Jenkins 动态salve简单配置连接 EKS

安装Jenkins

helm repo add jenkins https://charts.jenkins.io
helm repo update
# 当前版本
jenkins-5.1.18.tgz

瘦身后的 values.yaml

yaml 复制代码
 # grep -Ev '^\s*#|^$' values.yaml
nameOverride:
fullnameOverride:
namespaceOverride:
clusterZone: "cluster.local"
kubernetesURL: "https://kubernetes.default"
credentialsId:
renderHelmLabels: true
controller:
  componentName: "jenkins-controller"
  image:
    registry: "docker.io"
    repository: "jenkins/jenkins"
    tag:
    tagLabel: jdk17
    pullPolicy: "Always"
  imagePullSecretName:
  lifecycle: {}
  disableRememberMe: false
  numExecutors: 0
  executorMode: "NORMAL"
  customJenkinsLabels: []
  hostNetworking: false
  admin:
    username: "admins"
    password:
    userKey: jenkins-admin-user
    passwordKey: jenkins-admin-password
    createSecret: true
    existingSecret: ""
  jenkinsAdminEmail:
  jenkinsHome: "/var/jenkins_home"
  jenkinsRef: "/usr/share/jenkins/ref"
  jenkinsWar: "/usr/share/jenkins/jenkins.war"
  resources:
    requests:
      cpu: "50m"
      memory: "256Mi"
    limits:
      cpu: "4000m"
      memory: "4096Mi"
  shareProcessNamespace: false
  initContainerResources: {}
  initContainerEnvFrom: []
  initContainerEnv: []
  containerEnvFrom: []
  containerEnv: []
  javaOpts:
  jenkinsOpts:
  jenkinsUrlProtocol:
  jenkinsUrl:
  jenkinsUriPrefix:
  usePodSecurityContext: true
  runAsUser: 1000
  fsGroup: 1000
  securityContextCapabilities: {}
  podSecurityContextOverride: ~
  containerSecurityContext:
    runAsUser: 1000
    runAsGroup: 1000
    readOnlyRootFilesystem: true
    allowPrivilegeEscalation: false
  serviceType: NodePort
  clusterIp:
  servicePort: 8080
  targetPort: 8080
  nodePort: 33441
  serviceExternalTrafficPolicy:
  serviceAnnotations: {}
  statefulSetLabels: {}
  serviceLabels: {}
  podLabels: {}
  healthProbes: true
  probes:
    startupProbe:
      failureThreshold: 12
      httpGet:
        path: '{{ default "" .Values.controller.jenkinsUriPrefix }}/login'
        port: http
      periodSeconds: 10
      timeoutSeconds: 5
    livenessProbe:
      failureThreshold: 5
      httpGet:
        path: '{{ default "" .Values.controller.jenkinsUriPrefix }}/login'
        port: http
      periodSeconds: 10
      timeoutSeconds: 5
      initialDelaySeconds:
    readinessProbe:
      failureThreshold: 3
      httpGet:
        path: '{{ default "" .Values.controller.jenkinsUriPrefix }}/login'
        port: http
      periodSeconds: 10
      timeoutSeconds: 5
      initialDelaySeconds:
  podDisruptionBudget:
    enabled: false
    apiVersion: "policy/v1beta1"
    annotations: {}
    labels: {}
    maxUnavailable: "0"
  agentListenerEnabled: true
  agentListenerPort: 50001
  agentListenerHostPort:
  agentListenerNodePort: 50001
  agentListenerExternalTrafficPolicy:
  agentListenerLoadBalancerSourceRanges:
  - 0.0.0.0/0
  disabledAgentProtocols:
    - JNLP-connect
    - JNLP2-connect
  csrf:
    defaultCrumbIssuer:
      enabled: true
      proxyCompatability: true
  agentListenerServiceType: "NodePort"
  agentListenerServiceAnnotations: {}
  agentListenerLoadBalancerIP:
  legacyRemotingSecurityEnabled: false
  loadBalancerSourceRanges:
  - 0.0.0.0/0
  loadBalancerIP:
  jmxPort:
  extraPorts: []
  installPlugins:
    - kubernetes:4219.v40ff98cfb_d6f
    - workflow-aggregator:596.v8c21c963d92d
    - git:5.2.2
    - configuration-as-code:1807.v0175eda_00a_20
  installLatestPlugins: true
  installLatestSpecifiedPlugins: false
  additionalPlugins: []
  initializeOnce: false
  overwritePlugins: false
  overwritePluginsFromImage: true
  projectNamingStrategy: standard
  enableRawHtmlMarkupFormatter: false
  markupFormatter: plainText
  scriptApproval: []
  initScripts: {}
  initConfigMap:
  existingSecret:
  additionalExistingSecrets: []
  additionalSecrets: []
  secretClaims: []
  cloudName: "kubernetes"
  JCasC:
    defaultConfig: false
    overwriteConfiguration: false
    configUrls: []
    configScripts: {}
    security:
      apiToken:
        creationOfLegacyTokenEnabled: false
        tokenGenerationOnCreationEnabled: false
        usageStatisticsEnabled: true
    securityRealm: |-
      local:
        allowsSignup: false
        enableCaptcha: false
        users:
        - id: "${chart-admin-username}"
          name: "Jenkins Admin"
          password: "${chart-admin-password}"
    authorizationStrategy: |-
      loggedInUsersCanDoAnything:
