一、环境准备
1.1 环境说明
本文搭建MongoDB,基于WMware虚拟机,操作系统CentOS 8,且已经基于Kubeadm搭好了k8s集群,k8s节点信息如下:
服务器 | IP地址 |
master | 192.168.31.80 |
node1 | 192.168.31.8 |
node2 | 192.168.31.9 |
如需知道k8s集群搭建,可跳转我的文章《kubeadm部署k8s集群》查看。
二、安装nfs
2.1 安装NFS
我选择在 master 节点创建 NFS 存储,首先执行如下命令安装 NFS:
yum -y install nfs-utils rpcbind
2.2 创建NFS共享文件夹
mkdir -p /var/nfs/jenkins/pv1
2.3 配置共享文件夹
vim /etc/exports
/var/nfs/jenkins/pv1 *(rw,sync,no_root_squash)
2.4 使配置生效
exportfs -r
2.5 查看所有共享目录
exportfs -v
2.6 启动nfs
systemctl start nfs-server
systemctl enabled nfs-server
systemctl start rpcbind
systemctl enabled rpcbind
2.7 其他节点安装nfs-utils
yum -y install nfs-utils
三、创建PVC卷
PVC是资源的申请,用来声明对存储空间、访问模式、存储类别需求信息。在创建PVC卷之前,需要创建NFS客户端、NFS 客户端sa授权和StoreClass存储类。
3.1 创建namespace
kubectl create ns jenkins
3.2 创建nfs 客户端sa授权
cat > jenkins-nfs-client-sa.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins-nfs-client
namespace: jenkins
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: jenkins-nfs-client-runner
namespace: jenkins
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get","list","watch","create","delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get","list","watch","create","delete"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["get","list","watch","create","update","patch"]
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["create","delete","get","list","watch","patch","update"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: jenkins-run-nfs-provisioner
namespace: jenkins
subjects:
- kind: ServiceAccount
name: jenkins-nfs-client
namespace: jenkins
roleRef:
kind: ClusterRole
name: jenkins-nfs-client-runner
apiGroup: rbac.authorization.k8s.io
3.3 创建nfs 客户端
cat > jenkins-nfs-client.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins-nfs-client
labels:
app: jenkins-nfs-client
# replace with namespace where provisioner is deployed
namespace: jenkins
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: jenkins-nfs-client
template:
metadata:
labels:
app: jenkins-nfs-client
spec:
serviceAccountName: jenkins-nfs-client
containers:
- name: jenkins-nfs-client
image: quay.io/external_storage/nfs-client-provisioner:latest
volumeMounts:
- name: jenkins-nfs-client-root
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME ## 这个名字必须与storegeclass里面的名字一致
value: my-jenkins-nfs
- name: ENABLE_LEADER_ELECTION ## 设置高可用允许选举,如果replicas参数等于1,可不用
value: "True"
- name: NFS_SERVER
value: 192.168.31.80 #修改为自己的ip(部署nfs的机器ip)
- name: NFS_PATH
value: /var/nfs/jenkins #修改为自己的nfs安装目录
volumes:
- name: jenkins-nfs-client-root
nfs:
server: 192.168.31.80 #修改为自己的ip(部署nfs的机器ip)
path: /var/nfs/jenkins #修改为自己的nfs安装目录
3.4 创建StorageClass
cat > jenkins-storeclass.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: jenkins-nfs-storage
namespace: jenkins
provisioner: my-jenkins-nfs
3.5 创建PVC卷
cat > jenkins-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins-pvc
namespace: jenkins
labels:
pvc: jenkins-pvc # 自定义
spec:
storageClassName: jenkins-nfs-storage
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20G
四、创建Service
cat > jenkins-service.yaml
apiVersion: v1
kind: Service
metadata:
name: jenkins-service
namespace: jenkins
annotations:
prometheus.io/scrape: 'true' #这一段是官方文档带的,是用来让prometheus(普罗米修斯)来识别pod的,可暂时不用管他
prometheus.io/path: /
prometheus.io/port: '8080'
spec:
selector:
app: jenkins-server
type: NodePort
ports:
- name: http
port: 8080
targetPort: 8080
nodePort: 32000
- name: agent
port: 50000
targetPort: 50000
nodePort: 50000
提示:
如果50000端口没挂载上,需要修改kube-apiserver.yaml
vim /etc/kubernetes/manifests/kube-apiserver.yaml
- --service-node-port-range=3000-55000 #这行默认没有,自己给他加上,那端口范围我就不用解释了吧
五、创建deployment
cat > jenkins-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: jenkins
spec:
replicas: 1
selector:
matchLabels:
app: jenkins-server
template:
metadata:
labels:
app: jenkins-server
spec:
securityContext:
fsGroup: 1000
runAsUser: 1000
serviceAccountName: jenkins-nfs-client
containers:
- name: jenkins
image: jenkins/jenkins:2.369 #镜像这里用这个就行,版本是2.369,官方文档的镜像版本太低,好像是2.2版本的,不支持一些插件
imagePullPolicy: IfNotPresent
ports:
- name: httpport
containerPort: 8080
- name: jnlpport
containerPort: 50000
volumeMounts:
- name: jenkins-data
mountPath: /var/jenkins_home #这里为jenkins工作目录,挂载出来就好了,这样重启jenkins数据也不会丢失
volumes:
- name: jenkins-data
persistentVolumeClaim:
claimName: jenkins-pvc
readOnly: false
六、登录验证
6.1 登录
进入k8s页面,进入到jenkins的deploment服务工作页面,找到服务的ip
然后浏览器输入访问地址:
Sign in [Jenkins]
输出默认的admin登录,密码初始密码在安装jenkins的 /var/jenkins_home/secrets/initialAdminPassword
可以cat /var/jenkins_home/secrets/initialAdminPassword 打印出来,复制粘贴出来登录
登录之后,可以创建自己的账号和密码
好了,今天的在k8s中部署jenkins就分享到这里!