Jenkins官网:https://www.jenkins.io/zh/

Jenkins 2.190.3 镜像地址:docker pull jenkins/jenkins:2.190.3

1.下载Jenkins镜像

在运维主机(mfyxw50.mfyxw.com)上操作

[root@mfyxw50 ~]# docker pull jenkins/jenkins:2.190.3

2.对jenkins打标签并上传至私有仓库

在运维主机(mfyxw50.mfyxw.com)上操作

[root@mfyxw50 ~]# docker images | grep jenkins
[root@mfyxw50 ~]# docker tag 22b8b9a84dbe harbor.od.com/public/jenkins:v2.190.3
[root@mfyxw50 ~]# docker login harbor.od.com
[root@mfyxw50 ~]# docker push harbor.od.com/public/jenkins:v2.190.3

3.自定义Dockerfile文件

在运维主机(mfyxw50.mfyxw.com)上操作

[root@mfyxw50 ~]# mkdir -p /data/dockerfile/jenkins
[root@mfyxw50 ~]# cat > /data/dockerfile/jenkins/Dockerfile << EOF
FROM harbor.od.com/public/jenkins:v2.190.3
USER root
RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
echo 'Asia/Shanghai' > /etc/timezone
ADD id_rsa /root/.ssh/id_rsa
ADD config.json /root/.docker/config.json
ADD get-docker.sh /get-docker.sh
RUN echo " StrictHostKeyChecking no" >> /etc/ssh/ssh_config &&\
/get-docker.sh
EOF

这个Dockerfile里我们主要做了以下几件事

  • 设置容器用户为root
  • 设置容器内的时区
  • 将ssh私钥加入(使用git拉代码时要用到,配对的公钥应配置在gitlab中)
  • 加入了登录自建harbor仓库的config文件
  • 修改了ssh客户端的
  • 安装一个docker的客户端

4.生成ssh密钥对

在运维主机(mfyxw50.mfyxw.com)上操作

[root@mfyxw50 ~]# ssh-keygen -t rsa -b 2048 -C "mfyxw@qq.com" -N "" -f /root/.ssh/id_rsa

4.将dockerfile文件需要的文件复制到jenkins目录

在运维主机(mfyxw50.mfyxw.com)上操作

[root@mfyxw50 ~]# cd /data/dockerfile/jenkins/
[root@mfyxw50 jenkins]# cp /root/.ssh/id_rsa .
[root@mfyxw50 jenkins]# cp /root/.docker/config.json .
[root@mfyxw50 jenkins]# curl -fsSL get.docker.com -o get-docker.sh
[root@mfyxw50 jenkins]# chmod +x get-docker.sh

config.json文件内容

{
"auths": {
"harbor.od.com": {
"auth": "YWRtaW46SGFyYm9yMTIzNDU="
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/19.03.8 (linux)"
}
}

