第一部分:在k8s集群安装jenkins
1.安装nfs服务,选择自己的任意一台机器,我选择master1节点(192.168.80.180)
(1)在master1上安装nfs服务
yum install nfs-utils -y
systemctl start nfs
(2)在master1上创建一个nfs共享目录
mkdir /data/v1 -p
cat /etc/exports
/data/v1 192.168.80.0/24(rw,no_root_squash)
exportfs -arv 使配置文件生效
systemctl restart nfs
2.kubernetes中部署jenkins
(1)创建名称空间
kubectl create namespace jenkins-k8s
(2)创建pv
cat pv.yaml
apiVersion: v1 kind: PersistentVolume metadata: name: jenkins-k8s-pv spec: capacity: storage: 10Gi accessModes: - ReadWriteMany nfs: server: 192.168.80.180 path: /data/v1
kubectl apply -f pv.yaml
(3)创建pvc
cat pvc.yaml
kind: PersistentVolumeClaim apiVersion: v1 metadata: name: jenkins-k8s-pvc namespace: jenkins-k8s spec: resources: requests: storage: 10Gi accessModes: - ReadWriteMany
查看pvc和pv绑定是否成功
kubectl get pvc -n jenkins-k8s
(4)创建一个sa账号
kubectl create sa jenkins-k8s-sa -n jenkins-k8s
(5)把上面的sa账号做rbac授权
kubectl create clusterrolebinding jenkins-k8s-sa-cluster -n jenkins-k8s --clusterrole=cluster-admin --serviceaccount=jenkins-k8s:jenkins-k8s-sa
(6)通过deployment部署jenkins
cat jenkins-deployment.yaml
kind: Deployment apiVersion: apps/v1 metadata: name: jenkins namespace: jenkins-k8s spec: replicas: 1 selector: matchLabels: app: jenkins template: metadata: labels: app: jenkins spec: serviceAccount: jenkins-k8s-sa containers: - name: jenkins image: jenkins/jenkins:lts imagePullPolicy: IfNotPresent ports: - containerPort: 8080 name: web protocol: TCP - containerPort: 50000 name: agent protocol: TCP resources: limits: cpu: 1000m memory: 1Gi requests: cpu: 500m memory: 512Mi livenessProbe: httpGet: path: /login port: 8080 initialDelaySeconds: 60 timeoutSeconds: 5 failureThreshold: 12 readinessProbe: httpGet: path: /login port: 8080 initialDelaySeconds: 60 timeoutSeconds: 5 failureThreshold: 12 volumeMounts: - name: jenkins-volume subPath: jenkins-home mountPath: /var/jenkins_home volumes: - name: jenkins-volume persistentVolumeClaim: claimName: jenkins-k8s-pvc
chown -R 1000 /data/v1
kubectl apply -f jenkins-deployment.yaml
kubectl get pods -n jenkins-k8s
(7)把jenkins前端加上service,提供外部网络访问
cat jenkins-service.yaml
apiVersion: v1 kind: Service metadata: name: jenkins-service namespace: jenkins-k8s labels: app: jenkins spec: selector: app: jenkins type: NodePort ports: - name: web port: 8080 targetPort: web nodePort: 30002 - name: agent port: 50000 targetPort: agent
kubectl apply -f jenkins-service.yaml
kubectl get svc -n jenkins-k8s
第二部分:配置Jenkins
在浏览器访问jenkins的web界面:
http://192.168.80.199:30002/login?from=%2F
1.获取管理员密码:
在nfs服务端,也就是我们的master1节点获取密码:
cat /data/v1/jenkins-home/secrets/initialAdminPassword
把上面获取到的密码拷贝到上面管理员密码下的方框里
点击继续,出现如下界面
2.安装插件
安装推荐的插件
插件安装好之后显示如下:
3.创建第一个管理员用户
用户名和密码都设置成admin,线上环境需要设置成复杂的密码
修改好之后点击保存并完成,出现如下界面
点击保存并完成,出现如下界面
点击保存并完成,出现如下界面
第三部分:测试jenkins的CI/CD
1.在Jenkins中安装kubernetes插件
(1)在jenkins中安装k8s插件
Manage Jnekins------>Manage Plugins------>可选插件------>搜索kubernetes------>出现如下
