交付jenkins到k8s集群 ### 1、鏡像準備 ``` docker pull jenkins/jenkins:2.190.3 docker tag 22b8b9a84dbe harbor.od.com/public/jenkins:v2.190.3 docker push harbor.od.com/public/jenkins:v2.190.3 ``` 為了適應我們的環境，我們的jenkins不能直接使用，需要進行配置： mkdir -p /data/dockerfile/jenkins/ cd /data/dockerfile/jenkins cat /data/dockerfile/jenkins/Dockerfile ``` FROM harbor.od.com/public/jenkins:v2.190.3 #定義啟動jenkins的用戶 USER root #修改時區 改成東八區 RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime &&\ echo 'Asia/Shanghai' >/etc/timezone #加載用戶密鑰，dubbo服務拉取代碼使用的ssh ADD id_rsa /root/.ssh/id_rsa #加載宿主機的docker配置文件,登錄遠程倉庫的認證信息加載到容器里面。 ADD config.json /root/.docker/config.json #在jenkins容器內安裝docker 客戶端,jenkins要執行docker build,docker引擎用的是宿主機的docker引擎 ADD get-docker.sh /get-docker.sh #跳過 ssh時候輸入 yes 步驟,并執行安裝docker RUN echo " StrictHostKeyChecking no" >> /etc/ssh/ssh_config &&\ /get-docker.sh ``` 首先創建密鑰：**郵箱請根據自己的郵箱自行修改** ``` ssh-keygen -t rsa -b 2048 -C "xxx@xxx.com" -N "" -f /root/.ssh/id\_rsa ``` 將私鑰加載到jenkins，將公鑰配置到git倉庫中，否則不能拉取代碼：  ?接下來創建Dockerfile中需要的文件： ``` cp /root/.ssh/id_rsa ./ cp /root/.docker/config.json ./ curl -fsSL get.docker.com -o get-docker.sh chmod u+x get-docker.sh ``` 創建運維私有倉庫，打開我們的harbor.od.com創建一個infra的私有倉庫  ?然后build鏡像 ``` docker build . -t harbor.od.com/infra/jenkins:v2.190.3 ```  build完以后將鏡像上傳到我們的私有倉庫： ``` docker push harbor.od.com/infra/jenkins:v2.190.3 ```  為jenkins創建名稱空間： ``` kubectl create ns infra ``` 創建一條secret，用于訪問我們的私有倉庫infra：（任意一臺node上執行） ``` kubectl create secret docker-registry harbor --docker-server=harbor.od.com --docker-username=admin --docker-password=Harbor12345 -n infra ```  解釋一下上面的命令：創建一條secret，資源類型是docker-registry，名字是 harbor，docker-server=harbor.od.com ，docker-username=admin ，docker-password=Harbor12345 -n 指定私有倉庫名稱infra ### 2、共享存儲部署 在運維主機和所有的node節點安裝： ``` yum install nfs-utils -y ``` 使用HDSS-7200作為服務端： ``` vi /etc/exports /data/nfs-volume 10.4.7.0/24(rw,no_root_squash) mkdir -p /data/nfs-volume/jenkins_home ``` 啟動服務 ``` systemctl start nfs systemctl enable nfs ``` ### 3、準備jenkins資源配置清單： cd /data/k8s-yaml/ mkdir jenkins cd jenkins cat dp.yaml ``` kind: Deployment apiVersion: extensions/v1beta1 metadata: name: jenkins namespace: infra labels: name: jenkins spec: replicas: 1 selector: matchLabels: name: jenkins template: metadata: labels: app: jenkins name: jenkins spec: volumes: - name: data nfs: server: hdss7-200 path: /data/nfs-volume/jenkins_home - name: docker hostPath: path: /run/docker.sock type: '' containers: - name: jenkins image: harbor.od.com/infra/jenkins:v2.190.3 imagePullPolicy: IfNotPresent ports: - containerPort: 8080 protocol: TCP env: - name: JAVA_OPTS value: -Xmx512m -Xms512m volumeMounts: - name: data mountPath: /var/jenkins_home - name: docker mountPath: /run/docker.sock imagePullSecrets: - name: harbor securityContext: runAsUser: 0 strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 maxSurge: 1 revisionHistoryLimit: 7 progressDeadlineSeconds: 600 ``` cat svc.yaml ``` kind: Service apiVersion: v1 metadata: name: jenkins namespace: infra spec: ports: - protocol: TCP port: 80 targetPort: 8080 selector: app: jenkins ``` cat ingress.yaml ``` kind: Ingress apiVersion: extensions/v1beta1 metadata: name: jenkins namespace: infra spec: rules: - host: jenkins.od.com http: paths: - path: / backend: serviceName: jenkins servicePort: 80 ``` 配置dns解析 vi /var/named/od.com.zone ``` jenkins A 10.4.7.10 ``` systemctl restart named 檢查jenkins需要持久化的數據是否保存下來了  Jenkins密碼位置： cat /data/nfs-volume/jenkins_home/secrets/initialAdminPassword Jenkins安全的優化配置  替換Jenkins更新源，安裝插件 ``` cd /data/nfs-volume/jenkins_home/updates sed -i 's/http:\/\/updates.jenkins-ci.org\/download/https:\/\/mirrors.tuna.tsinghua.edu.cn\/jenkins/g' default.json sed -i 's/http:\/\/www.google.com/https:\/\/www.baidu.com/g' default.json ``` 搜索藍海插件并安裝：blue ocean 安裝完成以后：  因為鏡像自己做的驗證一下鏡像情況 docker exec -it 8ff92f08e3aa /bin/bash 是否是root用戶 whoami 時區是否是東八區 date 是否使用宿主機docker引擎,在容器內查看宿主機上的docker資源情況 docker ps 是否能訪問harbor私有倉庫 ：原因是我們掛載了宿主機的docker config.json docker login harbor.od.com