做pc网站软件/推广方式都有哪些
目录
一、kubesphere安装
1、安装本地持久存储
1.1、default-storage-class.yaml
1.2、 openebs-operator.yaml
1.3、安装 Default StorageClass
2、安装kubesphere
2.1、安装Helm
2.2、安装kubesphere
二、配置kubesphere
1、安装插件
2、创建devops项目
3、配置SonarQube
3.1、安装SonarQube 服务器
3.2、获取 SonarQube 控制台地址
3.3、配置 SonarQube 服务器
3.3.1、创建 SonarQube 管理员令牌 (Token)
3.3.2、创建 Webhook 服务器
3.3.3、将 SonarQube 服务器添加至 Jenkins
3.3.4、配置devops插件
3.3.5、进入jenkins配置sonarqube,若需要输入密码( admin/P@88w0rd)
3.3.6、将 SonarQube 配置添加到 DevOps
3.3.7、将 sonarqubeURL 添加到 KubeSphere 控制台
3.3.8、重启服务
3.4、配置Maven私服配置
三、配置微服务项目
1、创建Harbor凭证
2、构建maven
2.1、下载源码
2.2、配置文件
2.3、 构建镜像推到私服
2.4、修改kubesphere配置文件
2.5、创建docker密钥
3、构建devops
3.1、创建凭证
3.2、创建流水线
3.3、编辑jenkinsfile
3.4、创建harbor-secret
3.5、验证
四、参考
一、kubesphere安装
1、安装本地持久存储
1.1、default-storage-class.yaml
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:name: localannotations:cas.openebs.io/config: |- name: StorageTypevalue: "hostpath"- name: BasePathvalue: "/var/openebs/local/"kubectl.kubernetes.io/last-applied-configuration: >{"apiVersion":"storage.k8s.io/v1","kind":"StorageClass","metadata":{"annotations":{"cas.openebs.io/config":"-name: StorageType\n value: \"hostpath\"\n- name: BasePath\n value:\"/var/openebs/local/\"\n","openebs.io/cas-type":"local","storageclass.beta.kubernetes.io/is-default-class":"true","storageclass.kubesphere.io/supported-access-modes":"[\"ReadWriteOnce\"]"},"name":"local"},"provisioner":"openebs.io/local","reclaimPolicy":"Delete","volumeBindingMode":"WaitForFirstConsumer"}openebs.io/cas-type: localstorageclass.beta.kubernetes.io/is-default-class: 'true'storageclass.kubesphere.io/supported-access-modes: '["ReadWriteOnce"]'
provisioner: openebs.io/local
reclaimPolicy: Delete
volumeBindingMode: WaitForFirstConsumer
1.2、 openebs-operator.yaml
# This manifest deploys the OpenEBS control plane components,
# with associated CRs & RBAC rules
# NOTE: On GKE, deploy the openebs-operator.yaml in admin context
#
# NOTE: The Jiva and cStor components previously included in the Operator File
# are now removed and it is recommended for users to use cStor and Jiva CSI operators.
# To upgrade your Jiva and cStor volumes to CSI, please checkout the documentation at:
# https://github.com/openebs/upgrade
#
# To deploy the legacy Jiva and cStor:
# kubectl apply -f https://openebs.github.io/charts/legacy-openebs-operator.yaml
#
# To deploy cStor CSI:
# kubectl apply -f https://openebs.github.io/charts/cstor-operator.yaml
#
# To deploy Jiva CSI:
# kubectl apply -f https://openebs.github.io/charts/jiva-operator.yaml
## Create the OpenEBS namespace
apiVersion: v1
kind: Namespace
metadata:name: openebs
---
# Create Maya Service Account
apiVersion: v1
kind: ServiceAccount
metadata:name: openebs-maya-operatornamespace: openebs
---
# Define Role that allows operations on K8s pods/deployments
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:name: openebs-maya-operator
rules:
- apiGroups: ["*"]resources: ["nodes", "nodes/proxy"]verbs: ["*"]
- apiGroups: ["*"]resources: ["namespaces", "services", "pods", "pods/exec", "deployments", "deployments/finalizers", "replicationcontrollers", "replicasets", "events", "endpoints", "configmaps", "secrets", "jobs", "cronjobs"]verbs: ["*"]
- apiGroups: ["*"]resources: ["statefulsets", "daemonsets"]verbs: ["*"]
- apiGroups: ["*"]resources: ["resourcequotas", "limitranges"]verbs: ["list", "watch"]
- apiGroups: ["*"]resources: ["ingresses", "horizontalpodautoscalers", "verticalpodautoscalers", "certificatesigningrequests"]verbs: ["list", "watch"]
- apiGroups: ["*"]resources: ["storageclasses", "persistentvolumeclaims", "persistentvolumes"]verbs: ["*"]
- apiGroups: ["volumesnapshot.external-storage.k8s.io"]resources: ["volumesnapshots", "volumesnapshotdatas"]verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["apiextensions.k8s.io"]resources: ["customresourcedefinitions"]verbs: [ "get", "list", "create", "update", "delete", "patch"]
- apiGroups: ["openebs.io"]resources: [ "*"]verbs: ["*" ]
- apiGroups: ["cstor.openebs.io"]resources: [ "*"]verbs: ["*" ]
- apiGroups: ["coordination.k8s.io"]resources: ["leases"]verbs: ["get", "watch", "list", "delete", "update", "create"]
- apiGroups: ["admissionregistration.k8s.io"]resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"]verbs: ["get", "create", "list", "delete", "update", "patch"]
- nonResourceURLs: ["/metrics"]verbs: ["get"]
- apiGroups: ["*"]resources: ["poddisruptionbudgets"]verbs: ["get", "list", "create", "delete", "watch"]
- apiGroups: ["coordination.k8s.io"]resources: ["leases"]verbs: ["get", "create", "update"]
---
# Bind the Service Account with the Role Privileges.
# TODO: Check if default account also needs to be there
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:name: openebs-maya-operator
subjects:
- kind: ServiceAccountname: openebs-maya-operatornamespace: openebs
roleRef:kind: ClusterRolename: openebs-maya-operatorapiGroup: rbac.authorization.k8s.io
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:annotations:controller-gen.kubebuilder.io/version: v0.5.0creationTimestamp: nullname: blockdevices.openebs.io
spec:group: openebs.ionames:kind: BlockDevicelistKind: BlockDeviceListplural: blockdevicesshortNames:- bdsingular: blockdevicescope: Namespacedversions:- additionalPrinterColumns:- jsonPath: .spec.nodeAttributes.nodeNamename: NodeNametype: string- jsonPath: .spec.pathname: Pathpriority: 1type: string- jsonPath: .spec.filesystem.fsTypename: FSTypepriority: 1type: string- jsonPath: .spec.capacity.storagename: Sizetype: string- jsonPath: .status.claimStatename: ClaimStatetype: string- jsonPath: .status.statename: Statustype: string- jsonPath: .metadata.creationTimestampname: Agetype: datename: v1alpha1schema:openAPIV3Schema:description: BlockDevice is the Schema for the blockdevices APIproperties:apiVersion:description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: DeviceSpec defines the properties and runtime status of a BlockDeviceproperties:aggregateDevice:description: AggregateDevice was intended to store the hierarchical information in cases of LVM. However this is currently not implemented and may need to be re-looked into for better design. To be deprecatedtype: stringcapacity:description: Capacityproperties:logicalSectorSize:description: LogicalSectorSize is blockdevice logical-sector size in bytesformat: int32type: integerphysicalSectorSize:description: PhysicalSectorSize is blockdevice physical-Sector size in bytesformat: int32type: integerstorage:description: Storage is the blockdevice capacity in bytesformat: int64type: integerrequired:- storagetype: objectclaimRef:description: ClaimRef is the reference to the BDC which has claimed this BDproperties:apiVersion:description: API version of the referent.type: stringfieldPath:description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.'type: stringkind:description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringname:description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'type: stringnamespace:description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'type: stringresourceVersion:description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'type: stringuid:description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'type: stringtype: objectdetails:description: Details contain static attributes of BD like model,serial, and so forthproperties:compliance:description: Compliance is standards/specifications version implemented by device firmware such as SPC-1, SPC-2, etctype: stringdeviceType:description: DeviceType represents the type of device like sparse, disk, partition, lvm, cryptenum:- disk- partition- sparse- loop- lvm- crypt- dm- mpathtype: stringdriveType:description: DriveType is the type of backing drive, HDD/SSDenum:- HDD- SSD- Unknown- ""type: stringfirmwareRevision:description: FirmwareRevision is the disk firmware revisiontype: stringhardwareSectorSize:description: HardwareSectorSize is the hardware sector size in bytesformat: int32type: integerlogicalBlockSize:description: LogicalBlockSize is the logical block size in bytes reported by /sys/class/block/sda/queue/logical_block_sizeformat: int32type: integermodel:description: Model is model of disktype: stringphysicalBlockSize:description: PhysicalBlockSize is the physical block size in bytes reported by /sys/class/block/sda/queue/physical_block_sizeformat: int32type: integerserial:description: Serial is serial number of disktype: stringvendor:description: Vendor is vendor of disktype: stringtype: objectdevlinks:description: DevLinks contains soft links of a block device like /dev/by-id/... /dev/by-uuid/...items:description: DeviceDevLink holds the mapping between type and links like by-id type or by-path type linkproperties:kind:description: Kind is the type of link like by-id or by-path.enum:- by-id- by-pathtype: stringlinks:description: Links are the soft linksitems:type: stringtype: arraytype: objecttype: arrayfilesystem:description: FileSystem contains mountpoint and filesystem