概述
说到devops就离不开jenkins,而安装Jenkins的方式也有很多。Jenkins可以在操作系统使用apt(Ubuntu)或yum(Fedora/Centos)进行直接安装;也可以在docker下通过拉取镜象以容器的方式使用Jenkins;还可以使用kubernetes集群以pod的方式运行Jenkins。
在kubernetes上安装Jenkins
1、创建命名空间
建议创建一个新的命令空间,否是后续如果使用jenkins-agent的过程中会导致pods的列表过乱。
kubectl create namespace devops-tools2、创建service account
配置文件:service-account.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: jenkins-admin
rules:
- apiGroups: [""]
resources: ["*"]
verbs: ["*"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins-admin
namespace: devops-tools
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: jenkins-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: jenkins-admin
subjects:
- kind: ServiceAccount
name: jenkins-admin
namespace: devops-tools3、创建stroageclass
配置文件:sc-csi-cephfs.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: cephfs-sc
namespace: devops-tools
provisioner: cephfs.csi.ceph.com
parameters:
clusterID: 64406cb4-75fd-11ed-a77b-bff23c982581
fsName: k8s-cephfs
csi.storage.k8s.io/provisioner-secret-name: csi-cephfs-secret
csi.storage.k8s.io/provisioner-secret-namespace: default
csi.storage.k8s.io/controller-expand-secret-name: csi-cephfs-secret
csi.storage.k8s.io/controller-expand-secret-namespace: default
csi.storage.k8s.io/node-stage-secret-name: csi-cephfs-secret
csi.storage.k8s.io/node-stage-secret-namespace: default
reclaimPolicy: Delete
allowVolumeExpansion: true
mountOptions:
- discard- cephfs.csi.ceph.com:本人使用是cephfs来作为持久卷的存储提供者,其插件配置见文档《K8S—cephfs的使用(ceph-csi)》
4、创建Jenkins的PVC
配置文件:pvc-jenkins.yaml
# Persistent Volume Claim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins-pv-claim
namespace: devops-tools
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 50Gi
storageClassName: cephfs-sc
5、创建jenkins的deployment及service
配置文件:jenkins-deployment.yam
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: devops-tools
spec:
replicas: 1
selector:
matchLabels:
app: jenkins-server
template:
metadata:
labels:
app: jenkins-server
spec:
securityContext:
fsGroup: 1000
runAsUser: 1000
serviceAccountName: jenkins-admin
containers:
- name: jenkins
image: jenkins/jenkins:lts
resources:
limits:
memory: "4Gi"
cpu: "2000m"
requests:
memory: "500Mi"
cpu: "500m"
ports:
- name: httpport
containerPort: 8080
- name: jnlpport
containerPort: 50000
livenessProbe:
httpGet:
path: "/login"
port: 8080
initialDelaySeconds: 90
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
readinessProbe:
httpGet:
path: "/login"
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
volumeMounts:
- name: jenkins-data
mountPath: /var/jenkins_home
volumes:
- name: jenkins-data
persistentVolumeClaim:
claimName: jenkins-pv-claim
---
apiVersion: v1
kind: Service
metadata:
name: jenkins-service
namespace: devops-tools
annotations:
prometheus.io/scrape: 'true'
prometheus.io/path: /
prometheus.io/port: '8080'
spec:
selector:
app: jenkins-server
type: NodePort
ports:
- port: 8080
targetPort: 8080
nodePort: 308086、创建
kubectl create -f .