axing 发布的文章 - 星的博客

首页导航统计留言

更多

壁纸直播关于

推荐

星的魔法星的导航页谷歌一下镜像国内下载站大模型国内下载站 docker镜像国内下载站腾讯视频

1 Ubuntu安装 kubeadm 部署k8s 1.30 219 阅读 2 kubeadm 部署k8s 1.30 137 阅读 3 rockylinux 9.3详细安装drbd 131 阅读 4 rockylinux 9.3详细安装drbd+keepalived 122 阅读 5 ceshi 82 阅读

默认分类日记 linux docker

k8s

ELK Jenkins Grafana Harbor Prometheus Cepf k8s安装 Gitlab traefik sonarqube OpenTelemetry MinIOn Containerd进阶使用 ArgoCD

golang Git Python

Web开发

HTML和CSS JavaScript 对象模型

公司 zabbix

登录 / 注册

标签搜索

k8s
linux
docker
drbd+keepalivde
ansible
dcoker
webhook

星

累计撰写 118 篇文章
累计收到 940 条评论

首页
栏目
- 默认分类
- 日记
- linux
- docker
- k8s
  - ELK
  - Jenkins
  - Grafana
  - Harbor
  - Prometheus
  - Cepf
  - k8s安装
  - Gitlab
  - traefik
  - sonarqube
  - OpenTelemetry
  - MinIOn
  - Containerd进阶使用
  - ArgoCD
- golang
- Git
- Python
- Web开发
- 公司
- zabbix
页面
- 导航
- 统计
- 留言
- 壁纸
- 直播
- 关于
推荐

