.png)
【云原生 | Kubernetes 系列】—jenkins on k8s
版权 本文为云篆录原创文章,转载无需和我联系,但请注明来自云篆录 https://www.yunzhuan.site
说明
1 Jenkins是一款开源的CI&CD系统,用于自动化各种任务,包括构建、测试和部署。
2 Jenkins官方提供了镜像"https://hub.docker.com/r/jenkins/jenkins"。
3 在"default"命名空间下使用"Deployment"方式来部署这个镜像,"kind: Service"使用"type: NodePort"暴露端口,Web内部访问端口80,
Web外部访问端口30006,Slave内部通信端口5000,容器启动后Jenkins数据存储在"/var/jenkins_home"目录,所以需要将该目录使用PV持久化
存储。
devops架构
发布流程设计
基于kubernetes完整的DevOps流程:
🍇 创建存储
这里我用ceph,需要自己准备存储
🍇 部署jenkins master
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
labels:
name: jenkins
spec:
replicas: 1
selector:
matchLabels:
name: jenkins
template:
metadata:
name: jenkins
labels:
name: jenkins
spec:
terminationGracePeriodSeconds: 10
serviceAccountName: jenkins
containers:
- name: jenkins
image: jenkins/jenkins:lts
imagePullPolicy: Always
ports:
- containerPort: 8080
- containerPort: 50000
resources:
limits:
cpu: 2000m
memory: 4Gi
requests:
cpu: 1000m
memory: 2Gi
env:
- name: LIMITS_MEMORY
valueFrom:
resourceFieldRef:
resource: limits.memory
divisor: 1Mi
- name: JAVA_OPTS
value: -Xmx$(LIMITS_MEMORY)m -XshowSettings:vm -Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85
volumeMounts:
- name: jenkins-home
mountPath: /var/jenkins_home
livenessProbe:
httpGet:
path: /login
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 5
failureThreshold: 12
readinessProbe:
httpGet:
path: /login
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 5
failureThreshold: 12
securityContext:
fsGroup: 1000
volumes:
- name: jenkins-home
persistentVolumeClaim:
claimName: jenkins-home
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins-home
spec:
storageClassName: "storagename"
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 5Gi
---
apiVersion: v1
kind: Service
metadata:
name: jenkins
spec:
selector:
name: jenkins
type: NodePort
ports:
- name: http
port: 80
targetPort: 8080
protocol: TCP
nodePort: 30006
- name: agent
port: 50000
protocol: TCP
---
# In GKE need to get RBAC permissions first with
# kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin [--user=<user-name>|--group=<group-name>]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: jenkins
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
---
---
# 创建名为jenkins的ServiceAccount
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
---
# 创建名为jenkins的Role,授予允许管理API组的资源Pod
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: jenkins
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
# 将名为jenkins的Role绑定到名为jenkins的ServiceAccount
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
查看并登录jenkins
[root jenkins]# kubectl apply -f jenkins.yaml -n kube-ops
[root jenkins]# kubectl get po -n kube-ops
NAME READY STATUS RESTARTS AGE
jenkins-57b5cf8946-xqtlg 1/1 Running 0 2m34s
[root jenkins]# kubectl get svc -n kube-ops
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
jenkins NodePort 10.109.78.109 <none> 80:30006/TCP,50000:40201/TCP 2m37s
[root jenkins]# kubectl logs -f -n kube-ops jenkins-57b5cf8946-xqtlg
VM settings:
Max. Heap Size: 4.00G
Using VM: OpenJDK 64-Bit Server VM
Running from: /usr/share/jenkins/jenkins.war
webroot: /var/jenkins_home/war
2023-07-14 04:06:51.280+0000 [id=1] INFO winstone.Logger#logInternal: Beginning extraction from war file
2023-07-14 04:07:32.869+0000 [id=1] WARNING o.e.j.s.handler.ContextHandler#setContextPath: Empty contextPath
2023-07-14 04:07:32.985+0000 [id=1] INFO org.eclipse.jetty.server.Server#doStart: jetty-10.0.13; built: 2022-12-07T20:13:20.134Z; git: 1c2636ea05c0ca8de1ffd6ca7f3a98ac084c766d; jvm 11.0.19+7
2023-07-14 04:07:34.195+0000 [id=1] INFO o.e.j.w.StandardDescriptorProcessor#visitServlet: NO JSP Support for /, did not find org.eclipse.jetty.jsp.JettyJspServlet
2023-07-14 04:07:34.358+0000 [id=1] INFO o.e.j.s.s.DefaultSessionIdManager#doStart: Session workerName=node0
2023-07-14 04:07:35.717+0000 [id=1] INFO hudson.WebAppMain#contextInitialized: Jenkins home directory: /var/jenkins_home found at: EnvVars.masterEnvVars.get("JENKINS_HOME")
