helm 安装#
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
| helm repo add jenkinsci https://charts.jenkins.io/
helm repo update jenkinsci
helm show values jenkinsci/jenkins
# 设置变量
export Password='myPassword'
# 空跑
helm upgrade --install --dry-run --debug \
--namespace devops \
--create-namespace \
--set controller.image.registry="harbor.example.com" \
--set controller.image.repository="jenkins/jenkins" \
--set controller.image.tag="2.440.1-jdk17" \
--set controller.image.pullPolicy=IfNotPresent \
--set controller.admin.username=admin \
--set controller.admin.password="${Password}" \
--set controller.admin.createSecret=true \
--set controller.jenkinsAdminEmail="admin@xxx.com" \
--set controller.resources.requests.cpu="1000m" \
--set controller.resources.requests.memory="256Mi" \
--set controller.resources.limits.cpu="1000m" \
--set controller.resources.limits.memory="256Mi" \
--set controller.jenkinsUrlProtocol='https://' \
--set controller.jenkinsUrl="jenkins.example.com" \
--set controller.installLatestPlugins=false \
--set controller.installLatestSpecifiedPlugins=false \
--set controller.initializeOnce=true \
--set controller.sidecars.configAutoReload.image.registry="harbor.example.com" \
--set controller.sidecars.configAutoReload.image.repository="kiwigrid/k8s-sidecar" \
--set controller.sidecars.configAutoReload.image.tag="1.27.4" \
--set controller.sidecars.configAutoReload.imagePullPolicy=IfNotPresent \
--set controller.ingress.enabled=true \
--set controller.ingress.apiVersion='networking.k8s.io/v1' \
--set controller.ingress.ingressClassName=nginx \
--set-string controller.ingress.annotations."kubernetes\.io/tls-acme"=true \
--set-string controller.ingress.annotations."nginx\.ingress\.kubernetes\.io/ssl-redirect"=true \
--set-string controller.ingress.annotations."cert-manager\.io/cluster-issuer"='letsencrypt-prod' \
--set controller.ingress.path='/' \
--set controller.ingress.hostName='jenkins.example.com' \
--set controller.ingress.tls[0].secretName='jenkins-example-com-tls' \
--set controller.ingress.tls[0].hosts[0]='jenkins.example.com' \
--set agent.jnlpregistry="harbor.example.com" \
--set agent.image.repository="jenkins/inbound-agent" \
--set agent.image.tag="3248.v65ecb_254c298-1" \
--set agent.alwaysPullImage=false \
--set persistence.enabled=true \
--set persistence.storageClass=rook-cephfs \
--set persistence.accessMode="ReadWriteOnce" \
--set persistence.size=20Gi \
--set networkPolicy.enabled=false \
--set checkDeprecation=false \
my-jenkins jenkinsci/jenkins --version 5.2.2
# 升级jenkins版本
helm repo update jenkinsci
# 获取安装参数
helm -n devops get values my-jenkins
# 空跑升级
helm upgrade --dry-run --debug \
--install my-jenkins \
--namespace devops \
--create-namespace \
--set persistence.storageClass=rook-cephfs \
--set persistence.enabled=true \
--set persistence.size=20Gi \
--set controller.serviceType=NodePort \
jenkinsci/jenkins --version 4.6.1
helm upgrade \
--install my-jenkins \
--namespace devops \
--create-namespace \
--set persistence.storageClass=rook-cephfs \
--set persistence.enabled=true \
--set persistence.size=20Gi \
--set controller.serviceType=NodePort \
jenkinsci/jenkins --version 4.6.1
|
Yaml 文件安装#
Kubernetes Jenkins Deployment#
Step 1#
Create a Namespace for Jenkins. It is good to categorize all the DevOps tools as a separate namespace from other applications.
1
2
3
4
5
6
| cat > namespace.yaml <<EOF
apiVersion: v1
kind: Namespace
metadata:
name: devops-tools
EOF
|
1
| kubectl apply -f namespace.yaml
|
Step 2#
Create a ‘serviceAccount.yaml’ file and copy the following admin service account manifest.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
| cat > serviceAccount.yaml <<EOF
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: jenkins-admin
rules:
- apiGroups: [""]
resources: ["*"]
verbs: ["*"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins-admin
namespace: devops-tools
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: jenkins-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: jenkins-admin
subjects:
- kind: ServiceAccount
name: jenkins-admin
namespace: devops-tools
EOF
|
1
| kubectl apply -f serviceAccount.yaml
|
Step 3#
Create ‘volume.yaml’ and copy the following persistent volume manifest.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| cat > volume.yaml <<EOF
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins-pv-claim
namespace: devops-tools
spec:
storageClassName: rook-cephfs
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi
EOF
|
1
| kubectl create -f volume.yaml
|
Step 4#
Create a Deployment file named ‘deployment.yaml’ and copy the following deployment manifest.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
| cat > deployment.yaml <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: devops-tools
spec:
replicas: 1
selector:
matchLabels:
app: jenkins-server
template:
metadata:
labels:
app: jenkins-server
spec:
securityContext:
fsGroup: 1000
runAsUser: 1000
serviceAccountName: jenkins-admin
containers:
- name: jenkins
image: jenkins/jenkins:2.452.3-lts
resources:
limits:
memory: "8Gi"
cpu: "4000m"
requests:
memory: "4Gi"
cpu: "2000m"
ports:
- name: httpport
containerPort: 8080
- name: jnlpport
containerPort: 50000
livenessProbe:
httpGet:
path: "/login"
port: 8080
initialDelaySeconds: 90
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
readinessProbe:
httpGet:
path: "/login"
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
volumeMounts:
- name: jenkins-data
mountPath: /var/jenkins_home
volumes:
- name: jenkins-data
persistentVolumeClaim:
claimName: jenkins-pv-claim
EOF
|
1
2
3
| kubectl apply -f deployment.yaml
kubectl get deployments -n devops-tools
kubectl describe deployments --namespace=devops-tools
|
Accessing Jenkins Using Kubernetes Service#
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
| cat > service.yaml <<EOF
---
apiVersion: v1
kind: Service
metadata:
name: jenkins-service
namespace: devops-tools
annotations:
prometheus.io/scrape: 'true'
prometheus.io/path: /
prometheus.io/port: '8080'
spec:
selector:
app: jenkins-server
type: NodePort
ports:
- port: 8080
targetPort: 8080
nodePort: 32000
---
apiVersion: v1
kind: Service
metadata:
name: jenkins-agent
namespace: devops-tools
spec:
selector:
app: jenkins-server
type: ClusterIP
ports:
- port: 50000
targetPort: 50000
EOF
|
1
| kubectl apply -f service.yaml
|
1
2
3
| kubectl get pods --namespace=devops-tools
kubectl logs jenkins-8446c867ff-krl6w --namespace=devops-tools
kubectl -n devops-tools exec -it jenkins-8446c867ff-krl6w -- cat /var/jenkins_home/secrets/initialAdminPassword
|