The basic concept

  1. CI continuous construction
  • Previous build deployment: NPM Run Build (package generated Dist) SCP uploaded to the server to start the Nginx service
  • Continuous building:
    1. Gitlab conducts code management git push code raising PR
    2. After starting PR, perform a series of checks (code style check unit tests manual review code) to merge code
    3. Jenkins is responsible for pulling the code from the code base (GitLab)
    4. Execute custom shell scripts to build artifacts (be it zip files or Docker images) and push artifacts to the artifacts library (Nexus)
  • Common tools are Gitlab Jenkins Nexus Nginx where you just build code
  1. CD continuous deployment and continuous delivery
  • Continuous delivery: There are generally two options after a build is completed
    1. Deploy artifacts to the test environment immediately
    2. Deployment at the specified time does not impress the use of the test environment
  • Continuous deployment
    • Use automated deployment to automatically deploy the built stability package to the build environment
    • This completes a complete code development life cycle
  • Continuous deployment tool
    1. Deploy Ansible in batches
    2. Docker pull and push images
    3. Kubernetes Kubernetes(k8s)
      • Using clustering in K8S There is one master node and several nodes in an organizational server cluster
      • A master node is a controller node in a cluster that schedules resources for other servers in the cluster
      • 10 minutes to understand Docker and K8S
  1. Develop and release the basic process
    1. Submit the code to GitLab to start PR
    2. Merge PR either webhook or manually start Jenkins’ build process
    3. Jenkins starts the build process and executes the configured shell script
    4. Docker build Generates a Docker image and uploads the image to a private image library
    5. Use Kubectl to specify remote K8S cluster to send image version update instructions
    6. The remote K8S cluster receives an instruction to fetch a new image from the mirror library
    7. The image is successfully pulled out. Perform the upgrade based on the upgrade policy (Rolling release). (A/B Test Health check)
    8. Upgrade is complete

1. Cloud server

SSH [email protected] master SSH [email protected] node1 SSH [email protected] node2Copy the code

2. K8s deployment

  1. Base installation
yum install vim wget ntpdate -y
Copy the code
  1. Disable the firewall swap partition Disable Selinux
/ / why do you want to shut down https://www.zhihu.com/question/374752553 systemctl stop firewalld & systemctl disable firewalld swapoff -a (vi  /etc/fstab) setenforce 0 (vi /etc/sysconfig/selinux SELINUX=disabled)Copy the code
  1. Set aliyun address to install Docker
yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install docker-ce -y
Copy the code
  1. Start docker and set the source address of the image
Systemctl start docker systemctl enable docker // Change the source IP address of the Docker image https://cr.console.aliyun.com/cn-shenzhen/instances/mirrors sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://82u211y8.mirror.aliyuncs.com"] } EOF sudo systemctl daemon-reload sudo systemctl restart dockerCopy the code
  1. Install k8S components
cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF / / kubelet is the core component running on all the cluster nodes Create / / kubectl start the service container Yum install -y kubelet kubeadm kubectl systemctl enable kubelet && systemctl start yum install -y kubelet kubeadm kubectl systemctl start kubeletCopy the code
  1. Install the Flannel
Create a virtual network so that services under different nodes have globally unique IP addresses to access each other and link to wGET https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml docker pull Quay. IO/coreos/flannel: v0.13.0 - rc2 / / load the service kubectl apply -f kube - flannel. YmlCopy the code
  1. Raw.githubusercontent.com cannot be accessed or connection timeout
1. Visit https://githubusercontent.com.ipaddress.com/raw.githubusercontent.com for IP 2. Vim/etc/hosts 199.232.96.133 raw.githubusercontent.comCopy the code
  1. The master node
SSH [email protected] hostnamectl set-hostname master vim /etc/hosts 120.79.175.88 master // Configure the initialization file kubeadm config Print init-defaults > init-kubeadm.conf vim init-kubeadm.conf // Change the image storage to ali Cloud address. Replace the IP address with that of the master nodeCopy the code

// pull the default image kubeadm config images pull --config init-kubeadm.conf to initialize k8s kubeadm init --config init-kubeadm.confCopy the code

