涓€銆丣enkins 閮ㄧ讲

1銆佸畾涔夋帶鍒跺櫒鏂囦欢

(1)瀹氫箟jenkins-deploy-svc.yaml鏂囦欢

[root@master01 4]# vim jenkins-deploy-svc.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: jenkins
  namespace: devops
spec:
  selector:
    matchLabels:
      app: jenkins
  template:
    metadata:
      labels:
        app: jenkins
    spec:
      terminationGracePeriodSeconds: 10
      serviceAccount: jenkins-sa
      containers:
      - name: jenkins
        image: registry.cn-hangzhou.aliyuncs.com/github_images1024/jenkins:lts-jdk17
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 8080
          name: web
          protocol: TCP
        - containerPort: 50000
          name: agent
          protocol: TCP
        resources:
          limits:
            cpu: 2000m
            memory: 3Gi
          requests:
            cpu: 500m
            memory: 1Gi
        livenessProbe:
          httpGet:
            path: /login
            port: 8080
          initialDelaySeconds: 60
          timeoutSeconds: 5
          failureThreshold: 12
        readinessProbe:
          httpGet:
            path: /login
            port: 8080
          initialDelaySeconds: 60
          timeoutSeconds: 5
          failureThreshold: 12
        volumeMounts:
        - name: jenkinshome
          mountPath: /var/jenkins_home
        env:
          - name: JAVA_OPTS
            value: -XshowSettings:vm -Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Duser.timezone=Asia/Shanghai -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85
      securityContext:
        #ifsGroup: 1000
        runAsUser: 0
      volumes:
      - name: jenkinshome
        persistentVolumeClaim:
          claimName: jenkins-pvc

---
apiVersion: v1
kind: Service
metadata:
  name: jenkins
  namespace: devops
  labels:
    app: jenkins
spec:
  selector:
    app: jenkins
  type: ClusterIP
  ports:
  - name: web
    port: 8080
    targetPort: web
  - name: agent
    port: 50000
    targetPort: agent

榛樿鎯呭喌涓嬶紝Jenkins鐢熸垚浠g悊鏄繚瀹堢殑銆?

渚嬪锛屽鏋滈槦鍒椾腑鏈変袱涓瀯寤猴紝瀹冧笉浼氱珛鍗崇敓鎴愪袱涓墽琛屽櫒銆傚畠灏嗙敓鎴愪竴涓墽琛屽櫒锛屽苟绛夊緟鏌愪釜鏃堕棿閲婃斁绗竴涓墽琛屽櫒锛岀劧鍚庡啀鍐冲畾鐢熸垚绗簩涓墽琛屽櫒銆侸enkins纭繚瀹冪敓鎴愮殑姣忎釜鎵ц鍣ㄩ兘寰楀埌浜嗘渶澶ч檺搴︾殑鍒╃敤銆?

濡傛灉浣犳兂瑕嗙洊杩欎釜琛屼负锛屽苟鐢熸垚涓€涓负姣忎釜鏋勫缓闃熷垪涓嶇瓑寰呯殑鎵ц鍣紝鎵€浠ュ湪Jenkins鍚姩鏃跺€欐坊鍔犺繖浜涘弬鏁?

  • -Dhudson.slaves.NodeProvisioner.initialDelay=0
  • 绔嬪嵆鍝嶅簲浠诲姟闇€姹傦紝閫傚悎浣庡欢杩熷満鏅?
  • -Dhudson.slaves.NodeProvisioner.MARGIN=50
  • 璧勬簮浣欓噺璁句负 50%锛屽钩琛″搷搴旈€熷害鍜岃祫婧愬埄鐢ㄧ巼
  • -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85
  • 鍚庣画鎵╁閫愭鏀剁揣闃堝€硷紝閬垮厤璧勬簮娴垂

(2)瀹氫箟jenkins-rbac.yaml

[root@master01 4]# vim jenkins-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins-sa
  namespace: devops

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: jenkins-cr
rules:
  - apiGroups: ["extensions", "apps"]
    resources: ["deployments"]
    verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
  - apiGroups: [""]
    resources: ["services"]
    verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["create","delete","get","list","patch","update","watch"]
  - apiGroups: [""]
    resources: ["pods/exec"]
    verbs: ["create","delete","get","list","patch","update","watch"]
  - apiGroups: [""]
    resources: ["pods/log"]
    verbs: ["get","list","watch"]
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: jenkins-crd
roleRef:
  kind: ClusterRole
  name: jenkins-cr
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: jenkins-sa
  namespace: devops

璇存槑锛氭柊鐗堟湰rbac宸茬粡涓嶆敮鎸乺bac.authorization.k8s.io/v1beta1

(3)瀹氫箟jenkins-pvc.yaml

璇存槑锛氬鏋滄寜鐓т笅闈㈤厤缃紝pvc榛樿浼氶€夋嫨SC鍒嗛厤鐨凱V

[root@master01 4]# vim jenkins-pvc.yaml
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: jenkins-pv
spec:
  capacity:
    storage: 10Gi
  accessModes:
  - ReadWriteMany
  persistentVolumeReclaimPolicy: Delete
  nfs:
    server: 10.0.0.61
    path: /opt/sharedata/data/jenkins

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: jenkins-pvc
  namespace: devops
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 10Gi

璇存槑锛氬鏋滄寜鐓т笅闈㈤厤缃紝pvc浼氶€夋嫨鑷繁鎼缓鐨刾v

---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: jenkins-pv
spec:
  capacity:
    storage: 10Gi
  accessModes:
  - ReadWriteMany
  persistentVolumeReclaimPolicy: Delete
  #濡傛灉鎯宠pvc浣跨敤鎸囧畾PV闇€瑕侀厤缃笅闈竴琛屽唴瀹?
  storageClassName: nfs-storage
  nfs:
    server: 10.0.0.61
    path: /opt/sharedata/data/jenkins

