实战交付一套dubbo微服务到k8s集群(2)之Jenkins部署

Jenkins官网：https://www.jenkins.io/zh/

Jenkins 2.190.3 镜像地址：docker pull jenkins/jenkins:2.190.3

1.下载Jenkins镜像

在运维主机(mfyxw50.mfyxw.com)上操作

[root@mfyxw50 ~]# docker pull jenkins/jenkins:2.190.3

2.对jenkins打标签并上传至私有仓库

在运维主机(mfyxw50.mfyxw.com)上操作

[root@mfyxw50 ~]# docker images | grep jenkins
[root@mfyxw50 ~]# docker tag 22b8b9a84dbe harbor.od.com/public/jenkins:v2.190.3
[root@mfyxw50 ~]# docker login harbor.od.com
[root@mfyxw50 ~]# docker push harbor.od.com/public/jenkins:v2.190.3

3.自定义Dockerfile文件

在运维主机(mfyxw50.mfyxw.com)上操作

[root@mfyxw50 ~]# mkdir -p /data/dockerfile/jenkins
[root@mfyxw50 ~]# cat > /data/dockerfile/jenkins/Dockerfile << EOF
FROM harbor.od.com/public/jenkins:v2.190.3
USER root
RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
    echo 'Asia/Shanghai' > /etc/timezone
ADD id_rsa /root/.ssh/id_rsa
ADD config.json /root/.docker/config.json
ADD get-docker.sh /get-docker.sh
RUN echo "    StrictHostKeyChecking no" >> /etc/ssh/ssh_config &&\
    /get-docker.sh
EOF

这个Dockerfile里我们主要做了以下几件事

• 设置容器用户为root
• 设置容器内的时区
• 将ssh私钥加入（使用git拉代码时要用到，配对的公钥应配置在gitlab中）
• 加入了登录自建harbor仓库的config文件
• 修改了ssh客户端的
• 安装一个docker的客户端

4.生成ssh密钥对

在运维主机(mfyxw50.mfyxw.com)上操作

[root@mfyxw50 ~]# ssh-keygen -t rsa -b 2048 -C "mfyxw@qq.com" -N "" -f /root/.ssh/id_rsa

4.将dockerfile文件需要的文件复制到jenkins目录

在运维主机(mfyxw50.mfyxw.com)上操作

[root@mfyxw50 ~]# cd /data/dockerfile/jenkins/
[root@mfyxw50 jenkins]# cp /root/.ssh/id_rsa .
[root@mfyxw50 jenkins]# cp /root/.docker/config.json .
[root@mfyxw50 jenkins]# curl -fsSL get.docker.com -o get-docker.sh
[root@mfyxw50 jenkins]# chmod +x get-docker.sh

config.json文件内容

{
	"auths": {
		"harbor.od.com": {
			"auth": "YWRtaW46SGFyYm9yMTIzNDU="
		}
	},
	"HttpHeaders": {
		"User-Agent": "Docker-Client/19.03.8 (linux)"
	}
}

get-docker.sh文件内容

#!/bin/sh
set -e
# Docker CE for Linux installation script
#
# See https://docs.docker.com/install/ for the installation steps.
#
# This script is meant for quick & easy install via:
#   $ curl -fsSL https://get.docker.com -o get-docker.sh
#   $ sh get-docker.sh
#
# For test builds (ie. release candidates):
#   $ curl -fsSL https://test.docker.com -o test-docker.sh
#   $ sh test-docker.sh
#
# NOTE: Make sure to verify the contents of the script
#       you downloaded matches the contents of install.sh
#       located at https://github.com/docker/docker-install
#       before executing.
#
# Git commit from https://github.com/docker/docker-install when
# the script was uploaded (Should only be modified by upload job):
SCRIPT_COMMIT_SHA="26ff363bcf3b3f5a00498ac43694bf1c7d9ce16c"

# The channel to install from:
#   * nightly
#   * test
#   * stable
#   * edge (deprecated)
DEFAULT_CHANNEL_VALUE="stable"
if [ -z "$CHANNEL" ]; then
	CHANNEL=$DEFAULT_CHANNEL_VALUE
fi

