飞天使-学以致用-devops知识点3-安装jenkins

文章目录

构建带maven环境的jenkins 镜像

# 构建带 maven 环境的 jenkins 镜像
docker build -t 192.168.113.122:8858/library/jenkins-maven:jdk-11 .

# 登录 harbor
docker login -uadmin 192.168.113.122:8858

# 推送镜像到 harbor
docker push 192.168.113.122:8858/library/jenkins-maven:jdk-11

ps: docker build -t 108.1.1.1:8858/wolfcode/jenkin-maven:v1 .

# 查看images
[root@kubeadm-master1 jenkins-maven]# docker images
REPOSITORY                                                                    TAG                 IMAGE ID            CREATED              SIZE
108.1.1.1:8858/wolfcode/jenkin-maven                                    v1                  33bdff943baf        About a minute ago   783MB

# 推送到harbor
[root@kubeadm-master1 jenkins-maven]# docker login 108.1.1.12:8858
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@kubeadm-master1 jenkins-maven]# docker push 108.1.1.12:8858/wolfcode/jenkin-maven:v1
安装jenkins

创建pvc,pv

[root@kubeadm-master2 jenkins]# cat pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv6
spec:
  capacity:
    storage: 5Gi
  accessModes:
  - ReadWriteMany
  storageClassName: "managed-nfs-storage6"
  persistentVolumeReclaimPolicy: Retain
  nfs:
    path: /root/data/pv6
    server: 192.168.1.209
[root@kubeadm-master2 jenkins]# cat pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: jenkins-data6
  namespace: kube-devops
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: "managed-nfs-storage6"
  resources:
    requests:
      storage: 5Gi

# 进入 jenkins 目录,安装 jenkins
kubectl apply -f manifests/

# 查看是否运行成功
kubectl get po -n kube-devops

# 查看 service 端口,通过浏览器访问
kubectl get svc -n kube-devops

# 查看容器日志,获取默认密码
kubectl logs -f pod名称 -n kube-devops

[root@kubeadm-master2 jenkins]# kubectl logs -f jenkins-7c558dd78b-bsp9x -n kube-devops
里面写了密码
jenkins yaml 文件
 [root@kubeadm-master2 manifests]# cat jenkins-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: mvn-settings
  namespace: kube-devops
  labels:
    app: jenkins-server
data:
  settings.xml: |-
    <?xml version="1.0" encoding="UTF-8"?>
    <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
        <localRepository>/var/jenkins_home/repository</localRepository>
        <servers>
                <server>
                        <id>releases</id>
                        <username>admin</username>
                        <password>wolfcode</password>
                </server>
                <server>
                        <id>snapshots</id>
                        <username>admin</username>
                        <password>wolfcode</password>
                </server>
        </servers>

        <mirrors>
                <mirror>
                        <id>releases</id>
                        <name>nexus maven</name>
                        <mirrorOf>*</mirrorOf>
                        <url>http://192.168.113.121:8868/repository/maven-public/</url>
                </mirror>
        </mirrors>

        <pluginGroups>
                <pluginGroup>org.sonarsource.scanner.maven</pluginGroup>
        </pluginGroups>
        <profiles>
                <profile>
                        <id>releases</id>
                        <activation>
                                <activeByDefault>true</activeByDefault>
                                <jdk>1.8</jdk>
                        </activation>
                        <properties>
                                <sonar.host.url>http://sonarqube:9000</sonar.host.url>
                        </properties>