搜索到 116 篇与的结果

2025-08-01
jenkins与Maven集成一、安装配置Maven此处以rpm包部署jenkins为例，以下操作在jenkins所在服务器执行。 maven下载地址：https://maven.apache.org/download.cgi1.1安装Maven[root@jenkins ~]# wget https://dlcdn.apache.org/maven/maven-3/3.9.6/binaries/apache-maven-3.9.6-bin.tar.gz [root@jenkins ~]# mkdir /usr/local/maven [root@jenkins ~]# tar -zxf apache-maven-3.9.6-bin.tar.gz -C /usr/local/maven/ [root@jenkins ~]# cd /usr/local/maven/apache-maven-3.9.6/ [root@jenkins apache-maven-3.9.3]# ls bin boot conf lib LICENSE NOTICE README.txt1.2设置maven的阿里云镜像[root@jenkins apache-maven-3.9.6]# vim conf/settings.xml # 在159行的标签为</mirrors>前添加如下阿里云镜像 <mirror> <id>alimaven</id> <name>aliyun maven</name> <url>http://maven.aliyun.com/nexus/content/groups/public/</url> <mirrorOf>central</mirrorOf> </mirror>1.3配置环境变量tar -zxvf amazon-corretto-17.0.16.8.1-linux-x64.tar.gz -C /usr/lib/jvm/ root@k8s-03:/usr/lib/jvm# ls amazon-corretto-17.0.16.8.1-linux-x64 root@k8s-03:/usr/lib/jvm# sudo chown -R root:root /usr/lib/jvm/amazon-corretto-17.0.16.8.1-linux-x64/ root@k8s-03:/usr/lib/jvm# export JAVA_HOME=/usr/lib/jvm/amazon-corretto-17.0.16.8.1-linux-x64/ root@k8s-03:/usr/lib/jvm# export PATH=$JAVA_HOME/bin:$PATH root@k8s-03:/usr/lib/jvm# java -version openjdk version "17.0.16" 2025-07-15 LTS OpenJDK Runtime Environment Corretto-17.0.16.8.1 (build 17.0.16+8-LTS) OpenJDK 64-Bit Server VM Corretto-17.0.16.8.1 (build 17.0.16+8-LTS, mixed mode, sharing) root@k8s-03:/usr/lib/jvm# javac -version javac 17.0.16 root@k8s-03:/usr/lib/jvm# vi /etc/profile root@k8s-03:/usr/lib/jvm# cat /etc/profile # /etc/profile: system-wide .profile file for the Bourne shell (sh(1)) # and Bourne compatible shells (bash(1), ksh(1), ash(1), ...). if [ "${PS1-}" ]; then if [ "${BASH-}" ] && [ "$BASH" != "/bin/sh" ]; then # The file bash.bashrc already sets the default PS1. # PS1='\h:\w\$ ' if [ -f /etc/bash.bashrc ]; then . /etc/bash.bashrc fi else if [ "$(id -u)" -eq 0 ]; then PS1='# ' else PS1='$ ' fi fi fi if [ -d /etc/profile.d ]; then for i in /etc/profile.d/*.sh; do if [ -r $i ]; then . $i fi done unset i fi export MAVEN_HOME=/usr/local/maven/apache-maven-3.9.9 export PATH=${MAVEN_HOME}/bin:${PATH} JAVA_HOME=/usr/lib/jvm/amazon-corretto-17.0.16.8.1-linux-x64 PATH=$JAVA_HOME/bin:$PATH export JAVA_HOME PATH root@k8s-03:/usr/lib/jvm# source /etc/profile root@k8s-03:/usr/lib/jvm# mvn -v Apache Maven 3.9.9 (8e8579a9e76f7d015ee5ec7bfcdc97d260186937) Maven home: /usr/local/maven/apache-maven-3.9.9 Java version: 17.0.16, vendor: Amazon.com Inc., runtime: /usr/lib/jvm/amazon-corretto-17.0.16.8.1-linux-x64 Default locale: en_US, platform encoding: UTF-8 OS name: "linux", version: "5.15.0-151-generic", arch: "amd64", family: "unix" 二、jenkins配置Maven 2.1全局工具配置关联jdk和mavenjenkis——>manage jenkins——>tools 如遇yum安装jdk无法识别，可尝试下载二进制openjdk安装2.2添加jenkins全局变量jenkis——>manage jenkins——>System 新增JAVA_HOME、M2_HOME、PATH+EXTRA三、拉取java项目 3.1创建项目此处以springboot项目为例，项目地址https://gitee.com/axzys/sprint_boot_demo3.2创建凭据依次点击jenkins——>系统管理——>Credentials——> Add Credentials，类型选择username with password四、创建任务 4.1创建流水线任务新建一个类型为自由风格的任务4.2配置git仓库信息gitee的主分支名称为master4.3构建测试点击立即构建，查看构建信息五、打包测试 5.1修改任务修改gitlab与gitee连接中配置的任务，新增构建步骤。配置如下5.2构建测试可以看到控制台成功打印了打包信息六、读取pom.xml参数在执行 Java 项目的流水线时，我们经常要动态获取项目中的属性，很多属性都配置在项目的 pom.xml 中，使用Pipeline Utility Steps 插件提供能够读取 pom.xml 的方法，pipeline如下stage('读取pom.xml参数阶段'){ // 读取 Pom.xml 参数 pom = readMavenPom file: './pom.xml' // 输出读取的参数 print "${pom.artifactId}" print = "${pom.version}" }
