部署zk集群

Zookeeper是Dubbo微服务集群的注册中心
它的高可用机制和k8s的etcd集群一致
由java编写，所以需要jdk环境

主机名	角色	ip
hdss7-11.host.com	k8s代理节点1，zk1	10.4.7.11
hdss7-12.host.com	k8s代理节点2，zk2	10.4.7.12
hdss7-21.host.com	k8s运算节点1，zk3	10.4.7.21
hdss7-22.host.com	k8s运算节点2，jenkins	10.4.7.21
hdss7-200.host.com	k8s运算节点（docker仓库）	10.4.7.21

部署zookeeper
安装jdk1.8（3台zk角色主机）
jdk下载地址
https://www.oracle.com/java/technologies/javase-jdk16-downloads.html

[root@hdss7-11 ~]# cd /opt/
[root@hdss7-11 opt]# mkdir src
[root@hdss7-11 opt]# cd src/
[root@hdss7-11 src]# rz -E
rz waiting to receive.
[root@hdss7-11 src]# ll
总用量 141540
-rw-r--r--. 1 root root 144935989 7月   3 01:42 jdk-8u291-linux-x64.tar.gz
[root@hdss7-11 src]# mkdir /usr/java
[root@hdss7-11 src]# tar xf jdk-8u291-linux-x64.tar.gz -C /usr/java/
[root@hdss7-11 src]# ln -s /usr/java/jdk1.8.0_291/ /usr/java/jdk
[root@hdss7-11 src]# ll /usr/java/
总用量 0
lrwxrwxrwx. 1 root  root   23 8月  31 19:21 jdk -> /usr/java/jdk1.8.0_291/
drwxr-xr-x. 8 10143 10143 273 4月   8 03:26 jdk1.8.0_291
[root@hdss7-11 src]# vim /etc/profile
[root@hdss7-11 src]# tail -5 /etc/profile
unset -f pathmungeexport JAVA_HOME=/usr/java/jdk
export PATH=$JAVA_HOME/bin:$JAVA_HOME/bin:$PATH
export CLASSPATH=$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/lib/tools.jar
[root@hdss7-11 src]# 
[root@hdss7-11 src]# source /etc/profile
[root@hdss7-11 src]# java -version
java version "1.8.0_291"
Java(TM) SE Runtime Environment (build 1.8.0_291-b10)
Java HotSpot(TM) 64-Bit Server VM (build 25.291-b10, mixed mode)
[root@hdss7-11 src]#

然后在12上和21上都同样部署下

[root@hdss7-12 ~]# cd /opt/
[root@hdss7-12 opt]# ll
total 12
lrwxrwxrwx. 1 root root   18 Aug 29 12:12 etcd -> /opt/etcd-v3.1.20/
drwxr-xr-x. 4 etcd etcd 4096 Aug 29 12:13 etcd-v3.1.20
drwxr-xr-x. 2 root root 4096 Oct 31  2018 rh
drwxr-xr-x. 2 root root 4096 Aug 29 12:11 src
[root@hdss7-12 opt]# cd src/
[root@hdss7-12 src]# ll
total 9620
-rw-r--r--. 1 root root 9850227 May 25 22:31 etcd-v3.1.20-linux-amd64.tar.gz
[root@hdss7-12 src]# mkdir /usr/java
[root@hdss7-12 src]# tar xf jdk-8u291-linux-x64.tar.gz -C /usr/java/
[root@hdss7-12 src]# ln -s /usr/java/jdk1.8.0_291/ /usr/java/jdk
[root@hdss7-12 src]# ll /usr/java
total 4
lrwxrwxrwx. 1 root  root    23 Aug 31 19:28 jdk -> /usr/java/jdk1.8.0_291/
drwxr-xr-x. 8 10143 10143 4096 Apr  8 03:26 jdk1.8.0_291
[root@hdss7-12 src]# vi /etc/profile
[root@hdss7-12 src]# source /etc/profile
[root@hdss7-12 src]# java -version
java version "1.8.0_291"
Java(TM) SE Runtime Environment (build 1.8.0_291-b10)
Java HotSpot(TM) 64-Bit Server VM (build 25.291-b10, mixed mode)
[root@hdss7-12 src]# scp jdk-8u291-linux-x64.tar.gz 10.4.7.21:/opt/src
The authenticity of host '10.4.7.21 (10.4.7.21)' can't be established.
ECDSA key fingerprint is SHA256:YgFtoZE7xde9aM75T9GEitcoTWIlZ0YcZup8ZNyikMI.
ECDSA key fingerprint is MD5:36:b2:82:4b:05:02:b5:be:15:a2:9b:a6:ac:c8:46:50.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.4.7.21' (ECDSA) to the list of known hosts.
root@10.4.7.21's password: 
jdk-8u291-linux-x64.tar.gz                                                             100%  138MB 128.5MB/s   00:01    
[root@hdss7-12 src]#

