k8s版jenkins中master/slave模式
阿新 • • 發佈:2019-03-07
The 系統管理 posit reac created leg location 兩個 配置環境變量
k8s環境: master 192.168.0.91 node 192.168.0.92 下面所有操作都是在node:192.168.0.92上進行 生成自定義Jenkins master鏡像 原始的Jenkins master鏡像並不符合我們當前需求,所以在原始鏡像的基礎上做了一些改變,這一步並不是必須的,主要是看具體需求 下載原始鏡像 鏈接:https://pan.baidu.com/s/14z5BnFAXYoMnDoXbiNgmuQ 提取碼:ecsq 導入鏡像 docker load < jenkinsci.tar 查看鏡像 [root@test2~]# docker images jenkinsci/jenkins latest b589aefe29ff 3 months ago 703 MB 準備maven安裝包 rz apache-maven-3.5.4-bin.tar.gz mkdir -p /home/jenkins-dockerfile/ mv apache-maven-3.5.4-bin.tar.gz /home/jenkins-dockerfile/ 編寫Dockerfile: cat>/home/jenkins-dockerfile/Dockerfile <<EOF FROM jenkinsci/jenkins USER root RUN apt-get update && apt-get install -y libltdl7.* RUN apt-get install vim* -y ADD apache-maven-3.5.4-bin.tar.gz /usr/local/ ENV MAVEN_HOME=/usr/local/apache-maven-3.5.4 ENV PATH=$JAVA_HOME/bin:$MAVEN_HOME/bin:$PATH ARG dockerGid=999 RUN echo "docker:x:${dockerGid}:jenkins" >> /etc/group RUN echo "jenkins ALL=NOPASSWD: ALL" >> /etc/sudoers RUN mkdir -p /opt/maven/repository RUN mkdir -p /ceph/maven/repository EOF 該Dockerfile所做的工作為: 安裝Maven並配置環境變量; 配置Maven倉庫位置,以便啟動時掛載宿主機倉庫為容器中Maven倉庫; 設置啟動用戶為root 構建鏡像 docker build -t jenkinsci/jenkins:v1 /home/jenkins-dockerfile/ Jenkins啟動YAML配置文件 jenkins命令空間創建 cat >namespace-jenkins.yaml<<EOF apiVersion: v1 kind: Namespace metadata: name: jenkins labels: name: jenkins EOF Jenkins 權限配置 此處直接將jenkins-admin集成了cluster-admin權限,可根據自己具體需要進行權限的設置 cat>jenkins-account.yaml<<EOF apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: jenkins name: jenkins-admin namespace: jenkins --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: jenkins-admin labels: k8s-app: jenkins subjects: - kind: ServiceAccount name: jenkins-admin namespace: jenkins roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io EOF Jenkins Deployment配置 此處配置簡單明了,需要說明的地方是掛在卷,此處掛載了四個目錄,下面分別做出掛載原因: /var/jenkins_home(容器) –> /ceph/jenkins_home(宿主機) 我們需要將容器中的Jenkins源目錄掛載導本地宿主機,因為該目錄下保存了Jenkins產生的所有配置、我們的自定義配置、任務配置及詳情等等信息,>所以需要持久化導宿主機,以便重新啟動Jenkins容器的時候能夠找到相應數據,防止數據丟失。此處我們使用的ceph,保證整個kubernetes集群所有機 器能夠共享同一個目錄。 /opt/maven/repository(容器) –> /ceph/maven/repository(宿主機) 這一對掛載目錄是Maven倉庫的掛載目錄,不管是Jenkins master容器或者是Jenkins slave目錄都需要掛載該目錄,以便容器中maven能夠在下載編譯代 碼時能夠從該倉庫中找到相應Jar包,同時也保證了數據的持久化。 /usr/bin/docker(容器) –> /usr/bin/docker(宿主機) /var/run/docker.sock(容器) –> /var/run/docker.sock(宿主機) 這兩對掛載目錄作用是能夠在容器中操作宿主機docker,具體的用途是在slave容器中編輯maven代碼並生成jar之後,需要生成該代碼服務的docker鏡像 並上傳至本地私有倉庫。