文章目录
- 构建带maven环境的jenkins 镜像
- 安装jenkins
- jenkins yaml 文件
- 安装插件
- jenkins 配置k8s
- 创建用户凭证
构建带maven环境的jenkins 镜像
# 构建带 maven 环境的 jenkins 镜像
docker build -t 192.168.113.122:8858/library/jenkins-maven:jdk-11 .# 登录 harbor
docker login -uadmin 192.168.113.122:8858# 推送镜像到 harbor
docker push 192.168.113.122:8858/library/jenkins-maven:jdk-11ps: docker build -t 108.1.1.1:8858/wolfcode/jenkin-maven:v1 .# 查看images
[root@kubeadm-master1 jenkins-maven]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
108.1.1.1:8858/wolfcode/jenkin-maven v1 33bdff943baf About a minute ago 783MB# 推送到harbor
[root@kubeadm-master1 jenkins-maven]# docker login 108.1.1.12:8858
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded
[root@kubeadm-master1 jenkins-maven]# docker push 108.1.1.12:8858/wolfcode/jenkin-maven:v1
安装jenkins
创建pvc,pv
[root@kubeadm-master2 jenkins]# cat pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:name: pv6
spec:capacity:storage: 5GiaccessModes:- ReadWriteManystorageClassName: "managed-nfs-storage6"persistentVolumeReclaimPolicy: Retainnfs:path: /root/data/pv6server: 192.168.1.209
[root@kubeadm-master2 jenkins]# cat pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: jenkins-data6namespace: kube-devops
spec:accessModes:- ReadWriteManystorageClassName: "managed-nfs-storage6"resources:requests:storage: 5Gi
# 进入 jenkins 目录,安装 jenkins
kubectl apply -f manifests/# 查看是否运行成功
kubectl get po -n kube-devops# 查看 service 端口,通过浏览器访问
kubectl get svc -n kube-devops# 查看容器日志,获取默认密码
kubectl logs -f pod名称 -n kube-devops[root@kubeadm-master2 jenkins]# kubectl logs -f jenkins-7c558dd78b-bsp9x -n kube-devops
里面写了密码
jenkins yaml 文件
[root@kubeadm-master2 manifests]# cat jenkins-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:name: mvn-settingsnamespace: kube-devopslabels:app: jenkins-server
data:settings.xml: |-<?xml version="1.0" encoding="UTF-8"?><settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd"><localRepository>/var/jenkins_home/repository</localRepository><servers><server><id>releases</id><username>admin</username><password>wolfcode</password></server><server><id>snapshots</id><username>admin</username><password>wolfcode</password></server></servers><mirrors><mirror><id>releases</id><name>nexus maven</name><mirrorOf>*</mirrorOf><url>http://192.168.113.121:8868/repository/maven-public/</url></mirror></mirrors><pluginGroups><pluginGroup>org.sonarsource.scanner.maven</pluginGroup></pluginGroups><profiles><profile><id>releases</id><activation><activeByDefault>true</activeByDefault><jdk>1.8</jdk></activation><properties><sonar.host.url>http://sonarqube:9000</sonar.host.url></properties><repositories><repository><id>repository</id><name>Nexus Repository</name><url>http://192.168.113.121:8868/repository/maven-public/</url><releases><enable>true</enable></releases><snapshots><enable>true</enable></snapshots></repository></repositories></profile></profiles></settings>
[root@kubeadm-master2 manifests]# cat jenkins-
jenkins-configmap.yaml jenkins-deployment.yaml jenkins-pvc.yaml jenkins-serviceAccount.yaml jenkins-service.yaml
[root@kubeadm-master2 manifests]# cat jenkins-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:name: jenkinsnamespace: kube-devops
