目录
配置存储方式
本次使用 NFS 作为存储,请确保提前部署好 storageClass。
创建命名空间
kubectl create ns ops
创建RBAC权限
# serviceaccount
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
namespace: ops
---
# clusterRole
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: jenkins
rules:
- apiGroups: ["extensions", "apps"]
resources: ["deployments", "ingresses"]
verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
- apiGroups: [""]
resources: ["services"]
verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
- apiGroups: [""]
resources: ["pods/log", "events"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
# clusterrolebinding
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: jenkins
namespace: ops
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
namespace: ops
创建无头服务
apiVersion: v1
kind: Service
metadata:
name: jenkins-svc
namespace: ops
spec:
clusterIP: None
selector:
app: jenkins
ports:
- name: http
port: 8080
targetPort: 8080
- name: agent
port: 50000
targetPort: 50000
创建有状态服务
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: jenkins
namespace: ops
spec:
serviceName: "jenkins-svc"
selector:
matchLabels:
app: jenkins
template:
metadata:
labels:
app: jenkins
spec:
serviceAccount: jenkins
#imagePullSecrets:
#- name: harbor-admin
containers:
- name: jenkins
#image: jenkins/jenkins:2.401.2-lts
image: jenkins/jenkins:2.473-jdk17
imagePullPolicy: IfNotPresent
securityContext: # 添加参数启用容器root权限
privileged: true
runAsUser: 0 # root身份运行
env:
- name: JAVA_OPTS
value: -Duser.timezone=Asia/Shanghai
ports:
- name: http
containerPort: 8080
- name: agent
containerPort: 50000
volumeMounts:
- name: data
mountPath: /var/jenkins_home
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: ["ReadWriteOnce"]
storageClassName: "nfs-storage"
resources:
requests:
storage: 1Gi
创建ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jenkins-ingress
namespace: ops
spec:
ingressClassName: "nginx"
rules:
- host: jenkins.ops.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: jenkins-svc
port:
name: http
部署
kubectl apply -f .