get-docker.sh文件内容

#!/bin/sh
set -e
# Docker CE for Linux installation script
#
# See https://docs.docker.com/install/ for the installation steps.
#
# This script is meant for quick & easy install via:
# $ curl -fsSL https://get.docker.com -o get-docker.sh
# $ sh get-docker.sh
#
# For test builds (ie. release candidates):
# $ curl -fsSL https://test.docker.com -o test-docker.sh
# $ sh test-docker.sh
#
# NOTE: Make sure to verify the contents of the script
# you downloaded matches the contents of install.sh
# located at https://github.com/docker/docker-install
# before executing.
#
# Git commit from https://github.com/docker/docker-install when
# the script was uploaded (Should only be modified by upload job):
SCRIPT_COMMIT_SHA="26ff363bcf3b3f5a00498ac43694bf1c7d9ce16c" # The channel to install from:
# * nightly
# * test
# * stable
# * edge (deprecated)
DEFAULT_CHANNEL_VALUE="stable"
if [ -z "$CHANNEL" ]; then
CHANNEL=$DEFAULT_CHANNEL_VALUE
fi DEFAULT_DOWNLOAD_URL="https://download.docker.com"
if [ -z "$DOWNLOAD_URL" ]; then
DOWNLOAD_URL=$DEFAULT_DOWNLOAD_URL
fi DEFAULT_REPO_FILE="docker-ce.repo"
if [ -z "$REPO_FILE" ]; then
REPO_FILE="$DEFAULT_REPO_FILE"
fi mirror=''
DRY_RUN=${DRY_RUN:-}
while [ $# -gt 0 ]; do
case "$1" in
--mirror)
mirror="$2"
shift
;;
--dry-run)
DRY_RUN=1
;;
--*)
echo "Illegal option $1"
;;
esac
shift $(( $# > 0 ? 1 : 0 ))
done case "$mirror" in
Aliyun)
DOWNLOAD_URL="https://mirrors.aliyun.com/docker-ce"
;;
AzureChinaCloud)
DOWNLOAD_URL="https://mirror.azure.cn/docker-ce"
;;
esac command_exists() {
command -v "$@" > /dev/null 2>&1
} is_dry_run() {
if [ -z "$DRY_RUN" ]; then
return 1
else
return 0
fi
} is_wsl() {
case "$(uname -r)" in
*microsoft* ) true ;; # WSL 2
*Microsoft* ) true ;; # WSL 1
* ) false;;
esac
} is_darwin() {
case "$(uname -s)" in
*darwin* ) true ;;
*Darwin* ) true ;;
* ) false;;
esac
} deprecation_notice() {
distro=$1
date=$2
echo
echo "DEPRECATION WARNING:"
echo " The distribution, $distro, will no longer be supported in this script as of $date."
echo " If you feel this is a mistake please submit an issue at https://github.com/docker/docker-install/issues/new"
echo
sleep 10
} get_distribution() {
lsb_dist=""
# Every system that we officially support has /etc/os-release
if [ -r /etc/os-release ]; then
lsb_dist="$(. /etc/os-release && echo "$ID")"
fi
# Returning an empty string here should be alright since the
# case statements don't act unless you provide an actual value
echo "$lsb_dist"
} add_debian_backport_repo() {
debian_version="$1"
backports="deb http://ftp.debian.org/debian $debian_version-backports main"
if ! grep -Fxq "$backports" /etc/apt/sources.list; then
(set -x; $sh_c "echo \"$backports\" >> /etc/apt/sources.list")
fi
} echo_docker_as_nonroot() {
if is_dry_run; then
return
fi
if command_exists docker && [ -e /var/run/docker.sock ]; then
(
set -x
$sh_c 'docker version'
) || true
fi
your_user=your-user
[ "$user" != 'root' ] && your_user="$user"
# intentionally mixed spaces and tabs here -- tabs are stripped by "<<-EOF", spaces are kept in the output
echo "If you would like to use Docker as a non-root user, you should now consider"
echo "adding your user to the \"docker\" group with something like:"
echo
echo " sudo usermod -aG docker $your_user"
echo
echo "Remember that you will have to log out and back in for this to take effect!"
echo
echo "WARNING: Adding a user to the \"docker\" group will grant the ability to run"
echo " containers which can be used to obtain root privileges on the"
echo " docker host."
echo " Refer to https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface"
echo " for more information." } # Check if this is a forked Linux distro
check_forked() { # Check for lsb_release command existence, it usually exists in forked distros
if command_exists lsb_release; then
# Check if the `-u` option is supported
set +e
lsb_release -a -u > /dev/null 2>&1
lsb_release_exit_code=$?
set -e # Check if the command has exited successfully, it means we're in a forked distro
if [ "$lsb_release_exit_code" = "0" ]; then
# Print info about current distro
cat <<-EOF
You're using '$lsb_dist' version '$dist_version'.
