helm 安装 jenkins
2022-09-12
helm repo add jenkinsci https://charts.jenkins.io
helm repo update
helm search repo jenkinsci
最后决定还是不使用 helm 安装,自己定制化安装吧😂;
jenkinsDeploy.yaml
###############使用 storageClass 创建 pvc ###################
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins-test-data-pvc
spec:
accessModes:
# eks 不支持 ReadWriteMany
# - ReadWriteMany
- ReadWriteOnce
# 指定 storageClass 的名字,这里使用 minikube 默认的 standard
storageClassName: gp3
resources:
requests:
storage: 10Gi
###############创建一个ServiceAccount 名称为:jenkins-test-admin###################
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins-test-admin
labels:
name: jenkins
###############绑定账户jenkins-test-admin 为集群管理员角色,为了控制权限建议绑定自定义角色###################
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: jenkins-test-admin
labels:
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins-test-admin
roleRef:
kind: ClusterRole
# cluster-admin 是 k8s 集群中默认的管理员角色
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
############### 在 default 命名空间创建 deployment ###################
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
spec:
replicas: 1
selector:
matchLabels:
app: jenkins
template:
metadata:
labels:
app: jenkins
spec:
nodeSelector:
# 选择节点标签
topology.ebs.csi.aws.com/zone: us-west-2a
affinity:
# 指定 标签名为 NetworkType: Private 的节点部署
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: NetworkType
operator: In
values:
- Private
terminationGracePeriodSeconds: 10
# 注意:k8s 1.21.x 中 serviceAccount 改名为 serviceAccountName
# 这里填写上面创建的 serviceAccount 的 name
serviceAccount: jenkins-test-admin
containers:
- name: jenkins
securityContext:
# 特权模式
privileged: true
# root 用户运行
runAsUser: 0
image: jenkins/jenkins:lts-jdk11
imagePullPolicy: IfNotPresent
env:
- name: JAVA_OPTS
value: -Duser.timezone=Asia/Shanghai
ports:
- containerPort: 8080
name: web
protocol: TCP
- containerPort: 50000
name: agent
protocol: TCP
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 500m
memory: 512Mi
livenessProbe:
httpGet:
path: /login
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 5
failureThreshold: 12
readinessProbe:
httpGet:
path: /login
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 5
failureThreshold: 12
volumeMounts:
- name: jenkinshome
mountPath: /var/jenkins_home
volumes:
- name: jenkinshome
persistentVolumeClaim:
claimName: jenkins-test-data-pvc
############### 在 default 命名空间创建 service ###################
---
apiVersion: v1
kind: Service
metadata:
name: jenkins
labels:
app: jenkins
spec:
selector:
app: jenkins
type: ClusterIP
ports:
- name: web
port: 8080
targetPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: jenkins-agent
labels:
app: jenkins
spec:
selector:
app: jenkins
type: ClusterIP
ports:
- name: agent
port: 50000
targetPort: 50000
kubectl create -f jenkinsDeploy.yaml
获取 jekins 密码
进入 pod 内部,查看 /var/jenkins_home/secrets/initialAdminPassword 文件即可得到密码;