当前位置: 首页 > news >正文

云计算-容器云-部署jumpserver 版本2

news 来源:原创 2025/5/3 6:24:51

应用部署:堡垒机部署

# 使用提供的软件包配置Yum源,通过地址将jumpserver.tar.gz软件包下载至Jumpserver节点的/root目录下
[root@jumpserver ~]# tar -zxvf jumpserver.tar.gz -C /opt/
[root@jumpserver ~]# cp /opt/local.repo /etc/yum.repos.d/
[root@jumpserver ~]# tar -zxvf /opt/jumpserverrepo
[root@jumpserver ~]# yum clean all && yum makecache
# 安装Python数据库
[root@jumpserver ~]# yum install python2 -y
[root@jumpserver opt]# mv docker-compose /usr/local/bin/docker-compose
[root@jumpserver opt]# chmod +x docker-compose
[root@jumpserver opt]# ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
# 安装Jumpserver服务
# 创建Jumpserver服务组件目录
[root@jumpserver opt]#docker build -t jumpserver/jms_mysql:v1.0 -f Dockerfile-mysql .
[root@jumpserver opt]#docker build -t jumpserver/jms_redis:v1.0 -f Dockerfile-redis .
[root@jumpserver opt]#docker build -t jumpserver/jms_core:v1.0 -f Dockerfile-core .
[root@jumpserver opt]#docker build -t jumpserver/jms_koko:v1.0 -f Dockerfile-koko .
[root@jumpserver opt]#docker build -t jumpserver/jms_guacamole:v1.0 -f Dockerfile-guacamole .
[root@jumpserver opt]#docker build -t jumpserver/jms_nginx:v1.0 -f Dockerfile-nginx .
[root@localhost opt]# docker-compose up -d
curl -sSL https://resource.fit2cloud.com/jumpserver/jumpserver/releases/latest/download/quick_start.sh | bash

2.2.6 安装 GitLab 环境

新建命名空间 kube-ops,将 GitLab 部署到该命名空间下,然后完成 GitLab 服务的配置。
上传CICD-Runner.tar.gz包
[root@k8s-master-node1 ~]#tar -zxvf CICD-Runner.tar.gz
[root@k8s-master-node1 ~]#cd cicd-runner/
[root@k8s-master-node1 cicd-runner]# docker load -i images/image.tar
[root@k8s-master-node1 cicd-runner]# kubectl create ns kube-ops
namespace/kube-ops created
[root@k8s-master-node1 cicd-runner]# vim gitlab.yaml
apiVersion: apps/v1
kind: Deployment
metadata:creationTimestamp: nulllabels:app: gitlabname: gitlabnamespace: kube-ops
spec:replicas: 1selector:matchLabels:app: gitlab#strategy: {}template:metadata:#creationTimestamp: nulllabels:app: gitlabspec:containers:- image: yidaoyun/gitlab-ce:v1.0imagePullPolicy: IfNotPresentname: gitlab-ceports:- containerPort: 80env:- name: GITLAB_ROOT_PASSWORDvalue: 'admin123456'
[root@k8s-master-node1 cicd-runner]# kubectl apply -f gitlab.yaml 
deployment.apps/gitlab created
[root@k8s-master-node1 cicd-runner]# kubectl get pod -n kube-ops 
NAME                     READY   STATUS    RESTARTS   AGE
gitlab-df897d46d-vcjf6   1/1     Running   0          7s
[root@k8s-master-node1 cicd-runner]# vim gitlab.yaml
apiVersion: v1
kind: Service
metadata:creationTimestamp: nulllabels:app: gitlabname: gitlabnamespace: kube-ops
spec:ports:- port: 80protocol: TCPnodePort: 30880selector:app: gitlabtype: NodePort
[root@k8s-master-node1 cicd-runner]# kubectl apply -f gitlab.yaml 
service/gitlab created
[root@k8s-master-node1 cicd-runner]# kubectl get svc -n kube-ops 
NAME     TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
gitlab   NodePort   10.96.133.116   <none>        80:30880/TCP   14s

