前言
谈到持续集成工具就离不开众所周知的Jenkins,本文带你了解如何在 Kubernetes 上安装 Jenkins,后续文章会带你深入了解如何使用k8s pod 作为 Jenkins的build agents。
准备
需要一个running的 Kubernetes Cluster, 可以参考我前面的文章 云原生之旅 - 4)基础设施即代码 使用 Terraform 创建 Kubernetes
安装
Step 1: 创建Namespace
apiVersion: v1 kind: Namespace metadata: name: jenkins
namespace.yaml
kubectl apply -f namespace.yaml
Step 2: 创建 k8s service account and RBAC 权限
--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: jenkins-admin rules: - apiGroups: [""] resources: ["*"] verbs: ["*"] --- apiVersion: v1 kind: ServiceAccount metadata: name: jenkins-admin namespace: jenkins --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: jenkins-admin roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: jenkins-admin subjects: - kind: ServiceAccount name: jenkins-admin namespace: jenkins
serviceAccount.yaml
kubectl apply -f serviceAccount.yaml
Step 3: 创建 StorageClass 和 PersistentVolumeClaim(我的例子是在GCP上面,其它云提供商类似)
--- ## if not create StorageClass, default to use standard StorageClass apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: jenkins-sc namespace: jenkins provisioner: kubernetes.io/gce-pd volumeBindingMode: Immediate allowVolumeExpansion: true reclaimPolicy: Delete parameters: type: pd-standard fstype: ext4 replication-type: none --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: jenkins-storage namespace: jenkins spec: storageClassName: jenkins-sc accessModes: - ReadWriteOnce resources: requests: storage: 20Gi
volume.yaml
- Create a storage class
- Provision a Persistent volume using the storage class.
kubectl apply -f volume.yaml
检查绑定结果
kubectl get pvc -n jenkins NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE jenkins-storage Bound pvc-27efe7b9-c963-4366-b100-a3b01bb25666 20Gi RWO jenkins-sc 23s
Step 4: 创建 Deployment
Jenkins home 目录需要mount,不然 Jenkins pod 一旦重启的话,数据会丢失。
apiVersion: apps/v1 kind: Deployment metadata: name: jenkins namespace: jenkins spec: replicas: 1 selector: matchLabels: app: jenkins-server template: metadata: labels: app: jenkins-server spec: securityContext: fsGroup: 1000 runAsUser: 1000 serviceAccountName: jenkins-admin containers: - name: jenkins image: jenkins/jenkins:lts resources: limits: memory: "2Gi" cpu: "1000m" requests: memory: "500Mi" cpu: "500m" ports: - name: httpport containerPort: 8080 - name: jnlpport containerPort: 50000 livenessProbe: httpGet: path: "/login" port: 8080 initialDelaySeconds: 90 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 5 readinessProbe: httpGet: path: "/login" port: 8080 initialDelaySeconds: 60 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 volumeMounts: - name: jenkins-data mountPath: /var/jenkins_home volumes: - name: jenkins-data persistentVolumeClaim: claimName: jenkins-storage
deployment.yaml
kubectl apply -f deployment.yaml
检查部署结果
kubectl get deploy -n jenkins NAME READY UP-TO-DATE AVAILABLE AGE jenkins 1/1 1 1 89s
Step 5: Create Service
--- apiVersion: v1 kind: Service metadata: name: jenkins-service namespace: jenkins spec: selector: app: jenkins-server type: NodePort ports: - port: 8080 targetPort: 8080 nodePort: 32000 --- kind: Service apiVersion: v1 metadata: name: jenkins-agent namespace: jenkins spec: selector: app: jenkins-server ports: - protocol: TCP port: 50000 targetPort: 50000
service.yaml
kubectl apply -f service.yaml
### 本文首发于 https://www.cnblogs.com/wade-xu/p/16863933.html
访问 Jenkins Dashboard
Option 1: 用 Kube Proxy
kubectl -n jenkins port-forward service/jenkins-service 8010:8080
然后打开本地浏览器访问 Jenkins dashboard ==》 http://127.0.0.1:8010
Option 2: 推荐使用Gateway
1. Ingress-Nginx 可以参考 云原生之旅 - 8)云原生时代的网关 Ingress Nginx
2. Emissary Ingress 可以参考云原生之旅 - 9)云原生时代网关的后起之秀Envoy Proxy 和基于Envoy 的 Emissary Ingress
第一次访问Jenkins Dashboard 会提示需要初始密码,通过如下访问获取初始密码。
kubectl get pods -n jenkins kubectl logs jenkins-998474795-7n6ls -n jenkins
日志结果
************************************************************* Jenkins initial setup is required. An admin user has been created and a password generated. Please use the following password to proceed to installation: xxxxxxxxxxxxxx This may also be found at: /var/jenkins_home/secrets/initialAdminPassword
输入 password 然后会提示 install the suggested plugin 和创建一个 admin user.
### 本文首发于 https://www.cnblogs.com/wade-xu/p/16863933.html
High Availability 高可用
- Jenkins active/passive setup --- 只有企业版Jenkins才有此功能。
- 本文介绍的 Jenkins running on Kubernetes, 一旦 Jenkins master pod 挂了,另一个新的 Jenkins master pod 会自动起来,并将存储卷挂载至新创建的容器,保证数据不会丢失,从而实现集群高可用。
参考
https://github.com/scriptcamp/kubernetes-jenkins/blob/main/deployment.yaml
https://www.jenkins.io/doc/book/installing/kubernetes/
感谢阅读,如果您觉得本文的内容对您的学习有所帮助,您可以打赏和推荐,您的鼓励是我创作的动力
![洛谷 P11345 [KTSC 2023 R2] 基地简化 题解](http://www.itfaba.com/wp-content/themes/kemi/timthumb.php?src=http://www.itfaba.com/wp-content/themes/kemi/img/random/3.jpg&w=218&h=124&zc=1)
