构建带maven环境的jenkins 镜像
# 构建带 maven 环境的 jenkins 镜像
docker build -t 192.168.113.122:8858/library/jenkins-maven:jdk-11 .
# 登录 harbor
docker login -uadmin 192.168.113.122:8858
# 推送镜像到 harbor
docker push 192.168.113.122:8858/library/jenkins-maven:jdk-11
ps: docker build -t 108.1.1.1:8858/wolfcode/jenkin-maven:v1 .
# 查看images
[root@kubeadm-master1 jenkins-maven]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
108.1.1.1:8858/wolfcode/jenkin-maven v1 33bdff943baf About a minute ago 783MB
# 推送到harbor
[root@kubeadm-master1 jenkins-maven]# docker login 108.1.1.12:8858
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@kubeadm-master1 jenkins-maven]# docker push 108.1.1.12:8858/wolfcode/jenkin-maven:v1
安装jenkins
创建pvc,pv
[root@kubeadm-master2 jenkins]# cat pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv6
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteMany
storageClassName: "managed-nfs-storage6"
persistentVolumeReclaimPolicy: Retain
nfs:
path: /root/data/pv6
server: 192.168.1.209
[root@kubeadm-master2 jenkins]# cat pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins-data6
namespace: kube-devops
spec:
accessModes:
- ReadWriteMany
storageClassName: "managed-nfs-storage6"
resources:
requests:
storage: 5Gi
# 进入 jenkins 目录,安装 jenkins
kubectl apply -f manifests/
# 查看是否运行成功
kubectl get po -n kube-devops
# 查看 service 端口,通过浏览器访问
kubectl get svc -n kube-devops
# 查看容器日志,获取默认密码
kubectl logs -f pod名称 -n kube-devops
[root@kubeadm-master2 jenkins]# kubectl logs -f jenkins-7c558dd78b-bsp9x -n kube-devops
里面写了密码
jenkins yaml 文件
[root@kubeadm-master2 manifests]# cat jenkins-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: mvn-settings
namespace: kube-devops
labels:
app: jenkins-server
data:
settings.xml: |-
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<localRepository>/var/jenkins_home/repository</localRepository>
<servers>
<server>
<id>releases</id>
<username>admin</username>
<password>wolfcode</password>
</server>
<server>
<id>snapshots</id>
<username>admin</username>
<password>wolfcode</password>
</server>
</servers>
<mirrors>
<mirror>
<id>releases</id>
<name>nexus maven</name>
<mirrorOf>*</mirrorOf>
<url>http://192.168.113.121:8868/repository/maven-public/</url>
</mirror>
</mirrors>
<pluginGroups>
<pluginGroup>org.sonarsource.scanner.maven</pluginGroup>
</pluginGroups>
<profiles>
<profile>
<id>releases</id>
<activation>
<activeByDefault>true</activeByDefault>
<jdk>1.8</jdk>
</activation>
<properties>
<sonar.host.url>http://sonarqube:9000</sonar.host.url>
</properties>
<repositories>
<repository>
<id>repository</id>
<name>Nexus Repository</name>
<url>http://192.168.113.121:8868/repository/maven-public/</url>
<releases>
<enable>true</enable>
</releases>
<snapshots>
<enable>true</enable>
</snapshots>
</repository>
</repositories>
</profile>
</profiles>
</settings>
[root@kubeadm-master2 manifests]# cat jenkins-
jenkins-configmap.yaml jenkins-deployment.yaml jenkins-pvc.yaml jenkins-serviceAccount.yaml jenkins-service.yaml
[root@kubeadm-master2 manifests]# cat jenkins-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: kube-devops
spec:
replicas: 1
selector:
matchLabels:
app: jenkins-server
template:
metadata:
labels:
app: jenkins-server
spec:
serviceAccountName: jenkins-admin
imagePullSecrets:
- name: harbor-secret # harbor 访问 secret
containers:
- name: jenkins
image: 192.168.113.122:8858/library/jenkins-maven:jdk-11
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
runAsUser: 0 # 使用 root 用户运行容器
resources:
limits:
memory: "2Gi"
cpu: "1000m"
requests:
memory: "500Mi"
cpu: "500m"
ports:
- name: httpport
containerPort: 8080
- name: jnlpport
containerPort: 50000
livenessProbe:
httpGet:
path: "/login"
port: 8080
initialDelaySeconds: 90
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
readinessProbe:
httpGet:
path: "/login"
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
volumeMounts:
- name: jenkins-data
mountPath: /var/jenkins_home
- name: docker
mountPath: /run/docker.sock
- name: docker-home
mountPath: /usr/bin/docker
- name: mvn-setting
mountPath: /usr/local/apache-maven-3.9.0/conf/settings.xml
subPath: settings.xml
- name: daemon
mountPath: /etc/docker/daemon.json
subPath: daemon.json
- name: kubectl
mountPath: /usr/bin/kubectl
volumes:
- name: kubectl
hostPath:
path: /usr/bin/kubectl
- name: jenkins-data
persistentVolumeClaim:
claimName: jenkins-pvc
- name: docker
hostPath:
path: /run/docker.sock # 将主机的 docker 映射到容器中
- name: docker-home
hostPath:
path: /usr/bin/docker
- name: mvn-setting
configMap:
name: mvn-settings
items:
- key: settings.xml
path: settings.xml
- name: daemon
hostPath:
path: /etc/docker/
[root@kubeadm-master2 manifests]# cat jenkins-service.yaml
apiVersion: v1
kind: Service
metadata:
name: jenkins-service
namespace: kube-devops
annotations:
prometheus.io/scrape: 'true'
prometheus.io/path: /
prometheus.io/port: '8080'
spec:
selector:
app: jenkins-server
type: NodePort
ports:
- port: 8080
targetPort: 8080
[root@kubeadm-master2 manifests]# cat jenkins-
jenkins-configmap.yaml jenkins-deployment.yaml jenkins-pvc.yaml jenkins-serviceAccount.yaml jenkins-service.yaml
[root@kubeadm-master2 manifests]# cat jenkins-serviceAccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins-admin
namespace: kube-devops
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: jenkins-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: jenkins-admin
namespace: kube-devops
安装插件
Build Authorization Token Root
Gitlab
SonarQube Scanner
代码质量审查工具
在 Dashboard > 系统管理 > Configure System 下面配置 SonarQube servers
Name:sonarqube # 注意这个名字要在 Jenkinsfile 中用到
Server URL:http://sonarqube:9000
Server authentication token:创建 credentials 配置为从 sonarqube 中得到的 token
进入系统管理 > 全局工具配置 > SonarQube Scanner > Add SonarQube Scanner
Name:sonarqube-scanner
自动安装:取消勾选
SONAR_RUNNER_HOME:/usr/local/sonar-scanner-cli
Node and Label parameter
Kubernetes
jenkins + k8s 环境配置
进入 Dashboard > 系统管理 > 节点管理 > Configure Clouds 页面
配置 k8s 集群
名称:kubernetes
点击 Kubernetes Cloud details 继续配置
Kubernetes 地址:
如果 jenkins 是运行在 k8s 容器中,直接配置服务名即可
https://kubernetes.default
如果 jenkins 部署在外部,那么则不仅要配置外部访问 ip 以及 apiserver 的端口(6443),还需要配置服务证书
Jenkins 地址:
如果部署在 k8s 集群内部:http://jenkins-service.kube-devops
如果在外部:http://192.168.113.120:32479(换成你们自己的)
配置完成后保存即可
Config File Provider
Git Parameter
jenkins 配置k8s
https://kubernetes.default
添加标签
创建用户凭证
系统管理 > 安全 > Manage Credentials > System > 全局凭据(unrestricted) > Add Credentials
范围:全局
用户名:root
密码:wolfcode
ID:gitlab-user-pass