typeproperties:fsType:description: Type represents the FileSystem type of the block devicetype: stringmountPoint:description: MountPoint represents the mountpoint of the block device.type: stringtype: objectnodeAttributes:description: NodeAttributes has the details of the node on which BD is attachedproperties:nodeName:description: NodeName is the name of the Kubernetes node resource on which the device is attachedtype: stringtype: objectparentDevice:description: "ParentDevice was intended to store the UUID of the parent Block Device as is the case for partitioned block devices. \n For example: /dev/sda is the parent for /dev/sda1 To be deprecated"type: stringpartitioned:description: Partitioned represents if BlockDevice has partitions or not (Yes/No) Currently always default to No. To be deprecatedenum:- "Yes"- "No"type: stringpath:description: Path contain devpath (e.g. /dev/sdb)type: stringrequired:- capacity- devlinks- nodeAttributes- pathtype: objectstatus:description: DeviceStatus defines the observed state of BlockDeviceproperties:claimState:description: ClaimState represents the claim state of the block deviceenum:- Claimed- Unclaimed- Releasedtype: stringstate:description: State is the current state of the blockdevice (Active/Inactive/Unknown)enum:- Active- Inactive- Unknowntype: stringrequired:- claimState- statetype: objecttype: objectserved: truestorage: truesubresources: {}
status:acceptedNames:kind: ""plural: ""conditions: []storedVersions: []---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:annotations:controller-gen.kubebuilder.io/version: v0.5.0creationTimestamp: nullname: blockdeviceclaims.openebs.io
spec:group: openebs.ionames:kind: BlockDeviceClaimlistKind: BlockDeviceClaimListplural: blockdeviceclaimsshortNames:- bdcsingular: blockdeviceclaimscope: Namespacedversions:- additionalPrinterColumns:- jsonPath: .spec.blockDeviceNamename: BlockDeviceNametype: string- jsonPath: .status.phasename: Phasetype: string- jsonPath: .metadata.creationTimestampname: Agetype: datename: v1alpha1schema:openAPIV3Schema:description: BlockDeviceClaim is the Schema for the blockdeviceclaims APIproperties:apiVersion:description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: DeviceClaimSpec defines the request details for a BlockDeviceproperties:blockDeviceName:description: BlockDeviceName is the reference to the block-device backing this claimtype: stringblockDeviceNodeAttributes:description: BlockDeviceNodeAttributes is the attributes on the node from which a BD should be selected for this claim. It can include nodename, failure domain etc.properties:hostName:description: HostName represents the hostname of the Kubernetes node resource where the BD should be presenttype: stringnodeName:description: NodeName represents the name of the Kubernetes node resource where the BD should be presenttype: stringtype: objectdeviceClaimDetails:description: Details of the device to be claimedproperties:allowPartition:description: AllowPartition represents whether to claim a full block device or a device that is a partitiontype: booleanblockVolumeMode:description: 'BlockVolumeMode represents whether to claim a device in Block mode or Filesystem mode. These are use cases of BlockVolumeMode: 1) Not specified: VolumeMode check will not be effective 2) VolumeModeBlock: BD should not have any filesystem or mountpoint 3) VolumeModeFileSystem: BD should have a filesystem and mountpoint. If DeviceFormat is specified then the format should match with the FSType in BD'type: stringformatType:description: Format of the device required, eg:ext4, xfstype: stringtype: objectdeviceType:description: DeviceType represents the type of drive like SSD, HDD etc.,nullable: truetype: stringhostName:description: Node name from where blockdevice has to be claimed. To be deprecated. Use NodeAttributes.HostName insteadtype: stringresources:description: Resources will help with placing claims on Capacity, IOPSproperties:requests:additionalProperties:anyOf:- type: integer- type: stringpattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$x-kubernetes-int-or-string: truedescription: 'Requests describes the minimum resources required. eg: if storage resource of 10G is requested minimum capacity of 10G should be available TODO for validating'type: objectrequired:- requeststype: objectselector:description: Selector is used to find block devices to be considered for claimingproperties:matchExpressions:description: matchExpressions is a list of label selector requirements. The requirements are ANDed.items:description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.properties:key:description: key is the label key that the selector applies to.type: stringoperator:description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.type: stringvalues:description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.items:type: stringtype: arrayrequired:- key- operatortype: objecttype: arraymatchLabels:additionalProperties:type: stringdescription: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.type: objecttype: objecttype: objectstatus:description: DeviceClaimStatus defines the observed state of BlockDeviceClaimproperties:phase:description: Phase represents the current phase of the claimtype: stringrequired:- phasetype: objecttype: objectserved: truestorage: truesubresources: {}
status:acceptedNames:kind: ""plural: ""conditions: []storedVersions: []
---
# This is the node-disk-manager related config.
# It can be used to customize the disks probes and filters
apiVersion: v1
kind: ConfigMap
metadata:name: openebs-ndm-confignamespace: openebslabels:openebs.io/component-name: ndm-config
data:# udev-probe is default or primary probe it should be enabled to run ndm# filterconfigs contains configs of filters. To provide a group of include# and exclude values add it as , separated stringnode-disk-manager.config: |probeconfigs:- key: udev-probename: udev probestate: true- key: seachest-probename: seachest probestate: false- key: smart-probename: smart probestate: truefilterconfigs:- key: os-disk-exclude-filtername: os disk exclude filterstate: trueexclude: "/,/etc/hosts,/boot"- key: vendor-filtername: vendor filterstate: trueinclude: ""exclude: "CLOUDBYT,OpenEBS"- key: path-filtername: path filterstate: trueinclude: ""exclude: "/dev/loop,/dev/fd0,/dev/sr0,/dev/ram,/dev/md,/dev/dm-,/dev/rbd,/dev/zd"# metconfig can be used to decorate the block device with different types of labels# that are available on the node or come in a device properties.# node labels - the node where bd is discovered. A whitlisted label prefixes# attribute labels - a property of the BD can be added as a ndm label as ndm.io/<property>=<property-value>metaconfigs:- key: node-labelsname: node labelspattern: ""- key: device-labelsname: device labelstype: ""
---
apiVersion: apps/v1
kind: DaemonSet
metadata:name: openebs-ndmnamespace: openebslabels:name: openebs-ndmopenebs.io/component-name: ndmopenebs.io/version: 3.5.0
spec:selector:matchLabels:name: openebs-ndmopenebs.io/component-name: ndmupdateStrategy:type: RollingUpdatetemplate:metadata:labels:name: openebs-ndmopenebs.io/component-name: ndmopenebs.io/version: 3.5.0spec:# By default the node-disk-manager will be run on all kubernetes nodes# If you would like to limit this to only some nodes, say the nodes# that have storage attached, you could label those node and use# nodeSelector.## e.g. label the storage nodes with - "openebs.io/nodegroup"="storage-node"# kubectl label node <node-name> "openebs.io/nodegroup"="storage-node"#nodeSelector:# "openebs.io/nodegroup": "storage-node"serviceAccountName: openebs-maya-operatorhostNetwork: true# host PID is used to check status of iSCSI Service when the NDM# API service is enabled#hostPID: truecontainers:- name: node-disk-managerimage: openebs/node-disk-manager:2.1.0args:- -v=4# The feature-gate is used to enable the new UUID algorithm.- --feature-gates="GPTBasedUUID"# Use partition table UUID instead of create single partition to get# partition UUID. Require `GPTBasedUUID` to be enabled with.# - --feature-gates="PartitionTableUUID"# Detect changes to device size, filesystem and mount-points without restart.# - --feature-gates="ChangeDetection"# The feature gate is used to start the gRPC API service. The gRPC server# starts at 9115 port by default. This feature is currently in Alpha state# - --feature-gates="APIService"# The feature gate is used to enable NDM, to create blockdevice resources# for unused partitions on the OS disk# - --feature-gates="UseOSDisk"imagePullPolicy: IfNotPresentsecurityContext:privileged: truevolumeMounts:- name: configmountPath: /host/node-disk-manager.configsubPath: node-disk-manager.configreadOnly: true# make udev database available inside container- name: udevmountPath: /run/udev- name: procmountmountPath: /host/procreadOnly: true- name: devmountmountPath: /dev- name: basepathmountPath: /var/openebs/ndm- name: sparsepathmountPath: /var/openebs/sparseenv:# namespace in which NDM is installed will be passed to NDM Daemonset# as environment variable- name: NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespace# pass hostname as env variable using downward API to the NDM container- name: NODE_NAMEvalueFrom:fieldRef:fieldPath: spec.nodeName# specify the directory where the sparse files need to be created.# if not specified, then sparse files will not be created.- name: SPARSE_FILE_DIRvalue: "/var/openebs/sparse"# Size(bytes) of the sparse file to be created.- name: SPARSE_FILE_SIZEvalue: "10737418240"# Specify the number of sparse files to be created- name: SPARSE_FILE_COUNTvalue: "0"livenessProbe:exec:command:- pgrep- "ndm"initialDelaySeconds: 30periodSeconds: 60volumes:- name: configconfigMap:name: openebs-ndm-config- name: udevhostPath:path: /run/udevtype: Directory# mount /proc (to access mount file of process 1 of host) inside container# to read mount-point of disks and partitions- name: procmounthostPath:path: /proctype: Directory- name: devmount# the /dev directory is mounted so that we have access to the devices that# are connected at runtime of the pod.hostPath:path: /devtype: Directory- name: basepathhostPath:path: /var/openebs/ndmtype: DirectoryOrCreate- name: sparsepathhostPath:path: /var/openebs/sparse