- 2025年08月01日
- 4 阅读
- 0 评论
- 0 点赞
2025-08-01
gitlab和jenkins连接一、gitlab配置 1.1 创建用户并登录1.2 导入项目需要管理员后台开启导入功能此处以Vue项目为例，项目地址：https://gitee.com/cuiliang0302/vue3_vite_element-plus.git二、jenkins配置 2.1 安装gitlab插件依次点击jenkins——>Manage Jenkins——>插件管理——>Plugins，在Jenkins的插件管理中安装GitLab插件三、连接测试 3.1 SSH验证#在容器中生成秘钥 root@k8s-01:~# kubectl get pods -n cicd NAME READY STATUS RESTARTS AGE jenkins-c884498c6-jt5rd 1/1 Running 4 (11m ago) 36h root@k8s-01:~# kubectl exec -it -n cicd jenkins-c884498c6-jt5rd -- /bin/sh $ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/var/jenkins_home/.ssh/id_rsa): Created directory '/var/jenkins_home/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /var/jenkins_home/.ssh/id_rsa Your public key has been saved in /var/jenkins_home/.ssh/id_rsa.pub The key fingerprint is: SHA256:vslPYI4OboQAv+ClSj+l0s5BcOgWy71KoF3CFJnOKEM jenkins@jenkins-c884498c6-jt5rd The key's randomart image is: +---[RSA 3072]----+ | .o | |.E+. | |oO.. | |OoX. | |+O==. S | |+=+oo. = . | |+.+++ . o . | |o.o*oo . + | | .o+o . +.. | +----[SHA256]-----+ $ cat ~/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAmjMVNkGL2gzFKQZDaC5jxOCXniZfBdkdYvqdralfhdVMTqxSgbQNbBX3E3S98L736/d0p7kgqZb/6FNGtNeAzHaQuWC2buPz1JAVw38dYuNbMazrpnsEcuoajbjACASwPSYfHhvq6zZ9xYMZMPqlgFgAgZGPmrC22cIgg1mFapwOIUyc56XqXViDOUZMGof5HQC+pNSV3iKfCt6agzPvDk6jXauis77n1T5gNiyeZixFDsXf9/6ORvd6XNUX0OfqZF2TUceIOWk+u1N/k5Y8CDjnHAJxftJJWFWtDwkANnqux1HA2BcUYCmZlvyPUNJHKTBWvQZ4Q7EbH0fX6YNN/n3doYovU4aA+OfpVlPv+4tzwUHSy5bauVUDT42Bg1KZtCwDIvf2rxrTmWCbb8ceNPti8/XzzccuZ8al382cE2yK0i6/PUjrI3Azk/NAKVdCERb/RgYpimALfWmUoduPdcLHNwZOsm3JjvxHuP88YxxvRG5JkzpU8bbg/a1RKeM= jenkins@jenkins-c884498c6-jt5rd在gitlab中添加ssh密钥信息获取jenkins容器用户名和私钥$ whoami jenkins $ cat ~/.ssh/id_rsa -----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn NhAAAAAwEAAQAAAYEAwJozFTZBi9oMxSkGQ2guY8Tgl54mXwXZHWL6na2pX4XVTE6sUoG0 DWwV9xN0vfC+9+v3dKe5IKmW/+hTRrTXgMx2kLlgtm7j89SQFcN/HWLjWzGs66Z7BHLqGo 24wAgEsD0mHx4b6us2fcWDGTD6pYBYAIGRj5qwttnCIINZhWqcDiFMnOel6l1YgzlGTBqH +R0AvqTUld4inwremoMz7w5Oo12rorO+59U+YDYsnmYsRQ7F3/f+jkb3elzVF9Dn6mRdk1 HHiDlpPrtTf5OWPAg45xwCcX7SSVhVrQ8JADZ6rsdRwNgXFGApmZb8j1DSRykwVr0GeEOx Gx9H1+mDTf593aGKL1OGgPjn6VZT7/uLc8FB0suW2rlVA0+NgYNSmbQsAyL39q8a05lgm2 /HHjT7YvP1883HLmfGpd/NnBNsitIuvz1I6yNwM5PzQClXQhEW/0YGKYpgC31plKHbj3XC xzcGTrJtyY78R7j/PGMcb0RuSZM6VPG24P2tUSnjAAAFmDaXUJE2l1CRAAAAB3NzaC1yc2 EAAAGBAMCaMxU2QYvaDMUpBkNoLmPE4JeeJl8F2R1i+p2tqV+F1UxOrFKBtA1sFfcTdL3w vvfr93SnuSCplv/oU0a014DMdpC5YLZu4/PUkBXDfx1i41sxrOumewRy6hqNuMAIBLA9Jh 8eG+rrNn3Fgxkw+qWAWACBkY+asLbZwiCDWYVqnA4hTJznpepdWIM5Rkwah/kdAL6k1JXe Ip8K3pqDM+8OTqNdq6KzvufVPmA2LJ5mLEUOxd/3/o5G93pc1RfQ5+pkXZNRx4g5aT67U3 +TljwIOOccAnF+0klYVa0PCQA2eq7HUcDYFxRgKZmW/I9Q0kcpMFa9BnhDsRsfR9fpg03+ fd2hii9ThoD45+lWU+/7i3PBQdLLltq5VQNPjYGDUpm0LAMi9/avGtOZYJtvxx40+2Lz9f PNxy5nxqXfzZwTbIrSLr89SOsjcDOT80ApV0IRFv9GBimKYAt9aZSh2491wsc3Bk6ybcmO /Ee4/zxjHG9EbkmTOlTxtuD9rVEp4wAAAAMBAAEAAAGABpcgKVkmbAUli7eIJdVSRQqvDr