infra-k8s

企业开发常用的jira, gitlab, gitlab-ci, nexus3的k8s部署, 部署文档与yml已上传到github: https://github.com/ytg2097/infra-k8s.git,

jira

jira的数据存储通常会选择mysql, 但是官方镜像中没有包含mysql驱动, 所以需要先手动在jira的镜像基础上copy一个mysql驱动进去. dockerfile如下

FROM atlassian/jira-software
COPY mysql-connector-java-5.1.48.jar /opt/atlassian/jira/lib/mysql-connector-java-5.1.48.jar

镜像准备好之后, 开始编写yaml

kind: ConfigMap
apiVersion: v1
metadata:
  namespace: infra
  name: jira-mysql57
data:
  ## 此处mysqld中的配置参考jira官方文档, 此处踩坑 
  ## jira setup阶段连接mysql时会报bad handshake, 
  ## 需要在my.cnf中加入skip_ssl
  my.cnf:  |
    [mysqld]
    default-storage-engine=INNODB
    default-time-zone='+08:00'
    character_set_server=utf8mb4
    skip-name-resolve
    innodb_default_row_format=DYNAMIC
    innodb_large_prefix=ON
    innodb_file_format=Barracuda
    innodb_log_file_size=2G
    sql_mode = NO_AUTO_VALUE_ON_ZERO
    skip_ssl
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: jira-mysql57
  namespace: infra
  labels:
    name: jira-mysql57
spec:
  selector:
    matchLabels:
      name: jira-mysql57
  template:
    metadata:
      namespace: infra
      name: jira-mysql57
      labels:
        name: jira-mysql57
    spec:
      containers:
        - name: jira-mysql57
          image: mysql:5.7
          imagePullPolicy: IfNotPresent
          ports:
            - name: jira-mysql57
              containerPort: 3306
          env:
            - name: MYSQL_ROOT_PASSWORD
              value: "123456"
            - name: MYSQL_USER
              value: "jira"
            - name: MYSQL_PASSWORD
              value: "jira"
            - name: MYSQL_DATABASE
              value: "jira"
          volumeMounts:
            - mountPath: /var/lib/mysql
              name: data
            - name: jira-mysql57-configmap
              mountPath: /etc/mysql/conf.d/my.cnf
              subPath: my.cnf
          resources:
            requests:
              cpu: 0.5
              memory: 2Gi
            limits:
              cpu: 0.5
              memory: 2Gi
          livenessProbe:
            exec:
              command:
                - sh
                - '-c'
                - 'mysqladmin ping -u root -p${MYSQL_ROOT_PASSWORD}'
            initialDelaySeconds: 30
            timeoutSeconds: 5
            periodSeconds: 10
            successThreshold: 1
            failureThreshold: 3
          readinessProbe:
            exec:
              command:
                - sh
                - '-c'
                - 'mysqladmin ping -u root -p${MYSQL_ROOT_PASSWORD}'
            initialDelaySeconds: 5
            timeoutSeconds: 1
            periodSeconds: 10
            successThreshold: 1
            failureThreshold: 3
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: jira-mysql57
        - name: jira-mysql57-configmap
          configMap:
            name: jira-mysql57
            items:
              - key: my.cnf
                path: my.cnf
            defaultMode: 420
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  namespace: infra
  name: jira-mysql57
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 30Gi
  storageClassName: bangni-dloca
---
apiVersion: v1
kind: Service
metadata:
  namespace: infra
  name: jira-mysql57
  labels:
    name: jira-mysql57
spec:
  ports:
    - name: jira-mysql57
      port: 3306
      targetPort: jira-mysql57
  selector:
    name: jira-mysql57