        allowAnonymousRead: false
  customInitContainers: []
  sidecars:
    configAutoReload:
      enabled: false
      image:
        registry: docker.io
        repository: kiwigrid/k8s-sidecar
        tag: 1.27.1
      imagePullPolicy: IfNotPresent
      resources: {}
      scheme: http
      skipTlsVerify: false
      reqRetryConnect: 10
      sleepTime:
      envFrom: []
      env: {}
      sshTcpPort: 1044
      folder: "/var/jenkins_home/casc_configs"
      containerSecurityContext:
        readOnlyRootFilesystem: true
        allowPrivilegeEscalation: false
    additionalSidecarContainers: []
  schedulerName: ""
  nodeSelector: {}
  tolerations: []
  terminationGracePeriodSeconds:
  terminationMessagePath:
  terminationMessagePolicy:
  affinity: {}
  priorityClassName:
  podAnnotations: {}
  statefulSetAnnotations: {}
  updateStrategy: {}
  ingress:
    enabled: false
    paths: []
    apiVersion: "extensions/v1beta1"
    labels: {}
    annotations: {}
    path:
    hostName:
    resourceRootUrl:
    tls: []
  secondaryingress:
    enabled: false
    paths: []
    apiVersion: "extensions/v1beta1"
    labels: {}
    annotations: {}
    hostName:
    tls:
  backendconfig:
    enabled: false
    apiVersion: "extensions/v1beta1"
    name:
    labels: {}
    annotations: {}
    spec: {}
  route:
    enabled: false
    labels: {}
    annotations: {}
    path:
  hostAliases: []
  prometheus:
    enabled: false
    serviceMonitorAdditionalLabels: {}
    serviceMonitorNamespace:
    scrapeInterval: 60s
    scrapeEndpoint: /prometheus
    alertingrules: []
    alertingRulesAdditionalLabels: {}
    prometheusRuleNamespace: ""
    relabelings: []
    metricRelabelings: []
  googlePodMonitor:
    enabled: false
    scrapeInterval: 60s
    scrapeEndpoint: /prometheus
  testEnabled: true
  httpsKeyStore:
    enable: false
    jenkinsHttpsJksSecretName: ""
    jenkinsHttpsJksSecretKey: "jenkins-jks-file"
    jenkinsHttpsJksPasswordSecretName: ""
    jenkinsHttpsJksPasswordSecretKey: "https-jks-password"
    disableSecretMount: false
    httpPort: 8081
    path: "/var/jenkins_keystore"
    fileName: "keystore.jks"
    password: "password"
    jenkinsKeyStoreBase64Encoded:
agent:
  enabled: false
  defaultsProviderTemplate: ""
  jenkinsUrl:
  jenkinsTunnel:
  kubernetesConnectTimeout: 5
  kubernetesReadTimeout: 15
  maxRequestsPerHostStr: "32"
  retentionTimeout: 5
  waitForPodSec: 600
  namespace:
  podLabels: {}
  jnlpregistry:
  image:
    repository: "jenkins/inbound-agent"
    tag: "3248.v65ecb_254c298-1"
  workingDir: "/home/jenkins/agent"
  nodeUsageMode: "NORMAL"
  customJenkinsLabels: []
  imagePullSecretName:
  componentName: "jenkins-agent"
  websocket: false
  directConnection: false
  privileged: false
  runAsUser:
  runAsGroup:
  hostNetworking: false
  resources:
    requests:
      cpu: "512m"
      memory: "512Mi"
    limits:
      cpu: "512m"
      memory: "512Mi"
  livenessProbe: {}
  alwaysPullImage: false
  restrictedPssSecurityContext: false
  podRetention: "Never"
  showRawYaml: true
  volumes: []
  workspaceVolume: {}
  envVars: []
  secretEnvVars: []
  nodeSelector: {}
  command:
  args: "${computer.jnlpmac} ${computer.name}"
  sideContainerName: "jnlp"
  TTYEnabled: false
  containerCap: 10
  podName: "default"
  idleMinutes: 0
  yamlTemplate: ""
  yamlMergeStrategy: "override"
  connectTimeout: 100
  annotations: {}
  additionalContainers: []
  disableDefaultAgent: false
  podTemplates: {}
additionalAgents: {}
additionalClouds: {}
persistence:
  enabled: true
  existingClaim:
  storageClass: openebs-hostpath
  annotations: {}
  labels: {}
  accessMode: "ReadWriteOnce"
  size: "8Gi"
  dataSource: {}
  subPath:
  volumes: []
  mounts: []
networkPolicy:
  enabled: false
  apiVersion: networking.k8s.io/v1
  internalAgents:
    allowed: true
    podLabels: {}
    namespaceLabels: {}
  externalAgents:
    ipCIDR:
    except: []
rbac:
  create: true
  readSecrets: false
serviceAccount:
  create: true
  name:
  annotations: {}
  extraLabels: {}
  imagePullSecretName:
serviceAccountAgent:
  create: false
  name:
  annotations: {}
  extraLabels: {}
  imagePullSecretName:
checkDeprecation: true
awsSecurityGroupPolicies:
  enabled: false
  policies:
    - name: ""
      securityGroupIds: []
      podSelector: {}
helmtest:
  bats:
    image:
      registry: "docker.io"
      repository: "bats/bats"
      tag: "1.11.0"

