k8s部署分布式jenkins具体方法

Jenkins是一个开源的、可扩展的持续集成、交付、部署（软件/代码的编译、打包、部署）的基于web界面的平台。允许持续集成和持续交付项目，无论用的是什么平台，可以处理任何类型的构建或持续集成。

前提条件是，有storageclass，利用pvc 创建持久化存储 创建kube-ops namespace

这里创建opspvc 另外把accessmode 换成readwritemany，因为会有多个pod 进行读写

然后部署jenkins master deployment如下

---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
 name: jenkins
 namespace: kube-ops
spec:
 template:
   metadata:
     labels:
       app: jenkins
   spec:
     terminationGracePeriodSeconds: 10
     serviceAccountName: jenkins
     containers:
     - name: jenkins
       image: jenkins/jenkins:lts
       imagePullPolicy: IfNotPresent
       ports:
       - containerPort: 8080
         name: web
         protocol: TCP
       - containerPort: 50000
         name: agent
         protocol: TCP
       resources:
         limits:
           cpu: 2000m
           memory: 4Gi
         requests:
           cpu: 1000m
           memory: 2Gi
       livenessProbe:
         httpGet:
           path: /login
           port: 8080
         initialDelaySeconds: 60
         timeoutSeconds: 5
         failureThreshold: 12
       readinessProbe:
         httpGet:
           path: /login
           port: 8080
         initialDelaySeconds: 60
         timeoutSeconds: 5
         failureThreshold: 12
       volumeMounts:
       - name: jenkinshome
         subPath: jenkins
         mountPath: /var/jenkins_home
       env:
       - name: LIMITS_MEMORY
         valueFrom:
           resourceFieldRef:
             resource: limits.memory
             divisor: 1Mi
       - name: JAVA_OPTS
         value: -Xmx$(LIMITS_MEMORY)m -XshowSettings:vm -Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85 -Duser.timezone=Asia/Shanghai
     securityContext:
       fsGroup: 1000
     volumes:
     - name: jenkinshome
       persistentVolumeClaim:
         claimName: opspvc

---
apiVersion: v1
kind: Service
metadata:
 name: jenkins
 namespace: kube-ops
 labels:
   app: jenkins
spec:
 selector:
   app: jenkins
 ports:
 - name: web
   port: 8080
   targetPort: web
 - name: agent
   port: 50000
   targetPort: agent

分配权限，配置rbac如下

apiVersion: v1
kind: ServiceAccount
metadata:
 name: jenkins
 namespace: kube-ops

---

kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
 name: jenkins
 namespace: kube-ops
rules:
 - apiGroups: [""]
   resources: ["pods"]
   verbs: ["create","delete","get","list","patch","update","watch"]
 - apiGroups: [""]
   resources: ["pods/exec"]
   verbs: ["create","delete","get","list","patch","update","watch"]
 - apiGroups: [""]
   resources: ["pods/log"]
   verbs: ["get","list","watch"]
 - apiGroups: [""]
   resources: ["secrets"]
   verbs: ["get"]

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
 name: jenkins
 namespace: kube-ops
roleRef:
 apiGroup: rbac.authorization.k8s.io
 kind: Role
 name: jenkins
subjects:
 - kind: ServiceAccount
   name: jenkins
   namespace: kube-ops

安装k8s 插件，与k8s 目标集群进行远程连接

因为是腾讯云，并没有提供tls 客户端认证，所以直接利用账号密码，进行认证，记得，禁用https 证书检查,jenkins和k8s 就集成好了

划重点！！！：jenkins地址，这里我这里写的是内网地址以及暴露了50000端口（用来与slave 建立通信使用），因为master 和slave 分别在不通的k8s 集群里，那么需要远程进行联通，而jenkins-ui 我是以ingress 的方式对外暴露

slave 的配置

这里需要注意的是标签列表，这里填写的标签，需要在slave 所在k8s 集群的节点上进行标注，而这个名字，是label这个字段里的key 并未是value，这里要注意

job 里配置

这个意思就是 slave 会尽可能的在这个节点build

以上就是良许教程网为各位朋友分享的Linu系统相关内容。想要了解更多Linux相关知识记得关注公众号“良许Linux”，或扫描下方二维码进行关注，更多干货等着你 ！