开场
11、12、21 上 部署zookeeper集群
# 依赖jdk 环境,1.8版本
[root@hdss7-11 src]# mkdir /usr/java
[root@hdss7-11 src]# tar xf jdk-8u221-linux-x64.tar.gz -C /usr/java
[root@hdss7-11 src]# ln -s /usr/java/jdk1.8.0_221/ /usr/java/jdk
vi /etc/profile
export JAVA_HOME=/usr/java/jdk
export PATH=$JAVA_HOME/bin:$JAVA_HOME/bin:$PATH
export CLASSPATH=$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/lib/tools.jar
## 官方连接:https://archive.apache.org/dist/zookeeper/, 用3.4.14
tar xf /opt/src/zookeeper-3.4.14.tar.gz -C /opt/
ln -s /opt/zookeeper-3.4.14/ /opt/zookeeper
mkdir -pv /data/zookeeper/data /data/zookeeper/logs
opt]# vi /opt/zookeeper/conf/zoo.cfg
itickTime=2000
initLimit=10
syncLimit=5
dataDir=/data/zookeeper/data
dataLogDir=/data/zookeeper/logs
clientPort=2181
server.1=zk1.od.com:2888:3888
server.2=zk2.od.com:2888:3888
server.3=zk3.od.com:2888:3888
[root@hdss7-11 src]# cat /var/named/od.com.zone
$ORIGIN od.com.
$TTL 600 ; 10 minutes
@ IN SOA dns.od.com. dnsadmin.od.com. (
2019111006 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS dns.od.com.
$TTL 60 ; 1 minute
dns A 10.4.7.11
harbor A 10.4.7.200
k8s-yaml A 10.4.7.200
traefik A 10.4.7.10
dashboard A 10.4.7.10
zk1 A 10.4.7.11
zk2 A 10.4.7.12
zk3 A 10.4.7.21
vi /data/zookeeper/data/myid
三台机器依此写入1、2、3,让他们三个成为一个集群。
三台都执行:
/opt/zookeeper/bin/zkServer.sh start
[root@hdss7-21 zookeeper]# /opt/zookeeper/bin/zkServer.sh status
ZooKeeper JMX enabled by default
Using config: /opt/zookeeper/bin/../conf/zoo.cfg
Mode: leader
部署jenkins准备工作
## 200上操作以下:
docker pull jenkins/jenkins:2.190.3
[root@hdss7-200 dashboard]# docker tag 22b8b9a84dbe harbor.od.com/public/jenkins:v2.190.3
[root@hdss7-200 dashboard]# docker push harbor.od.com/public/jenkins:v2.190.3
## 自定义dockerfile
~]# ssh-keygen -t rsa -b 2048 -C "houbinglei@qq.com" -N "" -f /root/.ssh/id_rsa
[root@hdss7-200 data]# mkdir /data/dockerfile
[root@hdss7-200 data]# cd /data/dockerfile
[root@hdss7-200 dockerfile]# mkdir jenkins
[root@hdss7-200 dockerfile]# cd jenkins/
[root@hdss7-200 jenkins]# vi dockerfile
iFROM harbor.od.com/public/jenkins:v2.190.3
USER root
RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime &&\
echo 'Asia/Shanghai' >/etc/timezone
ADD id_rsa /root/.ssh/id_rsa ## 把私钥放进jenkins镜像里面
ADD config.json /root/.docker/config.json ## 登陆远程仓库的信息
ADD get-docker.sh /get-docker.sh ## 装一个docker的客户端
RUN echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config
RUN /get-docker.sh --mirror=Aliyun
[root@hdss7-200 jenkins]# cp /root/.ssh/id_rsa .
[root@hdss7-200 jenkins]# cp /root/.docker/config.json .
[root@hdss7-200 jenkins]# curl -fsSL get.docker.com -o get-docker.sh
[root@hdss7-200 jenkins]# chmod +x get-docker.sh
harbor上新建私有仓库 infra
[root@hdss7-200 jenkins]# docker build . -t harbor.od.com/infra/jenkins:v2.190.3
docker push harbor.od.com/infra/jenkins:v2.190.3
# 新建一个名称空间
kubectl create ns infra
# 遇到harbor 私有仓库,执行以下操作:
1、光login 是不够的,在任意一个运算节点,为infra 这个名称空间 创建一个secret 资源
类型是docker-registry, 名字是harbor
kubectl create secret docker-registry harbor --docker-server=harbor.od.com --docker-username=admin --docker-password=Harbor12345 -n infra
secret 资源有三种类型,docker-registry、generic(通用型,default token)、tls(ingress卸载证书使用)
## 准备nfs共享存储
所有机器上:
yum install nfs-utils -y
# 200上
vi /etc/exports
/data/nfs-volume 10.4.7.0/24(rw,no_root_squash)
mkdir -p /data/nfs-volume
systemctl start nfs
systemctl enable nfs
## 配置资源清单,指定jenkins 的volume 持久化
[root@hdss7-200 jenkins]# cd /data/k8s-yaml/
[root@hdss7-200 k8s-yaml]# mkdir jenkins
[root@hdss7-200 k8s-yaml]# cd jenkins/
root@hdss7-200 jenkins]# mkdir /data/nfs-volume/jenkins_home -p
vi dp.yaml
ikind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: jenkins
namespace: infra
labels:
name: jenkins
spec:
replicas: 1
selector:
matchLabels:
name: jenkins
template:
metadata:
labels:
app: jenkins
name: jenkins
spec:
volumes:
- name: data
nfs:
server: hdss7-200
path: /data/nfs-volume/jenkins_home # 持久化到200的这个目录,提前创建
- name: docker
hostPath:
path: /run/docker.sock # copy docker 服务端的socket,可以用客户端跟宿主机的docker服务端通信
type: ''
containers:
- name: jenkins
image: harbor.od.com/infra/jenkins:v2.190.3
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
protocol: TCP
env:
- name: JAVA_OPTS
value: -Xmx512m -Xms512m
volumeMounts:
- name: data
mountPath: /var/jenkins_home
- name: docker
mountPath: /run/docker.sock
imagePullSecrets:
- name: harbor
securityContext:
runAsUser: 0
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
revisionHistoryLimit: 7
progressDeadlineSeconds: 600
vi svc.yaml
ikind: Service
apiVersion: v1
metadata:
name: jenkins
namespace: infra
spec:
ports:
- protocol: TCP
port: 80
targetPort: 8080
selector:
app: jenkins
vi ingress.yaml
ikind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: jenkins
namespace: infra
spec:
rules:
- host: jenkins.od.com
http:
paths:
- path: /
backend:
serviceName: jenkins
servicePort: 80
配置jenkins
1、11 上设置域名解析
2、浏览器访问
[root@hdss7-200 secrets]# pwd
/data/nfs-volume/jenkins_home/secrets
[root@hdss7-200 secrets]# cat initialAdminPassword
admin
admin123
cd /data/nfs-volume/jenkins_home/updates
sed -i 's/http:\/\/updates.jenkins-ci.org\/download/https:\/\/mirrors.tuna.tsinghua.edu.cn\/jenkins/g' default.json && sed -i 's/http:\/\/www.google.com/https:\/\/www.baidu.com/g' default.json