Kubernetes 创建 Jenkins 实现 CICD 配置指南

Kubernetes 创建 Jenkins 实现 CICD 配置指南

拉取 Jenkins 镜像并推送到本地仓库

sh 复制代码
# 从官方仓库拉取镜像(若网络不通畅可使用国内镜像源)
docker pull jenkins/jenkins:lts-jdk11

# 国内用户可去下面地址寻找镜像源并拉取:
https://docker.aityp.com

# 推送到本地 Kubernetes 镜像仓库
docker tag jenkins/jenkins:lts-jdk11 192.168.1.13:5000/datasafe/jenkins:lts-jdk11
docker push 192.168.1.13:5000/datasafe/jenkins:lts-jdk11

1. 创建命名空间

sh 复制代码
kubectl create ns jenkins

2. 创建 ServiceAccount 和权限绑定

2.1 检查 ServiceAccount 是否存在

sh 复制代码
kubectl get serviceaccount -n jenkins

2.2 创建 jenkins-admin ServiceAccount

sh 复制代码
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins-admin
  namespace: jenkins
EOF

2.3 配置权限绑定

集群管理员权限 (ClusterRoleBinding)
sh 复制代码
cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: jenkins-admin-binding
subjects:
- kind: ServiceAccount
  name: jenkins-admin
  namespace: jenkins
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
EOF
命名空间权限 (RoleBinding)
sh 复制代码
cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: jenkins-admin-binding
  namespace: jenkins
subjects:
- kind: ServiceAccount
  name: jenkins-admin
  namespace: jenkins
roleRef:
  kind: Role
  name: jenkins-role
  apiGroup: rbac.authorization.k8s.io
EOF

3. 部署 Jenkins YAML 配置

yaml 复制代码
---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: jenkins
  namespace: jenkins
spec:
  replicas: 1
  selector:
    matchLabels:
      app: jenkins
  template:
    metadata:
      labels:
        app: jenkins
    spec:
      volumes:
        - name: jenkinshome
          persistentVolumeClaim:
            claimName: jenkins-data-pvc
      containers:
        - name: jenkins
          image: '192.168.1.13:5000/datasafe/jenkins:lts-jdk11'
          ports:
            - name: web
              containerPort: 8080
              protocol: TCP
            - name: agent
              containerPort: 50000
              protocol: TCP
          env:
            - name: JAVA_OPTS
              value: '-Duser.timezone=Asia/Shanghai'
          volumeMounts:
            - name: jenkinshome
              mountPath: /var/jenkins_home
      serviceAccountName: jenkins-admin
      securityContext: {}

---
kind: Service
apiVersion: v1
metadata:
  name: jenkins
  namespace: jenkins
  labels:
    app: jenkins
spec:
  ports:
    - name: web
      protocol: TCP
      port: 8080
      targetPort: 8080
      nodePort: 30010
  selector:
    app: jenkins
  type: NodePort

---
kind: Service
apiVersion: v1
metadata:
  name: jenkins-agent
  namespace: jenkins
  labels:
    app: jenkins
spec:
  ports:
    - name: agent
      protocol: TCP
      port: 50000
      targetPort: 50000
  selector:
    app: jenkins
  type: ClusterIP

---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: jenkins-data-pvc
  namespace: jenkins
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 10Gi
  storageClassName: nfs-client

4. 创建凭证(Git 服务器账户密码)

  1. 进入 Jenkins 管理界面
  2. 导航到"系统管理" → "凭据管理"
  3. 创建 Git 和节点服务器凭证
  4. 记录生成的唯一标识符

5. 绑定 Jenkins 服务器节点

5.1 准备工作

从节点需要安装以下环境:

  • Git
  • JDK
  • Maven
  • Docker(可选)

添加 Maven 环境变量:

sh 复制代码
echo 'export PATH=/usr/local/apache-maven-3.8.6/bin:$PATH' >> ~/.profile
source ~/.profile

5.2 创建从节点

  1. 进入"系统管理" → "节点和云管理"
  2. 创建新节点
  3. 配置节点信息:
    • 名称
    • 远程工作目录
    • 启动方式(通过SSH)
    • 凭据(使用之前创建的凭证)


5.3 常见问题及解决方案

问题1:Jenkins 连接不上远程机器

错误信息:

复制代码
[SSH] Opening SSH connection to 192.168.1.4:22.
Searching for 192.168.1.4 in /var/jenkins_home/.ssh/known_hosts
Searching for 192.168.1.4:22 in /var/jenkins_home/.ssh/known_hosts
[04/21/25 12:59:00] [SSH] WARNING: No entry currently exists in the Known Hosts file for this host. Connections will be denied until this new host and its associated key is added to the Known Hosts file.
Key exchange was not finished, connection is closed.
SSH Connection failed with IOException: "Key exchange was not finished, connection is closed.", retrying in 15 seconds. There are 10 more retries left.