EOF # Get the upstream release info
lsb_dist=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[:space:]')
dist_version=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'codename' | cut -d ':' -f 2 | tr -d '[:space:]') # Print info about upstream distro
cat <<-EOF
Upstream release is '$lsb_dist' version '$dist_version'.
EOF
else
if [ -r /etc/debian_version ] && [ "$lsb_dist" != "ubuntu" ] && [ "$lsb_dist" != "raspbian" ]; then
if [ "$lsb_dist" = "osmc" ]; then
# OSMC runs Raspbian
lsb_dist=raspbian
else
# We're Debian and don't even know it!
lsb_dist=debian
fi
dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
case "$dist_version" in
10)
dist_version="buster"
;;
9)
dist_version="stretch"
;;
8|'Kali Linux 2')
dist_version="jessie"
;;
esac
fi
fi
fi
} semverParse() {
major="${1%%.*}"
minor="${1#$major.}"
minor="${minor%%.*}"
patch="${1#$major.$minor.}"
patch="${patch%%[-.]*}"
} do_install() {
echo "# Executing docker install script, commit: $SCRIPT_COMMIT_SHA" if command_exists docker; then
docker_version="$(docker -v | cut -d ' ' -f3 | cut -d ',' -f1)"
MAJOR_W=1
MINOR_W=10 semverParse "$docker_version" shouldWarn=0
if [ "$major" -lt "$MAJOR_W" ]; then
shouldWarn=1
fi if [ "$major" -le "$MAJOR_W" ] && [ "$minor" -lt "$MINOR_W" ]; then
shouldWarn=1
fi cat >&2 <<-'EOF'
Warning: the "docker" command appears to already exist on this system. If you already have Docker installed, this script can cause trouble, which is
why we're displaying this warning and provide the opportunity to cancel the
installation. If you installed the current Docker package using this script and are using it
EOF if [ $shouldWarn -eq 1 ]; then
cat >&2 <<-'EOF'
again to update Docker, we urge you to migrate your image store before upgrading
to v1.10+. You can find instructions for this here:
https://github.com/docker/docker/wiki/Engine-v1.10.0-content-addressability-migration
EOF
else
cat >&2 <<-'EOF'
again to update Docker, you can safely ignore this message.
EOF
fi cat >&2 <<-'EOF' You may press Ctrl+C now to abort this script.
EOF
( set -x; sleep 20 )
fi user="$(id -un 2>/dev/null || true)" sh_c='sh -c'
if [ "$user" != 'root' ]; then
if command_exists sudo; then
sh_c='sudo -E sh -c'
elif command_exists su; then
sh_c='su -c'
else
cat >&2 <<-'EOF'
Error: this installer needs the ability to run commands as root.
We are unable to find either "sudo" or "su" available to make this happen.
EOF
exit 1
fi
fi if is_dry_run; then
sh_c="echo"
fi # perform some very rudimentary platform detection
lsb_dist=$( get_distribution )
lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')" if is_wsl; then
echo
echo "WSL DETECTED: We recommend using Docker Desktop for Windows."
echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop"
echo
cat >&2 <<-'EOF' You may press Ctrl+C now to abort this script.
EOF
( set -x; sleep 20 )
fi case "$lsb_dist" in ubuntu)
if command_exists lsb_release; then
dist_version="$(lsb_release --codename | cut -f2)"
fi
if [ -z "$dist_version" ] && [ -r /etc/lsb-release ]; then
dist_version="$(. /etc/lsb-release && echo "$DISTRIB_CODENAME")"
fi
;; debian|raspbian)
dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
case "$dist_version" in
10)
dist_version="buster"
;;
9)
dist_version="stretch"
;;
8)
dist_version="jessie"
;;
esac
;; centos|rhel)
if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
fi
;; *)
if command_exists lsb_release; then
dist_version="$(lsb_release --release | cut -f2)"
fi
if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
fi
;; esac # Check if this is a forked Linux distro
check_forked # Run setup for each distro accordingly
case "$lsb_dist" in
ubuntu|debian|raspbian)
pre_reqs="apt-transport-https ca-certificates curl"
if [ "$lsb_dist" = "debian" ]; then
# libseccomp2 does not exist for debian jessie main repos for aarch64
if [ "$(uname -m)" = "aarch64" ] && [ "$dist_version" = "jessie" ]; then
add_debian_backport_repo "$dist_version"
fi
fi if ! command -v gpg > /dev/null; then
pre_reqs="$pre_reqs gnupg"
fi
apt_repo="deb [arch=$(dpkg --print-architecture)] $DOWNLOAD_URL/linux/$lsb_dist $dist_version $CHANNEL"
