Jenkins官网:https://www.jenkins.io/zh/
Jenkins 2.190.3 镜像地址:docker pull jenkins/jenkins:2.190.3
1.下载Jenkins镜像
在运维主机(mfyxw50.mfyxw.com)上操作
[root@mfyxw50 ~]# docker pull jenkins/jenkins:2.190.3
2.对jenkins打标签并上传至私有仓库
在运维主机(mfyxw50.mfyxw.com)上操作
[root@mfyxw50 ~]# docker images | grep jenkins
[root@mfyxw50 ~]# docker tag 22b8b9a84dbe harbor.od.com/public/jenkins:v2.190.3
[root@mfyxw50 ~]# docker login harbor.od.com
[root@mfyxw50 ~]# docker push harbor.od.com/public/jenkins:v2.190.3
3.自定义Dockerfile文件
在运维主机(mfyxw50.mfyxw.com)上操作
[root@mfyxw50 ~]# mkdir -p /data/dockerfile/jenkins
[root@mfyxw50 ~]# cat > /data/dockerfile/jenkins/Dockerfile << EOF
FROM harbor.od.com/public/jenkins:v2.190.3
USER root
RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime &&
echo 'Asia/Shanghai' > /etc/timezone
ADD id_rsa /root/.ssh/id_rsa
ADD config.json /root/.docker/config.json
ADD get-docker.sh /get-docker.sh
RUN echo " StrictHostKeyChecking no" >> /etc/ssh/ssh_config &&
/get-docker.sh
EOF
这个Dockerfile里我们主要做了以下几件事
- 设置容器用户为root
- 设置容器内的时区
- 将ssh私钥加入(使用git拉代码时要用到,配对的公钥应配置在gitlab中)
- 加入了登录自建harbor仓库的config文件
- 修改了ssh客户端的
- 安装一个docker的客户端
4.生成ssh密钥对
在运维主机(mfyxw50.mfyxw.com)上操作
[root@mfyxw50 ~]# ssh-keygen -t rsa -b 2048 -C "mfyxw@qq.com" -N "" -f /root/.ssh/id_rsa
4.将dockerfile文件需要的文件复制到jenkins目录
在运维主机(mfyxw50.mfyxw.com)上操作
[root@mfyxw50 ~]# cd /data/dockerfile/jenkins/
[root@mfyxw50 jenkins]# cp /root/.ssh/id_rsa .
[root@mfyxw50 jenkins]# cp /root/.docker/config.json .
[root@mfyxw50 jenkins]# curl -fsSL get.docker.com -o get-docker.sh
[root@mfyxw50 jenkins]# chmod +x get-docker.sh
config.json文件内容
{
"auths": {
"harbor.od.com": {
"auth": "YWRtaW46SGFyYm9yMTIzNDU="
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/19.03.8 (linux)"
