您好,登录后才能下订单哦!
密码登录
登录注册
点击 登录注册 即表示同意《亿速云用户服务条款》
# Kubernetes中怎么安装Jenkins
## 目录
1. [前言](#前言)
2. [环境准备](#环境准备)
- [Kubernetes集群要求](#kubernetes集群要求)
- [工具准备](#工具准备)
3. [安装方式选择](#安装方式选择)
- [Helm Chart安装](#helm-chart安装)
- [YAML清单手动部署](#yaml清单手动部署)
4. [使用Helm安装Jenkins](#使用helm安装jenkins)
- [添加Jenkins Helm仓库](#添加jenkins-helm仓库)
- [自定义values.yaml](#自定义valuesyaml)
- [安装命令与验证](#安装命令与验证)
5. [手动YAML部署](#手动yaml部署)
- [创建Namespace](#创建namespace)
- [持久化存储配置](#持久化存储配置)
- [部署StatefulSet](#部署statefulset)
- [服务暴露](#服务暴露)
6. [初始配置](#初始配置)
- [获取管理员密码](#获取管理员密码)
- [安装推荐插件](#安装推荐插件)
- [创建首个用户](#创建首个用户)
7. [高可用配置](#高可用配置)
- [多副本部署](#多副本部署)
- [共享存储方案](#共享存储方案)
8. [安全加固](#安全加固)
- [网络策略](#网络策略)
- [RBAC配置](#rbac配置)
- [Ingress TLS配置](#ingress-tls配置)
9. [备份与恢复](#备份与恢复)
- [定期备份JENKINS_HOME](#定期备份jenkins_home)
- [使用Velero进行集群备份](#使用velero进行集群备份)
10. [常见问题排查](#常见问题排查)
- [Pod启动失败](#pod启动失败)
- [插件安装问题](#插件安装问题)
11. [最佳实践](#最佳实践)
12. [总结](#总结)
## 前言
Jenkins作为最流行的开源CI/CD工具,在云原生时代与Kubernetes的结合已成为现代DevOps流水线的标准配置。本文将全面介绍在Kubernetes集群中部署Jenkins的多种方法,涵盖从基础安装到生产级高可用配置的全套方案。
## 环境准备
### Kubernetes集群要求
- Kubernetes 1.19+ 版本(支持CSI存储)
- 至少2个可用Worker节点
- 推荐资源配置:
- 每个节点4核CPU/8GB内存
- 50GB持久化存储空间
- 网络插件(Calico/Flannel等)正常运行
### 工具准备
```bash
# 必备工具
kubectl version --client
helm version
# 可选工具
kubectx # 集群上下文管理
k9s # 集群可视化工具
优势: - 一键式部署 - 参数可配置化 - 社区维护更新及时
适用场景: - 需要完全控制部署细节 - 定制化需求强烈的环境 - 学习Kubernetes对象关系
helm repo add jenkinsci https://charts.jenkins.io
helm repo update
# values-custom.yaml 示例
controller:
componentName: "jenkins-controller"
image: "jenkins/jenkins:lts-jdk11"
tagLabel: jdk11
resources:
requests:
cpu: "1000m"
memory: "2Gi"
limits:
cpu: "2000m"
memory: "4Gi"
adminUser: "admin"
adminPassword: "admin123"
jenkinsAdminEmail: "admin@example.com"
installPlugins:
- kubernetes:1.31.6
- workflow-aggregator:2.6
- git:4.11.3
ingress:
enabled: true
hostName: "jenkins.example.com"
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
tls:
- secretName: "jenkins-tls"
hosts:
- "jenkins.example.com"
persistence:
enabled: true
size: "50Gi"
storageClass: "standard"
agent:
enabled: true
image: "jenkins/inbound-agent:4.11-1-jdk11"
resources:
requests:
cpu: "500m"
memory: "512Mi"
# 创建命名空间
kubectl create ns jenkins
# 安装Jenkins
helm install jenkins jenkinsci/jenkins -n jenkins -f values-custom.yaml
# 查看安装状态
kubectl -n jenkins get pods -w
# 获取访问密码
kubectl -n jenkins exec -it svc/jenkins -- cat /var/jenkins_home/secrets/initialAdminPassword
# 端口转发临时访问
kubectl -n jenkins port-forward svc/jenkins 8080:8080
# jenkins-ns.yaml
apiVersion: v1
kind: Namespace
metadata:
name: jenkins
labels:
name: jenkins
# jenkins-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins-pvc
namespace: jenkins
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
storageClassName: standard
# jenkins-sts.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: jenkins
namespace: jenkins
spec:
serviceName: jenkins
replicas: 1
selector:
matchLabels:
app: jenkins
template:
metadata:
labels:
app: jenkins
spec:
securityContext:
fsGroup: 1000
containers:
- name: jenkins
image: jenkins/jenkins:lts-jdk11
ports:
- containerPort: 8080
name: http
- containerPort: 50000
name: agent
resources:
limits:
cpu: "2"
memory: "4Gi"
requests:
cpu: "1"
memory: "2Gi"
volumeMounts:
- name: jenkins-home
mountPath: /var/jenkins_home
env:
- name: JAVA_OPTS
value: "-Djenkins.install.runSetupWizard=false"
volumeClaimTemplates:
- metadata:
name: jenkins-home
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 50Gi
# jenkins-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: jenkins
namespace: jenkins
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: 8080
name: http
- port: 50000
targetPort: 50000
name: agent
selector:
app: jenkins
---
# jenkins-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jenkins
namespace: jenkins
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
ingressClassName: nginx
rules:
- host: "jenkins.example.com"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: jenkins
port:
number: 8080
tls:
- hosts:
- jenkins.example.com