---
apiVersion: apps/v1
kind: Deployment
metadata:name: openebs-ndm-operatornamespace: openebslabels:name: openebs-ndm-operatoropenebs.io/component-name: ndm-operatoropenebs.io/version: 3.5.0
spec:selector:matchLabels:name: openebs-ndm-operatoropenebs.io/component-name: ndm-operatorreplicas: 1strategy:type: Recreatetemplate:metadata:labels:name: openebs-ndm-operatoropenebs.io/component-name: ndm-operatoropenebs.io/version: 3.5.0spec:serviceAccountName: openebs-maya-operatorcontainers:- name: node-disk-operatorimage: openebs/node-disk-operator:2.1.0imagePullPolicy: IfNotPresentenv:- name: WATCH_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespace- name: POD_NAMEvalueFrom:fieldRef:fieldPath: metadata.name# the service account of the ndm-operator pod- name: SERVICE_ACCOUNTvalueFrom:fieldRef:fieldPath: spec.serviceAccountName- name: OPERATOR_NAMEvalue: "node-disk-operator"- name: CLEANUP_JOB_IMAGEvalue: "openebs/linux-utils:3.5.0"# OPENEBS_IO_IMAGE_PULL_SECRETS environment variable is used to pass the image pull secrets# to the cleanup pod launched by NDM operator#- name: OPENEBS_IO_IMAGE_PULL_SECRETS# value: ""livenessProbe:httpGet:path: /healthzport: 8585initialDelaySeconds: 15periodSeconds: 20readinessProbe:httpGet:path: /readyzport: 8585initialDelaySeconds: 5periodSeconds: 10
---
# Create NDM cluster exporter deployment.
# This is an optional component and is not required for the basic
# functioning of NDM
apiVersion: apps/v1
kind: Deployment
metadata:name: openebs-ndm-cluster-exporternamespace: openebslabels:name: openebs-ndm-cluster-exporteropenebs.io/component-name: ndm-cluster-exporteropenebs.io/version: 3.5.0
spec:replicas: 1strategy:type: Recreateselector:matchLabels:name: openebs-ndm-cluster-exporteropenebs.io/component-name: ndm-cluster-exportertemplate:metadata:labels:name: openebs-ndm-cluster-exporteropenebs.io/component-name: ndm-cluster-exporteropenebs.io/version: 3.5.0spec:serviceAccountName: openebs-maya-operatorcontainers:- name: ndm-cluster-exporterimage: openebs/node-disk-exporter:2.1.0command:- /usr/local/bin/exporterargs:- "start"- "--mode=cluster"- "--port=$(METRICS_LISTEN_PORT)"- "--metrics=/metrics"ports:- containerPort: 9100protocol: TCPname: metricsimagePullPolicy: IfNotPresentenv:- name: NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespace- name: METRICS_LISTEN_PORTvalue: :9100
---
# Create NDM cluster exporter service
# This is optional and required only when
# ndm-cluster-exporter deployment is used
apiVersion: v1
kind: Service
metadata:name: openebs-ndm-cluster-exporter-servicenamespace: openebslabels:name: openebs-ndm-cluster-exporter-serviceopenebs.io/component-name: ndm-cluster-exporterapp: openebs-ndm-exporter
spec:clusterIP: Noneports:- name: metricsport: 9100targetPort: 9100selector:name: openebs-ndm-cluster-exporter
---
# Create NDM node exporter daemonset.
# This is an optional component used for getting disk level
# metrics from each of the storage nodes
apiVersion: apps/v1
kind: DaemonSet
metadata:name: openebs-ndm-node-exporternamespace: openebslabels:name: openebs-ndm-node-exporteropenebs.io/component-name: ndm-node-exporteropenebs.io/version: 3.5.0
spec:updateStrategy:type: RollingUpdateselector:matchLabels:name: openebs-ndm-node-exporteropenebs.io/component-name: ndm-node-exportertemplate:metadata:labels:name: openebs-ndm-node-exporteropenebs.io/component-name: ndm-node-exporteropenebs.io/version: 3.5.0spec:serviceAccountName: openebs-maya-operatorcontainers:- name: node-disk-exporterimage: openebs/node-disk-exporter:2.1.0command:- /usr/local/bin/exporterargs:- "start"- "--mode=node"- "--port=$(METRICS_LISTEN_PORT)"- "--metrics=/metrics"ports:- containerPort: 9101protocol: TCPname: metricsimagePullPolicy: IfNotPresentsecurityContext:privileged: trueenv:- name: NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespace- name: METRICS_LISTEN_PORTvalue: :9101
---
# Create NDM node exporter service
# This is optional and required only when
# ndm-node-exporter daemonset is used
apiVersion: v1
kind: Service
metadata:name: openebs-ndm-node-exporter-servicenamespace: openebslabels:name: openebs-ndm-node-exporteropenebs.io/component: openebs-ndm-node-exporterapp: openebs-ndm-exporter
spec:clusterIP: Noneports:- name: metricsport: 9101targetPort: 9101selector:name: openebs-ndm-node-exporter
---
apiVersion: apps/v1
kind: Deployment
metadata:name: openebs-localpv-provisionernamespace: openebslabels:name: openebs-localpv-provisioneropenebs.io/component-name: openebs-localpv-provisioneropenebs.io/version: 3.5.0
spec:selector:matchLabels:name: openebs-localpv-provisioneropenebs.io/component-name: openebs-localpv-provisionerreplicas: 1strategy:type: Recreatetemplate:metadata:labels:name: openebs-localpv-provisioneropenebs.io/component-name: openebs-localpv-provisioneropenebs.io/version: 3.5.0spec:serviceAccountName: openebs-maya-operatorcontainers:- name: openebs-provisioner-hostpathimagePullPolicy: IfNotPresentimage: openebs/provisioner-localpv:3.4.0args:- "--bd-time-out=$(BDC_BD_BIND_RETRIES)"env:# OPENEBS_IO_K8S_MASTER enables openebs provisioner to connect to K8s# based on this address. This is ignored if empty.# This is supported for openebs provisioner version 0.5.2 onwards#- name: OPENEBS_IO_K8S_MASTER# value: "http://10.128.0.12:8080"# OPENEBS_IO_KUBE_CONFIG enables openebs provisioner to connect to K8s# based on this config. This is ignored if empty.# This is supported for openebs provisioner version 0.5.2 onwards#- name: OPENEBS_IO_KUBE_CONFIG# value: "/home/ubuntu/.kube/config"# This sets the number of times the provisioner should try # with a polling interval of 5 seconds, to get the Blockdevice# Name from a BlockDeviceClaim, before the BlockDeviceClaim# is deleted. E.g. 12 * 5 seconds = 60 seconds timeout- name: BDC_BD_BIND_RETRIESvalue: "12"- name: NODE_NAMEvalueFrom:fieldRef:fieldPath: spec.nodeName- name: OPENEBS_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespace# OPENEBS_SERVICE_ACCOUNT provides the service account of this pod as# environment variable- name: OPENEBS_SERVICE_ACCOUNTvalueFrom:fieldRef:fieldPath: spec.serviceAccountName- name: OPENEBS_IO_ENABLE_ANALYTICSvalue: "true"- name: OPENEBS_IO_INSTALLER_TYPEvalue: "openebs-operator"- name: OPENEBS_IO_HELPER_IMAGEvalue: "openebs/linux-utils:3.5.0"- name: OPENEBS_IO_BASE_PATHvalue: "/var/openebs/local"# LEADER_ELECTION_ENABLED is used to enable/disable leader election. By default# leader election is enabled.#- name: LEADER_ELECTION_ENABLED# value: "true"# OPENEBS_IO_IMAGE_PULL_SECRETS environment variable is used to pass the image pull secrets# to the helper pod launched by local-pv hostpath provisioner#- name: OPENEBS_IO_IMAGE_PULL_SECRETS# value: ""# Process name used for matching is limited to the 15 characters# present in the pgrep output.# So fullname can't be used here with pgrep (>15 chars).A regular expression# that matches the entire command name has to specified.# Anchor `^` : matches any string that starts with `provisioner-loc`# `.*`: matches any string that has `provisioner-loc` followed by zero or more charlivenessProbe:exec:command:- sh- -c- test `pgrep -c "^provisioner-loc.*"` = 1initialDelaySeconds: 30periodSeconds: 60
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:name: openebs-hostpathannotations:openebs.io/cas-type: localcas.openebs.io/config: |#hostpath type will create a PV by # creating a sub-directory under the# BASEPATH provided below.- name: StorageTypevalue: "hostpath"#Specify the location (directory) where# where PV(volume) data will be saved. # A sub-directory with pv-name will be # created. When the volume is deleted, # the PV sub-directory will be deleted.#Default value is /var/openebs/local- name: BasePathvalue: "/var/openebs/local/"