/ / in modify configuration when I set the IP to public IP init error According to the command prompt execution Found hanged two containers docker ps - a | grep kube | grep -v pause / / for details docker logs K8s_kube apiserver_kube - apiserver - master_kube - system_3e98cd250e7b108f42e1a053b41e54be_6i / / modify the configuration file kubeadm IP for the network IP address Reset the rm - rf/etc/kubernetes manifests / / reinitializes the successful installation prompt execute commands mkdir -p $HOME /. Kube sudo cp - I/etc/kubernetes/admin. Conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/configCopy the code

  1. The node node
Hostnamectl set-hostname node1 Hostnamectl set-hostname node2 // Copy the configuration file SCP $HOME/.kube/config on the master node [email protected]:~/ SCP $HOME/. Kube /config [email protected]:~/ mkdir -p $HOME/. Kube sudo mv $HOME/config $HOME/. Kube /config sudo chown $(id -u):$(id -g) $HOME/. Kube /config // --print-join-commandCopy the code

  1. The master node checks the startup status
// kubectl get nodes before and after joining nodesCopy the code

3. jenkins

  1. Install Jenkins
yum install -y java sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo sudo RPM - import https://pkg.jenkins.io/redhat-stable/jenkins.io.key yum install Jenkins / / start Jenkins service Jenkins start (service Jenkins restart restart) // firewall firewall-cmd --zone=public --add-port=8080/ TCP --permanent firewall-cmd --zone=public --add-port=50000/tcp --permanent systemctl reload firewalldCopy the code
  1. Initialize the
/ / / / access 120.79.175.88:8080 initial password a6a5bf2c70c24726bdc05a015edea4cb cat/var/lib/Jenkins/secrets/initialAdminPassword / / To change the address to download the plugin sed -i 's/http:\/\/updates.jenkins-ci.org\/download/https:\/\/mirrors.tuna.tsinghua.edu.cn\/jenkins/g' /var/lib/jenkins/updates/default.json && sed -i 's/http:\/\/www.google.com/https:\/\/www.baidu.com/g' The/var/lib/Jenkins/updates/default. The json / / recommend plug-in download Create a user admin adminCopy the code
  1. Test Jenkins
// New task execution shell prompt No permission docker -v docker pull node:latestCopy the code

  1. Permission problems
Groupadd docker # add docker user group sudo gpasswd -a Jenkins docker # add docker user group sudo gpasswd -a Jenkins docker Docker sudo service Jenkins restart docker sudo service Jenkins restart dockerCopy the code

4. gitlab

Todo temporarily uses Gitee instead of GitLabCopy the code

5. nexus

  1. The installation
// Jenkins (build) is generally separate from the master node (deploy) nexus mysql Gitlab is also separate temporarily installed on the master node SSH [email protected] wget https://dependency-fe.oss-cn-beijing.aliyuncs.com/nexus-3.29.0-02-unix.tar.gz tar ZXVF. / nexus - 3.29.0-02 - Unix. Tar. Gz CD Nexus-3.29.0-02 /bin // Start service./nexus start // Firewall Settings firewall-cmd --zone=public --add-port=8081/ TCP --permanent firewall-cmd --zone=public --add-port=8082/tcp --permanentCopy the code
  1. Initialize the
// Access 120.79.175.88:8081 // Obtain the initial password 61258DE4-e725-408C-9041-93428bd9F36E default user name admin Change the password to admin cat /root/sonatype-work/nexus3/admin.passwordCopy the code
  1. Create a Docker private server
// 1. Create Repositories Select Docker (Hosted) // 2. Add access to the mirror library Security Realms Docker Bearer Token Realm ActiveCopy the code
  1. The login
Docker login 120.79.175.88:8082 // HTTP insecure address HTTPS not necessary vi /etc/dock/daemon. json {"insecure-registries" : ["120.79.175.88:8082"],} // restart docker systemctl restart dockerCopy the code