DEFAULT_DOWNLOAD_URL="https://download.docker.com"
if [ -z "$DOWNLOAD_URL" ]; then
	DOWNLOAD_URL=$DEFAULT_DOWNLOAD_URL
fi

DEFAULT_REPO_FILE="docker-ce.repo"
if [ -z "$REPO_FILE" ]; then
	REPO_FILE="$DEFAULT_REPO_FILE"
fi

mirror=''
DRY_RUN=${DRY_RUN:-}
while [ $# -gt 0 ]; do
	case "$1" in
		--mirror)
			mirror="$2"
			shift
			;;
		--dry-run)
			DRY_RUN=1
			;;
		--*)
			echo "Illegal option $1"
			;;
	esac
	shift $(( $# > 0 ? 1 : 0 ))
done

case "$mirror" in
	Aliyun)
		DOWNLOAD_URL="https://mirrors.aliyun.com/docker-ce"
		;;
	AzureChinaCloud)
		DOWNLOAD_URL="https://mirror.azure.cn/docker-ce"
		;;
esac

command_exists() {
	command -v "$@" > /dev/null 2>&1
}

is_dry_run() {
	if [ -z "$DRY_RUN" ]; then
		return 1
	else
		return 0
	fi
}

is_wsl() {
	case "$(uname -r)" in
	*microsoft* ) true ;; # WSL 2
	*Microsoft* ) true ;; # WSL 1
	* ) false;;
	esac
}

is_darwin() {
	case "$(uname -s)" in
	*darwin* ) true ;;
	*Darwin* ) true ;;
	* ) false;;
	esac
}

deprecation_notice() {
	distro=$1
	date=$2
	echo
	echo "DEPRECATION WARNING:"
	echo "    The distribution, $distro, will no longer be supported in this script as of $date."
	echo "    If you feel this is a mistake please submit an issue at https://github.com/docker/docker-install/issues/new"
	echo
	sleep 10
}

get_distribution() {
	lsb_dist=""
	# Every system that we officially support has /etc/os-release
	if [ -r /etc/os-release ]; then
		lsb_dist="$(. /etc/os-release && echo "$ID")"
	fi
	# Returning an empty string here should be alright since the
	# case statements don't act unless you provide an actual value
	echo "$lsb_dist"
}

add_debian_backport_repo() {
	debian_version="$1"
	backports="deb http://ftp.debian.org/debian $debian_version-backports main"
	if ! grep -Fxq "$backports" /etc/apt/sources.list; then
		(set -x; $sh_c "echo \"$backports\" >> /etc/apt/sources.list")
	fi
}

echo_docker_as_nonroot() {
	if is_dry_run; then
		return
	fi
	if command_exists docker && [ -e /var/run/docker.sock ]; then
		(
			set -x
			$sh_c 'docker version'
		) || true
	fi
	your_user=your-user
	[ "$user" != 'root' ] && your_user="$user"
	# intentionally mixed spaces and tabs here -- tabs are stripped by "<<-EOF", spaces are kept in the output
	echo "If you would like to use Docker as a non-root user, you should now consider"
	echo "adding your user to the \"docker\" group with something like:"
	echo
	echo "  sudo usermod -aG docker $your_user"
	echo
	echo "Remember that you will have to log out and back in for this to take effect!"
	echo
	echo "WARNING: Adding a user to the \"docker\" group will grant the ability to run"
	echo "         containers which can be used to obtain root privileges on the"
	echo "         docker host."
	echo "         Refer to https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface"
	echo "         for more information."

