扫二维码与项目经理沟通
我们在微信上24小时期待你的声音
解答本文疑问/技术咨询/运营咨询/技术建议/互联网交流
#在运维主机操作:
1.准备镜像
~]# docker pull jenkins/jenkins:2.190.3
~]# docker images | grep jenkins
~]# docker tag 22b8b9a84dbe test-harbor.cedarhd.com/public/jenkins:v2.190.3
~]# docker push test-harbor.cedarhd.com/public/jenkins:v2.190.3
2.自定义Dockerfile
#官网拉取的镜像需要做些自定义操作,才能在k8s集群中部署(运维主机上运行)
mkdir -p /data/dockerfile/jenkins
cd /data/dockerfile/jenkins
vim Dockerfile
FROM test-harbor.cedarhd.com/public/jenkins:v2.190.3
USER root
RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime &&\
echo 'Asia/Shanghai' >/etc/timezone
ADD id_rsa /root/.ssh/id_rsa
ADD config.json /root/.docker/config.json
ADD get-docker.sh /get-docker.sh
RUN echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config &&\
/get-docker.sh
#解释:
> - 设置容器用户为root
> - 设置容器内的时区
> - 将ssh私钥加入(使用git拉代码时要用到,配对的公钥应配置在gitlab中)
> - 加入了登录自建harbor仓库的config文件
> - 修改了ssh客户端的
> - 安装一个docker的客户端
> - 如果因为网络原因构建失败,可以在最后“ /get-docker.sh --mirror Aliyun”
3.生成ssh密钥对
jenkins]# ssh-keygen -t rsa -b 2048 -C "xxxxxxx@qq.com" -N "" -f /root/.ssh/id_rsa
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:bIajghsF/BqJouTeNvZXvQWvolAKWvhVSuZ3uVWoVXU 897307140@qq.com
The key's randomart image is:
+---[RSA 2048]----+
| ...E|
|. o .|
|.. o . o . |
|..+ + oo +.. |
|o=.+ +ooS+..o |
|=o* o.++..o. o |
|++...o .. + |
|.o.= .. . o |
|..o.o.... . |
+----[SHA256]-----+
enkins]# cp /root/.ssh/id_rsa .
4.准备其它文件
jenkins]# cp /root/.docker/config.json .
jenkins]# curl -fsSL get.docker.com -o get-docker.sh
jenkins]# chmod +x get-docker.sh
jenkins]# ll
total 28
-rw------- 1 root root 160 Jan 28 23:41 config.json
-rw-r--r-- 1 root root 355 Jan 28 23:38 Dockerfile
-rwxr-xr-x 1 root root 13216 Jan 28 23:42 get-docker.sh
-rw------- 1 root root 1675 Jan 28 23:38 id_rsa
5、登陆harbor创建infra私有仓库
创建infra的project,access level 为Private
6、生成jenkins镜像
jenkins]# docker build -t harbor.phc-dow.com/infra/jenkins:v2.190.3 .
jenkins]# docker push test-harbor.cedarhd.com/infra/jenkins:v2.190.3
7、准备共享存储
yum install nfs-utils -y
~]# vim /etc/exports
/data/nfs-volume 10.4.7.0/24(rw,no_root_squash)
###启动NFS服务
~]# mkdir -p /data/nfs-volume
~]# systemctl start nfs
~]# systemctl enable nfs
mkdir /data/k8s-yaml/jenkins && mkdir -p /data/nfs-volume/jenkins_home && cd /data/k8s-yaml/jenkins
~]# vi dp.yaml #用于创建配置pod控制器与pod资源
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: jenkins
namespace: infra
labels:
name: jenkins
spec:
replicas: 1
selector:
matchLabels:
name: jenkins
template:
metadata:
labels:
app: jenkins
name: jenkins
spec:
volumes:
- name: data
nfs:
server: test-operator.cedarhd.com
path: /data/nfs-volume/jenkins_home
- name: docker
hostPath:
path: /run/docker.sock
type: ''
containers:
- name: jenkins
image: test-harbor.cedarhd.com/infra/jenkins:v2.190.3
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
protocol: TCP
env:
- name: JAVA_OPTS
value: -Xmx512m -Xms512m
volumeMounts:
- name: data
mountPath: /var/jenkins_home
- name: docker
mountPath: /run/docker.sock
imagePullSecrets:
- name: harbor
securityContext:
runAsUser: 0
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
revisionHistoryLimit: 7
progressDeadlineSeconds: 600
-----------------------------------------------------------------------------------------------
~]# vim service.yaml #用于创建cluster ip与端口映射
kind: Service
apiVersion: v1
metadata:
name: jenkins
namespace: infra
spec:
ports:
- protocol: TCP
port: 80
targetPort: 8080
selector:
app: jenkins
jenkins]# cat ingress.yaml #用于创建ingress转发规则
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: jenkins
namespace: infra
spec:
rules:
- host: test-jenkins.cedarhd.com
http:
paths:
- path: /
backend:
serviceName: jenkins
servicePort: 80
-----------------------------------------------------------------------------------------------
kubectl apply -f http://k8s-yaml.cedarhd.com/jenkins/dp.yaml
kubectl apply -f http://k8s-yaml.cedarhd.com/jenkins/service.yaml
kubectl apply -f http://k8s-yaml.cedarhd.com/jenkins/ingress.yaml
另外有需要云服务器可以了解下创新互联建站www.cdcxhl.com,海内外云服务器15元起步,三天无理由+7*72小时售后在线,公司持有idc许可证,提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案,具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势,专为企业上云打造定制,能够满足用户丰富、多元化的应用场景需求。
“只有客户发展了,才有我们的生存与发展!”这是创新互联的服务宗旨!把网站当作互联网产品,产品思维更注重全局思维、需求分析和迭代思维,在网站建设中就是为了建设一个不仅审美在线,而且实用性极高的网站。创新互联对网站设计制作、做网站、网站制作、网站开发、网页设计、网站优化、网络推广、探索永无止境。我们在微信上24小时期待你的声音
解答本文疑问/技术咨询/运营咨询/技术建议/互联网交流