2.2.7 部署 GitLab Runner(x)
将 GitLab Runner 部署到 kube-ops 命名空间下,并完成 GitLab Runner 在 GitLab 中的注册。
百度打开192.168.59.200:30880
root admin123456
在这里插入图片描述
#在这里获取部署runner的URL和令牌 48XdJ5KYGoJPYjaa71gi
在这里插入图片描述

[root@k8s-master-node1 cicd-runner]# cd manifests/
[root@k8s-master-node1 manifests]# vim runner-configmap.yaml
apiVersion: v1
data:REGISTER_NON_INTERACTIVE: "true"REGISTER_LOCKED: "false"METRICS_SERVER: "0.0.0.0:9100"CI_SERVER_URL: "http://192.168.59.200:30880"RUNNER_REQUEST_CONCURRENCY: "4" RUNNER_EXECUTOR: "kubernetes"KUBERNETES_NAMESPACE: "kube-ops"KUBERNETES_PRIVILEGED: "true"KUBERNETES_CPU_LIMIT: "1"
[root@k8s-master-node1 manifests]#echo -n "48XdJ5KYGoJPYjaa71gi" | base64 
NDhYZEo1S1lHb0pQWWphYTcxZ2k=# 进入添加labels字段即可
[root@k8s-master-node1 manifests]# vim runner-statefulset.yaml
apiVersion: v1
data:GITLAB_CI_TOKEN: NDhYZEo1S1lHb0pQWWphYTcxZ2k=
kind: Secret
metadata:name: gitlab-ci-runnernamespace: kube-opslabels:app: gitlab-ci-runner
---
apiVersion: apps/v1
kind: StatefulSet
metadata:name: gitlab-ci-runnernamespace: kube-opslabels:app: gitlab-ci-runner
spec:serviceName: gitlab-ci-runnerupdateStrategy:type: RollingUpdatereplicas: 2selector:matchLabels:app: gitlab-ci-runnertemplate:metadata:labels:app: gitlab-ci-runnerspec:securityContext:runAsNonRoot: true # 则容器会以非 root 用户身份运行runAsUser: 999supplementalGroups: [999]containers:- image: yidaoyun/gitlab-runner:v1.0imagePullPolicy: IfNotPresentname: gitlab-runnerports:- containerPort: 9100command: - /scripts/run.shenvFrom:- configMapRef:name: gitlab-ci-runner-cm- secretRef:name: gitlab-ci-tokenenv:- name: RUNNER_NAMEvalueFrom:fieldRef:fieldPath: metadata.namevolumeMounts:- name: gitlab-ci-runner-scriptsmountPath: /scriptsreadOnly: true # 将卷只读挂载到容器内volumes:- name: gitlab-ci-runner-scriptsprojected:sources:- configMap:name: gitlab-ci-runner-scriptsitems:- key: run.shpath: run.shmode: 0775restartPolicy: Always# 依次启动
[root@k8s-master-node1 manifests]# kubectl apply -f runner-configmap.yaml 
configmap/gitlab-ci-runner-cm created
[root@k8s-master-node1 manifests]# kubectl apply -f runner-scripts-configmap.yaml 
configmap/gitlab-ci-runner-scripts created
[root@k8s-master-node1 manifests]# kubectl apply -f runner-statefulset.yaml 
secret/gitlab-ci-token created
statefulset.apps/gitlab-ci-runner created
[root@k8s-master-node1 manifests]# kubectl get pod -n kube-ops 
NAME                     READY   STATUS    RESTARTS   AGE
gitlab-ci-runner-0       1/1     Running   0          14s
gitlab-ci-runner-1       1/1     Running   0          12s
gitlab-df897d46d-vcjf6   1/1     Running   0          16h

2.2.8 配置 GitLab
在 GitLab 中新建公开项目并导入离线项目包,然后将 Kubernetes 集群添加 到 GitLab 中。
在这里插入图片描述

