说明: 总的目标是在k8s集群部署gitlab、jenkins,并且在本地提交代码到gitlab后jenkin流水线可以自动编译打包成为docker镜像然后部署到k8s中并实现客户端外部域名访问,在文档分为多个部分,其中涉及的技术有docker安装、k8s搭建、部署gitlab、部署jenkins、部署sonarqube、gitlab和jenkin联动、jenkins和sonarqube联动、pipline脚本编写、istio部署、istio服务网关等…

这篇文档讲解的是如何在kubernetes中部署jenkins,部署istio的gateway和 virtualservice


文章目录

  • 1. 添加jenkins的pvc
  • 2. 部署jenkins
  • 3. 部署istio的gateway资源
  • 4. 部署istio的VirtualService资源
  • 5. 本地host添加jenkins域名映射
  • 6. 访问jenkins
  • 6.1 访问jenkins
  • 6.2 输入密码
  • 6.3 安装插件
  • 6.4 设置Jenkins


1. 添加jenkins的pvc

主节点执行:kubectl apply -f pv-jenkins.yaml 内容如下:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-jenkins
spec:
  capacity:
    storage: 3Gi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  storageClassName: "pv-jenkins"
  nfs:
    path: /dfs/k8s
    server: 192.168.100.230

2. 部署jenkins

主节点执行:kubectl apply -f jenkins.yaml 内容如下:

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: devops
  name: service-reader
rules:
  - apiGroups: [""] # "" indicates the core API group
    resources: ["services"]
    verbs: ["get", "watch", "list"]
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["create","delete","get","list","patch","update","watch"]
  - apiGroups: [""]
    resources: ["pods/exec"]
    verbs: ["create","delete","get","list","patch","update","watch"]
  - apiGroups: [""]
    resources: ["pods/log"]
    verbs: ["get","list","watch"]
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get"]
---


apiVersion: v1
kind: ServiceAccount
metadata:
  namespace: devops
  name: jenkins-sa
  labels:
    account: jenkins

---
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: jenkins-crd
roleRef:
  kind: ClusterRole
  name: service-reader
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: jenkins-sa
  namespace: devops
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: jenkins-pvc
  namespace: devops
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: "pv-jenkins"
  resources:
    requests:
      storage: 3Gi

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: jenkins
  namespace: devops
  labels:
    app: jenkins
    version: v1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: jenkins
      version: v1
  template:
    metadata:
      labels:
        app: jenkins
        version: v1
    spec:
      serviceAccountName: jenkins-sa
      containers:
      - name: jenkins
        image: jenkins/jenkins:2.387
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 8080
          name: web
          protocol: TCP
        - containerPort: 50000
          name: agent
          protocol: TCP
        resources:
          limits:
            cpu: 2000m
            memory: 1Gi
          requests:
            cpu: 500m
            memory: 512Mi
        livenessProbe:
          httpGet:
            path: /login
            port: 8080
          initialDelaySeconds: 60
          timeoutSeconds: 5
          failureThreshold: 12
        readinessProbe:
          httpGet:
            path: /login
            port: 8080
          initialDelaySeconds: 60
          timeoutSeconds: 5
          failureThreshold: 12
        volumeMounts:
        - name: jenkins-volume
          mountPath: /var/jenkins_home
          subPath: jenkins
      volumes:
      - name: jenkins-volume
        persistentVolumeClaim:
          claimName: jenkins-pvc

---
apiVersion: v1
kind: Service
metadata:
  name: jenkins
  namespace: devops
  labels:
    app: jenkins
    service: jenkins
spec:
  selector:
    app: jenkins
  type: ClusterIP
  ports:
  - name: web
    port: 8080
    targetPort: web
  - name: agent
    port: 50000
    targetPort: agent

3. 部署istio的gateway资源

主节点执行:kubectl apply -f jenkins-gateway.yaml 内容如下:

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: jenkins-gateway
  namespace: devops
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "jenkins.core.ez"

4. 部署istio的VirtualService资源

主节点执行:kubectl apply -f jenkins-vs.yaml 内容如下:

kind: VirtualService
metadata:
  name: jenkins-vs
  namespace: devops
spec:
  hosts:
  - "jenkins.core.ez"
  gateways:
  - jenkins-gateway
  http:
  - match:
    - uri:
        prefix: /
    route:
    - destination:
        host: jenkins
        port:
          number: 8080

5. 本地host添加jenkins域名映射

如果想在本地访问刚才部署的jenkins, 需要在本地机器添加一条域名解析
打开文件:C:\Windows\System32\drivers\etc\hosts

在其中添加一条jenkins记录 如下:

# localhost name resolution is handled within DNS itself.
#	127.0.0.1       localhost
#	::1             localhost

192.168.100.230 dashboard.core.ez
192.168.100.230 gitlab.core.ez  
#新加的记录如下
192.168.100.230 jenkins.core.ez

6. 访问jenkins

6.1 访问jenkins

l浏览器输入http://jenkins.core.ez 访问如下图:

如何在Jenkins上配置kubernetes jenkins kubernetes_jenkins

6.2 输入密码

如5.1中所示图, 我们看到需要输入管理员密码, 这里的管理员密码是jenkins安装时自动生成的,
我们从第2步安装配置文件可以知道jenkin的/var/jenkins_home目录被映射到了nfs中的/dfs/k8s/jenkins目录下,
所以图中红色提示的/var/jenkins_home/secrets/initialAdminPassword文件也就是nfs的/dfs/k8s/jenkins//secrets/initialAdminPassword文件, 在nfs找到该文件 并将密码复制出来, 如下:

root@nfs-serevr:/dfs/k8s/jenkins/secrets# cat initialAdminPassword
df259792ce5140e3b99a66884c9d5b34
root@nfs-serevr:/dfs/k8s/jenkins/secrets#

上面我们的密码就是:df259792ce5140e3b99a66884c9d5b34, 将密码复制到浏览器的“管理员密码” 然后单击“继续”

6.3 安装插件

输入密码后就来到了安装插件页面 如下:

如何在Jenkins上配置kubernetes jenkins kubernetes_云原生_02


然后我们点击图中的“安装推荐插件” 然后就开始安装了 如下图:

如何在Jenkins上配置kubernetes jenkins kubernetes_devops_03


这里安装插件使用的是国外源,所以可能会比较慢,也有可能某些会安装失败, 可以重新安装或者先点击“继续”跳过去, 网上有相关处理的方法,我们这里不做讨论

6.4 设置Jenkins

等插件安装完成后, 需要设置自己的第一个管理用户 如下图:

如何在Jenkins上配置kubernetes jenkins kubernetes_jenkins_04


输入完成后 点击“保存并完成” 进入实例配置页面 如下图:

如何在Jenkins上配置kubernetes jenkins kubernetes_devops_05


这里的实例配置就是访问的url, 这里我们在之前的安装配置文件已经设置好了, 所以也不用管 点击“”保存并完成 就进入最后的页面 如下:

如何在Jenkins上配置kubernetes jenkins kubernetes_云原生_06


点击“开始使用Jenkins” 最后就进入jenkins的页面了 如下图:

如何在Jenkins上配置kubernetes jenkins kubernetes_云原生_07


至此我们的jenkins就部署完成了