[root@hdss7-21 ~]# cd /opt/src/
[root@hdss7-21 src]# ll
total 593876
-rw-r--r--. 1 root root   9850227 May 25 22:31 etcd-v3.1.20-linux-amd64.tar.gz
-rw-r--r--  1 root root   9565743 Jan 29  2019 flannel-v0.11.0-linux-amd64.tar.gz
-rw-r--r--  1 root root 144935989 Aug 31 19:30 jdk-8u291-linux-x64.tar.gz
-rw-r--r--. 1 root root 443770238 Jun  1 20:56 kubernetes-server-linux-amd64-v1.15.2.tar.gz
[root@hdss7-21 src]# mkdir /usr/java
[root@hdss7-21 src]# tar xf jdk-8u291-linux-x64.tar.gz -C /usr/java
[root@hdss7-21 src]# ln -s /usr/java/jdk1.8.0_291/ /usr/java/jdk
[root@hdss7-21 src]# vi /etc/profile
[root@hdss7-21 src]# source /etc/profile
[root@hdss7-21 src]# java -version
java version "1.8.0_291"
Java(TM) SE Runtime Environment (build 1.8.0_291-b10)
Java HotSpot(TM) 64-Bit Server VM (build 25.291-b10, mixed mode)
[root@hdss7-21 src]#

然后下载zookeeper进行部署
下载地址
https://archive.apache.org/dist/zookeeper/

[root@hdss7-11 src]# rz -E
rz waiting to receive.
[root@hdss7-11 src]# ll
总用量 178336
-rw-r--r--. 1 root root 144935989 7月   3 01:42 jdk-8u291-linux-x64.tar.gz
-rw-r--r--. 1 root root  37676320 7月   6 22:29 zookeeper-3.4.14.tar.gz
[root@hdss7-11 src]# tar xf zookeeper-3.4.14.tar.gz -C /opt
[root@hdss7-11 src]# scp zookeeper-3.4.14.tar.gz 10.4.7.12:/opt/src
zookeeper-3.4.14.tar.gz                                                                100%   36MB 120.2MB/s   00:00    
[root@hdss7-11 src]# scp zookeeper-3.4.14.tar.gz 10.4.7.21:/opt/src
zookeeper-3.4.14.tar.gz                                                                100%   36MB 113.1MB/s   00:00    
[root@hdss7-11 src]# ^C
[root@hdss7-11 src]# cd ..
[root@hdss7-11 opt]# ln -s /opt/zookeeper-3.4.14/ /opt/zookeeper
[root@hdss7-11 opt]# ^C
[root@hdss7-11 opt]# mkdir -pv /opt/zookeeper/data /data/zookeeper/logs
mkdir: 已创建目录 "/opt/zookeeper/data"
mkdir: 已创建目录 "/data"
mkdir: 已创建目录 "/data/zookeeper"
mkdir: 已创建目录 "/data/zookeeper/logs"
[root@hdss7-11 opt]# ^C
[root@hdss7-11 opt]# vi /opt/zookeeper/conf/zoo.cfg
[root@hdss7-11 opt]# cat /opt/zookeeper/conf/zoo.cfg
tickTime=2000
initLimit=10
syncLimit=5
dataDir=/data/zookeeper/data
dataLogDir=/data/zookeeper/logs
clientPort=2181
server.1=zk1.od.com:2888:3888
server.2=zk2.od.com:2888:3888
server.3=zk3.od.com:2888:3888
[root@hdss7-11 opt]# ll
总用量 4
drwxr-xr-x.  2 root root    6 10月 31 2018 rh
drwxr-xr-x.  2 root root   71 8月  31 19:39 src
lrwxrwxrwx.  1 root root   22 8月  31 19:42 zookeeper -> /opt/zookeeper-3.4.14/
drwxr-xr-x. 15 2002 2002 4096 8月  31 19:44 zookeeper-3.4.14
[root@hdss7-11 opt]# scp /opt/zookeeper/conf/zoo.cfg 10.4.7.12:/opt/zookeeper/conf/
zoo.cfg                                                                                100%  206   210.3KB/s   00:00    
[root@hdss7-11 opt]# scp /opt/zookeeper/conf/zoo.cfg 10.4.7.21:/opt/zookeeper/conf/
zoo.cfg                                                                                100%  206    95.7KB/s   00:00    
[root@hdss7-11 opt]# ^C