}

# Check if this is a forked Linux distro
check_forked() {

	# Check for lsb_release command existence, it usually exists in forked distros
	if command_exists lsb_release; then
		# Check if the `-u` option is supported
		set +e
		lsb_release -a -u > /dev/null 2>&1
		lsb_release_exit_code=$?
		set -e

		# Check if the command has exited successfully, it means we're in a forked distro
		if [ "$lsb_release_exit_code" = "0" ]; then
			# Print info about current distro
			cat <<-EOF
			You're using '$lsb_dist' version '$dist_version'.
			EOF

			# Get the upstream release info
			lsb_dist=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[:space:]')
			dist_version=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'codename' | cut -d ':' -f 2 | tr -d '[:space:]')

			# Print info about upstream distro
			cat <<-EOF
			Upstream release is '$lsb_dist' version '$dist_version'.
			EOF
		else
			if [ -r /etc/debian_version ] && [ "$lsb_dist" != "ubuntu" ] && [ "$lsb_dist" != "raspbian" ]; then
				if [ "$lsb_dist" = "osmc" ]; then
					# OSMC runs Raspbian
					lsb_dist=raspbian
				else
					# We're Debian and don't even know it!
					lsb_dist=debian
				fi
				dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
				case "$dist_version" in
					10)
						dist_version="buster"
					;;
					9)
						dist_version="stretch"
					;;
					8|'Kali Linux 2')
						dist_version="jessie"
					;;
				esac
			fi
		fi
	fi
}

semverParse() {
	major="${1%%.*}"
	minor="${1#$major.}"
	minor="${minor%%.*}"
	patch="${1#$major.$minor.}"
	patch="${patch%%[-.]*}"
}

do_install() {
	echo "# Executing docker install script, commit: $SCRIPT_COMMIT_SHA"

	if command_exists docker; then
		docker_version="$(docker -v | cut -d ' ' -f3 | cut -d ',' -f1)"
		MAJOR_W=1
		MINOR_W=10

		semverParse "$docker_version"

		shouldWarn=0
		if [ "$major" -lt "$MAJOR_W" ]; then
			shouldWarn=1
		fi

		if [ "$major" -le "$MAJOR_W" ] && [ "$minor" -lt "$MINOR_W" ]; then
			shouldWarn=1
		fi

		cat >&2 <<-'EOF'
			Warning: the "docker" command appears to already exist on this system.

			If you already have Docker installed, this script can cause trouble, which is
			why we're displaying this warning and provide the opportunity to cancel the
			installation.

			If you installed the current Docker package using this script and are using it
		EOF

		if [ $shouldWarn -eq 1 ]; then
			cat >&2 <<-'EOF'
			again to update Docker, we urge you to migrate your image store before upgrading
			to v1.10+.

			You can find instructions for this here:
			https://github.com/docker/docker/wiki/Engine-v1.10.0-content-addressability-migration
			EOF
		else
			cat >&2 <<-'EOF'
			again to update Docker, you can safely ignore this message.
			EOF
		fi

		cat >&2 <<-'EOF'

			You may press Ctrl+C now to abort this script.
		EOF
		( set -x; sleep 20 )
	fi

	user="$(id -un 2>/dev/null || true)"

	sh_c='sh -c'
	if [ "$user" != 'root' ]; then
		if command_exists sudo; then
			sh_c='sudo -E sh -c'
		elif command_exists su; then
			sh_c='su -c'
		else
			cat >&2 <<-'EOF'
			Error: this installer needs the ability to run commands as root.
			We are unable to find either "sudo" or "su" available to make this happen.
			EOF
			exit 1
		fi
	fi

	if is_dry_run; then
		sh_c="echo"
	fi

	# perform some very rudimentary platform detection
	lsb_dist=$( get_distribution )
	lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')"

	if is_wsl; then
		echo
		echo "WSL DETECTED: We recommend using Docker Desktop for Windows."
		echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop"
		echo
		cat >&2 <<-'EOF'

			You may press Ctrl+C now to abort this script.
		EOF
		( set -x; sleep 20 )
	fi

	case "$lsb_dist" in

		ubuntu)
			if command_exists lsb_release; then
				dist_version="$(lsb_release --codename | cut -f2)"
			fi
			if [ -z "$dist_version" ] && [ -r /etc/lsb-release ]; then
				dist_version="$(. /etc/lsb-release && echo "$DISTRIB_CODENAME")"
			fi
		;;

		debian|raspbian)
			dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
			case "$dist_version" in
				10)
					dist_version="buster"
				;;
				9)
					dist_version="stretch"
				;;
				8)
					dist_version="jessie"
				;;
			esac
		;;

		centos|rhel)
			if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
				dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
			fi
		;;

