飞天使-学以致用-devops知识点3-安装jenkins
文章目录
- 构建带maven环境的jenkins 镜像
- 安装jenkins
- jenkins yaml 文件
- 安装插件
- jenkins 配置k8s
- 创建户凭证
构建带maven环境的jenkins 镜像
# 构建带 maven 环境的 jenkins 镜像 docker build -t 192.168.113.122:8858/library/jenkins-maven:jdk-11 . # 登录 harbor docker login -uadmin 192.168.113.122:8858 # 推送镜像到 harbor docker push 192.168.113.122:8858/library/jenkins-maven:jdk-11 ps: docker build -t 108.1.1.1:8858/wolfcode/jenkin-maven:v1 . # 查看images [root@kubeadm-master1 jenkins-maven]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 108.1.1.1:8858/wolfcode/jenkin-maven v1 33bdff943baf About a minute ago 783MB # 推送到harbor [root@kubeadm-master1 jenkins-maven]# docker login 108.1.1.12:8858 Authenticating with existing credentials... WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@kubeadm-master1 jenkins-maven]# docker push 108.1.1.12:8858/wolfcode/jenkin-maven:v1
安装jenkins
创建pvc,pv
[root@kubeadm-master2 jenkins]# cat pv.yaml apiVersion: v1 kind: PersistentVolume metadata: name: pv6 spec: capacity: storage: 5Gi accessModes: - ReadWriteMany storageClassName: "managed-nfs-storage6" persistentVolumeReclaimPolicy: Retain nfs: path: /root/data/pv6 server: 192.168.1.209 [root@kubeadm-master2 jenkins]# cat pvc.yaml apiVersion: v1 kind: PersistentVolumeClaim metadata: name: jenkins-data6 namespace: kube-devops spec: accessModes: - ReadWriteMany storageClassName: "managed-nfs-storage6" resources: requests: storage: 5Gi# 进入 jenkins 目录,安装 jenkins kubectl apply -f manifests/ # 查看是否运行成功 kubectl get po -n kube-devops # 查看 service 端口,通过浏览器访问 kubectl get svc -n kube-devops # 查看容器日志,获取默认密码 kubectl logs -f pod名称 -n kube-devops [root@kubeadm-master2 jenkins]# kubectl logs -f jenkins-7c558dd78b-bsp9x -n kube-devops 里面写了密码
jenkins yaml 文件
[root@kubeadm-master2 manifests]# cat jenkins-configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: mvn-settings namespace: kube-devops labels: app: jenkins-server data: settings.xml: |- /var/jenkins_home/repository releases admin wolfcode snapshots admin wolfcode releases nexus maven * http://192.168.113.121:8868/repository/maven-public/ org.sonarsource.scanner.maven releases true 1.8 http://sonarqube:9000 repository Nexus Repository http://192.168.113.121:8868/repository/maven-public/ true true [root@kubeadm-master2 manifests]# cat jenkins- jenkins-configmap.yaml jenkins-deployment.yaml jenkins-pvc.yaml jenkins-serviceAccount.yaml jenkins-service.yaml [root@kubeadm-master2 manifests]# cat jenkins-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: jenkins namespace: kube-devops spec: replicas: 1 selector: matchLabels: app: jenkins-server template: metadata: labels: app: jenkins-server spec: serviceAccountName: jenkins-admin imagePullSecrets: - name: harbor-secret # harbor 访问 secret containers: - name: jenkins image: 192.168.113.122:8858/library/jenkins-maven:jdk-11 imagePullPolicy: IfNotPresent securityContext: privileged: true runAsUser: 0 # 使用 root 用户运行容器 resources: limits: memory: "2Gi" cpu: "1000m" requests: memory: "500Mi" cpu: "500m" ports: - name: httpport containerPort: 8080 - name: jnlpport containerPort: 50000 livenessProbe: httpGet: path: "/login" port: 8080 