Kubernetes 创建 Jenkins 实现 CICD 配置指南
拉取 Jenkins 镜像并推送到本地仓库
sh
# 从官方仓库拉取镜像(若网络不通畅可使用国内镜像源)
docker pull jenkins/jenkins:lts-jdk11
# 国内用户可去下面地址寻找镜像源并拉取:
https://docker.aityp.com
# 推送到本地 Kubernetes 镜像仓库
docker tag jenkins/jenkins:lts-jdk11 192.168.1.13:5000/datasafe/jenkins:lts-jdk11
docker push 192.168.1.13:5000/datasafe/jenkins:lts-jdk111. 创建命名空间
sh
kubectl create ns jenkins2. 创建 ServiceAccount 和权限绑定
2.1 检查 ServiceAccount 是否存在
sh
kubectl get serviceaccount -n jenkins2.2 创建 jenkins-admin ServiceAccount
sh
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins-admin
namespace: jenkins
EOF2.3 配置权限绑定
集群管理员权限 (ClusterRoleBinding)
sh
cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: jenkins-admin-binding
subjects:
- kind: ServiceAccount
name: jenkins-admin
namespace: jenkins
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
EOF命名空间权限 (RoleBinding)
sh
cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins-admin-binding
namespace: jenkins
subjects:
- kind: ServiceAccount
name: jenkins-admin
namespace: jenkins
roleRef:
kind: Role
name: jenkins-role
apiGroup: rbac.authorization.k8s.io
EOF3. 部署 Jenkins YAML 配置
yaml
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: jenkins
namespace: jenkins
spec:
replicas: 1
selector:
matchLabels:
app: jenkins
template:
metadata:
labels:
app: jenkins
spec:
volumes:
- name: jenkinshome
persistentVolumeClaim:
claimName: jenkins-data-pvc
containers:
- name: jenkins
image: '192.168.1.13:5000/datasafe/jenkins:lts-jdk11'
ports:
- name: web
containerPort: 8080
protocol: TCP
- name: agent
containerPort: 50000
protocol: TCP
env:
- name: JAVA_OPTS
value: '-Duser.timezone=Asia/Shanghai'
volumeMounts:
- name: jenkinshome
mountPath: /var/jenkins_home
serviceAccountName: jenkins-admin
securityContext: {}
---
kind: Service
apiVersion: v1
metadata:
name: jenkins
namespace: jenkins
labels:
app: jenkins
spec:
ports:
- name: web
protocol: TCP
port: 8080
targetPort: 8080
nodePort: 30010
selector:
app: jenkins
type: NodePort
---
kind: Service
apiVersion: v1
metadata:
name: jenkins-agent
namespace: jenkins
labels:
app: jenkins
spec:
ports:
- name: agent
protocol: TCP
port: 50000
targetPort: 50000
selector:
app: jenkins
type: ClusterIP
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: jenkins-data-pvc
namespace: jenkins
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
storageClassName: nfs-client4. 创建凭证(Git 服务器账户密码)
- 进入 Jenkins 管理界面
- 导航到"系统管理" → "凭据管理"
- 创建 Git 和节点服务器凭证
- 记录生成的唯一标识符
5. 绑定 Jenkins 服务器节点
5.1 准备工作
从节点需要安装以下环境:
- Git
- JDK
- Maven
- Docker(可选)
添加 Maven 环境变量:
sh
echo 'export PATH=/usr/local/apache-maven-3.8.6/bin:$PATH' >> ~/.profile
source ~/.profile5.2 创建从节点
- 进入"系统管理" → "节点和云管理"
- 创建新节点
- 配置节点信息:
- 名称
- 远程工作目录
- 启动方式(通过SSH)
- 凭据(使用之前创建的凭证)
5.3 常见问题及解决方案
问题1:Jenkins 连接不上远程机器
错误信息:
[SSH] Opening SSH connection to 192.168.1.4:22.
Searching for 192.168.1.4 in /var/jenkins_home/.ssh/known_hosts
Searching for 192.168.1.4:22 in /var/jenkins_home/.ssh/known_hosts
[04/21/25 12:59:00] [SSH] WARNING: No entry currently exists in the Known Hosts file for this host. Connections will be denied until this new host and its associated key is added to the Known Hosts file.
Key exchange was not finished, connection is closed.
SSH Connection failed with IOException: "Key exchange was not finished, connection is closed.", retrying in 15 seconds. There are 10 more retries left.解决方案:
sh
# 进入 Jenkins 容器执行
ssh-keyscan -H 从节点主机IP >> /var/jenkins_home/.ssh/known_hosts问题2:加入 Jenkins 失败
错误信息:
Starting agent process: cd "/data/jenkins" && java -jar remoting.jar -workDir /data/jenkins -jar-cache /data/jenkins/remoting/jarCache
Error: A JNI error has occurred, please check your installation and try again
Exception in thread "main" java.lang.UnsupportedClassVersionError: hudson/remoting/Launcher has been compiled by a more recent version of the Java Runtime (class file version 55.0), this version of the Java Runtime only recognizes class file versions up to 52.0
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:763)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:468)
at java.net.URLClassLoader.access$100(URLClassLoader.java:74)
at java.net.URLClassLoader$1.run(URLClassLoader.java:369)
at java.net.URLClassLoader$1.run(URLClassLoader.java:363)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:362)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:349)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:495)
Agent JVM has terminated. Exit code=1解决方案:
- 下载并安装 JDK 11 https://www.oracle.com/cn/java/technologies/javase/jdk11-archive-downloads.html#license-lightbox
- 在节点配置 → 启动方式 → 高级中指定 JDK11 路径
重新点击 launch agent即可
6. 创建 Pipeline 项目
6.1 Pipeline 脚本示例
groovy
pipeline {
agent {
label 'java' // 使用标签选择节点
}
environment {
IMAGE_NAME = "micro-datamap"
K8S_NAMESPACE = "development"
K8S_PORT = "31090"
K8S_DEBUG_PORT = "31091"
SPRING_PROFILES_ACTIVE = "dev"
}
parameters {
string(
name: 'BUILD_VERSION',
defaultValue: '3.0.4_hz250117',
description: '构建版本号'
)
}
stages {
stage("Checkout") {
steps {
echo "1. checkout integration branch"
git branch: '分支',
credentialsId: 'git凭据标识',
url: '仓库地址'
}
}
stage('Package&Build') {
steps {
echo "2.package project & build Image"
script {
sh "cat src/main/docker/Dockerfile"
sh "cd src/main/docker/ && bash build.sh ${SPRING_PROFILES_ACTIVE} ${BUILD_VERSION}"
}
}
}
stage('Push') {
steps {
echo "3.push image"
script {
sh "docker push 镜像名称"
}
}
}
stage('Deploy') {
steps {
echo "4.deploy in k8s"
script {
sh "echo 'deleting current deployment...'"
// 部署相关的kubectl命令
}
}
}
}
}