因此需要操作宿主機docker以便完成這一系列操作 --------------------- cat>jenkins-deployment.yaml<<EOF apiVersion: apps/v1beta2 kind: Deployment metadata: name: jenkins namespace: jenkins labels: k8s-app: jenkins spec: replicas: 1 selector: matchLabels: k8s-app: jenkins template: metadata: labels: k8s-app: jenkins spec: containers: - name: jenkins image: jenkinsci/jenkins:v1 imagePullPolicy: IfNotPresent volumeMounts: - name: jenkins-home mountPath: /var/jenkins_home - name: maven-repository mountPath: /opt/maven/repository - name: docker mountPath: /usr/bin/docker - name: docker-sock mountPath: /var/run/docker.sock ports: - containerPort: 8080 - containerPort: 32000 volumes: - name: jenkins-home hostPath: path: /ceph/jenkins_home - name: maven-repository hostPath: path: /ceph/maven/repository - name: docker hostPath: path: /usr/bin/docker - name: docker-sock hostPath: path: /var/run/docker.sock serviceAccountName: jenkins-admin EOF Jenkins Service配置 該Service配置作用是能夠讓用戶訪問到Jenkins。此處開放並配置了8080、32000端口,這兩個端口在Deployment 中也應該開放。此處配置的宿主機開放端口分別為:31888、32000 cat>jenkins-service.yaml<<EOF kind: Service apiVersion: v1 metadata: labels: k8s-app: jenkins name: jenkins namespace: jenkins annotations: prometheus.io/scrape: ‘true‘ spec: ports: - name: jenkins port: 8080 nodePort: 31888 targetPort: 8080 - name: jenkins-agent port: 32000 nodePort: 32000 targetPort: 32000 type: NodePort selector: k8s-app: jenkins EOF 啟動Jenkins鏡像容器 kubectl create -f namespace-jenkins.yaml kubectl apply -f jenkins-account.yaml kubectl apply -f jenkins-deployment.yaml kubectl apply -f jenkins-service.yaml 生成自定義Jenkins slave鏡像 節點鏡像的配置與master基本一致,也是根據自己需要進行自定義話,也可以直接使用原始的slave鏡像 下載原始鏡像 鏈接:https://pan.baidu.com/s/14z5BnFAXYoMnDoXbiNgmuQ 提取碼:ecsq 導入鏡像 docker load < jenkinsci-jnlp-slave.tar 準備maven安裝包 rz apache-maven-3.5.4-bin.tar.gz mkdir -p /home/jenkins-dockerfile/ mv apache-maven-3.5.4-bin.tar.gz /home/jenkins-dockerfile/ 編寫Dockerfile: cat>/home/jenkins-dockerfile/Dockerfile <<EOF FROM jenkinsci/jnlp-slave USER root RUN apt-get update && apt-get install -y libltdl7.* RUN apt-get install vim* -y ADD apache-maven-3.5.4-bin.tar.gz /usr/local/ ENV MAVEN_HOME=/usr/local/apache-maven-3.5.4 ENV PATH=$JAVA_HOME/bin:$MAVEN_HOME/bin:$PATH ARG dockerGid=999 RUN echo "docker:x:${dockerGid}:jenkins" >> /etc/group RUN echo "jenkins ALL=NOPASSWD: ALL" >> /etc/sudoers RUN mkdir -p /opt/maven/repository RUN mkdir -p /ceph/maven/repository EOF 該Dockerfile所做的工作為: 安裝Maven並配置環境變量; 配置Maven倉庫位置,以便啟動時掛載宿主機倉庫為容器中Maven倉庫; 設置啟動用戶為root 構建鏡像 docker build -t jenkinsci/jnlp-slave:v1 /home/jenkins-dockerfile/ 查看鏡像 [root@test2 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE jenkinsci/jnlp-slave v1 969993fe2aa9 23 seconds ago 1.34 GB