首先下载jenkins镜像并上传到我们自己的私有仓库:7-200
# docker pull jenkins/jenkins:2.190.3
# docker tag 22b8b9a84dbe harbor.od.com/public/jenkins:v2.190.3
# docker push harbor.od.com/public/jenkins:v2.190.3
为了适应我们的环境,我们的jenkins不能直接使用,需要进行配置:
# mkdir -p /data/dockerfile/jenkins/
# cd /data/dockerfile/jenkins
# vi Dockerfile
FROM harbor.od.com/public/jenkins:v2.190.3 USER root #定义启动jenkins的用户 RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime &&\ echo 'Asia/Shanghai' >/etc/timezone #修改时区 改成东八区 ADD id_rsa /root/.ssh/id_rsa #加载用户密钥,dubbo服务拉取代码使用的ssh ADD config.json /root/.docker/config.json #加载宿主机的docker配置文件,登录远程仓库的认证信息加载到容器里面。 ADD get-docker.sh /get-docker.sh # 在jenkins容器内安装docker 客户端,jenkins要执行docker build,docker引擎用的是宿主机的docker引擎 RUN echo " StrictHostKeyChecking no" >> /etc/ssh/ssh_config &&\ /get-docker.sh # 跳过 ssh时候输入 yes 步骤,并执行安装docker
首先创建密钥:邮箱请根据自己的邮箱自行修改
# ssh-keygen -t rsa -b 2048 -C "[email protected]" -N "" -f /root/.ssh/id_rsa
将私钥加载到jenkins,将公钥配置到git仓库中,否则不能拉取代码:
接下来创建Dockerfile中需要的文件:
# curl -fsSL get.docker.com -o get-docker.sh
添加执行权限:
# chmod u+x get-docker.sh
# cp /root/.ssh/id_rsa ./
# cp /root/.docker/config.json ./
创建运维私有仓库,打开我们的harbor.od.com创建一个infra的私有仓库:
然后build镜像:过程漫长,可以抽根烟,喝杯茶了
# docker build . -t harbor.od.com/infra/jenkins:v2.190.3
build完以后将镜像上传到我们的私有仓库:
# docker push harbor.od.com/infra/jenkins:v2.190.3
为jenkins创建名称空间:
# kubectl create ns infra
创建一条secret,用于访问我们的私有仓库infra:
# kubectl create secret docker-registry harbor --docker-server=harbor.od.com --docker-username=admin --docker-password=Harbor12345 -n infra
解释一下上面的命令:创建一条secret,资源类型是docker-registry,名字是 harbor,docker-server=harbor.od.com ,docker-username=admin ,docker-password=Harbor12345 -n 指定私有仓库名称infra
为了让jenkins中一些需要持久化的数据,能够存储,我们需要使用共享存储,然后进行挂载:这里使用最简单的NFS共享存储,因为k8s默认支持nfs模块
在运维主机和所有的node节点安装:
# yum install nfs-utils -y
使用7-200作为服务端:
# vi /etc/exports
/data/nfs-volume 10.4.7.0/24(rw,no_root_squash)
# mkdir -p mkdir /data/nfs-volume/jenkins_home
# systemctl start nfs
# systemctl enable nfs
准备jenkins资源配置清单:
# cd /data/k8s-yaml/
# mkdir jenkins
# cd jenkins
1、dp.yaml
这里挂载了宿主机的docker.sock,使容器内的docker客户端可以直接与宿主机的docker引擎进行通信
在使用私有仓库的时候,资源清单中,一定要声明:
imagePullSecrets:
- name: harbor
# vi dp.yaml
kind: Deployment apiVersion: extensions/v1beta1 metadata: name: jenkins namespace: infra labels: name: jenkins spec: replicas: 1 selector: matchLabels: name: jenkins template: metadata: labels: app: jenkins name: jenkins spec: volumes: - name: data nfs: server: hdss7-200 path: /data/nfs-volume/jenkins_home - name: docker hostPath: path: /run/docker.sock type: '' containers: - name: jenkins image: harbor.od.com/infra/jenkins:v2.190.3 imagePullPolicy: IfNotPresent ports: - containerPort: 8080 protocol: TCP env: - name: JAVA_OPTS value: -Xmx512m -Xms512m volumeMounts: - name: data mountPath: /var/jenkins_home - name: docker mountPath: /run/docker.sock imagePullSecrets: - name: harbor securityContext: runAsUser: 0 strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 maxSurge: 1 revisionHistoryLimit: 7 progressDeadlineSeconds: 600
2、svc.yaml
kind: Service apiVersion: v1 metadata: name: jenkins namespace: infra spec: ports: - protocol: TCP port: 80 targetPort: 8080 selector: app: jenkins
3、ingress.yaml
kind: Ingress apiVersion: extensions/v1beta1 metadata: name: jenkins namespace: infra spec: rules: - host: jenkins.od.com http: paths: - path: / backend: serviceName: jenkins servicePort: 80
应用资源配置清单:node节点
# kubectl create -f http://k8s-yaml.od.com/jenkins/dp.yaml # kubectl create -f http://k8s-yaml.od.com/jenkins/svc.yaml # kubectl create -f http://k8s-yaml.od.com/jenkins/ingress.yaml
查看我们创建的pod:这个启动时间还是挺长的,大概要几分钟时间
# kubectl get pod -n infra
检查jenkins需要持久化的数据是否保存下来了:7-200
已经起来了:
添加解析:7-11
# vi /var/named/od.com.zone # systemctl restart named
浏览器访问:
http://jenkins.od.com
经过配置我们已经部署好了jenkins:
安全配置:
允许跨域:
