云原生之旅 - 10）手把手教你安装 Jenkins on Kubernetes

标签：10 kind name Kubernetes kubectl yaml Jenkins jenkins

前言

谈到持续集成工具就离不开众所周知的Jenkins，本文带你了解如何在 Kubernetes 上安装 Jenkins，后续文章会带你深入了解如何使用k8s pod 作为 Jenkins的build agents。

 

准备

需要一个running的 Kubernetes Cluster， 可以参考我前面的文章 云原生之旅 - 4）基础设施即代码 使用 Terraform 创建 Kubernetes

 

安装

Step 1: 创建Namespace

apiVersion: v1
kind: Namespace
metadata:
  name: jenkins

namespace.yaml

kubectl apply -f namespace.yaml

　　

Step 2: 创建 k8s service account and RBAC 权限

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: jenkins-admin
rules:
  - apiGroups: [""]
    resources: ["*"]
    verbs: ["*"]

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins-admin
  namespace: jenkins

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: jenkins-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: jenkins-admin
subjects:
- kind: ServiceAccount
  name: jenkins-admin
  namespace: jenkins

serviceAccount.yaml

kubectl apply -f serviceAccount.yaml

 

Step 3: 创建 StorageClass 和 PersistentVolumeClaim（我的例子是在GCP上面，其它云提供商类似）

---
## if not create StorageClass, default to use standard StorageClass
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: jenkins-sc
  namespace: jenkins
provisioner: kubernetes.io/gce-pd
volumeBindingMode: Immediate
allowVolumeExpansion: true
reclaimPolicy: Delete
parameters:
  type: pd-standard
  fstype: ext4
  replication-type: none

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: jenkins-storage
  namespace: jenkins
spec:
  storageClassName: jenkins-sc
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 20Gi

volume.yaml

• Create a storage class
• Provision a Persistent volume using the storage class.

kubectl apply -f volume.yaml

 检查绑定结果

kubectl get pvc -n jenkins

NAME              STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
jenkins-storage   Bound    pvc-27efe7b9-c963-4366-b100-a3b01bb25666   20Gi       RWO            jenkins-sc     23s

 

Step 4: 创建 Deployment

Jenkins home 目录需要mount，不然 Jenkins pod 一旦重启的话，数据会丢失。

apiVersion: apps/v1
kind: Deployment
metadata:
  name: jenkins
  namespace: jenkins
spec:
  replicas: 1
  selector:
    matchLabels:
      app: jenkins-server
  template:
    metadata:
      labels:
        app: jenkins-server
    spec:
      securityContext:
            fsGroup: 1000 
            runAsUser: 1000
      serviceAccountName: jenkins-admin
      containers:
        - name: jenkins
          image: jenkins/jenkins:lts
          resources:
            limits:
              memory: "2Gi"
              cpu: "1000m"
            requests:
              memory: "500Mi"
              cpu: "500m"
          ports:
            - name: httpport
              containerPort: 8080
            - name: jnlpport
              containerPort: 50000
          livenessProbe:
            httpGet:
              path: "/login"
              port: 8080
            initialDelaySeconds: 90
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 5
          readinessProbe:
            httpGet:
              path: "/login"
              port: 8080
            initialDelaySeconds: 60
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 3
          volumeMounts:
            - name: jenkins-data
              mountPath: /var/jenkins_home         
      volumes:
        - name: jenkins-data
          persistentVolumeClaim:
              claimName: jenkins-storage

deployment.yaml

kubectl apply -f deployment.yaml

检查部署结果

kubectl get deploy -n jenkins

NAME      READY   UP-TO-DATE   AVAILABLE   AGE
jenkins   1/1     1            1           89s

 

Step 5: Create Service

---
apiVersion: v1
kind: Service
metadata:
  name: jenkins-service
  namespace: jenkins
spec:
  selector: 
    app: jenkins-server
  type: NodePort  
  ports:
    - port: 8080
      targetPort: 8080
      nodePort: 32000

---
kind: Service
apiVersion: v1
metadata:
  name: jenkins-agent
  namespace: jenkins
spec:
  selector:
    app: jenkins-server
  ports:
    - protocol: TCP
      port: 50000
      targetPort: 50000

service.yaml

kubectl apply -f service.yaml

### 本文首发于 https://www.cnblogs.com/wade-xu/p/16863933.html

 

访问 Jenkins Dashboard

Option 1: 用  Kube Proxy

kubectl -n jenkins port-forward service/jenkins-service 8010:8080

然后打开本地浏览器访问 Jenkins dashboard ==》 http://127.0.0.1:8010

 

Option 2:  推荐使用Gateway 

1. Ingress-Nginx 可以参考 云原生之旅 - 8）云原生时代的网关 Ingress Nginx

2. Emissary Ingress 可以参考云原生之旅 - 9）云原生时代网关的后起之秀Envoy Proxy 和基于Envoy 的 Emissary Ingress

 

第一次访问Jenkins Dashboard 会提示需要初始密码，通过如下访问获取初始密码。

kubectl get pods -n jenkins

kubectl logs jenkins-998474795-7n6ls -n jenkins

 日志结果

*************************************************************

Jenkins initial setup is required. An admin user has been created and a password generated.
Please use the following password to proceed to installation:

xxxxxxxxxxxxxx

This may also be found at: /var/jenkins_home/secrets/initialAdminPassword

输入 password 然后会提示 install the suggested plugin 和创建一个 admin user.

### 本文首发于 https://www.cnblogs.com/wade-xu/p/16863933.html

 

High Availability 高可用

• Jenkins active/passive setup --- 只有企业版Jenkins才有此功能。

• 本文介绍的 Jenkins running on Kubernetes， 一旦 Jenkins master pod 挂了，另一个新的 Jenkins master pod 会自动起来，并将存储卷挂载至新创建的容器，保证数据不会丢失，从而实现集群高可用。

 

参考

https://github.com/scriptcamp/kubernetes-jenkins/blob/main/deployment.yaml https://www.jenkins.io/doc/book/installing/kubernetes/   感谢阅读，如果您觉得本文的内容对您的学习有所帮助，您可以打赏和推荐，您的鼓励是我创作的动力    

标签：10,kind,name,Kubernetes,kubectl,yaml,Jenkins,jenkins
From： https://www.cnblogs.com/wade-xu/p/16863933.html