Jenkins官網:https://www.jenkins.io/zh/
Jenkins 2.190.3 鏡像地址:docker pull jenkins/jenkins:2.190.3
1.下載Jenkins鏡像
在運維主機(mfyxw50.mfyxw.com)上操作
[root@mfyxw50 ~]# docker pull jenkins/jenkins:2.190.3
2.對jenkins打標簽並上傳至私有倉庫
在運維主機(mfyxw50.mfyxw.com)上操作
[root@mfyxw50 ~]# docker images | grep jenkins
[root@mfyxw50 ~]# docker tag 22b8b9a84dbe harbor.od.com/public/jenkins:v2.190.3
[root@mfyxw50 ~]# docker login harbor.od.com
[root@mfyxw50 ~]# docker push harbor.od.com/public/jenkins:v2.190.3
3.自定義Dockerfile文件
在運維主機(mfyxw50.mfyxw.com)上操作
[root@mfyxw50 ~]# mkdir -p /data/dockerfile/jenkins
[root@mfyxw50 ~]# cat > /data/dockerfile/jenkins/Dockerfile << EOF
FROM harbor.od.com/public/jenkins:v2.190.3
USER root
RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
echo 'Asia/Shanghai' > /etc/timezone
ADD id_rsa /root/.ssh/id_rsa
ADD config.json /root/.docker/config.json
ADD get-docker.sh /get-docker.sh
RUN echo " StrictHostKeyChecking no" >> /etc/ssh/ssh_config &&\
/get-docker.sh
EOF
這個Dockerfile里我們主要做了以下幾件事
- 設置容器用戶為root
- 設置容器內的時區
- 將ssh私鑰加入(使用git拉代碼時要用到,配對的公鑰應配置在gitlab中)
- 加入了登錄自建harbor倉庫的config文件
- 修改了ssh客戶端的
- 安裝一個docker的客戶端
4.生成ssh密鑰對
在運維主機(mfyxw50.mfyxw.com)上操作
[root@mfyxw50 ~]# ssh-keygen -t rsa -b 2048 -C "mfyxw@qq.com" -N "" -f /root/.ssh/id_rsa
4.將dockerfile文件需要的文件復制到jenkins目錄
在運維主機(mfyxw50.mfyxw.com)上操作
[root@mfyxw50 ~]# cd /data/dockerfile/jenkins/
[root@mfyxw50 jenkins]# cp /root/.ssh/id_rsa .
[root@mfyxw50 jenkins]# cp /root/.docker/config.json .
[root@mfyxw50 jenkins]# curl -fsSL get.docker.com -o get-docker.sh
[root@mfyxw50 jenkins]# chmod +x get-docker.sh
config.json文件內容
{
"auths": {
"harbor.od.com": {
"auth": "YWRtaW46SGFyYm9yMTIzNDU="
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/19.03.8 (linux)"