		*)
			if command_exists lsb_release; then
				dist_version="$(lsb_release --release | cut -f2)"
			fi
			if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
				dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
			fi
		;;

	esac

	# Check if this is a forked Linux distro
	check_forked

	# Run setup for each distro accordingly
	case "$lsb_dist" in
		ubuntu|debian|raspbian)
			pre_reqs="apt-transport-https ca-certificates curl"
			if [ "$lsb_dist" = "debian" ]; then
				# libseccomp2 does not exist for debian jessie main repos for aarch64
				if [ "$(uname -m)" = "aarch64" ] && [ "$dist_version" = "jessie" ]; then
					add_debian_backport_repo "$dist_version"
				fi
			fi

			if ! command -v gpg > /dev/null; then
				pre_reqs="$pre_reqs gnupg"
			fi
			apt_repo="deb [arch=$(dpkg --print-architecture)] $DOWNLOAD_URL/linux/$lsb_dist $dist_version $CHANNEL"
			(
				if ! is_dry_run; then
					set -x
				fi
				$sh_c 'apt-get update -qq >/dev/null'
				$sh_c "DEBIAN_FRONTEND=noninteractive apt-get install -y -qq $pre_reqs >/dev/null"
				$sh_c "curl -fsSL \"$DOWNLOAD_URL/linux/$lsb_dist/gpg\" | apt-key add -qq - >/dev/null"
				$sh_c "echo \"$apt_repo\" > /etc/apt/sources.list.d/docker.list"
				$sh_c 'apt-get update -qq >/dev/null'
			)
			pkg_version=""
			if [ -n "$VERSION" ]; then
				if is_dry_run; then
					echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
				else
					# Will work for incomplete versions IE (17.12), but may not actually grab the "latest" if in the test channel
					pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/~ce~.*/g" | sed "s/-/.*/g").*-0~$lsb_dist"
					search_command="apt-cache madison 'docker-ce' | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3"
					pkg_version="$($sh_c "$search_command")"
					echo "INFO: Searching repository for VERSION '$VERSION'"
					echo "INFO: $search_command"
					if [ -z "$pkg_version" ]; then
						echo
						echo "ERROR: '$VERSION' not found amongst apt-cache madison results"
						echo
						exit 1
					fi
					search_command="apt-cache madison 'docker-ce-cli' | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3"
					# Don't insert an = for cli_pkg_version, we'll just include it later
					cli_pkg_version="$($sh_c "$search_command")"
					pkg_version="=$pkg_version"
				fi
			fi
			(
				if ! is_dry_run; then
					set -x
				fi
				if [ -n "$cli_pkg_version" ]; then
					$sh_c "apt-get install -y -qq --no-install-recommends docker-ce-cli=$cli_pkg_version >/dev/null"
				fi
				$sh_c "apt-get install -y -qq --no-install-recommends docker-ce$pkg_version >/dev/null"
			)
			echo_docker_as_nonroot
			exit 0
			;;
		centos|fedora|rhel)
			yum_repo="$DOWNLOAD_URL/linux/$lsb_dist/$REPO_FILE"
			if ! curl -Ifs "$yum_repo" > /dev/null; then
				echo "Error: Unable to curl repository file $yum_repo, is it valid?"
				exit 1
			fi
			if [ "$lsb_dist" = "fedora" ]; then
				pkg_manager="dnf"
				config_manager="dnf config-manager"
				enable_channel_flag="--set-enabled"
				disable_channel_flag="--set-disabled"
				pre_reqs="dnf-plugins-core"
				pkg_suffix="fc$dist_version"
			else
				pkg_manager="yum"
				config_manager="yum-config-manager"
				enable_channel_flag="--enable"
				disable_channel_flag="--disable"
				pre_reqs="yum-utils"
				pkg_suffix="el"
			fi
			(
				if ! is_dry_run; then
					set -x
				fi
				$sh_c "$pkg_manager install -y -q $pre_reqs"
				$sh_c "$config_manager --add-repo $yum_repo"