initialDelaySeconds: 90 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 5 readinessProbe: httpGet: path: "/login" port: 8080 initialDelaySeconds: 60 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 volumeMounts: - name: jenkins-data mountPath: /var/jenkins_home - name: docker mountPath: /run/docker.sock - name: docker-home mountPath: /usr/bin/docker - name: mvn-setting mountPath: /usr/local/apache-maven-3.9.0/conf/settings.xml subPath: settings.xml - name: daemon mountPath: /etc/docker/daemon.json subPath: daemon.json - name: kubectl mountPath: /usr/bin/kubectl volumes: - name: kubectl hostPath: path: /usr/bin/kubectl - name: jenkins-data persistentVolumeClaim: claimName: jenkins-pvc - name: docker hostPath: path: /run/docker.sock # 将主机的 docker 映射到容器中 - name: docker-home hostPath: path: /usr/bin/docker - name: mvn-setting configMap: name: mvn-settings items: - key: settings.xml path: settings.xml - name: daemon hostPath: path: /etc/docker/ [root@kubeadm-master2 manifests]# cat jenkins-service.yaml apiVersion: v1 kind: Service metadata: name: jenkins-service namespace: kube-devops annotations: prometheus.io/scrape: 'true' prometheus.io/path: / prometheus.io/port: '8080' spec: selector: app: jenkins-server type: NodePort ports: - port: 8080 targetPort: 8080 [root@kubeadm-master2 manifests]# cat jenkins- jenkins-configmap.yaml jenkins-deployment.yaml jenkins-pvc.yaml jenkins-serviceAccount.yaml jenkins-service.yaml [root@kubeadm-master2 manifests]# cat jenkins-serviceAccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: jenkins-admin namespace: kube-devops --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: jenkins-admin roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: jenkins-admin namespace: kube-devops安装插件
Build Authorization Token Root Gitlab SonarQube Scanner 代码质量审查工具 在 Dashboard > 系统管理 > Configure System 下面配置 SonarQube servers Name:sonarqube # 注意这个名字要在 Jenkinsfile 中用到 Server URL:http://sonarqube:9000 Server authentication token:创建 credentials 配置为从 sonarqube 中得到的 token 进入系统管理 > 全局工具配置 > SonarQube Scanner > Add SonarQube Scanner Name:sonarqube-scanner 自动安装:取消勾选 SONAR_RUNNER_HOME:/usr/local/sonar-scanner-cli Node and Label parameter Kubernetes jenkins + k8s 环境配置 进入 Dashboard > 系统管理 > 节点管理 > Configure Clouds 页面 配置 k8s 集群 名称:kubernetes 点击 Kubernetes Cloud details 继续配置 Kubernetes 地址: 如果 jenkins 是运行在 k8s 容器中,直接配置服务名即可 https://kubernetes.default 如果 jenkins 部署在外部,那么则不仅要配置外部访问 ip 以及 apiserver 的端口(6443),还需要配置服务证书 Jenkins 地址: 如果部署在 k8s 集群内部:http://jenkins-service.kube-devops 如果在外部:http://192.168.113.120:32479(换成你们自己的) 配置完成后保存即可 Config File Provider Git Parameter
jenkins 配置k8s
https://kubernetes.default
添加标签
创建用户凭证
系统管理 > 安全 > Manage Credentials > System > 全局凭据(unrestricted) > Add Credentials 范围:全局 用户名:root 密码:wolfcode ID:gitlab-user-pass
免责声明:我们致力于保护作者版权,注重分享,被刊用文章因无法核实真实出处,未能及时与作者取得联系,或有版权异议的,请联系管理员,我们会立即处理!
部分文章是来自自研大数据AI进行生成,内容摘自(百度百科,百度知道,头条百科,中国民法典,刑法,牛津词典,新华词典,汉语词典,国家院校,科普平台)等数据,内容仅供学习参考,不准确地方联系删除处理!
图片声明:本站部分配图来自人工智能系统AI生成,觅知网授权图片,PxHere摄影无版权图库和百度,360,搜狗等多加搜索引擎自动关键词搜索配图,如有侵权的图片,请第一时间联系我们,邮箱:ciyunidc@ciyunshuju.com。本站只作为美观性配图使用,无任何非法侵犯第三方意图,一切解释权归图片著作权方,本站不承担任何责任。如有恶意碰瓷者,必当奉陪到底严惩不贷!
