# Jenkins Kubernetes部署文档 本目录包含Jenkins在Kubernetes集群上的部署配置和文档。 ## 部署配置 ### jenkins-deployment.yaml ```yaml apiVersion: v1 kind: PersistentVolume metadata: name: jenkins-pv spec: capacity: storage: 20Gi accessModes: - ReadWriteOnce hostPath: path: /data/jenkins storageClassName: manual --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: jenkins-pvc namespace: default spec: accessModes: - ReadWriteOnce resources: requests: storage: 20Gi storageClassName: manual --- apiVersion: v1 kind: ServiceAccount metadata: name: jenkins namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: jenkins rules: - apiGroups: [""] resources: ["pods"] verbs: ["create","delete","get","list","patch","update","watch"] - apiGroups: [""] resources: ["pods/exec"] verbs: ["create","delete","get","list","patch","update","watch"] - apiGroups: [""] resources: ["pods/log"] verbs: ["get","list","watch"] - apiGroups: [""] resources: ["secrets"] verbs: ["get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: jenkins roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: jenkins subjects: - kind: ServiceAccount name: jenkins namespace: default --- apiVersion: apps/v1 kind: Deployment metadata: name: jenkins namespace: default spec: replicas: 1 selector: matchLabels: app: jenkins template: metadata: labels: app: jenkins spec: serviceAccountName: jenkins containers: - name: jenkins image: jenkins/jenkins:lts ports: - containerPort: 8080 name: http - containerPort: 50000 name: agent env: - name: JENKINS_OPTS value: "--prefix=/jenkins" - name: JAVA_OPTS value: "-Xmx2048m" volumeMounts: - name: jenkins-data mountPath: /var/jenkins_home resources: requests: memory: "1Gi" cpu: "500m" limits: memory: "2Gi" cpu: "1000m" volumes: - name: jenkins-data persistentVolumeClaim: claimName: jenkins-pvc --- apiVersion: v1 kind: Service metadata: name: jenkins namespace: default spec: type: NodePort ports: - port: 8080 targetPort: 8080 nodePort: 30280 name: http - port: 50000 targetPort: 50000 nodePort: 30500 name: agent selector: app: jenkins ``` ## 部署步骤 ### 1. 创建数据目录 ```bash mkdir -p /data/jenkins ``` ### 2. 应用部署配置 将上述YAML配置保存为 `jenkins-deployment.yaml` 文件,然后执行: ```bash kubectl apply -f jenkins-deployment.yaml ``` ### 3. 验证部署状态 ```bash # 查看Pod状态 kubectl get pods -l app=jenkins # 查看Service状态 kubectl get svc jenkins # 查看详细信息 kubectl describe pod ``` ## 访问地址 | 服务 | 端口 | 说明 | |------|------|------| | Web界面 | 30280 | Jenkins Web界面(http://节点IP:30280/jenkins) | | Agent | 30500 | Jenkins Agent连接端口 | ### 获取Jenkins初始密码 ```bash kubectl exec -it $(kubectl get pod -l app=jenkins -o jsonpath='{.items[0].metadata.name}') -- cat /var/jenkins_home/secrets/initialAdminPassword ``` 首次访问Jenkins时,需要输入上述解锁密码,然后按照向导完成初始设置。 ## 配置参数 | 参数 | 值 | 说明 | |------|-----|------| | 镜像 | jenkins/jenkins:lts | Jenkins LTS版本 | | 数据目录 | /data/jenkins | HostPath存储路径 | | 存储容量 | 20Gi | PV/PVC分配存储 | | 内存请求 | 1Gi | 最小内存需求 | | 内存限制 | 2Gi | 最大内存限制 | | CPU请求 | 500m | 最小CPU需求 | | CPU限制 | 1000m | 最大CPU限制 | | 访问前缀 | /jenkins | URL访问路径前缀 | | JVM堆内存 | -Xmx2048m | Java虚拟机堆内存设置 | ### RBAC权限配置 Jenkins配置了以下Kubernetes集群权限: - **Pods操作**: create, delete, get, list, patch, update, watch - **Pods执行**: create, delete, get, list, patch, update, watch - **Pods日志**: get, list, watch - **Secrets**: get 这些权限用于Jenkins在Kubernetes中执行CI/CD任务。 ## 端口映射 | 容器端口 | NodePort | 用途 | |----------|----------|------| | 8080 | 30280 | Web界面 | | 50000 | 30500 | Agent连接 | ## 常用管理命令 ### 查看Pod状态 ```bash kubectl get pods -l app=jenkins kubectl logs -f ``` ### 重启服务 ```bash kubectl rollout restart deployment jenkins ``` ### 扩容/缩容 ```bash # 扩容到2个副本 kubectl scale deployment jenkins --replicas=2 # 缩容到1个副本 kubectl scale deployment jenkins --replicas=1 ``` ### 查看资源使用 ```bash kubectl top pods -l app=jenkins ``` ### 备份数据 ```bash kubectl exec -it $(kubectl get pod -l app=jenkins -o jsonpath='{.items[0].metadata.name}') -- tar czf /tmp/jenkins-backup.tar.gz /var/jenkins_home ``` ## 故障排查 ### Pod无法启动 #### ImagePullBackOff ```bash # 查看Pod详细信息 kubectl describe pod # 手动拉取镜像 docker pull jenkins/jenkins:lts # 检查Docker镜像加速配置 cat /etc/docker/daemon.json ``` #### ContainerCreating状态持续 ```bash # 检查PV/PVC状态 kubectl get pv kubectl get pvc # 检查存储目录权限 ls -la /data/jenkins # 调整目录权限 chmod -R 777 /data/jenkins ``` ### 服务无法访问 ```bash # 检查Service状态 kubectl get svc jenkins # 检查端口占用 netstat -tlnp | grep 30280 # 检查防火墙 iptables -L -n | grep 30280 ``` ### 性能问题 ```bash # 检查资源使用 kubectl top pods -l app=jenkins # 检查Pod日志 kubectl logs # 调整资源限制 kubectl edit deployment jenkins ``` ## 维护建议 ### 定期备份 建议配置定期备份策略,配置Jenkins备份插件或定期导出配置。 ### 监控告警 建议配置以下监控指标: - **资源使用率**: CPU、内存、磁盘 - **Pod状态**: 运行状态、重启次数 - **服务可用性**: 访问延迟、错误率 ### 升级策略 1. **镜像升级**: 更新Deployment中的镜像版本 2. **滚动更新**: 使用kubectl rollout实现零停机升级 3. **备份回滚**: 升级前先备份,失败时快速回滚 ```bash # 滚动更新 kubectl set image deployment/jenkins jenkins=jenkins/jenkins:2.401.1 # 回滚 kubectl rollout undo deployment/jenkins ``` ## 版本信息 | 项目 | 版本 | |------|------| | 文档版本 | v1.0 | | Jenkins | lts | | 更新日期 | 2026-01-09 |