使用k8s安装Jenkins

1.准备安装包

1. sonar-scanner

wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.8.0.2856-linux.zip
unzip sonar-scanner-cli-4.8.0.2856-linux.zip

2. apache-maven

wget https://archive.apache.org/dist/maven/maven-3/3.9.0/binaries/apache-maven-3.9.0-bin.tar.gz

3. Dockerfile

FROM jenkins/jenkins:2.567-jdk21
ADD ./apache-maven-3.9.0-bin.tar.gz /usr/local/
ADD ./sonar-scanner-4.8.0.2856-linux/ /usr/local/sonar-scanner

ENV MAVEN_HOME=/usr/local/apache-maven-3.9.0
ENV PATH=$JAVA_HOME/bin:$MAVEN_HOME/bin:$PATH

USER root
RUN echo "jenkins ALL=NOPASSWD: ALL" >> /etc/sudoers
USER jenkins

4. 文件夹结构

jenkins

├── Dockerfile

├── apache-maven-3.9.0-bin.tar.gz

├── sonar-scanner-4.8.0.2856-linux

5. 构建docker镜像并push到私仓

# 构建带 maven 环境的 jenkins 镜像
docker build -t {harbor-host}:{harbor-port}/wolfcode/jenkins-maven:v2 .
# 登录 harbor
docker login -uadmin {harbor-host}:{harbor-port}

# 推送镜像到 harbor
docker push {harbor-host}:{harbor-port}/wolfcode/jenkins-maven:v2
# 拉取镜像
docker pull {harbor-host}:{harbor-port}/wolfcode/jenkins-maven:v2

2. k8s yaml

1. devops-test-namespace.yaml

apiVersion: v1
kind: Namespace
metadata:
  name: devops-test

2. 创建harbor-secret

kubectl create secret docker-registry harbor-secret --docker-server=172.16.31.35:8858 --docker-username=admin --docker-password=wolfcode -n devops-test

3. jenkins-configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: mvn-settings
  namespace: devops-test
  labels:
    app: jenkins-server
data:
  settings.xml: |-
    <?xml version="1.0"?>
    <settings>
        <localRepository>/var/jenkins_home/repository</localRepository>
        <pluginGroups>
            <pluginGroup>org.sonarsource.scanner.maven</pluginGroup>
        </pluginGroups>
    </settings>

4. jenkins-deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: jenkins
  namespace: devops-test
spec:
  selector:
    matchLabels:
      app: jenkins-server
  template:
    metadata:
      labels:
        app: jenkins-server
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: node-role.kubernetes.io/master
                    operator: In
                    values: [ "true" ]
      tolerations: # 允许调度到master节点
        - key: node-role.kubernetes.io/control-plane # 控制平面节点
          effect: NoSchedule # 容忍该污点的影响NoSchedule
          operator: Exists # 该标签存在
      serviceAccountName: jenkins-admin
      imagePullSecrets:
        - name: harbor-secret # harbor 镜像仓库的secret
      containers:
        - name: jenkins
          image: {harbor-host}:{harbor-port}/wolfcode/jenkins-maven:v2
          imagePullPolicy: IfNotPresent
          securityContext:
            privileged: true
            runAsUser: 0 # 默认使用root用户运行容器
          resources:
            limits:
              memory: "2Gi"
              cpu: "1000m"
            requests:
              memory: "500Mi"
              cpu: "500m"
          ports:
            - containerPort: 8080
              name: httpport
            - containerPort: 50000
              name: jnlport
          livenessProbe:
            httpGet:
              path: "/login"
              port: 8080
            initialDelaySeconds: 90
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 5
          readinessProbe:
            httpGet:
              path: "/login"
              port: 8080
            initialDelaySeconds: 60
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 3
          volumeMounts:
            - name: jenkins-data
              mountPath: /var/jenkins_home
            - name: docker
              mountPath: /run/docker.sock
            - name: docker-home
              mountPath: /usr/bin/docker
            - name: mvn-setting
              mountPath: /usr/local/apache-maven-3.9.0/conf/settings.xml
              subPath: settings.xml
            - name: daemon
              mountPath: /etc/docker/daemon.json
              subPath: daemon.json
            - name: kubectl
              mountPath: /usr/bin/kubectl
      volumes:
        - name: kubectl
          hostPath:
            path: /usr/local/bin/kubectl
        - name: jenkins-data
          persistentVolumeClaim:
            claimName: jenkins-pvc
        - name: docker
          hostPath:
            path: /run/docker.sock # 将主机的docker映射到容器中
        - name: docker-home
          hostPath:
            path: /usr/bin/docker
        - name: mvn-setting
          configMap:
            name: mvn-settings
            items:
              - key: settings.xml
                path: settings.xml
        - name: daemon
          hostPath:
            path: /etc/docker/

