
@ IN SOA dns.od.com. dnsadmin.od.com. (
2019060406 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS dns.od.com.
$TTL 60 ; 1 minute
dns A 10.0.0.11
harbor A 10.0.0.200
k8s-yaml A 10.0.0.200
traefik A 10.0.0.10
dashboard A 10.0.0.10
zk1 A 10.0.0.11
zk2 A 10.0.0.12
zk3 A 10.0.0.21
[root@gcc-11 ~]$ systemctl restart named
[root@gcc-11 ~]$ dig -t A zk1.od.com @10.0.0.11 +short
10.0.0.11
#配置部署myid
[root@gcc-11 ~]$ echo '1' >/data/zookeeper/data/myid
[root@gcc-12 ~]$ echo '2' >/data/zookeeper/data/myid
[root@gcc-21 ~]$ echo '3' >/data/zookeeper/data/myid
#启动
[root@gcc-11 ~]$ /opt/zookeeper/bin/zkServer.sh start
ZooKeeper JMX enabled by default
Using config: /opt/zookeeper/bin/../conf/zoo.cfg
Starting zookeeper ... STARTED
[root@gcc-11 ~]$ netstat -lntp | grep 2181
tcp6 0 0 :::2181 :::* LISTEN 145413/java
[root@gcc-11 ~]$
[root@gcc-11 /opt/zookeeper/conf]$ /opt/zookeeper/bin/zkServer.sh status
ZooKeeper JMX enabled by default
Using config: /opt/zookeeper/bin/../conf/zoo.cfg
Mode: follower
[root@gcc-12 ~]$ /opt/zookeeper/bin/zkServer.sh status
ZooKeeper JMX enabled by default
Using config: /opt/zookeeper/bin/../conf/zoo.cfg
Mode: leader
[root@gcc-21 ~]$ /opt/zookeeper/bin/zkServer.sh status
ZooKeeper JMX enabled by default
Using config: /opt/zookeeper/bin/../conf/zoo.cfg
Mode: follower
3. 制作Jenkins镜像
制作Jenkins镜像
配置存储共享NFS
交付Jenkins到K8S集群
配置CI流水线
#下载基础镜像
[root@gcc-200 ~]$ docker pull jenkins/jenkins:2.190.3
[root@gcc-200 ~]$ docker images | grep jenkins
jenkins/jenkins 2.190.3 22b8b9a84dbe 6 months ago 568MB
[root@gcc-200 ~]$ docker tag 22b8b9a84dbe harbor.od.com/public/jenkins:v2.190.3
[root@gcc-200 ~]$ docker push harbor.od.com/public/jenkins:v2.190.3
#制作jenkins镜像
#生成秘钥对
[root@gcc-200 ~]$ ssh-keygen -t rsa -b 2048 -C 'xxxxx@qq.com' -N "" -f /root/.ssh/id_rsa
#编写Dockerfile
[root@gcc-200 ~]$ mkdir /data/dockerfile/jenkins -p && cd /data/dockerfile/jenkins
[root@gcc-200 /data/dockerfile/jenkins]$ vim Dockerfile
FROM harbor.od.com/public/jenkins:v2.190.3
USER root
RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
echo 'Asia/Shanghai' >/etc/timezone
ADD id_rsa /root/.ssh/id_rsa
ADD config.json /root/.docker/config.json
ADD get-docker.sh /get-docker.sh
RUN echo " StrictHostKeyChecking no" >> /etc/ssh/sshd_config && \
/get-docker.sh --mirror Aliyun
#准备相关文件
[root@gcc-200 /data/dockerfile/jenkins]$ cp /root/.ssh/id_rsa ./
[root@gcc-200 /data/dockerfile/jenkins]$ cp /root/.docker/config.json ./
[root@gcc-200 /data/dockerfile/jenkins]$ curl -fssL get.docker.com -o get-docker.sh
[root@gcc-200 /data/dockerfile/jenkins]$ ll
total 28
-rw-r--r-- 1 root root 368 Jun 11 16:27 Dockerfile
-rw------- 1 root root 144 Jun 11 16:30 config.json
-rw-r--r-- 1 root root 13857 Jun 11 16:30 get-docker.sh
-rw------- 1 root root 1675 Jun 11 16:29 id_rsa
[root@gcc-200 /data/dockerfile/jenkins]$ chmod +x get-docker.sh
[root@gcc-200 /data/dockerfile/jenkins]$ docker build . -t harbor.od.com/infra/jenkins:v2.190.3
[root@gcc-200 /data/dockerfile/jenkins]$ docker images | grep jenkins
