k8s部署jenkins服务
备注: 以下部署默认在已经部署了ingress-nginx的状态下进行,根据 实际使用情况修改对应的副本策略以及容器启动资源消耗
参考链接如下:
Jenkins官方k8s部署手册
Jenkins没有网络,实例离线
kubernetes的所有资源都是以REST API形式去调用创建的
kubectl api-resources
在使用指令的过程当中可以更加深刻的理解,组件的工作原理
一 、检查master节点containerd服务状态
systemctl status containerd -l
确保运行状态为正常,kubernetes需要用到的是container runtime
二、检查kubelet服务状态
systemctl status kubelet -l
三、检查nodes节点状态
kubectl get nodes
检查所有worker节点皆为ready状态,说明状态正常
四、创建namespace
创建对应的命名空间
kubectl create namespace devops-tools
五、编写serviceAccount.yaml文件
yaml文件内容如下:
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: jenkins-admin
rules:
- apiGroups: [""]
resources: ["*"]
verbs: ["*"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins-admin
namespace: devops-tools
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: jenkins-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: jenkins-admin
subjects:
- kind: ServiceAccount
name: jenkins-admin
namespace: devops-tools
创建jenkins服务对应的serviceAccount
kubectl apply -f serviceAccount.yaml`
六、创建volume.yaml文件
文件内容如下:
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: local-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: jenkins-pv-volume
labels:
type: local
spec:
storageClassName: local-storage
claimRef:
name: jenkins-pv-claim
namespace: devops-tools
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
local:
path: /mnt
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- k8s-worker01
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins-pv-claim
namespace: devops-tools
spec:
storageClassName: local-storage
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 3Gi
创建对应持久化卷存储
kubectl create -f volume.yaml
七、 创建deployment
编写yaml文件内容如下:
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: devops-tools
spec:
replicas: 1
selector:
matchLabels:
app: jenkins-server
template:
metadata:
labels:
app: jenkins-server
spec:
securityContext:
fsGroup: 1000
runAsUser: 1000
serviceAccountName: jenkins-admin
hostNetwork: true # 这个一定是必须写的,如果没有写这个服务没有办法正常启动,没有网络连接无法下载插件
containers:
- name: jenkins
image: jenkins/jenkins:lts
resources:
limits:
memory: "2Gi"
cpu: "1000m"
requests:
memory: "500Mi"
cpu: "500m"
ports:
- name: httpport
containerPort: 8080
- name: jnlpport
containerPort: 50000
livenessProbe:
httpGet:
path: "/login"
port: 8080
initialDelaySeconds: 90
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
readinessProbe:
httpGet:
path: "/login"
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
volumeMounts:
- name: jenkins-data
mountPath: /var/jenkins_home
volumes:
- name: jenkins-data
persistentVolumeClaim:
claimName: jenkins-pv-claim
创建/var/jenkins_home防止pod重启之后jenkins的数据丢失,包含代码仓库的流水线等
ls /var | grep jenkins_home | wc -l
若显示数量为1,则存在无需再次创建
数量为0,则使用
mkdir /var/jenkins_home
kubectl apply -f deployment.yaml
部署deployment
检查deployment的状态
kubectl get deployments -n devops-tools
kubectl describe deployments --namespace=devops-tools
检查deploment详细信息以及状态
八、 部署jenkins服务
kubectl apply -f service.yaml
apiVersion: v1
kind: Service
metadata:
name: jenkins-service
namespace: devops-tools
annotations:
prometheus.io/scrape: 'true'
prometheus.io/path: /
prometheus.io/port: '8080'
spec:
selector:
app: jenkins-server
type: NodePort
ports:
- port: 8080
targetPort: 8080
nodePort: 32000
kubectl get pods --namespace=devops-tools
可以看到pod已经处于running状态了
检查jenkins的启动日志,并且将初始密码复制下来
方式一: 使用kubectl logs查看
kubectl logs jenkins-56b6774bb6-tstjx --namespace=devops-tools
方式二: 使用kubectl exec 至对应pod名称执行指令,获取到初始化密码
kubectl exec jenkins-5f55476865-5bznw cat /var/jenkins_home/secrets/initialAdminPassword -n automated-tools