Jenkins 动态salve简单配置连接 EKS

安装Jenkins

helm repo add jenkins https://charts.jenkins.io
helm repo update
# 当前版本
jenkins-5.1.18.tgz

瘦身后的 values.yaml

# grep -Ev '^\s*#|^$' values.yaml
nameOverride:
fullnameOverride:
namespaceOverride:
clusterZone: "cluster.local"
kubernetesURL: "https://kubernetes.default"
credentialsId:
renderHelmLabels: true
controller:componentName: "jenkins-controller"image:registry: "docker.io"repository: "jenkins/jenkins"tag:tagLabel: jdk17pullPolicy: "Always"imagePullSecretName:lifecycle: {}disableRememberMe: falsenumExecutors: 0executorMode: "NORMAL"customJenkinsLabels: []hostNetworking: falseadmin:username: "admins"password:userKey: jenkins-admin-userpasswordKey: jenkins-admin-passwordcreateSecret: trueexistingSecret: ""jenkinsAdminEmail:jenkinsHome: "/var/jenkins_home"jenkinsRef: "/usr/share/jenkins/ref"jenkinsWar: "/usr/share/jenkins/jenkins.war"resources:requests:cpu: "50m"memory: "256Mi"limits:cpu: "4000m"memory: "4096Mi"shareProcessNamespace: falseinitContainerResources: {}initContainerEnvFrom: []initContainerEnv: []containerEnvFrom: []containerEnv: []javaOpts:jenkinsOpts:jenkinsUrlProtocol:jenkinsUrl:jenkinsUriPrefix:usePodSecurityContext: truerunAsUser: 1000fsGroup: 1000securityContextCapabilities: {}podSecurityContextOverride: ~containerSecurityContext:runAsUser: 1000runAsGroup: 1000readOnlyRootFilesystem: trueallowPrivilegeEscalation: falseserviceType: NodePortclusterIp:servicePort: 8080targetPort: 8080nodePort: 33441serviceExternalTrafficPolicy:serviceAnnotations: {}statefulSetLabels: {}serviceLabels: {}podLabels: {}healthProbes: trueprobes:startupProbe:failureThreshold: 12httpGet:path: '{{ default "" .Values.controller.jenkinsUriPrefix }}/login'port: httpperiodSeconds: 10timeoutSeconds: 5livenessProbe:failureThreshold: 5httpGet:path: '{{ default "" .Values.controller.jenkinsUriPrefix }}/login'port: httpperiodSeconds: 10timeoutSeconds: 5initialDelaySeconds:readinessProbe:failureThreshold: 3httpGet:path: '{{ default "" .Values.controller.jenkinsUriPrefix }}/login'port: httpperiodSeconds: 10timeoutSeconds: 5initialDelaySeconds:podDisruptionBudget:enabled: falseapiVersion: "policy/v1beta1"annotations: {}labels: {}maxUnavailable: "0"agentListenerEnabled: trueagentListenerPort: 50001agentListenerHostPort:agentListenerNodePort: 50001agentListenerExternalTrafficPolicy:agentListenerLoadBalancerSourceRanges:- 0.0.0.0/0disabledAgentProtocols:- JNLP-connect- JNLP2-connectcsrf:defaultCrumbIssuer:enabled: trueproxyCompatability: trueagentListenerServiceType: "NodePort"agentListenerServiceAnnotations: {}agentListenerLoadBalancerIP:legacyRemotingSecurityEnabled: falseloadBalancerSourceRanges:- 0.0.0.0/0loadBalancerIP:jmxPort:extraPorts: []installPlugins:- kubernetes:4219.v40ff98cfb_d6f- workflow-aggregator:596.v8c21c963d92d- git:5.2.2- configuration-as-code:1807.v0175eda_00a_20installLatestPlugins: trueinstallLatestSpecifiedPlugins: falseadditionalPlugins: []initializeOnce: falseoverwritePlugins: falseoverwritePluginsFromImage: trueprojectNamingStrategy: standardenableRawHtmlMarkupFormatter: falsemarkupFormatter: plainTextscriptApproval: []initScripts: {}initConfigMap:existingSecret:additionalExistingSecrets: []additionalSecrets: []secretClaims: []cloudName: "kubernetes"JCasC:defaultConfig: falseoverwriteConfiguration: falseconfigUrls: []configScripts: {}security:apiToken:creationOfLegacyTokenEnabled: falsetokenGenerationOnCreationEnabled: falseusageStatisticsEnabled: truesecurityRealm: |-local:allowsSignup: falseenableCaptcha: falseusers:- id: "${chart-admin-username}"name: "Jenkins Admin"password: "${chart-admin-password}"authorizationStrategy: |-loggedInUsersCanDoAnything:allowAnonymousRead: falsecustomInitContainers: []sidecars:configAutoReload:enabled: falseimage:registry: docker.iorepository: kiwigrid/k8s-sidecartag: 1.27.1imagePullPolicy: IfNotPresentresources: {}scheme: httpskipTlsVerify: falsereqRetryConnect: 10sleepTime:envFrom: []env: {}sshTcpPort: 1044folder: "/var/jenkins_home/casc_configs"containerSecurityContext:readOnlyRootFilesystem: trueallowPrivilegeEscalation: falseadditionalSidecarContainers: []schedulerName: ""nodeSelector: {}tolerations: []terminationGracePeriodSeconds:terminationMessagePath:terminationMessagePolicy:affinity: {}priorityClassName:podAnnotations: {}statefulSetAnnotations: {}updateStrategy: {}ingress:enabled: falsepaths: []apiVersion: "extensions/v1beta1"labels: {}annotations: {}path:hostName:resourceRootUrl:tls: []secondaryingress:enabled: falsepaths: []apiVersion: "extensions/v1beta1"labels: {}annotations: {}hostName:tls:backendconfig:enabled: falseapiVersion: "extensions/v1beta1"name:labels: {}annotations: {}spec: {}route:enabled: falselabels: {}annotations: {}path:hostAliases: []prometheus:enabled: falseserviceMonitorAdditionalLabels: {}serviceMonitorNamespace:scrapeInterval: 60sscrapeEndpoint: /prometheusalertingrules: []alertingRulesAdditionalLabels: {}prometheusRuleNamespace: ""relabelings: []metricRelabelings: []googlePodMonitor:enabled: falsescrapeInterval: 60sscrapeEndpoint: /prometheustestEnabled: truehttpsKeyStore:enable: falsejenkinsHttpsJksSecretName: ""jenkinsHttpsJksSecretKey: "jenkins-jks-file"jenkinsHttpsJksPasswordSecretName: ""jenkinsHttpsJksPasswordSecretKey: "https-jks-password"disableSecretMount: falsehttpPort: 8081path: "/var/jenkins_keystore"fileName: "keystore.jks"password: "password"jenkinsKeyStoreBase64Encoded:
agent:enabled: falsedefaultsProviderTemplate: ""jenkinsUrl:jenkinsTunnel:kubernetesConnectTimeout: 5kubernetesReadTimeout: 15maxRequestsPerHostStr: "32"retentionTimeout: 5waitForPodSec: 600namespace:podLabels: {}jnlpregistry:image:repository: "jenkins/inbound-agent"tag: "3248.v65ecb_254c298-1"workingDir: "/home/jenkins/agent"nodeUsageMode: "NORMAL"customJenkinsLabels: []imagePullSecretName:componentName: "jenkins-agent"websocket: falsedirectConnection: falseprivileged: falserunAsUser:runAsGroup:hostNetworking: falseresources:requests:cpu: "512m"memory: "512Mi"limits:cpu: "512m"memory: "512Mi"livenessProbe: {}alwaysPullImage: falserestrictedPssSecurityContext: falsepodRetention: "Never"showRawYaml: truevolumes: []workspaceVolume: {}envVars: []secretEnvVars: []nodeSelector: {}command:args: "${computer.jnlpmac} ${computer.name}"sideContainerName: "jnlp"TTYEnabled: falsecontainerCap: 10podName: "default"idleMinutes: 0yamlTemplate: ""yamlMergeStrategy: "override"connectTimeout: 100annotations: {}additionalContainers: []disableDefaultAgent: falsepodTemplates: {}
additionalAgents: {}
additionalClouds: {}
persistence:enabled: trueexistingClaim:storageClass: openebs-hostpathannotations: {}labels: {}accessMode: "ReadWriteOnce"size: "8Gi"dataSource: {}subPath:volumes: []mounts: []
networkPolicy:enabled: falseapiVersion: networking.k8s.io/v1internalAgents:allowed: truepodLabels: {}namespaceLabels: {}externalAgents:ipCIDR:except: []
rbac:create: truereadSecrets: false
serviceAccount:create: truename:annotations: {}extraLabels: {}imagePullSecretName:
serviceAccountAgent:create: falsename:annotations: {}extraLabels: {}imagePullSecretName:
checkDeprecation: true
awsSecurityGroupPolicies:enabled: falsepolicies:- name: ""securityGroupIds: []podSelector: {}
helmtest:bats:image:registry: "docker.io"repository: "bats/bats"tag: "1.11.0"

