k8s || Jenkins

Jenkins 是什么?

Jenkins是一款开源 CI&CD 软件，用于自动化各种任务，包括构建、测试和部署软件。

  continuous integration = CI
  continuous delivery = CD

Pipeline：流水线
Blueocean是可以图形化管理(编写，查看，修改等)我们的流水线 --》Jenkins内部的一个插件
     blueocean是pipeline的可视化UI

安装方式：

  1.使用war包安装
  先部署java环境安装jdk相关的包
  下载 Jenkins.
  打开终端进入到下载目录.
  运行命令 java -jar jenkins.war --httpPort=8080.
  打开浏览器进入链接 http://localhost:8080.

  2.使用容器启动
  docker pull jenkins/jenkins:lts-jdk11  --》没有安装很多插件的Jenkins
  docker pull jenkinsci/blueocean  --》带插件blueocean的Jenkins

---

node节点拉取镜像

[root@k8snode1 ~]# docker pull jenkinsci/blueocean

[root@k8snode2 ~]# docker pull jenkinsci/blueocean

[root@k8snode1 ~]# docker images
REPOSITORY                                                                     TAG         IMAGE ID       CREATED         SIZE
jenkins/jenkins                                                                lts-jdk11   2a4bbe50c40b   16 months ago   441MB
jenkinsci/blueocean                                                            latest      04540a0bb985   7 months ago    579MB

[root@k8snode2 ~]# docker images
REPOSITORY                                                                     TAG         IMAGE ID       CREATED         SIZE
jenkins/jenkins                                                                lts-jdk11   2a4bbe50c40b   16 months ago   441MB
jenkinsci/blueocean                                                            latest      04540a0bb985   7 months ago    579MB

[root@k8snode1 ~]# docker run \
>   --name sc-jenkins-1 \
>   -u root \
>   --rm \
>   -d \
>   -p 8080:8080 \
>   -p 50000:50000 \
>   -v jenkins-data:/var/jenkins_home \
>   -v /var/run/docker.sock:/var/run/docker.sock \
>   jenkinsci/blueocean
f11d5884af89bcb50bb98b93261e1f7377894f3569c9ef69131886534657f3da
您在 /var/spool/mail/root 中有新邮件

[root@k8snode1 ~]# docker ps
CONTAINER ID   IMAGE                                               COMMAND                   CREATED         STATUS         PORTS                                                                                      NAMES
f11d5884af89   jenkinsci/blueocean                                 "/sbin/tini -- /usr/…"   4 seconds ago   Up 2 seconds   0.0.0.0:8080->8080/tcp, :::8080->8080/tcp, 0.0.0.0:50000->50000/tcp, :::50000->50000/tcp   sc-jenkins-1

在windows的机器上登录Jenkins，访问宿主机的ip+端口号
http://192.168.102.137:8080
登录的时候需要输入密码
选择安装推荐的插件

 

登录的时候需要输入密码

[root@k8snode1 ~]# docker exec -it sc-jenkins-1 bash
bash-5.1# cat /var/jenkins_home/secrets/initialAdminPassword
59a81024dcba412ca7af869fdb5a8e36
bash-5.1#  

选择安装推荐的插件

---

Jenkins部署到k8s里
1.安装git软件

[root@k8smaster ~]# yum install git -y

2.下载相关的yaml文件

[root@k8smaster ~]# git clone https://github.com/scriptcamp/kubernetes-jenkins

[root@k8smaster ~]# cd kubernetes-jenkins/

[root@k8smaster kubernetes-jenkins]# ls
deployment.yaml  namespace.yaml  serviceAccount.yaml  service.yaml  volume.yaml

3.创建命名空间

[root@k8smaster kubernetes-jenkins]# cat namespace.yaml 
apiVersion: v1
kind: Namespace
metadata:
  name: devops-tools

[root@k8smaster kubernetes-jenkins]# kubectl apply -f namespace.yaml 
namespace/devops-tools created

[root@k8smaster kubernetes-jenkins]# kubectl get ns
NAME              STATUS   AGE
default           Active   13d
devops-tools      Active   6s
ingress-nginx     Active   2d4h
kube-node-lease   Active   13d
kube-public       Active   13d
kube-system       Active   13d

4.创建服务账号，集群角色，绑定

[root@k8smaster kubernetes-jenkins]# cat serviceAccount.yaml 
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: jenkins-admin
rules:
  - apiGroups: [""]
    resources: ["*"]
    verbs: ["*"]

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins-admin
  namespace: devops-tools

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: jenkins-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: jenkins-admin
subjects:
- kind: ServiceAccount
  name: jenkins-admin

[root@k8smaster kubernetes-jenkins]# kubectl apply -f serviceAccount.yaml 
clusterrole.rbac.authorization.k8s.io/jenkins-admin created
serviceaccount/jenkins-admin created
clusterrolebinding.rbac.authorization.k8s.io/jenkins-admin created

5.创建卷，用来存放数据

[root@k8smaster kubernetes-jenkins]# cat volume.yaml 
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: local-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer

---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: jenkins-pv-volume
  labels:
    type: local
spec:
  storageClassName: local-storage
  claimRef:
    name: jenkins-pv-claim
    namespace: devops-tools
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  local:
    path: /mnt
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - k8snode1   # 需要修改为k8s里的node节点的名字

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: jenkins-pv-claim
  namespace: devops-tools
spec:
  storageClassName: local-storage
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 3Gi

[root@k8smaster kubernetes-jenkins]# kubectl apply -f volume.yaml 
storageclass.storage.k8s.io/local-storage unchanged
persistentvolume/jenkins-pv-volume unchanged
persistentvolumeclaim/jenkins-pv-claim unchanged

[root@k8snode1 mnt]# kubectl get pv
NAME                CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                           STORAGECLASS    REASON   AGE
jenkins-pv-volume   10Gi       RWO            Retain           Bound    devops-tools/jenkins-pv-claim   local-storage            3d1h
sc-nginx-pv         10Gi       RWX            Retain           Bound    default/sc-nginx-pvc            nfs                      5d16h
task-pv-volume      10Gi       RWO            Retain           Bound    default/task-pv-claim           manual                   5d17h

[root@k8snode1 mnt]# kubectl describe pv jenkins-pv-volume
Name:              jenkins-pv-volume
Labels:            type=local
Annotations:       <none>
Finalizers:        [kubernetes.io/pv-protection]
StorageClass:      local-storage
Status:            Bound
Claim:             devops-tools/jenkins-pv-claim
Reclaim Policy:    Retain
Access Modes:      RWO
VolumeMode:        Filesystem
Capacity:          10Gi
Node Affinity:     
  Required Terms:  
    Term 0:        kubernetes.io/hostname in [k8snode1]
Message:           
Source:
    Type:  LocalVolume (a persistent volume backed by local storage on a node)
    Path:  /mnt
Events:    <none>

6.部署Jenkins

[root@k8smaster kubernetes-jenkins]# cat deployment.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: jenkins
  namespace: devops-tools
spec:
  replicas: 1
  selector:
    matchLabels:
      app: jenkins-server
  template:
    metadata:
      labels:
        app: jenkins-server
    spec:
      securityContext:
            fsGroup: 1000 
            runAsUser: 1000
      serviceAccountName: jenkins-admin
      containers:
        - name: jenkins
          image: jenkins/jenkins:lts
          imagePullPolicy: IfNotPresent
          resources:
            limits:
              memory: "2Gi"
              cpu: "1000m"
            requests:
              memory: "500Mi"
              cpu: "500m"
          ports:
            - name: httpport
              containerPort: 8080
            - name: jnlpport
              containerPort: 50000
          livenessProbe:
            httpGet:
              path: "/login"
              port: 8080
            initialDelaySeconds: 90
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 5
          readinessProbe:
            httpGet:
              path: "/login"
              port: 8080
            initialDelaySeconds: 60
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 3
          volumeMounts:
            - name: jenkins-data
              mountPath: /var/jenkins_home         
      volumes:
        - name: jenkins-data
          persistentVolumeClaim:
              claimName: jenkins-pv-claim

[root@k8smaster kubernetes-jenkins]# kubectl apply -f deployment.yaml 
deployment.apps/jenkins configured

[root@k8smaster kubernetes-jenkins]# kubectl get deploy -n devops-tools
NAME      READY   UP-TO-DATE   AVAILABLE   AGE
jenkins   1/1     1            1           3d1h

[root@k8smaster kubernetes-jenkins]# kubectl get pod -n devops-tools
NAME                       READY   STATUS    RESTARTS   AGE
jenkins-85fcfbb869-zlvvz   1/1     Running   2          3d1h

建议删除之前使用docker容器安装的Jenkins

[root@k8snode1 ~]# docker stop sc-jenkins-1
sc-jenkins-1

7.启动服务发布Jenkins的pod

[root@k8smaster kubernetes-jenkins]# cat service.yaml 
apiVersion: v1
kind: Service
metadata:
  name: jenkins-service
  namespace: devops-tools
  annotations:
      prometheus.io/scrape: 'true'
      prometheus.io/path:   /
      prometheus.io/port:   '8080'
spec:
  selector: 
    app: jenkins-server
  type: NodePort  
  ports:
    - port: 8080
      targetPort: 8080
      nodePort: 32000

[root@k8smaster kubernetes-jenkins]# kubectl apply -f service.yaml 

[root@k8smaster kubernetes-jenkins]# kubectl get svc -n devops-tools
NAME              TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
jenkins-service   NodePort   10.108.132.26   <none>        8080:32000/TCP   3d1h

8.在Windows机器上访问Jenkins，宿主机ip+端口号
http://192.168.102.136:32000/login?from=%2F

9.进入pod里获取登录的密码

[root@k8smaster kubernetes-jenkins]# kubectl exec -it -n devops-tools jenkins-85fcfbb869-zlvvz -- bash
jenkins@jenkins-85fcfbb869-zlvvz:/$ cat /var/jenkins_home/secrets/initialAdminPassword
160a061f20f247f29512a85fbb8815af