6. Jenkins + Gitee + Nexus build image released

  1. jenksin
1. Install nodeJS environment and use SSH protocol to integrate Git repository source. Generate a key pair ssh-keygen -t rsa -c "[email protected]" 3. cat /root/.ssh/id_rsa.pub Configure the file in gitee 4. cat /root/.ssh/id_RSA private key Add a certificate 5. Perform a shell script to build successful NPM install - registry=https://registry.npm.taobao.org NPM run build docker build Jenkins - t - test.Copy the code

  1. gitee
[email protected]:liuxs_dream/k8s-demo-frontend. Git 1. Configure security Settings SSH public key 2. Run dockerfile FROM nginx COPY dist /etc/nginx-html WORKDIR /etc/nginx-htmlCopy the code

  1. Nexus uploads the image to a private image library
Modify shell commands in the Jenkins NPM install - registry=https://registry.npm.taobao.org NPM run build docker build - t 120.79.175.88:8082 / Jenkins - test. The docker push 120.79.175.88:8082 / Jenkins - test / / tip without permissionCopy the code

Docker login -u "Username" -p "Password" 120.79.175.88:8082 // Use credentials instead of docker login -u $DOCKER_LOGIN_USERNAME -p $DOCKER_LOGIN_PASSWORD 120.79.175.88:8082 // The newly uploaded image can be seen on the nexus interfaceCopy the code

7. Deploy the first application using K8S

  1. The basic concept
SCP upload to server start Nginx service HTTP access 1. Gitlab code management git push code pr 2. 3. Jenkins, the webhook trigger construction platform of git platform, is responsible for pulling the code from the code base (gitlab) 4. Execute custom shell scripts to build artifacts (either a zip package or a Docker image) and push artifacts to the artifacts (Nexus) common tools gitlab Jenkins Nexus Nginx this part only builds code 2. CD continuous deployment and continuous delivery Continuous delivery: There are generally two options after a build is completed. 1. Continuous deployment: Use automated deployment to automatically deploy the built stable package to the build environment so that a complete code development life cycle is complete tools: Kubernetes(K8S) Using clusters in K8S An organization server cluster has one master node and several nodes. The master node is the control node of the cluster Responsible for other server resource scheduling in the cluster [10 minutes read Docker and K8S] (https://zhuanlan.zhihu.com/p/53260098). 4. Basic process 1. Submit the code to GitLab to start PR 2. 3. Jenkins starts the construction process and executes the configured shell script. 4. Docker build generates docker image and upload the image to the private image library. Use Kubectl to specify the remote K8S cluster to send the mirror version update command 6. The remote K8S cluster receives the command to fetch A new image from the image library. 7. The image is successfully pulled and upgraded according to the upgrade policy (Rolling publication). Upgrade is completeCopy the code
  1. The deployment of
// 1. Declare a deployment manifest in yamL format (application deployment is done through the YAML deployment Manifest) mkdir Deployment && CD Deployment vim v1.yaml // Pay special attention to the format indentation # API configuration version ApiVersion: apps/v1 # resource type kind: Deployment metadata: # resource name: front-v1 spec: selector: matchLabels: app: Replicas: 3 template: metadata: labels: app: nginx-v1 # Create pod information spec: containers: - name: Nginx image: 120.79.175.88:8082 / Jenkins - test ports: # mapping port - containerPort: 80 / / 2. Start the first kubectl apply-f./v1.yaml // 3. Kubectl get pod // 4. Kubectl get pod // 4. No basic auth credentials kubectl describe pod front-v1-5C884cffb9-nTMGB kubectl describe Pod front-v1-5C884cffb9-nTMGBCopy the code

  1. Create a secret
Opaque type kubectl create secret generic; opaque type kubectl create secret generic default-auth --from-literal=username=admin \ --from-literal=password=admin // 2. Kubectl get secret private-registry -o yaml kubectl create secret docker-registry private-registry \ --docker-username=admin \ --docker-password=admin \ [email protected] \ --docker-server=120.79.175.88:8082 []. Name // Docker private library authentication modify v1 configuration file imagePullSecrets: - name: // re-kubectl apply-f./v1.yamlCopy the code

