kubernetes中安裝Jenkins實現ci/cd

微服務開發必不可少的就是k8s和docker了，有了這些以後你就會發現部署又是個問題，簡直了。花了兩天時間才完整的搭建一個Jenkins環境，因爲避免複雜性，快速搭建ci的需求，本次只搭建Jenkins-master和並手動觸發構建，去掉那些繁瑣的NFS，證書生成啥的，本文絕對讓你有感受（前提要了解k8s和docker倉庫工做模式）。下面列下建立Jenkins用的文件：

一、Jenkins鏡像

二、持久化存儲卷

三、找個demo

四、編寫Jenkins

==========================================================

準備工做：你得有個k8s集羣，而後本身構建鏡像上傳到本身的私庫，若是直接使用Jenkins的鏡像，安裝完一系列的操做以後就會發現，執行構建會報錯，報錯的內容諸如：docker:not found之類，即便將宿主機的docker掛載到Jenkins中也沒法執行，緣由是沒有建用戶添加到docker的組中。本身的私庫能夠本身建也能夠用阿里雲的，我用的是阿里雲的。

一、k8s部署Jenkins

1）構建Jenkins鏡像，使用阿里雲的構建鏡像Dockerfile以下：

FROM jenkins/jenkins #這個是官方鏡像，必須基於官方鏡像構建，不然安裝以後仍是要更新，又報錯

USER root
#清除了基礎鏡像設置的源，切換成阿里雲的jessie源
RUN echo '' > /etc/apt/sources.list.d/jessie-backports.list \
  && echo "deb http://mirrors.aliyun.com/debian jessie main contrib non-free" > /etc/apt/sources.list \
  && echo "deb http://mirrors.aliyun.com/debian jessie-updates main contrib non-free" >> /etc/apt/sources.list \
  && echo "deb http://mirrors.aliyun.com/debian-security jessie/updates main contrib non-free" >> /etc/apt/sources.list
#更新源並安裝缺乏的包
RUN apt-get update && apt-get install -y libltdl7

ARG dockerGid=999

RUN echo "docker:x:${dockerGid}:jenkins" >> /etc/group \
USER jenkins

2）部署Jenkins鏡像

A、建立pv持久化存儲卷，本次用的是宿主機文件系統

apiVersion: "v1"
kind: "PersistentVolume"
metadata:
  name: jenkins-0
spec:
  capacity:
    storage: "10Gi"
  accessModes:
    - "ReadWriteMany"
  hostPath :
    path: /tmp
    volumeName: jenkins

 

B、建立帳戶

kubectl create -f service-account.yml

# In GKE need to get RBAC permissions first with
# kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin [--user=<user-name>|--group=<group-name>]

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins
  namespace: default

---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: jenkins
  namespace: default
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/exec"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/log"]
  verbs: ["get","list","watch"]
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  name: jenkins
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: jenkins
subjects:
- kind: ServiceAccount
  name: jenkins
  namespace: default
  
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: jenkinsClusterRole
  namespace: default
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/exec"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/log"]
  verbs: ["get","list","watch"]
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  name: jenkinsClusterRuleBinding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: jenkinsClusterRole
subjects:
- kind: ServiceAccount
  name: jenkins
  namespace: default

C、建立Jenkins服務

kubectl create -f jenkins.yml

# jenkins

---
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
  name: jenkins
  namespace: default
  labels:
    name: jenkins
spec:
  serviceName: jenkins
  replicas: 1
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      name: jenkins
      labels:
        name: jenkins
    spec:
      terminationGracePeriodSeconds: 10
      serviceAccountName: jenkins
      imagePullSecrets:
            - name: registry-secret
      containers:
        - name: jenkins
          # image: jenkins/jenkins:lts-alpine
          # image: chadmoon/jenkins-docker-kubectl:latest h1kkan/jenkins-docker
          image: registry.cn-shanghai.aliyuncs.com/pml/jenkins:v1.0
          imagePullPolicy: Always
          ports:
            - containerPort: 8080
            - containerPort: 50000
          resources:
            limits:
              cpu: 1
              memory: 1Gi
            requests:
              cpu: 0.5
              memory: 500Mi
          env:
            - name: LIMITS_MEMORY
              valueFrom:
                resourceFieldRef:
                  resource: limits.memory
                  divisor: 1Mi
            - name: JAVA_OPTS
              # value: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -XX:MaxRAMFraction=1 -XshowSettings:vm -Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85
              value: -Xmx800m -XshowSettings:vm -Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85
          volumeMounts:
            - name: jenkins-home
              mountPath: /var/jenkins_home
            - name: docker
              mountPath: /usr/bin/docker
            - name: docker-sock
              mountPath: /var/run/docker.sock
          securityContext:
            privileged: true
      volumes:
        - name: docker
          hostPath:
            path: /usr/bin/docker
        - name: docker-sock
          hostPath:
            path: /var/run/docker.sock
  volumeClaimTemplates:
  - metadata:
      name: jenkins-home
      # annotations:
      #   volume.beta.kubernetes.io/storage-class: anything
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: 1Gi

---
apiVersion: v1
kind: Service
metadata:
  name: jenkins
  namespace: default
  annotations:
    # ensure the client ip is propagated to avoid the invalid crumb issue (k8s <1.7)
    # service.beta.kubernetes.io/external-traffic: OnlyLocal
spec:
  type: NodePort
  selector:
    name: jenkins
  # k8s 1.7+
  externalTrafficPolicy: Local
  ports:
    -
      name: http
      port: 80
      targetPort: 8080
      protocol: TCP
    -
      name: agent
      port: 50000
      protocol: TCP

二、登陸並配置Jenkins

1）登陸咋說呢，上圖吧

找到服務端口

2）瀏覽器輸入node的ip加上端口，諸如：http://192.168.16.131:32453，就能夠了

3）裝插件，kubernetes plugin

4）配憑據，一個是登陸gitee的（下代碼），一個是登陸docker倉庫的（pull/push鏡像），還一個是ssh登陸k8s的(deploy)

三、找個demo項目吧

看到這了，star/fork一下行不行，看提交記錄就知道差點搞瘋了！！！

https://gitee.com/chenqq/petclinic/

四、配下流水線

五、enjoy it!!!

若是持久化存儲卷聲明一直在pending，參考以下，從新設置狀態：

{
  "kind": "PersistentVolumeClaim",
  "apiVersion": "v1",
  "metadata": {
    "name": "jenkins-home-jenkins-0",
    "namespace": "default",
    "selfLink": "/api/v1/namespaces/default/persistentvolumeclaims/jenkins-home-jenkins-0",
    "uid": "e0e85f5b-b64b-11e9-acc8-000c29e92529",
    "resourceVersion": "649259",
    "creationTimestamp": "2019-08-04T00:07:42Z",
    "labels": {
      "name": "jenkins"
    },
    "annotations": {
      "pv.kubernetes.io/bind-completed": "yes",
      "pv.kubernetes.io/bound-by-controller": "yes"
    },
    "finalizers": [
      "kubernetes.io/pvc-protection"
    ]
  },
  "spec": {
    "accessModes": [
      "ReadWriteOnce"
    ],
    "resources": {
      "requests": {
        "storage": "1Gi"
      }
    },
    "volumeName": "jenkins-1",
    "volumeMode": "Filesystem",
    "dataSource": null
  },
  "status": {
    "phase": "Bound",
    "accessModes": [
      "ReadWriteOnce"
    ],
    "capacity": {
      "storage": "10Gi"
    }
  }
}