使用k8s容器化布署jenkins
Posted ~~~~~~~~~~~~~~
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了使用k8s容器化布署jenkins相关的知识,希望对你有一定的参考价值。
本环境基于minikube搭建的单机k8s。
- 布署jenkins pod,jenkins.yaml文件如下:
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
---
apiVersion: v1
kind: Pod
metadata:
name: jenkins
labels:
name: jenkins
spec:
serviceAccount: jenkins
containers:
- name: jenkins
image: jenkins/jenkins:latest #jenkins镜像名称
imagePullPolicy: IfNotPresent
volumeMounts:
- name: jenkins-data
mountPath: /var/jenkins_home #容器内部挂载目录
readOnly: False
- name: timezone
mountPath: /etc/localtime
readOnly: True
volumes:
- name: jenkins-data
hostPath:
path: /data/jenkins_data #宿主机挂载目录,与上面的mountPath对应,类似于使用(docker -v
/data/jenkins_data:/var/jenkins_home)
- name: timezone
hostPath:
path: /etc/localtime
restartPolicy: Always
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: jenkins
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: jenkins
rules:
- apiGroups: ["extensions", "apps"]
resources: ["deployments"]
verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
- apiGroups: [""]
resources: ["services"]
verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
namespace: default注意容器挂载的宿主机目录是否有写入权限。
执行kubectl create -f jenkins.yaml创建pod
执行kubectl get pods --all-namespaces查看pod是否正常
2.创建service,暴露jenkins访问端口至node节点,jenkins-service.yaml文件如下
apiVersion: v1
kind: Service
metadata:
name: jenkins
labels:
name: jenkins-svc
spec:
selector:
name: jenkins #service作用范围,与pod标签对应
type: NodePort #service类型,NodePort为使用宿主机端口
ports:
- name: jenkins-8080
port: 8080
nodePort: 30000 #宿主机暴露端口
protocol: TCP
- name: jenkins-50000
port: 50000
nodePort: 30001
使用node节点ip:30000端口访问jenkins页面。
Jenkins初次登录管理密码可在/data/jenkins/secrets/initialAdminPassword文件查看。
以上是关于使用k8s容器化布署jenkins的主要内容,如果未能解决你的问题,请参考以下文章
[jenkins 2]让jenkins来自动帮我们布属.net项目