更改下dns的配置

[root@hdss7-11 opt]# vim /var/named/od.com.zone
[root@hdss7-11 opt]# cat /var/named/od.com.zone
$ORIGIN od.com.
$TTL 600        ; 10 minutes
@               IN SOA  dns.od.com. dnsadmin.od.com. (2021052306 ; serial10800      ; refresh (3 hours)900        ; retry (15 minutes)604800     ; expire (1 week)86400      ; minimum (1 day))NS  dns.od.com.
$TTL 60 ; 1 minute
dns             A       10.4.7.11
harbor          A       10.4.7.200
k8s-yaml        A       10.4.7.200
traefik         A       10.4.7.10
dashboard       A       10.4.7.10
zk1             A       10.4.7.11
zk2             A       10.4.7.12
zk3             A       10.4.7.21
[root@hdss7-11 opt]# systemctl restart named
[root@hdss7-11 opt]# dig -t A zk1.od.com @10.4.7.11 +short
10.4.7.11
[root@hdss7-11 opt]# 
[root@hdss7-11 opt]# mkdir /data/zookeeper/data/
[root@hdss7-11 opt]# vi /data/zookeeper/data/myid
[root@hdss7-11 opt]# cat /data/zookeeper/data/myid
1另外两个也更改下
[root@hdss7-12 opt]# cat /data/zookeeper/data/myid
2
[root@hdss7-21 opt]# cat /data/zookeeper/data/myid
3

然后启动三个节点的zookeeper

[root@hdss7-11 data]# /opt/zookeeper/bin/zkServer.sh start
ZooKeeper JMX enabled by default
Using config: /opt/zookeeper/bin/../conf/zoo.cfg
Starting zookeeper ... STARTED
[root@hdss7-11 data]# ^C
[root@hdss7-11 data]# ps aux |grep zoo
root      26361  1.6  1.4 4302472 57392 pts/2   Sl   20:05   0:00 /usr/java/jdk/bin/java -Dzookeeper.log.dir=. -Dzookeeper.root.logger=INFO,CONSOLE -cp /opt/zookeeper/bin/../zookeeper-server/target/classes:/opt/zookeeper/bin/../build/classes:/opt/zookeeper/bin/../zookeeper-server/target/lib/*.jar:/opt/zookeeper/bin/../build/lib/*.jar:/opt/zookeeper/bin/../lib/slf4j-log4j12-1.7.25.jar:/opt/zookeeper/bin/../lib/slf4j-api-1.7.25.jar:/opt/zookeeper/bin/../lib/netty-3.10.6.Final.jar:/opt/zookeeper/bin/../lib/log4j-1.2.17.jar:/opt/zookeeper/bin/../lib/jline-0.9.94.jar:/opt/zookeeper/bin/../lib/audience-annotations-0.5.0.jar:/opt/zookeeper/bin/../zookeeper-3.4.14.jar:/opt/zookeeper/bin/../zookeeper-server/src/main/resources/lib/*.jar:/opt/zookeeper/bin/../conf::/usr/java/jdk/lib:/usr/java/jdk/lib/tools.jar -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.local.only=false org.apache.zookeeper.server.quorum.QuorumPeerMain /opt/zookeeper/bin/../conf/zoo.cfg
root      26521  0.0  0.0 112724   988 pts/2    S+   20:06   0:00 grep --color=auto zoo
[root@hdss7-11 data]#

可以看先那个是主

[root@hdss7-11 bin]# /opt/zookeeper/bin/zkServer.sh status
ZooKeeper JMX enabled by default
Using config: /opt/zookeeper/bin/../conf/zoo.cfg
Mode: follower
[root@hdss7-12 data]# /opt/zookeeper/bin/zkServer.sh status
ZooKeeper JMX enabled by default
Using config: /opt/zookeeper/bin/../conf/zoo.cfg
Mode: leader                   ##主
[root@hdss7-21 data]# /opt/zookeeper/bin/zkServer.sh status
ZooKeeper JMX enabled by default
Using config: /opt/zookeeper/bin/../conf/zoo.cfg
Mode: follower