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: jenkins-pvc
  namespace: devops
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 10Gi
  #濡傛灉鎯宠pvc浣跨敤鎸囧畾PV闇€瑕侀厤缃笅闈竴琛屽唴瀹?
  storageClassName: nfs-storage

(4)瀹氫箟jenkins-ing.yaml

[root@master01 4]# vim jenkins-ing.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/enable-cors: 'true'
    nginx.ingress.kubernetes.io/proxy-body-size: 50M
  name: jenkins-ingress
  namespace: devops
spec:
  ingressClassName: nginx
  rules:
  - host: jenkins.zhang-qing.com
    http:
      paths:
      - path: /
        pathType: ImplementationSpecific
        backend:
          service:
            name: jenkins
            port:
              number: 8080

2銆丣enkins浣跨敤NFS鍋氭暟鎹寔涔呭寲

#鍦╪fs鏈哄櫒涓婂垱寤虹浉鍏崇洰褰?
[root@node01 ~]# mkdir -p /opt/sharedata/data/jenkins

#鍦╪fs鏈哄櫒涓婁慨鏀?etc/exports鏂囦欢
[root@node01 ~]# vim /etc/exports
/opt/sharedata 10.0.0.0/24(rw,sync,insecure,no_subtree_check,no_root_squash)
/opt/sharedata/data/jenkins 10.0.0.0/24(rw,sync,insecure,no_subtree_check,no_root_squash)

#鍦╪fs鏈哄櫒閰嶇疆鐢熸晥
[root@k8s-node01 ~]# exportfs -r

#鍦╪fs鏈哄櫒閲嶆柊鍔犺浇NFS
[root@k8s-node01 ~]# systemctl reload nfs-server

3銆佸紑濮嬮儴缃?

(1)鍒涘缓ns

[root@master01 4]# k create ns devops

(2)閮ㄧ讲

[root@master01 ~]# cd /root/4
[root@master01 4]# kaf jenkins-deploy-svc.yaml,jenkins-rbac.yaml,jenkins-pvc.yaml,jenkins-ing.yaml

(3)鏌ョ湅

#鏌ョ湅pod
[root@master01 4]# kgp -n devops -owide | grep jenkins
jenkins-b6bf6dd-vwrhz         1/1     Running   0             41m     172.31.112.148   master01   <none>           <none>

#鏌ョ湅pvc
[root@master01 4]# kg pvc -n devops | grep jenkins
jenkins-pvc       Bound    pvc-d0a1cc4a-789e-4129-9e51-102fe701f0e5   10Gi       RWX            nfs-storage    141m

#鏌ョ湅svc
[root@master01 4]# kg svc -n devops | grep jenkins
jenkins           ClusterIP   192.168.56.234    <none>        8080/TCP,50000/TCP   63s

4銆佺櫥褰曟祴璇?

鍒濆鍖栫殑瀵嗙爜鎴戜滑鍙互鍦?jenkins 鐨勫鍣ㄧ殑鏃ュ織涓繘琛屾煡鐪嬶紝涔熷彲浠ラ€氳繃鎸囧畾鏁版嵁浣嶇疆鏌ョ湅锛?

# 鏂瑰紡涓€锛氬湪鏃ュ織涓煡鐪?
[root@master01 harbor]# k logs -f jenkins-b6bf6dd-vwrhz   -n devops
...
...
Jenkins initial setup is required. An admin user has been created and a password generated.
Please use the following password to proceed to installation:

61a0d866a86c4add9a79d85c7c994d2b
...
...

# 鏂瑰紡浜岋細鎸囧畾鏁版嵁浣嶇疆鏌ョ湅
[root@master01 4]# kubectl exec -it jenkins-b6bf6dd-vwrhz -ndevops -- cat /var/jenkins\_home/secrets/initialAdminPassword
cd2274fc27ef4ecab3a9ec5d53d04c2d

闇€瑕佸湪 nfs 鍏变韩鏁版嵁鐩綍涓嬮潰鎶婃垜浠殑鐩綍鏉冮檺閲嶆柊鍒嗛厤涓嬪嵆鍙細

$ chown -R 1000 /opt/sharedata/data/jenkins

鎵撳紑娴忚鍣紝杈撳叆http://jenkins.zhang-qing.com/鍚庯紝濉啓绠$悊鍛樺瘑鐮乧d2274fc27ef4ecab3a9ec5d53d04c2d

image-20250121143818604

鐐瑰嚮銆愰€夋嫨鎻掍欢鏉ュ畨瑁呫€?

image-20231115205237245

閫夋嫨銆愭棤銆戝悗锛岀偣鍑汇€愬畨瑁呫€?

image-20231115205512350

閰嶇疆绠$悊鍛樼敤鎴?閰嶇疆瀹屾垚鍚庯紝閫夋嫨銆愪繚瀛樺苟瀹屾垚銆?

image-20231116223834076

閰嶇疆Jenkins URL锛岀偣鍑汇€愪繚瀛樺苟瀹屾垚銆?

image-20250121144521856

涓婇潰閰嶇疆瀹屾垚鍚庯紝浠h〃Jenkins閮ㄧ讲瀹屾垚

image-20231118101915571

5銆佷慨鏀硅处鍙穉dmin鐨勫瘑鐮佷负123456

渚濇鐐瑰嚮銆怱ecurity銆?淇敼瀵嗙爜涓?23456鍚庯紝鐐瑰嚮銆愬簲鐢ㄣ€?銆怱ave銆?

image-20250507201213902