k8s搭建jenkins

k8s安装jenkins

环境：
172.20.48.57 jenkins-master
172.20.48.53 harbor
172.20.48.54 nfs

 

一、创建nfs
172.20.48.54上操作:

yum install nfs-utils -y
mkdir -p /data/nfs/jenkins
vim /etc/exports
/data/nfs/jenkins 172.20.48.0/24(sync,rw,no_root_squash)
systemctl restart nfs rpcbind
systemctl enable nfs rpcbind

所有机器操作：

yum install nfs-utils -y
systemctl start nfs && systemctl enable nfs
showmount -e 172.20.48.54

　　

二、下载镜像推送到自己的镜像仓库

vim Dockerfile
FROM jenkins/jenkins:2.263.4-lts-centos7
USER root


docker build -t 172.20.48.53/kube-ops/jenkins:2.263.4-lts-centos7
docker push 

三、编辑jenkins.yaml
1. 创建jenkins rbac用户

vim jenkins-rbac.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins
  namespace: kube-ops
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: jenkins
  namespace: kube-ops
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/exec"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/log"]
  verbs: ["get","list","watch"]
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: jenkins
  namespace: kube-ops
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: jenkins
subjects:
- kind: ServiceAccount
  name: jenkins　　

 

 

2. 编辑jenkins-deployment文件

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: jenkins
  namespace: kube-ops
spec:
  replicas: 1
  selector:
    matchLabels:
      app: jenkins
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 2
      maxUnavailable: 0
  template:
    metadata:
      labels:
        app: jenkins
    spec:
      securityContext:
        fsGroup: 1000
      serviceAccountName: jenkins
      containers:
      - name: jenkins
#       image: jenkins/jenkins:lts-alpine
        image: 172.20.48.53/kube-ops/jenkins:2.263.4-lts-centos7
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 8080
          name: web
          protocol: TCP
        - containerPort: 50000
          name: agent
          protocol: TCP
        volumeMounts:
        - name: jenkins-home
          mountPath: /var/jenkins_home
        env:
        - name: LIMITS_MEMORY
          valueFrom:
            resourceFieldRef:
              resource: limits.memory
              divisor: 1Mi
        - name: JAVA_OPTS
          value: -Xmx$(LIMITS_MEMORY)m -XshowSettings:vm -Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85 -Duser.timezone=Asia/Shanghai
      volumes:
      - name: jenkins-home
        nfs:
          server: 172.20.48.54

kubectl apply -f jenkins-deployment.yaml

 

四、访问jenkins,初始化配置

 

 登录nfs服务器  /data/nfs/jenkins/

[root@k8s-node2 secrets]# cat /data/nfs/jenkins/secrets/initialAdminPassword
65350aaab93a4dfcb13aece9676107b6