基于K8S安装Jenkins,参考官网:jenkins-kubenates。
1.创建Namespace存放Devops相关的资源
创建一个独立的K8S的namespace,用来存放Jenkins相关的K8S资源。
kubectl create namespace devops-tools
2.创建持久卷PV作为Jenkins数据存放的路径
使用本地路径创建持久卷
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: local-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: jenkins-local-pv-volume
labels:
type: local
spec:
storageClassName: local-storage
claimRef:
name: jenkins-local-pv-claim
namespace: devops-tools
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
local:
path: /mnt
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- node2
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins-local-pv-claim
namespace: devops-tools
spec:
storageClassName: local-storage
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
3. 创建ServiceAccount账号
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: jenkins-admin
rules:
- apiGroups: [""]
resources: ["*"]
verbs: ["*"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins-admin
namespace: devops-tools
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: jenkins-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: jenkins-admin
subjects:
- kind: ServiceAccount
name: jenkins-admin
namespace: devops-tools
4. 创建Deployment部署Jenkins服务并挂载数据卷
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: devops-tools
spec:
replicas: 1
selector:
matchLabels:
app: jenkins-server
template:
metadata:
labels:
app: jenkins-server
spec:
securityContext:
fsGroup: 1000
runAsUser: 1000
serviceAccountName: jenkins-admin
containers:
- name: jenkins
image: wanna1314y.top:1443/library/jenkins:lts
resources:
limits:
memory: "2Gi"
cpu: "1000m"
requests:
memory: "500Mi"
cpu: "500m"
command:
- java
args:
- '-jar'
- /usr/share/jenkins/jenkins.war
- '--httpPort=8080'
ports:
- name: httpport
containerPort: 8080
- name: jnlpport
containerPort: 50000
livenessProbe:
httpGet:
path: "/login"
port: 8080
initialDelaySeconds: 180
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
readinessProbe:
httpGet:
path: "/login"
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
volumeMounts:
- name: jenkins-data
mountPath: /var/jenkins_home
volumes:
- name: jenkins-data
persistentVolumeClaim:
#claimName: nfs-pvc-jenkins
claimName: jenkins-local-pv-claim
5. 创建Jenkins的Service使用NodePort方式外网暴露
apiVersion: v1
kind: Service
metadata:
name: jenkins-service
namespace: devops-tools
annotations:
prometheus.io/scrape: 'true'
prometheus.io/path: /
prometheus.io/port: '8080'
spec:
selector:
app: jenkins-server
type: NodePort
ports:
- port: 8080
targetPort: 8080
nodePort: 32000
6.创建Ingress基于域名映射Jenkins的处理请求
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: devops-tools-nginx-ingress
namespace: devops-tools
annotations:
nginx.ingress.kubernetes.io/affinity: cookie
nginx.ingress.kubernetes.io/proxy-body-size: 100m
nginx.ingress.kubernetes.io/session-cookie-max-age: '86400'
nginx.ingress.kubernetes.io/session-cookie-name: SESSION
spec:
ingressClassName: nginx
tls:
- hosts:
- jenkins.wanna1314y.top
secretName: jenkins-wanna1314y-top-ssl
rules:
- host: jenkins.wanna1314y.top
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: jenkins-service
port:
number: 8080