k8s安装jenkins

serviceAccount.yaml”创建“jenkins-admin”clusterRole、“jenkins-admin”ServiceAccount，并将“clusterRole”绑定到服务帐户。分配一个名为jenkins-pv-volume的pv容量为5G，在这个pv中分名为jenkins-pv-claim的pvc限制3G，挂载目录为/hone/jenkins，挂载节点为longxi-0

WL大大

1014人浏览 · 2023-12-22 20:33:06

WL大大 · 2023-12-22 20:33:06 发布

官方部署教程：https://www.jenkins.io/doc/book/installing/kubernetes/

准备k8s部署清单

创建一个名为jenkins的命名空间，便于环境区别

[root@longxi-01 ~]# kubectl create namespace jenkins
namespace/jenkins created

创建serviceAccount服务账户

在Kubernetes中，Service Account（服务账户）是用来定义运行在Pod中的进程（容器）对Kubernetes API的访问权限的身份。

[root@longxi-01 jenkins]# pwd
/root/jenkins
[root@longxi-01 jenkins]# 
[root@longxi-01 jenkins]# vim serviceAccount.yaml
#修改了一下namespace命名空间
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: jenkins-admin
rules:
  - apiGroups: [""]
    resources: ["*"]
    verbs: ["*"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins-admin
  namespace: jenkins
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: jenkins-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: jenkins-admin
subjects:
- kind: ServiceAccount
  name: jenkins-admin
  namespace: jenkins[root@longxi-01 jenkins]# pwd
/root/jenkins
[root@longxi-01 jenkins]# 
[root@longxi-01 jenkins]# vim serviceAccount.yaml
#修改了一下namespace命名空间
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: jenkins-admin
rules:
  - apiGroups: [""]
    resources: ["*"]
    verbs: ["*"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins-admin
  namespace: jenkins
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: jenkins-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: jenkins-admin
subjects:
- kind: ServiceAccount
  name: jenkins-admin
  namespace: jenkins

创建服务账号

“serviceAccount.yaml”创建“jenkins-admin”clusterRole、“jenkins-admin”ServiceAccount，并将“clusterRole”绑定到服务帐户。

“jenkins-admin”集群角色拥有管理集群组件的所有权限。您还可以通过指定单个资源操作来限制访问。

[root@longxi-01 jenkins]# kubectl apply -f serviceAccount.yaml 
clusterrole.rbac.authorization.k8s.io/jenkins-admin created
serviceaccount/jenkins-admin created
clusterrolebinding.rbac.authorization.k8s.io/jenkins-admin created

创建持久化清单

分配一个名为jenkins-pv-volume的pv容量为5G，在这个pv中分名为jenkins-pv-claim的pvc限制3G，挂载目录为/hone/jenkins，挂载节点为longxi-02

[root@longxi-01 jenkins]# vim volume.yaml 

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: local-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer

---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: jenkins-pv-volume
  labels:
    type: local
spec:
  storageClassName: local-storage
  claimRef:
    name: jenkins-pv-claim
    namespace: jenkins
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteMany
  local:
    path: /home/jenkins
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - longxi-02

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: jenkins-pv-claim
  namespace: jenkins
spec:
  storageClassName: local-storage
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 3Gi

注意修改本地挂载路径：path: /home/jenkins

注意挂载pv的node节点：- longxi-02

注意创建相应node节点中挂载的目录 [root@longxi-02 home]# mkdir jenkins

[root@longxi-01 jenkins]# kubectl apply -f volume.yaml 
storageclass.storage.k8s.io/local-storage created
persistentvolume/jenkins-pv-volume created
persistentvolumeclaim/jenkins-pv-claim created

