构建带maven环境的jenkins 镜像

# 构建带 maven 环境的 jenkins 镜像
docker build -t 192.168.113.122:8858/library/jenkins-maven:jdk-11 .

# 登录 harbor
docker login -uadmin 192.168.113.122:8858

# 推送镜像到 harbor
docker push 192.168.113.122:8858/library/jenkins-maven:jdk-11

ps: docker build -t 108.1.1.1:8858/wolfcode/jenkin-maven:v1 .

# 查看images
[root@kubeadm-master1 jenkins-maven]# docker images
REPOSITORY                                                                    TAG                 IMAGE ID            CREATED              SIZE
108.1.1.1:8858/wolfcode/jenkin-maven                                    v1                  33bdff943baf        About a minute ago   783MB

# 推送到harbor
[root@kubeadm-master1 jenkins-maven]# docker login 108.1.1.12:8858
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@kubeadm-master1 jenkins-maven]# docker push 108.1.1.12:8858/wolfcode/jenkin-maven:v1

飞天使-学以致用-devops知识点3-安装jenkins-LMLPHP

安装jenkins

创建pvc,pv

[root@kubeadm-master2 jenkins]# cat pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv6
spec:
  capacity:
    storage: 5Gi
  accessModes:
  - ReadWriteMany
  storageClassName: "managed-nfs-storage6"
  persistentVolumeReclaimPolicy: Retain
  nfs:
    path: /root/data/pv6
    server: 192.168.1.209
[root@kubeadm-master2 jenkins]# cat pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: jenkins-data6
  namespace: kube-devops
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: "managed-nfs-storage6"
  resources:
    requests:
      storage: 5Gi
# 进入 jenkins 目录,安装 jenkins
kubectl apply -f manifests/

# 查看是否运行成功
kubectl get po -n kube-devops

# 查看 service 端口,通过浏览器访问
kubectl get svc -n kube-devops

# 查看容器日志,获取默认密码
kubectl logs -f pod名称 -n kube-devops

[root@kubeadm-master2 jenkins]# kubectl logs -f jenkins-7c558dd78b-bsp9x -n kube-devops
里面写了密码
jenkins yaml 文件
 [root@kubeadm-master2 manifests]# cat jenkins-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: mvn-settings
  namespace: kube-devops
  labels:
    app: jenkins-server
data:
  settings.xml: |-
    <?xml version="1.0" encoding="UTF-8"?>
    <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
        <localRepository>/var/jenkins_home/repository</localRepository>
        <servers>
                <server>
                        <id>releases</id>
                        <username>admin</username>
                        <password>wolfcode</password>
                </server>
                <server>
                        <id>snapshots</id>
                        <username>admin</username>
                        <password>wolfcode</password>
                </server>
        </servers>

        <mirrors>
                <mirror>
                        <id>releases</id>
                        <name>nexus maven</name>
                        <mirrorOf>*</mirrorOf>
                        <url>http://192.168.113.121:8868/repository/maven-public/</url>
                </mirror>
        </mirrors>

        <pluginGroups>
                <pluginGroup>org.sonarsource.scanner.maven</pluginGroup>
        </pluginGroups>
        <profiles>
                <profile>
                        <id>releases</id>
                        <activation>
                                <activeByDefault>true</activeByDefault>
                                <jdk>1.8</jdk>
                        </activation>
                        <properties>
                                <sonar.host.url>http://sonarqube:9000</sonar.host.url>
                        </properties>