				if [ "$CHANNEL" != "stable" ]; then
					$sh_c "$config_manager $disable_channel_flag docker-ce-*"
					$sh_c "$config_manager $enable_channel_flag docker-ce-$CHANNEL"
				fi
				$sh_c "$pkg_manager makecache"
			)
			pkg_version=""
			if [ -n "$VERSION" ]; then
				if is_dry_run; then
					echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
				else
					pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/\\\\.ce.*/g" | sed "s/-/.*/g").*$pkg_suffix"
					search_command="$pkg_manager list --showduplicates 'docker-ce' | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'"
					pkg_version="$($sh_c "$search_command")"
					echo "INFO: Searching repository for VERSION '$VERSION'"
					echo "INFO: $search_command"
					if [ -z "$pkg_version" ]; then
						echo
						echo "ERROR: '$VERSION' not found amongst $pkg_manager list results"
						echo
						exit 1
					fi
					search_command="$pkg_manager list --showduplicates 'docker-ce-cli' | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'"
					# It's okay for cli_pkg_version to be blank, since older versions don't support a cli package
					cli_pkg_version="$($sh_c "$search_command" | cut -d':' -f 2)"
					# Cut out the epoch and prefix with a '-'
					pkg_version="-$(echo "$pkg_version" | cut -d':' -f 2)"
				fi
			fi
			(
				if ! is_dry_run; then
					set -x
				fi
				# install the correct cli version first
				if [ -n "$cli_pkg_version" ]; then
					$sh_c "$pkg_manager install -y -q docker-ce-cli-$cli_pkg_version"
				fi
				$sh_c "$pkg_manager install -y -q docker-ce$pkg_version"
			)
			echo_docker_as_nonroot
			exit 0
			;;
		*)
			if [ -z "$lsb_dist" ]; then
				if is_darwin; then
					echo
					echo "ERROR: Unsupported operating system 'macOS'"
					echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop"
					echo
					exit 1
				fi
			fi
			echo
			echo "ERROR: Unsupported distribution '$lsb_dist'"
			echo
			exit 1
			;;
	esac
	exit 1
}

# wrapped up in a function so that we have some protection against only getting
# half the file during "curl | sh"
do_install

5.在harbor私有仓库中创建存放jenkin的私有镜像

6.制作自定义镜像

在运维主机(mfyxw50.mfyxw.com)上操作

[root@mfyxw50 ~]# cd /data/dockerfile/jenkins/
[root@mfyxw50 jenkins]# docker build . -t harbor.od.com/infra/jenkins:v2.190.3

7.将infra/jenkins的镜像推送到私有仓库

在运维主机(mfyxw50.mfyxw.com)上操作

[root@mfyxw50 ~]# docker images | grep jenkins
[root@mfyxw50 ~]# docker login harbor.od.com
[root@mfyxw50 ~]# docker push harbor.od.com/infra/jenkins:v2.190.3

8.查看仓库中infra是否已经上传了jenkins

9.测试是否能正常登录

在运维主机(mfyxw50.mfyxw.com)上操作

[root@mfyxw50 jenkins]# docker run --rm harbor.od.com/infra/jenkins:v2.190.3 ssh -i /root/.ssh/id_rsa -T XXX@gitee.com

10.创建保存jenkins目录

在运维主机(mfyxw50.mfyxw.com)上操作

[root@mfyxw50 ~]# mkdir -p /data/k8s-yaml/jenkins
[root@mfyxw50 ~]# mkdir -p /data/nfs-volume/jenkins_home
[root@mfyxw50 ~]# cd /data/k8s-yaml/jenkins/