安装部署jenkins准备工作

准备镜像

官方地址：：
https://www.jenkins.io/download/

[root@hdss7-200 ~]# docker pull jenkins/jenkins:2.190.3
2.190.3: Pulling from jenkins/jenkins
9a0b0ce99936: Pull complete 
db3b6004c61a: Pull complete 
f8f075920295: Pull complete 
6ef14aff1139: Downloading  1.202MB
962785d3b7f9: Download complete 
631589572f9b: Download complete 
c55a0c6f4c7b: Download complete 
4e96cf3bdc20: Download complete 
e0b44ce6ec69: Download complete 
d961082c76f4: Download complete 
5a229d171c71: Download complete 
64514e4513d4: Download complete 
6797bb506402: Download complete 
b8d0a307156c: Download complete 
b17b306b4a0a: Download complete 
e47bd954be8f: Download complete 
b2d9d6b1cd91: Download complete 
fa537a81cda1: Download complete 
2.190.3: Pulling from jenkins/jenkins
9a0b0ce99936: Pull complete 
db3b6004c61a: Pull complete 
f8f075920295: Pull complete 
6ef14aff1139: Pull complete 
962785d3b7f9: Pull complete 
631589572f9b: Pull complete 
c55a0c6f4c7b: Pull complete 
4e96cf3bdc20: Pull complete 
e0b44ce6ec69: Pull complete 
d961082c76f4: Pull complete 
5a229d171c71: Pull complete 
64514e4513d4: Pull complete 
6797bb506402: Pull complete 
b8d0a307156c: Pull complete 
b17b306b4a0a: Pull complete 
e47bd954be8f: Pull complete 
b2d9d6b1cd91: Pull complete 
fa537a81cda1: Pull complete 
Digest: sha256:64576b8bd0a7f5c8ca275f4926224c29e7aa3f3167923644ec1243cd23d611f3
Status: Downloaded newer image for jenkins/jenkins:2.190.3
docker.io/jenkins/jenkins:2.190.3
[root@hdss7-200 ~]# docker pull jenkins/jenkins:2.190.3
^C
[root@hdss7-200 ~]# docker images |grep 2.19
jenkins/jenkins                    2.190.3                    22b8b9a84dbe   21 months ago   568MB
goharbor/harbor-registryctl        v1.8.3                     9dc783842a19   23 months ago   97.2MB
goharbor/registry-photon           v2.7.1-patch-2819-v1.8.3   a05e085842f5   23 months ago   82.3MB
[root@hdss7-200 ~]# docker tag 22b8b9a84dbe harbor.od.com/public/jenkins:v2.190.3
[root@hdss7-200 ~]# docker push !$
docker push harbor.od.com/public/jenkins:v2.190.3
The push refers to repository [harbor.od.com/public/jenkins]
e0485b038afa: Pushed 
2950fdd45d03: Pushed 
cfc53f61da25: Pushed 
29c489ae7aae: Pushed 
473b7de94ea9: Pushed 
6ce697717948: Pushed 
0fb3a3c5199f: Pushed 
23257f20fce5: Pushed 
b48320151ebb: Pushed 
911119b5424d: Pushed 
5051dc7ca502: Pushed 
a8902d6047fe: Pushed 
99557920a7c5: Pushed 
7e3c900343d0: Pushed 
b8f8aeff56a8: Pushed 
687890749166: Pushed 
2f77733e9824: Pushed 
97041f29baff: Pushed 
v2.190.3: digest: sha256:64576b8bd0a7f5c8ca275f4926224c29e7aa3f3167923644ec1243cd23d611f3 size: 4087
[root@hdss7-200 ~]# cd /data/
[root@hdss7-200 data]# ls
docker  harbor  k8s-yaml
[root@hdss7-200 data]# mkdir dockerfile
[root@hdss7-200 data]# cd docker
[root@hdss7-200 docker]# cd ..
[root@hdss7-200 data]# cd dockerfile/
[root@hdss7-200 dockerfile]# mkdir jenkins
[root@hdss7-200 dockerfile]# cd jenkins/
[root@hdss7-200 jenkins]# cd
[root@hdss7-200 ~]# ssh-keygen -t rsa -b 2048 -C "609436769@qq.com" -N "" -f /root/.ssh/id_rsa
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:1MznnFVz/aF2lyVopnlOp6joeRJluadMqK5+/gm1I+4 609436769@qq.com
The key's randomart image is:
+---[RSA 2048]----+
|             . .+|
|         +  + .o=|
|        ..+=. o.=|
|       .+ o+o=.oo|
|      .+S. ==o. .|
|     .o.o o o    |
|    o.o= +       |
|   .ooo+=        |
| .o*Eo=o         |
+----[SHA256]-----+
[root@hdss7-200 ~]# cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMOW5lRkfksDEUTA0B3Q+2G1M/fwiXuFxLerhGrgC5eoT0IKlT+H3HsmiAFACYzFTM86Y8Ana5tARzhPK+1eHA6JMrv0r2r2QK17NDLoQS7nVRQCmS5cnJOl5uCyA1LEm/YhjLZ6VMmWAPsJCFeM8VkDHxPRT6K6zuipt4WZSD/Q0iZRfO+1PrrHuHbolTWhqfIR19kaZszI2bnZAEt0A7Jasvm/hFLmq2EPCZWvcPCQGao8oEi1M0torE5+crnJ3vTcEAEXonMjqjGsQN/8mRYXayWSwVdd40RivP9zmNgzc2PoRbzQNu94SggnELKCIphRdGQbOrOMJCY0Z7cBGb 609436769@qq.com
[root@hdss7-200 ~]#