(
if ! is_dry_run; then
set -x
fi
$sh_c 'apt-get update -qq >/dev/null'
$sh_c "DEBIAN_FRONTEND=noninteractive apt-get install -y -qq $pre_reqs >/dev/null"
$sh_c "curl -fsSL \"$DOWNLOAD_URL/linux/$lsb_dist/gpg\" | apt-key add -qq - >/dev/null"
$sh_c "echo \"$apt_repo\" > /etc/apt/sources.list.d/docker.list"
$sh_c 'apt-get update -qq >/dev/null'
)
pkg_version=""
if [ -n "$VERSION" ]; then
if is_dry_run; then
echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
else
# Will work for incomplete versions IE (17.12), but may not actually grab the "latest" if in the test channel
pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/~ce~.*/g" | sed "s/-/.*/g").*-0~$lsb_dist"
search_command="apt-cache madison 'docker-ce' | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3"
pkg_version="$($sh_c "$search_command")"
echo "INFO: Searching repository for VERSION '$VERSION'"
echo "INFO: $search_command"
if [ -z "$pkg_version" ]; then
echo
echo "ERROR: '$VERSION' not found amongst apt-cache madison results"
echo
exit 1
fi
search_command="apt-cache madison 'docker-ce-cli' | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3"
# Don't insert an = for cli_pkg_version, we'll just include it later
cli_pkg_version="$($sh_c "$search_command")"
pkg_version="=$pkg_version"
fi
fi
(
if ! is_dry_run; then
set -x
fi
if [ -n "$cli_pkg_version" ]; then
$sh_c "apt-get install -y -qq --no-install-recommends docker-ce-cli=$cli_pkg_version >/dev/null"
fi
$sh_c "apt-get install -y -qq --no-install-recommends docker-ce$pkg_version >/dev/null"
)
echo_docker_as_nonroot
exit 0
;;
centos|fedora|rhel)
yum_repo="$DOWNLOAD_URL/linux/$lsb_dist/$REPO_FILE"
if ! curl -Ifs "$yum_repo" > /dev/null; then
echo "Error: Unable to curl repository file $yum_repo, is it valid?"
exit 1
fi
if [ "$lsb_dist" = "fedora" ]; then
pkg_manager="dnf"
config_manager="dnf config-manager"
enable_channel_flag="--set-enabled"
disable_channel_flag="--set-disabled"
pre_reqs="dnf-plugins-core"
pkg_suffix="fc$dist_version"
else
pkg_manager="yum"
config_manager="yum-config-manager"
enable_channel_flag="--enable"
disable_channel_flag="--disable"
pre_reqs="yum-utils"
pkg_suffix="el"
fi
(
if ! is_dry_run; then
set -x
fi
$sh_c "$pkg_manager install -y -q $pre_reqs"
$sh_c "$config_manager --add-repo $yum_repo" if [ "$CHANNEL" != "stable" ]; then
$sh_c "$config_manager $disable_channel_flag docker-ce-*"
$sh_c "$config_manager $enable_channel_flag docker-ce-$CHANNEL"
fi
$sh_c "$pkg_manager makecache"
)
pkg_version=""
if [ -n "$VERSION" ]; then
if is_dry_run; then
echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
else
pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/\\\\.ce.*/g" | sed "s/-/.*/g").*$pkg_suffix"
search_command="$pkg_manager list --showduplicates 'docker-ce' | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'"
pkg_version="$($sh_c "$search_command")"
echo "INFO: Searching repository for VERSION '$VERSION'"
echo "INFO: $search_command"
if [ -z "$pkg_version" ]; then
echo
echo "ERROR: '$VERSION' not found amongst $pkg_manager list results"
echo
exit 1
fi
search_command="$pkg_manager list --showduplicates 'docker-ce-cli' | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'"
# It's okay for cli_pkg_version to be blank, since older versions don't support a cli package
cli_pkg_version="$($sh_c "$search_command" | cut -d':' -f 2)"
# Cut out the epoch and prefix with a '-'
pkg_version="-$(echo "$pkg_version" | cut -d':' -f 2)"
fi
fi
(
if ! is_dry_run; then
set -x
fi
# install the correct cli version first
if [ -n "$cli_pkg_version" ]; then
$sh_c "$pkg_manager install -y -q docker-ce-cli-$cli_pkg_version"
fi
$sh_c "$pkg_manager install -y -q docker-ce$pkg_version"
)
echo_docker_as_nonroot
exit 0
;;
*)
if [ -z "$lsb_dist" ]; then
if is_darwin; then
echo
echo "ERROR: Unsupported operating system 'macOS'"
echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop"
echo
exit 1
fi
fi
echo
echo "ERROR: Unsupported distribution '$lsb_dist'"
echo
exit 1
;;
esac
exit 1
} # wrapped up in a function so that we have some protection against only getting
# half the file during "curl | sh"
do_install

