一、部署环境
| 系统 | IP | 主机名 | 所需软件 |
| Rocky8.7 | 192.168.15.11 | k8s-master01 | k8s-1.28.2 |
| Rocky8.7 | 192.168.15.13 | k8s-node01 | k8s-1.28.2 |
| Rocky8.7 | 192.168.15.14 | k8s-node02 | k8s-1.28.2 |
| Rocky8.7 | 192.168.15.102 | git | gitlab-ce-12.10.14 git-2.39.3 docker-25.0.3 golang-1.20.12 |
| Rocky8.7 | 192.168.15.101 | harbor | harbor-2.5.3 |
二、部署 ArgoCD
1. 创建命名空间
[root@k8s-master01 ~]# kubectl create ns argocd
namespace/argocd created2. 安装 ArgoCD
[root@k8s-master01 ~]# wget https://raw.githubusercontent.com/argoproj/argo-cd/v2.4.11/manifests/install.yaml
[root@k8s-master01 ~]# vim install.yaml
......省略部分内容......
10184 - command:
10185 - argocd-server
# 追加下面行
10186 - --insecure
[root@k8s-master01 ~]# kubectl apply -f install.yaml -n argocd
customresourcedefinition.apiextensions.k8s.io/applications.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/applicationsets.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/appprojects.argoproj.io created
serviceaccount/argocd-application-controller created
serviceaccount/argocd-applicationset-controller created
serviceaccount/argocd-dex-server created
serviceaccount/argocd-notifications-controller created
serviceaccount/argocd-redis created
serviceaccount/argocd-repo-server created
serviceaccount/argocd-server created
role.rbac.authorization.k8s.io/argocd-application-controller created
role.rbac.authorization.k8s.io/argocd-applicationset-controller created
role.rbac.authorization.k8s.io/argocd-dex-server created
role.rbac.authorization.k8s.io/argocd-notifications-controller created
role.rbac.authorization.k8s.io/argocd-server created
clusterrole.rbac.authorization.k8s.io/argocd-application-controller created
clusterrole.rbac.authorization.k8s.io/argocd-server created
rolebinding.rbac.authorization.k8s.io/argocd-application-controller created
rolebinding.rbac.authorization.k8s.io/argocd-applicationset-controller created
rolebinding.rbac.authorization.k8s.io/argocd-dex-server created
rolebinding.rbac.authorization.k8s.io/argocd-notifications-controller created
rolebinding.rbac.authorization.k8s.io/argocd-redis created
rolebinding.rbac.authorization.k8s.io/argocd-server created
clusterrolebinding.rbac.authorization.k8s.io/argocd-application-controller created
clusterrolebinding.rbac.authorization.k8s.io/argocd-server created
configmap/argocd-cm created
configmap/argocd-cmd-params-cm created
configmap/argocd-gpg-keys-cm created
configmap/argocd-notifications-cm created
configmap/argocd-rbac-cm created
configmap/argocd-ssh-known-hosts-cm created
configmap/argocd-tls-certs-cm created
secret/argocd-notifications-secret created
secret/argocd-secret created
service/argocd-applicationset-controller created
service/argocd-dex-server created
service/argocd-metrics created
service/argocd-notifications-controller-metrics created
service/argocd-redis created
service/argocd-repo-server created
service/argocd-server created
service/argocd-server-metrics created
deployment.apps/argocd-applicationset-controller created
deployment.apps/argocd-dex-server created
deployment.apps/argocd-notifications-controller created
deployment.apps/argocd-redis created
deployment.apps/argocd-repo-server created
deployment.apps/argocd-server created
statefulset.apps/argocd-application-controller created
networkpolicy.networking.k8s.io/argocd-application-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-dex-server-network-policy created
networkpolicy.networking.k8s.io/argocd-redis-network-policy created
networkpolicy.networking.k8s.io/argocd-repo-server-network-policy created
