Kubernetes 创建 Jenkins 实现 CICD 配置指南

Kubernetes 创建 Jenkins 实现 CICD 配置指南

拉取 Jenkins 镜像并推送到本地仓库

sh 复制代码
# 从官方仓库拉取镜像(若网络不通畅可使用国内镜像源)
docker pull jenkins/jenkins:lts-jdk11

# 国内用户可去下面地址寻找镜像源并拉取:
https://docker.aityp.com

# 推送到本地 Kubernetes 镜像仓库
docker tag jenkins/jenkins:lts-jdk11 192.168.1.13:5000/datasafe/jenkins:lts-jdk11
docker push 192.168.1.13:5000/datasafe/jenkins:lts-jdk11

1. 创建命名空间

sh 复制代码
kubectl create ns jenkins

2. 创建 ServiceAccount 和权限绑定

2.1 检查 ServiceAccount 是否存在

sh 复制代码
kubectl get serviceaccount -n jenkins

2.2 创建 jenkins-admin ServiceAccount

sh 复制代码
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins-admin
  namespace: jenkins
EOF

2.3 配置权限绑定

集群管理员权限 (ClusterRoleBinding)
sh 复制代码
cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: jenkins-admin-binding
subjects:
- kind: ServiceAccount
  name: jenkins-admin
  namespace: jenkins
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
EOF
命名空间权限 (RoleBinding)
sh 复制代码
cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: jenkins-admin-binding
  namespace: jenkins
subjects:
- kind: ServiceAccount
  name: jenkins-admin
  namespace: jenkins
roleRef:
  kind: Role
  name: jenkins-role
  apiGroup: rbac.authorization.k8s.io
EOF

3. 部署 Jenkins YAML 配置

yaml 复制代码
---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: jenkins
  namespace: jenkins
spec:
  replicas: 1
  selector:
    matchLabels:
      app: jenkins
  template:
    metadata:
      labels:
        app: jenkins
    spec:
      volumes:
        - name: jenkinshome
          persistentVolumeClaim:
            claimName: jenkins-data-pvc
      containers:
        - name: jenkins
          image: '192.168.1.13:5000/datasafe/jenkins:lts-jdk11'
          ports:
            - name: web
              containerPort: 8080
              protocol: TCP
            - name: agent
              containerPort: 50000
              protocol: TCP
          env:
            - name: JAVA_OPTS
              value: '-Duser.timezone=Asia/Shanghai'
          volumeMounts:
            - name: jenkinshome
              mountPath: /var/jenkins_home
      serviceAccountName: jenkins-admin
      securityContext: {}

---
kind: Service
apiVersion: v1
metadata:
  name: jenkins
  namespace: jenkins
  labels:
    app: jenkins
spec:
  ports:
    - name: web
      protocol: TCP
      port: 8080
      targetPort: 8080
      nodePort: 30010
  selector:
    app: jenkins
  type: NodePort

---
kind: Service
apiVersion: v1
metadata:
  name: jenkins-agent
  namespace: jenkins
  labels:
    app: jenkins
spec:
  ports:
    - name: agent
      protocol: TCP
      port: 50000
      targetPort: 50000
  selector:
    app: jenkins
  type: ClusterIP

---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: jenkins-data-pvc
  namespace: jenkins
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 10Gi
  storageClassName: nfs-client

4. 创建凭证(Git 服务器账户密码)

  1. 进入 Jenkins 管理界面
  2. 导航到"系统管理" → "凭据管理"
  3. 创建 Git 和节点服务器凭证
  4. 记录生成的唯一标识符

5. 绑定 Jenkins 服务器节点

5.1 准备工作

从节点需要安装以下环境:

  • Git
  • JDK
  • Maven
  • Docker(可选)

添加 Maven 环境变量:

sh 复制代码
echo 'export PATH=/usr/local/apache-maven-3.8.6/bin:$PATH' >> ~/.profile
source ~/.profile

5.2 创建从节点

  1. 进入"系统管理" → "节点和云管理"
  2. 创建新节点
  3. 配置节点信息:
    • 名称
    • 远程工作目录
    • 启动方式(通过SSH)
    • 凭据(使用之前创建的凭证)


5.3 常见问题及解决方案

问题1:Jenkins 连接不上远程机器

错误信息:

复制代码
[SSH] Opening SSH connection to 192.168.1.4:22.
Searching for 192.168.1.4 in /var/jenkins_home/.ssh/known_hosts
Searching for 192.168.1.4:22 in /var/jenkins_home/.ssh/known_hosts
[04/21/25 12:59:00] [SSH] WARNING: No entry currently exists in the Known Hosts file for this host. Connections will be denied until this new host and its associated key is added to the Known Hosts file.
Key exchange was not finished, connection is closed.
SSH Connection failed with IOException: "Key exchange was not finished, connection is closed.", retrying in 15 seconds. There are 10 more retries left.