安装完之后 配置EKS

我的是在tools命名空间下
---
apiVersion: v1
kind: ServiceAccount
metadata:
 name: tools-admin
 namespace: tools

---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: pod-creator
  namespace: tools
rules:
- apiGroups: [""] # "" indicates the core API group
  resources: ["pods"]
  verbs: ["create", "get", "list", "watch", "delete", "update"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: tools-admin-rolebinding
  namespace: tools
subjects:
- kind: ServiceAccount
  name: tools-admin
  namespace: tools
roleRef:
  kind: Role
  name: pod-creator
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: tools-admin-crb
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: tools-admin
  namespace: tools

---
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
 annotations:
   kubernetes.io/service-account.name: tools-admin
 name: tools-admin-token
 namespace: tools

获取你的token

js 复制代码
echo -e "\033[31m$(kubectl -n tools get secret $(kubectl -n tools get secret tools-admin-token | grep tools-admin-token | awk '{print $1}') -o go-template='{{.data.token}}' | base64 -d)\033[0m"

登录Jenkins 配置eks的token

最后pipeline如下
js 复制代码
pipeline {
  
    agent { 
     kubernetes {
       inheritFrom 'kubernetes'
     	 }
   			 }   
   			 
    stages {
      stage('Get Code') {
        steps {  
            git branch: 'main', url: 'http://192.168.0.33:22045/admins/test.git'
         }
           }
           

      stage('Test-docker....') {
            steps {       
                container('test'){
        withKubeConfig(credentialsId: 'k8s-eks', 
        serverUrl: 'https://01922.gr7.ap-northeast-1.eks.amazonaws.com') {
         sh 'kubectl delete -f pods.yaml'
         sh 'kubectl get pods'

     }
   
            }
               }
                   }
                       }
                          }

运行日志

相关推荐
dessler10 分钟前
Docker-如何启动docker
运维·docker·云原生·容器·eureka
zhy2956310 分钟前
【DOCKER】基于DOCKER的服务之DUFS
运维·docker·容器·dufs
秋名山小桃子25 分钟前
Kunlun 2280服务器(ARM)Raid卡磁盘盘符漂移问题解决
运维·服务器
与君共勉1213826 分钟前
Nginx 负载均衡的实现
运维·服务器·nginx·负载均衡
MZWeiei36 分钟前
Zookeeper基本命令解析
大数据·linux·运维·服务器·zookeeper
Arenaschi1 小时前
在Tomcat中部署应用时,如何通过域名访问而不加端口号
运维·服务器
waicsdn_haha1 小时前
Java/JDK下载、安装及环境配置超详细教程【Windows10、macOS和Linux图文详解】
java·运维·服务器·开发语言·windows·后端·jdk
蜜獾云1 小时前
docker 安装雷池WAF防火墙 守护Web服务器
linux·运维·服务器·网络·网络安全·docker·容器
小屁不止是运维1 小时前
麒麟操作系统服务架构保姆级教程(五)NGINX中间件详解
linux·运维·服务器·nginx·中间件·架构
Hacker_Oldv2 小时前
WPS 认证机制
运维·服务器·wps