networkpolicy.networking.k8s.io/argocd-server-network-policy created
[root@k8s-master01 ~]# kubectl get svc,po -n argocd
# 查看服务状态,确认服务运行
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/argocd-applicationset-controller ClusterIP 10.96.164.203 <none> 7000/TCP,8080/TCP 5m31s
service/argocd-dex-server ClusterIP 10.96.88.174 <none> 5556/TCP,5557/TCP,5558/TCP 5m31s
service/argocd-metrics ClusterIP 10.96.12.92 <none> 8082/TCP 5m31s
service/argocd-notifications-controller-metrics ClusterIP 10.96.45.53 <none> 9001/TCP 5m31s
service/argocd-redis ClusterIP 10.96.183.232 <none> 6379/TCP 5m31s
service/argocd-repo-server ClusterIP 10.96.182.219 <none> 8081/TCP,8084/TCP 5m31s
service/argocd-server ClusterIP 10.96.89.128 <none> 80/TCP,443/TCP 5m31s
service/argocd-server-metrics ClusterIP 10.96.16.151 <none> 8083/TCP 5m31s
NAME READY STATUS RESTARTS AGE
pod/argocd-application-controller-0 1/1 Running 0 5m30s
pod/argocd-applicationset-controller-55445f9884-gh9pt 1/1 Running 0 5m31s
pod/argocd-dex-server-866658c7f7-wdm98 1/1 Running 2 (6m38s ago) 5m31s
pod/argocd-notifications-controller-76bd558cd5-8ms65 1/1 Running 0 5m31s
pod/argocd-redis-7fbcd7f976-j7h2j 1/1 Running 0 5m31s
pod/argocd-repo-server-844b876c49-x64bs 1/1 Running 0 5m30s
pod/argocd-server-6bccc4dbcc-pcmfb 1/1 Running 0 5m30s3. 创建 Ingress
[root@k8s-master01 ~]# vim ingress-argo.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: argocd-ingress
namespace: argocd
spec:
ingressClassName: nginx
rules:
- host: myargocd.666.com
http:
paths:
- path: "/"
pathType: Prefix
backend:
service:
name: argocd-server
port:
number: 80
[root@k8s-master01 ~]# kubectl apply -f ingress-argo.yaml -n argocd
ingress.networking.k8s.io/argocd-ingress created
[root@k8s-master01 pod]# kubectl get ingress -n argocd
NAME CLASS HOSTS ADDRESS PORTS AGE
argocd-ingress nginx myargocd.666.com 192.168.15.14 80 109s
[root@k8s-master01 pod]# kubectl apply -f ingress-argo.yaml -n argocd
ingress.networking.k8s.io/argocd-ingress unchanged4. Hosts 主机映射
4.1. Windows 主机映射
修改域名映射文件:
C:\Windows\System32\drivers\etc
找到 hosts 文件,使用记事本打开,编辑最后的内容
4.2. Linux 主机映射
[root@k8s-master01 ~]# cat >> /etc/hosts << END
> 192.168.15.11 myargocd.666.com
> END5. 获取登录密码
[root@k8s-master01 ~]# kubectl get secret -n argocd argocd-initial-admin-secret -o yaml
apiVersion: v1
data:
password: MG9vR29hS2Q3VVoxZnVQMg== # 复制
kind: Secret
metadata:
creationTimestamp: "2024-03-03T12:49:57Z"
name: argocd-initial-admin-secret
namespace: argocd
resourceVersion: "597155"
uid: cc12a7ef-03ce-4910-a863-273d8113c712
type: Opaque
[root@k8s-master01 ~]# echo "MG9vR29hS2Q3VVoxZnVQMg==" | base64 -d
0ooGoaKd7UZ1fuP26. 访问 ArgoCD
访问 https://myargocd.666.com:30443,初始用户名:admin,初始密码即上一步解密出来的密码
7. 更改登录密码
7.1. 安装 ArgoCD 客户端
[root@k8s-master01 ~]# wget https://github.com/argoproj/argo-cd/releases/download/v2.4.11/argocd-linux-amd64
[root@k8s-master01 ~]# chmod +x argocd-linux-amd64
[root@k8s-master01 ~]# mv argocd-linux-amd64 /usr/local/bin/argocd
[root@k8s-master01 ~]# argocd version
argocd: v2.4.11+3d9e9f2
BuildDate: 2022-08-22T09:35:38Z
GitCommit: 3d9e9f2f95b7801b90377ecfc4073e5f0f07205b
GitTreeState: clean
GoVersion: go1.18.5
Compiler: gc
Platform: linux/amd64
FATA[0000] Argo CD server address unspecified
7.2. 登录 ArgoCD
[root@k8s-master01 ~]# argocd login myargocd.666.com:30443 # 使用https协议的端口登录
WARNING: server certificate had error: x509: certificate is valid for ingress.local, not myargocd.666.com. Proceed insecurely (y/n)? y
WARN[0001] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web.
