在k8s中安装jenkins并实现动态生成 jenkins slave

在k8s中安装jenkins并实现动态生成 jenkins slave

安装jenkins1、创建一个命名空间$ kubectl create namespace kube-ops2、为jenkins创建pvc（也可以使用存储类创建）

apiVersion: v1 kind: PersistentVolume metadata: name: opspv spec: capacity: storage: 2Gi accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Delete nfs: server: 192.168.1.244 path: /data/k8s --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: opspvc namespace: kube-ops spec: accessModes: - ReadWriteMany resources: requests: storage: 2Gi

3、创建jenkins需要的rbac权限

apiVersion: v1 kind: ServiceAccount metadata: name: jenkins2 namespace: kube-ops --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: jenkins2 rules: - apiGroups: ["extensions", "apps"] resources: ["deployments"] verbs: ["create", "delete", "get", "list", "watch", "patch", "update"] - apiGroups: [""] resources: ["services"] verbs: ["create", "delete", "get", "list", "watch", "patch", "update"] - apiGroups: [""] resources: ["pods"] verbs: ["create","delete","get","list","patch","update","watch"] - apiGroups: [""] resources: ["pods/exec"] verbs: ["create","delete","get","list","patch","update","watch"] - apiGroups: [""] resources: ["pods/log"] verbs: ["get","list","watch"] - apiGroups: [""] resources: ["secrets"] verbs: ["get"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: jenkins2 namespace: kube-ops roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: jenkins2 subjects: - kind: ServiceAccount name: jenkins2 namespace: kube-ops

也可以为ServiceAccoun绑定一个系统现有的 cluster-admin 集群角色权限4、创建jenkins pod$ docker pull docker.io/jenkins/jenkins:lts$ docker pull cnych/jenkins:jnlp6

--- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: jenkins2 namespace: kube-ops spec: template: metadata: labels: app: jenkins2 spec: terminationGracePeriodSeconds: 10 serviceAccount: jenkins2 containers: - name: jenkins image: docker.io/jenkins/jenkins:lts imagePullPolicy: IfNotPresent ports: - containerPort: 8080 name: web protocol: TCP - containerPort: 50000 name: agent protocol: TCP resources: limits: cpu: 1000m memory: 1Gi requests: cpu: 500m memory: 512Mi livenessProbe: httpGet: path: /login port: 8080 initialDelaySeconds: 60 timeoutSeconds: 5 failureThreshold: 12 readinessProbe: httpGet: path: /login port: 8080 initialDelaySeconds: 60 timeoutSeconds: 5 failureThreshold: 12 volumeMounts: - name: jenkinshome subPath: jenkins2 mountPath: /var/jenkins_home env: - name: LIMITS_MEMORY valueFrom: resourceFieldRef: resource: limits.memory divisor: 1Mi - name: JAVA_OPTS value: -Xmx$(LIMITS_MEMORY)m -XshowSettings:vm -Dhudson.slaves.NodeProvision er.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85 -Duser.timezone=Asia/Shanghai securityContext: fsGroup: 1000 volumes: - name: jenkinshome persistentVolumeClaim: claimName: opspvc --- apiVersion: v1 kind: Service metadata: name: jenkins2 namespace: kube-ops labels: app: jenkins2 spec: selector: app: jenkins2 type: NodePort ports: - name: web port: 8080 targetPort: web nodePort: 30003 - name: agent port: 50000 targetPort: agent

$ kubectl apply -f jenkins2.yaml$ kubectl get pod -n kube-opsjenkins2-76644dbc9b-llcsp 0/1 Running 0 #不能正常启动 $ kubectl describe pod jenkins2-76644dbc9b-llcsp -n kube-ops$ kubectl logs -f jenkins2-76644dbc9b-llcsp -n kube-ops5、在nfs服务器上修改jenkins持久目录的权限并重新创建jenkins pod$ chown -R 1000 /data/k8s/jenkins2 #在192.168.1.244上$ kubectl delete -f jenkins2.yaml$ kubectl apply -f jenkins2.yaml$ kubectl get pod -n kube-opsjenkins2-76644dbc9b-llcsp 1/1 Running 0 为什么是1000？上述镜像的Dockerfile文件中定义的是：user=jenkins group=jenkins uid=1000 gid=1000Dockerfile文件的地址：user=jenkinsARG group=jenkinsARG uid=1000ARG gid=1000ARG agent_port=50000ARG JENKINS_HOME=/var/jenkins_home$ kubectl get svc -n kube-opsjenkins2 NodePort 10.105.121.176 8080:30003/TCP,50000:30936/TCPcat /data/k8s/jenkins2/secrets/initialAdminPassword

echo "测试 Kubernetes 动态生成 jenkins slave" echo "==============docker in docker===========" docker info echo "=============kubectl=============" kubectl get pods

观察 Kubernetes 集群中 Pod 的变化：$ kubectl get pod -n kube-opsjenkins2-76644dbc9b-llcsp 1/1 Running 0 3h49mjnlp-tl1km 1/1 Running 0 44s当任务运行完毕，jnlp这个slave pod就会自动消失。8、用pipeline测试 Kubernetes 动态生成 jenkins slave新建任务----名字----流水线在流水线脚本中输入如下内容----保存立即构建

node('dongyali-jnlp') { stage('Clone') { echo "1.Clone Stage" } stage('Test') { echo "2.Test Stage" } stage('Build') { echo "3.Build Stage" } stage('Deploy') { echo "4. Deploy Stage" } }

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。