k8s部署新版jenkins

Jenkins是一个可扩展的持续集成引擎，是一个开源软件项目，旨在提供一个开放易用的软件平台，使软件的持续集成变成可能。Jenkins非常易于安装和配置，简单易用。

官网：Jenkins

但我们是基于 Kubernetes 来实现自动化发布，那么最好将 Jenkins以 Pod 的形式运行Kubernetes集群中。其次Jenkins没有数据库，所有的数据都存储在本地，所以只需要将Jenkins的数据目录持久化下来就可以了。

K8S版本跟其他文档用的都是一个1.19.16

1、下载jenkins镜像

docker pull jenkins/jenkins:2.346.3-2-lts

2、创建RBAC

# serviceaccount
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins
  namespace: ops

---
# clusterRole
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: jenkins
rules:
  - apiGroups: ["extensions", "apps"]
    resources: ["deployments", "ingresses"]
    verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
  - apiGroups: [""]
    resources: ["services"]
    verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
  - apiGroups: [""]
    resources: ["pods/exec"]
    verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
  - apiGroups: [""]
    resources: ["pods/log", "events"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get"]

---
# clusterrolebinding
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: jenkins
  namespace: ops
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: jenkins
subjects:
  - kind: ServiceAccount
    name: jenkins
    namespace: ops

3、创建存储，采用storageclass

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: jenkins-storageclass
provisioner: nfs-storage-01
allowVolumeExpansion: true
reclaimPolicy: Retain

4、创建SVC

apiVersion: v1
kind: Service
metadata:
  name: jenkins-svc
  namespace: ops
spec:
  clusterIP: None
  selector:
    app: jenkins
  ports:
    - name: http
      port: 8080
      targetPort: 8080
    - name: agent
      port: 50000
      targetPort: 50000

5、创建StatefulSet

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: jenkins
  namespace: ops
spec:
  serviceName: "jenkins-svc"
  selector:
    matchLabels:
      app: jenkins
  template:
    metadata:
      labels:
        app: jenkins
    spec:
      serviceAccount: jenkins
      
      imagePullSecrets:
      - name: harbor-admin   #harbor密钥

      containers:
        - name: jenkins
          image: jenkins/jenkins:2.346.3-2-lts
          imagePullPolicy: IfNotPresent
          securityContext:     # 添加参数启用容器root权限
            privileged: true
            runAsUser: 0        # root身份运行
          env:
          - name: JAVA_OPTS     
            value: "-Xms1024m -Xmx2048m -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true"
          ports:
            - name: http
              containerPort: 8080
            - name: agent
              containerPort: 50000  #jenkins通讯需要设置8080,50000两个端口
          #resources:
            #limits:
              #cpu: 1000m
              #memory: 2048Mi
          #readinessProbe:          # 就绪探针
           # httpGet:
            #  path: /login
             # port: 8080
            #initialDelaySeconds: 60
            #timeoutSeconds: 5
            #failureThreshold: 12
          volumeMounts:
            - name: data
              mountPath: /var/jenkins_home

  volumeClaimTemplates:
  - metadata:
      name: data
    spec:
      accessModes: ["ReadWriteOnce"]
      storageClassName: "jenkins-storageclass"
      resources:
        requests:
          storage: 50Gi

6、初始化jenkins

1、查看jenkins对应的初始化密码

访问在自己电脑设置hosts，绑定之前ingress配置的域名就可以了；初始管理密码去提示路径看也可以，直接查看jenkins的pod日志也能看到，插件想下载就下载，不想下载用到什么在下也行。

 2、直接使用admin账户登录，修改admin密码

修改完重新登录就可以了