}
}
get-docker.sh文件内容
#!/bin/sh
set -e
# Docker CE for Linux installation script
#
# See https://docs.docker.com/install/ for the installation steps.
#
# This script is meant for quick & easy install via:
# $ curl -fsSL https://get.docker.com -o get-docker.sh
# $ sh get-docker.sh
#
# For test builds (ie. release candidates):
# $ curl -fsSL https://test.docker.com -o test-docker.sh
# $ sh test-docker.sh
#
# NOTE: Make sure to verify the contents of the script
# you downloaded matches the contents of install.sh
# located at https://github.com/docker/docker-install
# before executing.
#
# Git commit from https://github.com/docker/docker-install when
# the script was uploaded (Should only be modified by upload job):
SCRIPT_COMMIT_SHA="26ff363bcf3b3f5a00498ac43694bf1c7d9ce16c"
# The channel to install from:
# * nightly
# * test
# * stable
# * edge (deprecated)
DEFAULT_CHANNEL_VALUE="stable"
if [ -z "$CHANNEL" ]; then
CHANNEL=$DEFAULT_CHANNEL_VALUE
fi
DEFAULT_DOWNLOAD_URL="https://download.docker.com"
if [ -z "$DOWNLOAD_URL" ]; then
DOWNLOAD_URL=$DEFAULT_DOWNLOAD_URL
fi
DEFAULT_REPO_FILE="docker-ce.repo"
if [ -z "$REPO_FILE" ]; then
REPO_FILE="$DEFAULT_REPO_FILE"
fi
mirror=''
DRY_RUN=${DRY_RUN:-}
while [ $# -gt 0 ]; do
case "$1" in
--mirror)
mirror="$2"
shift
;;
--dry-run)
DRY_RUN=1
;;
--*)
echo "Illegal option $1"
;;
esac
shift $(( $# > 0 ? 1 : 0 ))
done
case "$mirror" in
Aliyun)
DOWNLOAD_URL="https://mirrors.aliyun.com/docker-ce"
;;
AzureChinaCloud)
DOWNLOAD_URL="https://mirror.azure.cn/docker-ce"
;;
esac
command_exists() {
command -v "$@" > /dev/null 2>&1
}
is_dry_run() {
if [ -z "$DRY_RUN" ]; then
return 1
else
return 0
fi
}
is_wsl() {
case "$(uname -r)" in
*microsoft* ) true ;; # WSL 2
*Microsoft* ) true ;; # WSL 1
* ) false;;
esac
}
is_darwin() {
case "$(uname -s)" in
*darwin* ) true ;;
*Darwin* ) true ;;
* ) false;;
esac
}
deprecation_notice() {
distro=$1
date=$2
echo
echo "DEPRECATION WARNING:"
echo " The distribution, $distro, will no longer be supported in this script as of $date."
echo " If you feel this is a mistake please submit an issue at https://github.com/docker/docker-install/issues/new"
echo
sleep 10
}
get_distribution() {
lsb_dist=""
# Every system that we officially support has /etc/os-release
if [ -r /etc/os-release ]; then
lsb_dist="$(. /etc/os-release && echo "$ID")"
fi
# Returning an empty string here should be alright since the
# case statements don't act unless you provide an actual value
echo "$lsb_dist"
}
add_debian_backport_repo() {
debian_version="$1"
backports="deb http://ftp.debian.org/debian $debian_version-backports main"
if ! grep -Fxq "$backports" /etc/apt/sources.list; then
(set -x; $sh_c "echo "$backports" >> /etc/apt/sources.list")
fi
}
echo_docker_as_nonroot() {
if is_dry_run; then
return
fi
if command_exists docker && [ -e /var/run/docker.sock ]; then
(
set -x
$sh_c 'docker version'
) || true
fi
your_user=your-user
[ "$user" != 'root' ] && your_user="$user"
# intentionally mixed spaces and tabs here -- tabs are stripped by "<<-EOF", spaces are kept in the output
echo "If you would like to use Docker as a non-root user, you should now consider"
echo "adding your user to the "docker" group with something like:"
echo
echo " sudo usermod -aG docker $your_user"
echo
echo "Remember that you will have to log out and back in for this to take effect!"
echo
echo "WARNING: Adding a user to the "docker" group will grant the ability to run"
echo " containers which can be used to obtain root privileges on the"
echo " docker host."
echo " Refer to https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface"
echo " for more information."
}
# Check if this is a forked Linux distro
check_forked() {
# Check for lsb_release command existence, it usually exists in forked distros
if command_exists lsb_release; then
# Check if the `-u` option is supported
set +e
lsb_release -a -u > /dev/null 2>&1
lsb_release_exit_code=$?
set -e
# Check if the command has exited successfully, it means we're in a forked distro
if [ "$lsb_release_exit_code" = "0" ]; then
# Print info about current distro
cat <<-EOF
You're using '$lsb_dist' version '$dist_version'.
EOF
# Get the upstream release info
lsb_dist=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[:space:]')
dist_version=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'codename' | cut -d ':' -f 2 | tr -d '[:space:]')
# Print info about upstream distro
cat <<-EOF
Upstream release is '$lsb_dist' version '$dist_version'.
EOF
else
if [ -r /etc/debian_version ] && [ "$lsb_dist" != "ubuntu" ] && [ "$lsb_dist" != "raspbian" ]; then
if [ "$lsb_dist" = "osmc" ]; then
# OSMC runs Raspbian
lsb_dist=raspbian
else
# We're Debian and don't even know it!
lsb_dist=debian
fi
dist_version="$(sed 's//.*//' /etc/debian_version | sed 's/..*//')"
case "$dist_version" in
10)
dist_version="buster"
;;
9)
dist_version="stretch"
;;
8|'Kali Linux 2')
dist_version="jessie"
;;
esac
fi
fi
fi
}
semverParse() {
major="${1%%.*}"
minor="${1#$major.}"
minor="${minor%%.*}"
patch="${1#$major.$minor.}"
patch="${patch%%[-.]*}"
}
do_install() {
echo "# Executing docker install script, commit: $SCRIPT_COMMIT_SHA"
if command_exists docker; then
docker_version="$(docker -v | cut -d ' ' -f3 | cut -d ',' -f1)"
MAJOR_W=1
MINOR_W=10
semverParse "$docker_version"
shouldWarn=0
if [ "$major" -lt "$MAJOR_W" ]; then
shouldWarn=1
fi
if [ "$major" -le "$MAJOR_W" ] && [ "$minor" -lt "$MINOR_W" ]; then
shouldWarn=1
fi
cat >&2 <<-'EOF'
Warning: the "docker" command appears to already exist on this system.
