🔥码云GVP开源项目 12k star Uniapp+ElementUI 功能强大 支持多语言、二开方便! 广告
交付jenkins到k8s集群 ### 1、镜像准备 ``` docker pull jenkins/jenkins:2.190.3 docker tag 22b8b9a84dbe harbor.od.com/public/jenkins:v2.190.3 docker push harbor.od.com/public/jenkins:v2.190.3 ``` 为了适应我们的环境,我们的jenkins不能直接使用,需要进行配置: mkdir -p /data/dockerfile/jenkins/ cd /data/dockerfile/jenkins cat /data/dockerfile/jenkins/Dockerfile ``` FROM harbor.od.com/public/jenkins:v2.190.3 #定义启动jenkins的用户 USER root #修改时区 改成东八区 RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime &&\ echo 'Asia/Shanghai' >/etc/timezone #加载用户密钥,dubbo服务拉取代码使用的ssh ADD id_rsa /root/.ssh/id_rsa #加载宿主机的docker配置文件,登录远程仓库的认证信息加载到容器里面。 ADD config.json /root/.docker/config.json #在jenkins容器内安装docker 客户端,jenkins要执行docker build,docker引擎用的是宿主机的docker引擎 ADD get-docker.sh /get-docker.sh #跳过 ssh时候输入 yes 步骤,并执行安装docker RUN echo " StrictHostKeyChecking no" >> /etc/ssh/ssh_config &&\ /get-docker.sh ``` 首先创建密钥:**邮箱请根据自己的邮箱自行修改** ``` ssh-keygen -t rsa -b 2048 -C "xxx@xxx.com" -N "" -f /root/.ssh/id\_rsa ``` 将私钥加载到jenkins,将公钥配置到git仓库中,否则不能拉取代码: ![](https://img.kancloud.cn/b7/ee/b7ee54a923917da499060f64e9414b32_879x88.png)  接下来创建Dockerfile中需要的文件: ``` cp /root/.ssh/id_rsa ./ cp /root/.docker/config.json ./ curl -fsSL get.docker.com -o get-docker.sh chmod u+x get-docker.sh ``` 创建运维私有仓库,打开我们的harbor.od.com创建一个infra的私有仓库 ![](https://img.kancloud.cn/55/08/5508ca0588d1e0f0a7c7c06a2d8a226a_953x273.png)  然后build镜像 ``` docker build . -t harbor.od.com/infra/jenkins:v2.190.3 ``` ![](https://img.kancloud.cn/99/fe/99fe2c79ebae95ae50e8c6891060fdbd_901x728.png) build完以后将镜像上传到我们的私有仓库: ``` docker push harbor.od.com/infra/jenkins:v2.190.3 ``` ![](https://img.kancloud.cn/10/ad/10ad682743723c6fbb2c945e5ec3b45d_1376x275.png) 为jenkins创建名称空间: ``` kubectl create ns infra ``` 创建一条secret,用于访问我们的私有仓库infra:(任意一台node上执行) ``` kubectl create secret docker-registry harbor --docker-server=harbor.od.com --docker-username=admin --docker-password=Harbor12345 -n infra ``` ![](https://img.kancloud.cn/68/fe/68fed7840e1d0f0f0b635f445e1b8f03_1155x72.png) 解释一下上面的命令:创建一条secret,资源类型是docker-registry,名字是 harbor,docker-server=harbor.od.com ,docker-username=admin ,docker-password=Harbor12345 -n 指定私有仓库名称infra ### 2、共享存储部署 在运维主机和所有的node节点安装: ``` yum install nfs-utils -y ``` 使用HDSS-7200作为服务端: ``` vi /etc/exports /data/nfs-volume 10.4.7.0/24(rw,no_root_squash) mkdir -p /data/nfs-volume/jenkins_home ``` 启动服务 ``` systemctl start nfs systemctl enable nfs ``` ### 3、准备jenkins资源配置清单: cd /data/k8s-yaml/ mkdir jenkins cd jenkins cat dp.yaml ``` kind: Deployment apiVersion: extensions/v1beta1 metadata: name: jenkins namespace: infra labels: name: jenkins spec: replicas: 1 selector: matchLabels: name: jenkins template: metadata: labels: app: jenkins name: jenkins spec: volumes: - name: data nfs: server: hdss7-200 path: /data/nfs-volume/jenkins_home - name: docker hostPath: path: /run/docker.sock type: '' containers: - name: jenkins image: harbor.od.com/infra/jenkins:v2.190.3 imagePullPolicy: IfNotPresent ports: - containerPort: 8080 protocol: TCP env: - name: JAVA_OPTS value: -Xmx512m -Xms512m volumeMounts: - name: data mountPath: /var/jenkins_home - name: docker mountPath: /run/docker.sock imagePullSecrets: - name: harbor securityContext: runAsUser: 0 strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 maxSurge: 1 revisionHistoryLimit: 7 progressDeadlineSeconds: 600 ``` cat svc.yaml ``` kind: Service apiVersion: v1 metadata: name: jenkins namespace: infra spec: ports: - protocol: TCP port: 80 targetPort: 8080 selector: app: jenkins ``` cat ingress.yaml ``` kind: Ingress apiVersion: extensions/v1beta1 metadata: name: jenkins namespace: infra spec: rules: - host: jenkins.od.com http: paths: - path: / backend: serviceName: jenkins servicePort: 80 ``` 配置dns解析 vi /var/named/od.com.zone ``` jenkins A 10.4.7.10 ``` systemctl restart named 检查jenkins需要持久化的数据是否保存下来了 ![](https://img.kancloud.cn/c0/66/c0667398de835f13787c0ace4212eb88_563x280.png) Jenkins密码位置: cat /data/nfs-volume/jenkins_home/secrets/initialAdminPassword Jenkins安全的优化配置 ![](https://img.kancloud.cn/10/83/1083dd098db100da4476160374b04b20_1920x937.png) 替换Jenkins更新源,安装插件 ``` cd /data/nfs-volume/jenkins_home/updates sed -i 's/http:\/\/updates.jenkins-ci.org\/download/https:\/\/mirrors.tuna.tsinghua.edu.cn\/jenkins/g' default.json sed -i 's/http:\/\/www.google.com/https:\/\/www.baidu.com/g' default.json ``` 搜索蓝海插件并安装:blue ocean 安装完成以后: ![](https://img.kancloud.cn/f7/98/f79840740adc05ac85c3a4eef1929053_593x520.png) 因为镜像自己做的验证一下镜像情况 docker exec -it 8ff92f08e3aa /bin/bash 是否是root用户 whoami 时区是否是东八区 date 是否使用宿主机docker引擎,在容器内查看宿主机上的docker资源情况 docker ps 是否能访问harbor私有仓库 :原因是我们挂载了宿主机的docker config.json docker login harbor.od.com ![](https://img.kancloud.cn/4a/0f/4a0f9389a27a316eb959f2dfb497d81a_883x509.png)