解决方案:

sh 复制代码
# 进入 Jenkins 容器执行
ssh-keyscan -H 从节点主机IP >> /var/jenkins_home/.ssh/known_hosts
问题2:加入 Jenkins 失败

错误信息:

复制代码
Starting agent process: cd "/data/jenkins" && java  -jar remoting.jar -workDir /data/jenkins -jar-cache /data/jenkins/remoting/jarCache
Error: A JNI error has occurred, please check your installation and try again
Exception in thread "main" java.lang.UnsupportedClassVersionError: hudson/remoting/Launcher has been compiled by a more recent version of the Java Runtime (class file version 55.0), this version of the Java Runtime only recognizes class file versions up to 52.0
	at java.lang.ClassLoader.defineClass1(Native Method)
	at java.lang.ClassLoader.defineClass(ClassLoader.java:763)
	at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
	at java.net.URLClassLoader.defineClass(URLClassLoader.java:468)
	at java.net.URLClassLoader.access$100(URLClassLoader.java:74)
	at java.net.URLClassLoader$1.run(URLClassLoader.java:369)
	at java.net.URLClassLoader$1.run(URLClassLoader.java:363)
	at java.security.AccessController.doPrivileged(Native Method)
	at java.net.URLClassLoader.findClass(URLClassLoader.java:362)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
	at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:349)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
	at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:495)
Agent JVM has terminated. Exit code=1

解决方案:

  1. 下载并安装 JDK 11 https://www.oracle.com/cn/java/technologies/javase/jdk11-archive-downloads.html#license-lightbox
  2. 在节点配置 → 启动方式 → 高级中指定 JDK11 路径

重新点击 launch agent即可

6. 创建 Pipeline 项目

6.1 Pipeline 脚本示例

groovy 复制代码
pipeline {
    agent {
        label 'java' // 使用标签选择节点
    }
        
    environment {
        IMAGE_NAME = "micro-datamap"
        K8S_NAMESPACE = "development"
        K8S_PORT = "31090"
        K8S_DEBUG_PORT = "31091"
        SPRING_PROFILES_ACTIVE = "dev"
    }
    
    parameters {
        string(
            name: 'BUILD_VERSION',
            defaultValue: '3.0.4_hz250117',
            description: '构建版本号'
        )
    }
    
    stages {
        stage("Checkout") {
            steps {
                echo "1. checkout integration branch"
                git branch: '分支',
                    credentialsId: 'git凭据标识',
                    url: '仓库地址'
            }
        }
        
        stage('Package&Build') {
            steps {
                echo "2.package project & build Image"
                script {
                    sh "cat src/main/docker/Dockerfile"
                    sh "cd src/main/docker/ && bash build.sh ${SPRING_PROFILES_ACTIVE} ${BUILD_VERSION}"
                }
            }
        }
        
        stage('Push') {
            steps {
                echo "3.push image"
                script {
                    sh "docker push 镜像名称"
                }
            }
        }
        
        stage('Deploy') {
            steps {
                echo "4.deploy in k8s"
                script {
                    sh "echo 'deleting current deployment...'"
                    // 部署相关的kubectl命令
                }
            }
        }
    }
}
相关推荐
Connie145129 分钟前
k8s多集群管理中的联邦和舰队如何理解?
云原生·容器·kubernetes
真实的菜2 小时前
Jenkins 插件深度应用:让你的CI/CD流水线如虎添翼 [特殊字符]
servlet·ci/cd·jenkins
ldj20205 小时前
Jenkins 构建过程常见错误
运维·jenkins
伤不起bb5 小时前
Kubernetes 服务发布基础
云原生·容器·kubernetes
别骂我h8 小时前
Kubernetes服务发布基础
云原生·容器·kubernetes
weixin_399380699 小时前
k8s一键部署tongweb企业版7049m6(by why+lqw)
java·linux·运维·服务器·云原生·容器·kubernetes
绝不偷吃13 小时前
ELK日志分析系统
运维·elk·jenkins
斯普信专业组1 天前
K8s环境下基于Nginx WebDAV与TLS/SSL的文件上传下载部署指南
nginx·kubernetes·ssl
&如歌的行板&1 天前
如何在postman中动态请求k8s中的pod ip(基于nacos)
云原生·容器·kubernetes
云妙算1 天前
K8s 弹性伸缩踩坑实录:周末 2 天烧掉 10 万元!?
云原生·kubernetes