1.机器参考
| ip | 角色 |
|---|---|
| 192.168.56.12 | k8s-master |
| 192.168.56.11 | k8s-node1,harbor,nfs |
| 192.168.56.10 | k8s-node2 |
2.配置pvc
#需要提前配置要storageClass,否则需要配置声明pv和pvc指定
[root@k8s-master jenkins]# cat jenkins-pvc.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: jenkins-pvc
namespace: jenkins
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi3.配置rbac
[root@k8s-master jenkins]# cat jenkins-pvc.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: jenkins-pvc
namespace: jenkins
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
[root@k8s-master jenkins]# kubectl get sc
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
managed-nfs-storage (default) qgg-nfs-storage Delete Immediate false 16d
[root@k8s-master jenkins]# ls
jenkins_deployment.yaml jenkins-pvc.yaml jenkins_rbac.yaml jenkins_svc.yaml
[root@k8s-master jenkins]# cat jenkins_rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
namespace: jenkins
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: jenkins
rules:
- apiGroups: ["extensions", "apps"]
resources: ["deployments"]
verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
- apiGroups: [""]
resources: ["services"]
verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["create","delete","get","list","patch","update","watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: jenkins
namespace: jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
namespace: jenkins
4.配置deploy
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: jenkins
spec:
selector:
matchLabels:
app: jenkins
template:
metadata:
labels:
app: jenkins
spec:
terminationGracePeriodSeconds: 10
serviceAccount: jenkins
containers:
- name: jenkins
image: jenkins/jenkins:lts-centos7-jdk8 #参考镜像
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080 #外部访问端口
name: web
protocol: TCP
- containerPort: 50000 #jenkins save发现端口
name: agent
protocol: TCP
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 500m
memory: 512Mi
livenessProbe:
httpGet:
path: /login
port: 8080
initialDelaySeconds: 60 #容器初始化完成后,等待60秒进行探针检查
timeoutSeconds: 5
failureThreshold: 12 #当Pod成功启动且检查失败时,Kubernetes将在放弃之前尝试failureThreshold次。放弃生存检查意味着重新启动Pod。而放弃就绪检查,Pod将被标记为未就绪。默认为3.最小值为1
readinessProbe:
httpGet:
path: /login
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 5
failureThreshold: 12
volumeMounts: #需要将jenkins_home目录挂载出来
- name: jenkinshome
subPath: jenkins
mountPath: /var/jenkins_home
env:
- name: LIMITS_MEMORY
valueFrom:
resourceFieldRef:
resource: limits.memory
divisor: 1Mi
- name: JAVA_OPTS
value: -Xmx$(LIMITS_MEMORY)m -XshowSettings:vm -Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85 -Duser.timezone=Asia/Shanghai
securityContext:
fsGroup: 1000
volumes:
- name: jenkinshome
persistentVolumeClaim:
claimName: jenkins-pvc #挂载pvc名称5.svc
[root@k8s-master jenkins]# cat jenkins_svc.yaml
apiVersion: v1
kind: Service
metadata:
name: jenkins
namespace: jenkins
labels:
app: jenkins
spec:
selector:
app: jenkins
type: NodePort
ports:
- name: web
port: 8080
targetPort: web
nodePort: 30002
- name: agent
port: 50000
targetPort: agent
6.输入访问地址:http://192.168.56.12:30002/
7.插件
7.1安装默认推荐插件
7.2安装k8s相关插件
参考安装一下插件
1.kubernetes
2.blue Ocean
3.groovy postBuild
8.配置jenkins的k8s集群信息
8.1访问地址
8.2jenkins集群地址
8.3pod配置
8.4pod挂载信息(包含 kubectl,docker,maven,maven reposity,helm,harbor 证书)
8.5参考yaml文件
---
apiVersion: "v1"
kind: "Pod"
metadata:
labels:
jenkins: "jenkins-slave"
jenkins/label-digest: "03ddc3eddf95d5470d5c7fb6d2937abaeca3b79e"
jenkins/label: "jenkins-slave"
name: "jenkins-slave-c0dm0"
spec:
containers:
- env:
- name: "JENKINS_SECRET"
value: "********"
- name: "JENKINS_TUNNEL"
value: "jenkins.jenkins.svc.cluster.local:50000"
- name: "JENKINS_AGENT_NAME"
value: "jenkins-slave-c0dm0"
- name: "JENKINS_NAME"
value: "jenkins-slave-c0dm0"
- name: "JENKINS_AGENT_WORKDIR"
value: "/home/jenkins/agent"
- name: "JENKINS_URL"
value: "http://jenkins.jenkins.svc.cluster.local:8080/"
image: "zhongyuanzhao000/jenkins-slave:jnlp"
imagePullPolicy: "IfNotPresent"
name: "jnlp"
resources:
limits: {}
requests: {}
tty: true
volumeMounts:
- mountPath: "/etc/docker/certs.d/ca.crt"
name: "volume-4"
readOnly: false
- mountPath: "/usr/local/bin/helm"
name: "volume-3"
readOnly: false
- mountPath: "/var/run/docker.sock"
name: "volume-1"
readOnly: false
- mountPath: "/root/.kube"
name: "volume-0"
readOnly: false
- mountPath: "/root/.m2/repository"
name: "volume-2"
readOnly: false
- mountPath: "/home/jenkins/agent"
name: "workspace-volume"
readOnly: false
workingDir: "/home/jenkins/agent"
hostNetwork: false
nodeSelector:
kubernetes.io/os: "linux"
restartPolicy: "Never"
serviceAccountName: "jenkins"
volumes:
- hostPath:
path: "/root/.kube"
name: "volume-0"
- name: "volume-2"
persistentVolumeClaim:
claimName: "jenkins-maven-pvc"
readOnly: false
- hostPath:
path: "/var/run/docker.sock"
name: "volume-1"
- emptyDir:
medium: ""
name: "workspace-volume"
- hostPath:
path: "/etc/docker/certs.d/ca.crt"
name: "volume-4"
- hostPath:
path: "/usr/local/bin/helm"
name: "volume-3"8.6 查看kubectl版本(版本过低会导致报错)
SchemaError(io.k8s.api.admissionregistration.v1.MutatingWebhook): invalid object doesn’t have additional properties
