Jenkins远程管理K8S集群实现自动POD部署
大致思路
- 修改.kube/config 文件,增加新集群的context
- 建立隧道将集群控制端口映射到Jenkins服务器本地端口
- 测试jenkin 切换到新context 是否能控制该集群
- 新集群配置对接Harbor仓库
- 测试helm部署pod
- Jenkins测试配置流水线自动发版
1. 配置Jenkins与集群网络代理
网络代理脚本
#!/usr/bin/env bash
set -o xtrace
export AUTOSSH_LOGFILE="/root/autossh.log"
# 这个变量会被k8s自动设置,跟autossh本身的有冲突,这里取消k8s设置的
unset AUTOSSH_PORT
# ======= autossh options =========
# -M specifies the base monitoring port to use, this port and the port
# immediately above it ( port + 1) should be something nothing else is using
# -f causes autossh to drop to the background before running ssh
# ======= ssh options ========
# -N Do not execute a remote command. This is useful for just forwarding ports.
# -R 0.0.0.0:30080:192.168.118.180:30080 ztmoon 把远程服务器ztmoon上的30080端口指向本地局域网内192.168.118.180上的30080端口
autossh -M 10001 -f -N \
-R 0.0.0.0:35443:127.0.0.1:6443 \
-R 0.0.0.0:35222:127.0.0.1:22 \
-R 0.0.0.0:35357:127.0.0.1:30357 \
[email protected]
set +o xtrace
查看Jenkins主机端口情况
[root@app-04 .ssh]# netstat -lntup | grep 35
tcp 0 0 0.0.0.0:35443 0.0.0.0:* LISTEN 32546/sshd: zxx
tcp 0 0 0.0.0.0:35222 0.0.0.0:* LISTEN 32546/sshd: zxx
tcp 0 0 0.0.0.0:35357 0.0.0.0:* LISTEN 32546/sshd: zxx
2. 配置Jenkins远程管理集群
2.1 Jenkins-config文件中增加新集群信息
在kubeconfig中,context中将访问一个集群的参数进行分组。访问这个context名称就是访问这个参数组。context就是一组信息的别名,举例来说,当在高德中使用家的地址,公司的地址就是一个别名,就能迅速的定位到具体的地址信息。
kubeconfig中主要由如下部分组成:
-
clusters (集群)
-
users(用户)
-
context(上下文)
默认情况下,kubectl命令从current context中来获取参数,然后与集群进行通讯。
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURtakNDQW9LZ0F3SUJBZ0lVTnhMZWE2QTZvVC9HL0dnR24rZ01uRDJjR2VBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERUxNQWtHQTFVRUJoTUNRMDR4RVRBUEJnTlZCQWdUQ0VoaGJtZGFhRzkxTVFzd0NRWURWUVFIRXdKWQpVekVNTUFvR0ExVUVDaE1EYXpoek1ROHdEUVlEVlFRTEV3WlRlWE4wWlcweEZqQVVCZ05WQkFNVERXdDFZbVZ5CmJtVjBaWE10WTJFd0lCY05Nak13TmpFME1EazBPVEF3V2hnUE1qRXlNekExTWpFd09UUTVNREJhTUdReEN6QUoKQmdOVkJBWVRBa05PTVJFd0R3WURWUVFJRXdoSVlXNW5XbWh2ZFRFTE1Ba0dBMVVFQnhNQ1dGTXhEREFLQmdOVgpCQW9UQTJzNGN6RVBNQTBHQTFVRUN4TUdVM2x6ZEdWdE1SWXdGQVlEVlFRREV3MXJkV0psY201bGRHVnpMV05oCk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBckNRN2VwV2RqTCtEMXNVY0FacXgKdjcrRGxIZm5aOFlNTmRXN25VNFk2ZHUyN2RUV3FpVFVjTllCK1RLR3RzRmJuODRkbEFtR04wZHpwcTZtNXlrdgppZWowS29SbjJMWDZmZHArNWRacXFKd1dMK0FsQXBycmY1cjYvNlRBaGNabGwvK1NaMnp3OFRldFVZY1ZFdzdzCit6ZDErelV6TkpMV25WdTByUitFeHNyTzNvdy85T0diTkdRaWk5d1RBRFR6MzlDQ09DQzdUZytIUVowQ3g2NGwKUE5IMjVKSmNYbjYxeXBUa0FwWXRiRUR2V29XWC9yYVJTcmZhclZObU1laFdKb2dSd2VsV1gydlM0cnAwVGdHWApyRGt3NHdNTUl0VmI1WmZoT3paTDV4QVRxZDlUcmRxWUVmZkRDSlNZam91c3VPL3FZSlZad1dTaXBxdXQ5V2c3CmVRSURBUUFCbzBJd1FEQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlYKSFE0RUZnUVVsbGxrNnl4SEdhTUpMOWtHUHJpV3JDdlY3bGd3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUc0UApIck5TOFpiRmQxTFZnMm5XT1RoTTVrUnZKSkdKZzUwcGlkTm9meTNMWVllVlUxMzZUeDBDZWxiaEZpS2l1SDhOCk9LVFI5cHRVYytXUDlaUlJUQkc0dkxCa3JxSlp3aXUxNUJXVThBT01Pcnhwd05xZlN1OVZFREtaMFRtUVVsWkEKVGxRdEczYk1sVFNpUkNZZXk0NjFQYVlpOE0vNUF1QjJqUDg2N09oUUhTaFdxN3RQUnJXSGFQZE1tekpKODBzUgpTRDNrRlYyUm5aemN5bGEzTFU1cWZaQUhTb20vL0tMb21oK0VlR2N4YWRVRlVwRUl4cDFVN3Z4YnRtRzByT2pKCitjNlJiWExZc2ZWRVNDOVEyUk10MTBUWCtYK1kwSGxzWHdlV0RiNXZOLzIwTlorTGtJR3E4cmNELytBZHhQd0YKcVI4R1hNSUY5TFhpdXk4ZWNjRT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
server: https://localhost:19443
name: jtcs
- context:
cluster: jtcs
namespace: jtcs-prod
user: jtcs-prod
name: jtcs-prod
- name: jtcs-prod
user:
token: 后续生成
-bash-4.2$ kubectl config use-context jtcs-prod
Switched to context "jtcs-prod".
-bash-4.2$ kubectl get pod
NAME READY STATUS RESTARTS AGE
mysql57-6c7bc59c5-bkm8h 1/1 Running 0 2d17h
pplmc-gateway-for-pt-5fc65d6577-tkk5w 1/1 Running 0 3d
pplmc-job-for-pt-89c64db68-2flgp 1/1 Running 0 3d
3. 初始化项目集群
3.1创建项目namespace和SA账号
# namespace
---
apiVersion: v1
kind: Namespace
metadata:
name: jtcs-prod
labels:
name: jtcs-prod
# Default Memory Requests and Limits
---
apiVersion: v1
kind: LimitRange
metadata:
name: mem-limit-range
namespace: jtcs-prod
spec:
limits:
- default:
memory: 4096Mi
defaultRequest:
memory: 128Mi
type: Container
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jtcs-prod
namespace: jtcs-prod
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jtcs-prod-rolebinding
namespace: jtcs-prod
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: edit
subjects:
- kind: ServiceAccount
name: jtcs-prod
namespace: jtcs-prod
root@k8s-made-01-32:/yaml/namespace# kubectl apply -f jtcs.yaml
从 1.24 开始就不会自动生成 secret 了,chanagelog 在这里.