spec:replicas: 1selector:matchLabels:app: jenkins-servertemplate:metadata:labels:app: jenkins-serverspec:serviceAccountName: jenkins-adminimagePullSecrets:- name: harbor-secret # harbor 访问 secretcontainers:- name: jenkinsimage: 192.168.113.122:8858/library/jenkins-maven:jdk-11imagePullPolicy: IfNotPresentsecurityContext:privileged: truerunAsUser: 0 # 使用 root 用户运行容器resources:limits:memory: "2Gi"cpu: "1000m"requests:memory: "500Mi"cpu: "500m"ports:- name: httpportcontainerPort: 8080- name: jnlpportcontainerPort: 50000livenessProbe:httpGet:path: "/login"port: 8080initialDelaySeconds: 90periodSeconds: 10timeoutSeconds: 5failureThreshold: 5readinessProbe:httpGet:path: "/login"port: 8080initialDelaySeconds: 60periodSeconds: 10timeoutSeconds: 5failureThreshold: 3volumeMounts:- name: jenkins-datamountPath: /var/jenkins_home- name: dockermountPath: /run/docker.sock- name: docker-homemountPath: /usr/bin/docker- name: mvn-settingmountPath: /usr/local/apache-maven-3.9.0/conf/settings.xmlsubPath: settings.xml- name: daemonmountPath: /etc/docker/daemon.jsonsubPath: daemon.json- name: kubectlmountPath: /usr/bin/kubectlvolumes:- name: kubectlhostPath:path: /usr/bin/kubectl- name: jenkins-datapersistentVolumeClaim:claimName: jenkins-pvc- name: dockerhostPath:path: /run/docker.sock # 将主机的 docker 映射到容器中- name: docker-homehostPath:path: /usr/bin/docker- name: mvn-settingconfigMap:name: mvn-settingsitems:- key: settings.xmlpath: settings.xml- name: daemonhostPath:path: /etc/docker/
[root@kubeadm-master2 manifests]# cat jenkins-service.yaml
apiVersion: v1
kind: Service
metadata:name: jenkins-servicenamespace: kube-devopsannotations:prometheus.io/scrape: 'true'prometheus.io/path: /prometheus.io/port: '8080'
spec:selector:app: jenkins-servertype: NodePortports:- port: 8080targetPort: 8080
[root@kubeadm-master2 manifests]# cat jenkins-
jenkins-configmap.yaml jenkins-deployment.yaml jenkins-pvc.yaml jenkins-serviceAccount.yaml jenkins-service.yaml
[root@kubeadm-master2 manifests]# cat jenkins-serviceAccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:name: jenkins-adminnamespace: kube-devops
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: jenkins-admin
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: cluster-admin
subjects:
- kind: ServiceAccountname: jenkins-adminnamespace: kube-devops安装插件
Build Authorization Token Root
Gitlab
SonarQube Scanner
代码质量审查工具在 Dashboard > 系统管理 > Configure System 下面配置 SonarQube serversName:sonarqube # 注意这个名字要在 Jenkinsfile 中用到
Server URL:http://sonarqube:9000
Server authentication token:创建 credentials 配置为从 sonarqube 中得到的 token进入系统管理 > 全局工具配置 > SonarQube Scanner > Add SonarQube Scanner
Name:sonarqube-scanner
自动安装:取消勾选
SONAR_RUNNER_HOME:/usr/local/sonar-scanner-cliNode and Label parameter
Kubernetesjenkins + k8s 环境配置进入 Dashboard > 系统管理 > 节点管理 > Configure Clouds 页面配置 k8s 集群
名称:kubernetes
点击 Kubernetes Cloud details 继续配置
Kubernetes 地址:如果 jenkins 是运行在 k8s 容器中,直接配置服务名即可https://kubernetes.default如果 jenkins 部署在外部,那么则不仅要配置外部访问 ip 以及 apiserver 的端口(6443),还需要配置服务证书
Jenkins 地址:如果部署在 k8s 集群内部:http://jenkins-service.kube-devops如果在外部:http://192.168.113.120:32479(换成你们自己的)配置完成后保存即可Config File ProviderGit Parameter
jenkins 配置k8s
https://kubernetes.default
添加标签
创建用户凭证
系统管理 > 安全 > Manage Credentials > System > 全局凭据(unrestricted) > Add Credentials范围:全局
用户名:root
密码:wolfcode
ID:gitlab-user-pass
