k8s环境: master 192.168.0.91 node 192.168.0.92 下面所有操作都是在node:192.168.0.92上进行 生成自定义Jenkins master镜像 原始的Jenkins master镜像并不符合我们当前需求,所以在原始镜像的基础上做了一些改变,这一步并不是必须的,主要是看具体需求 下载原始镜像 链接:https://pan.baidu.com/s/14z5BnFAXYoMnDoXbiNgmuQ 提取码:ecsq 导入镜像 docker load < jenkinsci.tar 查看镜像 [root@test2 ~]# docker images jenkinsci/jenkins latest b589aefe29ff 3 months ago 703 MB 准备maven安装包 rz apache-maven-3.5.4-bin.tar.gz mkdir -p /home/jenkins-dockerfile/ mv apache-maven-3.5.4-bin.tar.gz /home/jenkins-dockerfile/ 编写Dockerfile: cat>/home/jenkins-dockerfile/Dockerfile <<EOF FROM jenkinsci/jenkins USER root RUN apt-get update && apt-get install -y libltdl7.* RUN apt-get install vim* -y ADD apache-maven-3.5.4-bin.tar.gz /usr/local/ ENV MAVEN_HOME=/usr/local/apache-maven-3.5.4 ENV PATH=$JAVA_HOME/bin:$MAVEN_HOME/bin:$PATH ARG dockerGid=999 RUN echo "docker:x:${dockerGid}:jenkins" >> /etc/group RUN echo "jenkins ALL=NOPASSWD: ALL" >> /etc/sudoers RUN mkdir -p /opt/maven/repository RUN mkdir -p /ceph/maven/repository EOF 该Dockerfile所做的工作为: 安装Maven并配置环境变量; 配置Maven仓库位置,以便启动时挂载宿主机仓库为容器中Maven仓库; 设置启动用户为root 构建镜像 docker build -t jenkinsci/jenkins:v1 /home/jenkins-dockerfile/ Jenkins启动YAML配置文件 jenkins命令空间创建 cat >namespace-jenkins.yaml<<EOF apiVersion: v1 kind: Namespace metadata: name: jenkins labels: name: jenkins EOF Jenkins 权限配置 此处直接将jenkins-admin集成了cluster-admin权限,可根据自己具体需要进行权限的设置 cat>jenkins-account.yaml<<EOF apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: jenkins name: jenkins-admin namespace: jenkins --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: jenkins-admin labels: k8s-app: jenkins subjects: - kind: ServiceAccount name: jenkins-admin namespace: jenkins roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io EOF Jenkins Deployment配置 此处配置简单明了,需要说明的地方是挂在卷,此处挂载了四个目录,下面分别做出挂载原因: /var/jenkins_home(容器) –> /ceph/jenkins_home(宿主机) 我们需要将容器中的Jenkins源目录挂载导本地宿主机,因为该目录下保存了Jenkins产生的所有配置、我们的自定义配置、任务配置及详情等等信息,>所以需要持久化导宿主机,以便重新启动Jenkins容器的时候能够找到相应数据,防止数据丢失。此处我们使用的ceph,保证整个kubernetes集群所有机 器能够共享同一个目录。 /opt/maven/repository(容器) –> /ceph/maven/repository(宿主机) 这一对挂载目录是Maven仓库的挂载目录,不管是Jenkins master容器或者是Jenkins slave目录都需要挂载该目录,以便容器中maven能够在下载编译代 码时能够从该仓库中找到相应Jar包,同时也保证了数据的持久化。 /usr/bin/docker(容器) –> /usr/bin/docker(宿主机) /var/run/docker.sock(容器) –> /var/run/docker.sock(宿主机) 这两对挂载目录作用是能够在容器中操作宿主机docker,具体的用途是在slave容器中编辑maven代码并生成jar之后,需要生成该代码服务的docker镜像 并上传至本地私有仓库。因此需要操作宿主机docker以便完成这一系列操作 --------------------- cat>jenkins-deployment.yaml<<EOF apiVersion: apps/v1beta2 kind: Deployment metadata: name: jenkins namespace: jenkins labels: k8s-app: jenkins spec: replicas: 1 selector: matchLabels: k8s-app: jenkins template: metadata: labels: k8s-app: jenkins spec: containers: - name: jenkins image: jenkinsci/jenkins:v1 imagePullPolicy: IfNotPresent volumeMounts: - name: jenkins-home mountPath: /var/jenkins_home - name: maven-repository mountPath: /opt/maven/repository - name: docker mountPath: /usr/bin/docker - name: docker-sock mountPath: /var/run/docker.sock ports: - containerPort: 8080 - containerPort: 32000 volumes: - name: jenkins-home hostPath: path: /ceph/jenkins_home - name: maven-repository hostPath: path: /ceph/maven/repository - name: docker hostPath: path: /usr/bin/docker - name: docker-sock hostPath: path: /var/run/docker.sock serviceAccountName: jenkins-admin EOF Jenkins Service配置 该Service配置作用是能够让用户访问到Jenkins。此处开放并配置了8080、32000端口,这两个端口在Deployment 中也应该开放。