jenkinsci/jenkins v1 2114cb298e17 About an hour ago 1.41 GB jenkinsci/jnlp-slave latest a430a5795102 12 days ago 628 MB jenkinsci/jenkins latest b589aefe29ff 3 months ago 703 MB coredns/coredns 1.2.0 da1adafc0e78 7 months ago 34.2 MB infoblox/dnstools latest d0cee038721f 8 months ago 15.7 MB registry.cn-shanghai.aliyuncs.com/gcr-k8s/flannel v0.10.0-amd64 b949a39093d6 10 months ago 44.6 MB registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64 3.1 da86e6ba6ca1 14 months ago 742 kB 三、訪問並操作Jenkins 訪問jenkins http://192.168.0.92:31888 查看密碼 [root@test2 ~]# docker ps -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6f8a62f8a0f7 2114cb298e17 "/sbin/tini -- /us..." About an hour ago Up About an hour k8s_jenkins_jenkins-7b46757695-4hx6f_jenkins_e8cb1035-3fe6-11e9-a258-000c2980fc47_0 docker exec 6f8a62f8a0f7 cat /var/jenkins_home/secrets/initialAdminPassword 471234cd0eb44ec3bfc4015fbacd599b 然後會要求安裝一些插件,可選擇默認安裝,也可自定義選擇要安裝的插件,這裏選擇默認安裝: 設置登錄用戶名密碼: admin/jenkins@123 這時候會跳轉到首頁, 此時Jenkins就可以真正使用了: 對jenkins進行升級 重啟jenkins(有點慢,等5分鐘) 刷新網頁重新登錄 admin/471234cd0eb44ec3bfc4015fbacd599b 查看更新後的版本 重置admin密碼 進入首頁-》系統管理-》全局安全配置 把“啟用安全”勾上和把Jenkins專有用戶數據庫勾上、允許用戶註冊勾上-》保存 點擊右上角的admin-》設置-》修改裏面的密碼為(jenkins@123)-》保存-》重新登錄-》輸入賬號密碼 需要安裝的插件 Kubernetes Cli Plugin:該插件可直接在Jenkins中使用kubernetes命令行進行操作。 Kubernetes plugin: 使用kubernetes則需要安裝該插件 Kubernetes Continuous Deploy Plugin:kubernetes部署插件,可根據需要使用 進入首頁-》系統管理-》插件管理-》可選插件-》輸入kubernetes-》選中所有帶kubernetes的插件進行安裝-》安裝完返回首頁 查看所有帶kubernetes的插件是否安裝上 進入首頁-》系統管理-》插件管理-》已安裝-》輸入kubernetes-》 也可登錄該網站:https://plugins.jenkins.io/,查找需要的插件 增加一個kubernetes雲 點擊 系統管理->系統設置,往下拉可看到雲,點擊新增一個雲來新增一個kubernetes雲 配置jenkins連接kubernetes 請參照:https://www.cnblogs.com/effortsing/p/10013441.html 配置Kubernetes Pod Template 其實就是配置Jenkins的jnlp-slave 在該kubernetes雲下,新增Kubernetes Pod Template,配置一個模板容器配置, 全局配置(非必須) 點擊 系統管理->系統設置,下拉找到全局屬性,可根據需要配置Java環境變量、Maven環境變量 全局工具配置 點擊 系統管理->全局工具配置,此處可配置配置一些常用的工具配置,比如java、ant、maven、docker 參照:https://www.cnblogs.com/effortsing/p/10375689.html 創建Pipeline任務 Pipeline任務采用流式的處理方法,步驟清晰,非常適合進行任務配置。點擊新建 創建一個Pipeline任務 創建完成後,會進入任務配置界面,下拉找到Pipeline(中文版為:流水線),則可編寫Pipeline,進行任務配置 def label = "jnlp-slave" podTemplate(label: label, cloud: ‘kubernetes‘,containers: [ containerTemplate(name: ‘jnlp-slave‘, image: ‘jenkinsci/jnlp-slave:v1‘) ], volumes: [hostPathVolume(mounntPath:‘/opt/maven/repository‘,hostPath:‘/ceph/maven/repository‘), hostPathVolume(mounntPath:‘/usr/bin/docker‘,hostPath:‘/usr/bin/docker‘), hostPathVolume(mounntPath:‘/var/run/docker.sock‘,hostPath:‘/var/run/docker.sock‘)]) { node(label) { stage(‘Get a Maven project‘) { container(label) { stage(‘wait