然后在浏览器上进行授权
https://gitee.com/profile/sshkeys
在这里插入图片描述

自定义Dockerfile

在运维主机HDSS7-200.host.com 上编辑自定义dockerfile

官方的Jenkins镜像时不能直接使用的，我们要去给它做一定的额配置
先做一下ssh秘钥—生成ssh秘钥对：
ssh-keygen -t rsa -b 2048 -C “609436769@qq.com” -N “” -f /root/.ssh/id_rsa
两种方法生成一个是ssh另一个是http
为什么要生成秘钥呢，因为Jenkins会用到，我们需要把公钥拷贝给老师。把私钥封装到Jenkins的docker镜像里面，老师会把公钥加到gitee仓库里面，在setting里面，把公钥贴到Add key里面就能拉到代码了
[root@hdss7-200 ~]# cat .ssh/id_rsa.pub ##查看的时候会发现有自己的邮箱信息了
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzH+SnKdeUKgYDtZmyCItzaDVSa5k3j19Yn9Q7Spe4m4bWz4srjHqUyOOTNHuKcWnMiegmye1EM+PQ3qa99ZshuEj9jmuwpDjlXMqumTk0l5Goe5tI8KOz2IEa6TkV3+YUDkmpdQweIuIa5l+KEPz9l3fWfHAY9yzlgPItFWHqfjCUbLzuWYCEi0ykWXW0cl+v5h/jYDu+lFpIp/eBC07ysnPeu5pSPr6SKDgfrW+rM8l8gZr6K6Gbg3nZGk+63LDrrLqSvgHCYRVtoIK3Ec6BaaDQ7zm7JoXiCkh5HSpCCcw+C/G3h196YbNzW1CmjFToqYPLA7F9R6Wzc3fahVWP 609436769@qq.com

在运维主机hdss7-200上进行操作
先编写一个新的dockerfile
/data/dockerfile/Dockerfile
FROM harbor.od.com/public/jenkins:v2.190.3
USER root
RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime &&
echo ‘Asia/Shanghai’ >/etc/timezone
ADD id_rsa /root/.ssh/id_rsa
ADD config.json /root/.docker/config.json
ADD get-docker.sh /get-docker.sh
RUN echo " StrictHostKeyChecking no" >> /etc/ssh/ssh_config &&
/get-docker.sh
这里Dockerfile里我们主要做了以下几件事
设置容器用户root
设置容器时区
将ssh私钥加入（使用get拉代码时要用到，配对的公钥应配置在gitlab中）
加入了登录自建harbor仓库的config文件
修改了ssh客户端的配置
安装一个docker的客户端

[root@hdss7-200 ~]# mkdir -pv /date/dockerfile
[root@hdss7-200 ~]# cd /date/dockerfile
[root@hdss7-200 dockerfile]# mkdir jenkins
[root@hdss7-200 dockerfile]# cd jenkins/
[root@hdss7-200 ~]# cd -
/data/dockerfile/jenkins
[root@hdss7-200 jenkins]# vim Dockerfile
[root@hdss7-200 jenkins]# vi Dockerfile
下面的地址可能后面会出错，最好还是用这个地址的内容吧：https://blog.csdn.net/Laiyunpeng666/article/details/120030302
[root@hdss7-200 jenkins]# curl -fsSL get.docker.com -o get-docker.sh
[root@hdss7-200 jenkins]# ll
total 24
-rw-r--r-- 1 root root   738 Aug 31 21:43 Dockerfile
-rw-r--r-- 1 root root 18617 Aug 31 21:43 get-docker.sh
[root@hdss7-200 jenkins]# chmod u+x get-docker.sh
[root@hdss7-200 jenkins]# cp /root/.ssh/id_rsa ./
[root@hdss7-200 jenkins]# cp /root/.docker/config.json ./
[root@hdss7-200 jenkins]# ll
total 32
-rw------- 1 root root    81 Aug 31 21:44 config.json
-rw-r--r-- 1 root root   738 Aug 31 21:43 Dockerfile
-rwxr--r-- 1 root root 18617 Aug 31 21:43 get-docker.sh
-rw------- 1 root root  1679 Aug 31 21:44 id_rsa
[root@hdss7-200 jenkins]# vi Dockerfile
[root@hdss7-200 jenkins]# cat Dockerfile
FROM harbor.od.com/public/jenkins:v2.190.3
#定义启动jenkins的用户
USER root
#修改时区 改成东八区
RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime &&\ echo 'Asia/Shanghai' >/etc/timezone
#加载用户密钥，dubbo服务拉取代码使用的ssh
ADD id_rsa /root/.ssh/id_rsa
#加载宿主机的docker配置文件,登录远程仓库的认证信息加载到容器里面。
ADD config.json /root/.docker/config.json
#在jenkins容器内安装docker 客户端,jenkins要执行docker build,docker引擎用的是宿主机的docker引擎
ADD get-docker.sh /get-docker.sh
#跳过 ssh时候输入 yes 步骤,并执行安装docker
RUN echo "    StrictHostKeyChecking no" >> /etc/ssh/ssh_config &&\/get-docker.sh
[root@hdss7-200 jenkins]#