provisioner: openebs.io/local
volumeBindingMode: WaitForFirstConsumer
reclaimPolicy: Delete
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:name: openebs-deviceannotations:openebs.io/cas-type: localcas.openebs.io/config: |#device type will create a PV by# issuing a BDC and will extract the path# values from the associated BD.- name: StorageTypevalue: "device"
provisioner: openebs.io/local
volumeBindingMode: WaitForFirstConsumer
reclaimPolicy: Delete
---
1.3、安装 Default StorageClass
# 安装 iSCSI 协议客户端(OpenEBS 需要该协议提供存储支持) 所有节点都执行
yum install iscsi-initiator-utils -y# 设置开机启动
systemctl enable --now iscsid# 启动服务
systemctl start iscsid# 查看服务状态
systemctl status iscsid# 安装 OpenEBS
kubectl apply -f https://openebs.github.io/charts/openebs-operator.yaml# 查看状态(下载镜像可能需要一些时间)
kubectl get all -n openebs# 在主节点创建本地 storage class
kubectl apply -f default-storage-class.yaml
2、安装kubesphere
2.1、安装Helm
参考官网 Helm | 安装Helm, 这里注意你的k8s版本与Helm版本兼容性。
2.2、安装kubesphere
#假设你已经安装好了Helm3
helm repo add kubesphere https://charts.kubesphere.io/main#搜索镜像
helm search repo kubesphere#拉取
helm pull kubesphere/ks-core --version=1.1.3#解压
tar -xf ks-core-1.1.3.tgz #创建namespace
kubectl create ns kubesphere-system
kubectl create ns kubesphere-controls-system
kubectl create ns kubesphere-monitoring-system#安装
helm install ks-core ks-core -n kubesphere-system
#访问路径
http://192.168.139.176:30880#账号密码
Account: admin
Password: P@88w0rd
二、配置kubesphere
1、安装插件
2、创建devops项目
进入工作台>企业空间>创建
3、配置SonarQube
3.1、安装SonarQube 服务器
helm upgrade --install sonarqube sonarqube --repo https://charts.kubesphere.io/main -n \
> kubesphere-devops-system --create-namespace --set service.type=NodePort
3.2、获取 SonarQube 控制台地址
export NODE_PORT=$(kubectl get --namespace kubesphere-devops-system -o jsonpath="{.spec.ports[0].nodePort}" services sonarqube-sonarqube)export NODE_IP=$(kubectl get nodes --namespace kubesphere-devops-system -o jsonpath="{.items[0].status.addresses[0].address}")echo http://$NODE_IP:$NODE_PORT
#查看资源是否创建完成
kubectl get pod -n kubesphere-devops-system
访问 SonarQube 控制台,默认账号 :密码为admin/admin
3.3、配置 SonarQube 服务器
3.3.1、创建 SonarQube 管理员令牌 (Token)
3.3.2、创建 Webhook 服务器
export NODE_PORT=$(kubectl get --namespace kubesphere-devops-system -o jsonpath="{.spec.ports[0].nodePort}" services devops-jenkins)
export NODE_IP=$(kubectl get nodes --namespace kubesphere-devops-system -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT/sonarqube-webhook/
3.3.3、将 SonarQube 服务器添加至 Jenkins
export NODE_PORT=$(kubectl get --namespace kubesphere-devops-system -o jsonpath="{.spec.ports[0].nodePort}" services devops-jenkins)
export NODE_IP=$(kubectl get nodes --namespace kubesphere-devops-system -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
3.3.4、配置devops插件
第一步:修改地址为实际地址
第二步:进入系统空间>项目>kubesphere-devops-system>配置>jenkins-casc-config>jenkins_user.yaml
第三步:修改以下内容为实际能访问的地址
securityRealm:oic:clientId: "jenkins"clientSecret: "jenkins"tokenServerUrl: "http://192.168.139.176:30880/oauth/token"authorizationServerUrl: "http://192.168.139.176:30880/oauth/authorize"userInfoServerUrl: "http://192.168.139.176:30880/oauth/userinfo"endSessionEndpoint: "http://192.168.139.176:30880/oauth/logout"logoutFromOpenidProvider: truescopes: openid profile emailfullNameFieldName: urluserNameField: preferred_username
第四步:系统空间>kubesphere-system项目>kubesphere-config配置
第五步:重启Deployment ks-apiserver
kubectl -n kubesphere-system rollout restart deploy ks-apiserver
3.3.5、进入jenkins配置sonarqube,若需要输入密码( admin/P@88w0rd)
添加凭据,供sonarqube配置使用
3.3.6、将 SonarQube 配置添加到 DevOps
1、执行如下命令
kubectl -n kubesphere-devops-system edit cm devops-config
2、修改配置文件
data:kubesphere.yaml: |authentication:authenticateRateLimiterMaxTries: 10authenticateRateLimiterDuration: 10m0sloginHistoryRetentionPeriod: 168hmaximumClockSkew: 10sjwtSecret: "UDjssmmDgxZtkXVDSeFvBtsZeBSFWhJ6"devops:host: http://devops-jenkins.kubesphere-devops-systemusername: adminmaxConnections: 100namespace: kubesphere-devops-systemworkerNamespace: kubesphere-devops-workersonarqube:host: http://192.168.139.176:31850token: deafc2f1c17bf0d6bbeccb2a742a1706bebc0c5a
3、退出保存
3.3.7、将 sonarqubeURL 添加到 KubeSphere 控制台
kubectl edit cm -n kubesphere-system ks-console-config
data:local_config.yaml: |server:http:hostname: localhostport: 8000static:production:/public: server/public/assets: dist/assets/dist: distredis:port: 6379host: redis.kubesphere-system.svcredisTimeout: 5000sessionTimeout: 7200000apiServer:url: http://ks-apiserverwsUrl: ws://ks-apiserverclient:version:kubesphere: v4.1.2kubernetes: v1.28.2enableKubeConfig: truedevops: #添加sonarqubeURL: http://192.168.139.176:31850 #添加enableNodeListTerminal: true
3.3.8、重启服务
kubectl -n kubesphere-devops-system rollout restart deploy devops-apiserverkubectl -n kubesphere-system rollout restart deploy ks-console
3.4、配置Maven私服配置
集群管理>host主机群>配置>字典配置>ks-devops-agent
kind: ConfigMap
apiVersion: v1
metadata:name: ks-devops-agentnamespace: kubesphere-devops-workerlabels:app.kubernetes.io/managed-by: Helmkubesphere.io/extension-ref: devopsannotations:meta.helm.sh/release-name: devops-agentmeta.helm.sh/release-namespace: kubesphere-devops-system
data:MavenSetting: |<?xml version="1.0" encoding="UTF-8"?><settingsxmlns="http://maven.apache.org/SETTINGS/1.2.0"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.2.0 https://maven.apache.org/xsd/settings-1.2.0.xsd"><localRepository>/var/jenkins_home/repository</localRepository><servers><server><id>release</id><username>admin</username><password>123456</password></server><server><id>snapshots</id><username>admin</username><password>123456</password></server><server><id>snail</id><username>admin</username><password>123456</password></server></servers><mirrors><mirror><id>snail</id><name>snail</name><url>http://192.168.139.184:8081/repository/snail-group/</url><mirrorOf>*</mirrorOf></mirror></mirrors><pluginGroups><pluginGroup>org.sonarsource.scanner.maven</pluginGroup></pluginGroups><profiles><profile><id>dev</id><repositories><repository><id>nexus</id><url>http://192.168.139.184:8081/repository/snail-group/</url><releases><enabled>true</enabled></releases><snapshots><enabled>true</enabled></snapshots></repository></repositories><pluginRepositories><pluginRepository><id>public</id><name>Public Repositories</name><url>http://192.168.139.184:8081/repository/snail-group/</url></pluginRepository></pluginRepositories></profile><profile><id>jdk-17</id><activation><activeByDefault>true</activeByDefault><jdk>17</jdk></activation><properties><sonar.host.url>http://192.168.139.176:30335</sonar.host.url></properties></profile></profiles><activeProfiles><activeProfile>dev</activeProfile></activeProfiles></settings>
三、配置微服务项目
1、创建Harbor凭证
集群管理>配置>保密字典>添加
2、构建maven
由于kubesphere的maven版本使用的是3.5.3,版本太低了,需要自己构建高版本Docker镜像
2.1、下载源码
https://github.com/carlossg/docker-maven/tree/main/eclipse-temurin-17
2.2、配置文件
Dockerfile
FROM eclipse-temurin:17-jdk as builderARG MAVEN_VERSION=3.9.9
ARG USER_HOME_DIR="/root"
ARG SHA=a555254d6b53d267965a3404ecb14e53c3827c09c3b94b5678835887ab404556bfaf78dcfe03ba76fa2508649dca8531c74bca4d5846513522404d48e8c4ac8b
ARG BASE_URL=https://dlcdn.apache.org/maven/maven-3/${MAVEN_VERSION}/binariesENV MAVEN_HOME=/usr/share/maven
ENV MAVEN_CONFIG="$USER_HOME_DIR/.m2"RUN apt-get update \&& apt-get install -y ca-certificates curl git gnupg dirmngr --no-install-recommends \&& rm -rf /var/lib/apt/lists/*
RUN set -eux; curl -fsSLO --retry 3 --retry-connrefused --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \&& echo "${SHA} *apache-maven-${MAVEN_VERSION}-bin.tar.gz" | sha512sum -c - \&& curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \&& export GNUPGHOME="$(mktemp -d)"; \for key in \6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \88BE34F94BDB2B5357044E2E3A387D43964143E3 \; do \gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \done; \gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz
RUN mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \&& tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \&& ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn
# smoke test
RUN mvn --versionFROM eclipse-temurin:17-jdkRUN apt-get update \&& apt-get install -y ca-certificates curl git openssh-client --no-install-recommends \&& rm -rf /var/lib/apt/lists/*LABEL org.opencontainers.image.title="Apache Maven"
LABEL org.opencontainers.image.source=https://github.com/carlossg/docker-maven
LABEL org.opencontainers.image.url=https://github.com/carlossg/docker-maven
LABEL org.opencontainers.image.description="Apache Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage a project's build, reporting and documentation from a central piece of information."ENV MAVEN_HOME=/usr/share/mavenCOPY --from=builder ${MAVEN_HOME} ${MAVEN_HOME}
COPY mvn-entrypoint.sh /usr/local/bin/mvn-entrypoint.sh
COPY settings-docker.xml /usr/share/maven/ref/RUN ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvnARG MAVEN_VERSION=3.9.9
ARG USER_HOME_DIR="/root"
ENV MAVEN_CONFIG="$USER_HOME_DIR/.m2"ENTRYPOINT ["/usr/local/bin/mvn-entrypoint.sh"]
CMD ["mvn"]
