基於k8s的jenkins部署及使用（一）

• Deployment的yaml檔案
• service的yaml檔案
• rbac的yaml檔案
• pvc的yaml檔案
• • 獲取初始密碼

說在前面：這篇文章是基於陽明大佬的部落格寫的，針對我的實際情況做了一些修改，大家可以移步大佬的部落格動態jenkins slave

Deployment的yaml檔案

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: jenkins
  namespace: kube-ops-uat
spec:
  template:
    metadata:
      labels:
        app: jenkins
    spec:
      terminationGracePeriodSeconds: 10
      serviceAccount: jenkins
      containers:
      # 下面兩個env的和jvm相關的
      - env:
        - name: LIMITS_MEMORY
          valueFrom:
            resourceFieldRef:
              divisor: 1Mi
              resource: limits.memory
        - name: JAVA_OPTS
          value: -Xmx$(LIMITS_MEMORY)m -XshowSettings:vm -Dhudson.slaves.NodeProvisioner.initialDelay=0
            -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85
            -Duser.timezone=Asia/Shanghai

        name: jenkins
        image: jenkins/jenkins:lts
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 8080
          name: web
          protocol: TCP
        - containerPort: 50000
          name: agent
          protocol: TCP
          #對於k8s中的pod都建議加上resource限制，防止一個pod出現故障導致整個node的資源都被耗盡
        resources:
          limits:
            cpu: 1000m
            memory: 1Gi
          requests:
            cpu: 500m
            memory: 512Mi
        livenessProbe:
          httpGet:
            path: /login
            port: 8080
          initialDelaySeconds: 60
          timeoutSeconds: 5
          failureThreshold: 12
        readinessProbe:
          httpGet:
            path: /login
            port: 8080
          initialDelaySeconds: 60
          timeoutSeconds: 5
          failureThreshold: 12
        #這裡做了持久化，要事先準備好pvc，下面有配置檔案
        volumeMounts:
        - name: jenkinshome
          subPath: jenkins
          mountPath: /var/jenkins_home
      securityContext:
        fsGroup: 1000
      volumes:
      - name: jenkinshome
        persistentVolumeClaim:
          claimName: kube-ops-pvc-uat
 

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17
• 18
• 19
• 20
• 21
• 22
• 23
• 24
• 25
• 26
• 27
• 28
• 29
• 30
• 31
• 32
• 33
• 34
• 35
• 36
• 37
• 38
• 39
• 40
• 41
• 42
• 43
• 44
• 45
• 46
• 47
• 48
• 49
• 50
• 51
• 52
• 53
• 54
• 55
• 56
• 57
• 58
• 59
• 60
• 61
• 62
• 63
• 64
• 65
• 66
• 67
• 68
• 69

service的yaml檔案

apiVersion: v1
kind: Service
metadata:
  name: jenkins
  namespace: kube-ops-uat
  labels:
    app: jenkins
spec:
  selector:
    app: jenkins
  # 這裡採用了ClusterIP的方式暴露服務，所以後面要通過ingress的方式將服務暴露的叢集外使用
  type: ClusterIP
  ports:
  - name: web
    port: 8080
    targetPort: web
  - name: agent
    port: 50000
    targetPort: agent
 

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17
• 18
• 19

rbac的yaml檔案

後面正式使用jenkins的時候需要使用到一個有一定許可權的ServiceAccount，這裡copy了大佬的配置

apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins
  namespace: kube-ops-uat

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: jenkins
rules:
  - apiGroups: ["extensions", "apps"]
    resources: ["deployments"]
    verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
  - apiGroups: [""]
    resources: ["services"]
    verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["create","delete","get","list","patch","update","watch"]
  - apiGroups: [""]
    resources: ["pods/exec"]
    verbs: ["create","delete","get","list","patch","update","watch"]
  - apiGroups: [""]
    resources: ["pods/log"]
    verbs: ["get","list","watch"]
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get"]

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: jenkins
  namespace: kube-ops-uat
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: jenkins
subjects:
  - kind: ServiceAccount
    name: jenkins
    namespace: kube-ops-uat
 

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17
• 18
• 19
• 20
• 21
• 22
• 23
• 24
• 25
• 26
• 27
• 28
• 29
• 30
• 31
• 32
• 33
• 34
• 35
• 36
• 37
• 38
• 39
• 40
• 41
• 42
• 43
• 44
• 45
• 46

pvc的yaml檔案

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: kube-ops-pvc-uat
  namespace: kube-ops-uat
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 20Gi
  # 這裡用到了storgeclass，需要事先準備的，此處不多說明
  storageClassName: managed-nfs-storage-retain

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13

按以下順序建立k8s資源

1. namespace

kubectl create namespace kube-ops-uat

• 1

2. storageclass
3. pvc
4. deployment
5. service
6. rbac
7. ingress(這個與jenkins無關，是k8s本身的內容，網上自行學習)

獲取初始密碼

上面建立好deployment後通過以下命令檢視pod的日誌，初始密碼在日誌中,

kubectl logs -f podname -n kube-ops-uat

• 1

日誌中會有這麼一行“Please use the following password to proceed to installation”，下面一行就是密碼。
拿到密碼後就可以通過頁面登入，登入後第一個頁面是讓你安裝一些外掛，可以自行選擇安全哪些外掛或者是選擇推薦安裝的外掛，建議新手選擇推薦安裝的，這一步有點耗時；再之後就是設定一個管理員賬號和密碼。然後就可以使用了.