[root@k8s-master-node1 cicd-runner]# cd springcloud/
[root@k8s-master-node1 springcloud]# git config --global user.name "Administrator"
[root@k8s-master-node1 springcloud]# git config --global user.email "admin@example.com"
[root@k8s-master-node1 springcloud]# git remote remove origin
[root@k8s-master-node1 springcloud]# git remote add origin http://192.168.59.200:30880/root/springcloud.git
[root@k8s-master-node1 springcloud]# git add .
warning: You ran 'git add' with neither '-A (--all)' or '--ignore-removal',
whose behaviour will change in Git 2.0 with respect to paths you removed.
Paths like '.gitlab-ci.yml' that are
removed from your working tree are ignored with this version of Git.
* 'git add --ignore-removal <pathspec>', which is the current default,ignores paths you removed from your working tree.
* 'git add --all <pathspec>' will let you also record the removals.
Run 'git status' to check the paths you removed from your working tree.
[root@k8s-master-node1 springcloud]# git commit -m "Initial commit"
[master db17cb0] Initial commit1 file changed, 2 insertions(+)
[root@k8s-master-node1 springcloud]# git push -u origin master
Username for 'http://10.24.206.143:30880': root  # gitlab用户
Password for 'http://root@10.24.206.143:30880':(admin123456)  # gitlab密码
Counting objects: 1355, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (1000/1000), done.
Writing objects: 100% (1355/1355), 4.05 MiB | 0 bytes/s, done.
Total 1355 (delta 269), reused 1348 (delta 266)
remote: Resolving deltas: 100% (269/269), done.
To http://10.24.206.143:30880/root/springcloud.git* [new branch]      master -> master
Branch master set up to track remote branch master from origin.

