1.先决条件
1.因为国内的容器镜像加速器无法实时更新docker hub上的镜像资源.所以可以自己进行jenkins的容器镜像创建,.
2.这里用到了storageClass k8s的动态制备.详情参考:
k8s-StoargClass的使用-基于nfs-CSDN博客
3.安装docker服务.(用于构建docker image)
2.构建jenkins镜像
1.创建Dockerfile用于构建jenkins容器镜像.
[root@master /zpf/jenkins]$cat Dockerfile
FROM jenkins/jenkins:latest
ADD ./apache-maven-3.9.4-bin.tar.gz /usr/local/
COPY ./sonar-scanner-4.8.0.2856-linux /usr/local
ENV MAVEN_HOME=/user/local/apache-maven-3.9.4
ENV PATH=$JAVE_HOME/bin/:$MAVEN_HOME/bin:$PATH
USER root
RUN echo "jenkins ALL=NOPASSWORD: ALL" >> /etc/sudoers
USER jenkins
2.构建docker镜像
这里下载了maven 和sonarqube将这两个包一起打入容器镜像中.下载地址:
Maven – Download Apache Maven
SonarScanner
[root@master /zpf/jenkins]$ls
apache-maven-3.9.4-bin.tar.gz Dockerfile github-jenkins manifests sonar-scanner-4.8.0.2856-linux sonar-scanner-cli-4.8.0.2856-linux.zip
[root@master /zpf/jenkins] docker build -t 192.168.75.35:8858/scorpio/jenkins-maven:v1 .
3.上传到自己搭建的harbor容器镜像仓库
[root@master /zpf/jenkins]$ docker push 192.168.75.35:8858/scorpio/jenkins-maven:v1
4.编辑jenkins-ServiceAccount 文件
[root@master /zpf/jenkins/manifests]$vim jenkins-serviceAccount.yaml
1 apiVersion: v1
2 kind: ServiceAccount
3 metadata:
4 name: jenkins-admin
5 namespace: default
6 ---
7 apiVersion: rbac.authorization.k8s.io/v1
8 kind: ClusterRoleBinding
9 metadata:
10 name: jenkins-admin
11 roleRef:
12 apiGroup: rbac.authorization.k8s.io
13 kind: ClusterRole
14 name: cluster-admin
15 subjects:
16 - kind: ServiceAccount
17 name: jenkins-admin
18 namespace: default
5.创建sa
[root@master /zpf/jenkins/manifests]$kubectl create -f jenkins-serviceAccount.yaml
6.查看sa创建状态,以及角色权限
[root@master /zpf/jenkins/manifests]$kubectl get sa |grep jenkins
jenkins-admin 1 5d2h
[root@master /zpf/jenkins/manifests]$kubectl get ClusterRoleBinding |grep jenkins
jenkins-admin ClusterRole/jenkins-admin 5d2h
[root@master /zpf/jenkins/manifests]$kubectl get ClusterRole |grep jenkins
jenkins-admin 2023-11-23T08:33:36Z
7.创建pvc文件(这里用到了storageClass)
[root@master /zpf/jenkins/manifests]$cat jenkins-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins-pvc
namespace: default
spec:
storageClassName: managed-nfs-storage
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1G
8. 创建pvc
[root@master /zpf/jenkins/manifests]$kubectl create -f jenkins-pvc.yaml
9.查看创建结果
[root@master /zpf/jenkins/manifests]$kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
pvc-b1c1b782-47d7-42ce-be60-8e5d832d21bc 1Gi RWX Delete Bound default/sonarqube-data-pvc managed-nfs-storage 3h25m
pvc-b35e5912-99be-4c02-a164-5ea5e385b0a4 1G RWX Delete Bound default/jenkins-pvc managed-nfs-storage 29h
pvc-b7cdc67e-f66a-4602-84ef-e59c741487e2 2Gi RWX Delete Bound default/postgres-data managed-nfs-storage 3h24m
pvc-d215b650-e7cf-4216-972d-4d56d0b650a6 20Gi RWO Delete Bound kubesphere-monitoring-system/prometheus-k8s-db-prometheus-k8s-0 local 14d
[root@master /zpf/jenkins/manifests]$kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