Username: admin
Password: # 之前解密的密码,复制粘贴即可
'admin:login' logged in successfully
Context 'myargocd.666.com:30443' updated7.3. 更改密码
[root@k8s-master01 ~]# argocd account update-password
WARN[0000] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web.
*** Enter password of currently logged in user (admin): # 旧密码,之前解密的密码,复制粘贴即可
*** Enter new password for user admin: # 新密码
*** Confirm new password for user admin: # 再次输入新密码
Password updated
Context 'myargocd.666.com:30443' updated三、安装 Kustomize
当开发者 push 代码以后,gitlab-runner 会在 gitlab-ce 服务器执行流水线里定义具体的操作,流水线步骤里定义了 gitlab-runner 通过 kustomize 客户端工具,修改应用部署资源清单文件里的容器镜像版本,并重新 push 代码到代码仓库,所以需要在 gitlab-ce 服务器中安装 Kustomize
[root@GIT ~]# yum -y install epel-release
[root@GIT ~]# yum -y install snapd
[root@GIT ~]# systemctl enable --now snapd.socket
Created symlink /etc/systemd/system/sockets.target.wants/snapd.socket → /usr/lib/systemd/system/snapd.socket.
[root@GIT ~]# ln -s /var/lib/snapd/snap /snap
[root@GIT ~]# snap install kustomize
error: too early for operation, device not yet seeded or device model not acknowledged
[root@GIT ~]# snap install kustomize # 安装命令要执行两次
2024-03-04T16:37:47+08:00 INFO Waiting for automatic snapd restart...
Warning: /var/lib/snapd/snap/bin was not found in your $PATH. If you ve not restarted your session
since you installed snapd, try doing that. Please see https://forum.snapcraft.io/t/9469
for more details.
kustomize 5.3.0 from abskmj installed
[root@GIT ~]# ln -s /var/lib/snapd/snap/bin/kustomize /usr/local/bin/kustomize
[root@GIT ~]# kustomize version
v5.3.0四、部署 Gitlab Runner
1. 安装 Gitlab
GIT 主机安装 Gitlab
安装前确保主机内存 ≥ 2G,等待 Gitlab 初始化完成即可,已装 Gitlab 可忽略
[root@GIT ~]# yum -y install git
[root@GIT ~]# yum -y install curl openssh-server postfix cronie policycoreutils-python
[root@GIT ~]# wget --content-disposition https://packages.gitlab.com/gitlab/gitlab-ce/packages/el/8/gitlab-ce-12.10.14-ce.0.el8.x86_64.rpm/download.rpm
[root@GIT ~]# rpm -ivh gitlab-ce-12.10.14-ce.0.el8.x86_64.rpm
[root@GIT ~]# gitlab-ctl reconfigure
[root@GIT ~]# cd /var/opt/gitlab/gitlab-rails/etc
[root@GIT etc]# vim gitlab.yml # 修改gitlab配置
# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.
production: &base
#
# 1. GitLab app settings
# ==========================
## GitLab settings
gitlab:
## Web server settings (note: host is the FQDN, do not include http://)
host: 192.168.15.102 # 修改IP
port: 82 # 修改端口
https: false
[root@GIT etc]# vim /etc/gitlab/gitlab.rb
1197 nginx['listen_port'] = 82 # 取消注释,修改端口
[root@GIT ~]# vim /var/opt/gitlab/nginx/conf/gitlab-http.conf
34 server {
35 listen *:82; # 修改端口
[root@GIT etc]# gitlab-ctl restart
[root@GIT ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:bgXRB7i7FuKjxWUeVPf9L9sKB3aSDPqWFGOaACCCrw4 root@GIT
The keys randomart image is:
+---[RSA 3072]----+
|+ ... .oo.. |
|o. . .o.... . |
| . . o.=. . .|
| . o.* = . .|
| . S.o * . .|
|E ..=o= o + .|
|o .o.+o+ . o .|
| . .o.o. o + |
| .. o o..|
+----[SHA256]-----+
[root@GIT ~]# cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCtGCxLECJavppDQAOAHA65GQzpJAipy73qDo7Eh1h8X99wG9bZn/NnQ+jn0W8j/ABWkUkWGQ48PFp0S//94mnUHAC2O/Po4MAGANkFHAqSiv3prPbtBDrwXRJjdN7DwEVCHOhdqSQp6C0v3+0RJ6VmvXCF6isi6pDGGLHgLKHl0yLrG7Off0nTmfKx3reH1x5M9/tQITzQqItzpiOgdPsrs7rT2NFzBoKEIFqhxwIT5K7lQYUlgUDIMEI24wfVny7L5VMKDs0I1aY22YE+zLp8RqfNhSpM92odK0TOLxQ3cQ0QF3JwF20tRjQ0gEfzjcEOsVr37bsDxdP1R/8RXdAO9KR9elIbsbk+njq9M4EO0cwRZFYf3dMK7e9dvSHaZJQM7dPHRY9o/E78+6QjkcDR0Q8TJaYSjV9EWpbHzoa6K9Eiiv+WVPNjjxylpCiU2OuheguylFNpZQ8r/2kkMttYZs2ZG1Bx9CFAir2Ob2Zw0JKlecpSL2CRGvrXcnPW4xk= root@GIT
# 将上行公钥复制下来输入 IP+端口,192.168.15.102:82 进入 gitlab 页面,首次登录请设置密码,然后按照如下步骤点击
2. 创建组
3. 创建项目
4. 安装 Runner
[root@GIT ~]# wget https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64 -O /usr/bin/gitlab-runner # 下载runner
[root@GIT ~]# chmod +x /usr/bin/gitlab-runner
[root@GIT ~]# useradd --comment 'GitLab Runner' --create-home gitlab-runner --shell /bin/bash # 添加runner用户
[root@GIT ~]# gitlab-runner install --user=gitlab-runner --working-directory=/home/gitlab-runner # 配置runner工作目录
Runtime platform arch=amd64 os=linux pid=12272 revision=782c6ecb version=16.9.1
[root@GIT ~]# gitlab-runner start # 启动runner
Runtime platform arch=amd64 os=linux pid=12370 revision=782c6ecb version=16.9.1
[root@GIT ~]# ps -aux | grep gitlab-runner | grep -v grep # 查看runner运行状态
root 12376 0.1 2.5 1284176 46424 ? Ssl 22:34 0:00 /usr/bin/gitlab-runner run --working-directory /home/gitlab-runner --config /etc/gitlab-runner/config.toml --service gitlab-runner --user gitlab-runner5. 添加 Runner 实例
到 Gitlab 页面,进入已创建项目的配置,按下图复制 Gitlab 地址和 token
[root@GIT ~]# gitlab-runner register
Runtime platform arch=amd64 os=linux pid=13346 revision=782c6ecb version=16.9.1
Running in system-mode.
Enter the GitLab instance URL (for example, https://gitlab.com/):
http://192.168.15.102:82/ # 输入网页上复制的gitlab地址
Enter the registration token:
Tsbzsx32zjpzY-gubVxK # 输入复制的token
Enter a description for the runner:
[GIT]: pro-demo # 输入创建的项目名
Enter tags for the runner (comma-separated):
# 直接回车
Enter optional maintenance note for the runner:
# 直接回车
WARNING: Support for registration tokens and runner parameters in the 'register' command has been deprecated in GitLab Runner 15.6 and will be replaced with support for authentication tokens. For more information, see https://docs.gitlab.com/ee/ci/runners/new_creation_workflow
Registering runner... succeeded runner=Tsbzsx32
Enter an executor: kubernetes, instance, custom, shell, ssh, virtualbox, docker-windows, parallels, docker, docker+machine, docker-autoscaler:
shell # 输入shell回车
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!
Configuration (with the authentication token) was saved in "/etc/gitlab-runner/config.toml" 6. 修改 Runner 配置文件
[root@GIT ~]# vim /etc/gitlab-runner/config.toml
1 concurrent = 1
2 check_interval = 0
3 connection_max_age = "15m0s"
4 shutdown_timeout = 0
5
6 [session_server]
7 session_timeout = 1800
8
9 [[runners]]
10 name = "pro-demo"
11 url = "http://192.168.15.102:82/"
12 id = 1
13 token = "e45s_MoKLYzkxtwMhswx"
14 token_obtained_at = 2024-03-03T14:44:30Z
15 token_expires_at = 0001-01-01T00:00:00Z
16 executor = "shell"
17 [runners.custom_build_dir] # 添加17和18行来固定日志文件位置
18 enabled=true
19 [runners.cache]
20 MaxUploadedArchiveSize = 07. 启动 Runner
[root@GIT ~]# gitlab-runner run &
[1] 15536
[root@GIT ~]# Runtime platform arch=amd64 os=linux pid=15536 revision=782c6ecb version=16.9.1
Starting multi-runner from /etc/gitlab-runner/config.toml... builds=0 max_builds=0
Running in system-mode.
Configuration loaded builds=0 max_builds=1
listen_address not defined, metrics & debug endpoints disabled builds=0 max_builds=1
[session_server].listen_address not defined, session endpoints disabled builds=0 max_builds=1
Initializing executor providers builds=0 max_builds=18. 授权 Docker
GIT 安装 docker 步骤略
[root@GIT ~]# usermod -G docker gitlab-runner
[root@GIT ~]# id gitlab-runner
uid=1001(gitlab-runner) gid=1001(gitlab-runner) 组=1001(gitlab-runner),969(docker)9. 项目配置
五、项目部署
1. 拉取项目
[root@GIT ~]# git clone https://gitee.com/qqmiller/godemo.git
正克隆到 'godemo'...
remote: Enumerating objects: 17, done.
remote: Counting objects: 100% (17/17), done.
remote: Compressing objects: 100% (17/17), done.
remote: Total 17 (delta 0), reused 0 (delta 0), pack-reused 0
接收对象中: 100% (17/17), 9.10 KiB | 9.10 MiB/s, 完成.