11.创建jenkins资源配置清单

在运维主机(mfyxw50.mfyxw.com)上操作

Deployment.yaml代码如下：

[root@mfyxw50 ~]# cat > /data/k8s-yaml/jenkins/Deployment.yaml << EOF
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: jenkins
  namespace: infra
  labels:
    name: jenkins
spec:
  replicas: 1
  selector:
    matchLabels:
      name: jenkins
  template:
    metadata:
      labels:
        app: jenkins
        name: jenkins
    spec:
      volumes:
      - name: data
        nfs:
          server: mfyxw50
          path: /data/nfs-volume/jenkins_home
      - name: docker
        hostPath:
          path: /run/docker.sock
          type: ''
      containers:
      - name: jenkins
        image: harbor.od.com/infra/jenkins:v2.190.3
        ports:
        - containerPort: 8080
          protocol: TCP
        env:
        - name: JAVA_OPTS
          value: -Xmx512m -Xms512m
        resources:
          limits:
            cpu: 500m
            memory: 1Gi
          requests:
            cpu: 500m
            memory: 1Gi
        volumeMounts:
        - name: data
          mountPath: /var/jenkins_home
        - name: docker
          mountPath: /run/docker.sock
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        imagePullPolicy: IfNotPresent
      imagePullSecrets:
      - name: harbor
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
      securityContext:
        runAsUser: 0
      schedulerName: default-scheduler
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
      maxSurge: 1
  revisionHistoryLimit: 7
  progressDeadlineSeconds: 600
EOF

Service.yaml代码如下：

[root@mfyxw50 ~]# cat > /data/k8s-yaml/jenkins/Service.yaml << EOF
kind: Service
apiVersion: v1
metadata:
  name: jenkins
  namespace: infra
spec:
  ports:
  - protocol: TCP
    port: 80
    targetPort: 8080
  selector:
    app: jenkins
  type: ClusterIP
  sessionAffinity: None
EOF

Ingress.yaml代码如下：

[root@mfyxw50 ~]# cat > /data/k8s-yaml/jenkins/Ingress.yaml << EOF
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
  name: jenkins
  namespace: infra
spec:
  rules:
  - host: jenkins.od.com
    http:
      paths:
      - path: /
        backend:
          serviceName: jenkins
          servicePort: 80
EOF

12.安装nfs服务

在运维节点(mfyxw30.mfyxw.com和mfyxw40.mfyxw.com)作为NFS客户端和运维主机(mfyxw50.mfyxw.com)作为NFS服务端同，分别执行

~]# yum -y install nfs-utils

在运维主机(mfyxw50.mfyxw.com)上执行如下操作

[root@mfyxw50 ~]# cat > /etc/exports << EOF
/data/nfs-volume 192.168.80.0/24(rw,no_root_squash)
EOF

创建nfs共享目录

[root@mfyxw50 ~]# mkdir -p /data/nfs-volume

启动NFS服务

[root@mfyxw50 ~]# systemctl start nfs && systemctl enable nfs

13.为拉私有仓库私有镜像创建一个secret

在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)上任意一台执行

[root@mfyxw30 ~]# kubectl create secret docker-registry harbor --docker-server=harbor.od.com --docker-username=admin --docker-password=Harbor12345 -n infra
[root@mfyxw30 ~]# kubectl get secret -n infra

14.应用Jenkins资源配置清单

在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可

在应用资源配置清单 要先创建一个infra名称空间

[root@mfyxw30 ~]# kubectl create ns infra
[root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/jenkins/Deployment.yaml
[root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/jenkins/Service.yaml
[root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/jenkins/Ingress.yaml

15.查询pod，svc，ingress是否成功

在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可

备注，可能jenkins的pod的名称有不一致，但不影响整个教程

[root@mfyxw30 ~]# kubectl get pod -n infra
[root@mfyxw30 ~]# kubectl get svc -n infra
[root@mfyxw30 ~]# kubectl get ingress -n infra

