官方部署教程:https://www.jenkins.io/doc/book/installing/kubernetes/

准备k8s部署清单

创建一个名为jenkins的命名空间,便于环境区别

[root@longxi-01 ~]# kubectl create namespace jenkins
namespace/jenkins created

创建serviceAccount服务账户

在Kubernetes中,Service Account(服务账户)是用来定义运行在Pod中的进程(容器)对Kubernetes API的访问权限的身份。

[root@longxi-01 jenkins]# pwd
/root/jenkins
[root@longxi-01 jenkins]# 
[root@longxi-01 jenkins]# vim serviceAccount.yaml
#修改了一下namespace命名空间
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: jenkins-admin
rules:
  - apiGroups: [""]
    resources: ["*"]
    verbs: ["*"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins-admin
  namespace: jenkins
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: jenkins-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: jenkins-admin
subjects:
- kind: ServiceAccount
  name: jenkins-admin
  namespace: jenkins[root@longxi-01 jenkins]# pwd
/root/jenkins
[root@longxi-01 jenkins]# 
[root@longxi-01 jenkins]# vim serviceAccount.yaml
#修改了一下namespace命名空间
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: jenkins-admin
rules:
  - apiGroups: [""]
    resources: ["*"]
    verbs: ["*"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins-admin
  namespace: jenkins
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: jenkins-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: jenkins-admin
subjects:
- kind: ServiceAccount
  name: jenkins-admin
  namespace: jenkins

创建服务账号

“serviceAccount.yaml”创建“jenkins-admin”clusterRole、“jenkins-admin”ServiceAccount,并将“clusterRole”绑定到服务帐户。

“jenkins-admin”集群角色拥有管理集群组件的所有权限。您还可以通过指定单个资源操作来限制访问。

[root@longxi-01 jenkins]# kubectl apply -f serviceAccount.yaml 
clusterrole.rbac.authorization.k8s.io/jenkins-admin created
serviceaccount/jenkins-admin created
clusterrolebinding.rbac.authorization.k8s.io/jenkins-admin created

创建持久化清单

分配一个名为jenkins-pv-volume的pv容量为5G,在这个pv中分名为jenkins-pv-claim的pvc限制3G,挂载目录为/hone/jenkins,挂载节点为longxi-02

[root@longxi-01 jenkins]# vim volume.yaml 

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: local-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer

---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: jenkins-pv-volume
  labels:
    type: local
spec:
  storageClassName: local-storage
  claimRef:
    name: jenkins-pv-claim
    namespace: jenkins
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteMany
  local:
    path: /home/jenkins
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - longxi-02

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: jenkins-pv-claim
  namespace: jenkins
spec:
  storageClassName: local-storage
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 3Gi

注意修改本地挂载路径:path: /home/jenkins

注意挂载pv的node节点:- longxi-02

注意创建相应node节点中挂载的目录 [root@longxi-02 home]# mkdir jenkins

[root@longxi-01 jenkins]# kubectl apply -f volume.yaml 
storageclass.storage.k8s.io/local-storage created
persistentvolume/jenkins-pv-volume created
persistentvolumeclaim/jenkins-pv-claim created

创建deployment,由于资源有限只开了一个副本

[root@longxi-01 jenkins]# vim deployment.yaml 

apiVersion: apps/v1
kind: Deployment
metadata:
  name: jenkins
  namespace: jenkins
spec:
  replicas: 1
  selector:
    matchLabels:
      app: jenkins
  template:
    metadata:
      labels:
        app: jenkins
    spec:
      nodeSelector:
        kubernetes.io/hostname: longxi-02
      securityContext:
            fsGroup: 1000 
            runAsUser: 1000
      serviceAccountName: jenkins-admin
      containers:
        - name: jenkins
          image: jenkins/jenkins:2.387.3-lts-jdk11
          resources:
            limits:
              memory: "2Gi"
              cpu: "1000m"
            requests:
              memory: "500Mi"
              cpu: "500m"
          ports:
            - name: httpport
              containerPort: 8080
            - name: jnlpport
              containerPort: 50000
          livenessProbe:
            httpGet:
              path: "/login"
              port: 8080
            initialDelaySeconds: 90
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 5
          readinessProbe:
            httpGet:
              path: "/login"
              port: 8080
            initialDelaySeconds: 60
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 3
          volumeMounts:
            - name: jenkins-data
              mountPath: /var/jenkins_home         
      volumes:
        - name: jenkins-data
          persistentVolumeClaim:
              claimName: jenkins-pv-claim

image镜像版本,这里我使用的是jenkins/jenkins:2.387.3-lts-jdk11

修改挂载pv的节点 kubernetes.io/hostname: longxi-02

[root@longxi-01 jenkins]# kubectl apply -f deployment.yaml 
[root@longxi-01 jenkins]# kubectl get pods -n jenkins -o wide
NAME                       READY   STATUS    RESTARTS   AGE     IP             NODE        NOMINATED NODE   READINESS GATES
jenkins-66bd867d86-hm2p7   1/1     Running   0          2m59s   10.244.1.167   longxi-02   <none>           <none>

创建service,NodePort类型指定端口32000

[root@longxi-01 jenkins]# vim service.yaml

apiVersion: v1
kind: Service
metadata:
  name: jenkins
  namespace: jenkins
  annotations:
      prometheus.io/scrape: 'true'
      prometheus.io/path:   /
      prometheus.io/port:   '8080'
spec:
  selector:
    app: jenkins
  type: NodePort
  ports:
    - port: 8080
      targetPort: 8080
      nodePort: 32000
[root@longxi-01 jenkins]# kubectl apply -f service.yaml 
service/jenkins created
[root@longxi-01 jenkins]# kubectl get svc -n jenkins
NAME      TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
jenkins   NodePort   10.254.201.197   <none>        8080:32000/TCP   7s

这个时候已经能访问了,longxi-02节点的IP:32000,http://10.211.55.6:32000/,线上建议配置ingress-nginx代理出来,测试环境就到这就行

获取密码:

[root@longxi-01 jenkins]# kubectl logs -f jenkins-66bd867d86-hm2p7 -n jenkins

登录进去后设置国内源,

https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json

然后再master节点上重启jenkins

[root@longxi-01 ~]# kubectl delete pods jenkins-66bd867d86-hm2p7  -n jenkins
pod "jenkins-66bd867d86-hm2p7" deleted

安装kubernetes插件,绑定集群

等待安装,选择安装完成后重启jenkins

绑定k8s集群

查看 Kubernetes API server

[root@longxi-01 ~]# kubectl cluster-info
Kubernetes control plane is running at https://10.211.55.5:6443
CoreDNS is running at https://10.211.55.5:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

也可以不用填写,默认会读取,因为我们是基于k8s部署的jenkins,也部署了Service Account的所以不需要填key。

在此就部署完了,具体使用后面空了再学习撰写。

Logo

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