创建一个私有仓库
在这里插入图片描述
创建镜像

[root@hdss7-200 jenkins]# chmod +x get-docker.sh 
[root@hdss7-200 jenkins]# ll
total 28
-rw------- 1 root root    81 Aug 31 21:44 config.json
-rw-r--r-- 1 root root   344 Aug 31 23:57 Dockerfile
-rwxr-xr-x 1 root root 13857 Sep  1 00:08 get-docker.sh
-rw------- 1 root root  1679 Aug 31 21:44 id_rsa
[root@hdss7-200 jenkins]# docker build . -t jenkins:v2.190.3
Sending build context to Docker daemon  20.48kB
Step 1/7 : FROM harbor.od.com/public/jenkins:v2.190.3---> 22b8b9a84dbe
Step 2/7 : USER root---> Using cache---> a0335d37db97
Step 3/7 : RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && 	echo 'Asia/Shanghai' >/etc/timezone---> Running in 3ba35b19d8ad
Removing intermediate container 3ba35b19d8ad---> 08d9eaad22e5
Step 4/7 : ADD id_rsa /root/.ssh/id_rsa---> a417ecdcf05f
Step 5/7 : ADD config.json /root/.docker/config.json---> 1b59c87a23d7
Step 6/7 : ADD get-docker.sh /get-docker.sh---> da0616a6df0d
Step 7/7 : RUN echo "    StrictHostKeyChecking no" >> /etc/ssh/ssh_config && 	/get-docker.sh---> Running in 7efca71bd6fd
# Executing docker install script, commit: 3d8fe77c2c46c5b7571f94b42793905e5b3e42e4
+ sh -c apt-get update -qq >/dev/null
+ sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -qq apt-transport-https ca-certificates curl >/dev/null
debconf: delaying package configuration, since apt-utils is not installed
+ sh -c curl -fsSL "https://download.docker.com/linux/debian/gpg" | apt-key add -qq - >/dev/null
Warning: apt-key output should not be parsed (stdout is not a terminal)
+ sh -c echo "deb [arch=amd64] https://download.docker.com/linux/debian stretch stable" > /etc/apt/sources.list.d/docker.list
+ sh -c apt-get update -qq >/dev/null
+ [ -n  ]
+ sh -c apt-get install -y -qq --no-install-recommends docker-ce >/dev/null
debconf: delaying package configuration, since apt-utils is not installed
If you would like to use Docker as a non-root user, you should now consider
adding your user to the "docker" group with something like:sudo usermod -aG docker your-userRemember that you will have to log out and back in for this to take effect!WARNING: Adding a user to the "docker" group will grant the ability to runcontainers which can be used to obtain root privileges on thedocker host.Refer to https://docs.docker.com/engine/security/security/#docker-daemon-attack-surfacefor more information.
Removing intermediate container 7efca71bd6fd---> 1bd70ab50568
Successfully built 1bd70ab50568
Successfully tagged jenkins:v2.190.3
[root@hdss7-200 jenkins]# ll
total 28
-rw------- 1 root root    81 Aug 31 21:44 config.json
-rw-r--r-- 1 root root   344 Aug 31 23:57 Dockerfile
-rwxr-xr-x 1 root root 13857 Sep  1 00:08 get-docker.sh
-rw------- 1 root root  1679 Aug 31 21:44 id_rsa
[root@hdss7-200 jenkins]# cat Dockerfile 
FROM harbor.od.com/public/jenkins:v2.190.3
USER root
RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \echo 'Asia/Shanghai' >/etc/timezone
ADD id_rsa /root/.ssh/id_rsa
ADD config.json /root/.docker/config.json
ADD get-docker.sh /get-docker.sh
RUN echo "    StrictHostKeyChecking no" >> /etc/ssh/ssh_config && \/get-docker.sh
[root@hdss7-200 jenkins]# 
[root@hdss7-200 harbor]# docker tag 1bd70ab50568 harbor.od.com/infra/jenkins:v2.190.3
[root@hdss7-200 harbor]# docker push harbor.od.com/infra/jenkins:v2.190.3
The push refers to repository [harbor.od.com/infra/jenkins]
5aca2c3fce72: Pushed 
a1e08d6c4712: Pushed 
9efcd55aa349: Pushed 
b238ad6d1ea3: Pushed 
77cf820700b3: Pushed 
e0485b038afa: Mounted from public/jenkins 
2950fdd45d03: Mounted from public/jenkins 
cfc53f61da25: Mounted from public/jenkins 
29c489ae7aae: Mounted from public/jenkins 
473b7de94ea9: Mounted from public/jenkins 
6ce697717948: Mounted from public/jenkins 
0fb3a3c5199f: Mounted from public/jenkins 
23257f20fce5: Mounted from public/jenkins 
b48320151ebb: Mounted from public/jenkins 
911119b5424d: Mounted from public/jenkins 
5051dc7ca502: Mounted from public/jenkins 
a8902d6047fe: Mounted from public/jenkins 
99557920a7c5: Mounted from public/jenkins 
7e3c900343d0: Mounted from public/jenkins 
b8f8aeff56a8: Mounted from public/jenkins 
687890749166: Mounted from public/jenkins 
2f77733e9824: Mounted from public/jenkins 
97041f29baff: Mounted from public/jenkins 
v2.190.3: digest: sha256:3cf756bb93a81fe6c51c6464e16bbed815e45cc353037a9f73f4dd00d7a577fd size: 5130
[root@hdss7-200 harbor]#