harbor.od.com/infra/jenkins v2.190.3 04b5787bc325 59 seconds ago 972MB
harbor.od.com/public/jenkins v2.190.3 22b8b9a84dbe 6 months ago 568MB
jenkins/jenkins 2.190.3 22b8b9a84dbe 6 months ago 568MB
[root@gcc-200 /data/dockerfile/jenkins]$ docker push harbor.od.com/infra/jenkins:v2.190.3
#创建一个名称空间
infra
[root@gcc-21 ~]$ kubectl create ns infra
namespace/infra created
[root@gcc-21 ~]$ kubectl get ns
NAME STATUS AGE
default Active 6d4h
infra Active 7s
kube-node-lease Active 6d4h
kube-public Active 6d4h
kube-system Active 6d4h
#创建secret资源
[root@gcc-21 ~]$ kubectl create secret docker-registry harbor --docker-server=harbor.od.com --docker-username=admin --docker-password=12345 -n infra
secret/harbor created
4. 部署Jenkins
#准备共享存储 200
[root@gcc-200 ~]$ yum install -y nfs-utils
[root@gcc-200 ~]$ vi /etc/exports
/data/nfs-volume 10.0.0.0/24(rw,no_root_squash)
[root@gcc-200 ~]$ mkdir /data/nfs-volume
[root@gcc-200 ~]$ systemctl restart rpcbind nfs
#准备资源配置清单
[root@gcc-200 ~]$ cd /data/k8s-yaml/ && mkdir jenkins && cd jenkins
[root@gcc-200 /data/k8s-yaml/jenkins]$ vi svc.yaml
kind: Service
apiVersion: v1
metadata:
name: jenkins
namespace: infra
spec:
ports:
- protocol: TCP
port: 80
targetPort: 8080
selector:
app: jenkins
[root@gcc-200 /data/k8s-yaml/jenkins]$ vi dp.yaml
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: jenkins
namespace: infra
labels:
name: jenkins
spec:
replicas: 1
selector:
matchLabels:
name: jenkins
template:
metadata:
labels:
app: jenkins
name: jenkins
spec:
volumes:
- name: data
nfs:
#注意
server: gcc-200
path: /data/nfs-volume/jenkins_home
- name: docker
hostPath:
path: /run/docker.sock
type: ''
containers:
- name: jenkins
image: harbor.od.com/infra/jenkins:v2.190.3
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
protocol: TCP
env:
- name: JAVA_OPTS
value: -Xmx512m -Xms512m
volumeMounts:
- name: data
mountPath: /var/jenkins_home
- name: docker
mountPath: /run/docker.sock
imagePullSecrets:
- name: harbor
securityContext:
runAsUser: 0
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
revisionHistoryLimit: 7
progressDeadlineSeconds: 600
[root@gcc-200 /data/k8s-yaml/jenkins]$ vi ingress.yaml
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: jenkins
namespace: infra
spec:
rules:
- host: jenkins.od.com
http:
paths:
- path: /
backend:
serviceName: jenkins
servicePort: 80
[root@gcc-200 /data/k8s-yaml/jenkins]$ ll
total 12
-rw-r--r-- 1 root root 1162 Jun 11 17:31 dp.yaml
-rw-r--r-- 1 root root 245 Jun 11 17:31 ingress.yaml
-rw-r--r-- 1 root root 171 Jun 11 17:31 svc.yaml
[root@gcc-200 /data/k8s-yaml/jenkins]$ mkdir -p /data/nfs-volume/jenkins_home
#应用资源配置清单
[root@gcc-22 ~]$ kubectl create -f http://k8s-yaml.od.com/jenkins/dp.yaml
deployment.extensions/jenkins created
[root@gcc-22 ~]$ kubectl create -f http://k8s-yaml.od.com/jenkins/svc.yaml
service/jenkins created
[root@gcc-22 ~]$ kubectl create -f http://k8s-yaml.od.com/jenkins/ingress.yaml
ingress.extensions/jenkins created
#DNS解析
[root@gcc-11 /opt/zookeeper/conf]$ vi /var/named/od.com.zone
$ORIGIN od.com.