3.2 创建SA账户token
apiVersion: v1
kind: Secret
metadata:
name: build-robot-secret
namespace: jtcs-prod
annotations:
kubernetes.io/service-account.name: jtcs-prod
type: kubernetes.io/service-account-token
控制面会自动为该 ServiceAccount 生成一个令牌,并将其保存到相关的 Secret 中
root@k8s-made-01-32:/script# kubectl describe -n jtcs-prod secrets/build-robot-secret
Name: build-robot-secret
Namespace: jtcs-prod
Labels: <none>
Annotations: kubernetes.io/service-account.name: jtcs-prod
kubernetes.io/service-account.uid: 95be2e94-1cfe-40ae-b181-a11fe82e1314
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1310 bytes
namespace: 9 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6Il82SWdMUWRGbnlHeGEtQnpReDVvUE9PWW9yWXY4cmg0NWdsT2ZiNTZiY0UifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJqdGNzLXByb2QiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoiYnVpbGQtcm9ib3Qtc2VjcmV0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6Imp0Y3MtcHJvZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6Ijk1YmUyZTk0LTFjZmUtNDBhZS1iMTgxLWExMWZlODJlMTMxNCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpqdGNzLXByb2Q6anRjcy1wcm9kIn0.WTawQUmU4f5UkE7Bbby73Qxu9CHC59KWVPDhjcWF82K-Cu5Y3yh-HE-s-fcv4qmQHfMwru2p7Tj8rE065GqL6ELsC4Y7i6irwJdZXNPVYWPLetrb0XM61d-Zoy8sq5scGuFz5Q5H8MRgSGXW6K72HjCHs_2hSJlqr4Dm6ZvBg7iukb28T_nG2yWb-1J_JUDgpKaavMWZ9nuoEZfFcvz6WxGrV6KoRbbFKF7BFuEvio08sQ4OCwKq8o3KKic-Wik2PtRVyIdL5wQ4r8j7GgFB3NUUSWKueg7mEvsdE89HrgaFQwObxJmCKaPTZbLnfq7BBBxTlhT5sx-_s8yuvegwHA
3.3 创建管理员账号
# 1, kubectl apply -f jn-admin.serviceAccount.yaml
# 3, kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep jn-admin | awk '{print $1}')
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jtcs-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: jtcs-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: jtcs-admin
namespace: kube-system
3.4 测试Jenkins远程管理集群
将新集群信息添加到config文件中
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURtakNDQW9LZ0F3SUJBZ0lVTnhMZWE2QTZvVC9HL0dnR24rZ01uRDJjR2VBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERUxNQWtHQTFVRUJoTUNRMDR4RVRBUEJnTlZCQWdUQ0VoaGJtZGFhRzkxTVFzd0NRWURWUVFIRXdKWQpVekVNTUFvR0ExVUVDaE1EYXpoek1ROHdEUVlEVlFRTEV3WlRlWE4wWlcweEZqQVVCZ05WQkFNVERXdDFZbVZ5CmJtVjBaWE10WTJFd0lCY05Nak13TmpFME1EazBPVEF3V2hnUE1qRXlNekExTWpFd09UUTVNREJhTUdReEN6QUoKQmdOVkJBWVRBa05PTVJFd0R3WURWUVFJRXdoSVlXNW5XbWh2ZFRFTE1Ba0dBMVVFQnhNQ1dGTXhEREFLQmdOVgpCQW9UQTJzNGN6RVBNQTBHQTFVRUN4TUdVM2x6ZEdWdE1SWXdGQVlEVlFRREV3MXJkV0psY201bGRHVnpMV05oCk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBckNRN2VwV2RqTCtEMXNVY0FacXgKdjcrRGxIZm5aOFlNTmRXN25VNFk2ZHUyN2RUV3FpVFVjTllCK1RLR3RzRmJuODRkbEFtR04wZHpwcTZtNXlrdgppZWowS29SbjJMWDZmZHArNWRacXFKd1dMK0FsQXBycmY1cjYvNlRBaGNabGwvK1NaMnp3OFRldFVZY1ZFdzdzCit6ZDErelV6TkpMV25WdTByUitFeHNyTzNvdy85T0diTkdRaWk5d1RBRFR6MzlDQ09DQzdUZytIUVowQ3g2NGwKUE5IMjVKSmNYbjYxeXBUa0FwWXRiRUR2V29XWC9yYVJTcmZhclZObU1laFdKb2dSd2VsV1gydlM0cnAwVGdHWApyRGt3NHdNTUl0VmI1WmZoT3paTDV4QVRxZDlUcmRxWUVmZkRDSlNZam91c3VPL3FZSlZad1dTaXBxdXQ5V2c3CmVRSURBUUFCbzBJd1FEQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlYKSFE0RUZnUVVsbGxrNnl4SEdhTUpMOWtHUHJpV3JDdlY3bGd3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUc0UApIck5TOFpiRmQxTFZnMm5XT1RoTTVrUnZKSkdKZzUwcGlkTm9meTNMWVllVlUxMzZUeDBDZWxiaEZpS2l1SDhOCk9LVFI5cHRVYytXUDlaUlJUQkc0dkxCa3JxSlp3aXUxNUJXVThBT01Pcnhwd05xZlN1OVZFREtaMFRtUVVsWkEKVGxRdEczYk1sVFNpUkNZZXk0NjFQYVlpOE0vNUF1QjJqUDg2N09oUUhTaFdxN3RQUnJXSGFQZE1tekpKODBzUgpTRDNrRlYyUm5aemN5bGEzTFU1cWZaQUhTb20vL0tMb21oK0VlR2N4YWRVRlVwRUl4cDFVN3Z4YnRtRzByT2pKCitjNlJiWExZc2ZWRVNDOVEyUk10MTBUWCtYK1kwSGxzWHdlV0RiNXZOLzIwTlorTGtJR3E4cmNELytBZHhQd0YKcVI4R1hNSUY5TFhpdXk4ZWNjRT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
server: https://127.0.0.1:19443
name: jtcs
- context:
cluster: jtcs
namespace: jtcs-prod
user: jtcs-prod
name: jtcs-prod
- name: jtcs-prod
user:
token: eyJhbGciOiJSUzI1NiIsImtpZCI6Il82SWdMUWRGbnlHeGEtQnpReDVvUE9PWW9yWXY4cmg0NWdsT2ZiNTZiY0UifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJqdGNzLXByb2QiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoiYnVpbGQtcm9ib3Qtc2VjcmV0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6Imp0Y3MtcHJvZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6Ijk1YmUyZTk0LTFjZmUtNDBhZS1iMTgxLWExMWZlODJlMTMxNCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpqdGNzLXByb2Q6anRjcy1wcm9kIn0.WTawQUmU4f5UkE7Bbby73Qxu9CHC59KWVPDhjcWF82K-Cu5Y3yh-HE-s-fcv4qmQHfMwru2p7Tj8rE065GqL6ELsC4Y7i6irwJdZXNPVYWPLetrb0XM61d-Zoy8sq5scGuFz5Q5H8MRgSGXW6K72HjCHs_2hSJlqr4Dm6ZvBg7iukb28T_nG2yWb-1J_JUDgpKaavMWZ9nuoEZfFcvz6WxGrV6KoRbbFKF7BFuEvio08sQ4OCwKq8o3KKic-Wik2PtRVyIdL5wQ4r8j7GgFB3NUUSWKueg7mEvsdE89HrgaFQwObxJmCKaPTZbLnfq7BBBxTlhT5sx-_s8yuvegwHA
切换到集群namespace
-bash-4.2$ kubectl config use-context jtcs-prod
Switched to context "jtcs-prod".
-bash-4.2$ kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx 1/1 Running 0 2m24s
4.Jenkins远程部署业务
4.1 创建Harbor secret
提供harbor仓库的权限认证凭证
kubectl create secret docker-registry harbor-registry --docker-server=harbor.rmxc.tech --docker-username=zxx --docker-password=w2XKqbLZ3}uC8s3 [email protected]
root@k8s-made-01-32:/yaml/test# kubectl create secret -n jtcs-prod docker-registry harbor-registry --docker-server=harbor.rmxc.tech --docker-username=zxx --docker-password=w2XKqbLZ3}uC8s3 [email protected]
secret/harbor-registry created
root@k8s-made-01-32:/yaml/test#
root@k8s-made-01-32:/yaml/test# kubectl get secrets
NAME TYPE DATA AGE
harbor-registry kubernetes.io/dockerconfigjson 1 8s
k8s-ceamg-com-tls kubernetes.io/tls 2 18d
root@k8s-made-01-32:/yaml/test# docker login harbor.rmxc.tech
Username: zxx
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
root@k8s-made-01-32:/yaml/test#
root@k8s-made-01-32:/yaml/test#
root@k8s-made-01-32:/yaml/test#
root@k8s-made-01-32:/yaml/test# docker pull harbor.rmxc.tech/jn-prod/pplmc-biz-for-client@sha256:e7fabced207175c692e7b8e5fd98601218a2355248e4dad65912c8f860a3b0f6
harbor.rmxc.tech/jn-prod/pplmc-biz-for-client@sha256:e7fabced207175c692e7b8e5fd98601218a2355248e4dad65912c8f860a3b0f6: Pulling from jn-prod/pplmc-biz-for-client
d836772a1c1f: Downloading [==============================> ] 33.29MB/55MB
66a9e63c657a: Download complete