  1. To access the page
Kubectl get SVCCopy the code

  1. Use service to solve stateless problems
// edit v1 apiVersion: v1 kind: Service metadata: name: front-service-v1 spec: selector: app: nginx-v1 ports: Type: nodeport kubectl apply-f./v1.yamlCopy the code
  1. Use ingress for load balancing
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.34.1/deploy/static/provider/baremetal/deploy.ya Yaml // Add nodePort To modify the source address registry.cn-hangzhou.aliyuncs.com/bin_x/nginx-ingress:v0.34.1@sha256:80359bdf124d49264fabf136d2aecadac729b54f16618162194 356d3c78ce2fe kubectl apply -f deploy.yaml automatic pull ingress image automatic deployment ingress Check status kubectl get Pods -n ingress-nginx -l App.kubernetes. IO /name=ingress-nginx --watch to check whether the configuration takes effect kubectl -n ingress-nginx get SVCCopy the code

Ingress mkdir ingress && CD ingress && vim base.yaml apiVersion: Extensions /v1beta1 kind: ingress metadata: name Modify the configuration to modify the behavior of ingress to achieve grayscale publishing of cross-domain resources # https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/ annotations: Nginx. Ingress. Kubernetes. IO/rewrite - target: / kubernetes. IO/ingress. Class: nginx spec: # rules configuration path forward rules rules: - HTTP: Paths: # path can be a string or an expression. -path: / WSS backend: serviceName: front-service-v1 servicePort: 80 # Backend is a service. ServiceName is a service name. Port is a port. front-service-v1 servicePort: 80 kubectl apply -f. / base. Yaml visit http://120.79.175.88:31234/wss http://120.78.165.128:31234/wssCopy the code

  1. Grayscale release A/B testing

8. Deploy the front – end separation project

  1. Deploy mysql
Kubectl taint nodes node2 kubectl taint nodes node2 kubectl taint nodes node2 Mysql =true:NoSchedule // create mysql data directory mkdir /var/lib/mysql && mkdir /var/lib/mysql/data // save password kubectl create Secret generic demo-mysql-auth \ --from-literal=password=367734 vim mysql.yaml apiVersion: apps/v1 kind: Deployment metadata: name: demo-mysql spec: replicas: 1 selector: matchLabels: app: demo-mysql template: Metadata: labels: app: demo-mysql spec: # Tolerations: -key: "mysql" operator: "Equal" value: "true" effect: "NoSchedule" containers: - name: demo-mysql image: mysql:5.6 imagePullPolicy: IfNotPresent args: - "--ignore-db-dir=lost+found" ports: # containerPort: 3306 volumeMounts: - name: mysql-data mountPath: "/var/lib/mysql" env: - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: name: demo-mysql-auth key: password volumes: - name: mysql-data hostPath: path: /var/lib/mysql type: Directory --- apiVersion: v1 kind: Service metadata: name: demo-mysql-service spec: type: NodePort ports: - port: 3306 protocol: TCP targetPort: 3306 selector: app: Mysql kubectl apply -f mysql.YAML // mysql kubectl apply -f mysql.YAML // mysql kubectl apply -f mysql.YAML // mysql kubectl apply -f mysql.YAML // mysql kubectl apply -f mysql.YAML //Copy the code

// Create a user table SET NAMES utf8mb4; SET FOREIGN_KEY_CHECKS = 0; CREATE DATABASE IF NOT EXISTS `demo-backend` DEFAULT CHARSET utf8 COLLATE utf8_general_ci; USE `demo-backend`; DROP TABLE IF EXISTS `users`; CREATE TABLE 'users' (' id' int(11) NOT NULL AUTO_INCREMENT COMMENT 'id ',' name 'varchar(255) NOT NULL COMMENT' id ', 'age' int(11) NOT NULL COMMENT 'age ',' sex 'varchar(255) NOT NULL COMMENT' gender '; 1 male 2 female ', PRIMARY KEY (' id ')) ENGINE=InnoDB AUTO_INCREMENT=9 DEFAULT CHARSET= UTf8; SET FOREIGN_KEY_CHECKS = 1;Copy the code