2023-07-14 04:07:38.365+0000 [id=1] INFO o.e.j.s.handler.ContextHandler#doStart: Started w.@6629ad09{Jenkins v2.401.2,/,file:///var/jenkins_home/war/,AVAILABLE}{/var/jenkins_home/war}
2023-07-14 04:07:38.444+0000 [id=1] INFO o.e.j.server.AbstractConnector#doStart: Started ServerConnector@5b529706{HTTP/1.1, (http/1.1)}{0.0.0.0:8080}
2023-07-14 04:07:38.574+0000 [id=1] INFO org.eclipse.jetty.server.Server#doStart: Started Server@31aa3ca5{STARTING}[10.0.13,sto=0] @51672ms
2023-07-14 04:07:38.578+0000 [id=23] INFO winstone.Logger#logInternal: Winstone Servlet Engine running: controlPort=disabled
2023-07-14 04:07:39.084+0000 [id=30] INFO jenkins.InitReactorRunner$1#onAttained: Started initialization
2023-07-14 04:07:39.151+0000 [id=28] INFO jenkins.InitReactorRunner$1#onAttained: Listed all plugins
2023-07-14 04:07:41.165+0000 [id=30] INFO jenkins.InitReactorRunner$1#onAttained: Prepared all plugins
2023-07-14 04:07:41.174+0000 [id=30] INFO jenkins.InitReactorRunner$1#onAttained: Started all plugins
2023-07-14 04:07:41.183+0000 [id=31] INFO jenkins.InitReactorRunner$1#onAttained: Augmented all extensions
2023-07-14 04:07:41.932+0000 [id=30] INFO jenkins.InitReactorRunner$1#onAttained: System config loaded
2023-07-14 04:07:41.933+0000 [id=28] INFO jenkins.InitReactorRunner$1#onAttained: System config adapted
2023-07-14 04:07:41.934+0000 [id=31] INFO jenkins.InitReactorRunner$1#onAttained: Loaded all jobs
2023-07-14 04:07:41.936+0000 [id=30] INFO jenkins.InitReactorRunner$1#onAttained: Configuration for all jobs updated
2023-07-14 04:07:42.238+0000 [id=44] INFO hudson.util.Retrier#start: Attempt #1 to do the action check updates server
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.codehaus.groovy.vmplugin.v7.Java7$1 (file:/var/jenkins_home/war/WEB-INF/lib/groovy-all-2.4.21.jar) to constructor java.lang.invoke.MethodHandles$Lookup(java.lang.Class,int)
WARNING: Please consider reporting this to the maintainers of org.codehaus.groovy.vmplugin.v7.Java7$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
2023-07-14 04:07:43.543+0000 [id=30] INFO jenkins.install.SetupWizard#init:
*************************************************************
*************************************************************
*************************************************************
Jenkins initial setup is required. An admin user has been created and a password generated.
Please use the following password to proceed to installation:
30ea979dba244a8d86d6e07b789b0fe4
This may also be found at: /var/jenkins_home/secrets/initialAdminPassword
*************************************************************
*************************************************************
*************************************************************
2023-07-14 04:08:34.682+0000 [id=29] INFO jenkins.InitReactorRunner$1#onAttained: Completed initialization
2023-07-14 04:08:34.825+0000 [id=22] INFO hudson.lifecycle.Lifecycle#onReady: Jenkins is fully up and running
2023-07-14 04:08:35.772+0000 [id=44] INFO h.m.DownloadService$Downloadable#load: Obtained the updated data file for hudson.tasks.Maven.MavenInstaller
2023-07-14 04:08:35.774+0000 [id=44] INFO hudson.util.Retrier#start: Performed the action check updates server successfully at the attempt #1
Jenkins UI界面安装步骤
1 获取Jenkins初始化安装密码
*************************************************************
*************************************************************
*************************************************************
Jenkins initial setup is required. An admin user has been created and a password generated.
Please use the following password to proceed to installation:
30ea979dba244a8d86d6e07b789b0fe4
This may also be found at: /var/jenkins_home/secrets/initialAdminPassword
*************************************************************
*************************************************************
*************************************************************
2 解锁Jenkins
3 选择插件来安装
4 不安装任何的插件
5 创建管理员
6jenkins url
7 jenkins 安装完成
8 jenkins 首页
版权 本文为云篆录原创文章,转载无需和我联系,但请注明来自云篆录 https://www.yunzhuan.site
评论区