mvn-entrypoint.sh
#! /bin/sh -eu# Copy files from /usr/share/maven/ref into ${MAVEN_CONFIG}
# So the initial ~/.m2 is set with expected content.
# Don't override, as this is just a reference setupcopy_reference_files() {local log="$MAVEN_CONFIG/copy_reference_file.log"local ref="/usr/share/maven/ref"if mkdir -p "${MAVEN_CONFIG}/repository" && touch "${log}" > /dev/null 2>&1 ; thencd "${ref}"local reflink=""if cp --help 2>&1 | grep -q reflink ; thenreflink="--reflink=auto"fiif [ -n "$(find "${MAVEN_CONFIG}/repository" -maxdepth 0 -type d -empty 2>/dev/null)" ] ; then# destination is empty...echo "--- Copying all files to ${MAVEN_CONFIG} at $(date)" >> "${log}"cp -rv ${reflink} . "${MAVEN_CONFIG}" >> "${log}"else# destination is non-empty, copy file-by-fileecho "--- Copying individual files to ${MAVEN_CONFIG} at $(date)" >> "${log}"find . -type f -exec sh -eu -c 'log="${1}"shiftreflink="${1}"shiftfor f in "$@" ; doif [ ! -e "${MAVEN_CONFIG}/${f}" ] || [ -e "${f}.override" ] ; thenmkdir -p "${MAVEN_CONFIG}/$(dirname "${f}")"cp -rv ${reflink} "${f}" "${MAVEN_CONFIG}/${f}" >> "${log}"fidone' _ "${log}" "${reflink}" {} +fiecho >> "${log}"elseecho "Can not write to ${log}. Wrong volume permissions? Carrying on ..."fi
}owd="$(pwd)"
copy_reference_files
unset MAVEN_CONFIGcd "${owd}"
unset owdexec "$@"
settings-docker.xml
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0https://maven.apache.org/xsd/settings-1.0.0.xsd"><localRepository>/usr/share/maven/ref/repository</localRepository>
</settings>
2.3、 构建镜像推到私服
#构建镜像
docker build -t 192.168.139.184:8899/library/maven:3.9.9-jdk17 .#登录docker私服
docker login -uadmin 192.168.139.184:8899#推送到仓库
docker push 192.168.139.184:8899/library/maven:3.9.9-jdk17
2.4、修改kubesphere配置文件
集群管理>host主集群>配置>字典配置>jenkins-casc-config,在mavenjdk11同级目录下添加jdk17的配置。
修改这个文件 jenkins_user.yaml
- name: "mavenjdk17"label: "mavenjdk17"inheritFrom: "maven"imagePullSecrets:- name: harbor-secretcontainers:- name: "maven"image: "192.168.139.184:8899/library/maven:3.9.9-jdk17"volumes:- hostPathVolume:hostPath: "/var/run/docker.sock"mountPath: "/var/run/docker.sock"- hostPathVolume:hostPath: "/var/data/jenkins_maven_cache"mountPath: "/root/.m2"- hostPathVolume:hostPath: "/var/data/jenkins_sonar_cache"mountPath: "/root/.sonar/cache"- hostPathVolume:hostPath: "/usr/bin/docker"mountPath: "/usr/bin/docker"- hostPathVolume:hostPath: "/usr/bin/kubectl"mountPath: "/usr/bin/kubectl"- hostPathVolume:hostPath: "/usr/bin/envsubst"mountPath: "/usr/bin/envsubst"yaml: |spec:containers:- name: "maven"volumeMounts:- name: config-volumemountPath: /usr/share/maven/conf/settings.xmlsubPath: settings.xmlvolumes:- name: config-volumeconfigMap:name: ks-devops-agentitems:- key: MavenSettingpath: settings.xml
2.5、创建docker密钥
#namespace为 kubesphere-devops-worker
kubectl create secret docker-registry harbor-secret --docker-server=192.168.139.184:8899 --docker-username=admin --docker-password=Harbor12345 -n kubesphere-devops-worker
3、构建devops
3.1、创建凭证
企业空间wssnail-shop>devops项目>ks-wssnail-shop-dev>DevOps 项目设置>凭证
3.2、创建流水线
3.3、编辑jenkinsfile
pipeline {agent {node {label 'mavenjdk17' //这里要和自定义的maven仓库一致}}stages {stage('checkout scm') {agent nonesteps {git(url: 'http://192.168.139.184:9000/shop/wssnail-shop.git', credentialsId: 'git-user-pwd', branch: '$BRANCH', changelog: true, poll: false)}}stage('unit test') {agent nonesteps {container('maven') {sh '''cd ${SERVICE}pwdecho "${SERVICE}"mvn clean test'''}}}stage('Code Analysis') {agent nonesteps {container('maven') {withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) {withSonarQubeEnv('sonar') {sh '''service_name=${SERVICE#*/}service_name=${service_name#*/}cd ${SERVICE}mvn sonar:sonar -Dsonar.projectKey=${service_name} -Dsonar.login=$SONAR_TOKENecho "mvn sonar:sonar -Dsonar.projectKey=${service_name}"'''}}timeout(unit: 'MINUTES', activity: true, time: 15) {waitForQualityGate 'true'}}}}stage('build & push') {agent nonesteps {withCredentials([usernamePassword(credentialsId: 'harbor-user-pwd', passwordVariable: 'DOCKER_PASSWORD', usernameVariable: 'DOCKER_USERNAME')]) {container('maven') {sh '''cd ${SERVICE}mvn clean package -DskipTestscd ${WORKSPACE}chmod -R 777 deploy/copy.sh && deploy/copy.sh'''sh '''echo "${DOCKER_PASSWORD}" | docker login ${REGISTRY} -u "${DOCKER_USERNAME}" --password-stdinservice_name=${SERVICE#*/}service_name=${service_name#*/}cd deploy/${service_name}/buildif test "\${DOCKERHUB_NAMESPACE}" = "\${DOCKERHUB_NAMESPACE_SNAPSHOT}"; thenecho "DOCKERHUB_NAMESPACE is snapshot...."docker build -f Dockerfile -t \${REGISTRY}/\${DOCKERHUB_NAMESPACE}/\${service_name}:SNAPSHOT-\$BUILD_NUMBER .docker push \${REGISTRY}/\${DOCKERHUB_NAMESPACE}/\${service_name}:SNAPSHOT-\${BUILD_NUMBER}elsedocker build -f Dockerfile -t \${REGISTRY}/\${DOCKERHUB_NAMESPACE}/\${service_name}:SNAPSHOT-\$BUILD_NUMBER .echo "DOCKERHUB_NAMESPACE is release...."fi'''}}}}stage('push latest') {steps {container('maven') {sh '''service_name=${SERVICE#*/}service_name=${service_name#*/}cd deploy/${service_name}/builddocker tag ${REGISTRY}/${DOCKERHUB_NAMESPACE}/${service_name}:SNAPSHOT-${BUILD_NUMBER} ${REGISTRY}/${DOCKERHUB_NAMESPACE}/${service_name}:latestdocker push ${REGISTRY}/${DOCKERHUB_NAMESPACE}/${service_name}:latest'''}}}stage('deploy to dev') {agent nonewhen {expression {return params.TAG_NAME =~ /snapshot.*/}}steps {input(message: 'deploy to dev?', submitter: '')container('maven') {withCredentials([kubeconfigContent(credentialsId: 'kubeconfig-id', variable: 'ADMIN_KUBECONFIG')]) {sh '''service_name=${SERVICE#*/}service_name=${service_name#*/}cd deploy/${service_name}sed -i\'\' "s#REGISTRY#${REGISTRY}#" deployment.yamlsed -i\'\' "s#DOCKERHUB_NAMESPACE#${DOCKERHUB_NAMESPACE}#" deployment.yamlsed -i\'\' "s#APP_NAME#${service_name}#" deployment.yamlsed -i\'\' "s#BUILD_NUMBER#${BUILD_NUMBER}#" deployment.yamlsed -i\'\' "s#REPLICAS#${REPLICAS}#" deployment.yamlmkdir ~/.kubeecho "$ADMIN_KUBECONFIG" > ~/.kube/configkubectl create cm ${service_name}-yml --dry-run=\'client\' -o yaml --from-file=build/target/bootstrap.yml -n prod-wssnail-shopf9vqj > ${service_name}-configmap.ymlkubectl apply -f .'''}}}}stage('push with tag') {agent nonewhen {expression {return params.TAG_NAME =~ /v.*/}}steps {input(message: 'release image with tag?', submitter: '')withCredentials([usernamePassword(credentialsId: 'git-user-pwd', passwordVariable: 'GIT_PASSWORD', usernameVariable: 'GIT_USERNAME')]) {sh 'git config --global user.email "snail"'sh 'git config --global user.name "snail"'sh 'git tag -a ${TAG_NAME} -m "${TAG_NAME}"'sh 'git push http://${GIT_USERNAME}:${GIT_PASSWORD}@${GIT_REPO_URL}/${GIT_ACCOUNT}/${APP_NAME}.git --tags --ipv4'container('maven') {sh '''service_name=${SERVICE#*/}service_name=${service_name#*/}docker tag ${REGISTRY}/${DOCKERHUB_NAMESPACE}/${service_name}:SNAPSHOT-${BUILD_NUMBER} ${REGISTRY}/${DOCKERHUB_NAMESPACE}/${service_name}:${TAG_NAME}docker push ${REGISTRY}/${DOCKERHUB_NAMESPACE}/${service_name}:${TAG_NAME}'''}}}}stage('deploy to production') {agent nonewhen {expression {return params.TAG_NAME =~ /v.*/}}steps {input(message: 'deploy-to-production?', submitter: '')container('maven') {withCredentials([kubeconfigContent(credentialsId: 'kubeconfig-id', variable: 'ADMIN_KUBECONFIG')]) {sh '''service_name=${SERVICE#*/}service_name=${service_name#*/}cd deploy/${service_name}/prodsed -i\'\' "s#REGISTRY#${REGISTRY}#" deployment.yamlsed -i\'\' "s#DOCKERHUB_NAMESPACE#${DOCKERHUB_NAMESPACE}#" deployment.yamlsed -i\'\' "s#APP_NAME#${service_name}#" deployment.yamlsed -i\'\' "s#TAG_NAME#${TAG_NAME}#" deployment.yamlsed -i\'\' "s#REPLICAS#${REPLICAS}#" deployment.yamlmkdir ~/.kubeecho "$ADMIN_KUBECONFIG" > ~/.kube/configkubectl create cm ${service_name}-yml --dry-run=\'client\' -o yaml --from-file=../build/target/bootstrap.yml -n prod-wssnail-shopf9vqj > ${service_name}-configmap.ymlkubectl apply -f .'''}}}}}environment {APP_NAME = 'wssnail-shop'DOCKER_CREDENTIAL_ID = 'harbor-user-pwd'REGISTRY = '192.168.139.184:8899'GIT_REPO_URL = '192.168.139.184:9000'GIT_CREDENTIAL_ID = 'git-user-pwd'GIT_ACCOUNT = 'shop'SONAR_CREDENTIAL_ID = 'sonar-token'DOCKERHUB_NAMESPACE_SNAPSHOT = 'snapshot'DOCKERHUB_NAMESPACE_RELEASE = 'release'}parameters {choice(name: 'SERVICE', choices: ['wssnail-shop-parent/shop-gateway','wssnail-shop-parent/shop-uaa','wssnail-shop-parent/shop-commodity','wssnail-shop-parent/shop-order'], description: '请选择要部署的服务')choice(name: 'DOCKERHUB_NAMESPACE', choices: ['snapshot', 'release'], description: '请选择部署到哪个镜像仓库')choice(name: 'REPLICAS', choices: ['1', '3', '5', '7'], description: '请选择构建后的副本数')string(name: 'BRANCH', defaultValue: 'master', description: '请输入要构建的分支名称')string(name: 'TAG_NAME', defaultValue: 'snapshot', description: '部署版本:必须以 v 开头,例如:v1、v1.0.0')}
}
3.4、创建harbor-secret
kubectl create secret docker-registry harbor-secret --docker-server=192.168.139.184:8899 --docker-username=admin --docker-password=Harbor12345 -n prod-wssnail-shopf9vqj
3.5、验证
四、参考
https://blog.csdn.net/huangh0914/article/details/136363139
文档中心
相关文章:

