从零开始的云计算生活第六十天,志在千里,使用Jenkins部署K8S
目录
从零开始的云计算生活——第六十天,志在千里,使用Jenkins部署K8S
一.安装kubectl
1、配置yum源
cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.28/rpm/
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.28/rpm/repodata/repomd.xml.key
EOF
2、安装kubectl
yum install -y kubectl
二.关联k8s
1.设置配置文件
此时由于没有关联,使用命令会报错
去k8s主机将.kube内容拷贝过来
回来发现命令已经可以使用了
再将.kube文件考到Jenkins账户里
使用Jenkins账户登录并使用
2.下载k8s插件并重启
3.选择cloud
4.查看k8s地址
5.查看证书文件,并解密
6.复制证书
7.填写命名空间
8.终端生成Secret
创建jenkins账户
kubectl create sa jenkins
创建role角色
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: default
name: pod-reader-role
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch","create","update","delete"]
[root@k8s-master ~]# kubectl apply -f role.txt
##若要给于jenkins用户对default命名空间下所有资源具有所有权限,可以修改为 ["*"]添加bindroling绑定
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: default
name: pod-reader-role-binding
subjects:
- kind: ServiceAccount
name: jenkins
namespace: default
roleRef:
kind: Role
name: pod-reader-role
apiGroup: rbac.authorization.k8s.io生成token
kubectl -n default create token jenkins
最后将token填写道“凭据”中
9.填写凭证(1个小时有效)
下面把Jenkins地址填上,再点击保存按钮就完成了
三.创建项目
选择pipeline
pipeline {
agent any
stages {
stage('Checkout Code') {
steps {
// 使用 SSH 方式拉取 Git 代码
git branch: 'master', // 替换为你的分支名称
url: 'git@192.168.71.131:/home/git/k8s' // 替换为你的 Git 仓库地址
}
}
stage('Deploy LNMP') {
steps {
script {
// 部署 LNMP 平台
sh 'kubectl apply -f /var/lib/jenkins/workspace/k8s-lnmp/nginx.yml'
}
}
}
}
}建立git库
创建yml文件
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql
spec:
replicas: 1
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql:5.7
env:
- name: MYSQL_ROOT_PASSWORD
value: "123.com"
ports:
- containerPort: 3306
---
apiVersion: v1
kind: Service
metadata:
name: mysql
spec:
selector:
app: mysql
ports:
- protocol: TCP
port: 3306
targetPort: 3306
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: php
spec:
replicas: 1
selector:
matchLabels:
app: php
template:
metadata:
labels:
app: php
spec:
containers:
- name: php
image: php:7.4-fpm
ports:
- containerPort: 9000更新仓库
git add .
设置忽略信息
开始构建
构建成功
