当前位置：首页 > news >正文

网站建设推广唯心cidun8家装公司网站建设方案

news 2026/4/29 3:45:23

网站建设推广唯心cidun8,家装公司网站建设方案,免费推广途径与原因,网站建设后续需要维护文章目录 1. 背景说明2. 你可以学到什么#xff1f;3. 前置条件4. 安装docker服务#xff08;所有节点#xff09;5. 部署k8s集群5.1 系统配置#xff08;所有节点#xff09;5.2 安装kubelet组件(所有节点)5.2.1 编写kubelet源5.2.2 安装kubelet5.2.3 启动kubelet 5.3 集… 文章目录 1. 背景说明2. 你可以学到什么3. 前置条件4. 安装docker服务所有节点5. 部署k8s集群5.1 系统配置所有节点5.2 安装kubelet组件(所有节点)5.2.1 编写kubelet源5.2.2 安装kubelet5.2.3 启动kubelet 5.3 集群初始化master节点5.4 从节点加入到集群中5.5 安装k8s网络插件5.6 安装ingress网络5.7 配置StorageClass 6. helm安装gitlab6.1 添加gitlab的helm源6.2 创建证书密钥6.3 创建集成smtp和ldap的密钥6.4 拉取并修改gitlab的values文件6.5 部署gilab6.6 修改gitlab-nginx-ingress方法1: 修改gitlab-nginx-ingress的暴露typeupgrade后会失效方法2: 修改gitlab的values文件 6.7 修改gitlab-shell的端口 7. 部署runner7.1 部署nginx代理7.2 配置runner7.3 更新gitlab7.4 测试runner 8. minio功能验证9. ldap功能验证 1. 背景说明客户之前的gitlab服务在k8s集群中部署的为了整合现有的硬件资源计划将gitlab服务迁移到虚拟机上。先在测试环境进行如下模拟操作基于kubeadm部署一套k8s集群在集群上部署gitlab服务将数据备份到对象存储中最终将数据恢复在另外一台gitlab单实例上实现gitlab在k8s和单实例ominibus之前迁移的一个完整闭环。 2. 你可以学到什么 k8s集群部署K8s 暴露服务的类型K8s storageclass、configmap、secrethelm部署gitlab配置smtp、ldap、runnergitlab配置对象存储 3. 前置条件 helm 安装K8s 集群版本 1.23 (两台 8C16G OS为7.9)Docker 版本 20.10.23证书在阿里云上申请免费ssl证书即可或者通过let’s encry 申请免费的泛域名证书 4. 安装docker服务所有节点参考 docker安装二进制yum 5. 部署k8s集群参考k8s1.15安装详细精华版也可以通过如下命令快捷安装 5.1 系统配置所有节点修改内核参数 - /etc/sysctl.conf # 转发 net.ipv4.ip_forward 1 # iptables网络 net.bridge.bridge-nf-call-ip6tables 1 net.bridge.bridge-nf-call-iptables 1#加在生效 sysctl -p 5.2 安装kubelet组件(所有节点) 5.2.1 编写kubelet源编辑/etc/yum.repos.d/kubernetes.repo [kubernetes] nameKubernetes baseurlhttps://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled1 gpgcheck0 repo_gpgcheck0 gpgkeyhttps://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpgyum repolist5.2.2 安装kubelet yum install -y kubelet-1.23.0 kubeadm-1.23.0 kubectl-1.23.05.2.3 启动kubelet # 启动 systemctl start kubelet.service # 开启自启 systemctl enable kubelet.service5.3 集群初始化master节点主节点上执行如下命令 # 命令解析 kubeadm init \ --apiserver-advertise-address10.100.0.14 \ # 通常为主节点的ip地址 --image-repository registry.aliyuncs.com/google_containers \ # 指定基础镜像拉取的仓库 --kubernetes-version v1.23.0 \ # 指定k8s的组件版本 --service-cidr10.92.0.0/12 \ # k8s集群svc的子网 --pod-network-cidr10.220.0.0/16 \ # k8s集群pod的子网 --ignore-preflight-errorsall # 忽略运行时的错误# 一条初始化命令如下 kubeadm init --apiserver-advertise-address10.100.0.14 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.23.0 --service-cidr10.92.0.0/12 --pod-network-cidr10.220.0.0/16 --ignore-preflight-errorsall5.4 从节点加入到集群中从节点上执行如下命令 kubeadm join 10.100.0.14:6443 \--token saleos.q26gm2rbtgrwvdla \--discovery-token-ca-cert-hash sha256:5058ac78bd8f7879e14bae262d359b2b499d55a2d54796e3d103a27208f06d935.5 安装k8s网络插件 # 参考 https://github.com/flannel-io/flannel#deploying-flannel-with-kubectl kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml5.6 安装ingress网络 # 参考 https://github.com/kubernetes/ingress-nginx/tree/controller-v1.1.1#support-versions-table # 参考 https://github.com/kubernetes/ingress-nginx/blob/controller-v1.1.1/deploy/static/provider/cloud/deploy.yaml # 下载wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.1/deploy/static/provider/cloud/deploy.yaml # 如果有问题可以下一下crd的网络和你的svc的crd一样即可将LoadBalancer改成NodePort5.7 