[root@GIT ~]# ls
公共 图片 音乐 gitlab-ce-12.10.14-ce.0.el8.x86_64.rpm initial-setup-ks.cfg
模板 文档 桌面 godemo ip.sh
视频 下载 anaconda-ks.cfg hostname.sh nohup.out2. 修改项目配置
2.1. 修改 GO 代码
[root@GIT ~]# cd godemo/
[root@GIT godemo]# ls
apidemo.go base Dockerfile go.mod go.sum
[root@GIT godemo]# vim apidemo.go
package main
import (
"github.com/gin-gonic/gin"
"net/http"
"time" // Go的time包
)
func main() {
r := gin.Default()
r.GET("/info", Info)
r.Run(":10088") // 本项目的映射端口
}
func Info(c *gin.Context) {
currentTime := time.Now().Format(time.RFC1123) // 获取当前时间并将其格式化为RFC1123格式
c.JSON(http.StatusOK, gin.H{ // 访问响应时的输出信息
"version": "1.5.3",
"project": "hello world",
"name": "YH",
"timestamp": currentTime,
})
}2.2. gitlab 流水线文件
[root@GIT godemo]# vim .gitlab-ci.yml
variables: # 设定执行流水线时的环境变量,这些变量不要动!
registry: $CI_REGISTRY # 设定变量registry为$CI_REGISTRY,一般为私有镜像仓库地址(harbor、docker registry等),下面步骤会在gitlab内定义该变量
registry_name: $CI_REGISTRY_USER # 设定gitlab全局变量,登录harbor仓库的用户名
registry_passwd: $CI_REGISTRY_PASSWORD # 登录harbor仓库的密码
app_name: $CI_PROJECT_NAME # gitlab的项目名称内置变量
app_version: $CI_COMMIT_SHORT_SHA # 项目版本的内置变量
namespace: $CI_PROJECT_NAMESPACE # 项目所在命名空间的内置变量
GIT_CLONE_PATH: '$CI_BUILDS_DIR/$CI_JOB_ID/$CI_PROJECT_NAME' # git克隆时的地址变量
stages: # 流水线任务阶段,都是自定义的,但要与下面对应
- build code # 构建源码阶段
- build image # 构建镜像阶段
- image tag # 修改镜像标签阶段
- push image # 上传镜像阶段
- deploy # 发布deployment阶段
build code: # 构建源码的job
stage: build code # 指定上方定义好的阶段
script: # 执行的脚本或命令
- go build # 使用go命令构建
artifacts: # 生成可执行程序
paths:
- apidemo # 生成到当前工作目录,名字为apidemo
rules: # 规则
- if: $CI_COMMIT_BRANCH == 'master' # 条件规则,检查当前提交的分支是否为master,如果是,执行上方命令
docker build: # 构建镜像的job
stage: build image # 指定预定义后的阶段
script: # 执行命令
- docker build -t $app_name:$app_version . # 使用docker构建镜像
needs: # 依赖于其他作业,这个要指定的是job(作业)名
- build code
rules:
- if: $CI_COMMIT_BRANCH == 'master'
docker tag: # job名
stage: image tag # 指定阶段
script:
- echo $registry_name
- docker tag $app_name:$app_version $registry/library/$app_name:$app_version # 修改镜像标签的命令,不再解释
needs: # 依赖于其他作业
- docker build
rules:
- if: $CI_COMMIT_BRANCH == 'master'
docker push:
stage: push image
script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $registry # 登录harbor仓库的命令
- docker push $registry/library/$app_name:$app_version # 推送镜像的命令
needs:
- docker tag
rules:
- if: $CI_COMMIT_BRANCH == 'master'
deploy dev:
stage: deploy
before_script: # 预先执行的命令
- git remote set-url origin http://${CI_USERNAME}:${CI_PASSWORD}@192.168.15.102:82/api-demo/pro-demo.git # 设定gitlab地址
- git config --global user.name "Administrator" # 配置git用户名
- git config --global user.email "admin@example.com" # 配置git用户邮箱
script: # 命令:
- git checkout -B master # 检出(或创建)一个名为“master”的分支,并设置它为当前分支。
- cd base # 转移当前工作目录到base下
- kustomize edit set image $registry/library/$app_name:$app_version # 使用 kustomize 工具更新镜像。
- cat kustomization.yaml
- git commit -am '[skip ci] DEV image update'
- git push origin master
rules:
- if: $CI_COMMIT_BRANCH == 'master'
# 当开发人员更新代码并上传后,gitlab-runner就会触发CI/CD通过执行该脚本文件进行自动构建上传镜像等操作2.3. 项目部署文件
[root@GIT godemo]# cd base/
