1、jenkins-master
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: jenkins
name: jenkins
namespace: devops
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: jenkins
template:
metadata:
labels:
k8s-app: jenkins
namespace: devops
name: jenkins
spec:
containers:
- name: jenkins
image: dockerproxy.net/jenkins/jenkins:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
name: web
protocol: TCP
- containerPort: 50000
name: agent
protocol: TCP
resources:
limits:
cpu: 1000m
memory: 2Gi
requests:
cpu: 500m
memory: 512Mi
livenessProbe:
httpGet:
path: /login
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 5
failureThreshold: 12
readinessProbe:
httpGet:
path: /login
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 5
failureThreshold: 12
volumeMounts:
- name: jenkins-home
mountPath: /var/lib/jenkins
- name: localtime
mountPath: /etc/localtime
env:
- name: JENKINS_HOME
value: /var/lib/jenkins
- name: JENKINS_OPTS
value: >
--httpPort=8080
-Dhudson.remoting.LiteRemoteChannel.disableXInstanceIdentity=true
- name: JENKINS_SLAVE_AGENT_PORT
value: "50000"
volumes:
- name: jenkins-home
# hostPath:
# path: /data/devops/jenkins
# type: Directory
emptyDir: {}
- name: localtime
hostPath:
path: /etc/localtime
serviceAccountName: jenkins
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: jenkins
name: jenkins
namespace: devops
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: jenkins
name: jenkins
namespace: devops
spec:
type: NodePort
ports:
- name: web
port: 8080
targetPort: 8080
nodePort: 30080
- name: slave
port: 50000
targetPort: 50000
nodePort: 30081
#- name: jnlp
# port: 50000
# targetPort: 50000
selector:
k8s-app: jenkins
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: jenkins
namespace: devops
rules:
- apiGroups: [""]
resources: ["pods","configmaps","namespaces"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins
namespace: devops
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
namespace: devops
2、jenkins-slave1
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: jenkinsagent
name: jenkinsagent
namespace: devops
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: jenkinsagent
template:
metadata:
labels:
k8s-app: jenkinsagent
namespace: devops
name: jenkinsagent
spec:
containers:
- name: jenkinsagent
image: dockerproxy.net/jenkins/inbound-agent:latest
securityContext:
privileged: true
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 250m
memory: 512Mi
volumeMounts:
- name: buildtools
mountPath: /home/jenkins/buildtools
- name: dockersock
mountPath: "/var/run/docker.sock"
- name: dockercmd
mountPath: /usr/bin/docker
- name: kubectlconfig
mountPath: /home/jenkins/.kube/config
- name: kubectlcmd
mountPath: /usr/bin/kubectl
- name: jenkinsagent-workdir
mountPath: /home/jenkins/workspace
- name: localtime
mountPath: /etc/localtime
env:
- name: JENKINS_URL
value: http://jenkins.devops.svc.cluster.local:8080
- name: JENKINS_SECRET
value: 444220711204df6fa5cf1b1e8ba7677e6e60aa716fbc68c555bcfefeee62cfb8
- name: JENKINS_AGENT_NAME
value: k8s-agent
- name: JENKINS_AGENT_WORKDIR
value: /home/jenkins/workspace
- name: JENKINS_TUNNEL
value: http://jenkins.devops.svc.cluster.local:50000
command: ["/bin/bash", "-c"]
args:
- |
curl -sO $JENKINS_URL/jnlpJars/agent.jar
java -jar agent.jar -url $JENKINS_URL/ -secret $JENKINS_SECRET -name "$JENKINS_AGENT_NAME" -webSocket -workDir "$JENKINS_AGENT_WORKDIR"
volumes:
- name: buildtools
hostPath:
path: /data/Jenkins/buildtools
type: Directory
- name: kubectlconfig
hostPath:
path: /data/.kube/config
- name: kubectlcmd
hostPath:
path: /usr/bin/kubectl
- name: dockersock
hostPath:
path: /var/run/docker.sock
- name: dockercmd
hostPath:
path: /usr/bin/docker
- name: jenkinsagent-workdir
hostPath:
path: /data/Jenkins/workspace
- name: localtime
hostPath:
path: /etc/localtime
3、jenkins-slave-configmap
apiVersion: v1
kind: ConfigMap
metadata:
name: scripts
namespace: devops
data:
start.sh: |
#!/bin/bash
set -e
echo "=== 启动master连接 ==="
curl -sO ${JENKINS_URL}/jnlpJars/agent.jar
java -jar agent.jar -url ${JENKINS_URL}/ -secret ${JENKINS_SECRET} -name "${JENKINS_AGENT_NAME}" -webSocket -workDir "${JENKINS_AGENT_WORKDIR}"
echo "=== 连接master成功 ==="
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: jenkinsagent
name: jenkinsagent
namespace: devops
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: jenkinsagent
template:
metadata:
labels:
k8s-app: jenkinsagent
namespace: devops
name: jenkinsagent
spec:
containers:
- name: jenkinsagent
image: dockerproxy.net/jenkins/inbound-agent:latest
securityContext:
privileged: true
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 250m
memory: 512Mi
volumeMounts:
- name: buildtools
mountPath: /home/jenkins/buildtools
- name: dockersock
mountPath: "/var/run/docker.sock"
- name: dockercmd
mountPath: /usr/bin/docker
- name: kubectlconfig
mountPath: /home/jenkins/.kube/config
- name: kubectlcmd
mountPath: /usr/bin/kubectl
- name: jenkinsagent-workdir
mountPath: /home/jenkins/workspace
- name: script-mount
mountPath: /home/jenkins/scripts
# - name: localtime
# mountPath: /etc/localtime
env:
- name: JENKINS_URL
value: http://jenkins.devops.svc.cluster.local:8080
- name: JENKINS_SECRET
value: 658c80048f3c7bb9f5f377d13b298275926fdcd3f5bab76576972b209ef6f0c8
- name: JENKINS_AGENT_NAME
value: k8s-agent
- name: JENKINS_AGENT_WORKDIR
value: /home/jenkins/workspace
- name: JENKINS_TUNNEL
value: http://jenkins.devops.svc.cluster.local:50000
command: ["/bin/bash", "/home/jenkins/scripts/start.sh"]
#command: ["/bin/bash", "-c"]
#args:
# - |
# echo ${JENKINS_URL}
# curl -sO ${JENKINS_URL}/jnlpJars/agent.jar && java -jar agent.jar -url ${JENKINS_URL}/ -secret ${JENKINS_SECRET} -name "${JENKINS_AGENT_NAME}" -webSocket -workDir "${JENKINS_AGENT_WORKDIR}"
volumes:
- name: buildtools
hostPath:
path: /data/Jenkins/buildtools
type: Directory
- name: kubectlconfig
hostPath:
path: /data/.kube/config
- name: kubectlcmd
hostPath:
path: /usr/bin/kubectl
- name: dockersock
hostPath:
path: /var/run/docker.sock
- name: dockercmd
hostPath:
path: /usr/bin/docker
- name: jenkinsagent-workdir
hostPath:
path: /data/Jenkins/workspace
- name: script-mount
configMap:
name: scripts
defaultMode: 0755
#- name: localtime
# hostPath:
# path: /etc/localtime
评论区