5.在harbor私有仓库中创建存放jenkin的私有镜像

6.制作自定义镜像

在运维主机(mfyxw50.mfyxw.com)上操作

[root@mfyxw50 ~]# cd /data/dockerfile/jenkins/
[root@mfyxw50 jenkins]# docker build . -t harbor.od.com/infra/jenkins:v2.190.3

7.将infra/jenkins的镜像推送到私有仓库

在运维主机(mfyxw50.mfyxw.com)上操作

[root@mfyxw50 ~]# docker images | grep jenkins
[root@mfyxw50 ~]# docker login harbor.od.com
[root@mfyxw50 ~]# docker push harbor.od.com/infra/jenkins:v2.190.3

8.查看仓库中infra是否已经上传了jenkins

9.测试是否能正常登录

在运维主机(mfyxw50.mfyxw.com)上操作

[root@mfyxw50 jenkins]# docker run --rm harbor.od.com/infra/jenkins:v2.190.3 ssh -i /root/.ssh/id_rsa -T XXX@gitee.com

10.创建保存jenkins目录

在运维主机(mfyxw50.mfyxw.com)上操作

[root@mfyxw50 ~]# mkdir -p /data/k8s-yaml/jenkins
[root@mfyxw50 ~]# mkdir -p /data/nfs-volume/jenkins_home
[root@mfyxw50 ~]# cd /data/k8s-yaml/jenkins/

11.创建jenkins资源配置清单

在运维主机(mfyxw50.mfyxw.com)上操作

Deployment.yaml代码如下:

[root@mfyxw50 ~]# cat > /data/k8s-yaml/jenkins/Deployment.yaml << EOF
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: jenkins
namespace: infra
labels:
name: jenkins
spec:
replicas: 1
selector:
matchLabels:
name: jenkins
template:
metadata:
labels:
app: jenkins
name: jenkins
spec:
volumes:
- name: data
nfs:
server: mfyxw50
path: /data/nfs-volume/jenkins_home
- name: docker
hostPath:
path: /run/docker.sock
type: ''
containers:
- name: jenkins
image: harbor.od.com/infra/jenkins:v2.190.3
ports:
- containerPort: 8080
protocol: TCP
env:
- name: JAVA_OPTS
value: -Xmx512m -Xms512m
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 500m
memory: 1Gi
volumeMounts:
- name: data
mountPath: /var/jenkins_home
- name: docker
mountPath: /run/docker.sock
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
imagePullSecrets:
- name: harbor
restartPolicy: Always
terminationGracePeriodSeconds: 30
securityContext:
runAsUser: 0
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
revisionHistoryLimit: 7
progressDeadlineSeconds: 600
EOF

