k8s创建pv和pvc部署jenkins和配置slave

安装 NFS 服务端(单独一台机器sudo apt update sudo apt install-y nfs-kernel-server# 创建挂载路径sudo mkdir-p/mnt/nfs_data# 修改配置vim/etc/exports# 允许 所有网段读写同步写入保留客户端 root 权限# *要挨着括号/mnt/nfs_data*(rw,sync,no_root_squash)# 重新加载所有共享-a全部-r重新导出-v详细输出exportfs-arv# 启动 NFS 服务systemctl restart nfs-kernel-server systemctl enable nfs-kernel-server# 检查状态systemctl status nfs-kernel-server# 检查是否挂载好showmount-e localhost安装 NFS 客户端(在所有节点)sudo apt-get update sudo apt-get install-y nfs-common whichmount.nfs创建 namespaceskubectl create ns jenkinsPV 的 yaml文件一个使用 NFS 存储卷的 PV 示例mkdir-p/mnt/nfs_data/pv_nfs_2g# pv-nfs.yamlapiVersion:v1kind:PersistentVolumemetadata:name:pv-nfs-2gspec:volumeMode:Filesystem# 存储卷模式默认为 Filesystem 文件系统 和 Block块capacity:# 存储能力storage:2Gi# 容量大小Gi 或 MiaccessModes:# 访问模式-ReadWriteOnce# 访问模式persistentVolumeReclaimPolicy:Retain# 回收策略storageClassName:nfsnfs:# 持久卷类型如 hostPath、nfs、ceph 等path:/mnt/nfs_data/pv_nfs_2g# 存储路径要确保已经存在server:10.0.3.100创建pvkubectl apply-f pv-nfs.yamlPVC 的 yaml文件# pvc-jenkins.yamlapiVersion:v1kind:PersistentVolumeClaimmetadata:name:pvc-jenkinsnamespace:jenkins# 与 Deployment 同命名空间spec:accessModes:-ReadWriteMany# 与 pv 里面的相同resources:requests:storage:2GivolumeName:pv-nfs-2g# 与 PV 的 Name 一致storageClassName:nfs# 与 PV 的 StorageClass 一致创建pvckubectl apply-f pvc-jenkins.yaml创建deploykubectl apply -f deploy_jenkins.yamlapiVersion:apps/v1kind:Deploymentmetadata:name:jenkinsnamespace:jenkinsspec:progressDeadlineSeconds:600replicas:1revisionHistoryLimit:10selector:matchLabels:app:jenkins-serverstrategy:rollingUpdate:maxSurge:25%maxUnavailable:25%type:RollingUpdatetemplate:metadata:labels:app:jenkins-serverspec:containers:-image:docker.io/jenkins/jenkins:jdk17imagePullPolicy:IfNotPresentlivenessProbe:httpGet:path:/loginport:8080scheme:HTTPinitialDelaySeconds:300periodSeconds:10successThreshold:1failureThreshold:3timeoutSeconds:5name:jenkinsports:-containerPort:8080name:httpportprotocol:TCP-containerPort:50000name:jnlpportprotocol:TCPreadinessProbe:httpGet:path:/loginport:8080scheme:HTTPinitialDelaySeconds:120periodSeconds:10successThreshold:1failureThreshold:3timeoutSeconds:5resources:limits:cpu:2memory:4Girequests:cpu:1memory:1GisecurityContext:privileged:truerunAsUser:0terminationMessagePath:/dev/termination-logterminationMessagePolicy:FilevolumeMounts:-mountPath:/var/jenkins_homename:jenkins-datarestartPolicy:AlwaysterminationGracePeriodSeconds:30volumes:-name:jenkins-datapersistentVolumeClaim:claimName:pvc-jenkins创建svckubectl apply -f svc_jenkins.yamlapiVersion:v1kind:Servicemetadata:labels:app:jenkins-servername:jenkins-svcnamespace:jenkinsspec:ports:-name:jenkins-serviceport:8080protocol:TCPtargetPort:8080-name:jenkins-jnlpport:50000protocol:TCPtargetPort:50000selector:app:jenkins-servertype:ClusterIP创建Ingress ControllerIngress资源要正常工作集群中必须要有个Ingress Controller来解析Ingress的转发规则参考文档https://blog.csdn.net/weixin_46887489/article/details/134586363查看集群中定义的 IngressClasskubectl get ingressclass创建IngressapiVersion:networking.k8s.io/v1kind:Ingressmetadata:name:jenkinsnamespace:jenkinsannotations:nginx.ingress.kubernetes.io/ssl-redirect:falsenginx.ingress.kubernetes.io/force-ssl-redirect:falsenginx.ingress.kubernetes.io/whitelist-source-range:0.0.0.0/0spec:ingressClassName:nginx-masterrules:-host:jenkinss.comhttp:paths:-path:/pathType:Prefixbackend:service:name:jenkins-svcport:number:8080本地配置hosts域名任意配置一个节点的IPcurl 测试curl jenkinss.com 如下图这样就代表部署成功后续用浏览器就能直接打开配置jenkins权限操作k8svim rbac-jenkins.yamlapiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: namespace: jenkins name: jenkins-role rules:-apiGroups:[]resources:[pods,services,endpoints,pods/exec,pods/log,pods/attach]verbs:[get,list,watch,create,update,patch,delete]-apiGroups:[]resources:[configmaps,secrets]verbs:[get,list,watch,create,update,patch,delete]-apiGroups:[apps]resources:[deployments,replicasets]verbs:[get,list,watch,create,update,patch,delete]-apiGroups:[extensions]resources:[deployments,replicasets]verbs:[get,list,watch,create,update,patch,delete]-apiGroups:[batch]resources:[jobs,cronjobs]verbs:[get,list,watch,create,update,patch,delete]---apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: namespace: jenkins name: jenkins-role-binding subjects:-kind: ServiceAccount name: default namespace: jenkins roleRef: kind: Role name: jenkins-role apiGroup: rbac.authorization.k8s.iokubectl apply-f rbac-jenkins.yamlkubectl get role,rolebinding-n jenkinsjenkins安装k8s插件和阶段视图插件我这里是已经安装好的 只是展示插件名称需要点击 Available plugins 里面搜索安装插件安装k8s插件 Kubernetes安装阶段视图插件 Stage Viewjenkins配置k8s点击 设置 下拉 点击 Clouds点击 New cloud点击 连接测试 会出现画红圈的东西 就代表连接上了k8s填写的 jenkins svc 地址容器数量 意思是最多同时起多少个pod其余默认创建任务测试添加 pipline scriptpodTemplate(cloud:k8s,label:jenkins-slave,serviceAccount:default,containers:[containerTemplate(name:jenkins-jdk17,image:docker.io/jenkins/jenkins:jdk17,resourceLimitCpu:1000m,resourceLimitMemory:2048Mi,resourceRequestCpu:500m,resourceRequestMemory:1024Mi,privileged:true)]){node(jenkins-slave){container(jenkins-jdk17){stage(Maven Build){shls /}stage(Docker Build){shsleep 120}}}}点击立即构建会创建一个poddescribe 查看拉取了两个image一个是jenkins的agent使用的一个是自己任务需要用的镜像agent工作的路径kubectl exec -it jenkins-slave-3djzj-q2fsp -n jenkins – bashls /home/jenkins/agent/workspace/任务跑完后自动删除 jenkins-slave 这个pod