EUKgs2ryk8XxnaolCfiFFm1xnmEdGBfOdXBsrOlggmewDkNkhnSNFnzBMTDq6wXeph80wf E7BRz9TVLCm+ktfDzXpwWioedZMk37lGg8tL2yO6G9M5lZslDb8dzHz0RewpEWtfIZqY6G jmLskDlv4vs2y/wiG4jiDvFVqRDYafCGb2eTxVHfEOxeW4aLUqHq/tWA9jeGZVEJC5/R+M 4z4Kqku/k5m9DRxRFFQLFEKxuWidau45/e3Kqx7RHSFQuKIyGo44KBCQed3XcVnEexS9SI UUdhvYNqBX3KdCiDQphFcYoG360/+Pt9NVQ4/yTpHp7A2qSXHgVtEtYtUCdEd3TdsOeir5 s3dRDjRb3Hp+gJPVNSJ2cZJG8pBrVWfwLqv4wl/vJwDS3E20jCY2a+roc21LAbVV52bmjS MjfMpzayKHTamoeDvWA7+9pyeW0X/s/PDgkXgHqMlLpUsDloF7Xn6bHgmHtu02m88BAAAA wQCt/X9vXe7SbvE9q/DyQpWWRLFNYhB+qTEiLqh5ndyoej9cCsrpj9BrudPS2uh2xMxfS9 JfpUqk++tSKQxJb6LXQBmFh5+gEXVql415iIWFCUhm28QeaJ5IxvYVdN6uAqNH81mWnpo7 K3pzKKp1oJfMMbToLrJFrxgwSnrPRhhegjA0Hb6CmfO7N+sBss0SAmbQx3SMfXL30Hxjqa 0DeSrzg4i4HArm8cd89wSQEfx6500yhUG+AARHzCxpcSeuTaYAAADBAOuBZ4LO9glbwUCV FulNeVvnbrlFpFbovu9eg1ROYxkB8yEMS3s6HtGyM/0c6QxT14Qam1siGuxLYR9UgGSvl5 EOpS/1aGbr5UYBVDXrGh3OdrfyD0OIZuxxyY5liZ7sRA+LC+6cR6qmOaShwS/8Afru8KdU 1CYGU9Ndit8gS156imT/jRJgci0m+pSgtP9ZsGbxbfZCGZyG1QOmgQTOHmFw/eXm/qPZ6t SuBzz3IprArOn+MaNKxlh/qGB6kSjzAQAAAMEA0Vz/hyPNJwErFfngA8DdAo4OZPw9thcM 3n0Kv6/jeDglDWQ4/FfSVp9PdQdZNKlk/Yp5wXxUV1SxtKCEDXLC8DofDhxoVh9UKTJkpU LnoD5mfr5oHsZ9BONixBS1OkX/NDdIe+pQ+oGX1TaxavQnGwXulI/Xu4x8GIulwgDEaXYd NbXSU1Wu1/mmVuGrCq2s6hXgOJF8xJ0DiX0JmdgH9yNPOteJiaQcoZbL90xmlOM76zWyv7 5AbWNqZ4UL8bDjAAAAH2plbmtpbnNAamVua2lucy1jODg0NDk4YzYtanQ1cmQBAgM= -----END OPENSSH PRIVATE KEY----- jenkins创建密钥凭据，类型选择ssh username with private key获取仓库git连接地址创建自由风格的软件项目在源码管理中添加仓库地址，需要注意的是默认地址为git@gitlab-559d798d49-hpcjt:cuiliang/vue3_vite_element-plus.git，修改为git@gitlab-svc.cicd.svc:cuiliang/vue3_vite_element-plus.git，并在jenkins容器中执行命令，添加远程仓库地址。 #上面是gitlab跑在k8s当中需要修改的下面是gitlab裸部署 git@192.168.30.181:xing/vue3_vite_element-plus.git$ $ git ls-remote -h -- git@192.168.30.181:xing/vue3_vite_element-plus.git HEAD The authenticity of host '192.168.30.181 (192.168.30.181)' can't be established. ED25519 key fingerprint is SHA256:2awMz8VKsoMHs1ylz/z1bl11ATG3AcIVJEABqhR51p0. This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '192.168.30.181' (ED25519) to the list of known hosts.点击立即构建，可以拉取代码并获取git commit信息。3.2 http/https连接添加jenkins凭据在jenkins中添加凭据，账号为gitlab账户和密码。 jenkins——>系统管理——>Credentials——>添加类型为username with password的全局凭据获取项目克隆地址访问gitlab项目页，获取项目http克隆地址。 http://192.168.30.181/xing/vue3_vite_element-plus.git创建自由风格任务测试新建一个自由风格软件项目测试如果是gitlab是跑在k8s里面的在源码管理中填写http仓库地址，并选择账号密码凭据，需要注意的是仓库地址默认使用gitlab的pod名称，需要改为svc名称方式。即http://gitlab-svc.cicd.svc/cuiliang/vue3_vite_element-plus.git点击立即构建，查看控制台日志，已经可以正常拉取项目代码，获取到git commit信息。3.3Access Token验证登录gitlab，依次点击项目——>设置——>访问令牌。角色设置为guest，授予api权限即可。glpat-d2zMJyr9Z3u_1b-B43s1创建凭据，依次点击jenkins——>系统管理——>Credentials——> Add Credentials，类型选择gitlab api token配置gitlab信息 jenkins——>系统管理——>系统配置，找到gitlab配置区域， gitlab url填写http://gitlab-svc.cicd.svc，然后点击 Test Connection，显示 Success，表示成功。四、webhook配置通常在企业实际开发过程中，当代码提交到master分支或者创建tag时，gitlab请求jenkins的webhook地址，完成持续构建和持续部署流程。4.1创建jenkins流水线项目4.1.1新建一个类型为流水线的任务pipeline { agent any stages { stage('Checkout') { steps { // 修正参数名并补充必要参数 git branch: 'master', credentialsId: 'gitlab-xing-password', // Jenkins凭据ID url: 'http://192.168.30.181/xing/vue3_vite_element-plus.git', poll: true, // 对应"√ Include in polling" changelog: true // 对应"√ Include in changelog" } } stage('build') { steps { echo '编译打包完成' } } } }如果不选择沙盒会报错接下来点击立即构建，测试是否可以正常拉取代码4.2 开启webhook配置配置gitlab策略，使用root用户登录——>管理员——>网络——>出站请求——>允许来自webhook和集成对本地网络的请求。