Service.yaml代码如下:

[root@mfyxw50 ~]# cat > /data/k8s-yaml/jenkins/Service.yaml << EOF
kind: Service
apiVersion: v1
metadata:
name: jenkins
namespace: infra
spec:
ports:
- protocol: TCP
port: 80
targetPort: 8080
selector:
app: jenkins
type: ClusterIP
sessionAffinity: None
EOF

Ingress.yaml代码如下:

[root@mfyxw50 ~]# cat > /data/k8s-yaml/jenkins/Ingress.yaml << EOF
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: jenkins
namespace: infra
spec:
rules:
- host: jenkins.od.com
http:
paths:
- path: /
backend:
serviceName: jenkins
servicePort: 80
EOF

12.安装nfs服务

在运维节点(mfyxw30.mfyxw.com和mfyxw40.mfyxw.com)作为NFS客户端和运维主机(mfyxw50.mfyxw.com)作为NFS服务端同,分别执行

~]# yum -y install nfs-utils

在运维主机(mfyxw50.mfyxw.com)上执行如下操作

[root@mfyxw50 ~]# cat > /etc/exports << EOF
/data/nfs-volume 192.168.80.0/24(rw,no_root_squash)
EOF

创建nfs共享目录

[root@mfyxw50 ~]# mkdir -p /data/nfs-volume

启动NFS服务

[root@mfyxw50 ~]# systemctl start nfs && systemctl enable nfs

13.为拉私有仓库私有镜像创建一个secret

在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)上任意一台执行

[root@mfyxw30 ~]# kubectl create secret docker-registry harbor --docker-server=harbor.od.com --docker-username=admin --docker-password=Harbor12345 -n infra
[root@mfyxw30 ~]# kubectl get secret -n infra

14.应用Jenkins资源配置清单

在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可

在应用资源配置清单 要先创建一个infra名称空间

[root@mfyxw30 ~]# kubectl create ns infra
[root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/jenkins/Deployment.yaml
[root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/jenkins/Service.yaml
[root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/jenkins/Ingress.yaml

15.查询pod,svc,ingress是否成功

在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可

备注,可能jenkins的pod的名称有不一致,但不影响整个教程

[root@mfyxw30 ~]# kubectl get pod -n infra
[root@mfyxw30 ~]# kubectl get svc -n infra
[root@mfyxw30 ~]# kubectl get ingress -n infra

16.添加解析域名jenkins.od.com

在DNS服务器(mfyxw10.mfyxw.com)上操作

[root@mfyxw10 ~]# cat > /var/named/od.com.zone << EOF
\$ORIGIN od.com.
\$TTL 600 ; 10 minutes
@ IN SOA dns.od.com. dnsadmin.od.com. (
;序号请加1,表示比之前版本要新
2020031308 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS dns.od.com.
\$TTL 60 ; 1 minute
dns A 192.168.80.10
harbor A 192.168.80.50 ;添加harbor记录
k8s-yaml A 192.168.80.50
traefik A 192.168.80.100
dashboard A 192.168.80.100
zk1 A 192.168.80.10
zk2 A 192.168.80.20
zk3 A 192.168.80.30
jenkins A 192.168.80.100
EOF

重启DNS服务器并尝试解析域名

[root@mfyxw10 ~]# systemctl restart named
[root@mfyxw10 ~]# dig -t A jenkins.od.com @192.168.80.10 +short

17.在浏览器中访问jenkins

18.查看jenkins的登录密码

在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可

查看jenkins运行在哪个node节点上

[root@mfyxw30 ~]# kubectl get pod -o wide -n infra

查询出来jenkins是运行在mfyxw40.mfyxw.com主机上,进入到/data/kubelet/pods/d4a68480-78ec-463d-b25e-d9caa8714219/volumes/kubernetes.io~nfs/data/secrets目录查看initialAdminPassword文件可以得到登录jenkins的密码

