k8s部署新版jenkins

Jenkins是一个可扩展的持续集成引擎,是一个开源软件项目,旨在提供一个开放易用的软件平台,使软件的持续集成变成可能。Jenkins非常易于安装和配置,简单易用。

官网:Jenkins

但我们是基于 Kubernetes 来实现自动化发布,那么最好将 Jenkins以 Pod 的形式运行Kubernetes集群中。其次Jenkins没有数据库,所有的数据都存储在本地,所以只需要将Jenkins的数据目录持久化下来就可以了。

K8S版本跟其他文档用的都是一个1.19.16

1、下载jenkins镜像

docker pull jenkins/jenkins:2.346.3-2-lts

2、创建RBAC

# serviceaccount
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins
  namespace: ops

---
# clusterRole
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: jenkins
rules:
  - apiGroups: ["extensions", "apps"]
    resources: ["deployments", "ingresses"]
    verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
  - apiGroups: [""]
    resources: ["services"]
    verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
  - apiGroups: [""]
    resources: ["pods/exec"]
    verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
  - apiGroups: [""]
    resources: ["pods/log", "events"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get"]

---
# clusterrolebinding
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: jenkins
  namespace: ops
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: jenkins
subjects:
  - kind: ServiceAccount
    name: jenkins
    namespace: ops

3、创建存储,采用storageclass

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: jenkins-storageclass
provisioner: nfs-storage-01
allowVolumeExpansion: true
reclaimPolicy: Retain

4、创建SVC

apiVersion: v1
kind: Service
metadata:
  name: jenkins-svc
  namespace: ops
spec:
  clusterIP: None
  selector:
    app: jenkins
  ports:
    - name: http
      port: 8080
      targetPort: 8080
    - name: agent
      port: 50000
      targetPort: 50000

5、创建StatefulSet

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: jenkins
  namespace: ops
spec:
  serviceName: "jenkins-svc"
  selector:
    matchLabels:
      app: jenkins
  template:
    metadata:
      labels:
        app: jenkins
    spec:
      serviceAccount: jenkins
      
      imagePullSecrets:
      - name: harbor-admin   #harbor密钥

      containers:
        - name: jenkins
          image: jenkins/jenkins:2.346.3-2-lts
          imagePullPolicy: IfNotPresent
          securityContext:     # 添加参数启用容器root权限
            privileged: true
            runAsUser: 0        # root身份运行
          env:
          - name: JAVA_OPTS     
            value: "-Xms1024m -Xmx2048m -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true"
          ports:
            - name: http
              containerPort: 8080
            - name: agent
              containerPort: 50000  #jenkins通讯需要设置8080,50000两个端口
          #resources:
            #limits:
              #cpu: 1000m
              #memory: 2048Mi
          #readinessProbe:          # 就绪探针
           # httpGet:
            #  path: /login
             # port: 8080
            #initialDelaySeconds: 60
            #timeoutSeconds: 5
            #failureThreshold: 12
          volumeMounts:
            - name: data
              mountPath: /var/jenkins_home

  volumeClaimTemplates:
  - metadata:
      name: data
    spec:
      accessModes: ["ReadWriteOnce"]
      storageClassName: "jenkins-storageclass"
      resources:
        requests:
          storage: 50Gi

6、初始化jenkins

1、查看jenkins对应的初始化密码

访问在自己电脑设置hosts,绑定之前ingress配置的域名就可以了;初始管理密码去提示路径看也可以,直接查看jenkins的pod日志也能看到,插件想下载就下载,不想下载用到什么在下也行。

k8s部署新版jenkins_第1张图片

 2、直接使用admin账户登录,修改admin密码

修改完重新登录就可以了

k8s部署新版jenkins_第2张图片

k8s部署新版jenkins_第3张图片

k8s部署新版jenkins_第4张图片

你可能感兴趣的:(jenkins,kubernetes,运维,linux,容器)