1.先决条件需要storageClass,动态制备,自动创建pv/pvc.详情参见
k8s-StoargClass的使用-基于nfs-CSDN博客
部署postgresql
2.创建ServiceAccount,用于权限管控.
[root@master /zpf/test]$cat init-sc-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-client-provisioner
namespace: default
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-client-provisioner-runner
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
namespace: default
roleRef:
kind: ClusterRole
name: nfs-client-provisioner-runner
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
namespace: default
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
namespace: default
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
namespace: default
roleRef:
kind: Role
name: leader-locking-nfs-client-provisioner
apiGroup: rbac.authorization.k8s.io
3.查看部署详情
[root@master /zpf/test]$kubectl create -f init-sc-serviceaccount.yaml
serviceaccount/nfs-client-provisioner created
clusterrole.rbac.authorization.k8s.io/nfs-client-provisioner-runner created
clusterrolebinding.rbac.authorization.k8s.io/run-nfs-client-provisioner created
role.rbac.authorization.k8s.io/leader-locking-nfs-client-provisioner created
rolebinding.rbac.authorization.k8s.io/leader-locking-nfs-client-provisioner created
4.部署pgsql的storageClass
[root@master /zpf/sonar-nfs]$cat postgres-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgres-data
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 2Gi
storageClassName: managed-nfs-storage
5.创建pg使用的pvc
[root@master /zpf/sonar-nfs]$kubectl create -f postgres-pvc.yaml
6.查看pv/pvc创建情况
[root@master /zpf/sonar-nfs]$kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
pvc-b7cdc67e-f66a-4602-84ef-e59c741487e2 2Gi RWX Delete Bound default/postgres-data managed-nfs-storage 58m
[root@master /zpf/sonar-nfs]$kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
postgres-data Bound pvc-b7cdc67e-f66a-4602-84ef-e59c741487e2 2Gi RWX managed-nfs-storage 58m
7.创建postgressql服务使用的deployment.yaml
[root@master /zpf/sonar-nfs]$cat pgsql.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres-sonar
spec:
replicas: 1
selector:
matchLabels:
app: postgres-sonar
template:
metadata:
labels:
app: postgres-sonar
spec:
imagePullSecrets:
- name: harbor-registry
containers:
- name: postgres-sonar
image: 192.168.75.35:8858/scorpio/postgres:14.2
ports:
- containerPort: 5432
env:
- name: POSTGRES_DB
value: "sonarDB"
- name: POSTGRES_USER
value: "sonarUser"
- name: POSTGRES_PASSWORD
value: "123456"
volumeMounts:
- name: data
mountPath: /var/lib/postgresql/data
volumes:
- name: data
persistentVolumeClaim:
claimName: postgres-data
8.创建postgersql服务
[root@master /zpf/sonar-nfs]$kubectl create -f pgsql.yaml
9.查看服务启动情况
[root@master /zpf/sonar-nfs]$kubectl get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
nfs-client-provisioner 1/1 1 1 7d
postgres-sonar 1/1 1 1 60m
sonarqube 1/1 1 1 57m
[root@master /zpf/sonar-nfs]$kubectl get po
NAME READY STATUS RESTARTS AGE
jenkins-0 1/1 Running 1 (<invalid> ago) 137m
nfs-client-provisioner-6f86588587-mfxqt 1/1 Running 0 3s
postgres-sonar-77b999f7c7-zsmn6 1/1 Running 1 (<invalid> ago) 60m
sonarqube-757658dc78-dj25k 1/1 Running 1 (<invalid> ago) 57m
10.创建pgsql使用的svc
[root@master /zpf/sonar-nfs]$cat pg-service.yaml
apiVersion: v1
kind: Service
metadata:
name: postgres-sonar
namespace: devops-test
labels:
app: postgres-sonar
spec:
type: NodePort
ports:
- name: postgres-sonar
port: 5432
targetPort: 5432
protocol: TCP
selector:
app: postgres-sonar
