DuoDevHub/kubernetes
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
kubernetes/CICD/Jenkins/README.md
dylan 2a879d383c add kubernetes
2026-01-09 17:56:38 +08:00

339 lines
6.9 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Jenkins Kubernetes部署文档
本目录包含Jenkins在Kubernetes集群上的部署配置和文档。
## 部署配置
### jenkins-deployment.yaml
```yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: jenkins-pv
spec:
capacity:
storage: 20Gi
accessModes:
- ReadWriteOnce
hostPath:
path: /data/jenkins
storageClassName: manual
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins-pvc
namespace: default
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
storageClassName: manual
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: jenkins
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
namespace: default
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: jenkins
template:
metadata:
labels:
app: jenkins
spec:
serviceAccountName: jenkins
containers:
- name: jenkins
image: jenkins/jenkins:lts
ports:
- containerPort: 8080
name: http
- containerPort: 50000
name: agent
env:
- name: JENKINS_OPTS
value: "--prefix=/jenkins"
- name: JAVA_OPTS
value: "-Xmx2048m"
volumeMounts:
- name: jenkins-data
mountPath: /var/jenkins_home
resources:
requests:
memory: "1Gi"
cpu: "500m"
limits:
memory: "2Gi"
cpu: "1000m"
volumes:
- name: jenkins-data
persistentVolumeClaim:
claimName: jenkins-pvc
---
apiVersion: v1
kind: Service
metadata:
name: jenkins
namespace: default
spec:
type: NodePort
ports:
- port: 8080
targetPort: 8080
nodePort: 30280
name: http
- port: 50000
targetPort: 50000
nodePort: 30500
name: agent
selector:
app: jenkins
```
## 部署步骤
### 1. 创建数据目录
```bash
mkdir -p /data/jenkins
```
### 2. 应用部署配置
将上述YAML配置保存为 `jenkins-deployment.yaml` 文件,然后执行:
```bash
kubectl apply -f jenkins-deployment.yaml
```
### 3. 验证部署状态
```bash
# 查看Pod状态
kubectl get pods -l app=jenkins
# 查看Service状态
kubectl get svc jenkins
# 查看详细信息
kubectl describe pod <jenkins-pod-name>
```
## 访问地址
| 服务 | 端口 | 说明 |
|------|------|------|
| Web界面 | 30280 | Jenkins Web界面http://节点IP:30280/jenkins |
| Agent | 30500 | Jenkins Agent连接端口 |
### 获取Jenkins初始密码
```bash
kubectl exec -it $(kubectl get pod -l app=jenkins -o jsonpath='{.items[0].metadata.name}') -- cat /var/jenkins_home/secrets/initialAdminPassword
```
首次访问Jenkins时需要输入上述解锁密码然后按照向导完成初始设置。
## 配置参数
| 参数 | 值 | 说明 |
|------|-----|------|
| 镜像 | jenkins/jenkins:lts | Jenkins LTS版本 |
| 数据目录 | /data/jenkins | HostPath存储路径 |
| 存储容量 | 20Gi | PV/PVC分配存储 |
| 内存请求 | 1Gi | 最小内存需求 |
| 内存限制 | 2Gi | 最大内存限制 |
| CPU请求 | 500m | 最小CPU需求 |
| CPU限制 | 1000m | 最大CPU限制 |
| 访问前缀 | /jenkins | URL访问路径前缀 |
| JVM堆内存 | -Xmx2048m | Java虚拟机堆内存设置 |
### RBAC权限配置
Jenkins配置了以下Kubernetes集群权限
- **Pods操作**: create, delete, get, list, patch, update, watch
- **Pods执行**: create, delete, get, list, patch, update, watch
- **Pods日志**: get, list, watch
- **Secrets**: get
这些权限用于Jenkins在Kubernetes中执行CI/CD任务。
## 端口映射
| 容器端口 | NodePort | 用途 |
|----------|----------|------|
| 8080 | 30280 | Web界面 |
| 50000 | 30500 | Agent连接 |
## 常用管理命令
### 查看Pod状态
```bash
kubectl get pods -l app=jenkins
kubectl logs -f <jenkins-pod-name>
```
### 重启服务
```bash
kubectl rollout restart deployment jenkins
```
### 扩容/缩容
```bash
# 扩容到2个副本
kubectl scale deployment jenkins --replicas=2
# 缩容到1个副本
kubectl scale deployment jenkins --replicas=1
```
### 查看资源使用
```bash
kubectl top pods -l app=jenkins
```
### 备份数据
```bash
kubectl exec -it $(kubectl get pod -l app=jenkins -o jsonpath='{.items[0].metadata.name}') -- tar czf /tmp/jenkins-backup.tar.gz /var/jenkins_home
```
## 故障排查
### Pod无法启动
#### ImagePullBackOff
```bash
# 查看Pod详细信息
kubectl describe pod <jenkins-pod-name>
# 手动拉取镜像
docker pull jenkins/jenkins:lts
# 检查Docker镜像加速配置
cat /etc/docker/daemon.json
```
#### ContainerCreating状态持续
```bash
# 检查PV/PVC状态
kubectl get pv
kubectl get pvc
# 检查存储目录权限
ls -la /data/jenkins
# 调整目录权限
chmod -R 777 /data/jenkins
```
### 服务无法访问
```bash
# 检查Service状态
kubectl get svc jenkins
# 检查端口占用
netstat -tlnp | grep 30280
# 检查防火墙
iptables -L -n | grep 30280
```
### 性能问题
```bash
# 检查资源使用
kubectl top pods -l app=jenkins
# 检查Pod日志
kubectl logs <jenkins-pod-name>
# 调整资源限制
kubectl edit deployment jenkins
```
## 维护建议
### 定期备份
建议配置定期备份策略配置Jenkins备份插件或定期导出配置。
### 监控告警
建议配置以下监控指标:
- **资源使用率**: CPU、内存、磁盘
- **Pod状态**: 运行状态、重启次数
- **服务可用性**: 访问延迟、错误率
### 升级策略
1. **镜像升级**: 更新Deployment中的镜像版本
2. **滚动更新**: 使用kubectl rollout实现零停机升级
3. **备份回滚**: 升级前先备份,失败时快速回滚
```bash
# 滚动更新
kubectl set image deployment/jenkins jenkins=jenkins/jenkins:2.401.1
# 回滚
kubectl rollout undo deployment/jenkins
```
## 版本信息
| 项目 | 版本 |
|------|------|
| 文档版本 | v1.0 |
| Jenkins | lts |
| 更新日期 | 2026-01-09 |
Reference in New Issue View Git Blame Copy Permalink