一,前言
上一篇,介绍了部署后端项目之前,需要的准备的相关配置信息;
本篇,创建 Deployment、Service 完成后端项目布署;
二,解决 jenkins 安全问题
构建docker 镜像之后,登录 docker 会提示有安全问题:
这是由于在脚本中使用了眀文用户名、密码进行登录所导致的;
jenkins 中的项目构建脚本:
#!/bin/bash
time=$(date "+%Y%m%d%H%M%S")
npm install --registry=https://registry.npm.taobao.org
docker build -t 47.94.92.122:8082/cicd-backend:$time .
docker login -u admin -p Wz@19880818 47.94.92.122:8082
docker push 47.94.92.122:8082/cicd-backend:$time
修改为使用环境变量用户名、密码:
#!/bin/bash
time=$(date "+%Y%m%d%H%M%S")
npm install --registry=https://registry.npm.taobao.org
docker build -t 47.94.92.122:8082/cicd-backend:$time .
docker login -u $DOCKER_LOGIN_USERNAME -p $DOCKER_LOGIN_PASSWORD 47.94.92.122:8082
docker push 47.94.92.122:8082/cicd-backend:$time
如何提供环境变量:
这样,用户名密码写到了环境变量,那么用户名密码是怎么来的呢?
它会去读一个 jenkins 凭据:主页-系统管理-凭据
登录成功了
三、创建后端 Deployment
创建一个 pod:创建一个 kind: pod;
创建多个 pod:创建一个 kind: Deployment;
Deployment 对象,会创建出一个副本集,这个副本集可以控制 pod 数量;
由于后端项目和前端项目都是无状态的,为了便于演示各部署两份
[root@k8s-master cicd]# vi deployment-cicd-backend.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: cicd-backend
spec:
selector:
matchLabels:
app: cicd-backend
replicas: 2两个副本
template:
metadata:
labels:
app: cicd-backend必须和selector-cicd-backend对应
spec:
imagePullSecrets:
- name: private-registry
containers:
- name: cicd-backend
imagePullPolicy: Always
image: "47.94.92.122:8082/cicd-backend:20220111113749"
ports:
- containerPort: 7001
env:注入后端需要的5个环境变量
- name: MYSQL_HOST
valueFrom:
configMapKeyRef:
name: mysql-config
key: host
- name: MYSQL_PORT
valueFrom:
configMapKeyRef:
name: mysql-config
key: port
- name: MYSQL_DATABASE
valueFrom:
configMapKeyRef:
name: mysql-config
key: database
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: mysql-auth
key: username
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-auth
key: password
上边配置涉及到的 configMap:
[root@k8s-master ~]# kubectl get configMap mysql-config
NAME DATA AGE
mysql-config 3 3d19h
[root@k8s-master ~]# kubectl get configMap mysql-config -o yaml
apiVersion: v1
data:三个值
database: cicd
host: service-cicd-mysql
port: "8899"
kind: ConfigMap
上边配置涉及到的 Secret:
[root@k8s-master ~]# kubectl get secret mysql-auth
NAME TYPE DATA AGE
mysql-auth Opaque 2 4d2h
[root@k8s-master ~]# kubectl get secret mysql-auth -o yaml
apiVersion: v1
data:
password: MTIzNDU2
username: cm9vdA==
kind: Secret
[root@k8s-master ~]# echo cm9vdA== | base64 -d
root
[root@k8s-master ~]# echo MTIzNDU2 | base64 -d
123456
生效配置
// 生效配置
[root@k8s-master cicd]# kubectl apply -f deployment-cicd-backend.yaml
deployment.apps/cicd-backend created
// 两个副本
[root@k8s-master cicd]# kubectl get pods
NAME READY STATUS RESTARTS AGE
cicd-backend-98b5d4f57-jndvd 0/1 ContainerCreating 0 2s
cicd-backend-98b5d4f57-qjvch 0/1 ContainerCreating 0 2s
