Simple configuration of jenkins installation and kubernetes plugin
jenkins installation
docker + docker-compose 安装略
docker-compose.yaml
version: '3'
services:
jenkins:
image: 'jenkins/jenkins:2.255'
container_name: jenkins
restart: always
user: root
ports:
- '80:8080'
- '50000:50000'
environment:
TZ: Asia/Shanghai
volumes:
- '/data/jenkins/jenkins_home:/var/jenkins_home'
start up
docker-compose up -d
Speed up the installation of plugins
1. Replace the source address
cp /data/jenkins/jenkins_home/hudson.model.UpdateCenter.xml /data/jenkins/jenkins_home/hudson.model.UpdateCenter.xml.bak
sed -i 's#updates.jenkins.io#mirrors.aliyun.com/jenkins/updates#g' /data/jenkins/jenkins_home/hudson.model.UpdateCenter.xml
2. Restart jenkins
docker restart jenkins
3. Open Jenkins in the browser to
cat /data/jenkins/jenkins_home/secrets/initialAdminPassword
4. Replace the download source. Go
to this interface and perform the following operations:
cp /data/jenkins/jenkins_home/updates/default.json /data/jenkins/jenkins_home/updates/default.json.bak
sed -i 's#https://updates.jenkins.io/download#https://mirrors.aliyun.com/jenkins#g' /data/jenkins/jenkins_home/updates/default.json
sed -i 's#http://www.google.com#https://www.baidu.com#g' /data/jenkins/jenkins_home/updates/default.json
Then click install and click the recommended plug-in
Plug-in installation
Search for direct installation
k8s information acquisition
Obtain the required information from the k8s config file.
1. Kubernetes address
server:对应的就是地址
2. Kubernetes service certificate key
certificate-authority-data: 对应的值就是key证书
须要base64解码
First write the value to the tmp file, execute the following statement to decode
cat tmp | base64 -d
# 结果
-----BEGIN CERTIFICATE-----
MIICyDCCAbCgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl
cm5ldGVzMB4XDTE5MDgxOTE2MDk1MloXDTI5MDgxNjE2MDk1MlowFTETMBEGA1UE
AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSb
D4rrCWvtMYsVqZ62I9mGodCIvJiVo6p+ajpVIoXXoDib8uVvdPGDSd2N1RMPWF+h
bRiuZNSZ27OLcd1RbcdJOKTyFYuzdeTYzrNXSfDavO9UafAPAwAKZLFb1616Sx64
jQ/nWVq6IB3UPfVuH3U0N0i7wrmQFcKc5HztLeLCDXIvqQmgB/ExFPi7EsJTumwW
2mQka2xvTpXbidYW/qVmWFr22a19Qp9VznHUIgbkB6Rx2Jp03g8GlOyn09CeIi8l
lStvT9+TseBuSDDgjCBwuSdutuuPu3RoxzyiVkzfLUH2Sy0eCuUS8mSHPrOHBkbG
7MLT9DLoRNZ+fMdU3b0CAwEAAaMjMCEwDgYDV222QH/BAQDAgKkMA8GA1UdEwEB
/wQFMAMBAf8wDQY22oZIhvcNAQELBQADggEBABnbW1fSOlMo+5asH32L39u69c0n
yDo4RpQ+6pJgWmWZKwVV+qxs0F8XyzryDr6iQRYAETDYaKM78qfN2IZNyxca2PrQ
ku0SgADeAhoVMPeA0Snn8RcnQjLjaMQraTul7irW8hLU1w5KTVceFbG6JA3PbVDq
uTGWwBwOh98i3Wod+bog3TBJFg2SHYN1PusHRagsXIrkPr+4DDMqWQQsYpuuesep
7eI2F1OT9U8dDx55qM7KD/AcF2NSCPZ6ITdGH/PAePkom3vG2JQrrBwXF2in4VW0
4PP/AloQkc67il0fqXxcB2PhnxRzLunpuFrPp1NcYX606zu6KZ9FMVy5ZjY=
-----END CERTIFICATE-----
3. Credentials
are executed here in a separate jenkins namespace
# 创建命名空间
kubectl create namespaces jenkins
# 创建sa-jenkins用户
kubectl create serviceaccount jenkins -n jenkins
# 绑定admin角色到sa-jenkins用户
kubectl create clusterrolebinding -n jenkins jenkins-cluster-admin --clusterrole='cluster-admin' --serviceaccount=jenkins:jenkins
# 查询token
kubectl get secrets -n jenkins -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='jenkins')].data.token}" | base64 -d
Configuration
In the management, there is a cloud at the end
The plug-in introduction address has detailed configuration examples: https://plugins.jenkins.io/kubernetes
Simple verification
Simple script
podTemplate(label: 'jnlp-slave', cloud: 'kubernetes', containers: [
containerTemplate(name: 'maven', image: 'maven:3.3.9-jdk-8-alpine', ttyEnabled: true, command: 'cat'),
],
volumes: [
//persistentVolumeClaim(mountPath: '/root/.m2', claimName: 'maven-m2'),
//persistentVolumeClaim(mountPath: '/home/jenkins/agent/workspace', claimName: 'workspace'),
]
)
{
node("jnlp-slave"){
stage('Build'){
//git branch: 'master', url: 'http://root:[email protected]/java/$JOB_NAME.git'
container('maven') {
stage('Build a Maven project') {
//sh 'mvn clean package -U deploy'
sh 'echo maven'
}
}
}
stage('deploy'){
sh '''
env
sleep 300
'''
//sshPublisher(publishers: [sshPublisherDesc(configName: '76', transfers: [sshTransfer(cleanRemote: false, excludes: '', execCommand: '/data/script/jenkins.sh $JOB_NAME', execTimeout: 120000000, flatten: false, makeEmptyDirs: false, noDefaultExcludes: false, patternSeparator: '[, ]+', remoteDirectory: '/data/kubernetes/service/$JOB_NAME', remoteDirectorySDF: false, removePrefix: 'target', sourceFiles: 'target/$JOB_NAME*.jar')], usePromotionTimestamp: false, useWorkspaceInPromotion: false, verbose: false)])
}
}
}
Interpretation of pipeline:
1. podTemplate creates a pod template. The cloud field specifies which kubernetes cloud to connect to. kubernetes just created a k8s, and the name of the cloud is kubernetes.
2. PersistentVolumeClaim defines the directory mount, which is the cache directory .m2 built by maven and the data directory generated by the build.
3. The following pipeline specifies the subsequent operations in jnlp-slave (that is, the pod template is also the slave node)