}
}
get-docker.sh文件內容
#!/bin/sh
set -e
# Docker CE for Linux installation script
#
# See https://docs.docker.com/install/ for the installation steps.
#
# This script is meant for quick & easy install via:
# $ curl -fsSL https://get.docker.com -o get-docker.sh
# $ sh get-docker.sh
#
# For test builds (ie. release candidates):
# $ curl -fsSL https://test.docker.com -o test-docker.sh
# $ sh test-docker.sh
#
# NOTE: Make sure to verify the contents of the script
# you downloaded matches the contents of install.sh
# located at https://github.com/docker/docker-install
# before executing.
#
# Git commit from https://github.com/docker/docker-install when
# the script was uploaded (Should only be modified by upload job):
SCRIPT_COMMIT_SHA="26ff363bcf3b3f5a00498ac43694bf1c7d9ce16c"
# The channel to install from:
# * nightly
# * test
# * stable
# * edge (deprecated)
DEFAULT_CHANNEL_VALUE="stable"
if [ -z "$CHANNEL" ]; then
CHANNEL=$DEFAULT_CHANNEL_VALUE
fi
DEFAULT_DOWNLOAD_URL="https://download.docker.com"
if [ -z "$DOWNLOAD_URL" ]; then
DOWNLOAD_URL=$DEFAULT_DOWNLOAD_URL
fi
DEFAULT_REPO_FILE="docker-ce.repo"
if [ -z "$REPO_FILE" ]; then
REPO_FILE="$DEFAULT_REPO_FILE"
fi
mirror=''
DRY_RUN=${DRY_RUN:-}
while [ $# -gt 0 ]; do
case "$1" in
--mirror)
mirror="$2"
shift
;;
--dry-run)
DRY_RUN=1
;;
--*)
echo "Illegal option $1"
;;
esac
shift $(( $# > 0 ? 1 : 0 ))
done
case "$mirror" in
Aliyun)
DOWNLOAD_URL="https://mirrors.aliyun.com/docker-ce"
;;
AzureChinaCloud)
DOWNLOAD_URL="https://mirror.azure.cn/docker-ce"
;;
esac
command_exists() {
command -v "$@" > /dev/null 2>&1
}
is_dry_run() {
if [ -z "$DRY_RUN" ]; then
return 1
else
return 0
fi
}
is_wsl() {
case "$(uname -r)" in
*microsoft* ) true ;; # WSL 2
*Microsoft* ) true ;; # WSL 1
* ) false;;
esac
}
is_darwin() {
case "$(uname -s)" in
*darwin* ) true ;;
*Darwin* ) true ;;
* ) false;;
esac
}
deprecation_notice() {
distro=$1
date=$2
echo
echo "DEPRECATION WARNING:"
echo " The distribution, $distro, will no longer be supported in this script as of $date."
echo " If you feel this is a mistake please submit an issue at https://github.com/docker/docker-install/issues/new"
echo
sleep 10
}
get_distribution() {
lsb_dist=""
# Every system that we officially support has /etc/os-release
if [ -r /etc/os-release ]; then
lsb_dist="$(. /etc/os-release && echo "$ID")"
fi
# Returning an empty string here should be alright since the
# case statements don't act unless you provide an actual value
echo "$lsb_dist"
}
add_debian_backport_repo() {
debian_version="$1"
backports="deb http://ftp.debian.org/debian $debian_version-backports main"
if ! grep -Fxq "$backports" /etc/apt/sources.list; then
(set -x; $sh_c "echo \"$backports\" >> /etc/apt/sources.list")
fi
}
echo_docker_as_nonroot() {
if is_dry_run; then
return
fi
if command_exists docker && [ -e /var/run/docker.sock ]; then
(
set -x
$sh_c 'docker version'
) || true
fi
your_user=your-user
[ "$user" != 'root' ] && your_user="$user"
# intentionally mixed spaces and tabs here -- tabs are stripped by "<<-EOF", spaces are kept in the output
echo "If you would like to use Docker as a non-root user, you should now consider"
echo "adding your user to the \"docker\" group with something like:"
echo
echo " sudo usermod -aG docker $your_user"
echo
echo "Remember that you will have to log out and back in for this to take effect!"
echo
echo "WARNING: Adding a user to the \"docker\" group will grant the ability to run"
echo " containers which can be used to obtain root privileges on the"
echo " docker host."
echo " Refer to https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface"
echo " for more information."
}
# Check if this is a forked Linux distro
check_forked() {
# Check for lsb_release command existence, it usually exists in forked distros
if command_exists lsb_release; then
# Check if the `-u` option is supported
set +e
lsb_release -a -u > /dev/null 2>&1
lsb_release_exit_code=$?
set -e
# Check if the command has exited successfully, it means we're in a forked distro
if [ "$lsb_release_exit_code" = "0" ]; then
# Print info about current distro
cat <<-EOF
You're using '$lsb_dist' version '$dist_version'.
EOF
# Get the upstream release info
lsb_dist=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[:space:]')
dist_version=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'codename' | cut -d ':' -f 2 | tr -d '[:space:]')
# Print info about upstream distro
cat <<-EOF
Upstream release is '$lsb_dist' version '$dist_version'.
EOF
else
if [ -r /etc/debian_version ] && [ "$lsb_dist" != "ubuntu" ] && [ "$lsb_dist" != "raspbian" ]; then
if [ "$lsb_dist" = "osmc" ]; then
# OSMC runs Raspbian
lsb_dist=raspbian
else
# We're Debian and don't even know it!
lsb_dist=debian
fi
dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
case "$dist_version" in
10)
dist_version="buster"
;;
9)
dist_version="stretch"
;;
8|'Kali Linux 2')
dist_version="jessie"
;;
esac
fi
fi
fi
}
semverParse() {
major="${1%%.*}"
minor="${1#$major.}"
minor="${minor%%.*}"
patch="${1#$major.$minor.}"
patch="${patch%%[-.]*}"
}
do_install() {
echo "# Executing docker install script, commit: $SCRIPT_COMMIT_SHA"
if command_exists docker; then
docker_version="$(docker -v | cut -d ' ' -f3 | cut -d ',' -f1)"
MAJOR_W=1
MINOR_W=10
semverParse "$docker_version"
shouldWarn=0
if [ "$major" -lt "$MAJOR_W" ]; then
shouldWarn=1
fi
if [ "$major" -le "$MAJOR_W" ] && [ "$minor" -lt "$MINOR_W" ]; then
shouldWarn=1
fi
cat >&2 <<-'EOF'
Warning: the "docker" command appears to already exist on this system.
