1. 制作镜像
拉取代码本地打包,使用dockerfile创建镜像,dockerfile如下:
FROM java:openjdk-8-jre-alpine
WORKDIR /opt/production/webapp
COPY target/*.jar /opt/production/webapp
EXPOSE 8080
ENTRYPOINT java -jar *.jar
docker build -t deploy-test:1.0 .
2. 上传镜像至harbor仓库
登陆harbor仓库,harbor仓库地址:xxx.xxx.xxx,用户名:admin,密码:xxx
docker login -u admin -p xxx xxx.xxx.xxx #登陆仓库
上传镜像
docker tag deploy-test:1.0 xxx.xxx.xxx/test/deploy-test:1.0
docker push xxx.xxx.xxx/test/deploy-test:1.0
注意此处需先在镜像仓库中创建test项目,以存放测试项目,其它环境以此类推
-cfccfa2c0bb342c4b92fe921bb305412.png)
3. 发布项目
3.1 创建harbor仓库密钥yaml配置文件
由于k8s集群需要拉取harbor仓库中的私有镜像,所以需要配置harbor密钥文件。在上传镜像中,登陆harbor仓库后,会在当前用户家目录下生成.docker/config.json文件
cat config.json | base64 -w 0
-476f4db582f74251a80da4d881079af7.png)
生成密钥:
apiVersion: v1
kind: Secret
metadata:
name: harbor
namespace: test
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSJmcmVlemUtdGVzdC55aXlhb3dhbmcuY29tIjogewoJCQkiYXV0aCI6ICJkMlZwYUdGcFkyaGhienBYWldrMU9EZzNOalV1TGc9PSIKCQl9Cgl9Cn0=
3.2 创建deploy.yaml文件
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy-test
namespace: test
labels:
secondDepartment: ops
thirdDepartment: sre
projectOwner: hcwei
projectName: deploy-test
env: test
deployType: jar
spec:
replicas: 1
revisionHistoryLimit: 3 # 保留历史版本
paused: false # 暂停部署,默认是false
progressDeadlineSeconds: 600 # 部署超时时间(s),默认是600
selector:
matchLabels:
app: deploy-test
template:
metadata:
annotations:
prometheus.io/path: /metrics # 用于Prometheus抓取jvm信息
prometheus.io/port: "8786" # 用于Prometheus抓取jvm信息
prometheus.io/scrape: "true" # 用于Prometheus抓取jvm信息
labels:
app: deploy-test
spec:
containers:
- name: deploy-test
image: xxx.xxx.xxx/test/deploy-test:1.0
imagePullPolicy: Always
resources:
limits:
cpu: "2"
memory: "2048Mi"
requests:
cpu: "1"
memory: "512Mi"
ports:
- containerPort: 80
livenessProbe:
initialDelaySeconds: 60
periodSeconds: 10
failureThreshold: 3
successThreshold: 1
timeoutSeconds: 1
tcpSocket:
port: 8080
readinessProbe:
initialDelaySeconds: 60
periodSeconds: 10
failureThreshold: 3
successThreshold: 1
timeoutSeconds: 1
httpGet:
scheme: HTTP
port: 8080
path: /glhealthcheck/status
# 优雅退出
lifecycle:
preStop:
exec:
command:
- sleep
- "30"
terminationGracePeriodSeconds: 60
dnsPolicy: None
dnsConfig:
nameservers:
- 10.0.0.1
imagePullSecrets:
- name: harbor
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
# affinity:
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: nodeenv
# operator: In
# values: ["supply"]
# restartPolicy: OnFailure
3.3 创建service.yaml文件
apiVersion: v1
kind: Service
metadata:
name: deploy-test
namespace: test
spec:
selector:
app: deploy-test
type: ClusterIP
ports:
- port: 80 # Service端口
targetPort: 8080 # pod端口
sessionAffinity: ClientIP
3.4 创建hpa.yaml文件
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
name: deploy-test
namespace: test
spec:
minReplicas: 1 #最小pod数量
maxReplicas: 2 #最大pod数量
targetCPUUtilizationPercentage: 2 # CPU使用率指标
scaleTargetRef: # 指定要控制的nginx信息
apiVersion: apps/v1
kind: Deployment
name: deploy-test
3.5 创建ingress.yaml文件
如果需要使用https,所以先生成tls证书secret
kubectl create secret tls xxx.xxx.xxx --cert=xxx.xxx.xxx.pem --key=xxx.xxx.xxx.key -n test
ingress.yaml文件配置如下:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: deploy-test-https
namespace: test
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-origin: "*"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
nginx.ingress.kubernetes.io/cors-allow-headers: "Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With"
nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, OPTIONS"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
tls:
- hosts:
- xxx.xxx.xxx
secretName: xxx.xxx.xxx # 指定秘钥
rules:
- host: xxx.xxx.xxx
http:
paths:
- path: /
backend:
serviceName: deploy-test
servicePort: 80