Preface
When we build K8S's devops pipeline based on Jenkins, a very important step is to connect Jenkins and K8S, so that we can make full use of the features of Jenkins and K8S [pod slave] to complete the operation of the pipeline. This article mainly records how to configure Jenkins and K8S. Interconnection with K8S cluster
1. Create kubernetes cloud
Tip: Because token credentials are required during the creation process, you can refer to
步骤1.2.4
the first step to create
1.1 Enter Configure Clouds
Depending on the version of Jenkins, the path to enter Configure Clouds is different, but basically you can enter through [Manage Jenkins]–>[Manage Nodes and Clouds] or [Manage Nodes]–>[Configure Clouds]
1.2 ConfigurationKubernetes Cloud details
There are three main places that require custom modifications:
1.2.1 Kubernetes address:
The default is https://kubernetes.default
, it’s okay, I’m used to writing it all. Of course, if Jenkins is deployed outside the K8S cluster, you need to write the real address of the K8S apis-server.
1.2.2 Disable HTTPS certificate checking
If you feel unsafe, you can configure it by yourself according to online tutorials, but if you are in an intranet cluster, there will basically be no external threats.
1.2.3 Kubernetes namespace
This is the namespace used to run pod slave
1.2.4 Credentials
It is equivalent to the permission credentials for you to connect to the K8S cluster and operate within the cluster. There are many configuration methods. Here, choose the serviceaccount method.
rbac authorizes
Jenkins to operate k8s through kubernetes-plugin, and rbac authorization needs to be performed in k8s in advance. Here we bind the cluster-admin role to it for the convenience of management. Of course, the usage rights can also be further narrowed . This is determined by each company's management system.
(1)Create serviceaccounts
kubectl create sa devops-jenkins
(2) Bind jenkins to cluster-admin
kubectl create clusterrolebinding devops-jenkins-role-binding --clusterrole cluster-admin --serviceaccount=devops:devops-jenkins
(3) When kubernetes-plugin connects to k8s, it does not use serviceaccount directly, but through token. Therefore, we need to obtain the token corresponding to serviceaccount: jenkins .
View sa
[root@master pkg]# kubectl get sa -n devops
NAME SECRETS AGE
default 1 7d18h
devops-jenkins 1 7d2h
jenkins 1 7d18h
View secret
[root@master pkg]# kubectl describe sa devops-jenkins -n devops
Name: devops-jenkins
Namespace: devops
Labels: <none>
Annotations: <none>
Image pull secrets: <none>
Mountable secrets: devops-jenkins-token-7wnbx
Tokens: devops-jenkins-token-7wnbx
Events: <none>
Get token
[root@master pkg]# kubectl describe secrets devops-jenkins-token-7wnbx -n devops
Name: devops-jenkins-token-7wnbx
Namespace: devops
Labels: <none>
Annotations: kubernetes.io/service-account.name: devops-jenkins
kubernetes.io/service-account.uid: bd379a1d-7e8f-4e4c-aa92-76383c1397ba
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1099 bytes
namespace: 6 bytes
token: eyJhbGciO... ###这里就是所需的token
Create jenkins credentials using the obtained token
2.Storage kubeconfig
In the devops of the K8S cluster, we often execute the build and deployment process in a temporary pod, the so-called slave pod. Therefore, during the deployment process, the kubeconfig of the target cluster needs to be passed to the slave pod, so that it can be directly Execute kubectl apply deploy.yaml --kubeconfig=config in the pod
2.1 Install Config File Provider Plugin
Simply search and install by name in the Plugin Manager
2.2 Configure kubeconfig
Go to Manage Jenkins–>Managed files–>Add a new Config
and select Custom file. The ID can be configured by yourself or use the default, and then click Next
to obtain kubeconfig from the K8S cluster.
cat /root/.kube/config
After copying the complete contents of the config file, paste it into the Content box and submit it. Then you
can see the file we just configured on the main page of the managed file.
2.3 Generate jenkinsfile script
We use the tool [pipeline syntax] that comes with Jenkins to automatically generate the calling command.
stage('deploy to test') {
when {
branch 'test'
}
steps {
input(id: 'deploy-to-test', message: 'deploy to test?')
container("maven") {
script{
configFileProvider([configFile(fileId: 'f087251c-7058-458d-b26f-8512f3cf3d56', targetLocation: 'dev.kubeconfig')]) {
sh '''
kubectl get node --kubeconfig=dev.kubeconfig
'''
}
}
}
}
}