5. jenkins-pvc.yaml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: jenkins-pvc
  namespace: devops-test
spec:
  storageClassName: "local-path"
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi

6. jenkins-service.yaml

apiVersion: v1
kind: Service
metadata:
  name: jenkins-svc
  namespace: devops-test
  labels:
    app: jenkins-service
spec:
  type: NodePort
  ports:
    - name: httpport
      port: 8080
      targetPort: 8080
      protocol: TCP
    - name: jnlport
      port: 50000
      targetPort: 50000
      protocol: TCP
  selector:
    app: jenkins-server

7. jenkins-serviceaccount.yaml

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins-admin
  namespace: devops-test
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: jenkins-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: jenkins-admin
    namespace: devops-test

8. 文件夹结构

manifests

├── devops-test-namespace.yaml

├── jenkins-configmap.yaml

├── jenkins-deployment.yaml

├── jenkins-pvc.yaml

├── jenkins-service.yaml

├── jenkins-serviceaccount.yaml

9. apply这些yaml

cd manifests
kubectl apply -f .

10. 查看结果

kubectl get deploy,pod,svc -n devops-test --show-labels

NAME                             READY   UP-TO-DATE   AVAILABLE   AGE     LABELS
deployment.apps/jenkins          1/1     1            1           4d17h   <none>

NAME                                  READY   STATUS    RESTARTS      AGE     LABELS
pod/jenkins-865d5494d8-4wklw          1/1     Running   3 (43h ago)   4d17h   app=jenkins-server,pod-template-hash=865d5494d8

NAME                     TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)                          AGE     LABELS
service/jenkins-svc      NodePort   10.233.33.29   <none>        8080:31705/TCP,50000:30522/TCP   4d17h   app=jenkins-service

可以看到nodeport为31705

打开浏览器，输入http://{k8s-master-host}:{jenkins-svc-port}

能打开jenkins网页说明安装成功

3.登录jenkins

1. 查看初始密码

kubectl exec -it pod/jenkins-865d5494d8-4wklw -n devops-test -- /bin/bash

进入pod的命令行中执行

cat /var/jenkins_home/secrets/initialAdminPassword

即可查看到初始密码，将密码复制

2. 打开浏览器

url: http://{k8s-master-host}:{jenkins-svc-port}

3. 输入管理员密码

第一次登录会被要求输出管理员密码

password: /var/jenkins_home/secrets/initialAdminPassword保存的初始密码

4. 跳过插件安装

输入管理员密码之后点击继续，会跳出自定义Jenkins界面，有两个选项，安装推荐的插件/选择插件来安装，点击选择插件来安装，在下一个界面中取消勾选所有插件，点击继续

5. 跳过创建第一个管理员用户，使用admin账户继续

6. 实例配置

Jenkins URL输入框输入http://{k8s-master-host}:{jenkins-svc-port}

然后点击保存并完成

7. 点击开始使用Jenkins

安装插件

点击系统设置齿轮图标 > 插件管理 > Available plugins

在输入框中输入插件名称，点击安装按钮即可安装

需要安装的插件有

Folders

OWASP Markup Formatter

Build Timeout

Credentials Binding

Timestamper

Workspace Cleanup Plugin

Ant

Gradle Plugin

Pipeline

Pipeline: Stage View Plugin

Git

GitLab

Build Authorization Token Root

SonarQube Scanner for Jenkins

Node and Label parameter

Kubernetes

Config File Provider

Git Parameter

修改密码

点击右上角用户图标

点击Security，即可修改密码