Simple configuration of jenkins installation and kubernetes plugin

Simple configuration of jenkins installation and kubernetes plugin

jenkins installation

docker + docker-compose 安装略
docker-compose.yaml

version: '3'
services:
  jenkins:
    image: 'jenkins/jenkins:2.255'
    container_name: jenkins
    restart: always
    user: root
    ports:
      - '80:8080'
      - '50000:50000'
    environment:
      TZ: Asia/Shanghai
    volumes:
      - '/data/jenkins/jenkins_home:/var/jenkins_home'

start up

docker-compose up -d

Speed ​​up the installation of plugins

1. Replace the source address

cp /data/jenkins/jenkins_home/hudson.model.UpdateCenter.xml /data/jenkins/jenkins_home/hudson.model.UpdateCenter.xml.bak
sed -i 's#updates.jenkins.io#mirrors.aliyun.com/jenkins/updates#g' /data/jenkins/jenkins_home/hudson.model.UpdateCenter.xml

2. Restart jenkins

docker restart jenkins

3. Open Jenkins in the browser to

cat /data/jenkins/jenkins_home/secrets/initialAdminPassword

4. Replace the download source. Go

to this interface and perform the following operations:

cp /data/jenkins/jenkins_home/updates/default.json /data/jenkins/jenkins_home/updates/default.json.bak
sed -i 's#https://updates.jenkins.io/download#https://mirrors.aliyun.com/jenkins#g' /data/jenkins/jenkins_home/updates/default.json
sed -i 's#http://www.google.com#https://www.baidu.com#g' /data/jenkins/jenkins_home/updates/default.json

Then click install and click the recommended plug-in

Plug-in installation

Search for direct installation

k8s information acquisition

Obtain the required information from the k8s config file.
1. Kubernetes address

server:对应的就是地址

2. Kubernetes service certificate key

certificate-authority-data: 对应的值就是key证书
须要base64解码

First write the value to the tmp file, execute the following statement to decode

cat tmp | base64 -d
# 结果
-----BEGIN CERTIFICATE-----
MIICyDCCAbCgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl
cm5ldGVzMB4XDTE5MDgxOTE2MDk1MloXDTI5MDgxNjE2MDk1MlowFTETMBEGA1UE
AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSb
D4rrCWvtMYsVqZ62I9mGodCIvJiVo6p+ajpVIoXXoDib8uVvdPGDSd2N1RMPWF+h
bRiuZNSZ27OLcd1RbcdJOKTyFYuzdeTYzrNXSfDavO9UafAPAwAKZLFb1616Sx64
jQ/nWVq6IB3UPfVuH3U0N0i7wrmQFcKc5HztLeLCDXIvqQmgB/ExFPi7EsJTumwW
2mQka2xvTpXbidYW/qVmWFr22a19Qp9VznHUIgbkB6Rx2Jp03g8GlOyn09CeIi8l
lStvT9+TseBuSDDgjCBwuSdutuuPu3RoxzyiVkzfLUH2Sy0eCuUS8mSHPrOHBkbG
7MLT9DLoRNZ+fMdU3b0CAwEAAaMjMCEwDgYDV222QH/BAQDAgKkMA8GA1UdEwEB
/wQFMAMBAf8wDQY22oZIhvcNAQELBQADggEBABnbW1fSOlMo+5asH32L39u69c0n
yDo4RpQ+6pJgWmWZKwVV+qxs0F8XyzryDr6iQRYAETDYaKM78qfN2IZNyxca2PrQ
ku0SgADeAhoVMPeA0Snn8RcnQjLjaMQraTul7irW8hLU1w5KTVceFbG6JA3PbVDq
uTGWwBwOh98i3Wod+bog3TBJFg2SHYN1PusHRagsXIrkPr+4DDMqWQQsYpuuesep
7eI2F1OT9U8dDx55qM7KD/AcF2NSCPZ6ITdGH/PAePkom3vG2JQrrBwXF2in4VW0
4PP/AloQkc67il0fqXxcB2PhnxRzLunpuFrPp1NcYX606zu6KZ9FMVy5ZjY=
-----END CERTIFICATE-----

3. Credentials
are executed here in a separate jenkins namespace

# 创建命名空间
kubectl create namespaces jenkins
# 创建sa-jenkins用户
kubectl create serviceaccount  jenkins -n jenkins
# 绑定admin角色到sa-jenkins用户
kubectl create clusterrolebinding -n jenkins jenkins-cluster-admin --clusterrole='cluster-admin' --serviceaccount=jenkins:jenkins
# 查询token
kubectl get secrets -n jenkins -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='jenkins')].data.token}" | base64 -d

Configuration

In the management, there is a cloud at the end

The plug-in introduction address has detailed configuration examples: https://plugins.jenkins.io/kubernetes

Simple verification

Simple script

podTemplate(label: 'jnlp-slave', cloud: 'kubernetes', containers: [
    containerTemplate(name: 'maven', image: 'maven:3.3.9-jdk-8-alpine', ttyEnabled: true, command: 'cat'),
  ],
volumes: [
    //persistentVolumeClaim(mountPath: '/root/.m2', claimName: 'maven-m2'),
    //persistentVolumeClaim(mountPath: '/home/jenkins/agent/workspace', claimName: 'workspace'),
    ]
)
{
    
    
  node("jnlp-slave"){
    
    
      stage('Build'){
    
    
          //git branch: 'master', url: 'http://root:[email protected]/java/$JOB_NAME.git'
          container('maven') {
    
    
              stage('Build a Maven project') {
    
    
                  //sh 'mvn clean package -U deploy'
                  sh 'echo maven'
              }
          }
      }
      stage('deploy'){
    
    
          sh '''
          env
          sleep 300
          '''
          //sshPublisher(publishers: [sshPublisherDesc(configName: '76', transfers: [sshTransfer(cleanRemote: false, excludes: '', execCommand: '/data/script/jenkins.sh $JOB_NAME', execTimeout: 120000000, flatten: false, makeEmptyDirs: false, noDefaultExcludes: false, patternSeparator: '[, ]+', remoteDirectory: '/data/kubernetes/service/$JOB_NAME', remoteDirectorySDF: false, removePrefix: 'target', sourceFiles: 'target/$JOB_NAME*.jar')], usePromotionTimestamp: false, useWorkspaceInPromotion: false, verbose: false)])
      }
  }
}

Interpretation of pipeline:

1. podTemplate creates a pod template. The cloud field specifies which kubernetes cloud to connect to. kubernetes just created a k8s, and the name of the cloud is kubernetes.
2. PersistentVolumeClaim defines the directory mount, which is the cache directory .m2 built by maven and the data directory generated by the build.
3. The following pipeline specifies the subsequent operations in jnlp-slave (that is, the pod template is also the slave node)