配置StorageClass 参考安装并配置StorageClass 6. helm安装gitlab 6.1 添加gitlab的helm源 # 添加helm源 helm repo add gitlab-jh https://charts.gitlab.cn # 更新helm源 helm repo update 6.2 创建证书密钥 # 创建gitlab服务运行的命名空间 kubectl create ns jihulab # 创建证书sa将证书上传到主节点机器上的某个目录下然后切换到该目录即可 kubectl create secret tls gitlab-jihulab-cn-ssl --certkube.bdeet.top.pem --keykube.bdeet.top.key -n jihulab kubectl create secret tls registry-jihulab-cn-ssl --certregistry.bdeet.top.pem --keyregistry.bdeet.top.key -n jihulab kubectl create secret tls minio-jihulab-cn-ssl --certminio.bdeet.top.pem --keyminio.bdeet.top.key -n jihulab6.3 创建集成smtp和ldap的密钥 kubectl create secret generic ldap-admin --from-literalpasswordJh2022 -n jihulab kubectl create secret generic smtp-gitlab --from-literalpasswordwqfhqohixshrnnnh -n jihulab6.4 拉取并修改gitlab的values文件拉取gitlab 15.8.0的charts编辑values文件 ... ... ## 域名配置hosts: domain: bdeet.top hostSuffix: externalIP: ssh: gitlab: name: kube.bdeet.top https: true minio: name: minio.bdeet.top https: true registry: name: registry.bdeet.top https: true ... ... ## ldap集成ldap: preventSignin: false servers: main: label: LDAP host: 129.226.208.223 port: 389 uid: uid bind_dn: cnldap,dcwkx,dccn base: dcwkx,dccn password: secret: ldap-admin key: password encryption: plain ... ... ## 配置邮箱 smtp: enabled: true address: smtp.gmail.com port: 587 user_name: kxw12108gmail.com ## https://docs.gitlab.com/charts/installation/secrets#smtp-password password: secret: smtp-gitlab key: password # domain: authentication: login starttls_auto: true openssl_verify_mode: peer pool: false ## https://docs.gitlab.com/charts/charts/globals#outgoing-email ## Email persona used in email sent by GitLab email: from: kxw12108gmail.com display_name: GitLab Administrator reply_to: kxw12108gmail.com subject_suffix: GitLab smime: enabled: false secretName: keyName: tls.key certName: tls.crt ... ...6.5 部署gilab # 创建gitlab运行的命名空间 kubectl create ns jihulab# 安装gitlab helm install gitlab gitlab-jh/gitlab \ --version 6.8.0 \ --timeout 600s \ --set certmanager.installfalse \ --set global.ingress.configureCertmanagerfalse \ --set global.ingress.tls.enabledtrue \ --set gitlab.webservice.ingress.tls.secretNamegitlab-jihulab-cn-ssl \ --set registry.ingress.tls.secretNameregistry-jihulab-cn-ssl \ --set minio.ingress.tls.secretNameminio-jihulab-cn-ssl \ --values values.yaml -n jihulab6.6 修改gitlab-nginx-ingress 方法1: 修改gitlab-nginx-ingress的暴露typeupgrade后会失效 kubectl edit svc -n jihulab gitlab-nginx-ingress-controller # 将type: LoadBalancer 改成 type: NodePort保存退出后会看到gitlab-shell方法2: 修改gitlab的values文件 ... ... nginx-ingress:enabled: true......service:externalTrafficPolicy: Localtype: NodePort # 添加ingress的svc的type......问题说明由于我们的自建k8s集群 gitlab的ingress的svc没有使用LoadBalancer而是NodePort因为之前将minio、registry、gitlab的域名解析到该节点上后肯定是无法访问的还必须需要在域名后添加nodeport的端口才可以。 kube.bdeet.top --- kube.bdeet.top:nodeport registry.bdeet.top --- registry.bdeet.top:nodeport minio.bdeet.top --- minio.bdeet.top:nodeport6.7 修改gitlab-shell的端口由于将gitlab-nginx-ingress-controller的暴露端口的方式修改成了NodePort因为ssh的端口也需要调整查看下gitlab-nginx-ingress-controller ssh的暴露端口否则会无法克隆。修改gitlab-shell ... ... global: shell: port: 31475 ... ...