本文介紹在k8s環境中進行jenkins server的部署和配置。Jenkins是一個開源的、功能強大的持續集成和持續構建工具,採用master和salve架構,咱們經過將jenkins集成環境部署在k8s集羣中,能夠實現jenkins slave按需建立、動態的伸縮。同時也提供了在k8s環境中應用的持續部署解決方案。java
一、編譯jenkins server docker鏡像,默認的jenkis鏡像已包含jdk,版本爲1.8.0_171node
# cat dockerfile FROM jenkins MAINTAINER ylw@fjhb.cn ENV MAVEN_HOME /usr/local/maven ENV JAVA_HOME /usr/local/java ENV CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar ENV PATH ${JAVA_HOME}/bin:${MAVEN_HOME}/bin:${PATH} COPY apache-maven-3.5.4 /usr/local/maven USER root RUN mkdir -p /usr/local/maven/repository && ln -s /usr/java/jdk1.8.0_171 /usr/local/java
# docker build -t harbor.59iedu.com/fjhb/jenkins:2018-08-12-v1 . # docker push harbor.59iedu.com/fjhb/jenkins:2018-08-12-v1
二、編譯jenkins slave鏡像
能夠根據實際狀況配置maven內網私服nexus,私服能夠避免編譯過程當中經過公網下載依賴的jar包,配置私服須要把對應的setting.xml文件打包到apache-maven-3.5.4/conf目錄下;
libltdl.so.7文件的獲取路徑爲操做系統路徑/usr/lib64/libltdl.so.7(其實是個軟連接,須要copy出來重命名)
slave.jar文件的獲取路徑爲http://jenkins-server/jnlpJars/slave.jargit
# cat Dockerfile FROM openshift/base-centos7 MAINTAINER ylw@fjhb.cn COPY apache-maven-3.5.4 /usr/local/maven COPY jdk1.8.0_171 /usr/local/java COPY kubectl /usr/local/bin/kubectl COPY libltdl.so.7 /usr/lib64/libltdl.so.7 COPY slave.jar /usr/share/jenkins/slave.jar COPY jenkins-slave /usr/local/bin/jenkins-slave ENV HOME /home/jenkins ENV AGENT_WORKDIR=/home/jenkins/agent ENV JAVA_HOME /usr/local/java ENV MAVEN_HOME /usr/local/maven/ ENV CLASSPATH .:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar ENV PATH ${JAVA_HOME}/bin:${MAVEN_HOME}/bin:${PATH} ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2" RUN chmod 755 /usr/share/jenkins \ && chmod 644 /usr/share/jenkins/slave.jar RUN mkdir -p /home/jenkins/.jenkins \ && mkdir -p ${AGENT_WORKDIR} \ && yum -y install git subversion sshpass VOLUME /home/jenkins/.jenkins VOLUME ${AGENT_WORKDIR} WORKDIR /home/jenkins USER root ENTRYPOINT ["jenkins-slave"]
# docker build -t harbor.59iedu.com/fjhb/jenkins-slave-toolkit:2018-08-10-v1 . # docker push harbor.59iedu.com/fjhb/jenkins-slave-toolkit:2018-08-10-v1
一、建立pv和pvcdocker
# cat pv.yaml --- apiVersion: v1 kind: PersistentVolume metadata: name: jenkins-master-vol spec: capacity: storage: 5Gi accessModes: - ReadWriteMany nfs: path: /home/jenkins server: 192.168.115.6 persistentVolumeReclaimPolicy: Recycle --- apiVersion: v1 kind: PersistentVolume metadata: name: maven-repository spec: capacity: storage: 5Gi accessModes: - ReadWriteMany nfs: path: /home/maven server: 192.168.115.6 persistentVolumeReclaimPolicy: Recycle --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: jenkins-master-claim spec: accessModes: - ReadWriteMany resources: requests: storage: 5Gi --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: maven-repository-claim spec: accessModes: - ReadWriteMany resources: requests: storage: 5Gi
二、建立deployment和serviceapache
