目錄
- 環境
- 思路
- 1、NFS(動態存儲)
- 2、helm安裝nfs-client
- 3、創建namespace
- 4、持久化Jenkins數據
- 5、創建service account
- 6、安裝Jenkins
- 7、授權對Jenkins服務的訪問權限
- 8、打開瀏覽器IP:31400/
環境
生產實踐-k8s安裝Jenkins和Jenkins Kubernetes插件
環境要求:你需要一個正常可以使用的Kubernetes集群,集群中可以使用的內存大于等于4G。
Kubernetes版本1.18
思路
Jenkins插件可以在Kubernetes集群中運行動態jenkins-slave代理。
基于Kubernetes的docker,自動化在Kubernetes中運行的Jenkins-slave代理的縮放。
該插件為每個jenkins-slave代理創建Kubernetes Pod,并在每個構建后停止它。
在Kubernetes中jenkins-slave代理啟動,會自動連接到Jenkins主控制器。 對于某些環境變量,會自動注入:
Jenkins_URL:Jenkins Web界面URL
jenkins_secret:身份驗證的秘密密鑰
jenkins_agent_name:jenkins代理的名稱
jenkins_name:jenkins代理的名稱(已棄用。僅用于向后兼容性)
不需要在Kubernetes內運行Jenkins Controller。
1、NFS(動態存儲)
#安裝 yum install -y nfs-utils rpcbind mkdir -p /data/nfsdata # 修改配置 $ vim /etc/exports /data/nfsdata 192.168.31.* (rw,async,no_root_squash) # 使配置生效 $ exportfs -r # 服務端查看下是否生效 $ showmount -e localhost Export list for localhost: /data/nfsdata (everyone)
2、helm安裝nfs-client
stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts helm添加這個源
下載helm包 helm pull aliyuncs/nfs-client-provisioner 解壓 tar -zxvf nfs-client-provisioner-1.2.8.tgz 修復values.yaml 三處 image: repository: quay.io/external_storage/nfs-client-provisioner tag: v3.1.0-k8s1.11 pullPolicy: IfNotPresent nfs: server: 192.168.31.73 path: /data/nfsdata reclaimPolicy: Retain
3、創建namespace
kubectl create namespace jenkins kubectl get namespaces
4、持久化Jenkins數據
pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins-pvc
namespace: jenkins
spec:
storageClassName: "nfsdata"
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
通過kubectl部署volume
kubectl apply -f pvc.yaml
5、創建service account
創建pod時,如果不指定服務賬戶,則會自動為其分配一個名為default的同一namespace中的服務賬戶。但是通常應用程序時存在權限不足的情況,所以需要我們自己創建一個服務賬戶。
①下載jenkins-sa.yaml
wget https://raw.githubusercontent.com/jenkins-infra/jenkins.io/master/content/doc/tutorials/kubernetes/installing-jenkins-on-kubernetes/jenkins-sa.yaml
②通過kubectl部署jenkins-sa.yaml
kubectl apply -f jenkins-sa.yaml
或者使用下面的文件
jenkins-sa.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
namespace: jenkins
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: jenkins
rules:
- apiGroups:
- '*'
resources:
- statefulsets
- services
- replicationcontrollers
- replicasets
- podtemplates
- podsecuritypolicies
- pods
- pods/log
- pods/exec
- podpreset
- poddisruptionbudget
- persistentvolumes
- persistentvolumeclaims
- jobs
- endpoints
- deployments
- deployments/scale
- daemonsets
- cronjobs
- configmaps
- namespaces
- events
- secrets
verbs:
- create
- get
- watch
- delete
- list
- patch
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: jenkins
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:serviceaccounts:jenkins
6、安裝Jenkins
jenkins-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: jenkins
spec:
replicas: 1
selector:
matchLabels:
app: jenkins
template:
metadata:
labels:
app: jenkins
spec:
serviceAccountName: jenkins #指定我們前面創建的服務賬號
containers:
- name: jenkins
image: registry.cn-hangzhou.aliyuncs.com/s-ops/jenkins:2.346
ports:
- containerPort: 8080
- containerPort: 50000
volumeMounts:
- name: jenkins-home
mountPath: /var/jenkins_home
volumes:
- name: jenkins-home
persistentVolumeClaim:
claimName: jenkins-pvc #指定前面創建的PVC
通過kubectl部署jenkins-deployment.yaml
kubectl create -f jenkins-deployment.yaml -n jenkins
7、授權對Jenkins服務的訪問權限
主要目的暴露外部訪問Jenkins的8080端口,我將31400定義為8080的映射端口。
jenkins-service.yaml
apiVersion: v1
kind: Service
metadata:
name: jenkins
namespace: jenkins
spec:
type: NodePort
ports:
- name: http
port: 8080
targetPort: 8080
nodePort: 31400
- name: agent
port: 50000
targetPort: 50000
nodePort: 31401
selector:
app: jenkins
通過kubectl部署服務
kubectl create -f jenkins-service.yaml -n jenkins
8、打開瀏覽器IP:31400/
查看密碼
kubectl get pod -n jenkins //查詢podname kubectl logs podname -n jenkins ************************************************************* Jenkins initial setup is required. An admin user has been created and a password generated. Please use the following password to proceed to installation: cf8d9da9de0346fd90461be366915d76 This may also be found at: /var/jenkins_home/secrets/initialAdminPassword *************************************************************
選擇推薦插件安裝,創建管理員~完成!