基于Kubesphere实现微服务的CI/CD——部署微服务项目(三)
目录 一、kubesphere安装 1、安装本地持久存储 1.1、default-storage-class.yaml 1.2、 openebs-operator.yaml 1.3、安装 Default StorageClass 2、安装kubesphere 2.1、安装Helm 2.2、安装kubesphere 二、配置kubesphere 1、安装插件 2、创建devops项目 3、配置…...

【使用webrtc-streamer解析rtsp视频流】
webrtc-streamer WebRTC (Web Real-Time Communications) 是一项实时通讯技术,它允许网络应用或者站点,在不借助中间媒介的情况下,建立浏览器之间点对点(Peer-to-Peer)的连接,实现视频流和(或&a…...

element左侧导航栏
由element组件搭建的左侧导航栏 预览: html代码: <!DOCTYPE html> <html lang"en"> <head><meta charset"UTF-8"><title>首页</title><style> /*<!-- 调整页面背景颜色-->*/body{background-colo…...

【金融贷后】贷后运营精细化管理
文章目录 一、贷后专业术语讲解① 什么是贷后,贷后部是干什么的?② 贷后部门常见组织架构?③ 贷后专业术语有哪些? 二、贷后常用作业手段介绍① 贷后产品形态介绍?② 催收常用的方法? 三、贷后策略岗位介绍…...

