6.9 KiB
6.9 KiB
Jenkins Kubernetes部署文档
本目录包含Jenkins在Kubernetes集群上的部署配置和文档。
部署配置
jenkins-deployment.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: jenkins-pv
spec:
capacity:
storage: 20Gi
accessModes:
- ReadWriteOnce
hostPath:
path: /data/jenkins
storageClassName: manual
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins-pvc
namespace: default
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
storageClassName: manual
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: jenkins
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
namespace: default
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: jenkins
template:
metadata:
labels:
app: jenkins
spec:
serviceAccountName: jenkins
containers:
- name: jenkins
image: jenkins/jenkins:lts
ports:
- containerPort: 8080
name: http
- containerPort: 50000
name: agent
env:
- name: JENKINS_OPTS
value: "--prefix=/jenkins"
- name: JAVA_OPTS
value: "-Xmx2048m"
volumeMounts:
- name: jenkins-data
mountPath: /var/jenkins_home
resources:
requests:
memory: "1Gi"
cpu: "500m"
limits:
memory: "2Gi"
cpu: "1000m"
volumes:
- name: jenkins-data
persistentVolumeClaim:
claimName: jenkins-pvc
---
apiVersion: v1
kind: Service
metadata:
name: jenkins
namespace: default
spec:
type: NodePort
ports:
- port: 8080
targetPort: 8080
nodePort: 30280
name: http
- port: 50000
targetPort: 50000
nodePort: 30500
name: agent
selector:
app: jenkins
部署步骤
1. 创建数据目录
mkdir -p /data/jenkins
2. 应用部署配置
将上述YAML配置保存为 jenkins-deployment.yaml 文件,然后执行:
kubectl apply -f jenkins-deployment.yaml
3. 验证部署状态
# 查看Pod状态
kubectl get pods -l app=jenkins
# 查看Service状态
kubectl get svc jenkins
# 查看详细信息
kubectl describe pod <jenkins-pod-name>
访问地址
| 服务 | 端口 | 说明 |
|---|---|---|
| Web界面 | 30280 | Jenkins Web界面(http://节点IP:30280/jenkins) |
| Agent | 30500 | Jenkins Agent连接端口 |
获取Jenkins初始密码
kubectl exec -it $(kubectl get pod -l app=jenkins -o jsonpath='{.items[0].metadata.name}') -- cat /var/jenkins_home/secrets/initialAdminPassword
首次访问Jenkins时,需要输入上述解锁密码,然后按照向导完成初始设置。
配置参数
| 参数 | 值 | 说明 |
|---|---|---|
| 镜像 | jenkins/jenkins:lts | Jenkins LTS版本 |
| 数据目录 | /data/jenkins | HostPath存储路径 |
| 存储容量 | 20Gi | PV/PVC分配存储 |
| 内存请求 | 1Gi | 最小内存需求 |
| 内存限制 | 2Gi | 最大内存限制 |
| CPU请求 | 500m | 最小CPU需求 |
| CPU限制 | 1000m | 最大CPU限制 |
| 访问前缀 | /jenkins | URL访问路径前缀 |
| JVM堆内存 | -Xmx2048m | Java虚拟机堆内存设置 |
RBAC权限配置
Jenkins配置了以下Kubernetes集群权限:
- Pods操作: create, delete, get, list, patch, update, watch
- Pods执行: create, delete, get, list, patch, update, watch
- Pods日志: get, list, watch
- Secrets: get
这些权限用于Jenkins在Kubernetes中执行CI/CD任务。
端口映射
| 容器端口 | NodePort | 用途 |
|---|---|---|
| 8080 | 30280 | Web界面 |
| 50000 | 30500 | Agent连接 |
常用管理命令
查看Pod状态
kubectl get pods -l app=jenkins
kubectl logs -f <jenkins-pod-name>
重启服务
kubectl rollout restart deployment jenkins
扩容/缩容
# 扩容到2个副本
kubectl scale deployment jenkins --replicas=2
# 缩容到1个副本
kubectl scale deployment jenkins --replicas=1
查看资源使用
kubectl top pods -l app=jenkins
备份数据
kubectl exec -it $(kubectl get pod -l app=jenkins -o jsonpath='{.items[0].metadata.name}') -- tar czf /tmp/jenkins-backup.tar.gz /var/jenkins_home
故障排查
Pod无法启动
ImagePullBackOff
# 查看Pod详细信息
kubectl describe pod <jenkins-pod-name>
# 手动拉取镜像
docker pull jenkins/jenkins:lts
# 检查Docker镜像加速配置
cat /etc/docker/daemon.json
ContainerCreating状态持续
# 检查PV/PVC状态
kubectl get pv
kubectl get pvc
# 检查存储目录权限
ls -la /data/jenkins
# 调整目录权限
chmod -R 777 /data/jenkins
服务无法访问
# 检查Service状态
kubectl get svc jenkins
# 检查端口占用
netstat -tlnp | grep 30280
# 检查防火墙
iptables -L -n | grep 30280
性能问题
# 检查资源使用
kubectl top pods -l app=jenkins
# 检查Pod日志
kubectl logs <jenkins-pod-name>
# 调整资源限制
kubectl edit deployment jenkins
维护建议
定期备份
建议配置定期备份策略,配置Jenkins备份插件或定期导出配置。
监控告警
建议配置以下监控指标:
- 资源使用率: CPU、内存、磁盘
- Pod状态: 运行状态、重启次数
- 服务可用性: 访问延迟、错误率
升级策略
- 镜像升级: 更新Deployment中的镜像版本
- 滚动更新: 使用kubectl rollout实现零停机升级
- 备份回滚: 升级前先备份,失败时快速回滚
# 滚动更新
kubectl set image deployment/jenkins jenkins=jenkins/jenkins:2.401.1
# 回滚
kubectl rollout undo deployment/jenkins
版本信息
| 项目 | 版本 |
|---|---|
| 文档版本 | v1.0 |
| Jenkins | lts |
| 更新日期 | 2026-01-09 |