什麼是fabric8
fabric8是個開源的ci工具,通過這個工具,開發者可以在上面進行代碼編寫,版本管理,測試以及發佈等一系列流程。fabric8依賴於k8s,而k8s則依賴於docker,我們的最終目的是搭建一個比較大型的ci開發流程工具網站。
前提:
1.docker安裝
2.k8s 安裝
3.ceph集羣
在k8s集羣上安裝fabric8
1.master節點操作:
curl -sS https://get.fabric8.io/download.txt | bash
$ export PATH=$PATH:$HOME/.fabric8/bin
如果下載賊慢,可以從官網上直接下載:
https://github.com/fabric8io/fabric8/releases
坑點:
一開始下載最新的版本0.4.176,在執行的過程中各種問題,換成0.4.167後各種pod安裝成功。
2.部署:
gofabric8 deploy -d ss.ss.com
kubectl get pods -n default
查看default空間pod發現有一些已經起來了,但是有幾個還是創建的狀態。這時候查看pvc狀態,都是pengding,需要創建STORAGECLASS 動態捲來支持pvc的創建。
$ kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
fabric8-docker-registry-storage pending pvc-d72b8dca-7672-11ea-a7bd-ac162d7b06e0 5Gi 1d
gogs-data pending pvc-d7479f36-7672-11ea-a7bd-ac162d7b06e0 100Mi 1d
jenkins-jobs pending pvc-d7663ae6-7672-11ea-a7bd-ac162d7b06e0 1Gi 1d
jenkins-mvn-local-repo pending pvc-9dadcb49-772c-11ea-a7bd-ac162d7b06e0 1Gi 21h
jenkins-workspace pending pvc-d7a32baa-7672-11ea-a7bd-ac162d7b06e0 1Gi 1d
nexus-storage pending pvc-d7c1c4b7-7672-11ea-a7bd-ac162d7b06e0 100Mi 1d
3.配置ceph的存儲類
我這裏使用的是現成的ceph集羣。首先在k8s上創建ceph集羣的secret憑證。
$ grep key /etc/ceph/ceph.client.admin.keyring |awk '{printf "%s", $NF}'|base64
QVFCWXB0RmIzK2dqTEJBQUtsYm4vaHU2NWZ2eHlaaGRnM2hwc1E9PQ==
$ vim ceph-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: ceph-secret
namespace: default
type: "kubernetes.io/rbd"
data:
key: QVFCWXB0RmIzK2dqTEJBQUtsYm4vaHU2NWZ2eHlaaGRnM2hwc1E9PQ==
$ kubectl apply -f ceph-secret.yaml
secret/ceph-secret created
$ kubectl get secret
ceph的storageclass
$ vim ceph-storageclass.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: jax-ceph
provisioner: kubernetes.io/rbd
parameters:
monitors: 10.10.3.150:6789,10.10.3.151:6789,10.10.3.152:6789
adminId: admin
adminSecretName: ceph-secret
adminSecretNamespace: default
pool: rbd
userId: admin
userSecretName: ceph-secret
$ kubectl apply -f ceph-storageclass.yaml
storageclass.storage.k8s.io/jax-ceph created
$ kubectl get storageclass
這個時候再次查看pvc狀態
$ kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
fabric8-docker-registry-storage Bound pvc-d72b8dca-7672-11ea-a7bd-ac162d7b06e0 5Gi RWO standard 1d
gogs-data Bound pvc-d7479f36-7672-11ea-a7bd-ac162d7b06e0 100Mi RWO standard 1d
jenkins-jobs Bound pvc-d7663ae6-7672-11ea-a7bd-ac162d7b06e0 1Gi RWO standard 1d
jenkins-mvn-local-repo pengding standard
jenkins-workspace Bound pvc-d7a32baa-7672-11ea-a7bd-ac162d7b06e0 1Gi RWO standard 1d
nexus-storage Bound pvc-d7c1c4b7-7672-11ea-a7bd-ac162d7b06e0 100Mi RWO standard 1d
查看jenkins-mvn-local-repo 詳情,發現這個pvc的訪問方式是RWM,而ceph rdb只支持ROM和RWO,不支持RWM。
cephfs是支持RWM的,但是k8s1.9不支持cephfs的strageclass。……😦
我這裏將 jenkins-mvn-local-repo ,手動改成RWO
$ kubectl describe pvc jenkins-mvn-local-repo
$ kubectl get pvc jenkins-mvn-local-repo -o yaml > /tmp/pvc-jenkins-mvn-local-repo.yaml
$ kubectl delete pvc jenkins-mvn-local-repo
$ vi /tmp/pvc-jenkins-mvn-local-repo.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
annotations:
volume.beta.kubernetes.io/storage-class: standard
volume.beta.kubernetes.io/storage-provisioner: kubernetes.io/rbd
creationTimestamp: 2020-04-04T12:50:20Z
labels:
group: io.fabric8.devops.apps
project: jenkins
provider: fabric8
version: 2.2.311
name: jenkins-mvn-local-repo
namespace: default
resourceVersion: "85826000"
selfLink: /api/v1/namespaces/default/persistentvolumeclaims/jenkins-mvn-local-repo
uid: d784bbf7-7672-11ea-a7bd-ac162d7b06e0
spec:
accessModes:
- ReadWriteOnce ##改這裏
resources:
requests:
storage: 1Gi
$ kubectl create -f /tmp/pvc-jenkins-mvn-local-repo.yaml
$ kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
fabric8-docker-registry-storage Bound pvc-d72b8dca-7672-11ea-a7bd-ac162d7b06e0 5Gi RWO standard 1d
gogs-data Bound pvc-d7479f36-7672-11ea-a7bd-ac162d7b06e0 100Mi RWO standard 1d
jenkins-jobs Bound pvc-d7663ae6-7672-11ea-a7bd-ac162d7b06e0 1Gi RWO standard 1d
jenkins-mvn-local-repo Bound pvc-9dadcb49-772c-11ea-a7bd-ac162d7b06e0 1Gi RWO standard 21h
jenkins-workspace Bound pvc-d7a32baa-7672-11ea-a7bd-ac162d7b06e0 1Gi RWO standard 1d
nexus-storage Bound pvc-d7c1c4b7-7672-11ea-a7bd-ac162d7b06e0 100Mi RWO standard 1d
$ gofabric8 validate ##檢查fabric8安裝是否完成。
可以看到所有的pvc都已經bound上了。
其中有個pod gogs沒啓動起來,看日誌顯示目錄權限的問題,可以在containers的上面一行加上下面配置
initContainers:
- name: init
image: busybox
command:
- chmod
- '777'
- /app/gogs/data
resources: {}
volumeMounts:
- name: gogs-data
mountPath: /app/gogs/data
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
截圖:
現在看看fabric8依賴的pod已經running,並且gofabric8 validate檢查fabric8安裝成功。
4.爲infress創建外部訪問,暴露在k8s集羣外(loadblancer)
$ kubectl expose deployment gofabric8 --type=LoadBalancer --name=myfabric
查看端口
$ kubectl get service
myfab LoadBalancer 10.98.231.216 <pending> 9090:32451/TCP,9191:31460/TCP 18h
這時我們訪問master所在機器的32451端口就可以了。
5.爲ingress授權
訪問fabric8 web的時候各種接口403,報錯如下:
secrets is forbidden: User "system:serviceaccount:default:default" cannot list secrets
授權,複製cluster-admin的權限
kubectl create clusterrolebinding nginx-ingress-clusterrolebinding --clusterrole=cluster-admin --serviceaccount=default:default --namespace=default
這時再次訪問web就正常了。