制作Jenkins的Docker镜像

-设置了容器启动时使用的用户为root
·设置容器内的时区为UTC+8
·加入了ssh私钥(拉取git代码的两种方式:基于http和基于ssh)
·加入登录harbor的config文件
·修改了ssh客户端的配置
-安装了一个docker客户端
·配置共享存储NFS
·交付Jenkins到K8S集群配置CI流水线

[root@hdss7-200 harbor]# docker run --rm harbor.od.com/infra/jenkins:v2.190.3 ssh -i /root/.ssh/id_rsa -T git@gitee.com
Warning: Permanently added 'gitee.com,154.213.2.253' (ECDSA) to the list of known hosts.
Hi yelinxiaosheng! You've successfully authenticated, but GITEE.COM does not provide shell access.
[root@hdss7-200 harbor]#

创建命名空间

[root@hdss7-21 data]# kubectl create ns infra
namespace/infra created
[root@hdss7-21 data]# kubectl create secret docker-registry harbor --docker-server=harbor.od.com --docker-username=admin --docker-password=Harbor12345 -n infra
secret/harbor created
[root@hdss7-21 data]#

在这里插入图片描述

准备共享存储，在200上

首先在21和22和200上安装nfs和依赖组件
yum -y install nfs-utils
yum -y install gssproxy.x86_64
yum -y install libcollection.x86_64
yum -y install libnfsidmap
yum -y install libtirpc
yum -y install quota-nls.noarch
yum -y install keyutils
yum -y install libevent
yum -y install libpath_utils
yum -y install libverto-libevent
yum -y install rpcbind
yum -y install libbasicobjects
yum -y install libini_config
yum -y install libref_array
yum -y install quota
yum -y install tcp_wrappers
[root@hdss7-200 harbor]# vi /etc/exports
[root@hdss7-200 harbor]# cat /etc/exports
/data/nfs-volume 10.4.7.0/24(rw,no_root_squash)
[root@hdss7-200 harbor]# mkdir /data/nfs-volume
[root@hdss7-200 harbor]# systemctl start nfs
[root@hdss7-200 harbor]# systemctl enable nfs
Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service.
[root@hdss7-200 harbor]#

这里挂载了宿主机的docker.sock，使容器内的docker客户端可以直接与宿主机的docker引擎进行通信

在使用私有仓库的时候，资源清单中，一定要声明：

[root@hdss7-200 harbor]# cd /data/k8s-yaml/
[root@hdss7-200 k8s-yaml]# mkdir jenkins
[root@hdss7-200 k8s-yaml]# cd jenkins/
[root@hdss7-200 jenkins]# ll
total 0
[root@hdss7-200 jenkins]# vi dp.yaml
[root@hdss7-200 jenkins]# vi dp.yaml
[root@hdss7-200 jenkins]# vi svc.yaml
[root@hdss7-200 jenkins]# vi ingress.yaml
[root@hdss7-200 jenkins]# cat dp.yaml 
kind: Deployment
apiVersion: extensions/v1beta1
metadata:name: jenkinsnamespace: infralabels: name: jenkins
spec:replicas: 1selector:matchLabels: name: jenkinstemplate:metadata:labels: app: jenkins name: jenkinsspec:volumes:- name: datanfs: server: hdss7-200path: /data/nfs-volume/jenkins_home- name: dockerhostPath: path: /run/docker.sock   type: ''containers:- name: jenkinsimage: harbor.od.com/infra/jenkins:v2.190.3imagePullPolicy: IfNotPresentports:- containerPort: 8080protocol: TCPenv:- name: JAVA_OPTSvalue: -Xmx512m -Xms512mvolumeMounts:- name: datamountPath: /var/jenkins_home- name: dockermountPath: /run/docker.sockimagePullSecrets:- name: harborsecurityContext: runAsUser: 0strategy:type: RollingUpdaterollingUpdate: maxUnavailable: 1maxSurge: 1revisionHistoryLimit: 7progressDeadlineSeconds: 600
[root@hdss7-200 jenkins]# ll
total 12
-rw-r--r-- 1 root root 1165 Sep  1 01:25 dp.yaml
-rw-r--r-- 1 root root  245 Sep  1 01:26 ingress.yaml
-rw-r--r-- 1 root root  171 Sep  1 01:25 svc.yaml
[root@hdss7-200 jenkins]# cat ingress.yaml 
kind: Ingress
apiVersion: extensions/v1beta1
metadata: name: jenkinsnamespace: infra
spec:rules:- host: jenkins.od.comhttp:paths:- path: /backend: serviceName: jenkinsservicePort: 80
[root@hdss7-200 jenkins]# cat svc.yaml 
kind: Service
apiVersion: v1
metadata: name: jenkinsnamespace: infra
spec:ports:- protocol: TCPport: 80targetPort: 8080selector:app: jenkins
[root@hdss7-200 jenkins]# 
[root@hdss7-200 jenkins]# mkdir /data/nfs-volume/jenkins_home

