警告
本文最后更新于 2023-01-26 23:59,文中内容可能已过时。
1. 创建namespace
1
| kubectl create namespace devops-tools
|
2. 创建账号权限相关
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
| cat <<EOF | kubectl apply -f -
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: jenkins-admin
rules:
- apiGroups: [""]
resources: ["*"]
verbs: ["*"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins-admin
namespace: devops-tools
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: jenkins-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: jenkins-admin
subjects:
- kind: ServiceAccount
name: jenkins-admin
namespace: devops-tools
---
apiVersion: v1
kind: Secret
metadata:
name: jenkins-admin
namespace: devops-tools
annotations:
kubernetes.io/service-account.name: "jenkins-admin"
type: kubernetes.io/service-account-token
EOF
|
3. 配置存储
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins-pv-claim
namespace: devops-tools
spec:
storageClassName: nfs
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 3Gi
EOF
|
4.创建Deployment
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
| cat <<EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: devops-tools
spec:
replicas: 1
selector:
matchLabels:
app: jenkins-server
template:
metadata:
labels:
app: jenkins-server
spec:
securityContext:
fsGroup: 1000
runAsUser: 1000
serviceAccountName: jenkins-admin
containers:
- name: jenkins
image: jenkins/jenkins:lts
resources:
limits:
memory: "2Gi"
cpu: "1000m"
requests:
memory: "500Mi"
cpu: "500m"
ports:
- name: httpport
containerPort: 8080
- name: jnlpport
containerPort: 50000
livenessProbe:
httpGet:
path: "/login"
port: 8080
initialDelaySeconds: 90
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
readinessProbe:
httpGet:
path: "/login"
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
volumeMounts:
- name: jenkins-data
mountPath: /var/jenkins_home
volumes:
- name: jenkins-data
persistentVolumeClaim:
claimName: jenkins-pv-claim
EOF
|
5. 暴露服务
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
| cat <<EOF | kubectl apply -f -
---
apiVersion: v1
kind: Service
metadata:
name: jenkins-service
namespace: devops-tools
annotations:
prometheus.io/scrape: 'true'
prometheus.io/path: /prometheus
prometheus.io/port: '8080'
spec:
selector:
app: jenkins-server
type: ClusterIP
ports:
- port: 8080
name: web
targetPort: 8080
- port: 50000
name: jnlp
targetPort: 50000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jenkins.ops.cn
namespace: devops-tools
spec:
ingressClassName: int-nginx
rules:
- host: jenkins.ops.cn
http:
paths:
- backend:
service:
name: jenkins-service
port:
number: 8080
path: /
pathType: Prefix
EOF
|
service忘记暴露50000端口,在使用agent时会发生java.io.IOException: http://jenkins-service.devops-tools.svc.cluster.local:8080/ provided port:50000 is not reachable on host jenkins-service.devops-tools.svc.cluster.local
6. 查看密码
1
| kubectl exec -it -n devops-tools jenkins-5498fbb866-twvxq -- cat /var/jenkins_home/secrets/initialAdminPassword
|
7. 配置agent
需要提前装好kubernetes 插件
7.1 配置k8s集群信息
20230127014139.png
7.2 添加连接到k8s的凭据
20230127005806.png
20230127014340.png
7.3 Pod模板配置
20230127014551.png
20230127014604.png
8. 测试构建
20230127014658.png
SoulChild
微信号
微信打赏