If you already have Docker installed, this script can cause trouble, which is
why we're displaying this warning and provide the opportunity to cancel the
installation.
If you installed the current Docker package using this script and are using it
EOF
if [ $shouldWarn -eq 1 ]; then
cat >&2 <<-'EOF'
again to update Docker, we urge you to migrate your image store before upgrading
to v1.10+.
You can find instructions for this here:
https://github.com/docker/docker/wiki/Engine-v1.10.0-content-addressability-migration
EOF
else
cat >&2 <<-'EOF'
again to update Docker, you can safely ignore this message.
EOF
fi
cat >&2 <<-'EOF'
You may press Ctrl+C now to abort this script.
EOF
( set -x; sleep 20 )
fi
user="$(id -un 2>/dev/null || true)"
sh_c='sh -c'
if [ "$user" != 'root' ]; then
if command_exists sudo; then
sh_c='sudo -E sh -c'
elif command_exists su; then
sh_c='su -c'
else
cat >&2 <<-'EOF'
Error: this installer needs the ability to run commands as root.
We are unable to find either "sudo" or "su" available to make this happen.
EOF
exit 1
fi
fi
if is_dry_run; then
sh_c="echo"
fi
# perform some very rudimentary platform detection
lsb_dist=$( get_distribution )
lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')"
if is_wsl; then
echo
echo "WSL DETECTED: We recommend using Docker Desktop for Windows."
echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop"
echo
cat >&2 <<-'EOF'
You may press Ctrl+C now to abort this script.
EOF
( set -x; sleep 20 )
fi
case "$lsb_dist" in
ubuntu)
if command_exists lsb_release; then
dist_version="$(lsb_release --codename | cut -f2)"
fi
if [ -z "$dist_version" ] && [ -r /etc/lsb-release ]; then
dist_version="$(. /etc/lsb-release && echo "$DISTRIB_CODENAME")"
fi
;;
debian|raspbian)
dist_version="$(sed 's//.*//' /etc/debian_version | sed 's/..*//')"
case "$dist_version" in
10)
dist_version="buster"
;;
9)
dist_version="stretch"
;;
8)
dist_version="jessie"
;;
esac
;;
centos|rhel)
if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
fi
;;
*)
if command_exists lsb_release; then
dist_version="$(lsb_release --release | cut -f2)"
fi
if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
fi
;;
esac
# Check if this is a forked Linux distro
check_forked
# Run setup for each distro accordingly
case "$lsb_dist" in
ubuntu|debian|raspbian)
pre_reqs="apt-transport-https ca-certificates curl"
if [ "$lsb_dist" = "debian" ]; then
# libseccomp2 does not exist for debian jessie main repos for aarch64
if [ "$(uname -m)" = "aarch64" ] && [ "$dist_version" = "jessie" ]; then
add_debian_backport_repo "$dist_version"
fi
fi
if ! command -v gpg > /dev/null; then
pre_reqs="$pre_reqs gnupg"
fi
apt_repo="deb [arch=$(dpkg --print-architecture)] $DOWNLOAD_URL/linux/$lsb_dist $dist_version $CHANNEL"
(
if ! is_dry_run; then
set -x
fi
$sh_c 'apt-get update -qq >/dev/null'
$sh_c "DEBIAN_FRONTEND=noninteractive apt-get install -y -qq $pre_reqs >/dev/null"
$sh_c "curl -fsSL "$DOWNLOAD_URL/linux/$lsb_dist/gpg" | apt-key add -qq - >/dev/null"
$sh_c "echo "$apt_repo" > /etc/apt/sources.list.d/docker.list"
$sh_c 'apt-get update -qq >/dev/null'
)
pkg_version=""
if [ -n "$VERSION" ]; then
if is_dry_run; then
echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
else
# Will work for incomplete versions IE (17.12), but may not actually grab the "latest" if in the test channel
pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/~ce~.*/g" | sed "s/-/.*/g").*-0~$lsb_dist"
search_command="apt-cache madison 'docker-ce' | grep '$pkg_pattern' | head -1 | awk '{$1=$1};1' | cut -d' ' -f 3"
pkg_version="$($sh_c "$search_command")"