学习CSS第七天
学习文章目录 一.交集选择器 一.交集选择器 使用多个条件符合的元素,可提高区分的精准度 元素配合类名是使用场景最多的 (元素必须是第一位,ID一般不写) <!DOCTYPE html> <html lang"zh-CN"> <head>…...

Image Stitching using OpenCV
文章目录 简介图像拼接管道特征检测和提取特征检测特征提取 特征匹配强力匹配FLANN(近似最近邻快速库)匹配 单应性估计扭曲和混合结论 使用opencv进行图像拼接 原为url: https://medium.com/paulsonpremsingh7/image-stitching-using-opencv-a-step-by-s…...

CentOS7 安装Selenium(使用webdriver_manager自动安装ChromeDriver)
在 CentOS 7 上安装 Selenium 通常涉及几个步骤,包括安装 Python、安装 Selenium 库、安装 WebDriver 以及配置环境。以下是详细的步骤: 1. 安装 Python 和 pip 如果你的系统中还没有安装 Python 和 pip,可以使用以下命令进行安装ÿ…...

鸿蒙手机文件目录
最近在开发鸿蒙,想把文件从电脑上发送到鸿蒙上我的手机APP的根目录,但是试了几次目录都不对,最后终于找到了,在这里记录一下 鸿蒙手机路径: /storage/media/100/local/files/Docs 将文件从电脑发送到手机:hdc file s…...

