测试在kubernetes集群中部署jenkins
配置nfs
mkdir -p /root/jenkins
chown 777 /root/jenkins-home #配置权限
#vim /etc/exports
/root/jenkins/ *(insecure,rw,sync,no_root_squash)
exportfs -arv #配置生效
systemctl restart nfs
showmount -e localhost # 检查共享目录信息
部署deployment
创建命名空间
kubectl create namespace jenkins-k8s
创建pv
#vim jenkins-pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: jenkins-pv
spec:
capacity:
storage: 5Gi # 大小
accessModes: # 访问模式
- ReadWriteMany # 多路读写
nfs:
server: 192.168.85.6 #NFS服务器地址
path: /root/jenkins # 共享目录
#创建对象
kubectl apply -f jenkins-pv.yaml
创建pvc
#vim jenkins-pvc.yaml
apiVersion: v1
metadata:
name: jenkins-pvc
namespace: jenkins-k8s
spec:
resources:
requests:
storage: 5Gi
accessModes:
- ReadWriteMany
检查pv,pvc
创建sa账号并做RBAC授权
jenkins使用sa账号访问kubernetes集群中的资源,需要对该sa账号授予相关的权限。
#vim jenkins-sa.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins-sa # sa名称
namespace: jenkins-k8s
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: jenkins-clusterrole
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: jenkins-sa
namespace: jenkins-k8s
创建完毕后,检查
kubectl apply -f jenkins-sa.yaml
kubectl -n jenkins-k8s get sa
部署deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: jenkins-k8s
spec:
replicas: 1
selector:
matchLabels:
app: jenkins
template:
metadata:
labels:
app: jenkins
spec:
serviceAccount: jenkins-sa
containers:
- name: jenkins
image: jenkins/jenkins:2.297-alpine
imagePullPolicy: IfNotPresent
ports:
- name: web
containerPort: 8080
protocol: TCP
- name: agent
containerPort: 50000
protocol: TCP
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 500m
memory: 512Mi
livenessProbe:
httpGet:
path: /login
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 5
failureThreshold: 12
readinessProbe:
httpGet:
path: /login
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 5
failureThreshold: 12
volumeMounts:
- name: jenkins-volume
subPath: jenkins-home
mountPath: /var/jenkins_home
volumes:
- name: jenkins-volume
persistentVolumeClaim:
claimName: jenkins-pvc
# 创建Jenkins服务
---
apiVersion: v1
kind: Service
metadata:
name: jenkins-svc
namespace: jenkins-k8s
labels:
app: jenkins
spec:
selector:
app: jenkins
type: NodePort # 使用NodePort类型访问Services服务
ports:
- name: web
port: 8080 # service端口
targetPort: web
nodePort: 30003 # 映射到主机的端口
更新资源对象
解决镜像拉取不到的问题
在国内无FQ情况下很难从k8s.gcr.io等镜像源下载镜像,所以导致jenkins的镜像下载不来,导致部署失败
此时需要配置国内镜像源替代
docker作为容器运行时
sudo cat >> /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://registry.docker-cn.co"]
}
EOF
#重启docker
systemctl daemon-reload
systemctl restart docker
containerd作为容器运行时
sed -i "s/k8s.gcr.io/egistry.aliyuncs.com\/google_containers/g" /etc/containerd/config.toml
systemctl daemon-reload
systemctl restart containerd
注意,更换镜像源的时候,需要在每台node上都执行
在部署完成后,检查资源状态
访问配置jenkins
根据svc的信息,访问任意node的30003端口即可
获取管理员密码
在nfs服务器端配置查看,或者登录容器查看
将密码粘贴登录,然后修改管理员密码
登录后,提示配置插件,选择”安装的推荐的插件“,在线安装,网络有时不稳定会安装失败,重复安装即可。
配置插件
配置管理员
重启jenkins,浏览器输入http://192.168.85.4:30003/restart
jenkins基础配置
安装kubernetes插件
系统管理——>系统配置——Cloud(云)——kubernete