此处配置的宿主机开放端口分别为:31888、32000 cat>jenkins-service.yaml<<EOF kind: Service apiVersion: v1 metadata: labels: k8s-app: jenkins name: jenkins namespace: jenkins annotations: prometheus.io/scrape: ‘true‘ spec: ports: - name: jenkins port: 8080 nodePort: 31888 targetPort: 8080 - name: jenkins-agent port: 32000 nodePort: 32000 targetPort: 32000 type: NodePort selector: k8s-app: jenkins EOF 启动Jenkins镜像容器 kubectl create -f namespace-jenkins.yaml kubectl apply -f jenkins-account.yaml kubectl apply -f jenkins-deployment.yaml kubectl apply -f jenkins-service.yaml 生成自定义Jenkins slave镜像 节点镜像的配置与master基本一致,也是根据自己需要进行自定义话,也可以直接使用原始的slave镜像 下载原始镜像 链接:https://pan.baidu.com/s/14z5BnFAXYoMnDoXbiNgmuQ 提取码:ecsq 导入镜像 docker load < jenkinsci-jnlp-slave.tar 准备maven安装包 rz apache-maven-3.5.4-bin.tar.gz mkdir -p /home/jenkins-dockerfile/ mv apache-maven-3.5.4-bin.tar.gz /home/jenkins-dockerfile/ 编写Dockerfile: cat>/home/jenkins-dockerfile/Dockerfile <<EOF FROM jenkinsci/jnlp-slave USER root RUN apt-get update && apt-get install -y libltdl7.* RUN apt-get install vim* -y ADD apache-maven-3.5.4-bin.tar.gz /usr/local/ ENV MAVEN_HOME=/usr/local/apache-maven-3.5.4 ENV PATH=$JAVA_HOME/bin:$MAVEN_HOME/bin:$PATH ARG dockerGid=999 RUN echo "docker:x:${dockerGid}:jenkins" >> /etc/group RUN echo "jenkins ALL=NOPASSWD: ALL" >> /etc/sudoers RUN mkdir -p /opt/maven/repository RUN mkdir -p /ceph/maven/repository EOF 该Dockerfile所做的工作为: 安装Maven并配置环境变量; 配置Maven仓库位置,以便启动时挂载宿主机仓库为容器中Maven仓库; 设置启动用户为root 构建镜像 docker build -t jenkinsci/jnlp-slave:v1 /home/jenkins-dockerfile/ 查看镜像 [root@test2 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE jenkinsci/jnlp-slave v1 969993fe2aa9 23 seconds ago 1.34 GB jenkinsci/jenkins v1 2114cb298e17 About an hour ago 1.41 GB jenkinsci/jnlp-slave latest a430a5795102 12 days ago 628 MB jenkinsci/jenkins latest b589aefe29ff 3 months ago 703 MB coredns/coredns 1.2.0 da1adafc0e78 7 months ago 34.2 MB infoblox/dnstools latest d0cee038721f 8 months ago 15.7 MB registry.cn-shanghai.aliyuncs.com/gcr-k8s/flannel v0.10.0-amd64 b949a39093d6 10 months ago 44.6 MB registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64 3.1 da86e6ba6ca1 14 months ago 742 kB 三、访问并操作Jenkins 访问jenkins http://192.168.0.92:31888 查看密码 [root@test2 ~]# docker ps -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6f8a62f8a0f7 2114cb298e17 "/sbin/tini -- /us..." About an hour ago Up About an hour k8s_jenkins_jenkins-7b46757695-4hx6f_jenkins_e8cb1035-3fe6-11e9-a258-000c2980fc47_0 docker exec 6f8a62f8a0f7 cat /var/jenkins_home/secrets/initialAdminPassword 471234cd0eb44ec3bfc4015fbacd599b 然后会要求安装一些插件,可选择默认安装,也可自定义选择要安装的插件,这里选择默认安装: 设置登录用户名密码: admin/jenkins@123 这时候会跳转到首页, 此时Jenkins就可以真正使用了: 对jenkins进行升级 重启jenkins(有点慢,等5分钟) 刷新网页重新登录 admin/471234cd0eb44ec3bfc4015fbacd599b 查看更新后的版本 重置admin密码 进入首页-》系统管理-》全局安全配置 把“启用安全”勾上和把Jenkins专有用户数据库勾上、允许用户注册勾上-》保存 点击右上角的admin-》设置-》修改里面的密码为(jenkins@123)-》保存-》重新登录-》输入账号密码 需要安装的插件 Kubernetes Cli Plugin:该插件可直接在Jenkins中使用kubernetes命令行进行操作。 Kubernetes plugin: 使用kubernetes则需要安装该插件 Kubernetes Continuous Deploy Plugin:kubernetes部署插件,可根据需要使用 进入首页-》系统管理-》插件管理-》可选插件-》输入kubernetes-》选中所有带kubernetes的插件进行安装-》安装完返回首页 查看所有带kubernetes的插件是否安装上 进入首页-》系统管理-》插件管理-》已安装-》输入kubernetes-》 也可登录该网站:https://plugins.jenkins.io/,查找需要的插件 增加一个kubernetes云 点击 系统管理->系统设置,往下拉可看到云,点击新增一个云来新增一个kubernetes云 配置jenkins连接kubernetes 请参照:https://www.cnblogs.com/effortsing/p/10013441.html 配置Kubernetes Pod Template 其实就是配置Jenkins的jnlp-slave 在该kubernetes云下,新增Kubernetes Pod Template,配置一个模板容器配置, 全局配置(非必须) 点击 系统管理->系统设置,下拉找到全局属性,可根据需要配置Java环境变量、Maven环境变量 全局工具配置 点击 系统管理->全局工具配置,此处可配置配置一些常用的工具配置,比如java、ant、maven、docker 参照:https://www.cnblogs.com/effortsing/p/10375689.html 创建Pipeline任务 Pipeline任务采用流式的处理方法,步骤清晰,非常适合进行任务配置。