获取jenkins webhook令牌修改流水线任务，点击**Build when a change is pushed to GitLab的高级选项，生成令牌。切换回cuiliang用户——>vue项目——>设置——>webhooks——>填写jenkins生成的webhook地址和令牌。触发来源选择所有分支。查看jenkins构建历史，发现触发了自动构建五、项目添加Jenkinsfile通常在企业开发中，jenkinsfile文件存放在项目指定路径下，与仓库代码一同维护，根据环境灵活配置，而非jenkins中的固定配置。修改流水线配置，选择pipeline文件来自仓库提交代码到仓库后，查看jenkins构建历史，发现已经自动触发了一次构建
- 2025年08月01日
- 7 阅读
- 0 评论
- 1 点赞
2025-07-30
k8s观测平台dashboard 一、部署Dashboardkubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml二、创建访问凭证 cat > dashboard-admin.yaml << EOF apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard EOF kubectl create ns kubernetes-dashboard kubectl apply -n kubernetes-dashboard -f dashboard-admin.yaml三、创建 dashboard# Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: Namespace metadata: name: kubernetes-dashboard --- apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard --- kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: type: NodePort # 添加这行，将服务类型改为NodePort ports: - port: 443 targetPort: 8443 nodePort: 32000 # 添加这行，指定NodePort端口（可选） selector: k8s-app: kubernetes-dashboard --- apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-certs namespace: kubernetes-dashboard type: Opaque --- apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-csrf namespace: kubernetes-dashboard type: Opaque data: csrf: "" --- apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-key-holder namespace: kubernetes-dashboard type: Opaque --- kind: ConfigMap apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-settings namespace: kubernetes-dashboard --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard rules: # Allow Dashboard to get, update and delete Dashboard exclusive secrets. - apiGroups: [""] resources: ["secrets"] resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"] verbs: ["get", "update", "delete"] # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. - apiGroups: [""] resources: ["configmaps"] resourceNames: ["kubernetes-dashboard-settings"] verbs: ["get", "update"] # Allow Dashboard to get metrics. - apiGroups: [""] resources: ["services"] resourceNames: ["heapster", "dashboard-metrics-scraper"] verbs: ["proxy"] - apiGroups: [""] resources: ["services/proxy"] resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"] verbs: ["get"] --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard rules: # Allow Metrics Scraper to get metrics from the Metrics server - apiGroups: ["metrics.k8s.io"] resources: ["pods", "nodes"] verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: kubernetes-dashboard subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kubernetes-dashboard subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kubernetes-dashboard --- kind: Deployment apiVersion: apps/v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: kubernetes-dashboard template: metadata: labels: k8s-app: kubernetes-dashboard spec: securityContext: seccompProfile: type: RuntimeDefault containers: - name: kubernetes-dashboard image: registry.cn-guangzhou.aliyuncs.com/xingcangku/kubernetesui-dashboard:v2.7.0 imagePullPolicy: Always ports: - containerPort: 8443 protocol: TCP args: - --auto-generate-certificates - --namespace=kubernetes-dashboard # Uncomment the following line to manually specify Kubernetes API server Host # If not specified, Dashboard will attempt to auto discover the API server and connect # to it. Uncomment only if the default does not work. # - --apiserver-host=http://my-address:port volumeMounts: - name: kubernetes-dashboard-certs mountPath: /certs # Create on-disk volume to store exec logs - mountPath: /tmp name: tmp-volume livenessProbe: httpGet: scheme: HTTPS path: / port: 8443 initialDelaySeconds: 30 timeoutSeconds: 30 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 1001 runAsGroup: 2001 volumes: - name: kubernetes-dashboard-certs secret: secretName: kubernetes-dashboard-certs - name: tmp-volume emptyDir: {} serviceAccountName: kubernetes-dashboard nodeSelector: "kubernetes.io/os": linux # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule --- kind: Service apiVersion: v1 metadata: labels: k8s-app: dashboard-metrics-scraper name: dashboard-metrics-scraper namespace: kubernetes-dashboard spec: ports: - port: 8000 targetPort: 8000 selector: k8s-app: dashboard-metrics-scraper --- kind: Deployment apiVersion: apps/v1 metadata: labels: k8s-app: dashboard-metrics-scraper name: dashboard-metrics-scraper namespace: kubernetes-dashboard spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: dashboard-metrics-scraper template: metadata: labels: k8s-app: dashboard-metrics-scraper spec: securityContext: seccompProfile: type: RuntimeDefault containers: - name: dashboard-metrics-scraper image: registry.cn-guangzhou.aliyuncs.com/xingcangku/kubernetesui-metrics-scraper:v1.0.8 ports: - containerPort: 8000 protocol: TCP livenessProbe: httpGet: scheme: HTTP path: / port: 8000 initialDelaySeconds: 30 timeoutSeconds: 30 volumeMounts: - mountPath: /tmp name: tmp-volume securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 1001 runAsGroup: 2001 serviceAccountName: kubernetes-dashboard nodeSelector: "kubernetes.io/os": linux # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule volumes: - name: tmp-volume emptyDir: {}四、访问root@k8s-01:~/Dashboard# kubectl -n kubernetes-dashboard create token admin-user eyJhbGciOiJSUzI1NiIsImtpZCI6IjJ0MTFFdDhfdnFBYkNuTnBSSXlyOFIzN1B0MW13cVVJNlFwZDV1VzR1WXcifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNzUzODkyMDg4LCJpYXQiOjE3NTM4ODg0ODgsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJhZG1pbi11c2VyIiwidWlkIjoiMDg2MzU3ZDEtNjc2Mi00MTM3LWJmMzgtMTMzNTVjNTZmNzQ3In19LCJuYmYiOjE3NTM4ODg0ODgsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDphZG1pbi11c2VyIn0.mdsAyRFPnjJGRm2CWXkAIaAXhPzXX1KmREK9GmDxjfKV6chjEpf4UCRiVtTaYwy8u21UgUXHsStxWlXMSjBBG3ETnh7qzGjom78A0JtmWQZMWcucgtOiOJximT6cScKHXLpjg34-ynsACIjlBYE0iw4D3l61KGhXeUOCSP06nKMdfrxOmii6I0FHd2MTP1vlo1rXHWJeepc5skYB5NKtoFpq234zRRg2JWcp0V1ZQ-cO1I3P4qLFoHPmVnjENVOepm6FQKdJE_dCRgx49zGFGdUVIqJs1hSnNAUprmUO4Vh7UFmprnyjoAX5inVMblXCGMbDFqmY80VaOWTY4b1IaQ#老版本需要用下面这个命令获取 [root@k8s-node-38 ~]# kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}" eyJhbGciOiJSUzI1NiIsImtpZCI6ImtFbUctZ2xkTUxtZFA1NkxJNm9sbjlhY284cnNRVXVnXzRlN3BrZktoRWsifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWdraGRmIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjYmJlZjg4Mi0yOTJjLTRmNzEtYWIxNi1iMzEyNGVhMTc3NjgiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.CdYDoIgAaUwjqaKF8Qvt6PXCXEdpf6Kfq3I3wHwu3B4faD56Ma9BHEpXfrv4haVPQoFQSs1t5FA35peFCyWdJax44RHfkbyo05VI_GulimKDYoalgIuD-vb7IbPbhXjgmYiCYVLqUtjAxnLSvf8xA1SuUNHytdJgDMYt7dnwLcwK8hJ6OcPaFRKdqGCxPh68THoYajXTFMmaRlq9glz6lh56Z4Q-8VJKSyFYzDua583pLiffn8qhT108qJx3rG8Z2S3zjHz0It1KBiGPYQGzBCXZfLFYHOnYj7K7_HVaWYQHshgYgwAFpgPZcG7cS9j9xBt61bPqbHzvrJsP2RiG6w[root@k8s-node-38 ~]#
- 2025年07月30日
- 6 阅读
- 0 评论
- 0 点赞
2025-07-30
k8s pod手动更新一、更新镜像kubectl set image deployment/nginx-deployment nginx=registry.cn-guangzhou.aliyuncs.com/xingcangku/nginx-alpine:1.0 -n nginx #如果镜像已经存在则不会更新需手动滚动重启 kubectl rollout restart deployment/nginx-deployment -n nginx
- 2025年07月30日
- 4 阅读
- 0 评论
- 0 点赞
2025-07-27
k8s部署jenkins 一、创建资源 1.1 jenkins-deployment.yamlcat > deployment.yaml << EOF # jenkins-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: jenkins namespace: cicd spec: replicas: 1 selector: matchLabels: app: jenkins template: metadata: labels: app: jenkins spec: securityContext: fsGroup: 1000 # 确保 Jenkins 用户有存储写入权限 serviceAccountName: jenkins-admin containers: - name: jenkins image: registry.cn-guangzhou.aliyuncs.com/xingcangku/jenkins-jenkins-lts-jdk17:lts-jdk17 imagePullPolicy: IfNotPresent ports: - containerPort: 8080 - containerPort: 50000 #env: #- name: JAVA_OPTS #value: "-Djenkins.install.runSetupWizard=false -Xmx2g" # 跳过初始化向导，内存限制 volumeMounts: - name: jenkins-data mountPath: /var/jenkins_home resources: limits: cpu: "1" memory: "3Gi" requests: cpu: "0.5" memory: "1Gi" livenessProbe: httpGet: path: /login port: 8080 initialDelaySeconds: 90 periodSeconds: 10 volumes: - name: jenkins-data persistentVolumeClaim: claimName: jenkins-pvc # 绑定 CephFS PVC EOF1.2 jenkins-pvc.yamlcat > pvc.yaml << EOF apiVersion: v1 kind: PersistentVolumeClaim metadata: name: jenkins-pvc # PVC 的名称 namespace: cicd # 建议创建一个专门的命名空间，如 devops spec: storageClassName: ceph-cephfs # ⚠️ 确保这里与你部署的 StorageClass 名称完全一致 accessModes: - ReadWriteMany # Jenkins 适合使用多个节点可读写的存储 resources: requests: storage: 20Gi # 根据你的需求调整存储大小，建议至少 10-20Gi EOF1.3 jenkins-rbac.yamlcat > rbac.yaml << EOF # rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: name: jenkins-admin namespace: cicd --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: jenkins-admin-crb roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: edit # 授予命名空间内管理权限 subjects: - kind: ServiceAccount name: jenkins-admin namespace: jenkins EOF1.4 jenkins-svc.yamlcat > svc.yaml << EOF # service.yaml apiVersion: v1 kind: Service metadata: name: jenkins-service namespace: cicd spec: type: NodePort ports: - port: 8080 targetPort: 8080 name: http - port: 50000 targetPort: 50000 name: agent selector: app: jenkins EOF1.5 账号密码账号admin 密码去容器里面中查看 cat /var/jenkins_home/secrets/initialAdminPassword
- 2025年07月27日
- 8 阅读
- 0 评论
- 0 点赞

1
...
6
7
8
...
24

星

118 文章数

940 评论量

人生倒计时

舔狗日记

2024 - 2025 © Reach - Xing

已运行 00 天 00 时 00 分 00 秒

RSS MAP