创建出pod

[root@hdss7-21 ~]# file /run/docker.sock
/run/docker.sock: socket
[root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.od.com/jenkins/dp.yaml
deployment.extensions/jenkins created
[root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.od.com/jenkins/svc.yaml
service/jenkins created
[root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.od.com/jenkins/ingress.yaml
ingress.extensions/jenkins created
[root@hdss7-21 ~]# kubectl get all -n infra
NAME                           READY   STATUS    RESTARTS   AGE
pod/jenkins-54b8469cf9-7v28q   1/1     Running   0          48sNAME              TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
service/jenkins   ClusterIP   192.168.110.33   <none>        80/TCP    42sNAME                      READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/jenkins   1/1     1            1           48sNAME                                 DESIRED   CURRENT   READY   AGE
replicaset.apps/jenkins-54b8469cf9   1         1         1       48s

在这里插入图片描述

这个时候可以去看jenkins在21上起来后在200上挂载的位置是什么样的

需要解析下域名就能在浏览器访问了

[root@hdss7-11 bin]# vi /var/named/od.com.zone 
[root@hdss7-11 bin]# cat /var/named/od.com.zone 
$ORIGIN od.com.
$TTL 600        ; 10 minutes
@               IN SOA  dns.od.com. dnsadmin.od.com. (2021052307 ; serial10800      ; refresh (3 hours)900        ; retry (15 minutes)604800     ; expire (1 week)86400      ; minimum (1 day))NS  dns.od.com.
$TTL 60 ; 1 minute
dns             A       10.4.7.11
harbor          A       10.4.7.200
k8s-yaml        A       10.4.7.200
traefik         A       10.4.7.10
dashboard       A       10.4.7.10
zk1             A       10.4.7.11
zk2             A       10.4.7.12
zk3             A       10.4.7.21
jenkins         A       10.4.7.10
[root@hdss7-11 bin]# systemctl restart named
[root@hdss7-11 bin]# dig -t A jenkins.od.com @10.4.7.11 +short
10.4.7.10
[root@hdss7-11 bin]#

在浏览器输入Jenkins.od.com
在这里插入图片描述
这个时候去找下密码就能登录了

[root@hdss7-200 jenkins_home]# cat secrets/initialAdminPassword 
4e8ee5d59fff4484b2d5c781a04df20d
[root@hdss7-200 jenkins_home]#

点击下面那个x掉
在这里插入图片描述
点击开始使用jenkins

点击Manage
在这里插入图片描述

然后选择这个进行选项调整
在这里插入图片描述
把下面的打上勾–允许匿名用户访问

把下面那个给勾掉-----取消阻止跨域请求

然后保存save

第二件事—选下面的plugins

然后搜blue
在这里插入图片描述

勾上—并且选择安装部署并重启Jenkins
在这里插入图片描述

在这里插入图片描述

点下面的重启，等待Jenkins重启-----重启后需要输入密码和账户

admin
然后点Jenkins

看到有下面的Bluid Queue 说明插件下载成功了

下面两个图是误导选项，不要管它哦
在这里插入图片描述
上面是选择并安装最适合的插件

选择默认安装插件

day3----部署duboo微服务值部署zk和Jenkins（3）

部署zk集群

安装部署jenkins准备工作

准备镜像

自定义Dockerfile

在运维主机HDSS7-200.host.com 上编辑自定义dockerfile

制作Jenkins的Docker镜像

准备共享存储，在200上

需要解析下域名就能在浏览器访问了

相关文章

项目系统配置软件

一份Git的全总结

java工程师-面试知识点总结

RSA的公钥和私钥

深入分析集群安全机制

Git入门和使用

Java全链路复习面经-基础篇(2.5万字全文)

linux服务之ssh（免密登录）和scp . rsync

Java知识点总结

IDEA中Git使用http协议和ssh协议的区别

Java面试题总结及答案总结

java面试常见知识点整理

5.NFS共享服务和ssh远程控制服务

Linux ssh localhost 免密登录（基于JSch实现webssh场景）

java知识点汇总

boos里的AHCI RAID_不重装系统也能把硬盘模式IDE改AHCI

SATA工作模式咋选？揭秘AHCI和IDE区别（全文）

计算机主板提示ahci,映泰主板设置硬盘模式AHCI或IDE的教程

ide模式ahci模式_IDE的完整形式是什么？

硬盘的IDE、AHCI和NVMe模式区别