[root@GIT base]# vim apidemo-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: apidemo
name: apidemo
labels:
app: apidemo
spec:
replicas: 4
selector:
matchLabels:
app: apidemo
template:
metadata:
name: apidemo
labels:
app: apidemo
spec:
containers:
- name: apidemo
image: 192.168.15.101:90/library/pro-demo:v1 # 拉取harbor服务器内的镜像
imagePullPolicy: Always
ports:
- containerPort: 10088
[root@GIT base]# vim apidemo-service.yaml
apiVersion: v1
kind: Service
metadata:
namespace: apidemo
name: apidemo
labels:
app: apidemo
spec:
type: NodePort
ports:
- name: apidemoport
port: 10088
targetPort: 10088
nodePort: 30180
selector:
app: apidemo
[root@GIT base]# vim apidemo-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-apidemo #自定义ingress名称
namespace: apidemo
spec:
ingressClassName: nginx # ingresscontroller的名称
rules:
- host: apidemo.test.com # 自定义域名
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: apidemo # 对应上面创建的service名称
port:
number: 100883. 编译项目代码
[root@GIT godemo]# cd /root/godemo
[root@GIT godemo]# yum -y install go # 安装golang
[root@GIT godemo]# go build .
go: downloading github.com/gin-gonic/gin v1.8.1
go: downloading github.com/gin-contrib/sse v0.1.0
go: downloading github.com/mattn/go-isatty v0.0.14
go: downloading golang.org/x/net v0.0.0-20210226172049-e18ecbb05110
go: downloading github.com/go-playground/validator/v10 v10.10.0
go: downloading github.com/pelletier/go-toml/v2 v2.0.1
go: downloading github.com/ugorji/go/codec v1.2.7
go: downloading google.golang.org/protobuf v1.28.0
go: downloading gopkg.in/yaml.v2 v2.4.0
go: downloading golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069
go: downloading github.com/go-playground/universal-translator v0.18.0
go: downloading github.com/leodido/go-urn v1.2.1
go: downloading golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97
go: downloading golang.org/x/text v0.3.6
go: downloading github.com/go-playground/locales v0.14.04. 运行编译完成的项目
[root@GIT godemo]# go build .
[root@GIT godemo]# ls
apidemo apidemo.go base Dockerfile go.mod go.sum
[root@GIT godemo]# ./apidemo
[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.
[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
- using env: export GIN_MODE=release
- using code: gin.SetMode(gin.ReleaseMode)
[GIN-debug] GET /info --> main.Info (3 handlers)
[GIN-debug] [WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.
Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.
[GIN-debug] Listening and serving HTTP on :100885. 访问测试
浏览器输入:192.168.15.102:10088/info
六、发布项目到 K8S
1. 推送项目到 Gitlab
[root@GIT godemo]# git config --global user.email "50584846@qq.com"
[root@GIT godemo]# git config --global user.name "admin"
[root@GIT godemo]# git init
已重新初始化已存在的 Git 仓库于 /root/godemo/.git/
[root@GIT godemo]# git add .
[root@GIT godemo]# git remote add demo "git@192.168.15.102:api-demo/pro-demo.git" # 复制gitlab项目的clone地址
[root@GIT godemo]# git commit -m "demo"
[master 7438e2d] demo
6 files changed, 13 insertions(+), 10 deletions(-)
create mode 100755 apidemo
[root@GIT godemo]# git push -u demo master
枚举对象中: 26, 完成.
对象计数中: 100% (26/26), 完成.
使用 2 个线程进行压缩
压缩对象中: 100% (26/26), 完成.
