1.下載Jenkins鏡像打包上傳harbor上
[root@hdss7-200 ~]# docker pull jenkins/jenkins:2.190.3 [root@hdss7-200 ~]# docker images |grep jenkins [root@hdss7-200 ~]# docker tag 22b8b9a84dbe harbor.fx.com/public/jenkins:v2.190.3 [root@hdss7-200 ~]# docker push harbor.fx.com/public/jenkins:v2.190.3
2.自定義Dockerfile文件
[root@hdss7-200 ~]# mkdir -p /data/dockerfile/jenkins && cd /data/dockerfile/jenkins/ [root@hdss7-200 ~]# vim /data/dockerfile/jenkins/Dockerfile FROM harbor.fx.com/public/jenkins:v2.190.3 USER root RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \ echo 'Asia/Shanghai' > /etc/timezone ADD id_rsa /root/.ssh/id_rsa ADD config.json /root/.docker/config.json ADD get-docker.sh /get-docker.sh RUN echo " StrictHostKeyChecking no" >> /etc/ssh/ssh_config &&\ /get-docker.sh
這個Dockerfile里我們主要做了以下幾件事
- 設置容器用戶為root
- 設置容器內的時區
- 將ssh私鑰加入(使用git拉代碼時要用到,配對的公鑰應配置在gitlab中)
- 加入了登錄自建harbor倉庫的config文件
- 修改了ssh客戶端的
- 安裝一個docker的客戶端
3.生成ssh密鑰對
[root@hdss7-200 ~]# ssh-keygen -t rsa -b 2048 -C "fangxing1001@163.com" -N "" -f /root/.ssh/id_rsa
4.將dockerfile文件需要的文件復制到jenkins目錄
[root@hdss7-200 ~]# cd /data/dockerfile/jenkins/ [root@hdss7-200 jenkins]# cp /root/.ssh/id_rsa . [root@hdss7-200 jenkins]# cp /root/.docker/config.json . [root@hdss7-200 jenkins]# curl -fsSL get.docker.com -o get-docker.sh [root@hdss7-200 jenkins]# chmod +x get-docker.sh
5.在harbor私有倉庫中創建存放jenkin的私有鏡像
6.制作自定義鏡像並推送到harbor倉庫
[root@hdss7-200 ~]# cd /data/dockerfile/jenkins/ [root@hdss7-200 ~]# docker build . -t harbor.fx.com/infra/jenkins:v2.190.3 [root@hdss7-200 ~]# docker push harbor.od.com/infra/jenkins:v2.190.3
7.創建保存jenkins目錄
[root@hdss7-200 ~]# mkdir -p /data/k8s-yaml/jenkins [root@hdss7-200 ~]# mkdir -p /data/nfs-volume/jenkins_home [root@hdss7-200 ~]# cd /data/k8s-yaml/jenkins/
8.創建資源配置清單
Deployment.yaml
[root@hdss7-200 jenkins]# vim Deployment.yaml kind: Deployment apiVersion: extensions/v1beta1 metadata: name: jenkins namespace: infra labels: name: jenkins spec: replicas: 1 selector: matchLabels: name: jenkins template: metadata: labels: app: jenkins name: jenkins spec: volumes: - name: data nfs: server: hdss7-200.host.com path: /data/nfs-volume/jenkins_home - name: docker hostPath: path: /run/docker.sock type: '' containers: - name: jenkins image: harbor.fx.com/infra/jenkins:v2.190.3 ports: - containerPort: 8080 protocol: TCP env: - name: JAVA_OPTS value: -Xmx512m -Xms512m resources: limits: cpu: 500m memory: 1Gi requests: cpu: 500m memory: 1Gi volumeMounts: - name: data mountPath: /var/jenkins_home - name: docker mountPath: /run/docker.sock terminationMessagePath: /dev/termination-log terminationMessagePolicy: File imagePullPolicy: IfNotPresent imagePullSecrets: - name: harbor restartPolicy: Always terminationGracePeriodSeconds: 30 securityContext: runAsUser: 0 schedulerName: default-scheduler strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 maxSurge: 1 revisionHistoryLimit: 7 progressDeadlineSeconds: 600
Service.yaml
[root@hdss7-200 jenkins]# vim Service.yaml kind: Service apiVersion: v1 metadata: name: jenkins namespace: infra spec: ports: - protocol: TCP port: 80 targetPort: 8080 selector: app: jenkins type: ClusterIP sessionAffinity: None
Ingress.yaml
[root@hdss7-200 jenkins]# vim Ingress.yaml kind: Ingress apiVersion: extensions/v1beta1 metadata: name: jenkins namespace: infra spec: rules: - host: jenkins.fx.com http: paths: - path: / backend: serviceName: jenkins servicePort: 80
9.部署ntf服務
[root@hdss7-200 ~]# yum -y install nfs-utils [root@hdss7-200 ~]# vim /etc/exports /data/nfs-volume 10.4.7.0/24(rw,no_root_squash) [root@hdss7-200 ~]# mkdir -p /data/nfs-volume [root@hdss7-200 ~]# systemctl start nfs && systemctl enable nfs
10.為拉私有倉庫私有鏡像創建一個secret
[root@hdss7-21 ~]# kubectl create ns infra [root@hdss7-21 ~]# kubectl create secret docker-registry harbor --docker-server=harbor.fx.com --docker-username=admin --docker-password=Harbor12345 -n infra [root@hdss7-21 ~]# kubectl get secret -n infra
11.應用Jenkins資源配置清單
[root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.fx.com/jenkins/Deployment.yaml [root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.fx.com/jenkins/Service.yaml [root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.fx.com/jenkins/Ingress..yaml
12.添加解析域名jenkins.fx.com
[root@hdss7-11 ~]# vim /var/named/fx.com.zone
$ORIGIN fx.com.
$TTL 600 ; 10 minutes
@ IN SOA dns.fx.com. dnsadmin.fx.com. (
2020061011 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS dns.fx.com.
$TTL 60 ; 1 minute
dns A 10.4.7.11
harbor A 10.4.7.200
k8s-yaml A 10.4.7.200
traefik A 10.4.7.10
dashboard A 10.4.7.10
zk1 A 10.4.7.11
zk2 A 10.4.7.12
zk3 A 10.4.7.21
jenkins A 10.4.7.10
[root@hdss7-11 ~]# systemctl restart named
[root@hdss7-11 ~]# dig -t A jenkins.fx.com @10.4.7.11 +short
13.在瀏覽器中訪問jenkins
14.查看jenkins的登錄密碼
[root@hdss7-21 ~]# kubectl logs jenkins-7c5fcfbfd5-kz8hp -n infra Jenkins initial setup is required. An admin user has been created and a password generated. Please use the following password to proceed to installation: 04e1fec0d9db4283b6076532f857f137 This may also be found at: /var/jenkins_home/secrets/initialAdminPassword
15.登錄jenkins后操作及設置
16.配置插件加速地址
地址:https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json
