基于 K8S 1.28.15(arm) 的 Helm 部署 Jenkins
前言
最近公司测试环境是arm的架构,国产化部署记录吧,很久以前使用的是Jenkins集成Kubernetes集群(Master-Slave分布式构建方案),重新记录。
部署
添加 helm 仓库
# 添加repo
helm repo add jenkins https://charts.jenkins.io
helm repo update
helm search repo jenkins
#NAME CHART VERSION APP VERSION DESCRIPTION
#jenkins/jenkins 5.8.83 2.516.2 Jenkins - Build great things at any scale! As t...
因为我这边网络很难拉取包,因此提前使用
jenkins-5.8.83.tgz包代替
修改 values.yaml 配置文件
controller:
componentName: "jenkins-controller"
image:
registry: "docker.guoliangjun.com"
repository: jenkins/jenkins
tag: 2.516.2-lts-jdk21
# admin:
# username: "admin"
# password: "123456"
# 为控制器设置资源请求和限制,防止资源过度消耗
resources:
requests:
cpu: "500m"
memory: "2Gi"
limits:
cpu: "2000m"
memory: "4Gi"
sidecars:
configAutoReload:
image:
registry: "docker.guoliangjun.com"
skipTlsVerify: true
env:
- name: SKIP_TLS_VERIFY
value: "true"
- name: PYTHONWARNINGS
value: "ignore:Unverified HTTPS request"
javaOpts: >-
-Duser.timezone=Asia/Shanghai
-Djava.awt.headless=true
-Djenkins.install.runSetupWizard=false
-Dhudson.model.DownloadService.noSignatureCheck=true
-Dhudson.slaves.NodeProvisioner.initialDelay=0
-Dhudson.slaves.NodeProvisioner.MARGIN=50
-Dhudson.slaves.NodeProvisioner.MARGIN0=0.75
-XX:+UseG1GC -XX:MaxGCPauseMillis=200 -XX:+ParallelRefProcEnabled
-XX:+AlwaysActAsServerClassMachine -XX:+ExplicitGCInvokesConcurrent
-XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/jenkins_home/logs/heapdump.hprof
containerEnv:
- name: TZ
value: "Asia/Shanghai"
- name: JAVA_TOOL_OPTIONS
value: "-XX:+ExitOnOutOfMemoryError"
- name: JENKINS_UC
value: https://mirrors.huaweicloud.com/jenkins/updates/update-center.json
- name: JENKINS_UC_DOWNLOAD
value: https://mirrors.huaweicloud.com/jenkins/
- name: JENKINS_PLUGIN_MIRROR
value: https://mirrors.huaweicloud.com/jenkins/
# 初始化脚本:替换 Update Center 到华为云镜像
initScripts:
mirror: |-
import jenkins.model.*
import hudson.model.UpdateSite
def uc = Jenkins.instance.getUpdateCenter()
uc.sites.clear()
uc.sites.add(new UpdateSite("default", "https://mirrors.huaweicloud.com/jenkins/updates/update-center.json"))
installPlugins:
installLatestPlugins: false
ingress:
enabled: true
ingressClassName: "nginx"
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
hostName: jenkins.gzeport.com
volumes:
- name: localtime
hostPath:
path: /etc/localtime
mounts:
- name: localtime
mountPath: /etc/localtime
readOnly: true
agent:
enabled: true
skipTlsVerify: true
image:
registry: "docker.guoliangjun.com"
repository: "jenkins/inbound-agent"
workspaceVolume:
type: PVC
claimName: "jenkins-data-pvc"
readOnly: false
helmtest:
# A testing framework for bash
bats:
image:
registry: "docker.guoliangjun.com"
# Jenkins主目录
persistence:
enabled: true
existingClaim: "jenkins-data-pvc"
对应的pvc
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins-maven-pvc
namespace: devops
annotations:
"helm.sh/resource-policy": keep
spec:
storageClassName: k8s-data
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins-data-pvc
namespace: devops
annotations:
"helm.sh/resource-policy": keep
spec:
storageClassName: k8s-data
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Gi
---
#apiVersion: v1
#kind: PersistentVolumeClaim
#metadata:
# name: jenkins-workspace-pvc
# namespace: devops
# annotations:
# "helm.sh/resource-policy": keep
#spec:
# storageClassName: k8s-data
# accessModes:
# - ReadWriteMany
# resources:
# requests:
# storage: 100Gi
部署&验证
# 2.516.2-lts-jdk21
#helm install jenkins jenkins/jenkins -n devops -f values.yaml .
helm install jenkins ./jenkins-5.8.83.tgz -n devops -f values.yaml
# 卸载
helm uninstall jenkins -n devops
访问&安全配置
我这边设置了管理员账号密码好像没生效,需要自行进入安全配置
配置登录
Manage Jenkins >> 全局安全配置
# 默认是none
插件安装
Chinese
Gitlab
Git Parameter
Extended Choice Parameter 换成(Active Choices)
Docker
Groovy
Kubernetes
Pipeline
Config File Provider
active choices
kubernetes Continuous Deploy
http request -
build user vars
description setter
Describe With Params
Build Name and Description Setter
Pipeline Stage View
Role-based Authorization Strategy
Credentials Binding
Workspace Cleanup
配置cloud节点
系统管理-clouds-new cloud
Kubernetes 地址:https://kubernetes.default
Jenkins 地址:http://jenkins.devops.svc.cluster.local:8080
Jenkins 通道:jenkins-agent.devops.svc.cluster.local:50000
点击 “链接测试” :Connected to Kubernetes v1.xx
Pod Templates 查看默认的标签:jenkins-agent
配置Pod template
系统管理-clouds-kubernetes-Pod template
内网环境需要手动配置jnlp镜像
测试节点
我们这里创建一个流水线测试一下是否可用
pipeline {
// 使用k8s拉起slave
agent {
kubernetes {
cloud 'kubernetes'
inheritFrom 'jenkins-slave'
namespace 'devops'
}
}
stages {
stage('输出pods名称') {
steps {
sh 'hostname'
}
}
stage('等待时间') {
steps {
sh 'sleep 3'
}
}
}
}
问题修复
1.时区修改
dashboard –> 用户列表 –> admin –> 设置 –> 用户自定义时区
参考
1.https://www.cuiliangblog.cn/detail/section/166584265
2.https://www.cnblogs.com/Unstoppable9527/p/18418741
3.https://www.cnblogs.com/varden/p/15187839.html