# cat deploy.yaml --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: jenkins-master spec: template: metadata: labels: name: jenkins-master spec: securityContext: fsGroup: 1000 containers: - name: jenkins-master image: harbor.59iedu.com/fjhb/jenkins:2018-08-12-v1 imagePullPolicy: Always ports: - containerPort: 8080 name: http - containerPort: 50000 name: agent volumeMounts: - name: jenkins-master-vol mountPath: /var/jenkins_home - name: maven-repository mountPath: /opt/maven/repository - name: docker mountPath: /usr/bin/docker - name: docker-sock mountPath: /var/run/docker.sock volumes: - name: jenkins-master-vol persistentVolumeClaim: claimName: jenkins-master-claim - name: maven-repository persistentVolumeClaim: claimName: maven-repository-claim - name: docker hostPath: path: /usr/bin/docker - name: docker-sock hostPath: path: /var/run/docker.sock serviceAccount: "jenkins-master" imagePullSecrets: - name: harborsecret --- apiVersion: v1 kind: Service metadata: name: jenkins-master spec: type: NodePort ports: - port: 8080 name: http targetPort: 8080 nodePort: 8452 - port: 50000 name: agent nodePort: 50000 targetPort: 50000 selector: name: jenkins-master
三、rbac受權centos
# cat sa.yaml --- apiVersion: v1 kind: ServiceAccount metadata: name: jenkins-master namespace: default --- kind: Role apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: jenkins-master rules: - apiGroups: [""] resources: ["pods"] verbs: ["create","delete","get","list","patch","update","watch"] - apiGroups: [""] resources: ["pods/exec"] verbs: ["create","delete","get","list","patch","update","watch"] - apiGroups: [""] resources: ["pods/log"] verbs: ["get","list","watch"] - apiGroups: [""] resources: ["secrets"] verbs: ["get"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: name: jenkins-master roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: jenkins-master subjects: - kind: ServiceAccount name: jenkins-master namespace: default
四、default sa的rbac受權api
# cat default-sa.yaml --- kind: Role apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: default-role rules: - apiGroups: [""] resources: ["pods"] verbs: ["create","delete","get","list","patch","update","watch"] - apiGroups: [""] resources: ["pods/exec"] verbs: ["create","delete","get","list","patch","update","watch"] - apiGroups: [""] resources: ["pods/log"] verbs: ["get","list","watch"] - apiGroups: [""] resources: ["secrets"] verbs: ["get"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: name: default-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: default-role subjects: - kind: ServiceAccount name: default namespace: default
一、經過祕鑰解鎖jenkins(本文爲了方便局域網其餘主機訪問,在vmware上配置了nat規則)
二、配置代理
三、安裝插件
四、建立管理員帳號架構
一、系統管理 —— 系統設置 —— 新增一個雲」kubernetes」
Kubernetes URL: 輸入api-server的地址
Jenkins URL: 輸入jenkins server的服務名,端口8080
Jenkins Tunnel: 指的是slave鏈接master的端口,默認是50000
上圖pod的模板名稱爲jenkins-slave,Container的模板名稱爲jnlp。這裏有很是重要的兩點要注意:
當Container的模板名稱爲jnlp的時候,jenkins-slave纔會使用下面配置的docker鏡像來啓動pod,若是不爲jnlp,則會使用默認的鏡像jenkins/jnlp-slave:alpinessh
當使用自定義的docker鏡像來啓動jenkins slave pod的時候,下面的command to run(默認值是 sh -c)和arguments to pass to the command(默認值是cat)兩個值須要清空。不然會出現jenkins slave jnlp鏈接不上master的狀況,嘗試100次鏈接以後銷燬pod,而後再建立一個pod繼續嘗試鏈接,無限循環。maven
二、系統管理 —— Configure Global Security
確認jnlp agent的端口默認爲50000,若是有修改,要保障這裏的配置及前面部署deployment、service的端口配置、前文的雲環境Jenkins Tunnel設置保持一致
三、系統管理 —— Global Tool Configuration
在這裏設置對應的工具及環境變量,爲了不沒必要要的問題,前面經過dockerfile把jenkins server 和jenkins slave的環境變量調整成一致, java目錄經過軟鏈接的方式實現。
四、系統管理 —— 管理插件
推薦安裝的幾個插件:maven、 gitlab 、subversion、pipeline、Kubernetes Continuous Deploy、Publish Over SSH完成插件安裝後須要對jenkins server進行重啓操做,能夠點擊「系統管理 」——「準備關機」來完成重啓操做,至此咱們就完成了jenkins server在k8s環境中的部署和配置工做,下文開始介紹使用jenkins完成項目構建和發佈。