说明: 总的目标是在k8s集群部署gitlab、jenkins,并且在本地提交代码到gitlab后jenkin流水线可以自动编译打包成为docker镜像然后部署到k8s中并实现客户端外部域名访问,在文档分为多个部分,其中涉及的技术有docker安装、k8s搭建、部署gitlab、部署jenkins、部署sonarqube、gitlab和jenkin联动、jenkins和sonarqube联动、pipline脚本编写、istio部署、istio服务网关等…
这篇文档讲解的是如何在kubernetes中部署jenkins,部署istio的gateway和 virtualservice
文章目录
- 1. 添加jenkins的pvc
- 2. 部署jenkins
- 3. 部署istio的gateway资源
- 4. 部署istio的VirtualService资源
- 5. 本地host添加jenkins域名映射
- 6. 访问jenkins
- 6.1 访问jenkins
- 6.2 输入密码
- 6.3 安装插件
- 6.4 设置Jenkins
1. 添加jenkins的pvc
主节点执行:kubectl apply -f pv-jenkins.yaml 内容如下:
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-jenkins
spec:
capacity:
storage: 3Gi
volumeMode: Filesystem
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
storageClassName: "pv-jenkins"
nfs:
path: /dfs/k8s
server: 192.168.100.230
2. 部署jenkins
主节点执行:kubectl apply -f jenkins.yaml 内容如下:
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: devops
name: service-reader
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["services"]
verbs: ["get", "watch", "list"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: devops
name: jenkins-sa
labels:
account: jenkins
---
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: jenkins-crd
roleRef:
kind: ClusterRole
name: service-reader
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: jenkins-sa
namespace: devops
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins-pvc
namespace: devops
spec:
accessModes:
- ReadWriteMany
storageClassName: "pv-jenkins"
resources:
requests:
storage: 3Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: devops
labels:
app: jenkins
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: jenkins
version: v1
template:
metadata:
labels:
app: jenkins
version: v1
spec:
serviceAccountName: jenkins-sa
containers:
- name: jenkins
image: jenkins/jenkins:2.387
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
name: web
protocol: TCP
- containerPort: 50000
name: agent
protocol: TCP
resources:
limits:
cpu: 2000m
memory: 1Gi
requests:
cpu: 500m
memory: 512Mi
livenessProbe:
httpGet:
path: /login
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 5
failureThreshold: 12
readinessProbe:
httpGet:
path: /login
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 5
failureThreshold: 12
volumeMounts:
- name: jenkins-volume
mountPath: /var/jenkins_home
subPath: jenkins
volumes:
- name: jenkins-volume
persistentVolumeClaim:
claimName: jenkins-pvc
---
apiVersion: v1
kind: Service
metadata:
name: jenkins
namespace: devops
labels:
app: jenkins
service: jenkins
spec:
selector:
app: jenkins
type: ClusterIP
ports:
- name: web
port: 8080
targetPort: web
- name: agent
port: 50000
targetPort: agent
3. 部署istio的gateway资源
主节点执行:kubectl apply -f jenkins-gateway.yaml 内容如下:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: jenkins-gateway
namespace: devops
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "jenkins.core.ez"
4. 部署istio的VirtualService资源
主节点执行:kubectl apply -f jenkins-vs.yaml 内容如下:
kind: VirtualService
metadata:
name: jenkins-vs
namespace: devops
spec:
hosts:
- "jenkins.core.ez"
gateways:
- jenkins-gateway
http:
- match:
- uri:
prefix: /
route:
- destination:
host: jenkins
port:
number: 8080
5. 本地host添加jenkins域名映射
如果想在本地访问刚才部署的jenkins, 需要在本地机器添加一条域名解析
打开文件:C:\Windows\System32\drivers\etc\hosts
在其中添加一条jenkins记录 如下:
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
192.168.100.230 dashboard.core.ez
192.168.100.230 gitlab.core.ez
#新加的记录如下
192.168.100.230 jenkins.core.ez
6. 访问jenkins
6.1 访问jenkins
l浏览器输入http://jenkins.core.ez 访问如下图:
6.2 输入密码
如5.1中所示图, 我们看到需要输入管理员密码, 这里的管理员密码是jenkins安装时自动生成的,
我们从第2步安装配置文件可以知道jenkin的/var/jenkins_home目录被映射到了nfs中的/dfs/k8s/jenkins目录下,
所以图中红色提示的/var/jenkins_home/secrets/initialAdminPassword文件也就是nfs的/dfs/k8s/jenkins//secrets/initialAdminPassword文件, 在nfs找到该文件 并将密码复制出来, 如下:
root@nfs-serevr:/dfs/k8s/jenkins/secrets# cat initialAdminPassword
df259792ce5140e3b99a66884c9d5b34
root@nfs-serevr:/dfs/k8s/jenkins/secrets#
上面我们的密码就是:df259792ce5140e3b99a66884c9d5b34, 将密码复制到浏览器的“管理员密码” 然后单击“继续”
6.3 安装插件
输入密码后就来到了安装插件页面 如下:
然后我们点击图中的“安装推荐插件” 然后就开始安装了 如下图:
这里安装插件使用的是国外源,所以可能会比较慢,也有可能某些会安装失败, 可以重新安装或者先点击“继续”跳过去, 网上有相关处理的方法,我们这里不做讨论
6.4 设置Jenkins
等插件安装完成后, 需要设置自己的第一个管理用户 如下图:
输入完成后 点击“保存并完成” 进入实例配置页面 如下图:
这里的实例配置就是访问的url, 这里我们在之前的安装配置文件已经设置好了, 所以也不用管 点击“”保存并完成 就进入最后的页面 如下:
点击“开始使用Jenkins” 最后就进入jenkins的页面了 如下图:
至此我们的jenkins就部署完成了