|
环境生产实践-k8s安装Jenkins和Jenkins Kubernetes插件
环境要求:你需要一个正常可以使用的Kubernetes集群,集群中可以使用的内存大于等于4G。
Kubernetes版本1.18
思路Jenkins插件可以在Kubernetes集群中运行动态jenkins-slave代理。 基于Kubernetes的docker,自动化在Kubernetes中运行的Jenkins-slave代理的缩放。 该插件为每个jenkins-slave代理创建Kubernetes Pod,并在每个构建后停止它。 在Kubernetes中jenkins-slave代理启动,会自动连接到Jenkins主控制器。 对于某些环境变量,会自动注入: Jenkins_URL:Jenkins Web界面URL
jenkins_secret:身份验证的秘密密钥
jenkins_agent_name:jenkins代理的名称
jenkins_name:jenkins代理的名称(已弃用。仅用于向后兼容性)
不需要在Kubernetes内运行Jenkins Controller。
1、NFS(动态存储)#安装yum install -y nfs-utils rpcbindmkdir -p /data/nfsdata # 修改配置$ vim /etc/exports/data/nfsdata 192.168.31.* (rw,async,no_root_squash) # 使配置生效$ exportfs -r # 服务端查看下是否生效$ showmount -e localhost Export list for localhost:/data/nfsdata (everyone)
2、helm安装nfs-clientstable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/chartshelm添加这个源 下载helm包helm pull aliyuncs/nfs-client-provisioner解压tar -zxvf nfs-client-provisioner-1.2.8.tgz修复values.yaml 三处image: repository: quay.io/external_storage/nfs-client-provisioner tag: v3.1.0-k8s1.11 pullPolicy: IfNotPresentnfs: server: 192.168.31.73 path: /data/nfsdata reclaimPolicy: Retain 
3、创建namespacekubectl create namespace jenkinskubectl get namespaces
4、持久化Jenkins数据pvc.yaml apiVersion: v1kind: PersistentVolumeClaimmetadata: name: jenkins-pvc namespace: jenkinsspec: storageClassName: "nfsdata" accessModes: - ReadWriteMany resources: requests: storage: 10Gi 通过kubectl部署volume kubectl apply -f pvc.yaml
5、创建service account创建pod时,如果不指定服务账户,则会自动为其分配一个名为default的同一namespace中的服务账户。但是通常应用程序时存在权限不足的情况,所以需要我们自己创建一个服务账户。
①下载jenkins-sa.yaml wget https://raw.githubusercontent.com/jenkins-infra/jenkins.io/master/content/doc/tutorials/kubernetes/installing-jenkins-on-kubernetes/jenkins-sa.yaml ②通过kubectl部署jenkins-sa.yaml kubectl apply -f jenkins-sa.yaml 或者使用下面的文件 jenkins-sa.yaml ---apiVersion: v1kind: ServiceAccountmetadata: name: jenkins namespace: jenkins---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata: annotations: rbac.authorization.kubernetes.io/autoupdate: "true" labels: kubernetes.io/bootstrapping: rbac-defaults name: jenkinsrules:- apiGroups: - '*' resources: - statefulsets - services - replicationcontrollers - replicasets - podtemplates - podsecuritypolicies - pods - pods/log - pods/exec - podpreset - poddisruptionbudget - persistentvolumes - persistentvolumeclaims - jobs - endpoints - deployments - deployments/scale - daemonsets - cronjobs - configmaps - namespaces - events - secrets verbs: - create - get - watch - delete - list - patch - update- apiGroups: - "" resources: - nodes verbs: - get - list - watch - update---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata: annotations: rbac.authorization.kubernetes.io/autoupdate: "true" labels: kubernetes.io/bootstrapping: rbac-defaults name: jenkinsroleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: jenkinssubjects:- apiGroup: rbac.authorization.k8s.io kind: Group name: system:serviceaccounts:jenkins
6、安装Jenkinsjenkins-deployment.yaml apiVersion: apps/v1kind: Deploymentmetadata: name: jenkins namespace: jenkinsspec: replicas: 1 selector: matchLabels: app: jenkins template: metadata: labels: app: jenkins spec: serviceAccountName: jenkins #指定我们前面创建的服务账号 containers: - name: jenkins image: registry.cn-hangzhou.aliyuncs.com/s-ops/jenkins:2.346 ports: - containerPort: 8080 - containerPort: 50000 volumeMounts: - name: jenkins-home mountPath: /var/jenkins_home volumes: - name: jenkins-home persistentVolumeClaim: claimName: jenkins-pvc #指定前面创建的PVC 通过kubectl部署jenkins-deployment.yaml kubectl create -f jenkins-deployment.yaml -n jenkins
7、授权对Jenkins服务的访问权限主要目的暴露外部访问Jenkins的8080端口,我将31400定义为8080的映射端口。 jenkins-service.yaml apiVersion: v1kind: Servicemetadata: name: jenkins namespace: jenkinsspec: type: NodePort ports: - name: http port: 8080 targetPort: 8080 nodePort: 31400 - name: agent port: 50000 targetPort: 50000 nodePort: 31401 selector: app: jenkins 通过kubectl部署服务 kubectl create -f jenkins-service.yaml -n jenkins
8、打开浏览器IP:31400/查看密码 kubectl get pod -n jenkins //查询podnamekubectl logs podname -n jenkins ************************************************************* Jenkins initial setup is required. An admin user has been created and a password generated.Please use the following password to proceed to installation: cf8d9da9de0346fd90461be366915d76 This may also be found at: /var/jenkins_home/secrets/initialAdminPassword ************************************************************* 选择推荐插件安装,创建管理员~完成! 
下载地址:
关于CVE-2020-1983:Tomcat
Ubuntu下搭建与配置Nginx服务 |