---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: jira
  namespace: infra
  labels:
    name: jira
spec:
  selector:
    matchLabels:
      name: jira
  template:
    metadata:
      name: jira
      namespace: infra
      labels:
        name: jira
    spec:
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: jira
      containers:
        - name: jira
          image: 10.20.24.3/peony/jira:mysql57
          imagePullPolicy: IfNotPresent
          env:
            - name: JVM_MINIMUM_MEMORY
              value: 512m
            - name: JVM_MAXIMUM_MEMORY
              value: 4096m
            - name: ATL_PROXY_NAME
              value: jira.example.com
            - name: ATL_DB_TYPE
              value: mysql57
            - name: ATL_DB_DRIVER
              value: com.mysql.jdbc.Driver
            - name: ATL_JDBC_URL
              value: jdbc:mysql://jira-mysql57:3306/jira?useSSL=false&useUnicode=true&characterEncoding=UTF-8&autoReconnect=true
            - name: ATL_JDBC_USER
              value: jira
            - name: ATL_JDBC_PASSWORD
              value: jira
          ports:
            - name: jira
              containerPort: 8080
          volumeMounts:
            - mountPath: /var/atlassian/application-data/jira
              name: data
          resources:
            requests:
              cpu: 2
              memory: 5Gi
            limits:
              cpu: 2
              memory: 5Gi
          livenessProbe:
            httpGet:
              path: /
              port: 8080
            initialDelaySeconds: 60
            periodSeconds: 30
          readinessProbe:
            httpGet:
              path: /
              port: 8080
            initialDelaySeconds: 60
            periodSeconds: 30
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  namespace: infra
  name: jira
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  storageClassName: bangni-dloca
---
apiVersion: v1
kind: Service
metadata:
  namespace: infra
  name: jira
  labels:
    name: jira
spec:
  ports:
    - name: jira
      port: 8080
      targetPort: jira
  selector:
    name: jira

---
kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
  name: jira-http
  namespace: infra
spec:
  rules:
    - host: jira.example.com
      http:
        paths:
          - path: /
            pathType: ImplementationSpecific
            backend:
              serviceName: jira
              servicePort: 8080

kubectl apply之后完成后浏览器访问jira.example.com进行jira初始化操作, 比较奇怪的是按照jira镜像文档通过env注入的jdbc配置没有生效, 初始化时仍然需要手动配置数据库参数

nexus3

nexus3的部署中注意加入一个initContainer去修改/nexus-data的权限, 否则nexus容器启动时会报permission denied错误.

然后是nexus3启动后在进行deploy操作室会报413错误,  原因是nginxingress生成的server中默认的接受的requestbody的大小是1m, 所以需要在annotation中加入nginx.ingress.kubernetes.io/proxy-body-size: 500m放宽body大小.

### nexus3
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nexus3
  namespace: infra
  labels:
    name: nexus3
spec:
  selector:
    matchLabels:
      name: nexus3
  template:
    metadata:
      namespace: infra
      name: nexus3
      labels:
        name: nexus3
    spec:
      initContainers:
        - name: volume-mount
          image: busybox
          command: [ "sh", "-c", "chown -R 200:200 /nexus-data" ]
          volumeMounts:
            - name: data
              mountPath: /nexus-data
      containers:
        - name: nexus3
          image: sonatype/nexus3:3.36.0
          imagePullPolicy: IfNotPresent
          ports:
            - name: nexus3
              containerPort: 8081
          volumeMounts:
            - mountPath: /nexus-data
              name: data
          resources:
            requests:
              cpu: 2
              memory: 4Gi
            limits:
              cpu: 2
              memory: 4Gi
          livenessProbe:
            httpGet:
              path: /
              port: 8081
            initialDelaySeconds: 60
            periodSeconds: 30
          readinessProbe:
            httpGet:
              path: /
              port: 8081
            initialDelaySeconds: 60
            periodSeconds: 30
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: nexus3
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  namespace: infra
  name: nexus3
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 30Gi
  storageClassName: bangni-dloca
---
apiVersion: v1
kind: Service
metadata:
  namespace: infra
  name: nexus3
  labels:
    name: nexus3
spec:
  ports:
    - name: nexus3
      port: 8081
      targetPort: nexus3
  selector:
    name: nexus3

---
kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
  name: nexus-http
  namespace: infra
  annotations:
    # 处理nginx ingress的413错误
    nginx.ingress.kubernetes.io/proxy-body-size: 500m
spec:
  rules:
    - host: nexus.example.com
      http:
        paths:
          - path: /
            pathType: ImplementationSpecific
            backend:
              serviceName: nexus3
              servicePort: 8081

篇幅所限, 更多内容请移步github