If you already have Docker installed, this script can cause trouble, which is
why we're displaying this warning and provide the opportunity to cancel the
installation.
If you installed the current Docker package using this script and are using it
EOF
if [ $shouldWarn -eq 1 ]; then
cat >&2 <<-'EOF'
again to update Docker, we urge you to migrate your image store before upgrading
to v1.10+.
You can find instructions for this here:
https://github.com/docker/docker/wiki/Engine-v1.10.0-content-addressability-migration
EOF
else
cat >&2 <<-'EOF'
again to update Docker, you can safely ignore this message.
EOF
fi
cat >&2 <<-'EOF'
You may press Ctrl+C now to abort this script.
EOF
( set -x; sleep 20 )
fi
user="$(id -un 2>/dev/null || true)"
sh_c='sh -c'
if [ "$user" != 'root' ]; then
if command_exists sudo; then
sh_c='sudo -E sh -c'
elif command_exists su; then
sh_c='su -c'
else
cat >&2 <<-'EOF'
Error: this installer needs the ability to run commands as root.
We are unable to find either "sudo" or "su" available to make this happen.
EOF
exit 1
fi
fi
if is_dry_run; then
sh_c="echo"
fi
# perform some very rudimentary platform detection
lsb_dist=$( get_distribution )
lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')"
if is_wsl; then
echo
echo "WSL DETECTED: We recommend using Docker Desktop for Windows."
echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop"
echo
cat >&2 <<-'EOF'
You may press Ctrl+C now to abort this script.
EOF
( set -x; sleep 20 )
fi
case "$lsb_dist" in
ubuntu)
if command_exists lsb_release; then
dist_version="$(lsb_release --codename | cut -f2)"
fi
if [ -z "$dist_version" ] && [ -r /etc/lsb-release ]; then
dist_version="$(. /etc/lsb-release && echo "$DISTRIB_CODENAME")"
fi
;;
debian|raspbian)
dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
case "$dist_version" in
10)
dist_version="buster"
;;
9)
dist_version="stretch"
;;
8)
dist_version="jessie"
;;
esac
;;
centos|rhel)
if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
fi
;;
*)
if command_exists lsb_release; then
dist_version="$(lsb_release --release | cut -f2)"
fi
if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
fi
;;
esac
# Check if this is a forked Linux distro
check_forked
# Run setup for each distro accordingly
case "$lsb_dist" in
ubuntu|debian|raspbian)
pre_reqs="apt-transport-https ca-certificates curl"
if [ "$lsb_dist" = "debian" ]; then
# libseccomp2 does not exist for debian jessie main repos for aarch64
if [ "$(uname -m)" = "aarch64" ] && [ "$dist_version" = "jessie" ]; then
add_debian_backport_repo "$dist_version"
fi
fi
if ! command -v gpg > /dev/null; then
pre_reqs="$pre_reqs gnupg"
fi
apt_repo="deb [arch=$(dpkg --print-architecture)] $DOWNLOAD_URL/linux/$lsb_dist $dist_version $CHANNEL"
(
if ! is_dry_run; then
set -x
fi
$sh_c 'apt-get update -qq >/dev/null'
$sh_c "DEBIAN_FRONTEND=noninteractive apt-get install -y -qq $pre_reqs >/dev/null"
$sh_c "curl -fsSL \"$DOWNLOAD_URL/linux/$lsb_dist/gpg\" | apt-key add -qq - >/dev/null"
$sh_c "echo \"$apt_repo\" > /etc/apt/sources.list.d/docker.list"
$sh_c 'apt-get update -qq >/dev/null'
)
pkg_version=""
if [ -n "$VERSION" ]; then
if is_dry_run; then
echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
else
# Will work for incomplete versions IE (17.12), but may not actually grab the "latest" if in the test channel
pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/~ce~.*/g" | sed "s/-/.*/g").*-0~$lsb_dist"
search_command="apt-cache madison 'docker-ce' | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3"
pkg_version="$($sh_c "$search_command")"