选中kubernetes之后------>点击下面的直接安装------>安装之后选择重新启动jenkins--->重启之后登陆jenkins即可
2.配置jenkins连接到我们存在的k8s集群
(1)点击系统管理->系统设置-新增一个云,在下拉菜单中选择kubernets并添加
(2)填写云kubernetes配置内容
注:Name值任意添加,Kubernetes URL值添加K8S apiserver连接地址和端口
(3)测试jenkins和k8s是否可以通信
点击连接测试,如果显示Connection test successful,说明测试成功,Jenkins可以和k8s进行通过
应用------>保存
3.配置pod-template
(1)配置pod template
系统管理------>系统设置------>添加Pod模板------>Kubernetes Pod Template--->按如下配置
(2)在上面的pod template下添加容器
添加容器------>Container Template------>按如下配置------>
在每一个pod template右下脚都有一个Advanced,点击Advanced,出现如下
在Service Account处输入jenkins-k8s-sa,这个sa就是我们最开始安装jenkins时的sa
(3)给上面的pod template添加卷
添加卷------>选择Host Path Volume
上面配置好之后,应用------>保存
4.添加自己的dockerhub凭据
首页------>凭据------>点击Stores scoped to Jenkins下的第一行jenkins,显示如下----->
点击这个全局凭据,出现如下------>
点击左侧的添加凭据,出现如下------>
username:xianchao
password:1989*****
ID:dockerhub
描述:随意
上面改好之后选择确定即可
5.测试通过Jenkins部署k8s
回到首页:
新建一个任务------>输入一个任务名称处输入jenkins-variable-test-deploy------>流水线------>确定------>在Pipeline script处输入如下内容
node('testhan') { stage('Clone') { echo "1.Clone Stage" git url: "https://github.com/luckylucky421/jenkins-sample.git" script { build_tag = sh(returnStdout: true, script: 'git rev-parse --short HEAD').trim() } } stage('Test') { echo "2.Test Stage" } stage('Build') { echo "3.Build Docker Image Stage" sh "docker build -t xianchao/jenkins-demo:${build_tag} ." } stage('Push') { echo "4.Push Docker Image Stage" withCredentials([usernamePassword(credentialsId: 'dockerhub', passwordVariable: 'dockerHubPassword', usernameVariable: 'dockerHubUser')]) { sh "docker login -u ${dockerHubUser} -p ${dockerHubPassword}" sh "docker push xianchao/jenkins-demo:${build_tag}" } } stage('Deploy to dev') { echo "5. Deploy DEV" sh "sed -i 's/<BUILD_TAG>/${build_tag}/' k8s-dev.yaml" sh "sed -i 's/<BRANCH_NAME>/${env.BRANCH_NAME}/' k8s-dev.yaml" // sh "bash running-devlopment.sh" sh "kubectl apply -f k8s-dev.yaml --validate=false" } stage('Promote to qa') { def userInput = input( id: 'userInput', message: 'Promote to qa?', parameters: [ [ $class: 'ChoiceParameterDefinition', choices: "YES\nNO", name: 'Env' ] ] ) echo "This is a deploy step to ${userInput}" if (userInput == "YES") { sh "sed -i 's/<BUILD_TAG>/${build_tag}/' k8s-qa.yaml" sh "sed -i 's/<BRANCH_NAME>/${env.BRANCH_NAME}/' k8s-qa.yaml" // sh "bash running-qa.sh" sh "kubectl apply -f k8s-qa.yaml --validate=false" sh "sleep 6" sh "kubectl get pods -n qa" } else { //exit } } stage('Promote to pro') { def userInput = input( id: 'userInput', message: 'Promote to pro?', parameters: [ [ $class: 'ChoiceParameterDefinition', choices: "YES\nNO", name: 'Env' ] ] ) echo "This is a deploy step to ${userInput}" if (userInput == "YES") { sh "sed -i 's/<BUILD_TAG>/${build_tag}/' k8s-prod.yaml" sh "sed -i 's/<BRANCH_NAME>/${env.BRANCH_NAME}/' k8s-prod.yaml" // sh "bash running-production.sh" sh "cat k8s-prod.yaml" sh "kubectl apply -f k8s-prod.yaml --record --validate=false" } } }
应用------>保存------>立即构建即可
