1)gitlab 相关配置及配图说明
docker run -d \
-p 8443:443 \
-p 8084:80 \
--name gitlab \
--restart=always \
-v /home/gitlab/config:/etc/gitlab \
-v /home/gitlab/logs:/var/log/gitlab \
-v /home/gitlab/data:/var/opt/gitlab \
gitlab/gitlab-ce
2).harbor 相关配置及配图说明
自定义证书生成:
参照:
https://www.cnblogs.com/MJyc/p/14084882.html
https://blog.csdn.net/networken/article/details/107502461
https://vip.kingdee.com/article/479971760453042176?productLineId=1
https://blog.csdn.net/JENREY/article/details/123360248
https://www.cnblogs.com/scfssq/p/17356503.html
3)k3s 相关配置及配图说明
这个错误是由于 Kubernetes 节点无法验证 Harbor 使用的自签名证书的颁发机构导致的。要解决这个问题,你可以采取以下步骤:
1. 在 Kubernetes 节点上将 Harbor 的自签名证书添加到信任的根证书颁发机构列表中。你可以将证书复制到节点上,并使用以下命令将其添加到系统证书存储中:
```
scp /usr/local/harbor/reg.frame4j.local.crt root@192.168.9.100:/usr/local/share/ca-certificates/
# update-ca-certificates
sudo update-ca-trust
```
2. 在 Kubernetes 中创建一个 Secret 对象,用于存储 Harbor 的自签名证书。你可以使用以下命令创建 Secret 对象:
```
kubectl create secret generic harborkey --from-file=/usr/local/share/ca-certificates/reg.frame4j.local.crt
```
3. 在 Kubernetes Pod 的配置文件中,将上一步创建的 Secret 挂载到容器中。你可以在 Pod 的 `spec` 部分添加以下内容:
```
spec:
containers:
- name: papi-container
volumeMounts:
- name: harbor-certs
mountPath: /etc/harbor-certs
readOnly: true
imagePullPolicy: Always
# image: registry.cn-hangzhou.aliyuncs.com/nslxh/papi:latest
image: reg.frame4j.local/nslxh/papi:latest
ports:
- name: papi-port
containerPort: 80 #必须和dockerfile中暴露端口一致
imagePullSecrets:
- name: harborusrpwd
volumes:
- name: harbor-certs
secret:
secretName: harborkey
```
4. 在容器中配置 Docker,以信任 Harbor 的自签名证书。你可以在容器中运行以下命令:
```
mkdir -p /etc/docker/certs.d/reg.frame4j.local
scp /usr/local/harbor/reg.frame4j.local.crt /etc/docker/certs.d/reg.frame4j.local/reg.frame4j.local.crt
```
5.生成k3s/k8s登录harbor的secret,并在deployment.yml中引用
kubectl create secret docker-registry harborkey --docker-server=reg.frame4j.local --docker-username=admin --docker-password=Dz666666 --docker-email=haikuang@126.com
6. 重新启动 K3s,使更改生效。你可以使用以下命令删除并重新部署:
```
systemctl restart k3s
kubectl delete -f deployment.yml
kubectl apply-f deployment.yml
```
apiVersion: apps/v1
kind: Deployment
metadata:
name: hsapi
labels:
app: hsapi
spec:
# 配置rs
replicas: 3
selector:
matchLabels:
app: hsapi
## 配置是POD模板
template:
metadata:
labels:
app: hsapi
env: hsapi-test
spec:
containers:
- name: hsapi-container
volumeMounts:
- name: harbor-certs
mountPath: /etc/harbor-certs #harbor自定义证书在k8s中的挂载
readOnly: true
imagePullPolicy: Always
# image: registry.cn-hangzhou.aliyuncs.com/nslxh/hsapi:latest
image: reg.frame4j.local/nslxh/hsapi:latest
ports:
- name: hsapi-port
containerPort: 80 #必须和dockerfile中暴露端口一致
imagePullSecrets:
- name: harborusrpwd #harbor登录在k8s中的生成的secret: kubectl create secret docker-registry harborkey --docker-server=reg.frame4j.local --docker-username=admin --docker-password=Dz666666 --docker-email=haikuang@126.com
volumes:
- name: harbor-certs
secret:
secretName: harborkey #harbor自定义证书在k8s中的挂载: kubectl create secret generic harborkey --from-file=/usr/local/share/ca-certificates/reg.frame4j.local.crt ,其中reg.frame4j.local.crt 为harbor生成的自定义证书
---
apiVersion: v1
kind: Service
metadata:
name: hsapi
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
nodePort: 30304
selector:
app: hsapi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hsapi-ingress
spec:
rules:
- host: k8s.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: hsapi
port:
number: 80
这样,Kubernetes 节点将能够验证 Harbor 使用的自签名证书,并成功拉取映像。"
4)jenkins 相关配置及配图说明
5).net6项目 相关配置及配图说明
Dockerfile:
FROM mcr.microsoft.com/dotnet/aspnet:6.0 AS base
WORKDIR /app
EXPOSE 80
FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build
WORKDIR /src
COPY ["PApi.CICD.Demo.csproj", "."]