echo "INFO: Searching repository for VERSION '$VERSION'"
echo "INFO: $search_command"
if [ -z "$pkg_version" ]; then
echo
echo "ERROR: '$VERSION' not found amongst apt-cache madison results"
echo
exit 1
fi
search_command="apt-cache madison 'docker-ce-cli' | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3"
# Don't insert an = for cli_pkg_version, we'll just include it later
cli_pkg_version="$($sh_c "$search_command")"
pkg_version="=$pkg_version"
fi
fi
(
if ! is_dry_run; then
set -x
fi
if [ -n "$cli_pkg_version" ]; then
$sh_c "apt-get install -y -qq --no-install-recommends docker-ce-cli=$cli_pkg_version >/dev/null"
fi
$sh_c "apt-get install -y -qq --no-install-recommends docker-ce$pkg_version >/dev/null"
)
echo_docker_as_nonroot
exit 0
;;
centos|fedora|rhel)
yum_repo="$DOWNLOAD_URL/linux/$lsb_dist/$REPO_FILE"
if ! curl -Ifs "$yum_repo" > /dev/null; then
echo "Error: Unable to curl repository file $yum_repo, is it valid?"
exit 1
fi
if [ "$lsb_dist" = "fedora" ]; then
pkg_manager="dnf"
config_manager="dnf config-manager"
enable_channel_flag="--set-enabled"
disable_channel_flag="--set-disabled"
pre_reqs="dnf-plugins-core"
pkg_suffix="fc$dist_version"
else
pkg_manager="yum"
config_manager="yum-config-manager"
enable_channel_flag="--enable"
disable_channel_flag="--disable"
pre_reqs="yum-utils"
pkg_suffix="el"
fi
(
if ! is_dry_run; then
set -x
fi
$sh_c "$pkg_manager install -y -q $pre_reqs"
$sh_c "$config_manager --add-repo $yum_repo"
if [ "$CHANNEL" != "stable" ]; then
$sh_c "$config_manager $disable_channel_flag docker-ce-*"
$sh_c "$config_manager $enable_channel_flag docker-ce-$CHANNEL"
fi
$sh_c "$pkg_manager makecache"
)
pkg_version=""
if [ -n "$VERSION" ]; then
if is_dry_run; then
echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
else
pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/\\\\.ce.*/g" | sed "s/-/.*/g").*$pkg_suffix"
search_command="$pkg_manager list --showduplicates 'docker-ce' | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'"
pkg_version="$($sh_c "$search_command")"
echo "INFO: Searching repository for VERSION '$VERSION'"
echo "INFO: $search_command"
if [ -z "$pkg_version" ]; then
echo
echo "ERROR: '$VERSION' not found amongst $pkg_manager list results"
echo
exit 1
fi
search_command="$pkg_manager list --showduplicates 'docker-ce-cli' | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'"
# It's okay for cli_pkg_version to be blank, since older versions don't support a cli package
cli_pkg_version="$($sh_c "$search_command" | cut -d':' -f 2)"
# Cut out the epoch and prefix with a '-'
pkg_version="-$(echo "$pkg_version" | cut -d':' -f 2)"
fi
fi
(
if ! is_dry_run; then
set -x
fi
# install the correct cli version first
if [ -n "$cli_pkg_version" ]; then
$sh_c "$pkg_manager install -y -q docker-ce-cli-$cli_pkg_version"
fi
$sh_c "$pkg_manager install -y -q docker-ce$pkg_version"
)
echo_docker_as_nonroot
exit 0
;;
*)
if [ -z "$lsb_dist" ]; then
if is_darwin; then
echo
echo "ERROR: Unsupported operating system 'macOS'"
echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop"
echo
exit 1
fi
fi
echo
echo "ERROR: Unsupported distribution '$lsb_dist'"
echo
exit 1
;;
esac
exit 1
}
# wrapped up in a function so that we have some protection against only getting
# half the file during "curl | sh"
do_install
5.在harbor私有倉庫中創建存放jenkin的私有鏡像
6.制作自定義鏡像
在運維主機(mfyxw50.mfyxw.com)上操作
[root@mfyxw50 ~]# cd /data/dockerfile/jenkins/
[root@mfyxw50 jenkins]# docker build . -t harbor.od.com/infra/jenkins:v2.190.3
7.將infra/jenkins的鏡像推送到私有倉庫
在運維主機(mfyxw50.mfyxw.com)上操作
[root@mfyxw50 ~]# docker images | grep jenkins
[root@mfyxw50 ~]# docker login harbor.od.com
