Kubernetes安装Jenkins的思路详解
目录
-
环境思路1、NFS(动态存储)2、helm安装nfs-client3、创建namespace4、持久化Jenkins数据5、创建service account6、安装Jenkins7、授权对Jenkins服务的访问权限8、打开浏览器IP:31400/
环境
生产实践-k8s安装Jenkins和Jenkins Kubernetes插件
环境要求:你需要一个正常可以使用的Kubernetes集群,集群中可以使用的内存大于等于4G。
Kubernetes版本1.18
思路
Jenkins插件可以在Kubernetes集群中运行动态jenkins-slaveX。
基于Kubernetes的docker,自动化在Kubernetes中运行的Jenkins-slaveX的缩放。
该插件为每个jenkins-slaveX创建Kubernetes Pod,并在每个构建后停止它。
在Kubernetes中jenkins-slaveX启动,会自动连接到Jenkins主控制器。 对于某些环境变量,会自动注入:
Jenkins_URL:Jenkins Web界面URL
jenkins_secret:身份验证的秘密密钥
jenkins_agent_name:jenkinsX的名称
jenkins_name:jenkinsX的名称(已弃用。仅用于向后兼容性)
不需要在Kubernetes内运行Jenkins Controller。
1、NFS(动态存储)
- #安装
- yum install -y nfs-utils rpcbind
- mkdir -p /data/nfsdata
- # 修改配置
- $ vim /etc/exports
- /data/nfsdata 192.168.31.* (rw,async,no_root_squash)
- # 使配置生效
- $ exportfs -r
- # 服务端查看下是否生效
- $ showmount -e localhost
- Export list for localhost:
- /data/nfsdata (everyone)
复制代码
2、helm安装nfs-client
- stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
- helm添加这个源
复制代码
- 下载helm包
- helm pull aliyuncs/nfs-client-provisioner
- 解压
- tar -zxvf nfs-client-provisioner-1.2.8.tgz
- 修复values.yaml 三处
- image:
- repository: quay.io/external_storage/nfs-client-provisioner
- tag: v3.1.0-k8s1.11
- pullPolicy: IfNotPresent
- nfs:
- server: 192.168.31.73
- path: /data/nfsdata
- reclaimPolicy: Retain
复制代码
3、创建namespace
- kubectl create namespace jenkins
- kubectl get namespaces
复制代码
4、持久化Jenkins数据
pvc.yaml
- apiVersion: v1
- kind: PersistentVolumeClaim
- metadata:
- name: jenkins-pvc
- namespace: jenkins
- spec:
- storageClassName: “nfsdata”
- accessModes:
- – ReadWriteMany
- resources:
- requests:
- storage: 10Gi
复制代码 通过kubectl部署volume
- kubectl APPly -f pvc.yaml
复制代码
5、创建service account
创建pod时,如果不指定服务账户,则会自动为其分配一个名为default的同一namespace中的服务账户。但是通常应用程序时存在权限不足的情况,所以需要我们自己创建一个服务账户。
①下载jenkins-sa.yaml
- wget https://raw.githubusercontent.com/jenkins-infra/jenkins.io/master/content/doc/tutorials/kubernetes/installing-jenkins-on-kubernetes/jenkins-sa.yaml
复制代码 ②通过kubectl部署jenkins-sa.yaml
- kubectl apply -f jenkins-sa.yaml
复制代码 或者使用下面的文件
jenkins-sa.yaml
- —
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: jenkins
- namespace: jenkins
- —
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
- annotations:
- rbac.authorization.kubernetes.io/autoupdate: “true”
- labels:
- kubernetes.io/bootstrapping: rbac-defaults
- name: jenkins
- rules:
- – apiGroups:
- – ‘*’
- resources:
- – statefulsets
- – services
- – replicationcontrollers
- – replicasets
- – podtemplates
- – podsecuritypolicies
- – pods
- – pods/log
- – pods/exec
- – podpreset
- – poddisruptionbudget
- – persistentvolumes
- – persistentvolumeclaims
- – jobs
- – endpoints
- – deployments
- – deployments/scale
- – daemonsets
- – cronjobs
- – configmaps
- – namespaces
- – events
- – secrets
- verbs:
- – create
- – get
- – watch
- – delete
- – list
- – patch
- – update
- – apiGroups:
- – “”
- resources:
- – nodes
- verbs:
- – get
- – list
- – watch
- – update
- —
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
- annotations:
- rbac.authorization.kubernetes.io/autoupdate: “true”
- labels:
- kubernetes.io/bootstrapping: rbac-defaults
- name: jenkins
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: jenkins
- subjects:
- – apiGroup: rbac.authorization.k8s.io
- kind: Group
- name: system:serviceaccounts:jenkins
复制代码
6、安装Jenkins
jenkins-deployment.yaml
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: jenkins
- namespace: jenkins
- spec:
- replicas: 1
- selector:
- matchLabels:
- app: jenkins
- template:
- metadata:
- labels:
- app: jenkins
- spec:
- serviceAccountName: jenkins #指定我们前面创建的服务账号
- containers:
- – name: jenkins
- image: registry.cn-hangzhou.aliyuncs.com/s-ops/jenkins:2.346
- ports:
- – containerPort: 8080
- – containerPort: 50000
- volumeMounts:
- – name: jenkins-home
- mountPath: /var/jenkins_home
- volumes:
- – name: jenkins-home
- persistentVolumeClaim:
- claimName: jenkins-pvc #指定前面创建的PVC
复制代码 通过kubectl部署jenkins-deployment.yaml
- kubectl create -f jenkins-deployment.yaml -n jenkins
复制代码
7、授权对Jenkins服务的访问权限
主要目的暴露外部访问Jenkins的8080端口,我将31400定义为8080的映射端口。
jenkins-service.yaml
- apiVersion: v1
- kind: Service
- metadata:
- name: jenkins
- namespace: jenkins
- spec:
- type: NodePort
- ports:
- – name: http
- port: 8080
- targetPort: 8080
- nodePort: 31400
- – name: agent
- port: 50000
- targetPort: 50000
- nodePort: 31401
- selector:
- app: jenkins
复制代码 通过kubectl部署服务
- kubectl create -f jenkins-service.yaml -n jenkins
复制代码
8、打开浏览器IP:31400/
查看密码
- kubectl get pod -n jenkins //查询podname
- kubectl logs podname -n jenkins
- *************************************************************
- Jenkins initial setup is required. An admin user has been created and a password generated.
- Please use the following password to proceed to installation:
- cf8d9da9de0346fd90461be366915d76
- This may also be found at: /var/jenkins_home/secrets/initialAdminPassword
- *************************************************************
复制代码 选择推荐插件安装,创建管理员~完成!
到此这篇关于Kubernetes安装Jenkins的文章就介绍到这了,更多相关Kubernetes安装Jenkins内容请搜索软件技术网以前的文章或继续浏览下面的相关文章希望大家以后多多支持软件技术网!
原创文章,作者:starterknow,如若转载,请注明出处:https://www.starterknow.com/108979.html