jenkins-pvc Bound pvc-b35e5912-99be-4c02-a164-5ea5e385b0a4 1G RWX managed-nfs-storage 29h
postgres-data Bound pvc-b7cdc67e-f66a-4602-84ef-e59c741487e2 2Gi RWX managed-nfs-storage 3h24m
sonarqube-data-pvc Bound pvc-b1c1b782-47d7-42ce-be60-8e5d832d21bc 1Gi RWX managed-nfs-storage 3h25m
10.创建sts yaml文件并绑定svc
[root@master /zpf/jenkins/manifests]$cat sts-jenkins.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: jenkins
namespace: default
spec:
serviceName: "jenkins"
replicas: 1
selector:
matchLabels:
app: jenkins
template:
metadata:
labels:
app: jenkins
spec:
serviceAccountName: jenkins-admin
containers:
- name: jenkins
image: 192.168.75.35:8858/scorpio/jenkins-maven:v1
# image: jenkins/jenkins:latest
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
runAsUser: 0
ports:
- containerPort: 8080
- containerPort: 50000
# env:
# - name: JAVA_OPTS
# value: "-Dhudson.model.DownloadService.noSignatureCheck=true"
volumeMounts:
- name: jenkins-data
mountPath: /var/jenkins_home
- name: docker
mountPath: /run/docker.sock
- name: docker-home
mountPath: /usr/bin/docker
- name: mvn-setting
mountPath: /usr/local/apache-maven-3.9.4/conf/settings.xml
# - name: mvn-setting
# mountPath: /usr/local/apache-maven-3.9.4/conf/settings.xml
- name: daemon
mountPath: /etc/docker
subPath: daemon.json
- name: kubectl
mountPath: /usr/bin/kubectl
volumes:
- name: jenkins-data
persistentVolumeClaim:
claimName: jenkins-pvc
- name: docker
hostPath:
path: /run/docker.sock
- name: docker-home
hostPath:
path: /usr/bin/docker
- name: mvn-setting
hostPath:
path: /zpf/jenkins/manifests/conf/settings.xml
# - name: mvn-setting
# configMap:
# name: mvn-settings
# items:
# - key: settings.xml
# path: settings.xml
- name: daemon
hostPath:
path: /etc/docker/
- name: kubectl
hostPath:
path: /usr/local/bin/kubectl
11.创建sts服务
[root@master /zpf/jenkins/manifests]$kubectl get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
nfs-client-provisioner 1/1 1 1 7d3h
postgres-sonar 1/1 1 1 3h25m
sonarqube 1/1 1 1 3h22m
12.创建svc并绑定svc
[root@master /zpf/jenkins/manifests]$cat service-jenkins.yaml
apiVersion: v1
kind: Service
metadata:
name: jenkins
namespace: default
spec:
type: NodePort
ports:
- name: http
port: 8080
targetPort: 8080
nodePort: 31400
- name: agent
port: 50000
targetPort: 50000
nodePort: 31401
selector:
app: jenkins
13.创建svc
[root@master /zpf/jenkins/manifests]$kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
jenkins NodePort 10.233.54.32 <none> 8080:31400/TCP,50000:31401/TCP 7d
jenkins-service NodePort 10.233.57.17 <none> 8080:32000/TCP 5d2h
kubernetes ClusterIP 10.233.0.1 <none> 443/TCP 14d
sonarqube NodePort 10.233.55.245 <none> 9000:32273/TCP 3h15m
14.查看页面
[root@master /zpf/jenkins/manifests]$kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
jenkins NodePort 10.233.54.32 <none> 8080:31400/TCP,50000:31401/TCP 7d
jenkins-service NodePort 10.233.57.17 <none> 8080:32000/TCP 5d2h
kubernetes ClusterIP 10.233.0.1 <none> 443/TCP 14d
sonarqube NodePort 10.233.55.245 <none> 9000:32273/TCP 3h15m