[root@mfyxw50 ~]# docker push harbor.od.com/infra/jenkins:v2.190.3
8.查看倉庫中infra是否已經上傳了jenkins
9.測試是否能正常登錄
在運維主機(mfyxw50.mfyxw.com)上操作
[root@mfyxw50 jenkins]# docker run --rm harbor.od.com/infra/jenkins:v2.190.3 ssh -i /root/.ssh/id_rsa -T XXX@gitee.com
10.創建保存jenkins目錄
在運維主機(mfyxw50.mfyxw.com)上操作
[root@mfyxw50 ~]# mkdir -p /data/k8s-yaml/jenkins
[root@mfyxw50 ~]# mkdir -p /data/nfs-volume/jenkins_home
[root@mfyxw50 ~]# cd /data/k8s-yaml/jenkins/
11.創建jenkins資源配置清單
在運維主機(mfyxw50.mfyxw.com)上操作
Deployment.yaml代碼如下:
[root@mfyxw50 ~]# cat > /data/k8s-yaml/jenkins/Deployment.yaml << EOF
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: jenkins
namespace: infra
labels:
name: jenkins
spec:
replicas: 1
selector:
matchLabels:
name: jenkins
template:
metadata:
labels:
app: jenkins
name: jenkins
spec:
volumes:
- name: data
nfs:
server: mfyxw50
path: /data/nfs-volume/jenkins_home
- name: docker
hostPath:
path: /run/docker.sock
type: ''
containers:
- name: jenkins
image: harbor.od.com/infra/jenkins:v2.190.3
ports:
- containerPort: 8080
protocol: TCP
env:
- name: JAVA_OPTS
value: -Xmx512m -Xms512m
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 500m
memory: 1Gi
volumeMounts:
- name: data
mountPath: /var/jenkins_home
- name: docker
mountPath: /run/docker.sock
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
imagePullSecrets:
- name: harbor
restartPolicy: Always
terminationGracePeriodSeconds: 30
securityContext:
runAsUser: 0
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
revisionHistoryLimit: 7
progressDeadlineSeconds: 600
EOF
Service.yaml代碼如下:
[root@mfyxw50 ~]# cat > /data/k8s-yaml/jenkins/Service.yaml << EOF
kind: Service
apiVersion: v1
metadata:
name: jenkins
namespace: infra
spec:
ports:
- protocol: TCP
port: 80
targetPort: 8080
selector:
app: jenkins
type: ClusterIP
sessionAffinity: None
EOF
Ingress.yaml代碼如下:
[root@mfyxw50 ~]# cat > /data/k8s-yaml/jenkins/Ingress.yaml << EOF
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: jenkins
namespace: infra
spec:
rules:
- host: jenkins.od.com
http:
paths:
- path: /
backend:
serviceName: jenkins
servicePort: 80
EOF
12.安裝nfs服務
在運維節點(mfyxw30.mfyxw.com和mfyxw40.mfyxw.com)作為NFS客戶端和運維主機(mfyxw50.mfyxw.com)作為NFS服務端同,分別執行
~]# yum -y install nfs-utils
在運維主機(mfyxw50.mfyxw.com)上執行如下操作
[root@mfyxw50 ~]# cat > /etc/exports << EOF
/data/nfs-volume 192.168.80.0/24(rw,no_root_squash)
EOF
創建nfs共享目錄
[root@mfyxw50 ~]# mkdir -p /data/nfs-volume
啟動NFS服務
[root@mfyxw50 ~]# systemctl start nfs && systemctl enable nfs
13.為拉私有倉庫私有鏡像創建一個secret
在master節點(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)上任意一台執行
[root@mfyxw30 ~]# kubectl create secret docker-registry harbor --docker-server=harbor.od.com --docker-username=admin --docker-password=Harbor12345 -n infra
[root@mfyxw30 ~]# kubectl get secret -n infra
14.應用Jenkins資源配置清單
在master節點(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可
在應用資源配置清單 要先創建一個infra名稱空間
[root@mfyxw30 ~]# kubectl create ns infra
[root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/jenkins/Deployment.yaml
[root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/jenkins/Service.yaml
[root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/jenkins/Ingress.yaml
15.查詢pod,svc,ingress是否成功
在master節點(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可
備注,可能jenkins的pod的名稱有不一致,但不影響整個教程
[root@mfyxw30 ~]# kubectl get pod -n infra
[root@mfyxw30 ~]# kubectl get svc -n infra
[root@mfyxw30 ~]# kubectl get ingress -n infra
16.添加解析域名jenkins.od.com
在DNS服務器(mfyxw10.mfyxw.com)上操作
[root@mfyxw10 ~]# cat > /var/named/od.com.zone << EOF
\$ORIGIN od.com.