创建deployment，由于资源有限只开了一个副本

[root@longxi-01 jenkins]# vim deployment.yaml 

apiVersion: apps/v1
kind: Deployment
metadata:
  name: jenkins
  namespace: jenkins
spec:
  replicas: 1
  selector:
    matchLabels:
      app: jenkins
  template:
    metadata:
      labels:
        app: jenkins
    spec:
      nodeSelector:
        kubernetes.io/hostname: longxi-02
      securityContext:
            fsGroup: 1000 
            runAsUser: 1000
      serviceAccountName: jenkins-admin
      containers:
        - name: jenkins
          image: jenkins/jenkins:2.387.3-lts-jdk11
          resources:
            limits:
              memory: "2Gi"
              cpu: "1000m"
            requests:
              memory: "500Mi"
              cpu: "500m"
          ports:
            - name: httpport
              containerPort: 8080
            - name: jnlpport
              containerPort: 50000
          livenessProbe:
            httpGet:
              path: "/login"
              port: 8080
            initialDelaySeconds: 90
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 5
          readinessProbe:
            httpGet:
              path: "/login"
              port: 8080
            initialDelaySeconds: 60
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 3
          volumeMounts:
            - name: jenkins-data
              mountPath: /var/jenkins_home         
      volumes:
        - name: jenkins-data
          persistentVolumeClaim:
              claimName: jenkins-pv-claim

image镜像版本,这里我使用的是jenkins/jenkins:2.387.3-lts-jdk11

修改挂载pv的节点 kubernetes.io/hostname: longxi-02

[root@longxi-01 jenkins]# kubectl apply -f deployment.yaml 
[root@longxi-01 jenkins]# kubectl get pods -n jenkins -o wide
NAME                       READY   STATUS    RESTARTS   AGE     IP             NODE        NOMINATED NODE   READINESS GATES
jenkins-66bd867d86-hm2p7   1/1     Running   0          2m59s   10.244.1.167   longxi-02   <none>           <none>

创建service，NodePort类型指定端口32000

[root@longxi-01 jenkins]# vim service.yaml

apiVersion: v1
kind: Service
metadata:
  name: jenkins
  namespace: jenkins
  annotations:
      prometheus.io/scrape: 'true'
      prometheus.io/path:   /
      prometheus.io/port:   '8080'
spec:
  selector:
    app: jenkins
  type: NodePort
  ports:
    - port: 8080
      targetPort: 8080
      nodePort: 32000

[root@longxi-01 jenkins]# kubectl apply -f service.yaml 
service/jenkins created
[root@longxi-01 jenkins]# kubectl get svc -n jenkins
NAME      TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
jenkins   NodePort   10.254.201.197   <none>        8080:32000/TCP   7s

这个时候已经能访问了，longxi-02节点的IP:32000，http://10.211.55.6:32000/，线上建议配置ingress-nginx代理出来，测试环境就到这就行

获取密码：

[root@longxi-01 jenkins]# kubectl logs -f jenkins-66bd867d86-hm2p7 -n jenkins

登录进去后设置国内源，

https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json

然后再master节点上重启jenkins

[root@longxi-01 ~]# kubectl delete pods jenkins-66bd867d86-hm2p7  -n jenkins
pod "jenkins-66bd867d86-hm2p7" deleted

安装kubernetes插件，绑定集群

等待安装，选择安装完成后重启jenkins

绑定k8s集群

查看 Kubernetes API server

[root@longxi-01 ~]# kubectl cluster-info
Kubernetes control plane is running at https://10.211.55.5:6443
CoreDNS is running at https://10.211.55.5:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

也可以不用填写，默认会读取，因为我们是基于k8s部署的jenkins，也部署了Service Account的所以不需要填key。

在此就部署完了，具体使用后面空了再学习撰写。

K8S/Kubernetes

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐

【深度】阿里巴巴万级规模 K8s 集群全局高可用体系之美

作者 | 韩堂、柘远、沉醉来源 | 阿里巴巴云原生公众号前言台湾作家林清玄在接受记者采访的时候，如此评价自己 30 多年写作生涯：“第一个十年我才华横溢，‘贼光闪现’，令周边黯然失色；第二个十年，我终于‘宝光现形’，不再去抢风头，反而与身边的美丽相得益彰；进入第三个十年，繁华落尽见真醇，我进入了‘醇光初现’的阶段，真正体味到了境界之美”。长夜有穷，真水无香。领略过了 K8s“身在江

K8S/Kubernetes

如何基于 K8s 构建下一代 DevOps 平台？

作者 | 孙健波（天元）导读：当前云原生 DevOps 体系现状如何？面临哪些挑战？如何通过 OAM 解决云原生 DevOps 场景下的诸多问题？云原生开发应用模型 OAM(Open Application Model) 社区核心成员孙健波将为大家一一解答，并分享如何基于 OAM 和 Kubernetes 打造无限能力的下一代 DevOps 平台。什么是 DevOps？为什么基于 Kub