pie-engine-ai项目jenkins.yaml文件

apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: pie-engine-ai
labels:
name: jenkins
spec:
replicas: 1
selector:
matchLabels:
name: jenkins
template:
metadata:
name: jenkins
labels:
name: jenkins
spec:
imagePullSecrets:
- name: default-secret
serviceAccountName: jenkins
nodeSelector:
engine.node.ai: "true"
containers:
- name: jenkins
image: swr.cn-north-4.myhuaweicloud.com/pie-engine-ai-dev/jenkins:2.369
securityContext: ###添加参数启用容器root权限
privileged: true
capabilities:
add: ["SYS_ADMIN"]
runAsUser: 0
imagePullPolicy: Always
ports:
- containerPort: 8080
- containerPort: 50000
env:
- name: LIMITS_MEMORY
valueFrom:
resourceFieldRef:
resource: limits.memory
divisor: 1Mi
- name: JAVA_OPTS
value: -Xmx$(LIMITS_MEMORY)m -XshowSettings:vm -Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85
volumeMounts:
- name: jenkins-home
mountPath: /var/jenkins_home
- name: docker-01
mountPath: /var/run/docker.sock
- name: docker-02
mountPath: /usr/bin/docker
- name: docker-03
mountPath: /usr/lib/x86_64-linux-gnu/libltdl.so.7
- name: jenkins-lib
mountPath: /root/.m2/repository/
- name: maven
mountPath: /usr/share/maven/
- name: k8s
mountPath: /usr/bin/kubectl
securityContext:
fsGroup: 1000
volumes:
- name: jenkins-home
hostPath:
path: /data/ai/jenkins/jenkins_home.bak
- name: docker-01
hostPath:
path: /var/run/docker.sock
- name: docker-02
hostPath:
path: /usr/bin/docker
- name: docker-03
hostPath:
path: /usr/lib64/libltdl.so.7
- name: jenkins-lib
hostPath:
path: /data/lib/jenkins/.m2/repository/
- name: maven
hostPath:
path: /usr/local/apache-maven-3.8.5/
- name: k8s
hostPath:
path: /usr/bin/kubectl
---
apiVersion: v1
kind: Service
metadata:
name: jenkins
namespace: pie-engine-ai
spec:
selector:
name: jenkins
type: NodePort
ports:
- name: http
port: 80
targetPort: 8080
protocol: TCP
nodePort: 30008
- name: agent
port: 50000
protocol: TCP