点击新建 创建一个Pipeline任务 创建完成后,会进入任务配置界面,下拉找到Pipeline(中文版为:流水线),则可编写Pipeline,进行任务配置 def label = "jnlp-slave" podTemplate(label: label, cloud: ‘kubernetes‘,containers: [ containerTemplate(name: ‘jnlp-slave‘, image: ‘jenkinsci/jnlp-slave:v1‘) ], volumes: [hostPathVolume(mounntPath:‘/opt/maven/repository‘,hostPath:‘/ceph/maven/repository‘), hostPathVolume(mounntPath:‘/usr/bin/docker‘,hostPath:‘/usr/bin/docker‘), hostPathVolume(mounntPath:‘/var/run/docker.sock‘,hostPath:‘/var/run/docker.sock‘)]) { node(label) { stage(‘Get a Maven project‘) { container(label) { stage(‘wait for exec check‘){ sh ‘sleep 10‘ } stage(‘get maven env‘) { sh ‘cat /etc/resolv.conf‘ sh ‘cat /etc/issue‘ sh ‘uname -a‘ sh ‘env‘ } } } } } 开始构建 查看pod状态 没做成,可能pipline里面不是真正的java代码,做到这里表明已经成功了 [root@test2 ~]# kubectl get pod -n jenkins NAME READY STATUS RESTARTS AGE jenkins-7b46757695-4hx6f 1/1 Running 0 7h jnlp-slave-8hfq4 1/2 Error 0 1m jnlp-slave-8wpvr 1/2 Error 0 20s jnlp-slave-dm99x 1/2 Terminating 0 5m jnlp-slave-jbtqt 1/2 Terminating 0 5m jnlp-slave-mvzqk 1/2 Error 0 4m jnlp-slave-nk98n 0/2 ContainerCreating 0 0s jnlp-slave-qqd1z 1/2 Error 0 5m jnlp-slave-sbnx0 1/2 Error 0 40s jnlp-slave-txb0b 1/2 Error 0 1m [root@test2 ~]# docker ps -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 789daf005963 eb079fd09f8e "jenkins-slave" About a minute ago Exited (255) About a minute ago k8s_jnlp_jnlp-slave-x2k3c_jenkins_d9b53cdd-4023-11e9-a258-000c2980fc47_0 查看docker日志发现如下错误: [root@test2 ~]# docker logs 789daf005963 Warning: JnlpProtocol3 is disabled by default, use JNLP_PROTOCOL_OPTS to alter the behavior Mar 06, 2019 3:23:54 PM hudson.remoting.jnlp.Main createEngine INFO: Setting up agent: jnlp-slave-x2k3c Mar 06, 2019 3:23:54 PM hudson.remoting.jnlp.Main$CuiListener <init> INFO: Jenkins agent is running in headless mode. Mar 06, 2019 3:23:54 PM hudson.remoting.Engine startEngine INFO: Using Remoting version: 3.27 Mar 06, 2019 3:23:54 PM hudson.remoting.Engine startEngine WARNING: No Working Directory. Using the legacy JAR Cache location: /home/jenkins/.jenkins/cache/jars Mar 06, 2019 3:23:55 PM hudson.remoting.jnlp.Main$CuiListener status INFO: Locating server among [http://192.168.0.92:31888/] Mar 06, 2019 3:23:55 PM org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver resolve INFO: Remoting server accepts the following protocols: [JNLP4-connect, Ping] Mar 06, 2019 3:23:55 PM org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver isPortVisible WARNING: Connection refused (Connection refused) Mar 06, 2019 3:23:55 PM hudson.remoting.jnlp.Main$CuiListener error SEVERE: http://192.168.0.92:31888/ provided port:32000 is not reachable java.io.IOException: http://192.168.0.92:31888/ provided port:32000 is not reachable at org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver.resolve(JnlpAgentEndpointResolver.java:286) at hudson.remoting.Engine.innerRun(Engine.java:523) at hudson.remoting.Engine.run(Engine.java:474) 看错误是连不上端口,明天再研究 参照: https://blog.csdn.net/a632189007/article/details/79311795 https://www.sudops.com/kubernetes-jenkins-gitlab-ci-cd-env-2.html http://www.cnblogs.com/hahp/p/5812455.html
原文:https://www.cnblogs.com/effortsing/p/10486960.html