16.添加解析域名jenkins.od.com

在DNS服务器(mfyxw10.mfyxw.com)上操作

[root@mfyxw10 ~]# cat > /var/named/od.com.zone << EOF
\$ORIGIN od.com.
\$TTL 600   ; 10 minutes
@       IN  SOA dns.od.com.   dnsadmin.od.com. (
                             ;序号请加1，表示比之前版本要新
                             2020031308 ; serial
                             10800          ; refresh (3 hours)
                             900              ; retry (15 minutes)
                             604800         ; expire (1 week)
                             86400          ; minimum (1 day)
                              )
                      NS   dns.od.com.
\$TTL 60 ;  1 minute
dns             A          192.168.80.10
harbor          A          192.168.80.50   ;添加harbor记录
k8s-yaml        A          192.168.80.50
traefik         A          192.168.80.100
dashboard       A          192.168.80.100
zk1             A          192.168.80.10
zk2             A          192.168.80.20
zk3             A          192.168.80.30
jenkins         A          192.168.80.100
EOF

重启DNS服务器并尝试解析域名

[root@mfyxw10 ~]# systemctl restart named
[root@mfyxw10 ~]# dig -t A jenkins.od.com @192.168.80.10 +short

17.在浏览器中访问jenkins

18.查看jenkins的登录密码

在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可

查看jenkins运行在哪个node节点上

[root@mfyxw30 ~]# kubectl get pod -o wide -n infra

查询出来jenkins是运行在mfyxw40.mfyxw.com主机上，进入到/data/kubelet/pods/d4a68480-78ec-463d-b25e-d9caa8714219/volumes/kubernetes.io~nfs/data/secrets目录查看initialAdminPassword文件可以得到登录jenkins的密码

19.登录jenkins后操作及设置

成功安装了Blue Ocean插件

20.解决下载插件出错问题

如上图所示，就是在下载插件的时候会出现Failure，建议更换为国内源

国内源地址：https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json

解决方法：

更换了源，再次去搜索并安装插件即可

可以进入到运维主机(mfyxw50.mfyxw.com)的/data/nfs-volume/jenkins_home/plugins目录下，可以看到下载的插件的软件都放在此目录中

21.通过查看日志判断jenkins是否完全启动

在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可

[root@mfyxw30 ~]# kubectl logs jenkins-b99776c69-jrvwn -n infra

22.验证jenkins是否可用

查看jenkins运行在哪台node节点上

在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可

[root@mfyxw30 ~]# kubectl get pod -n infra -o wide

在mfyxw40.mfyxw.com主机上执行

[root@mfyxw40 ~]# docker ps -a | grep jenkins

在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可

在jenkins容器中，验证jenkins容器是否以root身份运行及时区是否为东八区

[root@mfyxw30 ~]# kubectl exec -it jenkins-b99776c69-p6skp -n infra -- /bin/bash        #进入到jenkins容器
root@jenkins-b99776c69-p6skp:/# whoami       #查看jenkins是否以root身份运行
root@jenkins-b99776c69-p6skp:/# date         #查看jenkins的时区是否为东八区

在jenkins容器中，验证是否连接宿主机的docker的引擎

[root@mfyxw30 ~]# kubectl exec -it jenkins-b99776c69-p6skp -n infra -- /bin/bash
root@jenkins-b99776c69-p6skp:/# docker ps -a

在mfyxw40.mfyxw.com宿主机上查询所有的容器运行情况，是否与进入到jenkins容器里查询到的一致

[root@mfyxw40 ~]# docker ps -a

在jenkins容器中，验证是否可以登录到harbor仓库

[root@mfyxw30 ~]# kubectl exec -it jenkins-b99776c69-p6skp -n infra -- /bin/bash
root@jenkins-b99776c69-p6skp:/# docker login harbor.od.com
root@jenkins-b99776c69-p6skp:/# cat /root/.docker/config.json

在jenkins容器中，验证是否可以登录到gitee仓库

[root@mfyxw30 ~]# kubectl exec -it jenkins-b99776c69-p6skp -n infra -- /bin/bash
root@jenkins-b99776c69-p6skp:/# ssh -i /root/.ssh/id_rsa -T xxx@gitee.com