$TTL 600 ; 10 minutes
@ IN SOA dns.od.com. dnsadmin.od.com. (
2019060407 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS dns.od.com.
$TTL 60 ; 1 minute
dns A 10.0.0.11
harbor A 10.0.0.200
k8s-yaml A 10.0.0.200
traefik A 10.0.0.10
dashboard A 10.0.0.10
zk1 A 10.0.0.11
zk2 A 10.0.0.12
zk3 A 10.0.0.21
jenkins A 10.0.0.10
[root@gcc-11 /opt/zookeeper/conf]$ systemctl restart named
[root@gcc-11 /opt/zookeeper/conf]$ dig -t A jenkins.od.com @10.0.0.11 +short
10.0.0.10
#浏览器域名访问
jenkins.od.com
[root@gcc-200 /data/k8s-yaml/jenkins]$ cd /data/nfs-volume/jenkins_home/secrets/
[root@gcc-200 /data/nfs-volume/jenkins_home/secrets]$ ll
total 20
drwxr-xr-x 2 root root 29 Jun 11 17:39 filepath-filters.d
-rw-r----- 1 root root 33 Jun 11 17:39 initialAdminPassword
-rw-r--r-- 1 root root 32 Jun 11 17:39 jenkins.model.Jenkins.crumbSalt
-rw-r--r-- 1 root root 256 Jun 11 17:39 master.key
-rw-r--r-- 1 root root 272 Jun 11 17:39 org.jenkinsci.main.modules.instance_identity.InstanceIdentity.KEY
-rw-r--r-- 1 root root 5 Jun 11 17:39 slave-to-master-security-kill-switch
drwxr-xr-x 2 root root 26 Jun 11 17:39 whitelisted-callables.d
[root@gcc-200 /data/nfs-volume/jenkins_home/secrets]$ cat initialAdminPassword
6285fda1d8a6417c9a1560632316e720
[root@gcc-200 ~]$ tar xf jenkins-plugins-blueocean.tar.gz
[root@gcc-200 ~]$ ll
total 724636
-rw-------. 1 root root 1258 Jun 19 2019 anaconda-ks.cfg
-rw-r--r-- 1 root root 580021898 Sep 18 2019 harbor-offline-installer-v1.8.3.tgz
-rw-r--r-- 1 root root 161984525 Jun 11 15:30 jenkins-plugins-blueocean.tar.gz
drwxr-xr-x 86 root root 8192 Dec 1 2019 plugins
[root@gcc-200 ~]$ mv plugins/* /data/nfs-volume/jenkins_home/plugins/
#重新jenkins
[root@gcc-22 ~]$ kubectl get pod -n infra
NAME READY STATUS RESTARTS AGE
jenkins-649f9988d5-wj8sp 1/1 Running 0 15m
[root@gcc-22 ~]$ kubectl delete pod jenkins-649f9988d5-wj8sp -n infra
pod "jenkins-649f9988d5-wj8sp" deleted
[root@gcc-22 ~]$ kubectl get pod -n infra
NAME READY STATUS RESTARTS AGE
jenkins-649f9988d5-tnm7x 1/1 Running 0 21s