解决方案:

sh 复制代码
# 进入 Jenkins 容器执行
ssh-keyscan -H 从节点主机IP >> /var/jenkins_home/.ssh/known_hosts
问题2:加入 Jenkins 失败

错误信息:

复制代码
Starting agent process: cd "/data/jenkins" && java  -jar remoting.jar -workDir /data/jenkins -jar-cache /data/jenkins/remoting/jarCache
Error: A JNI error has occurred, please check your installation and try again
Exception in thread "main" java.lang.UnsupportedClassVersionError: hudson/remoting/Launcher has been compiled by a more recent version of the Java Runtime (class file version 55.0), this version of the Java Runtime only recognizes class file versions up to 52.0
	at java.lang.ClassLoader.defineClass1(Native Method)
	at java.lang.ClassLoader.defineClass(ClassLoader.java:763)
	at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
	at java.net.URLClassLoader.defineClass(URLClassLoader.java:468)
	at java.net.URLClassLoader.access$100(URLClassLoader.java:74)
	at java.net.URLClassLoader$1.run(URLClassLoader.java:369)
	at java.net.URLClassLoader$1.run(URLClassLoader.java:363)
	at java.security.AccessController.doPrivileged(Native Method)
	at java.net.URLClassLoader.findClass(URLClassLoader.java:362)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
	at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:349)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
	at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:495)
Agent JVM has terminated. Exit code=1

解决方案:

  1. 下载并安装 JDK 11 https://www.oracle.com/cn/java/technologies/javase/jdk11-archive-downloads.html#license-lightbox
  2. 在节点配置 → 启动方式 → 高级中指定 JDK11 路径

重新点击 launch agent即可

6. 创建 Pipeline 项目

6.1 Pipeline 脚本示例

groovy 复制代码
pipeline {
    agent {
        label 'java' // 使用标签选择节点
    }
        
    environment {
        IMAGE_NAME = "micro-datamap"
        K8S_NAMESPACE = "development"
        K8S_PORT = "31090"
        K8S_DEBUG_PORT = "31091"
        SPRING_PROFILES_ACTIVE = "dev"
    }
    
    parameters {
        string(
            name: 'BUILD_VERSION',
            defaultValue: '3.0.4_hz250117',
            description: '构建版本号'
        )
    }
    
    stages {
        stage("Checkout") {
            steps {
                echo "1. checkout integration branch"
                git branch: '分支',
                    credentialsId: 'git凭据标识',
                    url: '仓库地址'
            }
        }
        
        stage('Package&Build') {
            steps {
                echo "2.package project & build Image"
                script {
                    sh "cat src/main/docker/Dockerfile"
                    sh "cd src/main/docker/ && bash build.sh ${SPRING_PROFILES_ACTIVE} ${BUILD_VERSION}"
                }
            }
        }
        
        stage('Push') {
            steps {
                echo "3.push image"
                script {
                    sh "docker push 镜像名称"
                }
            }
        }
        
        stage('Deploy') {
            steps {
                echo "4.deploy in k8s"
                script {
                    sh "echo 'deleting current deployment...'"
                    // 部署相关的kubectl命令
                }
            }
        }
    }
}
相关推荐
终端行者3 小时前
k8s之ingress定义https访问方式
容器·https·kubernetes
东风微鸣7 小时前
AI 赋能的云原生应用:技术趋势与实践
docker·云原生·kubernetes·可观察性
退役小学生呀9 小时前
十七、K8s 可观测性:全链路追踪
linux·云原生·容器·kubernetes·k8s
Johny_Zhao20 小时前
CentOS Stream 9上部署FTP应用服务的两种方法(传统安装和docker-compose)
linux·网络安全·信息安全·kubernetes·云计算·containerd·ftp·yum源·系统运维
鼠鼠我捏,要死了捏20 小时前
多租户Kubernetes集群架构设计实践——隔离、安全与弹性扩缩容
kubernetes·architecture·multi-tenancy
java叶新东老师21 小时前
k8s常用命令
云原生·容器·kubernetes
会飞的青蛙1 天前
从购买服务器,到Ubuntu + Docker + Jenkins 部署,再到网页展示!
nginx·ci/cd·jenkins
liux35281 天前
从零构建:Jenkins与Kubernetes集成的完整指南
java·kubernetes·jenkins
岚天start1 天前
在K8S环境中,telnet nodePort端口是通的,但是 ss 获取不到端口号原因解析
iptables·kubernetes·k8s·telnet·ss
hzulwy1 天前
docker与k8s的容器数据卷
docker·eureka·kubernetes