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

# 获取CA证书
[root@k8s-master-node1 springcloud]# cat /etc/kubernetes/pki/ca.crt
-----BEGIN CERTIFICATE-----
MIIC/jCCAeagAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl
cm5ldGVzMB4XDTI0MDIyNTAzNDAxNloXDTM0MDIyMjAzNDAxNlowFTETMBEGA1UE
AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJUJ
Ps6NpgvLNhrdFFyAO3P8IRwNJM25ijz3rtdO46a1dXXsWN6nVBzmXcYr7QkK9l1V
/X5o8dxS46LXVbwO5gtOtO6Zu0NO55msTVw+HEHoPj2fh9s1tN4WCmtaCzHLz7Cg
w90ze4/SdVx60t58xjzo9vEr6lCb3A39Qqh7DUCyu6J9XuhsjdCx+nPZv6rrKqm1
Fnq4bx4zc4WAfoT4pQ21EQnlLfzKsI34FZjEFXKYSZn+94XXouY5E3Z+DSp9QJOf
/FJtQ5w5f+/58U5s1ja/iEnBOUupn+f5oKbzZHJbk5prPA+vzOce8hQ4+LUcnoJk
fxrTK6KHi5UMQQOtjTMCAwEAAaNZMFcwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB
/wQFMAMBAf8wHQYDVR0OBBYEFHY2aLho7/Eab1m6sJgCq4l/fwDfMBUGA1UdEQQO
MAyCCmt1YmVybmV0ZXMwDQYJKoZIhvcNAQELBQADggEBAG91Daj4DylMJPkF1kba
QsbC6w45gI0A8wqL5dF4Y6FyPNMwUO28t8WBvcsiZ34u5Z67bDx9joYme/0kf/0k
D5w1uBewNt0ronpeTYDsOq+yILRyY5XEY3CdKTXzkst0BkMjttfTHKHOfDy+/Omp
eDtIKopp/BcyRYEQih7Givp1ITqhBQQm8kp6TAU2m0QrtlhebN6349LGOz2CxoQs
p0YikqnEoFjaFSvn40vI6ttdek3cyQAEoNTTQ+zwz80IXCt3ODk1qBYRZdc10aXL
szNtZ0MN2vbKRsJjmvihWBEmjO58DyV/H2ebXMKStBzbK5v4mjKW1Jg9ilra6fGS
H8I=
-----END CERTIFICATE-----
# 获取令牌
[root@k8s-master-node1 springcloud]# kubectl describe secrets -n kube-system default-token-h8h7n 
Name:         default-token-tgz8r
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: defaultkubernetes.io/service-account.uid: d4111b82-49c8-481b-83ff-ff2619eb3d1bType:  kubernetes.io/service-account-tokenData
====
ca.crt:     1099 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IjN0Z3RzNDdfT3FGc0pHalJKWi1ZcHZ5TTF4cDB6X2duLWxhanViVkJXLVUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkZWZhdWx0LXRva2VuLXRnejhyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImRlZmF1bHQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkNDExMWI4Mi00OWM4LTQ4MWItODNmZi1mZjI2MTllYjNkMWIiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06ZGVmYXVsdCJ9.RfWmtTwtY-WOXIibVOOsRjcvJRktI9O0pFOpR-VtjfJKVAuwwjxinQC8LaGvFZK9kooTvf1GKA261awk45uj-hZjN7T2rK9glea-D8YqwFRR5y7G6uU_SCqho2h1qC6T6ax30XCMuVgWe5RuvG0rXB1qnT72vy72K2iSCb9M7SuuqI-kElvf5M1l0zmrvN9xCvKebVtwt2hIuMAJW2fgNhiEMmHaXPVmVUYr_G5jrtP73HoDclGC2i2elJAySJXek7pxyzmaOlP7jWXYhaXjiU5BvX_PSUfLSt2PVpOEANNUyBowfZkOhIyoc0QQSd7-Wi0gx3Sd9hMwH7LXHRmt-w
  • 将获取的信息分别填入
    在这里插入图片描述
    2.2.9 构建 CI/CD
    在项目中编写流水线脚本,然后触发自动构建,要求完成构建代码、构建镜 像、推送镜像 Harbor、并发布服务到 Kubernetes 集群。
    在这里插入图片描述
    在这里插入图片描述
将tcp://localhost:2375改为tcp://docker-dind:2375
[root@k8s-master-node1 springcloud]# kubectl edit -n kube-system cm coredns# 53后面添加一个gitlab
# 添加映射
[root@k8s-master-node1 ~]# cat /etc/hosts
192.168.100.23 apiserver.cluster.local # 选择这一行
# 登录harbor仓库
[root@k8s-master-node1 springcloud]# docker login 192.168.59.200
Username: admin
Password: (Harbor12345)
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
[root@k8s-master-node1 springcloud]# cd ..
[root@k8s-master-node1 cicd-runner]# vim Dockerfile
FROM nginx:latest
RUN echo "Hello Golang In Gitlab CI,go1.10.3,/bin/app" >> /usr/share/nginx/html/index.html
[root@k8s-master-node1 cicd-runner]# docker build -t 10.24.206.143/library/springcloud:master -f Dockerfile .
Sending build context to Docker daemon  2.892GB
Step 1/2 : FROM nginx:latest---> de2543b9436b
Step 2/2 : RUN echo "Hello Golang In Gitlab CI,go1.10.3,/bin/app" >> /usr/share/nginx/html/index.html---> Running in a5b69ead6f7f
Removing intermediate container a5b69ead6f7f---> 193d60448c3d
Successfully built 193d60448c3d
Successfully tagged 10.24.206.143/library/springcloud:master
[root@k8s-master-node1 cicd-runner]# docker push 10.24.206.143/library/springcloud:master 
The push refers to repository [10.24.206.143/library/springcloud]
09c5777979b4: Pushed 
a059c9abe376: Pushed 
09be960dcde4: Pushed 
18be1897f940: Pushed 
dfe7577521f0: Pushed 
d253f69cb991: Pushed 
fd95118eade9: Pushed 
master: digest: sha256:95218b2f4822bdbe6f937c74b3fe7879998385cd04d74c241e5706294239ee29 size: 177
[root@k8s-master-node1 cicd-runner]# kubectl create ns gitlab
namespace/gitlab created
# 使用刚刚生成的镜像
[root@k8s-master-node1 cicd-runner]# vim deploymeng.yaml
apiVersion: apps/v1
kind: Deployment
metadata:creationTimestamp: nulllabels:app: gitlab-k8s-demo-devname: gitlab-k8s-demo-devnamespace: gitlab
spec:replicas: 2selector:matchLabels:app: gitlab-k8s-demo-devstrategy: {}template:metadata:creationTimestamp: nulllabels:app: gitlab-k8s-demo-devspec:containers:- image: 10.24.206.143/library/springcloud:mastername: springcloudimagePullPolicy: IfNotPresentports:- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:name: gitlab-k8s-demo-devnamespace: gitlab
spec:ports:- port: 80nodePort: 30800selector:app: gitlab-k8s-demo-devtype: NodePort
[root@k8s-master-node1 cicd-runner]# kubectl apply -f deploymeng.yaml 
deployment.apps/gitlab-k8s-demo-dev created
service/gitlab-k8s-demo-dev configured
[root@k8s-master-node1 cicd-runner]# kubectl get deployments.apps -n gitlab 
NAME                  READY   UP-TO-DATE   AVAILABLE   AGE
gitlab-k8s-demo-dev   2/2     2            2           2m11s
[root@k8s-master-node1 cicd-runner]# kubectl get pod -n gitlab 
NAME                                   READY   STATUS    RESTARTS   AGE
gitlab-k8s-demo-dev-76c8494bdd-hcwwd   1/1     Running   0          101s
gitlab-k8s-demo-dev-76c8494bdd-hfm2n   1/1     Running   0          101s
[root@k8s-master-node1 cicd-runner]# kubectl get svc -n gitlab 
NAME                  TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
gitlab-k8s-demo-dev   NodePort   10.96.99.185   <none>        80:30800/TCP   31m

