k8s创建pv和pvc部署jenkins和配置slave
Ingress资源要正常工作,集群中必须要有个Ingress Controller来解析Ingress的转发规则。curl jenkinss.com 如下图这样就代表部署成功,后续用浏览器就能直接打开。查看集群中定义的 IngressClass。一个使用 NFS 存储卷的 PV 示例。域名任意配置一个节点的IP。
·
安装 NFS 服务端(单独一台机器)
sudo apt update
sudo apt install -y nfs-kernel-server
# 创建挂载路径
sudo mkdir -p /mnt/nfs_data
# 修改配置
vim /etc/exports
# 允许 所有网段读写,同步写入,保留客户端 root 权限
# *要挨着括号
/mnt/nfs_data *(rw,sync,no_root_squash)
# 重新加载所有共享(-a:全部,-r:重新导出,-v:详细输出)
exportfs -arv
# 启动 NFS 服务
systemctl restart nfs-kernel-server && systemctl enable nfs-kernel-server
# 检查状态
systemctl status nfs-kernel-server
# 检查是否挂载好
showmount -e localhost
安装 NFS 客户端(在所有节点)
sudo apt-get update
sudo apt-get install -y nfs-common
which mount.nfs
创建 namespaces
kubectl create ns jenkins
PV 的 yaml文件
一个使用 NFS 存储卷的 PV 示例
mkdir -p /mnt/nfs_data/pv_nfs_2g
# pv-nfs.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-nfs-2g
spec:
volumeMode: Filesystem # 存储卷模式,默认为 Filesystem (文件系统) 和 Block(块)
capacity: # 存储能力
storage: 2Gi # 容量大小,Gi 或 Mi
accessModes: # 访问模式
- ReadWriteOnce # 访问模式
persistentVolumeReclaimPolicy: Retain # 回收策略
storageClassName: nfs
nfs: # 持久卷类型(如 hostPath、nfs、ceph 等)
path: /mnt/nfs_data/pv_nfs_2g # 存储路径要确保已经存在
server: 10.0.3.100
创建pv
kubectl apply -f pv-nfs.yaml
PVC 的 yaml文件
# pvc-jenkins.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-jenkins
namespace: jenkins # 与 Deployment 同命名空间
spec:
accessModes:
- ReadWriteMany # 与 pv 里面的相同
resources:
requests:
storage: 2Gi
volumeName: pv-nfs-2g # 与 PV 的 Name 一致
storageClassName: nfs # 与 PV 的 StorageClass 一致
创建pvc
kubectl apply -f pvc-jenkins.yaml
创建deploy
kubectl apply -f deploy_jenkins.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: jenkins
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: jenkins-server
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: jenkins-server
spec:
containers:
- image: docker.io/jenkins/jenkins:jdk17
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /login
port: 8080
scheme: HTTP
initialDelaySeconds: 300
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
timeoutSeconds: 5
name: jenkins
ports:
- containerPort: 8080
name: httpport
protocol: TCP
- containerPort: 50000
name: jnlpport
protocol: TCP
readinessProbe:
httpGet:
path: /login
port: 8080
scheme: HTTP
initialDelaySeconds: 120
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
timeoutSeconds: 5
resources:
limits:
cpu: "2"
memory: 4Gi
requests:
cpu: "1"
memory: 1Gi
securityContext:
privileged: true
runAsUser: 0
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/jenkins_home
name: jenkins-data
restartPolicy: Always
terminationGracePeriodSeconds: 30
volumes:
- name: jenkins-data
persistentVolumeClaim:
claimName: pvc-jenkins
创建svc
kubectl apply -f svc_jenkins.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: jenkins-server
name: jenkins-svc
namespace: jenkins
spec:
ports:
- name: jenkins-service
port: 8080
protocol: TCP
targetPort: 8080
- name: jenkins-jnlp
port: 50000
protocol: TCP
targetPort: 50000
selector:
app: jenkins-server
type: ClusterIP
创建Ingress Controller
Ingress资源要正常工作,集群中必须要有个Ingress Controller来解析Ingress的转发规则
参考文档:https://blog.csdn.net/weixin_46887489/article/details/134586363
查看集群中定义的 IngressClass
kubectl get ingressclass
创建Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jenkins
namespace: jenkins
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
nginx.ingress.kubernetes.io/whitelist-source-range: "0.0.0.0/0"
spec:
ingressClassName: nginx-master
rules:
- host: jenkinss.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: jenkins-svc
port:
number: 8080
本地配置hosts
域名任意配置一个节点的IP
curl 测试
curl jenkinss.com 如下图这样就代表部署成功,后续用浏览器就能直接打开
配置jenkins权限操作k8s
vim rbac-jenkins.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: jenkins
name: jenkins-role
rules:
- apiGroups: [""]
resources: ["pods", "services", "endpoints","pods/exec", "pods/log", "pods/attach"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [""]
resources: ["configmaps", "secrets"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["apps"]
resources: ["deployments", "replicasets"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["extensions"]
resources: ["deployments", "replicasets"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["batch"]
resources: ["jobs", "cronjobs"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
namespace: jenkins
name: jenkins-role-binding
subjects:
- kind: ServiceAccount
name: default
namespace: jenkins
roleRef:
kind: Role
name: jenkins-role
apiGroup: rbac.authorization.k8s.io
kubectl apply -f rbac-jenkins.yaml
kubectl get role,rolebinding -n jenkins
jenkins安装k8s插件和阶段视图插件
我这里是已经安装好的 只是展示插件名称
需要点击 Available plugins 里面搜索安装插件
安装k8s插件 Kubernetes
安装阶段视图插件 Stage View
jenkins配置k8s
点击 设置 下拉 点击 Clouds
点击 New cloud
点击 连接测试 会出现画红圈的东西 就代表连接上了k8s
填写的 jenkins svc 地址
容器数量 意思是最多同时起多少个pod
其余默认
创建任务测试
添加 pipline script
podTemplate(
cloud: 'k8s',
label: 'jenkins-slave',
serviceAccount: 'default',
containers: [
containerTemplate(
name: 'jenkins-jdk17',
image: 'docker.io/jenkins/jenkins:jdk17',
resourceLimitCpu: '1000m',
resourceLimitMemory: '2048Mi',
resourceRequestCpu: '500m',
resourceRequestMemory: '1024Mi',
privileged: true
)
]) {
node('jenkins-slave') {
container('jenkins-jdk17') {
stage('Maven Build') {
sh 'ls /'
}
stage('Docker Build') {
sh 'sleep 120'
}
}
}
}
点击立即构建
会创建一个pod
describe 查看拉取了两个image
一个是jenkins的agent使用的
一个是自己任务需要用的镜像
agent工作的路径:
kubectl exec -it jenkins-slave-3djzj-q2fsp -n jenkins – bash
ls /home/jenkins/agent/workspace/
任务跑完后自动删除 jenkins-slave 这个pod
腾讯云面向开发者汇聚海量精品云计算使用和开发经验,营造开放的云计算技术生态圈。
更多推荐
8
0- 0
已为社区贡献3条内容
所有评论(0)