helm 安装

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
helm repo add jenkinsci https://charts.jenkins.io/
helm repo update jenkinsci
helm show values jenkinsci/jenkins

# 设置变量
export Password='myPassword'

# 空跑
helm upgrade --install --dry-run --debug \
--namespace devops \
--create-namespace \
--set controller.image.registry="harbor.example.com" \
--set controller.image.repository="jenkins/jenkins" \
--set controller.image.tag="2.440.1-jdk17" \
--set controller.image.pullPolicy=IfNotPresent \
--set controller.admin.username=admin \
--set controller.admin.password="${Password}" \
--set controller.admin.createSecret=true \
--set controller.jenkinsAdminEmail="admin@xxx.com" \
--set controller.resources.requests.cpu="1000m" \
--set controller.resources.requests.memory="256Mi" \
--set controller.resources.limits.cpu="1000m" \
--set controller.resources.limits.memory="256Mi" \
--set controller.jenkinsUrlProtocol='https://' \
--set controller.jenkinsUrl="jenkins.example.com" \
--set controller.installLatestPlugins=false \
--set controller.installLatestSpecifiedPlugins=false \
--set controller.initializeOnce=true \
--set controller.sidecars.configAutoReload.image.registry="harbor.example.com" \
--set controller.sidecars.configAutoReload.image.repository="kiwigrid/k8s-sidecar" \
--set controller.sidecars.configAutoReload.image.tag="1.27.4" \
--set controller.sidecars.configAutoReload.imagePullPolicy=IfNotPresent \
--set controller.ingress.enabled=true \
--set controller.ingress.apiVersion='networking.k8s.io/v1' \
--set controller.ingress.ingressClassName=nginx \
--set-string controller.ingress.annotations."kubernetes\.io/tls-acme"=true \
--set-string controller.ingress.annotations."nginx\.ingress\.kubernetes\.io/ssl-redirect"=true \
--set-string controller.ingress.annotations."cert-manager\.io/cluster-issuer"='letsencrypt-prod' \
--set controller.ingress.path='/' \
--set controller.ingress.hostName='jenkins.example.com' \
--set controller.ingress.tls[0].secretName='jenkins-example-com-tls' \
--set controller.ingress.tls[0].hosts[0]='jenkins.example.com' \
--set agent.jnlpregistry="harbor.example.com" \
--set agent.image.repository="jenkins/inbound-agent" \
--set agent.image.tag="3248.v65ecb_254c298-1" \
--set agent.alwaysPullImage=false \
--set persistence.enabled=true \
--set persistence.storageClass=rook-cephfs \
--set persistence.accessMode="ReadWriteOnce" \
--set persistence.size=20Gi \
--set networkPolicy.enabled=false \
--set checkDeprecation=false \
my-jenkins jenkinsci/jenkins --version 5.2.2

# 升级jenkins版本
helm repo update jenkinsci

# 获取安装参数
helm -n devops get values my-jenkins

# 空跑升级
helm upgrade --dry-run --debug \
--install my-jenkins \
--namespace devops \
--create-namespace \
--set persistence.storageClass=rook-cephfs \
--set persistence.enabled=true \
--set persistence.size=20Gi \
--set controller.serviceType=NodePort \
jenkinsci/jenkins --version 4.6.1

helm upgrade \
--install my-jenkins \
--namespace devops \
--create-namespace \
--set persistence.storageClass=rook-cephfs \
--set persistence.enabled=true \
--set persistence.size=20Gi \
--set controller.serviceType=NodePort \
jenkinsci/jenkins --version 4.6.1

Yaml 文件安装

Kubernetes Jenkins Deployment

Step 1

Create a Namespace for Jenkins. It is good to categorize all the DevOps tools as a separate namespace from other applications.

1
2
3
4
5
6
cat > namespace.yaml <<EOF
apiVersion: v1
kind: Namespace
metadata:
  name: devops-tools
EOF
1
kubectl apply -f namespace.yaml

Step 2

Create a ‘serviceAccount.yaml’ file and copy the following admin service account manifest.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
cat > serviceAccount.yaml <<EOF
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: jenkins-admin
rules:
  - apiGroups: [""]
    resources: ["*"]
    verbs: ["*"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins-admin
  namespace: devops-tools
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: jenkins-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: jenkins-admin
subjects:
- kind: ServiceAccount
  name: jenkins-admin
  namespace: devops-tools
EOF
1
kubectl apply -f serviceAccount.yaml

Step 3

Create ‘volume.yaml’ and copy the following persistent volume manifest.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
cat > volume.yaml <<EOF
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: jenkins-pv-claim
  namespace: devops-tools
spec:
  storageClassName: rook-cephfs
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 100Gi
EOF
1
kubectl create -f volume.yaml

Step 4

Create a Deployment file named ‘deployment.yaml’ and copy the following deployment manifest.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
cat > deployment.yaml <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
  name: jenkins
  namespace: devops-tools
spec:
  replicas: 1
  selector:
    matchLabels:
      app: jenkins-server
  template:
    metadata:
      labels:
        app: jenkins-server
    spec:
      securityContext:
            fsGroup: 1000
            runAsUser: 1000
      serviceAccountName: jenkins-admin
      containers:
        - name: jenkins
          image: jenkins/jenkins:2.452.3-lts
          resources:
            limits:
              memory: "8Gi"
              cpu: "4000m"
            requests:
              memory: "4Gi"
              cpu: "2000m"
          ports:
            - name: httpport
              containerPort: 8080
            - name: jnlpport
              containerPort: 50000
          livenessProbe:
            httpGet:
              path: "/login"
              port: 8080
            initialDelaySeconds: 90
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 5
          readinessProbe:
            httpGet:
              path: "/login"
              port: 8080
            initialDelaySeconds: 60
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 3
          volumeMounts:
            - name: jenkins-data
              mountPath: /var/jenkins_home
      volumes:
        - name: jenkins-data
          persistentVolumeClaim:
              claimName: jenkins-pv-claim
EOF
1
2
3
kubectl apply -f deployment.yaml
kubectl get deployments -n devops-tools
kubectl describe deployments --namespace=devops-tools

Accessing Jenkins Using Kubernetes Service

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
cat > service.yaml <<EOF
---
apiVersion: v1
kind: Service
metadata:
  name: jenkins-service
  namespace: devops-tools
  annotations:
      prometheus.io/scrape: 'true'
      prometheus.io/path:   /
      prometheus.io/port:   '8080'
spec:
  selector:
    app: jenkins-server
  type: NodePort
  ports:
    - port: 8080
      targetPort: 8080
      nodePort: 32000
---
apiVersion: v1
kind: Service
metadata:
  name: jenkins-agent
  namespace: devops-tools
spec:
  selector:
    app: jenkins-server
  type: ClusterIP
  ports:
    - port: 50000
      targetPort: 50000
EOF
1
kubectl apply -f service.yaml
1
http://<node-ip>:32000
1
2
3
kubectl get pods --namespace=devops-tools
kubectl logs jenkins-8446c867ff-krl6w --namespace=devops-tools
kubectl -n devops-tools exec -it jenkins-8446c867ff-krl6w -- cat /var/jenkins_home/secrets/initialAdminPassword