文章目录

      • 构建带maven环境的jenkins 镜像
        • 安装jenkins
        • jenkins yaml 文件
        • 安装插件
          • jenkins 配置k8s
          • 创建用户凭证

构建带maven环境的jenkins 镜像

# 构建带 maven 环境的 jenkins 镜像docker build -t 192.168.113.122:8858/library/jenkins-maven:jdk-11 .# 登录 harbordocker login -uadmin 192.168.113.122:8858# 推送镜像到 harbordocker push 192.168.113.122:8858/library/jenkins-maven:jdk-11ps: docker build -t 108.1.1.1:8858/wolfcode/jenkin-maven:v1 .# 查看images[root@kubeadm-master1 jenkins-maven]# docker imagesREPOSITORYTAG IMAGE IDCREATEDSIZE108.1.1.1:8858/wolfcode/jenkin-mavenv133bdff943bafAbout a minute ago 783MB# 推送到harbor[root@kubeadm-master1 jenkins-maven]# docker login 108.1.1.12:8858Authenticating with existing credentials...WARNING! Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. Seehttps://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded[root@kubeadm-master1 jenkins-maven]# docker push 108.1.1.12:8858/wolfcode/jenkin-maven:v1

安装jenkins

创建pvc,pv

[root@kubeadm-master2 jenkins]# cat pv.yamlapiVersion: v1kind: PersistentVolumemetadata:name: pv6spec:capacity:storage: 5GiaccessModes:- ReadWriteManystorageClassName: "managed-nfs-storage6"persistentVolumeReclaimPolicy: Retainnfs:path: /root/data/pv6server: 192.168.1.209[root@kubeadm-master2 jenkins]# cat pvc.yamlapiVersion: v1kind: PersistentVolumeClaimmetadata:name: jenkins-data6namespace: kube-devopsspec:accessModes:- ReadWriteManystorageClassName: "managed-nfs-storage6"resources:requests:storage: 5Gi
# 进入 jenkins 目录,安装 jenkinskubectl apply -f manifests/# 查看是否运行成功kubectl get po -n kube-devops# 查看 service 端口,通过浏览器访问kubectl get svc -n kube-devops# 查看容器日志,获取默认密码kubectl logs -f pod名称 -n kube-devops[root@kubeadm-master2 jenkins]# kubectl logs -f jenkins-7c558dd78b-bsp9x -n kube-devops里面写了密码
jenkins yaml 文件
 [root@kubeadm-master2 manifests]# cat jenkins-configmap.yamlapiVersion: v1kind: ConfigMapmetadata:name: mvn-settingsnamespace: kube-devopslabels:app: jenkins-serverdata:settings.xml: |-/var/jenkins_home/repositoryreleasesadminwolfcodesnapshotsadminwolfcodereleasesnexus maven*http://192.168.113.121:8868/repository/maven-public/org.sonarsource.scanner.mavenreleasestrue1.8http://sonarqube:9000repositoryNexus Repositoryhttp://192.168.113.121:8868/repository/maven-public/truetrue[root@kubeadm-master2 manifests]# cat jenkins-jenkins-configmap.yaml jenkins-deployment.yamljenkins-pvc.yaml jenkins-serviceAccount.yamljenkins-service.yaml[root@kubeadm-master2 manifests]# cat jenkins-deployment.yamlapiVersion: apps/v1kind: Deploymentmetadata:name: jenkinsnamespace: kube-devopsspec:replicas: 1selector:matchLabels:app: jenkins-servertemplate:metadata:labels:app: jenkins-serverspec:serviceAccountName: jenkins-adminimagePullSecrets:- name: harbor-secret # harbor 访问 secretcontainers:- name: jenkinsimage: 192.168.113.122:8858/library/jenkins-maven:jdk-11imagePullPolicy: IfNotPresentsecurityContext:privileged: truerunAsUser: 0 # 使用 root 用户运行容器resources:limits:memory: "2Gi"cpu: "1000m"requests:memory: "500Mi"cpu: "500m"ports:- name: httpportcontainerPort: 8080- name: jnlpportcontainerPort: 50000livenessProbe:httpGet:path: "/login"port: 8080initialDelaySeconds: 90periodSeconds: 10timeoutSeconds: 5failureThreshold: 5readinessProbe:httpGet:path: "/login"port: 8080initialDelaySeconds: 60periodSeconds: 10timeoutSeconds: 5failureThreshold: 3volumeMounts:- name: jenkins-datamountPath: /var/jenkins_home- name: dockermountPath: /run/docker.sock- name: docker-homemountPath: /usr/bin/docker- name: mvn-settingmountPath: /usr/local/apache-maven-3.9.0/conf/settings.xmlsubPath: settings.xml- name: daemonmountPath: /etc/docker/daemon.jsonsubPath: daemon.json- name: kubectlmountPath: /usr/bin/kubectlvolumes:- name: kubectlhostPath:path: /usr/bin/kubectl- name: jenkins-datapersistentVolumeClaim:claimName: jenkins-pvc- name: dockerhostPath:path: /run/docker.sock # 将主机的 docker 映射到容器中- name: docker-homehostPath:path: /usr/bin/docker- name: mvn-settingconfigMap:name: mvn-settingsitems:- key: settings.xmlpath: settings.xml- name: daemonhostPath:path: /etc/docker/[root@kubeadm-master2 manifests]# cat jenkins-service.yamlapiVersion: v1kind: Servicemetadata:name: jenkins-servicenamespace: kube-devopsannotations:prometheus.io/scrape: 'true'prometheus.io/path: /prometheus.io/port: '8080'spec:selector:app: jenkins-servertype: NodePortports:- port: 8080targetPort: 8080[root@kubeadm-master2 manifests]# cat jenkins-jenkins-configmap.yaml jenkins-deployment.yamljenkins-pvc.yaml jenkins-serviceAccount.yamljenkins-service.yaml[root@kubeadm-master2 manifests]# cat jenkins-serviceAccount.yamlapiVersion: v1kind: ServiceAccountmetadata:name: jenkins-adminnamespace: kube-devops---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:name: jenkins-adminroleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: cluster-adminsubjects:- kind: ServiceAccountname: jenkins-adminnamespace: kube-devops
安装插件
Build Authorization Token RootGitlabSonarQube Scanner代码质量审查工具在 Dashboard > 系统管理 > Configure System 下面配置 SonarQube serversName:sonarqube # 注意这个名字要在 Jenkinsfile 中用到Server URL:http://sonarqube:9000Server authentication token:创建 credentials 配置为从 sonarqube 中得到的 token进入系统管理 > 全局工具配置 > SonarQube Scanner > Add SonarQube ScannerName:sonarqube-scanner自动安装:取消勾选SONAR_RUNNER_HOME:/usr/local/sonar-scanner-cliNode and Label parameterKubernetesjenkins + k8s 环境配置进入 Dashboard > 系统管理 > 节点管理 > Configure Clouds 页面配置 k8s 集群名称:kubernetes点击 Kubernetes Cloud details 继续配置Kubernetes 地址:如果 jenkins 是运行在 k8s 容器中,直接配置服务名即可https://kubernetes.default如果 jenkins 部署在外部,那么则不仅要配置外部访问 ip 以及 apiserver 的端口(6443),还需要配置服务证书Jenkins 地址:如果部署在 k8s 集群内部:http://jenkins-service.kube-devops如果在外部:http://192.168.113.120:32479(换成你们自己的)配置完成后保存即可Config File ProviderGit Parameter



jenkins 配置k8s


https://kubernetes.default

添加标签

创建用户凭证
系统管理 > 安全 > Manage Credentials > System > 全局凭据(unrestricted) > Add Credentials范围:全局用户名:root密码:wolfcodeID:gitlab-user-pass