RUN dotnet restore "./PApi.CICD.Demo.csproj"
COPY . .
WORKDIR "/src/."
RUN dotnet build "PApi.CICD.Demo.csproj" -c Release -o /app/build
FROM build AS publish
RUN dotnet publish "PApi.CICD.Demo.csproj" -c Release -o /app/publish /p:UseAppHost=false
FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
RUN echo 'Asia/Shanghai' >/etc/timezone
ENTRYPOINT ["dotnet", "PApi.CICD.Demo.dll"]
deployment.yml:
apiVersion: apps/v1
kind: Deployment
metadata:
name: papi
labels:
app: papi
spec:
# 配置rs
replicas: 2
selector:
matchLabels:
app: papi
## 配置是POD模板
template:
metadata:
labels:
app: papi
env: papi-test
spec:
containers:
- name: papi-container
volumeMounts:
- name: harbor-certs
mountPath: /etc/harbor-certs
readOnly: true
imagePullPolicy: Always
# image: registry.cn-hangzhou.aliyuncs.com/nslxh/papi:latest
image: reg.frame4j.local/nslxh/papi:latest
ports:
- name: papi-port
containerPort: 80 #必须和dockerfile中暴露端口一致
imagePullSecrets:
- name: harborusrpwd
volumes:
- name: harbor-certs
secret:
secretName: harborkey
---
apiVersion: v1
kind: Service
metadata:
name: papi
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
nodePort: 30303
selector:
app: papi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: papi-ingress
spec:
rules:
- host: k8s.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: papi
port:
number: 80
Jenkinsfile:
pipeline {
agent any
stages {
stage('Pull gitlab') {
steps {
git branch: 'main', credentialsId: 'gitlab-userpwd', url: 'http://192.168.9.100:8084/root/cicd.git'
}
}
stage('Build and Push Image to reg.frame4j.local') {
steps {
sh '''
REPOSITORY=reg.frame4j.local/nslxh/papi:latest
cd ./PApi.CICD.Demo
docker build -t $REPOSITORY .
docker login -uadmin -pDz666666 reg.frame4j.local
docker push $REPOSITORY
echo ---------------Clear-Images...------------------
clearImagesList=$(docker images -f "dangling=true" -q)
if [ ! -n "$clearImagesList" ]; then
echo "no images need clean up."
else
docker rmi $(docker images -f "dangling=true" -q)
echo "clear success."
fi
echo ---------------Delete-Images...------------------
docker rmi $REPOSITORY
docker image prune -f
'''
}
}
stage('Deploy to K8s') {
steps {
sh '''
cd ./PApi.CICD.Demo
scp ./deployment.yml root@192.168.9.100:/root/
ssh root@192.168.9.100 'kubectl apply -f /root/deployment.yml'
ssh root@192.168.9.100 'kubectl rollout restart deployment papi'
'''
}
}
}
}
赞 2
打赏推荐阅读