泷羽Sec学习笔记-Bp中ip伪造、爬虫审计
ip伪造与爬虫审计 ip伪造 下载插件:burpFakeIP 地址:GitHub - TheKingOfDuck/burpFakeIP: 服务端配置错误情况下用于伪造ip地址进行测试的Burp Suite插件 python版需要配置jython:下载地址:Maven Central: org.python:jython-…...

电子电工一课一得
首语 在现代社会中,电子电工技术已经渗透到我们生活的方方面面,从家用电器到工业自动化,从通信设备到智能系统,无一不依赖于电子电工技术。因此,掌握电子电工的基础知识,不仅对理工科学生至关重要…...

Cesium 限制相机倾斜角(pitch)滑动范围
1.效果 2.思路 在项目开发的时候,有一个需求是限制相机倾斜角,也就是鼠标中键调整视图俯角时,不能过大,一般 pitch 角度范围在 0 至 -90之间,-90刚好为正俯视。 在网上查阅了很多资料,发现并没有一个合适的…...

配置ssh-key连接github
GitHub 通过在 2022 年 3 月 15 日删除旧的、不安全的密钥类型来提高安全性。 具体内容参考如下链接 https://docs.github.com/zh/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent mac配置 ssh-keygen -t ed25519 -C …...

Linux——进程控制模拟shell
1.进程创建 我们在之前的文章中介绍过进程创建的方法,可以通过系统调用接口fork来创建新的进程。 fork在创建完新的子进程之后,返回值是一个pid,对于父进程返回子进程的pid,对于子进程返回0。fork函数后父子进程共享代码ÿ…...

【HarmonyOS】鸿蒙应用实现手机摇一摇功能
【HarmonyOS】鸿蒙应用实现手机摇一摇功能 一、前言 手机摇一摇功能,是通过获取手机设备,加速度传感器接口,获取其中的数值,进行逻辑判断实现的功能。 在鸿蒙中手机设备传感器ohos.sensor (传感器)的系统API监听有以下…...

Kael‘thas Sunstrider Ashes of Al‘ar
Kaelthas Sunstrider 凯尔萨斯逐日者 <血精灵之王> Kaelthas Sunstrider - NPC - 魔兽世界怀旧服TBC数据库_WOW2.43数据库_70级《燃烧的远征》数据库 Ashes of Alar 奥的灰烬 (凤凰 310%速度) Ashes of Alar - Item - 魔兽世界怀旧服TBC数据…...

CNCF云原生生态版图
CNCF云原生生态版图 概述什么是云原生生态版图如何使用生态版图 项目和产品(Projects and products)会员(Members)认证合作伙伴与提供商(Certified partners and providers)无服务(Serverless&a…...

渐冻症:真的无药可治?
“渐冻症”,这个令人闻之色变的疾病,仿佛是生命的冷酷冰封者。一提到渐冻症,很多人脑海中立刻浮现出绝望的画面,认为它无药可治。但事实真的如此吗? 渐冻症,医学上称为肌萎缩侧索硬化症,是一种渐…...

`pg_wal` 目录
在 PostgreSQL 中,自动清理 pg_wal 目录主要通过配置参数 min_wal_size、max_wal_size 和 wal_keep_size 来实现。以下是如何配置 PostgreSQL 以自动清理 WAL 文件的详细步骤和建议: 配置 min_wal_size 和 max_wal_size: min_wal_size&#x…...

【信息系统项目管理师】论文:论信息系统项目的整合管理
文章目录 正文一、制定项目章程二、指定项目管理计划三、指导与管理项目工作四、管理项目知识五、监控项目工作六、实施整体变更控制七、结束项目或阶段 正文 根据省自然资源厅的总体部署,XX市决定于2023年8月开始全市不动产登记系统建设,要求在2024年8…...

MATLAB深度学习(七)——ResNet残差网络
一、ResNet网络 ResNet是深度残差网络的简称。其核心思想就是在,每两个网络层之间加入一个残差连接,缓解深层网络中的梯度消失问题 二、残差结构 在多层神经网络模型里,设想一个包含诺干层自网络,子网络的函数用H(x)来表示&#x…...

freeswitch(配置event_socket连接)
亲测版本centos 7.9系统–》 freeswitch1.10.9 本人freeswitch安装路径(根据自己的路径进入) /usr/local/freeswitch/etc/freeswitch场景说明: 如果想使用代码进行控制freeswitch添加账号、获取注册信息、强拆等,可以使用ESL控制vim autoload_configs/event_socket.conf.x…...

C++ SQLite轻量化数据库使用总结
官网下载:https://www.sqlite.org/download.html 示例1 #include <iostream> #include <sqlite3.h>int main() {sqlite3* db;char* zErrMsg 0;int rc;// 打开数据库连接(如果数据库不存在,则会自动创建)rc sqlite…...

docker打包当前使用的某个容器为镜像,导出,导入
容器打包成镜像 要将正在使用的 Docker 容器打包成镜像,你可以使用 docker commit 命令。这个命令会从运行中的容器创建一个新的镜像。以下是详细步骤: 查看正在运行的容器: 使用以下命令查看当前正在运行的容器: docker ps找到目…...

【刷题22】BFS解决最短路问题
目录 一、边权为1的最短路问题二、迷宫中离入口最近的出口三、最小基因变化四、单词接龙五、为高尔夫比赛砍树 一、边权为1的最短路问题 如图:从A到I,怎样走路径最短 一个队列一个哈希表队列:一层一层递进,直到目的地为止哈希表&…...

服务器重启:数字世界的短暂休憩与新生
在互联网的浩瀚海洋中,服务器犹如一座座灯塔,持续稳定地散发着光芒,为无数的网络活动提供着支撑与指引。而服务器重启,便是这数字灯塔周期性进行自我调整与修复的关键环节。 服务器重启是指对服务器进行重新启动的过程࿰…...

JavaEE 【知识改变命运】05 多线程(4)
文章目录 单例模式什么是单例模式饿汉模式懒汉模式多线程- 懒汉模式分析多线程问题第一种添加sychronized的方式第二种添加sychronized的方式改进第二种添加sychronized的方式(DCL检查锁) 阻塞队列什么是阻塞队列什么是消费生产者模型标准库中的阻塞队列…...

【CSS in Depth 2 精译_076】12.4 @font-face 的工作原理
当前内容所在位置(可进入专栏查看其他译好的章节内容) 第四部分 视觉增强技术 ✔️【第 12 章 CSS 排版与间距】 ✔️ 12.1 间距设置 12.1.1 使用 em 还是 px12.1.2 对行高的深入思考12.1.3 行内元素的间距设置 12.2 Web 字体12.3 谷歌字体12.4 font-fac…...

SQL Having用法
拿个业务场景说这个案例,比如我们有个表里面可能有批改过的数据,批改过得数据不会随着新批改的数据覆盖,而是逐条插入表中,如果想找出包含最早批改的数据和最新批改数据的话,那么我们就需要用到了havinng 用法,假设最开…...

@JsonNaming实现入参接口参数下划线驼峰自动转换
JsonNaming(PropertyNamingStrategy.SnakeCaseStrategy.class) 是用于 Jackson 库中的一个注解,作用是改变 Java 对象的字段命名策略,特别是在序列化和反序列化时。这可以帮助 Java 对象中的字段名从驼峰命名法(CamelCase)转换为蛇…...

使用PaliGemma2构建多模态目标检测系统:从架构设计到性能优化的技术实践指南
目标检测技术作为计算机视觉领域的核心组件,在自动驾驶系统、智能监控、零售分析以及增强现实等应用中发挥着关键作用。本文将详细介绍PaliGemma2模型的微调流程,该模型通过整合SigLIP-So400m视觉编码器与Gemma 2系列的高级语言模型,专门针对…...