                        <repositories>
                                <repository>
                                        <id>repository</id>
                                        <name>Nexus Repository</name>
                                        <url>http://192.168.113.121:8868/repository/maven-public/</url>
                                        <releases>
                                                <enable>true</enable>
                                        </releases>
                                        <snapshots>
                                                <enable>true</enable>
                                        </snapshots>
                                </repository>
                        </repositories>
                </profile>
        </profiles>
    </settings>
[root@kubeadm-master2 manifests]# cat jenkins-
jenkins-configmap.yaml       jenkins-deployment.yaml      jenkins-pvc.yaml             jenkins-serviceAccount.yaml  jenkins-service.yaml
[root@kubeadm-master2 manifests]# cat jenkins-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: jenkins
  namespace: kube-devops
spec:
  replicas: 1
  selector:
    matchLabels:
      app: jenkins-server
  template:
    metadata:
      labels:
        app: jenkins-server
    spec:
      serviceAccountName: jenkins-admin
      imagePullSecrets:
        - name: harbor-secret # harbor 访问 secret
      containers:
        - name: jenkins
          image: 192.168.113.122:8858/library/jenkins-maven:jdk-11
          imagePullPolicy: IfNotPresent
          securityContext:
            privileged: true
            runAsUser: 0 # 使用 root 用户运行容器
          resources:
            limits:
              memory: "2Gi"
              cpu: "1000m"
            requests:
              memory: "500Mi"
              cpu: "500m"
          ports:
            - name: httpport
              containerPort: 8080
            - name: jnlpport
              containerPort: 50000
          livenessProbe:
            httpGet:
              path: "/login"
              port: 8080
            initialDelaySeconds: 90
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 5
          readinessProbe:
            httpGet:
              path: "/login"
              port: 8080
            initialDelaySeconds: 60
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 3
          volumeMounts:
            - name: jenkins-data
              mountPath: /var/jenkins_home
            - name: docker
              mountPath: /run/docker.sock
            - name: docker-home
              mountPath: /usr/bin/docker
            - name: mvn-setting
              mountPath: /usr/local/apache-maven-3.9.0/conf/settings.xml
              subPath: settings.xml
            - name: daemon
              mountPath: /etc/docker/daemon.json
              subPath: daemon.json
            - name: kubectl
              mountPath: /usr/bin/kubectl
      volumes:
        - name: kubectl
          hostPath:
            path: /usr/bin/kubectl
        - name: jenkins-data
          persistentVolumeClaim:
              claimName: jenkins-pvc
        - name: docker
          hostPath:
            path: /run/docker.sock # 将主机的 docker 映射到容器中
        - name: docker-home
          hostPath:
            path: /usr/bin/docker
        - name: mvn-setting
          configMap:
            name: mvn-settings
            items:
            - key: settings.xml
              path: settings.xml
        - name: daemon
          hostPath:
            path: /etc/docker/
[root@kubeadm-master2 manifests]# cat jenkins-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: jenkins-service
  namespace: kube-devops
  annotations:
      prometheus.io/scrape: 'true'
      prometheus.io/path:   /
      prometheus.io/port:   '8080'
spec:
  selector:
    app: jenkins-server
  type: NodePort
  ports:
    - port: 8080
      targetPort: 8080
[root@kubeadm-master2 manifests]# cat jenkins-
jenkins-configmap.yaml       jenkins-deployment.yaml      jenkins-pvc.yaml             jenkins-serviceAccount.yaml  jenkins-service.yaml
[root@kubeadm-master2 manifests]# cat jenkins-serviceAccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins-admin
  namespace: kube-devops
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: jenkins-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: jenkins-admin
  namespace: kube-devops

安装插件
Build Authorization Token Root
Gitlab
SonarQube Scanner
代码质量审查工具

在 Dashboard > 系统管理 > Configure System 下面配置 SonarQube servers

Name:sonarqube # 注意这个名字要在 Jenkinsfile 中用到
Server URL:http://sonarqube:9000
Server authentication token:创建 credentials 配置为从 sonarqube 中得到的 token

进入系统管理 > 全局工具配置 > SonarQube Scanner > Add SonarQube Scanner
Name:sonarqube-scanner
自动安装:取消勾选
SONAR_RUNNER_HOME:/usr/local/sonar-scanner-cli

Node and Label parameter
Kubernetes

jenkins + k8s 环境配置

进入 Dashboard > 系统管理 > 节点管理 > Configure Clouds 页面

配置 k8s 集群
名称:kubernetes
点击 Kubernetes Cloud details 继续配置
Kubernetes 地址:
	如果 jenkins 是运行在 k8s 容器中,直接配置服务名即可
		https://kubernetes.default
	如果 jenkins 部署在外部,那么则不仅要配置外部访问 ip 以及 apiserver 的端口(6443),还需要配置服务证书
Jenkins 地址:
	如果部署在 k8s 集群内部:http://jenkins-service.kube-devops
	如果在外部:http://192.168.113.120:32479(换成你们自己的)

配置完成后保存即可



Config File Provider

Git Parameter

飞天使-学以致用-devops知识点3-安装jenkins-LMLPHP
飞天使-学以致用-devops知识点3-安装jenkins-LMLPHP
飞天使-学以致用-devops知识点3-安装jenkins-LMLPHP

jenkins 配置k8s

飞天使-学以致用-devops知识点3-安装jenkins-LMLPHP
https://kubernetes.default
飞天使-学以致用-devops知识点3-安装jenkins-LMLPHP

添加标签
飞天使-学以致用-devops知识点3-安装jenkins-LMLPHP

创建用户凭证
系统管理 > 安全 > Manage Credentials > System > 全局凭据(unrestricted) > Add Credentials

范围:全局
用户名:root
密码:wolfcode
ID:gitlab-user-pass

飞天使-学以致用-devops知识点3-安装jenkins-LMLPHP

02-29 12:32