11.创建pgsql-svc
[root@master /zpf/sonar-nfs]$kubectl create -f pg-service.yaml
12.查看创建结果
[root@master /zpf/sonar-nfs]$kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
jenkins NodePort 10.233.54.32 <none> 8080:31400/TCP,50000:31401/TCP 6d22h
jenkins-service NodePort 10.233.57.17 <none> 8080:32000/TCP 5d
kubernetes ClusterIP 10.233.0.1 <none> 443/TCP 13d
sonarqube NodePort 10.233.55.245 <none> 9000:32273/TCP 47m
3.部署sonarqube
1.编写sonarqube的pvc文件.(先决条是可以创建使用storageClass)
[root@master /zpf/sonar-nfs]$cat sonar-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sonarqube-data-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: managed-nfs-storage
2.创建动态制备.pv/pvc
[root@master /zpf/sonar-nfs]$kubectl create -f sonar-pvc.yaml
3.查看pv/pvc创建详情
[root@master /zpf/sonar-nfs]$kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
postgres-data Bound pvc-b7cdc67e-f66a-4602-84ef-e59c741487e2 2Gi RWX managed-nfs-storage 164m
sonarqube-data-pvc Bound pvc-b1c1b782-47d7-42ce-be60-8e5d832d21bc 1Gi RWX managed-nfs-storage 165m
[root@master /zpf/sonar-nfs]$kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
pvc-b1c1b782-47d7-42ce-be60-8e5d832d21bc 1Gi RWX Delete Bound default/sonarqube-data-pvc managed-nfs-storage 165m
pvc-b35e5912-99be-4c02-a164-5ea5e385b0a4 1G RWX Delete Bound default/jenkins-pvc managed-nfs-storage 28h
pvc-b7cdc67e-f66a-4602-84ef-e59c741487e2 2Gi RWX Delete Bound default/postgres-data managed-nfs-storage 164m
4.书写sonarqube的deployment文件
[root@master /zpf/sonar-nfs]$cat sonar-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: sonarqube
labels:
app: sonarqube
spec:
replicas: 1
selector:
matchLabels:
app: sonarqube
template:
metadata:
labels:
app: sonarqube
spec:
initContainers:
- name: init-sysctl
image: busybox:1.28.4
command: ["sysctl","-w","vm.max_map_count=262144"]
securityContext:
privileged: true
imagePullSecrets:
- name: harbor-registry
containers:
- name: sonarqube
image: 192.168.75.35:8858/scorpio/sonarqube:10.0.0-community
ports:
- containerPort: 9000
env:
- name: SONARQUBE_JDBC_USERNAME
value: "sonarUser"
- name: SONARQUBE_JDBC_PASSWORD
value: "123456"
- name: SONARQUBE_JDBC_URL
value: "jdbc:postgresql://postgres-sonar:5432/sonarDB"
volumeMounts:
- mountPath: /opt/sonarqube/conf
name: data
- mountPath: /opt/sonarqube/data
name: data
- mountPath: /opt/sonarqube/extensions
name: data
volumes:
- name: data
persistentVolumeClaim:
claimName: sonarqube-data-pvc
5.部署sonarqube的deployment(这里也可以使用sts的方式.)
[root@master /zpf/sonar-nfs]$kubectl create -f sonar-deployment.yaml
6.查看部署详情
[root@master /zpf/sonar-nfs]$kubectl get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
nfs-client-provisioner 1/1 1 1 7d2h
postgres-sonar 1/1 1 1 166m
sonarqube 1/1 1 1 163m
[root@master /zpf/sonar-nfs]$kubectl get po
NAME READY STATUS RESTARTS AGE
nfs-client-provisioner-6f86588587-mfxqt 1/1 Running 0 106m
postgres-sonar-77b999f7c7-zsmn6 1/1 Running 1 (<invalid> ago) 166m
sonarqube-757658dc78-dj25k 1/1 Running 1 (<invalid> ago) 163m
7.创建sonarqube-svc文件
[root@master /zpf/sonar-nfs]$cat sonar-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: sonarqube
labels:
app: sonarqube
spec:
type: NodePort
ports:
- name: sonarqube
port: 9000
targetPort: 9000
protocol: TCP
selector:
app: sonarqube
8.查看部署详情
[root@master /zpf/sonar-nfs]$kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.233.0.1 <none> 443/TCP 13d
sonarqube NodePort 10.233.55.245 <none> 9000:32273/TCP 154m