echo "INFO: Searching repository for VERSION '$VERSION'"
echo "INFO: $search_command"
if [ -z "$pkg_version" ]; then
echo
echo "ERROR: '$VERSION' not found amongst apt-cache madison results"
echo
exit 1
fi
search_command="apt-cache madison 'docker-ce-cli' | grep '$pkg_pattern' | head -1 | awk '{$1=$1};1' | cut -d' ' -f 3"
# Don't insert an = for cli_pkg_version, we'll just include it later
cli_pkg_version="$($sh_c "$search_command")"
pkg_version="=$pkg_version"
fi
fi
(
if ! is_dry_run; then
set -x
fi
if [ -n "$cli_pkg_version" ]; then
$sh_c "apt-get install -y -qq --no-install-recommends docker-ce-cli=$cli_pkg_version >/dev/null"
fi
$sh_c "apt-get install -y -qq --no-install-recommends docker-ce$pkg_version >/dev/null"
)
echo_docker_as_nonroot
exit 0
;;
centos|fedora|rhel)
yum_repo="$DOWNLOAD_URL/linux/$lsb_dist/$REPO_FILE"
if ! curl -Ifs "$yum_repo" > /dev/null; then
echo "Error: Unable to curl repository file $yum_repo, is it valid?"
exit 1
fi
if [ "$lsb_dist" = "fedora" ]; then
pkg_manager="dnf"
config_manager="dnf config-manager"
enable_channel_flag="--set-enabled"
disable_channel_flag="--set-disabled"
pre_reqs="dnf-plugins-core"
pkg_suffix="fc$dist_version"
else
pkg_manager="yum"
config_manager="yum-config-manager"
enable_channel_flag="--enable"
disable_channel_flag="--disable"
pre_reqs="yum-utils"
pkg_suffix="el"
fi
(
if ! is_dry_run; then
set -x
fi
$sh_c "$pkg_manager install -y -q $pre_reqs"
$sh_c "$config_manager --add-repo $yum_repo"
if [ "$CHANNEL" != "stable" ]; then
$sh_c "$config_manager $disable_channel_flag docker-ce-*"
$sh_c "$config_manager $enable_channel_flag docker-ce-$CHANNEL"
fi
$sh_c "$pkg_manager makecache"
)
pkg_version=""
if [ -n "$VERSION" ]; then
if is_dry_run; then
echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
else
pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/\\.ce.*/g" | sed "s/-/.*/g").*$pkg_suffix"
search_command="$pkg_manager list --showduplicates 'docker-ce' | grep '$pkg_pattern' | tail -1 | awk '{print $2}'"
pkg_version="$($sh_c "$search_command")"
echo "INFO: Searching repository for VERSION '$VERSION'"
echo "INFO: $search_command"
if [ -z "$pkg_version" ]; then
echo
echo "ERROR: '$VERSION' not found amongst $pkg_manager list results"
echo
exit 1
fi
search_command="$pkg_manager list --showduplicates 'docker-ce-cli' | grep '$pkg_pattern' | tail -1 | awk '{print $2}'"
# It's okay for cli_pkg_version to be blank, since older versions don't support a cli package
cli_pkg_version="$($sh_c "$search_command" | cut -d':' -f 2)"
# Cut out the epoch and prefix with a '-'
pkg_version="-$(echo "$pkg_version" | cut -d':' -f 2)"
fi
fi
(
if ! is_dry_run; then
set -x
fi
# install the correct cli version first
if [ -n "$cli_pkg_version" ]; then
$sh_c "$pkg_manager install -y -q docker-ce-cli-$cli_pkg_version"
fi
$sh_c "$pkg_manager install -y -q docker-ce$pkg_version"
)
echo_docker_as_nonroot
exit 0
;;
*)
if [ -z "$lsb_dist" ]; then
if is_darwin; then
echo
echo "ERROR: Unsupported operating system 'macOS'"
echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop"
echo
exit 1
fi
fi
echo
echo "ERROR: Unsupported distribution '$lsb_dist'"
echo
exit 1
;;
esac
exit 1
}
# wrapped up in a function so that we have some protection against only getting
# half the file during "curl | sh"
do_install
5.在harbor私有仓库中创建存放jenkin的私有镜像
6.制作自定义镜像
在运维主机(mfyxw50.mfyxw.com)上操作
[root@mfyxw50 ~]# cd /data/dockerfile/jenkins/
[root@mfyxw50 jenkins]# docker build . -t harbor.od.com/infra/jenkins:v2.190.3
7.将infra/jenkins的镜像推送到私有仓库
在运维主机(mfyxw50.mfyxw.com)上操作
[root@mfyxw50 ~]# docker images | grep jenkins