19.登录jenkins后操作及设置

成功安装了Blue Ocean插件

20.解决下载插件出错问题

如上图所示,就是在下载插件的时候会出现Failure,建议更换为国内源

国内源地址:https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json

解决方法:

更换了源,再次去搜索并安装插件即可

可以进入到运维主机(mfyxw50.mfyxw.com)的/data/nfs-volume/jenkins_home/plugins目录下,可以看到下载的插件的软件都放在此目录中

21.通过查看日志判断jenkins是否完全启动

在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可

[root@mfyxw30 ~]# kubectl logs jenkins-b99776c69-jrvwn -n infra

22.验证jenkins是否可用

查看jenkins运行在哪台node节点上

在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可

[root@mfyxw30 ~]# kubectl get pod -n infra -o wide

在mfyxw40.mfyxw.com主机上执行

[root@mfyxw40 ~]# docker ps -a | grep jenkins

在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可

在jenkins容器中,验证jenkins容器是否以root身份运行及时区是否为东八区

[root@mfyxw30 ~]# kubectl exec -it jenkins-b99776c69-p6skp -n infra -- /bin/bash        #进入到jenkins容器
root@jenkins-b99776c69-p6skp:/# whoami #查看jenkins是否以root身份运行
root@jenkins-b99776c69-p6skp:/# date #查看jenkins的时区是否为东八区

在jenkins容器中,验证是否连接宿主机的docker的引擎

[root@mfyxw30 ~]# kubectl exec -it jenkins-b99776c69-p6skp -n infra -- /bin/bash
root@jenkins-b99776c69-p6skp:/# docker ps -a

在mfyxw40.mfyxw.com宿主机上查询所有的容器运行情况,是否与进入到jenkins容器里查询到的一致

[root@mfyxw40 ~]# docker ps -a

在jenkins容器中,验证是否可以登录到harbor仓库

[root@mfyxw30 ~]# kubectl exec -it jenkins-b99776c69-p6skp -n infra -- /bin/bash
root@jenkins-b99776c69-p6skp:/# docker login harbor.od.com
root@jenkins-b99776c69-p6skp:/# cat /root/.docker/config.json

在jenkins容器中,验证是否可以登录到gitee仓库

[root@mfyxw30 ~]# kubectl exec -it jenkins-b99776c69-p6skp -n infra -- /bin/bash
root@jenkins-b99776c69-p6skp:/# ssh -i /root/.ssh/id_rsa -T xxx@gitee.com

实战交付一套dubbo微服务到k8s集群(2)之Jenkins部署的更多相关文章

  1. 9.实战交付一套dubbo微服务到k8s集群(2)之Jenkins部署

    1.下载Jenkins镜像打包上传harbor上 [root@hdss7- ~]# docker pull jenkins/jenkins:2.190. [root@hdss7- ~]# docker ...

  2. 8.实战交付一套dubbo微服务到k8s集群(1)之Zookeeper部署

    1.基础架构 主机名 角色 ip HDSS7-11.host.com K8S代理节点1,zk1 10.4.7.11 HDSS7-12.host.com K8S代理节点2,zk2 10.4.7.12 H ...

  3. 实战交付一套dubbo微服务到k8s集群(1)之Zookeeper部署

    基础架构 主机名 角色 IP地址 mfyxw10.mfyxw.com K8S代理节点1,zk1 192.168.80.10 mfyxw20.mfyxw.com K8S代理节点2,zk2 192.168 ...

  4. 实战交付一套dubbo微服务到k8s集群(6)之交付dubbo-monitor到K8S集群

    dubbo-monitor官方源码地址:https://github.com/Jeromefromcn/dubbo-monitor 1.下载dubbo-monitor源码 在运维主机(mfyxw50. ...

  5. 12.实战交付一套dubbo微服务到k8s集群(5)之交付dubbo-monitor到K8S集群

    dubbo-monitor官方源码地址:https://github.com/Jeromefromcn/dubbo-monitor 1.下载dubbo-monitor源码并解压 [root@hdss7 ...