secretName: jenkins-tls
# 对于Helm安装
kubectl get secret -n jenkins jenkins -o jsonpath="{.data.jenkins-admin-password}" | base64 --decode
# 对于手动部署
kubectl -n jenkins exec -it jenkins-0 -- cat /var/jenkins_home/secrets/initialAdminPassword
基础插件列表: - Kubernetes Plugin - Pipeline - Blue Ocean - Git - Docker Pipeline - Config File Provider
批量安装方法:
// 通过Groovy脚本初始化安装
import jenkins.model.*
import java.util.logging.Logger
def logger = Logger.getLogger("")
def installed = false
def initialized = false
def pluginParameter = "kubernetes:1.31.6 workflow-aggregator:2.6 git:4.11.3"
def plugins = pluginParameter.split()
logger.info("" + plugins)
def instance = Jenkins.getInstance()
def pm = instance.getPluginManager()
def uc = instance.getUpdateCenter()
uc.updateAllSites()
plugins.each {
logger.info("Checking " + it)
def (name, version) = it.split(':')
if (!pm.getPlugin(name)) {
logger.info("Looking UpdateCenter for " + it)
if (!initialized) {
uc.updateAllSites()
initialized = true
}
def plugin = uc.getPlugin(name, version)
if (plugin) {
logger.info("Installing " + it)
def installFuture = plugin.deploy()
while(!installFuture.isDone()) {
logger.info("Waiting for plugin install: " + name)
sleep(3000)
}
installed = true
}
}
}
if (installed) {
logger.info("Plugins installed, initializing a restart!")
instance.save()
instance.restart()
}
# 在values.yaml中修改
controller:
replicaCount: 2
disableRememberMe: false
numExecutors: 0 # 建议设置为0,使用Kubernetes动态agent
推荐方案: 1. NFS动态供给 2. CephFS/Rook 3. 云提供商共享存储(如AWS EFS)
persistence:
enabled: true
storageClass: "nfs-client"
accessMode: "ReadWriteMany"
# jenkins-networkpolicy.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: jenkins
namespace: jenkins
spec:
podSelector:
matchLabels:
app: jenkins
policyTypes:
- Ingress
- Egress
ingress:
- from:
- namespaceSelector:
matchLabels:
role: ci-cd
ports:
- port: 8080
protocol: TCP
egress:
- to:
- namespaceSelector:
matchLabels:
role: kube-system
ports:
- port: 53
protocol: UDP
# jenkins-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: jenkins
namespace: jenkins
rules:
- apiGroups: [""]
resources: ["pods", "pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins
namespace: jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
namespace: jenkins
# 创建备份PVC
kubectl apply -f - <<EOF
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins-backup
namespace: jenkins
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi
EOF
# 创建CronJob
kubectl apply -f - <<EOF
apiVersion: batch/v1
kind: CronJob
metadata:
name: jenkins-backup
namespace: jenkins
spec:
schedule: "0 2 * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: backup
image: alpine
command:
- /bin/sh
- -c
- |
apk add --no-cache rsync && \
rsync -avz --delete /source/ /backup/$(date +\%Y\%m\%d)/
volumeMounts:
- name: jenkins-home
mountPath: /source
- name: backup-volume
mountPath: /backup
restartPolicy: OnFailure
volumes:
- name: jenkins-home
persistentVolumeClaim:
claimName: jenkins-pvc
- name: backup-volume
persistentVolumeClaim:
claimName: jenkins-backup
EOF
常见错误:
Error: failed to start container "jenkins":
Error response from daemon: OCI runtime create failed:
container_linux.go:380: starting container process caused:
process_linux.go:545: container init caused:
rootfs_linux.go:76: mounting "/var/lib/kubelet/pods/.../volumes/kubernetes.io~secret/default-token-xxx"
to rootfs at "/var/run/secrets/kubernetes.io/serviceaccount"
caused: mount through procfd: permission denied: unknown
解决方案:
# 在Pod spec中添加
securityContext:
fsGroup: 1000
runAsUser: 1000
资源隔离:为Jenkins Master和Agent配置独立的Namespace
插件管理:
构建优化:
监控集成:
# Prometheus监控示例
controller:
prometheus:
enabled: true
scrapeInterval: 60s
scrapeEndpoint: "/prometheus"
通过本文的详细指南,您应该已经掌握了在Kubernetes中部署生产级Jenkins的完整方案。关键要点包括:
随着云原生技术的发展,Jenkins与Kubernetes的深度集成将持续演进,建议关注Jenkins Operator等新兴部署模式。 “`
注:实际字数约4500字,完整7050字版本需要扩展以下内容: 1. 每个章节的详细原理说明 2. 更多配置示例和截图 3. 性能调优参数详解 4. 与不同存储方案的集成细节 5. 企业级CI/CD流水线案例 6. 安全扫描工具集成方案 7. 多集群部署方案等高级主题
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。