二进制部署k8s集群v1.23.9版本-16-安装jenkins

16.1、准备jenkins镜像

192.168.1.200服务器操作
docker pull jenkins/jenkins:2.346.3-jdk8
docker images|grep jenkins
docker tag ba3f3e7db66d harbor.qgutech.com/public/jenkins:v2.346.3-jdk8
docker push harbor.qgutech.com/public/jenkins:v2.346.3-jdk8
需注意官方的jenkins镜像不能直接使用,需自定义docker做一些改动
生成密钥
ssh-keygen -t rsa -b 2048 -C "wangjie@qgutech.com" -N "" -f /root/.ssh/id_rsa

16.2、编写dockerfile并构建镜像

mkdir -p /data/dockerfile/jenkins
cd /data/dockerfile/jenkins
vim Dockerfile
FROM harbor.qgutech.com/public/jenkins:v2.346.3-jdk8
USER root
RUN rm -f /etc/localtime &&
ln -sv /usr/share/zoneinfo/Asia/Shanghai /etc/localtime &&
echo "Asia/Shanghai" > /etc/timezone &&
echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config &&
echo 'deb https://mirrors.aliyun.com/debian stable main contrib non-free' >/etc/apt/sources.list &&
echo 'deb https://mirrors.aliyun.com/debian stable-updates main contrib non-free' >>/etc/apt/sources.list &&
echo 'deb [arch=amd64] http://mirrors.ustc.edu.cn/docker-ce/linux/debian stretch stable' >>/etc/apt/sources.list &&
curl -fsSL http://mirrors.ustc.edu.cn/docker-ce/linux/debian/gpg >/tmp/ustc.gpg &&
apt-key add /tmp/ustc.gpg &&
apt-get update &&
apt-get install docker-ce -y
ADD id_rsa /root/.ssh/id_rsa
ADD config.json /root/.docker/config.json

cp /root/.ssh/id_rsa .
cp /root/.docker/config.json .
curl -fsSL get.docker.com -o get-docker.sh
chmod +x get-docker.sh
构建镜像
docker build . -t harbor.qgutech.com/infra/jenkins:v2.346.3-jdk8

16.2、git上添加公钥


docker run --rm harbor.qgutech.com/infra/jenkins:v2.346.3 ssh -i /root/.ssh/id_rsa -T git@gitee.com

16.3、创建名称空间

192.168.1.201操作
kubectl create ns infra

16.4、创建secret资源

kubectl create secret docker-registry harbor --docker-server=harbor.qgutech.com --docker-username=admin --docker-password=1qaz2wsx#EDC -n infra

16.5、准备共享存储

192.168.1.200、192.168.1.201、192.168.1.202、192.168.1.203服务器操作
yum install nfs-utils -y
192.168.1.200执行
vim /etc/exports
/data/nfs-volume 192.168.0.0/24(rw,no_root_squash)
mkdir /data/nfs-volume
systemctl start nfs
systemctl enable nfs

16.6、准备资源配置清单

192.168.1.200服务器操作

mkdir /data/k8s-yaml/jenkins
cd /data/k8s-yaml/jenkins
vim dp.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
name: jenkins
namespace: infra
labels:
name: jenkins
spec:
replicas: 1
selector:
matchLabels:
name: jenkins
template:
metadata:
labels:
app: jenkins
name: jenkins
spec:
volumes:
- name: data
nfs:
server: hfqg1-200
path: /data/nfs-volume/jenkins_home
- name: docker
hostPath:
path: /run/docker.sock
type: ''
containers:
- name: jenkins
image: harbor.qgutech.com/infra/jenkins:v2.346.3-jdk8
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
protocol: TCP
env:
- name: JAVA_OPTS
value: -Xmx512m -Xms512m -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true
volumeMounts:
- name: data
mountPath: /var/jenkins_home
- name: docker
mountPath: /run/docker.sock
imagePullSecrets:
- name: harbor
securityContext:
runAsUser: 0
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
revisionHistoryLimit: 7
progressDeadlineSeconds: 600

vim svc.yaml
kind: Service
apiVersion: v1
metadata:
name: jenkins
namespace: infra
spec:
ports:
- protocol: TCP
port: 80
targetPort: 8080
selector:
app: jenkins

vim ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jenkins
namespace: infra
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- host: jenkins.qgutech.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: jenkins
port:
number: 80

16.7、应用资源配置清单

192.168.1.201操作
kubectl apply -f http://k8s-yaml.qgutech.com/jenkins/dp.yaml
kubectl apply -f http://k8s-yaml.qgutech.com/jenkins/svc.yaml
kubectl apply -f http://k8s-yaml.qgutech.com/jenkins/ingress.yaml
kubectl get pods -n infra

kubectl get all -n infra

验证几个问题:
kubectl exec -it jenkins-7b97d69696-jfzzv /bin/bash -n infra

  1. whoami是以root用户启动
  2. date时区是东八区
  3. docker ps -a查看是否连接到了宿主机的docker引擎
  4. docker login harbor.qgutech.com查看能否登录到harbor仓库
  5. ssh -i /root/.ssh/id_rsa -T git@gitee.com能否从中央仓库拿取代码

16.8、配置内网域名解析

192.168.1.197操作
vim /var/named/qgutech.com.zone
新增一条解析记录,注意序列号前滚
jenkins A 192.168.1.196

重启named服务
systemctl restart named
dig -t A jenkins.qgutech.com @192.168.1.197 +short

16.9、访问jenkins

http://jenlins.qgutech.com

cat /data/nfs-volume/jenkins_home/secrets/initialAdminPassword

设置登录的用户名和密码
用户名:admin
密码:jenkins@123.com
调整安全选项
Manage Jenkins –> Configure Global Security –> Allow anonymous read access

加载插件

至此,jenkins安装完成,感谢观看。

posted @ 2022-09-02 15:16  霸都运维  阅读(161)  评论(0编辑  收藏  举报