基於k8s的jenkins部署及使用(一)基於Kubernetes/K8S構建Jenkins持續整合平臺
阿新 • • 發佈:2020-12-15
基於k8s的jenkins部署及使用(一)
說在前面:這篇文章是基於陽明大佬的部落格寫的,針對我的實際情況做了一些修改,大家可以移步大佬的部落格動態jenkins slave
Deployment的yaml檔案
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: jenkins
namespace: kube-ops-uat
spec:
template:
metadata:
labels:
app: jenkins
spec:
terminationGracePeriodSeconds: 10
serviceAccount: jenkins
containers:
# 下面兩個env的和jvm相關的
- env:
- name: LIMITS_MEMORY
valueFrom:
resourceFieldRef:
divisor: 1Mi
resource: limits.memory
- name: JAVA_OPTS
value: -Xmx$(LIMITS_MEMORY)m -XshowSettings:vm -Dhudson.slaves.NodeProvisioner.initialDelay=0
-Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85
-Duser.timezone=Asia/Shanghai
name: jenkins
image: jenkins/jenkins:lts
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
name: web
protocol: TCP
- containerPort: 50000
name: agent
protocol: TCP
#對於k8s中的pod都建議加上resource限制,防止一個pod出現故障導致整個node的資源都被耗盡
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 500m
memory: 512Mi
livenessProbe:
httpGet:
path: /login
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 5
failureThreshold: 12
readinessProbe:
httpGet:
path: /login
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 5
failureThreshold: 12
#這裡做了持久化,要事先準備好pvc,下面有配置檔案
volumeMounts:
- name: jenkinshome
subPath: jenkins
mountPath: /var/jenkins_home
securityContext:
fsGroup: 1000
volumes:
- name: jenkinshome
persistentVolumeClaim:
claimName: kube-ops-pvc-uat
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
service的yaml檔案
apiVersion: v1
kind: Service
metadata:
name: jenkins
namespace: kube-ops-uat
labels:
app: jenkins
spec:
selector:
app: jenkins
# 這裡採用了ClusterIP的方式暴露服務,所以後面要通過ingress的方式將服務暴露的叢集外使用
type: ClusterIP
ports:
- name: web
port: 8080
targetPort: web
- name: agent
port: 50000
targetPort: agent
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
rbac的yaml檔案
後面正式使用jenkins的時候需要使用到一個有一定許可權的ServiceAccount,這裡copy了大佬的配置
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
namespace: kube-ops-uat
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: jenkins
rules:
- apiGroups: ["extensions", "apps"]
resources: ["deployments"]
verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
- apiGroups: [""]
resources: ["services"]
verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: jenkins
namespace: kube-ops-uat
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
namespace: kube-ops-uat
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
pvc的yaml檔案
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: kube-ops-pvc-uat
namespace: kube-ops-uat
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 20Gi
# 這裡用到了storgeclass,需要事先準備的,此處不多說明
storageClassName: managed-nfs-storage-retain
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
按以下順序建立k8s資源
- namespace
kubectl create namespace kube-ops-uat
- 1
- storageclass
- pvc
- deployment
- service
- rbac
- ingress(這個與jenkins無關,是k8s本身的內容,網上自行學習)
獲取初始密碼
上面建立好deployment後通過以下命令檢視pod的日誌,初始密碼在日誌中,
kubectl logs -f podname -n kube-ops-uat
- 1
日誌中會有這麼一行“Please use the following password to proceed to installation”,下面一行就是密碼。
拿到密碼後就可以通過頁面登入,登入後第一個頁面是讓你安裝一些外掛,可以自行選擇安全哪些外掛或者是選擇推薦安裝的外掛,建議新手選擇推薦安裝的,這一步有點耗時;再之後就是設定一個管理員賬號和密碼。然後就可以使用了.