k8s从代码到发布

hcwei 2021年11月05日 408次浏览

1. 制作镜像

拉取代码本地打包,使用dockerfile创建镜像,dockerfile如下:

FROM java:openjdk-8-jre-alpine

WORKDIR /opt/production/webapp

COPY target/*.jar /opt/production/webapp

EXPOSE 8080

ENTRYPOINT java -jar *.jar
docker build -t deploy-test:1.0 .

2. 上传镜像至harbor仓库

登陆harbor仓库,harbor仓库地址:xxx.xxx.xxx,用户名:admin,密码:xxx

docker login -u admin -p xxx xxx.xxx.xxx #登陆仓库

上传镜像

docker tag deploy-test:1.0 xxx.xxx.xxx/test/deploy-test:1.0
docker push xxx.xxx.xxx/test/deploy-test:1.0

注意此处需先在镜像仓库中创建test项目,以存放测试项目,其它环境以此类推
image 18.png

3. 发布项目

3.1 创建harbor仓库密钥yaml配置文件

由于k8s集群需要拉取harbor仓库中的私有镜像,所以需要配置harbor密钥文件。在上传镜像中,登陆harbor仓库后,会在当前用户家目录下生成.docker/config.json文件

cat config.json  | base64 -w 0

image 19.png
生成密钥:

apiVersion: v1
kind: Secret
metadata:
  name: harbor
  namespace: test
type: kubernetes.io/dockerconfigjson
data:
  .dockerconfigjson: ewoJImF1dGhzIjogewoJCSJmcmVlemUtdGVzdC55aXlhb3dhbmcuY29tIjogewoJCQkiYXV0aCI6ICJkMlZwYUdGcFkyaGhienBYWldrMU9EZzNOalV1TGc9PSIKCQl9Cgl9Cn0=

3.2 创建deploy.yaml文件

apiVersion: apps/v1
kind: Deployment      
metadata: 
  name: deploy-test
  namespace: test
  labels:
    secondDepartment: ops
    thirdDepartment: sre
    projectOwner: hcwei
    projectName: deploy-test
    env: test
    deployType: jar
spec:
  replicas: 1
  revisionHistoryLimit: 3 # 保留历史版本
  paused: false # 暂停部署,默认是false
  progressDeadlineSeconds: 600 # 部署超时时间(s),默认是600
  selector:
    matchLabels:
      app: deploy-test
  template:
    metadata:
      annotations:
        prometheus.io/path: /metrics # 用于Prometheus抓取jvm信息
        prometheus.io/port: "8786"   # 用于Prometheus抓取jvm信息
        prometheus.io/scrape: "true" # 用于Prometheus抓取jvm信息
      labels:
        app: deploy-test
    spec:
      containers:
      - name: deploy-test
        image: xxx.xxx.xxx/test/deploy-test:1.0
        imagePullPolicy: Always
        resources:
          limits:
            cpu: "2"
            memory: "2048Mi"
          requests:
            cpu: "1"
            memory: "512Mi"
        ports:
        - containerPort: 80
        livenessProbe:
          initialDelaySeconds: 60
          periodSeconds: 10
          failureThreshold: 3
          successThreshold: 1
          timeoutSeconds: 1
          tcpSocket:
            port: 8080
        readinessProbe:
          initialDelaySeconds: 60
          periodSeconds: 10
          failureThreshold: 3
          successThreshold: 1
          timeoutSeconds: 1
          httpGet:  
            scheme: HTTP
            port: 8080
            path: /healthcheck/status
	startupProbe:
	  # 探测延迟时间
          initialDelaySeconds: 30
          # 探测时间间隔
          periodSeconds: 30
          # 不健康阀值
          failureThreshold: 10
          # 健康阀值
          successThreshold: 1
	  # 超时时间
          timeoutSeconds: 1
	  httpGet:
            path: /healthcheck/status
            port: 8080
            scheme: HTTP
        # 优雅退出     
        lifecycle:       
          preStop:          
            exec:            
              command:            
              - sleep           
              - "30"
      # 发送SIGTERM后,优雅停机宽限时间,到时后发送SIGKILL
      terminationGracePeriodSeconds: 60
      dnsPolicy: None
      dnsConfig:
        nameservers:
          - 10.0.0.1
      # 镜像密钥
      imagePullSecrets:
        - name: harbor
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 25% 
      maxUnavailable: 25% 
#      affinity:
#        nodeAffinity:
#          requiredDuringSchedulingIgnoredDuringExecution:
#            nodeSelectorTerms:
#            - matchExpressions:
#              - key: nodeenv
#              operator: In
#              values: ["supply"]
#      restartPolicy: OnFailure

3.3 创建service.yaml文件

apiVersion: v1
kind: Service
metadata:
  name: deploy-test
  namespace: test
spec:
  selector:
    app: deploy-test
  type: ClusterIP
  ports:
  - port: 80  # Service端口       
    targetPort: 8080 # pod端口  
  sessionAffinity: ClientIP 

3.4 创建hpa.yaml文件

apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
  name: deploy-test
  namespace: test
spec:
  minReplicas: 1  #最小pod数量
  maxReplicas: 2 #最大pod数量
  targetCPUUtilizationPercentage: 2 # CPU使用率指标
  scaleTargetRef:   # 指定要控制的nginx信息
    apiVersion: apps/v1
    kind: Deployment
    name: deploy-test

3.5 创建ingress.yaml文件

如果需要使用https,所以先生成tls证书secret

kubectl create secret tls xxx.xxx.xxx --cert=xxx.xxx.xxx.pem --key=xxx.xxx.xxx.key -n test

ingress.yaml文件配置如下:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: deploy-test-https
  namespace: test
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/cors-allow-origin: "*"
    nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
    nginx.ingress.kubernetes.io/cors-allow-headers: "Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With"
    nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, OPTIONS"
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
  tls:
    - hosts:
      - xxx.xxx.xxx
      secretName: xxx.xxx.xxx # 指定秘钥
  rules:
  - host: xxx.xxx.xxx
    http:
      paths:
      - path: /
        backend:
          serviceName: deploy-test
          servicePort: 80