[root@mfyxw50 ~]# docker login harbor.od.com
[root@mfyxw50 ~]# docker push harbor.od.com/infra/jenkins:v2.190.3
8.查看仓库中infra是否已经上传了jenkins
9.测试是否能正常登录
在运维主机(mfyxw50.mfyxw.com)上操作
[root@mfyxw50 jenkins]# docker run --rm harbor.od.com/infra/jenkins:v2.190.3 ssh -i /root/.ssh/id_rsa -T XXX@gitee.com
10.创建保存jenkins目录
在运维主机(mfyxw50.mfyxw.com)上操作
[root@mfyxw50 ~]# mkdir -p /data/k8s-yaml/jenkins
[root@mfyxw50 ~]# mkdir -p /data/nfs-volume/jenkins_home
[root@mfyxw50 ~]# cd /data/k8s-yaml/jenkins/
11.创建jenkins资源配置清单
在运维主机(mfyxw50.mfyxw.com)上操作
Deployment.yaml代码如下:
[root@mfyxw50 ~]# cat > /data/k8s-yaml/jenkins/Deployment.yaml << EOF
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: jenkins
namespace: infra
labels:
name: jenkins
spec:
replicas: 1
selector:
matchLabels:
name: jenkins
template:
metadata:
labels:
app: jenkins
name: jenkins
spec:
volumes:
- name: data
nfs:
server: mfyxw50
path: /data/nfs-volume/jenkins_home
- name: docker
hostPath:
path: /run/docker.sock
type: ''
containers:
- name: jenkins
image: harbor.od.com/infra/jenkins:v2.190.3
ports:
- containerPort: 8080
protocol: TCP
env:
- name: JAVA_OPTS
value: -Xmx512m -Xms512m
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 500m
memory: 1Gi
volumeMounts:
- name: data
mountPath: /var/jenkins_home
- name: docker
mountPath: /run/docker.sock
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
imagePullSecrets:
- name: harbor
restartPolicy: Always
terminationGracePeriodSeconds: 30
securityContext:
runAsUser: 0
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
revisionHistoryLimit: 7
progressDeadlineSeconds: 600
EOF
Service.yaml代码如下:
[root@mfyxw50 ~]# cat > /data/k8s-yaml/jenkins/Service.yaml << EOF
kind: Service
apiVersion: v1
metadata:
name: jenkins
namespace: infra
spec:
ports:
- protocol: TCP
port: 80
targetPort: 8080
selector:
app: jenkins
type: ClusterIP
sessionAffinity: None
EOF
Ingress.yaml代码如下:
[root@mfyxw50 ~]# cat > /data/k8s-yaml/jenkins/Ingress.yaml << EOF
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: jenkins
namespace: infra
spec:
rules:
- host: jenkins.od.com
http:
paths:
- path: /
backend:
serviceName: jenkins
servicePort: 80
EOF
12.安装nfs服务
在运维节点(mfyxw30.mfyxw.com和mfyxw40.mfyxw.com)作为NFS客户端和运维主机(mfyxw50.mfyxw.com)作为NFS服务端同,分别执行
~]# yum -y install nfs-utils
在运维主机(mfyxw50.mfyxw.com)上执行如下操作
[root@mfyxw50 ~]# cat > /etc/exports << EOF
/data/nfs-volume 192.168.80.0/24(rw,no_root_squash)
EOF
创建nfs共享目录
[root@mfyxw50 ~]# mkdir -p /data/nfs-volume
启动NFS服务
[root@mfyxw50 ~]# systemctl start nfs && systemctl enable nfs
13.为拉私有仓库私有镜像创建一个secret
在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)上任意一台执行
[root@mfyxw30 ~]# kubectl create secret docker-registry harbor --docker-server=harbor.od.com --docker-username=admin --docker-password=Harbor12345 -n infra
[root@mfyxw30 ~]# kubectl get secret -n infra
14.应用Jenkins资源配置清单
在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可
在应用资源配置清单 要先创建一个infra名称空间
[root@mfyxw30 ~]# kubectl create ns infra
[root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/jenkins/Deployment.yaml
[root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/jenkins/Service.yaml
[root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/jenkins/Ingress.yaml
15.查询pod,svc,ingress是否成功
在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可
备注,可能jenkins的pod的名称有不一致,但不影响整个教程
[root@mfyxw30 ~]# kubectl get pod -n infra
[root@mfyxw30 ~]# kubectl get svc -n infra
[root@mfyxw30 ~]# kubectl get ingress -n infra
16.添加解析域名jenkins.od.com
在DNS服务器(mfyxw10.mfyxw.com)上操作
[root@mfyxw10 ~]# cat > /var/named/od.com.zone << EOF
$ORIGIN od.com.