写入对象中: 100% (26/26), 5.49 MiB | 7.89 MiB/s, 完成.
总共 26(差异 6),复用 12(差异 0),包复用 0
To 192.168.15.102:api-demo/pro-demo.git
* [new branch] master -> master
分支 'master' 设置为跟踪 'demo/master'。回到项目页面刷新
2. Gitlab 设置变量
对应项目目录的 .gitlab-ci.yml 文件内的自定义变量
| 变量 | 值 | 作用 |
| CI_REGISTRY | 192.168.15.101:90 | Harbor仓库地址 |
| CI_REGISTRY_USER | admin | Harbor仓库用户名 |
| CI_REGISTRY_PASSWORD | Harbor12345 | Harbor仓库密码 |
| CI_USERNAME | root | Gitlab用户名 |
| CI_PASSWORD | (gitlab 的密码) | Gitlab密码 |
在项目页面内点击 Setting --> CI/CD
在弹出窗口内依次添加上方表格内的 5 个变量的键和值
添加后的效果如下图
3. 检查流水线
进入 gitlab 项目页面,点击已上传好的 .gitlab-ci.yml
点击红框图标将内容复制
复制好后,点击右侧菜单栏 CI/CD 的 Pipelines
将之前复制好的流水线文件粘贴到文本框内,点击 Validata,出现绿色的 syntax is correct 表示正常
4. 设定 Docker 镜像仓库
[root@GIT ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://9ghz4eu4.mirror.aliyuncs.com"],"insecure-registries": ["192.168.15.101:90"]
}
# 添加第二行逗号后面的内容,其中的IP为harbor仓库的IP
# 一定要改,否则流水线执行时无法登录harbor仓库K8S 集群也要设置 Containerd 配置才可连接到 harbor 仓库,具体配置略,以往文档内有。
5. ArgoCD 配置
5.1. 创建项目
回到 argocd 页面,按下图操作
新建项目,填写项目信息
5.2. 创建仓库配置
Harbor 仓库自行安装部署,安装步骤略
5.3. 配置项目
点击菜单栏左边的齿轮,再点击 projects,进入刚才创建的项目,下滑找到 SOURCE REPOSITORIES,点击右侧 EDIT
继续下滑,找到 DESTINATIONS
下滑找到 CLUSTER RESOURCE ALLOW LIST
5.4. 添加应用
下滑找到 SOURCE
下滑找到 DESTINATION
6. 查看 APP 状态
等待新创建的 app
点击 api-demo 项目,所有绿色心形图标亮起表示正常,pod 的绿色心亮起表示应用发布到 k8s 集群且运行正常
回到 k8s-master01 内进行验证
[root@k8s-master01 ~]# kubectl get po -n apidemo
NAME READY STATUS RESTARTS AGE
apidemo-d5f5f7d95-2f5kc 1/1 Running 0 3h24m
apidemo-d5f5f7d95-6c6ft 1/1 Running 0 3h24m
apidemo-d5f5f7d95-8lcnr 1/1 Running 0 3h24m
apidemo-d5f5f7d95-jphmj 1/1 Running 0 3h24m
[root@k8s-master01 ~]# kubectl get ingress -n apidemo
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-apidemo nginx apidemo.test.com 192.168.15.14 80 4h31m
[root@k8s-master01 ~]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.96.199.126 <none> 80:30890/TCP,443:30443/TCP 4d6h
ingress-nginx-controller-admission ClusterIP 10.96.217.67 <none> 443/TCP 4d6h7. 添加 Hosts 配置
修改域名映射文件:
C:\Windows\System32\drivers\etc
找到 hosts 文件,使用记事本打开,编辑最后的内容,然后保存
8. 最终访问测试
浏览器访问:ingress 域名 + ingress 的 svc 的映射端口
本次访问的域名为:http://apidemo.test.com:30890/info
1384
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
