## 一:k8s集群的構建
關於使用kubeadm安裝k8s集群可參考我的另一篇文章,https://www.cnblogs.com/skymyyang/p/13279006.html
## 二:定義存儲類
由於Jenkins需要持久化數據,這里我們需要定義存儲類,來保證數據不會丟失。
基於NFS定義存儲類。
可參考官方以及官方插件部署的地址
https://github.com/kubernetes-incubator/external-storage
## 三:自定義鏡像
由於我之前使用的是官方鏡像,會有很多問題。
1. 時間不同步,不是中國區的時間。
2.更新插件失敗,即使安裝成功,可是無法打開更新插件的界面,卡着不動
3. 這樣的Jenkins 根本沒法用
所以我決定自定義鏡像。參考官網的鏡像倉庫,我們下載下來,修改一下
官方的鏡像地址:https://github.com/jenkinsci/docker
這里我們將整個倉庫都克隆下來。
git clone https://github.com/jenkinsci/docker.git
這里我們可以看到很多個Dockerfile。
這里我們使用Dockerfile-alpine這個文件來構建我們的鏡像。
完整的Dockerfile為:
FROM openjdk:8-jdk-alpine ENV LANG=C.UTF-8 \ TZ=Asia/Shanghai RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone && sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories && apk add --no-cache \ bash \ coreutils \ curl \ git \ git-lfs \ openssh-client \ tini \ ttf-dejavu \ tzdata \ unzip ARG user=jenkins ARG group=jenkins ARG uid=1000 ARG gid=1000 ARG http_port=8080 ARG agent_port=50000 ARG JENKINS_HOME=/var/jenkins_home ARG REF=/usr/share/jenkins/ref ENV JENKINS_HOME $JENKINS_HOME ENV JENKINS_SLAVE_AGENT_PORT ${agent_port} ENV REF $REF # Jenkins is run with user `jenkins`, uid = 1000 # If you bind mount a volume from the host or a data container, # ensure you use the same uid RUN mkdir -p $JENKINS_HOME \ && chown ${uid}:${gid} $JENKINS_HOME \ && addgroup -g ${gid} ${group} \ && adduser -h "$JENKINS_HOME" -u ${uid} -G ${group} -s /bin/bash -D ${user} # Jenkins home directory is a volume, so configuration and build history # can be persisted and survive image upgrades VOLUME $JENKINS_HOME # $REF (defaults to `/usr/share/jenkins/ref/`) contains all reference configuration we want # to set on a fresh new installation. Use it to bundle additional plugins # or config file with your custom jenkins Docker image. RUN mkdir -p ${REF}/init.groovy.d # jenkins version being bundled in this docker image ARG JENKINS_VERSION ENV JENKINS_VERSION ${JENKINS_VERSION:-2.222.4} # jenkins.war checksum, download will be validated using it ARG JENKINS_SHA=6c95721b90272949ed8802cab8a84d7429306f72b180c5babc33f5b073e1c47c # Can be used to customize where jenkins.war get downloaded from ARG JENKINS_URL=https://mirrors.aliyun.com/jenkins/war-stable/${JENKINS_VERSION}/jenkins.war # could use ADD but this one does not check Last-Modified header neither does it allow to control checksum # see https://github.com/docker/docker/issues/8331 RUN curl -fsSL ${JENKINS_URL} -o /usr/share/jenkins/jenkins.war \ && echo "${JENKINS_SHA} /usr/share/jenkins/jenkins.war" | sha256sum -c - ENV JENKINS_UC https://updates.jenkins-zh.cn ENV JENKINS_UC_EXPERIMENTAL=https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/experimental ENV JENKINS_INCREMENTALS_REPO_MIRROR=https://repo.jenkins-ci.org/incrementals RUN chown -R ${user} "$JENKINS_HOME" "$REF" # for main web interface: EXPOSE ${http_port} # will be used by attached slave agents: EXPOSE ${agent_port} ENV COPY_REFERENCE_FILE_LOG $JENKINS_HOME/copy_reference_file.log USER ${user} COPY jenkins-support /usr/local/bin/jenkins-support COPY jenkins.sh /usr/local/bin/jenkins.sh COPY tini-shim.sh /bin/tini ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/jenkins.sh"] # from a derived Dockerfile, can use `RUN plugins.sh active.txt` to setup $REF/plugins from a support bundle COPY plugins.sh /usr/local/bin/plugins.sh COPY install-plugins.sh /usr/local/bin/install-plugins.sh
修改完成之后,這里我們將需要的文件拷貝到一個單獨的目錄下,來構建dcoker鏡像。
mkdir /opt/jenkins-docker cp install-plugins.sh jenkins.sh jenkins-support plugins.sh tini-shim.sh /opt/jenkins-docker docker build -t skymyyang/jenkins:v2.222.4 . docker push skymyyang/jenkins:v2.222.4
上傳完成之后,我們就可以使用helm指定我們自己的鏡像,進行安裝了。
## 四: 安裝
helm install jenkins stable/jenkins --set master.image=skymyyang/jenkins --set master.tag=v2.222.4 --set master.imagePullPolicy=IfNotPresent --set master.serviceType=NodePort --set master.nodePort=30086 --set persistence.storageClass=managed-nfs-storage
安裝需要等待一會,安裝完成之后,默認不需要使用密碼即可登錄,當然也可以通過kubectl獲取對應的密碼
我這里安裝在default名稱空間下,也可以指定名稱空間。這里指定在devops名稱空間下。
helm install jenkins stable/jenkins -n devops --set master.image=skymyyang/jenkins --set master.tag=v2.222.4 --set master.imagePullPolicy=IfNotPresent --set master.serviceType=NodePort --set master.nodePort=30086 --set persistence.storageClass=managed-nfs-storage
安裝完成之后,我們還需要在Jenkins的pvc目錄下,進行update配置的更改,方便與我們安裝插件。
來到Jenkins的pv目錄下,
/nfsdata/default-jenkins-pvc-fc7c7c29-d001-467a-8371-54933b371de7
然后修改hudson.model.UpdateCenter.xml文件,修改為:
<?xml version='1.1' encoding='UTF-8'?> <sites> <site> <id>default</id> <url>https://updates.jenkins-zh.cn/update-center.json</url> </site> </sites>
這里使用的Jenkins中國社區源。
官方地址為:https://github.com/jenkins-zh/jenkins-formulas
這里可以找到此xml文件,以及證書文件。
然后進行證書文件的修改。
cd war/WEB-INF/update-center-rootCAs/ #然后把當前目錄下的證書都給刪除掉,重新創建證書 cat mirror-adapter.crt -----BEGIN CERTIFICATE----- MIICcTCCAdoCCQD/jZ7AgrzJKTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJD TjELMAkGA1UECAwCR0QxCzAJBgNVBAcMAlNaMQ4wDAYDVQQKDAV2aWhvbzEMMAoG A1UECwwDZGV2MREwDwYDVQQDDAhkZW1vLmNvbTEjMCEGCSqGSIb3DQEJARYUYWRt aW5AamVua2lucy16aC5jb20wHhcNMTkxMTA5MTA0MDA5WhcNMjIxMTA4MTA0MDA5 WjB9MQswCQYDVQQGEwJDTjELMAkGA1UECAwCR0QxCzAJBgNVBAcMAlNaMQ4wDAYD VQQKDAV2aWhvbzEMMAoGA1UECwwDZGV2MREwDwYDVQQDDAhkZW1vLmNvbTEjMCEG CSqGSIb3DQEJARYUYWRtaW5AamVua2lucy16aC5jb20wgZ8wDQYJKoZIhvcNAQEB BQADgY0AMIGJAoGBAN+6jN8rCIjVkQ0Q7ZbJLk4IdcHor2WdskOQMhlbR0gOyb4g RX+CorjDRjDm6mj2OohqlrtRxLGYxBnXFeQGU7wWjQHyfKDghtP51G/672lXFtzB KXukHByHjtzrDxAutKTdolyBCuIDDGJmRk+LavIBY3/Lxh6f0ZQSeCSJYiyxAgMB AAEwDQYJKoZIhvcNAQELBQADgYEAD92l26PoJcbl9GojK2L3pyOQjeeDm/vV9e3R EgwGmoIQzlubM0mjxpCz1J73nesoAcuplTEps/46L7yoMjptCA3TU9FZAHNQ8dbz a0vm4CF9841/FIk8tsLtwCT6ivkAi0lXGwhX0FK7FaAyU0nNeo/EPvDwzTim4XDK 9j1WGpE= -----END CERTIFICATE-----
修改完這兩個文件之后,然后看下之前該目錄下的文件的所有者權限,然后使用chown命令,重新給對應的文件授權,權限跟之前保持一直,否則又可能導致無法正確讀取證書以及配置。
然后進行Jenkins重啟。
http://192.168.50.101:30086/restart
點擊是,進行重啟。
未完....待續...