K8S 之 Jenkins安装

一、Jenkins安装准备条件

#在运维主机操作：
1.准备镜像
~]# docker pull jenkins/jenkins:2.190.3
~]# docker images | grep jenkins
~]# docker tag 22b8b9a84dbe test-harbor.cedarhd.com/public/jenkins:v2.190.3
~]# docker push test-harbor.cedarhd.com/public/jenkins:v2.190.3

2.自定义Dockerfile
#官网拉取的镜像需要做些自定义操作，才能在k8s集群中部署(运维主机上运行)
mkdir -p /data/dockerfile/jenkins
cd /data/dockerfile/jenkins
vim Dockerfile
FROM test-harbor.cedarhd.com/public/jenkins:v2.190.3
USER root
RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime &&\ 
    echo 'Asia/Shanghai' >/etc/timezone
ADD id_rsa /root/.ssh/id_rsa
ADD config.json /root/.docker/config.json
ADD get-docker.sh /get-docker.sh
RUN echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config &&\
    /get-docker.sh

#解释：
> - 设置容器用户为root
> - 设置容器内的时区
> - 将ssh私钥加入（使用git拉代码时要用到，配对的公钥应配置在gitlab中）
> - 加入了登录自建harbor仓库的config文件
> - 修改了ssh客户端的
> - 安装一个docker的客户端
> - 如果因为网络原因构建失败，可以在最后“ /get-docker.sh --mirror Aliyun”

3.生成ssh密钥对
jenkins]# ssh-keygen -t rsa -b 2048 -C "[email protected]" -N "" -f /root/.ssh/id_rsa
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:bIajghsF/BqJouTeNvZXvQWvolAKWvhVSuZ3uVWoVXU [email protected]
The key's randomart image is:
+---[RSA 2048]----+
|             ...E|
|.           o   .|
|..   o .   o .   |
|..+ + oo  +..    |
|o=.+ +ooS+..o    |
|=o* o.++..o. o   |
|++...o  ..  +    |
|.o.=  .. . o     |
|..o.o.... .      |
+----[SHA256]-----+
enkins]# cp /root/.ssh/id_rsa .

4.准备其它文件
jenkins]# cp /root/.docker/config.json .
jenkins]# curl -fsSL get.docker.com -o get-docker.sh
jenkins]# chmod +x get-docker.sh 
jenkins]# ll
total 28
-rw------- 1 root root   160 Jan 28 23:41 config.json
-rw-r--r-- 1 root root   355 Jan 28 23:38 Dockerfile
-rwxr-xr-x 1 root root 13216 Jan 28 23:42 get-docker.sh
-rw------- 1 root root  1675 Jan 28 23:38 id_rsa

5、登陆harbor创建infra私有仓库
创建infra的project，access level 为Private

6、生成jenkins镜像
jenkins]# docker build -t harbor.phc-dow.com/infra/jenkins:v2.190.3 .
jenkins]# docker push test-harbor.cedarhd.com/infra/jenkins:v2.190.3

7、准备共享存储
yum install nfs-utils -y
~]# vim /etc/exports
/data/nfs-volume 10.4.7.0/24(rw,no_root_squash)
###启动NFS服务
~]# mkdir -p /data/nfs-volume
~]# systemctl start nfs
~]# systemctl enable nfs

二、Jenkins安装所需资源配置清单

mkdir /data/k8s-yaml/jenkins && mkdir -p /data/nfs-volume/jenkins_home && cd /data/k8s-yaml/jenkins

~]# vi dp.yaml        #用于创建配置pod控制器与pod资源
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: jenkins
  namespace: infra
  labels: 
    name: jenkins
spec:
  replicas: 1
  selector:
    matchLabels: 
      name: jenkins
  template:
    metadata:
      labels: 
        app: jenkins 
        name: jenkins
    spec:
      volumes:
      - name: data
        nfs: 
          server: test-operator.cedarhd.com
          path: /data/nfs-volume/jenkins_home
      - name: docker
        hostPath: 
          path: /run/docker.sock
          type: ''
      containers:
      - name: jenkins
        image: test-harbor.cedarhd.com/infra/jenkins:v2.190.3
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 8080
          protocol: TCP
        env:
        - name: JAVA_OPTS
          value: -Xmx512m -Xms512m
        volumeMounts:
        - name: data
          mountPath: /var/jenkins_home
        - name: docker
          mountPath: /run/docker.sock
      imagePullSecrets:
      - name: harbor
      securityContext: 
        runAsUser: 0
  strategy:
    type: RollingUpdate
    rollingUpdate: 
      maxUnavailable: 1
      maxSurge: 1
  revisionHistoryLimit: 7
  progressDeadlineSeconds: 600

-----------------------------------------------------------------------------------------------

~]# vim service.yaml       #用于创建cluster ip与端口映射
kind: Service
apiVersion: v1
metadata: 
  name: jenkins
  namespace: infra
spec:
  ports:
  - protocol: TCP
    port: 80
    targetPort: 8080
  selector:
    app: jenkins

jenkins]# cat ingress.yaml                 #用于创建ingress转发规则
kind: Ingress
apiVersion: extensions/v1beta1
metadata: 
  name: jenkins
  namespace: infra
spec:
  rules:
  - host: test-jenkins.cedarhd.com
    http:
      paths:
      - path: /
        backend: 
          serviceName: jenkins
          servicePort: 80
-----------------------------------------------------------------------------------------------

三、在其中一个运算节点上创建资源

 kubectl apply -f http://k8s-yaml.cedarhd.com/jenkins/dp.yaml
 kubectl apply -f http://k8s-yaml.cedarhd.com/jenkins/service.yaml
 kubectl apply -f http://k8s-yaml.cedarhd.com/jenkins/ingress.yaml