  6. 11.实战交付一套dubbo微服务到k8s集群(4)之使用Jenkins进行持续构建交付dubo服务的提供者

    1.登录到jenkins,新建一个项目 2.新建流水线 3.设置保留的天数及份数 4. 添加参数 # 参数 . name: git_repo type: string description: 项目在 ...

  7. 实战交付一套dubbo微服务到k8s集群(8)之configmap使用

    使用ConfigMap管理应用配置 拆分环境 主机名 角色 IP地址 mfyxw10.mfyxw.com zk1.od.com(Test环境) 192.168.80.10 mfyxw20.mfyxw. ...

  8. 实战交付一套dubbo微服务到k8s集群(7)之交付dubbo服务的消费者集群到K8S

    构建dubbo-demo-consumer,可以使用和dubbo-demo-service的流水线来构建 1.登录jenkins构建dubbo-demo-consumer 2.填写构建dubbo-de ...

  9. 实战交付一套dubbo微服务到k8s集群(5)之使用Jenkins进行持续构建交付dubo服务的提供者

    1.登录到jenkins,新建一个项目 2.新建流水线 3.设置保留的天数及份数 4.添加第一个参数:设置项目的名称 5.添加第二个参数:docker镜像名称 6.添加第三个参数:项目所在的git中央 ...

随机推荐

  1. Test typora

    目录 0. test 0.5 easy test 1. problem 1 2. problem 2 3. problem 3 import numpy as np import matplotlib ...

  2. Podinfo,迷你的 Go 微服务模板

    ​项目介绍 Podinfo 是一个用 Go 制作的小型 web 应用程序,它展示了在 Kubernetes 中运行微服务的最佳实践. 它已实现的技术指标(截选自官方 README.md ): 里面每一 ...

  3. 前端知识(一)05 axios-谷粒学院

    目录 一.axios的作用 二.axios实例 1.复制js资源 2.创建 axios.html 3.引入js 4.启动课程中心微服务 5.编写js 6.html渲染数据 7.跨域 8.使用生命周期函 ...

  4. 容器化安装Mysql 8.0 并部署主从复制

    系统: Centos 7.4 数据库版本:8.0.20 两台机器做相同操作 安装Docker export VERSION=18.06 && curl -fsSL http://rai ...

  5. 琐碎的想法(三)对Java的批评的看法

    编写本文的目的 在大环境下,Java是一个饱受争议的语言,一方面在工程上它的流行程度非常高:另一方面,越是资深的软件工程师就越容易对这个语言感到不满. 在这种情况下,博主希望每一个Java程序员能够耐 ...

  6. nginx http模块开发入门

    导语 本文对nginx http模块开发需要掌握的一些关键点进行了提炼,同时以开发一个简单的日志模块进行讲解,让nginx的初学者也能看完之后做到心里有谱.本文只是一个用作入门的概述. 目录 背景 主 ...

  7. 正则r的作用

    >>> mm = "c:\\a\\b\\c" >>> mm 'c:\\a\\b\\c' >>> print(mm) c:\a\ ...

  8. SSRF-Vulnerable-Lab靶场训练

    参考文章 SSRF-Vulnerable-Lab tag: #SSRF Ref: 1.file_get_content.php 提取并显示指定文件内容的应用程序代码 在编程语言中,有一些函数可以获取本 ...

  9. vscode 刚安装运行cnpm命令报错

    平时的开发工具什么都用,最近手贱把vscode卸载掉了,然而重新安装时,自已以前的什么配置都没了~~~~~~,又开始从头搞起,但是一切安装配置完毕,执行cnpm命令时报错,晕!!!!!! 解决办法:执 ...

  10. scala之map,List,:: , +:, :+, :::, +++操作

    scala之map,List操作 1.Map操作 2.List操作 2.1Demo1 2.2Demo2 3.:: , +:, :+, :::, +++ 1.Map操作 Map(映射)是一种可迭代的键值 ...