for exec check‘){ sh ‘sleep 10‘ } stage(‘get maven env‘) { sh ‘cat /etc/resolv.conf‘ sh ‘cat /etc/issue‘ sh ‘uname -a‘ sh ‘env‘ } } } } } 開始構建 查看pod狀態 沒做成,可能pipline裏面不是真正的java代碼,做到這裏表明已經成功了 [root@test2 ~]# kubectl get pod -n jenkins NAME READY STATUS RESTARTS AGE jenkins-7b46757695-4hx6f 1/1 Running 0 7h jnlp-slave-8hfq4 1/2 Error 0 1m jnlp-slave-8wpvr 1/2 Error 0 20s jnlp-slave-dm99x 1/2 Terminating 0 5m jnlp-slave-jbtqt 1/2 Terminating 0 5m jnlp-slave-mvzqk 1/2 Error 0 4m jnlp-slave-nk98n 0/2 ContainerCreating 0 0s jnlp-slave-qqd1z 1/2 Error 0 5m jnlp-slave-sbnx0 1/2 Error 0 40s jnlp-slave-txb0b 1/2 Error 0 1m [root@test2 ~]# docker ps -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 789daf005963 eb079fd09f8e "jenkins-slave" About a minute ago Exited (255) About a minute ago k8s_jnlp_jnlp-slave-x2k3c_jenkins_d9b53cdd-4023-11e9-a258-000c2980fc47_0 查看docker日誌發現如下錯誤: [root@test2 ~]# docker logs 789daf005963 Warning: JnlpProtocol3 is disabled by default, use JNLP_PROTOCOL_OPTS to alter the behavior Mar 06, 2019 3:23:54 PM hudson.remoting.jnlp.Main createEngine INFO: Setting up agent: jnlp-slave-x2k3c Mar 06, 2019 3:23:54 PM hudson.remoting.jnlp.Main$CuiListener <init> INFO: Jenkins agent is running in headless mode. Mar 06, 2019 3:23:54 PM hudson.remoting.Engine startEngine INFO: Using Remoting version: 3.27 Mar 06, 2019 3:23:54 PM hudson.remoting.Engine startEngine WARNING: No Working Directory. Using the legacy JAR Cache location: /home/jenkins/.jenkins/cache/jars Mar 06, 2019 3:23:55 PM hudson.remoting.jnlp.Main$CuiListener status INFO: Locating server among [http://192.168.0.92:31888/] Mar 06, 2019 3:23:55 PM org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver resolve INFO: Remoting server accepts the following protocols: [JNLP4-connect, Ping] Mar 06, 2019 3:23:55 PM org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver isPortVisible WARNING: Connection refused (Connection refused) Mar 06, 2019 3:23:55 PM hudson.remoting.jnlp.Main$CuiListener error SEVERE: http://192.168.0.92:31888/ provided port:32000 is not reachable java.io.IOException: http://192.168.0.92:31888/ provided port:32000 is not reachable at org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver.resolve(JnlpAgentEndpointResolver.java:286) at hudson.remoting.Engine.innerRun(Engine.java:523) at hudson.remoting.Engine.run(Engine.java:474) 看錯誤是連不上端口,明天再研究 參照: https://blog.csdn.net/a632189007/article/details/79311795 https://www.sudops.com/kubernetes-jenkins-gitlab-ci-cd-env-2.html http://www.cnblogs.com/hahp/p/5812455.html
k8s版jenkins中master/slave模式