在K8s中部署Jenkins
2023-11-05 本文已影响0人
sexy_cyber
- 1、创建命名空间:
devops-tools
devops所有工具都建议放在该命名空间下
apiVersion: v1
kind: Namespace
metadata:
name: devops-tools
- 2、创建
serviceAccount
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: jenkins-admin
rules:
- apiGroups: [""]
resources: ["*"]
verbs: ["*"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins-admin
namespace: devops-tools
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: jenkins-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: jenkins-admin
subjects:
- kind: ServiceAccount
name: jenkins-admin
namespace: devops-tools
-
3、确认K8s存在默认的
StorageClassstandard
通过dashboard可以看到
-
4、确定服务器存在该目录:
/data/jenkins,如果不存在则新建;且确保其有足够的可用空间
df -h /data/jenkins
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg01-lvol01 500G 91G 410G 19% /data
-
5、查看集群节点名称,复制该名称,为第6步的配置用
dashboard查看结果
-
6、创建PV和PVC
path: /data/jenkins 该配置为服务器的文件目录
apiVersion: v1
kind: PersistentVolume
metadata:
name: jenkins-pv-volume
labels:
type: local
spec:
storageClassName: standard
claimRef:
name: jenkins-pv-claim
namespace: devops-tools
capacity:
storage: 100Gi
accessModes:
- ReadWriteOnce
local:
path: /data/jenkins
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- spiders-control-plane
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins-pv-claim
namespace: devops-tools
spec:
storageClassName: standard
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
- 7、由于当前的K8s是运行在容器中的,无法直接访问服务器文件系统,这里需要多一层挂载
Kind部署的 k8s,需要执行该操作,因为Kind部署的k8s是运行在容器中的
非Kind部署的K8s,可以忽略该步骤
7.1 找到运行K8s的容器ID
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4317c7e4448a uhub.service.ucloud.cn/drakespider/spider:dappradar6 "tail -f /dev/null" 3 weeks ago Up 3 weeks test
dbe0bb145add kindest/node:v1.27.3 "/usr/local/bin/entr…" 7 weeks ago Up 5 weeks 0.0.0.0:6443->6443/tcp, 0.0.0.0:30000-30218->30000-30218/tcp spiders-control-plane
7.2 将服务器文件系统的目录挂载到容器中
docker exec -it dbe0bb145add mkdir -p /data/jenkins
docker exec -it dbe0bb145add mount --bind /data/jenkins /data/jenkins
- 8、核心环节:部署Jenkins服务
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: devops-tools
spec:
replicas: 1
selector:
matchLabels:
app: jenkins-server
template:
metadata:
labels:
app: jenkins-server
spec:
securityContext:
fsGroup: 1000
runAsUser: 1000
serviceAccountName: jenkins-admin
containers:
- name: jenkins
image: jenkins/jenkins:lts
resources:
limits:
memory: "2Gi"
cpu: "1000m"
requests:
memory: "500Mi"
cpu: "500m"
ports:
- name: httpport
containerPort: 8080
- name: jnlpport
containerPort: 50000
livenessProbe:
httpGet:
path: "/login"
port: 8080
initialDelaySeconds: 90
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
readinessProbe:
httpGet:
path: "/login"
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
volumeMounts:
- name: jenkins-data
mountPath: /var/jenkins_home
volumes:
- name: jenkins-data
persistentVolumeClaim:
claimName: jenkins-pv-claim
- 9、部署网络服务service
将容器端口暴露到命名空间
apiVersion: v1
kind: Service
metadata:
name: jenkins-service
namespace: devops-tools
annotations:
prometheus.io/scrape: 'true'
prometheus.io/path: /
prometheus.io/port: '8080'
spec:
selector:
app: jenkins-server
ports:
- name: httpport
port: 8080
targetPort: 8080
- name: jnlpport
port: 50000
targetPort: 50000
- 10、新增nginx路由配置:
将该配置编辑到K8s nginx-config Config Maps 中
server {
listen 443 ssl;
server_name jenkins.siquanzhuanxiang.top;
location / {
proxy_pass http://jenkins-service.devops-tools.svc.cluster.local:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
- 11、重启K8s中的Nginx服务
- 12、访问地址:https://jenkins.siquanzhuanxiang.top
-
13、通过Jenkins应用日志找初始密码,登录后开始配置
登录成功后的首页
- 14、创建首个管理员账户和密码
- 15、修改时区
- 16、对Jenkins进行初始化配置
- 17、安装插件