d1989b6e74cf: Downloading [==============================> ] 6.634MB/10.88MB
c28818711e1e: Downloading [==========================> ] 29.05MB/54.58MB
0dec79474efa: Download complete
b65b2dac0304: Download complete
665102702477: Downloading [============> ] 26.94MB/105.9MB
26590ef6ec03: Downloading [=> ] 33.29MB/908.3MB
4aa69a1ad42e: Download complete
4.1.1 脚本中定义变量信息
imageName="${REGISTRY}/${NAMESPACE}/${PROJECT_NAME}:${ImageTag}"
REGISTRY="harbor.rmxc.tech"
ImageTag="$(git rev-list -n 1 HEAD | cut -c-10)$(date +%Y%m%d%H%M%S)"
kubectl config use-context "${NAMESPACE}" && \
helm upgrade --install --wait -n "${NAMESPACE}" -f "${VALUES_FILE}" --set image.repository="$imageName" \
"${PROJECT_NAME}" rmxc/springboot-chart --timeout 1200s
4.2 部署mysql 57
4.2.1 创建mysql-secrets
kubectl create secret -n jtcs-prod generic mysql57-secrets --from-literal=root="$(openssl rand -hex 12)" --from-literal=test_user="$(openssl rand -hex 12)"
secret/mysql57-secrets created
4.2.2 查看密码
root@k8s-made-01-32:/yaml/mysql# kubectl get secrets -n jtcs-prod mysql57-secrets -o yaml | sed -n 3,4p
root: ZmRlMzA5YjRhNDUxMDUzNDFiYzQzNTYw
test_user: MDQxOTZlOTczYTJmODdlMWEzNDAxNjg2
echo ZmRlMzA5YjRhNDUxMDUzNDFiYzQzNTYw | base64 -d
fde309b4a45105341bc43560
echo MDQxOTZlOTczYTJmODdlMWEzNDAxNjg2 | base64 -d
04196e973a2f87e1a3401686
4.2.3 创建mysql-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql57-data
namespace: jtcs-prod
spec:
storageClassName: nfs-client
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql57-log
namespace: jtcs-prod
spec:
storageClassName: nfs-client
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
4.2.4 创建mysql-deployment
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql57
namespace: jtcs-prod
spec:
replicas: 1
selector:
matchLabels:
app: mysql57
strategy:
type: Recreate
template:
metadata:
labels:
app: mysql57
spec:
securityContext:
runAsUser: 1000
fsGroup: 1000
containers:
- name: mysql57
image: mysql:5.7
env:
- name: TZ
value: Asia/Shanghai
- name: MYSQL_ROOT_PASSWORD
#value: "ezwSqMjD3xN0sSYknsYIhdwi"
valueFrom:
secretKeyRef:
name: mysql57-secrets
key: root
- name: MYSQL_DATABASE
value: test
- name: MYSQL_USER
value: test_user
- name: MYSQL_PASSWORD
#value: "AtvWGblXlURYdb8whgD1Yd2M"
valueFrom:
secretKeyRef:
name: mysql57-secrets
key: test_user
ports:
- name: mysql
containerPort: 3306
volumeMounts:
- name: mysql57-data
mountPath: /var/lib/mysql
- name: mysql57-log
mountPath: /var/log/mysql
- name: mysql57-config
mountPath: /etc/mysql/conf.d/custom.cnf
subPath: custom.cnf
readOnly: true
resources:
requests:
memory: "2Gi"
cpu: "1"
limits:
memory: "4Gi"
cpu: "2"
volumes:
- name: mysql57-data
persistentVolumeClaim:
claimName: mysql57-data
- name: mysql57-log
persistentVolumeClaim:
claimName: mysql57-log
- name: mysql57-config
configMap:
name: mysql57-config
items:
- key: custom.cnf
path: custom.cnf
---
apiVersion: v1
kind: ConfigMap
metadata:
name: mysql57-config
namespace: jtcs-prod
data:
custom.cnf: |
[mysqld]
default_authentication_plugin=mysql_native_password
skip-name-resolve
datadir=/var/lib/mysql
bind-address=0.0.0.0