cicd-mysql-745975859b-gpwzh 1/1 Running 7 4d3h
// 稍等约 30 秒
[root@k8s-master cicd]# kubectl get pods
NAME READY STATUS RESTARTS AGE
cicd-backend-98b5d4f57-jndvd 1/1 Running 0 26s
cicd-backend-98b5d4f57-qjvch 1/1 Running 0 26s
cicd-mysql-745975859b-gpwzh 1/1 Running 7 4d3h
四,创建后端 Service
[root@k8s-master cicd]# vi service-cicd-backend.yaml
apiVersion: v1
kind: Service
metadata:
name: service-cicd-backend
spec:
selector:
app: cicd-backenddeployment
ports:
- protocol: TCP
port: 7001服务内部的端口号
targetPort: 7001容器内部向外暴露的端口号Dockerfile中的EXPOSE
type: NodePort
[root@k8s-master cicd]# kubectl apply -f service-cicd-backend.yaml
service/service-cicd-backend created
[root@k8s-master cicd]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 20d
service-cicd-backend NodePort 10.97.144.175 <none> 7001:30174/TCP 44s
service-cicd-mysql NodePort 10.108.224.96 <none> 8899:32154/TCP 4d2h
service-pay-v1 NodePort 10.97.250.199 <none> 80:30114/TCP 6d21h
service-user-v1 NodePort 10.104.13.40 <none> 80:31071/TCP 19d
// 删掉不用的 service:service-pay、service-user,释放资源
[root@k8s-master cicd]# kubectl delete service service-pay-v1 service-user-v1
service "service-pay-v1" deleted
service "service-user-v1" deleted
// 查 ip
[root@k8s-master cicd]# cat /etc/hosts
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
172.17.178.106 k8s-node
172.17.178.105 k8s-master
172.17.178.105 k8s-master k8s-master
// 通过 service 访问服务接口
[root@k8s-master cicd]# curl http://172.17.178.105:30174/user/list
curl: (7) Failed connect to 172.17.178.105:30174; 拒绝连接
访问失败,看下 pod:
[root@k8s-master cicd]# kubectl get pods
NAME READY STATUS RESTARTS AGE
cicd-backend-98b5d4f57-jndvd 0/1 CrashLoopBackOff 3 8m41s
cicd-backend-98b5d4f57-qjvch 1/1 Running 4 8m41s
cicd-mysql-745975859b-gpwzh 1/1 Running 8 4d3h
// 过了一会,全都完蛋了
[root@k8s-master cicd]# kubectl get pods
NAME READY STATUS RESTARTS AGE
cicd-backend-98b5d4f57-jndvd 0/1 CrashLoopBackOff 4 9m37s
cicd-backend-98b5d4f57-qjvch 0/1 CrashLoopBackOff 4 9m37s
cicd-mysql-745975859b-gpwzh 0/1 CrashLoopBackOff 8 4d3h
// 重启 mysql
[root@k8s-master cicd]# kubectl delete deploy cicd-mysql
deployment.apps "cicd-mysql" deleted
[root@k8s-master cicd]# kubectl apply -f deployment-cicd-mysql.yaml
deployment.apps/cicd-mysql created
[root@k8s-master cicd]# kubectl get pods
NAME READY STATUS RESTARTS AGE
cicd-mysql-745975859b-c4b6p 1/1 Running 0 8s
// 2 个 pod 副本负载比较大 ,修改配置,改成 1 个 pod
[root@k8s-master cicd]# kubectl get pods
NAME READY STATUS RESTARTS AGE
cicd-backend-98b5d4f57-ftrdk 1/1 Running 0 6s
cicd-mysql-745975859b-c4b6p 1/1 Running 0 99s
重新测试访问:
[root@k8s-master cicd]# curl http://172.17.178.105:30174/user/list
{"message":"ok2","success":true,"code":200,"data":[]}
至此,后端项目就部署完成了
五,结尾
本篇,创建 Deployment、Service 完成后端项目布署;
下一篇,部署前端项目;