$TTL 600 ; 10 minutes
@ IN SOA dns.od.com. dnsadmin.od.com. (
;序号请加1,表示比之前版本要新
2020031308 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS dns.od.com.
$TTL 60 ; 1 minute
dns A 192.168.80.10
harbor A 192.168.80.50 ;添加harbor记录
k8s-yaml A 192.168.80.50
traefik A 192.168.80.100
dashboard A 192.168.80.100
zk1 A 192.168.80.10
zk2 A 192.168.80.20
zk3 A 192.168.80.30
jenkins A 192.168.80.100
EOF
重启DNS服务器并尝试解析域名
[root@mfyxw10 ~]# systemctl restart named
[root@mfyxw10 ~]# dig -t A jenkins.od.com @192.168.80.10 +short
17.在浏览器中访问jenkins
18.查看jenkins的登录密码
在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可
查看jenkins运行在哪个node节点上
[root@mfyxw30 ~]# kubectl get pod -o wide -n infra
查询出来jenkins是运行在mfyxw40.mfyxw.com主机上,进入到/data/kubelet/pods/d4a68480-78ec-463d-b25e-d9caa8714219/volumes/kubernetes.io~nfs/data/secrets目录查看initialAdminPassword文件可以得到登录jenkins的密码
19.登录jenkins后操作及设置
成功安装了Blue Ocean插件
20.解决下载插件出错问题
如上图所示,就是在下载插件的时候会出现Failure,建议更换为国内源
国内源地址:https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json
解决方法:
更换了源,再次去搜索并安装插件即可
可以进入到运维主机(mfyxw50.mfyxw.com)的/data/nfs-volume/jenkins_home/plugins目录下,可以看到下载的插件的软件都放在此目录中
21.通过查看日志判断jenkins是否完全启动
在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可
[root@mfyxw30 ~]# kubectl logs jenkins-b99776c69-jrvwn -n infra
22.验证jenkins是否可用
查看jenkins运行在哪台node节点上
在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可
[root@mfyxw30 ~]# kubectl get pod -n infra -o wide
在mfyxw40.mfyxw.com主机上执行
[root@mfyxw40 ~]# docker ps -a | grep jenkins
在master节点(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)中任意一台操作即可
在jenkins容器中,验证jenkins容器是否以root身份运行及时区是否为东八区
[root@mfyxw30 ~]# kubectl exec -it jenkins-b99776c69-p6skp -n infra -- /bin/bash #进入到jenkins容器
root@jenkins-b99776c69-p6skp:/# whoami #查看jenkins是否以root身份运行
root@jenkins-b99776c69-p6skp:/# date #查看jenkins的时区是否为东八区
在jenkins容器中,验证是否连接宿主机的docker的引擎
[root@mfyxw30 ~]# kubectl exec -it jenkins-b99776c69-p6skp -n infra -- /bin/bash
root@jenkins-b99776c69-p6skp:/# docker ps -a
在mfyxw40.mfyxw.com宿主机上查询所有的容器运行情况,是否与进入到jenkins容器里查询到的一致
[root@mfyxw40 ~]# docker ps -a
在jenkins容器中,验证是否可以登录到harbor仓库
[root@mfyxw30 ~]# kubectl exec -it jenkins-b99776c69-p6skp -n infra -- /bin/bash
root@jenkins-b99776c69-p6skp:/# docker login harbor.od.com
root@jenkins-b99776c69-p6skp:/# cat /root/.docker/config.json
在jenkins容器中,验证是否可以登录到gitee仓库
[root@mfyxw30 ~]# kubectl exec -it jenkins-b99776c69-p6skp -n infra -- /bin/bash
root@jenkins-b99776c69-p6skp:/# ssh -i /root/.ssh/id_rsa -T xxx@gitee.com