log-error=/var/log/mysql/error.log
slow_query_log=1
long_query_time=3
slow_query_log_file=/var/log/mysql/slow_query.log
# replication
log-bin=binlog
binlog_format=ROW
server-id=1
innodb_flush_log_at_trx_commit=1
sync_binlog=1
# fulltext index
ngram_token_size=1
# required by confluence
default_storage_engine=InnoDB
character-set-server=utf8mb4
collation-server=utf8mb4_bin
max_allowed_packet=256M
innodb_log_file_size=2GB
transaction-isolation=READ-COMMITTED
binlog_format=row
# required by quartz
# will make table name case-insensitive
lower_case_table_names=1
# sql mode disable full_group for backward compatibility
sql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
---
apiVersion: v1
kind: Service
metadata:
name: mysql57-nodeport
namespace: jtcs-prod
spec:
type: NodePort
ports:
- name: mysql
port: 3306
targetPort: mysql
nodePort: 30357
protocol: TCP
selector:
app: mysql57
---
apiVersion: v1
kind: Service
metadata:
name: mysql57
namespace: jtcs-prod
spec:
type: ClusterIP
ports:
- name: mysql
port: 3306
targetPort: mysql
protocol: TCP
selector:
app: mysql57
4.2.5 验证服务状态
root@k8s-made-01-32:/yaml/mysql# kubectl get pod -n jtcs-prod
NAME READY STATUS RESTARTS AGE
mysql57-6c7bc59c5-bkm8h 1/1 Running 0 20s
root@k8s-made-01-32:/yaml/mysql# kubectl exec -n jtcs-prod pods/mysql57-6c7bc59c5-bkm8h -it -- bash
I have no name!@mysql57-6c7bc59c5-bkm8h:/$ mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.7.36-log MySQL Community Server (GPL)
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
mysql> exit
Bye
I have no name!@mysql57-6c7bc59c5-bkm8h:/$
4.3 部署 pplmc-gateway-for-pt 服务
4.3.1 Jenkins执行helm命令
kubectl config use-context jtcs-prod
helm upgrade --install --wait -n jtcs-prod -f pplmc-gateway-for-pt.values.yaml --set image.repository=harbor.rmxc.tech/zn-prod/pplmc-gateway-for-pt:latest pplmc-gateway-for-pt rmxc/springboot-chart --timeout 1200s
4.3.2 查看helm部署版本信息
-bash-4.2$ helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
pplmc-gateway-for-pt jtcs-prod 2 2023-07-07 10:12:22.418329996 +0800 CST deployed springboot-chart-0.1.0 0.0.1
4.3.3 验证服务状态
root@k8s-made-01-32:/yaml/mysql# kubectl get pod -n jtcs-prod
NAME READY STATUS RESTARTS AGE
pplmc-gateway-for-pt-5fc65d6577-tkk5w 1/1 Running 0 23s
4.4 部署 pplmc-job-for-pt 服务
4.4.1 Jenkins执行helm命令
kubectl config use-context jtcs-prod
helm upgrade --install --wait -n jtcs-prod -f pplmc-job-for-pt.values.yaml --set image.repository=harbor.rmxc.tech/zn-prod/pplmc-job-for-pt:latest pplmc-job-for-pt rmxc/springboot-chart --timeout 1200s
4.4.2 查看helm部署版本信息
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
pplmc-gateway-for-pt jtcs-prod 2 2023-07-07 10:12:22.418329996 +0800 CST deployed springboot-chart-0.1.0 0.0.1
pplmc-job-for-pt jtcs-prod 1 2023-07-07 10:25:08.116510946 +0800 CST deployed springboot-chart-0.1.0 0.0.1
4.4.3 验证服务状态
root@k8s-made-01-32:/yaml/mysql# kubectl get pod -n jtcs-prod
NAME READY STATUS RESTARTS AGE
mysql57-6c7bc59c5-bkm8h 1/1 Running 0 1h
pplmc-gateway-for-pt-5fc65d6577-tkk5w 1/1 Running 0 1h
pplmc-job-for-pt-89c64db68-2flgp 1/1 Running 0 52s