在这里插入图片描述

安装完之后配置EKS

我的是在tools命名空间下

---
apiVersion: v1
kind: ServiceAccount
metadata:name: tools-adminnamespace: tools---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:name: pod-creatornamespace: tools
rules:
- apiGroups: [""] # "" indicates the core API groupresources: ["pods"]verbs: ["create", "get", "list", "watch", "delete", "update"]---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:name: tools-admin-rolebindingnamespace: tools
subjects:
- kind: ServiceAccountname: tools-adminnamespace: tools
roleRef:kind: Rolename: pod-creatorapiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: tools-admin-crb
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: cluster-admin
subjects:
- kind: ServiceAccountname: tools-adminnamespace: tools---
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:annotations:kubernetes.io/service-account.name: tools-adminname: tools-admin-tokennamespace: tools

获取你的token

echo -e "\033[31m$(kubectl -n tools get secret $(kubectl -n tools get secret tools-admin-token | grep tools-admin-token | awk '{print $1}') -o go-template='{{.data.token}}' | base64 -d)\033[0m"

在这里插入图片描述

登录Jenkins 配置eks的token

在这里插入图片描述

最后pipeline如下

pipeline {agent { kubernetes {inheritFrom 'kubernetes'}}   stages {stage('Get Code') {steps {  git branch: 'main', url: 'http://192.168.0.33:22045/admins/test.git'}}stage('Test-docker....') {steps {       container('test'){withKubeConfig(credentialsId: 'k8s-eks', serverUrl: 'https://01922.gr7.ap-northeast-1.eks.amazonaws.com') {sh 'kubectl delete -f pods.yaml'sh 'kubectl get pods'}}}}}}