\$TTL 600 ; 10 minutes
@ IN SOA dns.od.com. dnsadmin.od.com. (
;序號請加1,表示比之前版本要新
2020031308 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS dns.od.com.
\$TTL 60 ; 1 minute
dns A 192.168.80.10
harbor A 192.168.80.50 ;添加harbor記錄
k8s-yaml A 192.168.80.50
traefik A 192.168.80.100
dashboard A 192.168.80.100
zk1 A 192.168.80.10
zk2 A 192.168.80.20
zk3 A 192.168.80.30
jenkins A 192.168.80.100
EOF
重啟DNS服務器並嘗試解析域名
[root@mfyxw10 ~]# systemctl restart named
[root@mfyxw10 ~]# dig -t A jenkins.od.com @192.168.80.10 +short
17.在瀏覽器中訪問jenkins
18.查看jenkins的登錄密碼
在master節點(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可
查看jenkins運行在哪個node節點上
[root@mfyxw30 ~]# kubectl get pod -o wide -n infra
查詢出來jenkins是運行在mfyxw40.mfyxw.com主機上,進入到/data/kubelet/pods/d4a68480-78ec-463d-b25e-d9caa8714219/volumes/kubernetes.io~nfs/data/secrets目錄查看initialAdminPassword文件可以得到登錄jenkins的密碼
19.登錄jenkins后操作及設置
成功安裝了Blue Ocean插件
20.解決下載插件出錯問題
如上圖所示,就是在下載插件的時候會出現Failure,建議更換為國內源
國內源地址:https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json
解決方法:
更換了源,再次去搜索並安裝插件即可
可以進入到運維主機(mfyxw50.mfyxw.com)的/data/nfs-volume/jenkins_home/plugins目錄下,可以看到下載的插件的軟件都放在此目錄中
21.通過查看日志判斷jenkins是否完全啟動
在master節點(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可
[root@mfyxw30 ~]# kubectl logs jenkins-b99776c69-jrvwn -n infra
22.驗證jenkins是否可用
查看jenkins運行在哪台node節點上
在master節點(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可
[root@mfyxw30 ~]# kubectl get pod -n infra -o wide
在mfyxw40.mfyxw.com主機上執行
[root@mfyxw40 ~]# docker ps -a | grep jenkins
在master節點(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可
在jenkins容器中,驗證jenkins容器是否以root身份運行及時區是否為東八區
[root@mfyxw30 ~]# kubectl exec -it jenkins-b99776c69-p6skp -n infra -- /bin/bash #進入到jenkins容器
root@jenkins-b99776c69-p6skp:/# whoami #查看jenkins是否以root身份運行
root@jenkins-b99776c69-p6skp:/# date #查看jenkins的時區是否為東八區
在jenkins容器中,驗證是否連接宿主機的docker的引擎
[root@mfyxw30 ~]# kubectl exec -it jenkins-b99776c69-p6skp -n infra -- /bin/bash
root@jenkins-b99776c69-p6skp:/# docker ps -a
在mfyxw40.mfyxw.com宿主機上查詢所有的容器運行情況,是否與進入到jenkins容器里查詢到的一致
[root@mfyxw40 ~]# docker ps -a
在jenkins容器中,驗證是否可以登錄到harbor倉庫
[root@mfyxw30 ~]# kubectl exec -it jenkins-b99776c69-p6skp -n infra -- /bin/bash
root@jenkins-b99776c69-p6skp:/# docker login harbor.od.com
root@jenkins-b99776c69-p6skp:/# cat /root/.docker/config.json
在jenkins容器中,驗證是否可以登錄到gitee倉庫
[root@mfyxw30 ~]# kubectl exec -it jenkins-b99776c69-p6skp -n infra -- /bin/bash
root@jenkins-b99776c69-p6skp:/# ssh -i /root/.ssh/id_rsa -T xxx@gitee.com
