helm repo add codecentric https://codecentric.github.io/helm-charts
[root@k8s_client ~]# helm search repo jenkins
NAME CHART VERSION APP VERSION DESCRIPTION
bitnami/jenkins 7.1.2 2.263.2 The leading open source automation server
codecentric/jenkins 1.7.1 2.222.3 CHART DEPRECATED - The leading open source auto...
incubator/jenkins-operator 0.3.1 0.3.0 DEPRECATED: A Helm chart for Kubernetes Jenkins...
jenkinsci/jenkins 3.1.0 2.263.1 Jenkins - Build great things at any scale! The ...
helm install jenkins codecentric/jenkins -n middleware 2、安装完后设置ingress,按提示进行初始密码查看更新
...
Use the following command to retrieve it:
export POD_NAME=$(kubectl get pods --namespace middleware -l "app.kubernetes.io/name=jenkins,app.kubernetes.io/instance=jenkins" -o jsonpath="{.items[0].metadata.name}")
kubectl exec --namespace middleware "$POD_NAME" cat /var/jenkins_home/secrets/initialAdminPassword
Accessing your Jenkins server:
Create port forwarding to access Jenkins at http://127.0.0.1:8080
...3、跟着提示安装推荐插件然后就完成了,进入系统,进行配置:系统管理----节点管理----配置云来到配置集群界面
4、接下来是配置更详细的pod模板和容器模板配置
5、接下来是环境变量设置
6、还有一个配置也很重要,就是jenkins的sa配置
由于helm安装的时候默认只给了一个default的sa,没有做任何配置,我这里自己创建了个sa
...
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
fsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
serviceAccount: jenkins
serviceAccountName: jenkins
terminationGracePeriodSeconds: 30
...
并且将这个sa和系统管理员的权限绑定
[root@k8s_client ~]# kubectl -n middleware edit clusterrolebindings.rbac.authorization.k8s.io jenkins
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRoleBinding","metadata":{"annotations":{},"name":"jenkins"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"cluster-admin"},"subjects":[{"kind":"ServiceAccount","name":"jenkins","namespace":"middleware"}]}
creationTimestamp: "2021-01-30T10:25:03Z"
name: jenkins
resourceVersion: "103947714"
selfLink: /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/jenkins
uid: 9173ae00-3fd9-4ffb-9586-bac377a42ddd
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: jenkins
namespace: middleware7、好了,都配置完了,我们创建一个工程测试一下
在这里要写上前面创建的卷标
脚本 随便写点查看docker信息的使用kubectl的命令
echo "测试 Kubernetes 动态生成 jenkins slave"
echo "==============docker in docker==========="
docker info
echo "=============kubectl============="
kubectl get pods8、进行构建,构建完查看控制台日志
上面显示的是docker info的信息,正面显示的是和jenkins所在命名空间的pod信息,结束。
原文:https://blog.51cto.com/riverxyz/2612667