  1. Deploying front-end projects
[email protected]:liuxs_dream/k8s-demo-frontend. Git // Jenkins create a task demo-frontend / / 1. Execute shell script to build #! /bin/sh -l time=$(date "+%Y%m%d%H%M%S") npm install --registry=https://registry.npm.taobao.org npm run build docker Build - t 120.79.175.88:8082 / frontend - app: $time. The docker login -u admin - p admin 120.79.175.88:8082 docker push 120.79.175.88:8082 / frontend - app: $time / / 2. Vim demo-frontend. Yaml apiVersion: apps/v1 kind: Deployment metadata: name: demo-frontend spec: selector: matchLabels: app: demo-frontend replicas: 1 template: metadata: labels: app: demo-frontend spec: imagePullSecrets: - name: private-registry containers: - name: frontend-app imagePullPolicy: Always image: 120.79.175.88:8082 / frontend - app: 20210121150131 ports: - containerPort: 80 - apiVersion: v1 kind: the Service metadata: name: demo-frontend-service spec: selector: app: demo-frontend ports: - protocol: TCP port: 80 targetPort: 80 type: NodePort kubectl apply -f demo-frontend.yaml kubectl get svcCopy the code
  1. Back-end project deployment
#bin/bash time=$(date "+%Y%m%d%H% m% S") NPM #bin/bash time=$(date "+%Y%m% S") NPM Install - registry=https://registry.npm.taobao.org docker build -t 120.79.175.88:8082 / backend - app: $time. The docker login -u admin - p admin 120.79.175.88:8082 docker push 120.79.175.88:8082 / backend - app: $time / / 2. Secret Encrypts the configMap database before deploying it in K8S. Vim mysql-config.yaml apiVersion: v1 kind: encrypts the configMap database. ConfigMap metadata: name: mysql-config data: host: 'demo-mysql-service' port: '3306' username: 'root' database: 'demo-backend' kubectl apply -f mysql-config.yaml // Deploy vim demo-backend.yaml apiVersion: apps/v1 kind: Deployment metadata: name: demo-backend spec: selector: matchLabels: app: demo-backend replicas: 1 template: metadata: labels: app: demo-backend spec: imagePullSecrets: - name: private-registry containers: - name: Backend - app imagePullPolicy: Always image: 120.79.175.88:8082 / frontend - app: 20210121172141 ports: - containerPort: 7001 env: - name: MYSQL_HOST valueFrom: configMapKeyRef: name: mysql-config key: host - name: MYSQL_PORT valueFrom: configMapKeyRef: name: mysql-config key: port - name: MYSQL_USER valueFrom: configMapKeyRef: name: mysql-config key: username - name: MYSQL_DATABASE valueFrom: configMapKeyRef: name: mysql-config key: database --- apiVersion: v1 kind: Service metadata: name: demo-backend-service spec: selector: app: demo-backend ports: - protocol: TCP port: 7001 targetPort: 7001 type: NodePort kubectl apply -f demo-backend.yaml kubectl get podCopy the code

  1. Access to the project

Use Jenkins to perform build and deployment with one click directly

Kubectl cat <<EOF > kubectl cat <<EOF > kubectl cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF yum install -y kubectl // 1. Manage Jenkins => Manage Jenkins => Manage Jenkins => Manage Jenkins => Manage Jenkins => Manage Jenkins => Manage Jenkins => Manage Jenkins => Manage Jenkins => Manage Jenkins => Provide Configuration Files // 3. Kubectl --kubeconfig=k8s-config.yaml set image deployment/demo-frontend kubectl --kubeconfig=k8s-config Frontend - app = 120.79.175.88:8082 / frontend - app: $time / / rebuild prompt deployment. The apps/demo - frontend image updatedCopy the code

10.todo

Pm2 Webhook Action Notify Grayscale release A/B test Rolling release Health check Rollback service Discovery...Copy the code

Special thanks to

Content source volume from 0 to 1 to implement a SET of CI/CD process wall crack recommendations