                        <repositories>
                                <repository>
                                        <id>repository</id>
                                        <name>Nexus Repository</name>
                                        <url>http://192.168.113.121:8868/repository/maven-public/</url>
                                        <releases>
                                                <enable>true</enable>
                                        </releases>
                                        <snapshots>
                                                <enable>true</enable>
                                        </snapshots>
                                </repository>
                        </repositories>
                </profile>
        </profiles>
    </settings>
[root@kubeadm-master2 manifests]# cat jenkins-
jenkins-configmap.yaml       jenkins-deployment.yaml      jenkins-pvc.yaml             jenkins-serviceAccount.yaml  jenkins-service.yaml
[root@kubeadm-master2 manifests]# cat jenkins-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: jenkins
  namespace: kube-devops
spec:
  replicas: 1
  selector:
    matchLabels:
      app: jenkins-server
  template:
    metadata:
      labels:
        app: jenkins-server
    spec:
      serviceAccountName: jenkins-admin
      imagePullSecrets:
        - name: harbor-secret # harbor 访问 secret
      containers:
        - name: jenkins
          image: 192.168.113.122:8858/library/jenkins-maven:jdk-11
          imagePullPolicy: IfNotPresent
          securityContext:
            privileged: true
            runAsUser: 0 # 使用 root 用户运行容器
          resources:
            limits:
              memory: "2Gi"
              cpu: "1000m"
            requests:
              memory: "500Mi"
              cpu: "500m"
          ports:
            - name: httpport
              containerPort: 8080
            - name: jnlpport
              containerPort: 50000
          livenessProbe:
            httpGet:
              path: "/login"
              port: 8080
            initialDelaySeconds: 90
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 5
          readinessProbe:
            httpGet:
              path: "/login"
              port: 8080
            initialDelaySeconds: 60
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 3
          volumeMounts:
            - name: jenkins-data
              mountPath: /var/jenkins_home
            - name: docker
              mountPath: /run/docker.sock
            - name: docker-home
              mountPath: /usr/bin/docker
            - name: mvn-setting
              mountPath: /usr/local/apache-maven-3.9.0/conf/settings.xml
              subPath: settings.xml
            - name: daemon
              mountPath: /etc/docker/daemon.json
              subPath: daemon.json
            - name: kubectl
              mountPath: /usr/bin/kubectl
      volumes:
        - name: kubectl
          hostPath:
            path: /usr/bin/kubectl
        - name: jenkins-data
          persistentVolumeClaim:
              claimName: jenkins-pvc
        - name: docker
          hostPath:
            path: /run/docker.sock # 将主机的 docker 映射到容器中
        - name: docker-home
          hostPath:
            path: /usr/bin/docker
        - name: mvn-setting
          configMap:
            name: mvn-settings
            items:
            - key: settings.xml
              path: settings.xml
        - name: daemon
          hostPath:
            path: /etc/docker/
[root@kubeadm-master2 manifests]# cat jenkins-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: jenkins-service
  namespace: kube-devops
  annotations:
      prometheus.io/scrape: 'true'
      prometheus.io/path:   /
      prometheus.io/port:   '8080'
spec:
  selector:
    app: jenkins-server
  type: NodePort
  ports:
    - port: 8080
      targetPort: 8080
[root@kubeadm-master2 manifests]# cat jenkins-
jenkins-configmap.yaml       jenkins-deployment.yaml      jenkins-pvc.yaml             jenkins-serviceAccount.yaml  jenkins-service.yaml
[root@kubeadm-master2 manifests]# cat jenkins-serviceAccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins-admin
  namespace: kube-devops
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: jenkins-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: jenkins-admin
  namespace: kube-devops
安装插件
Build Authorization Token Root
Gitlab
SonarQube Scanner
代码质量审查工具

在 Dashboard > 系统管理 > Configure System 下面配置 SonarQube servers

Name:sonarqube # 注意这个名字要在 Jenkinsfile 中用到
Server URL:http://sonarqube:9000
Server authentication token:创建 credentials 配置为从 sonarqube 中得到的 token

进入系统管理 > 全局工具配置 > SonarQube Scanner > Add SonarQube Scanner
Name:sonarqube-scanner
自动安装:取消勾选
SONAR_RUNNER_HOME:/usr/local/sonar-scanner-cli

Node and Label parameter
Kubernetes

jenkins + k8s 环境配置

进入 Dashboard > 系统管理 > 节点管理 > Configure Clouds 页面

配置 k8s 集群
名称:kubernetes
点击 Kubernetes Cloud details 继续配置
Kubernetes 地址:
	如果 jenkins 是运行在 k8s 容器中,直接配置服务名即可
		https://kubernetes.default
	如果 jenkins 部署在外部,那么则不仅要配置外部访问 ip 以及 apiserver 的端口(6443),还需要配置服务证书
Jenkins 地址:
	如果部署在 k8s 集群内部:http://jenkins-service.kube-devops
	如果在外部:http://192.168.113.120:32479(换成你们自己的)

配置完成后保存即可



Config File Provider

Git Parameter



jenkins 配置k8s

https://kubernetes.default

添加标签

创建用户凭证
系统管理 > 安全 > Manage Credentials > System > 全局凭据(unrestricted) > Add Credentials

范围:全局
用户名:root
密码:wolfcode
ID:gitlab-user-pass
相关推荐
对你无可奈何11 小时前
从Proxmox VE开始:安装与配置指南
运维·服务器·devops
Linux运维老纪11 小时前
K8s之Service详解(Detailed Explanation of K8s Service)
服务器·网络·云原生·容器·kubernetes·云计算·运维开发
A ?Charis15 小时前
ExternalName Service 针对的是k8s集群外部有api服务的场景?
kubernetes
Dusk_橙子15 小时前
在K8S中,pending状态一般由什么原因导致的?
云原生·容器·kubernetes
从未止步..17 小时前
Jenkins未在第一次登录后设置用户名,第二次登录不进去怎么办?
java·运维·jenkins
喝醉酒的小白18 小时前
几种K8s运维管理平台对比说明
运维·容器·kubernetes
Linux运维老纪1 天前
DNS缓存详解(DNS Cache Detailed Explanation)
计算机网络·缓存·云原生·容器·kubernetes·云计算·运维开发
Elastic 中国社区官方博客1 天前
使用真实 Elasticsearch 进行高级集成测试
大数据·数据库·elasticsearch·搜索引擎·全文检索·jenkins·集成测试
元气满满的热码式2 天前
K8S部署DevOps自动化运维平台
运维·kubernetes·devops
IT艺术家-rookie2 天前
k8s--部署k8s集群--控制平面节点
容器·kubernetes