临近期末,所以没啥时间写文章了,就水一篇最近在搞的吧。哎,yaml这玩意儿真的很容易搞忘记啊???
部署Jenkins.yaml:
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: cicd
labels:
name: jenkins
spec:
replicas: 1
selector:
matchLabels:
name: jenkins
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
revisionHistoryLimit: 7
progressDeadlineSeconds: 600
template:
metadata:
labels:
name: jenkins
spec:
terminationGracePeriodSeconds: 10
volumes:
- name: data
nfs:
server: master01
path: /root/data/nfs_volume/jenkins_home
- name: docker
hostPath:
path: /run/docker.sock
type: ""
imagePullSecrets:
- name: my-harbor-secret
serviceAccount: jenkins
containers:
- name: jenkins
image: 192.168.239.100:8080/jenkins/jenkins_docker@sha256:b4aeaeef569348e901a78a42bc6da8012dbc72de292651cba63d2b8c64ab5d53
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 500m
memory: 512Mi
ports:
- containerPort: 8080
protocol: TCP
volumeMounts:
- name: data
mountPath: /var/jenkins_home
- name: docker
mountPath: /run/docker.sock
livenessProbe:
httpGet:
path: /login
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 5
failureThreshold: 12
readinessProbe:
httpGet:
path: /login
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 5
failureThreshold: 12
部署jenkins_ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: jenkins
namespace: cicd
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: jenkins.od.com
http:
paths:
- path: /
# pathType: Prefix
backend:
serviceName: jenkins
servicePort: 80
部署jenkins_svc.yaml
apiVersion: v1
kind: Service
metadata:
name: jenkins
namespace: cicd
spec:
ports:
- port: 80
targetPort: 8080
protocol: TCP
selector:
name: jenkins
部署rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
namespace: cicd
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: cicd
rules:
- apiGroups: ["apps", "extensions"]
resources: ["deployments"]
verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
- apiGroups: [""]
resources: ["services"]
verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: jenkins
namespace: cicd
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
namespace: cicd
部署gitlab:
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitlab-dep
namespace: cicd
spec:
selector:
matchLabels:
app: gitlab
progressDeadlineSeconds: 60
revisionHistoryLimit: 2
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
template:
metadata:
labels:
app: gitlab
spec:
containers:
- image: gitlab/gitlab-ce
name: gitlab
imagePullPolicy: IfNotPresent
resources:
requests:
memory: "2Gi"
cpu: "1"
limits:
memory: "3Gi"
cpu: "2"
livenessProbe:
httpGet:
path: /users/sign_in
port: 80
initialDelaySeconds: 120
periodSeconds: 60
failureThreshold: 3
readinessProbe:
httpGet:
path: /users/sign_in
port: 80
initialDelaySeconds: 120
periodSeconds: 60
failureThreshold: 3
ports:
- containerPort: 443
name: https
- containerPort: 80
name: http
- containerPort: 22
name: ssh
volumeMounts:
- name: gitlab-config
mountPath: /etc/gitlab
- name: gitlab-logs
mountPath: /var/log/gitlab
- name: gitlab-data
mountPath: /var/opt/gitlab
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: role
operator: In
values:
- gitlab
volumes:
- name: gitlab-config
persistentVolumeClaim:
claimName: mycalim1
- name: gitlab-logs
persistentVolumeClaim:
claimName: mycalim2
- name: gitlab-data
persistentVolumeClaim:
claimName: mycalim3
部署pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv1
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: gitlab1
persistentVolumeReclaimPolicy: Retain
nfs:
server: 192.168.239.100
path: /root/data/gitlab/config
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv2
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: gitlab2
persistentVolumeReclaimPolicy: Retain
nfs:
server: 192.168.239.100
path: /root/data/gitlab/logs
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv3
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: gitlab3
persistentVolumeReclaimPolicy: Retain
nfs:
server: 192.168.239.100
path: /root/data/gitlab/data
部署gitlab_pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mycalim1
namespace: cicd
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: gitlab1
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mycalim2
namespace: cicd
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: gitlab2
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mycalim3
namespace: cicd
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: gitlab3
部署gitlab_svc.yaml
apiVersion: v1
kind: Service
metadata:
name: gitlab
namespace: cicd
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
selector:
app: gitlab
部署gitlab_ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: gitlab
namespace: cicd
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: gitlab.od.com
http:
paths:
- path: /
backend:
serviceName: gitlab
servicePort: 80