免费资源网 – https://freexyz.cn/
目录环境思路1、NFS(动态存储)2、helm安装nfs-client3、创建namespace4、持久化Jenkins数据5、创建service account6、安装Jenkins7、授权对Jenkins服务的访问权限8、打开浏览器IP:31400/
环境
生产实践-k8s安装Jenkins和Jenkins Kubernetes插件
环境要求:你需要一个正常可以使用的Kubernetes集群,集群中可以使用的内存大于等于4G。
Kubernetes版本1.18思路
Jenkins插件可以在Kubernetes集群中运行动态jenkins-slave代理。
基于Kubernetes的docker,自动化在Kubernetes中运行的Jenkins-slave代理的缩放。
该插件为每个jenkins-slave代理创建Kubernetes Pod,并在每个构建后停止它。
在Kubernetes中jenkins-slave代理启动,会自动连接到Jenkins主控制器。 对于某些环境变量,会自动注入:
Jenkins_URL:Jenkins Web界面URL
jenkins_secret:身份验证的秘密密钥
jenkins_agent_name:jenkins代理的名称
jenkins_name:jenkins代理的名称(已弃用。仅用于向后兼容性)
不需要在Kubernetes内运行Jenkins Controller。1、NFS(动态存储)
#安装 yum install -y nfs-utils rpcbind mkdir -p /data/nfsdata # 修改配置 $ vim /etc/exports /data/nfsdata 192.168.31.* (rw,async,no_root_squash) # 使配置生效 $ exportfs -r # 服务端查看下是否生效 $ showmount -e localhost Export list for localhost: /data/nfsdata (everyone)2、helm安装nfs-client
stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts helm添加这个源 下载helm包 helm pull aliyuncs/nfs-client-provisioner 解压 tar -zxvf nfs-client-provisioner-1.2.8.tgz 修复values.yaml 三处 image: repository: quay.io/external_storage/nfs-client-provisioner tag: v3.1.0-k8s1.11 pullPolicy: IfNotPresent nfs: server: 192.168.31.73 path: /data/nfsdata reclaimPolicy: Retain
3、创建namespace
kubectl create namespace jenkins kubectl get namespaces4、持久化Jenkins数据
pvc.yaml
apiVersion: v1 kind: PersistentVolumeClaim metadata: name: jenkins-pvc namespace: jenkins spec: storageClassName: “nfsdata” accessModes: – ReadWriteMany resources: requests: storage: 10Gi通过kubectl部署volume
kubectl apply -f pvc.yaml5、创建service account
创建pod时,如果不指定服务账户,则会自动为其分配一个名为default的同一namespace中的服务账户。但是通常应用程序时存在权限不足的情况,所以需要我们自己创建一个服务账户。
①下载jenkins-sa.yamlwget https://raw.githubusercontent.com/jenkins-infra/jenkins.io/master/content/doc/tutorials/kubernetes/installing-jenkins-on-kubernetes/jenkins-sa.yaml②通过kubectl部署jenkins-sa.yaml
kubectl apply -f jenkins-sa.yaml或者使用下面的文件
jenkins-sa.yaml
— apiVersion: v1 kind: ServiceAccount metadata: name: jenkins namespace: jenkins — apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: rbac.authorization.kubernetes.io/autoupdate: “true” labels: kubernetes.io/bootstrapping: rbac-defaults name: jenkins rules: – apiGroups: – * resources: – statefulsets – services – replicationcontrollers – replicasets – podtemplates – podsecuritypolicies – pods – pods/log – pods/exec – podpreset – poddisruptionbudget – persistentvolumes – persistentvolumeclaims – jobs – endpoints – deployments – deployments/scale – daemonsets – cronjobs – configmaps – namespaces – events – secrets verbs: – create – get – watch – delete – list – patch – update – apiGroups: – “” resources: – nodes verbs: – get – list – watch – update — apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: rbac.authorization.kubernetes.io/autoupdate: “true” labels: kubernetes.io/bootstrapping: rbac-defaults name: jenkins roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: jenkins subjects: – apiGroup: rbac.authorization.k8s.io kind: Group name: system:serviceaccounts:jenkins6、安装Jenkins
jenkins-deployment.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: jenkins namespace: jenkins spec: replicas: 1 selector: matchLabels: app: jenkins template: metadata: labels: app: jenkins spec: serviceAccountName: jenkins #指定我们前面创建的服务账号 containers: – name: jenkins image: registry.cn-hangzhou.aliyuncs.com/s-ops/jenkins:2.346 ports: – containerPort: 8080 – containerPort: 50000 volumeMounts: – name: jenkins-home mountPath: /var/jenkins_home volumes: – name: jenkins-home persistentVolumeClaim: claimName: jenkins-pvc #指定前面创建的PVC通过kubectl部署jenkins-deployment.yaml
kubectl create -f jenkins-deployment.yaml -n jenkins7、授权对Jenkins服务的访问权限
主要目的暴露外部访问Jenkins的8080端口,我将31400定义为8080的映射端口。
jenkins-service.yaml
apiVersion: v1 kind: Service metadata: name: jenkins namespace: jenkins spec: type: NodePort ports: – name: http port: 8080 targetPort: 8080 nodePort: 31400 – name: agent port: 50000 targetPort: 50000 nodePort: 31401 selector: app: jenkins通过kubectl部署服务
kubectl create -f jenkins-service.yaml -n jenkins8、打开浏览器IP:31400/
查看密码
kubectl get pod -n jenkins //查询podname kubectl logs podname -n jenkins ************************************************************* Jenkins initial setup is required. An admin user has been created and a password generated. Please use the following password to proceed to installation: cf8d9da9de0346fd90461be366915d76 This may also be found at: /var/jenkins_home/secrets/initialAdminPassword *************************************************************选择推荐插件安装,创建管理员~完成!
免费资源网 – https://freexyz.cn/
© 版权声明
THE END
暂无评论内容