DuoDevHub/kubernetes
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add kubernetes

Browse Source
This commit is contained in:
dylan
2026-01-09 17:56:38 +08:00
parent 6e7af2d016
commit 2a879d383c
203 changed files with 17379 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

339
CICD/Jenkins/README.md Normal file
View File

@@ -0,0 +1,339 @@
# Jenkins Kubernetes部署文档
本目录包含Jenkins在Kubernetes集群上的部署配置和文档。
## 部署配置
### jenkins-deployment.yaml
```yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: jenkins-pv
spec:
capacity:
storage: 20Gi
accessModes:
- ReadWriteOnce
hostPath:
path: /data/jenkins
storageClassName: manual
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins-pvc
namespace: default
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
storageClassName: manual
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: jenkins
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
namespace: default
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: jenkins
template:
metadata:
labels:
app: jenkins
spec:
serviceAccountName: jenkins
containers:
- name: jenkins
image: jenkins/jenkins:lts
ports:
- containerPort: 8080
name: http
- containerPort: 50000
name: agent
env:
- name: JENKINS_OPTS
value: "--prefix=/jenkins"
- name: JAVA_OPTS
value: "-Xmx2048m"
volumeMounts:
- name: jenkins-data
mountPath: /var/jenkins_home
resources:
requests:
memory: "1Gi"
cpu: "500m"
limits:
memory: "2Gi"
cpu: "1000m"
volumes:
- name: jenkins-data
persistentVolumeClaim:
claimName: jenkins-pvc
---
apiVersion: v1
kind: Service
metadata:
name: jenkins
namespace: default
spec:
type: NodePort
ports:
- port: 8080
targetPort: 8080
nodePort: 30280
name: http
- port: 50000
targetPort: 50000
nodePort: 30500
name: agent
selector:
app: jenkins
```
## 部署步骤
### 1. 创建数据目录
```bash
mkdir -p /data/jenkins
```
### 2. 应用部署配置
将上述YAML配置保存为 `jenkins-deployment.yaml` 文件,然后执行:
```bash
kubectl apply -f jenkins-deployment.yaml
```
### 3. 验证部署状态
```bash
# 查看Pod状态
kubectl get pods -l app=jenkins
# 查看Service状态
kubectl get svc jenkins
# 查看详细信息
kubectl describe pod <jenkins-pod-name>
```
## 访问地址
| 服务 | 端口 | 说明 |
|------|------|------|
| Web界面 | 30280 | Jenkins Web界面http://节点IP:30280/jenkins |
| Agent | 30500 | Jenkins Agent连接端口 |
### 获取Jenkins初始密码
```bash
kubectl exec -it $(kubectl get pod -l app=jenkins -o jsonpath='{.items[0].metadata.name}') -- cat /var/jenkins_home/secrets/initialAdminPassword
```
首次访问Jenkins时需要输入上述解锁密码然后按照向导完成初始设置。
## 配置参数
| 参数 | 值 | 说明 |
|------|-----|------|
| 镜像 | jenkins/jenkins:lts | Jenkins LTS版本 |
| 数据目录 | /data/jenkins | HostPath存储路径 |
| 存储容量 | 20Gi | PV/PVC分配存储 |
| 内存请求 | 1Gi | 最小内存需求 |
| 内存限制 | 2Gi | 最大内存限制 |
| CPU请求 | 500m | 最小CPU需求 |
| CPU限制 | 1000m | 最大CPU限制 |
| 访问前缀 | /jenkins | URL访问路径前缀 |
| JVM堆内存 | -Xmx2048m | Java虚拟机堆内存设置 |
### RBAC权限配置
Jenkins配置了以下Kubernetes集群权限
- **Pods操作**: create, delete, get, list, patch, update, watch
- **Pods执行**: create, delete, get, list, patch, update, watch
- **Pods日志**: get, list, watch
- **Secrets**: get
这些权限用于Jenkins在Kubernetes中执行CI/CD任务。
## 端口映射
| 容器端口 | NodePort | 用途 |
|----------|----------|------|
| 8080 | 30280 | Web界面 |
| 50000 | 30500 | Agent连接 |
## 常用管理命令
### 查看Pod状态
```bash
kubectl get pods -l app=jenkins
kubectl logs -f <jenkins-pod-name>
```
### 重启服务
```bash
kubectl rollout restart deployment jenkins
```
### 扩容/缩容
```bash
# 扩容到2个副本
kubectl scale deployment jenkins --replicas=2
# 缩容到1个副本
kubectl scale deployment jenkins --replicas=1
```
### 查看资源使用
```bash
kubectl top pods -l app=jenkins
```
### 备份数据
```bash
kubectl exec -it $(kubectl get pod -l app=jenkins -o jsonpath='{.items[0].metadata.name}') -- tar czf /tmp/jenkins-backup.tar.gz /var/jenkins_home
```
## 故障排查
### Pod无法启动
#### ImagePullBackOff
```bash
# 查看Pod详细信息
kubectl describe pod <jenkins-pod-name>
# 手动拉取镜像
docker pull jenkins/jenkins:lts
# 检查Docker镜像加速配置
cat /etc/docker/daemon.json
```
#### ContainerCreating状态持续
```bash
# 检查PV/PVC状态
kubectl get pv
kubectl get pvc
# 检查存储目录权限
ls -la /data/jenkins
# 调整目录权限
chmod -R 777 /data/jenkins
```
### 服务无法访问
```bash
# 检查Service状态
kubectl get svc jenkins
# 检查端口占用
netstat -tlnp | grep 30280
# 检查防火墙
iptables -L -n | grep 30280
```
### 性能问题
```bash
# 检查资源使用
kubectl top pods -l app=jenkins
# 检查Pod日志
kubectl logs <jenkins-pod-name>
# 调整资源限制
kubectl edit deployment jenkins
```
## 维护建议
### 定期备份
建议配置定期备份策略配置Jenkins备份插件或定期导出配置。
### 监控告警
建议配置以下监控指标:
- **资源使用率**: CPU、内存、磁盘
- **Pod状态**: 运行状态、重启次数
- **服务可用性**: 访问延迟、错误率
### 升级策略
1. **镜像升级**: 更新Deployment中的镜像版本
2. **滚动更新**: 使用kubectl rollout实现零停机升级
3. **备份回滚**: 升级前先备份,失败时快速回滚
```bash
# 滚动更新
kubectl set image deployment/jenkins jenkins=jenkins/jenkins:2.401.1
# 回滚
kubectl rollout undo deployment/jenkins
```
## 版本信息
| 项目 | 版本 |
|------|------|
| 文档版本 | v1.0 |
| Jenkins | lts |
| 更新日期 | 2026-01-09 |