相关文章:

  • 推荐免费的RVC模型下载网站
  • 开源无人机地面站QGroundControl安卓界面美化与逻辑优化实战
  • 如何在NGINX中实现基于IP的访问控制(IP黑白名单)?
  • 解构区块链身份认证:从ID到零知识证明的实战指南
  • 2025年五一数学建模A题【支路车流量推测】原创论文讲解
  • 笔试专题(十四)
  • shell_plus
  • xshell 左边的会话管理器不见怎么办?
  • [面试]SoC验证工程师面试常见问题(一)
  • Python智能体开发
  • 用Selenium开启自动化网页交互与数据抓取之旅
  • git问题记录-如何切换历史提交分支,且保留本地修改
  • 华为网路设备学习-20 IGP路由专题-过滤策略(Filter-Policy)
  • C++ - 数据容器之 list(创建与初始化、元素访问、容量判断、元素遍历、添加元素、删除元素)
  • 部署Superset BI(二)再战Superset
  • DeepSeek+Excel:解锁办公效率新高度
  • 【C语言练习】017. 理解指针与数组的关系
  • 【计算机视觉】三维视觉:Instant-NGP:实时神经辐射场的革命性突破
  • [创业之路-354]:农业文明到智能纪元:四次工业革命下的人类迁徙与价值重构
  • Linux发展史、开源文化与技术生态全景
  • 德雷克海峡发生6.4级地震,震源深度10千米
  • 韩国经济副总理崔相穆宣布辞职
  • 体坛联播|欧冠巴萨3比3战平国米,柯洁未进入国家集训队
  • 中国证券监督管理委员会党委委员、副主席王建军接受审查调查
  • 澎湃回声丨23岁小伙“被精神病”8年续:今日将被移出“重精”管理系统
  • 国家卫健委有关负责人就白皮书发布答记者问