更新gitlab # 更新 helm upgrade gitlab gitlab-jh/gitlab \ --version 6.8.0 \ --timeout 600s \ --set certmanager.installfalse \ --set global.ingress.configureCertmanagerfalse \ --set global.ingress.tls.enabledtrue \ --set gitlab.webservice.ingress.tls.secretNamegitlab-jihulab-cn-ssl \ --set registry.ingress.tls.secretNameregistry-jihulab-cn-ssl \ --set minio.ingress.tls.secretNameminio-jihulab-cn-ssl \ --set nginx-ingress.service.typeNodePort \ --set global.shell.port31475 \ --values values.yaml -n jihulab7. 部署runner 这样的runner存在一个问题就是由于使用的是nodeport的暴露方式因为runner中的gitlaburl需要加端口同时在runner进行克隆的时候也需要加端口因为在部署一个nginx作为一个转发。 7.1 部署nginx代理 # 安装nginx yum -y install nginx# 配置nginx # cat /etc/nginx/nginx.conf ... ...server {listen 443 ssl http2;listen [::]:443 ssl http2;server_name kube.bdeet.top;ssl_certificate /root/cert/kube.bdeet.top.pem;ssl_certificate_key /root/cert/kube.bdeet.top.key;ssl_session_cache shared:SSL:1m;ssl_session_timeout 10m;ssl_ciphers HIGH:!aNULL:!MD5;ssl_prefer_server_ciphers on;location / {proxy_pass https://kube.bdeet.top:31501;}error_page 404 /404.html;location /40x.html {}error_page 500 502 503 504 /50x.html;location /50x.html {}} ... ...7.2 配置runner 修改values文件 ... ...runner:registrationToken:secret: gitlab-gitlab-runner-secret # gitlab-runner的secret ... ... gitlab-runner:install: truegitlabUrl: https://kube.bdeet.top #修改gitlab的域名rbac:create: truerunners:privileged: true #开启特权locked: falseconfig: |[[runners]][runners.kubernetes]image ubuntu:18.04{{- if .Values.global.minio.enabled }}[runners.cache]Type s3Path gitlab-runnerShared true[runners.cache.s3]#ServerAddress {{ include gitlab-runner.cache-tpl.s3ServerAddress . }}ServerAddress https://minio.bdeet.top:31501 #接入对象存储BucketName runner-cacheBucketLocation us-east-1Insecure false ... ...7.3 更新gitlab Upgrade 更新gitlab helm upgrade gitlab gitlab-jh/gitlab \ --version 6.8.0 \ --timeout 600s \ --set certmanager.installfalse \ --set global.ingress.configureCertmanagerfalse \ --set global.ingress.tls.enabledtrue \ --set gitlab.webservice.ingress.tls.secretNamegitlab-jihulab-cn-ssl \ --set registry.ingress.tls.secretNameregistry-jihulab-cn-ssl \ --set minio.ingress.tls.secretNameminio-jihulab-cn-ssl \ --set nginx-ingress.service.typeNodePort \ --set global.shell.port31475 \ --values values.yaml -n jihulab7.4 测试runner gitlab上创建一个pipeline项目然后commit提交后触发。 .gitlab-ci.yml文件如下 image: busybox:latestbefore_script:- echo Before script section- echo For example you might run an update here or install a build dependency- echo Or perhaps you might print out some debugging detailsafter_script:- echo After script section- echo For example you might do some cleanup herebuild1:stage: buildscript:- echo Do your build heretest1:stage: testscript:- echo Do a test here- echo For example run a test suite- echo 1 index.htmlartifacts:paths:- index.htmltest2:stage: testscript:- echo Do another parallel test here- echo For example run a lint testdeploy1:stage: deployscript:- echo Do your deploy hereenvironment: production 可以发现minio上有artifacts文件5/6/9 分别是job的artifacts文件、meta元数据、日志 ## 8. 邮箱验证可以验证项目创建、提交代码、pipeline测试、runner测试、minio测试修改个人邮箱设置通知 - 自定义全部勾选运行pipeline 邮箱查看 8. minio功能验证查看artifacts 9. ldap功能验证查看用户属性

查看全文

http://www.hkea.cn/news/14456779/