[root@centos7 jenkins]# ll
total 20
-rw-r--r--. 1 root root 1558 Aug 15 10:47 deployment.yml
-rw-r--r--. 1 root root  349 Jan  5  2020 ingress.yml
-rw-r--r--. 1 root root  908 Jan  5  2020 rbac.yml
-rw-r--r--. 1 root root  914 Jan  5  2020 service-account.yml
-rw-r--r--. 1 root root  270 Jan  5  2020 service.yml
[root@centos7 jenkins]# 
[root@centos7 jenkins]# 
[root@centos7 jenkins]# cat deployment.yml 
apiVersion: apps/v1
kind: Deployment 
metadata:
  name: jenkins
  labels:
    name: jenkins
spec:
  replicas: 1
  selector:
    matchLabels:
      name: jenkins 
  template:
    metadata:
      name: jenkins
      labels:
        name: jenkins
    spec:
      terminationGracePeriodSeconds: 10
      serviceAccountName: jenkins
      containers:
        - name: jenkins
          image: jenkins/jenkins:lts 
          imagePullPolicy: Always
          ports:
            - containerPort: 8080
            - containerPort: 50000
          resources:
            limits:
              cpu: 1
              memory: 1Gi
            requests:
              cpu: 0.5
              memory: 500Mi
          env:
            - name: LIMITS_MEMORY
              valueFrom:
                resourceFieldRef:
                  resource: limits.memory
                  divisor: 1Mi
            - name: JAVA_OPTS
              value: -Xmx$(LIMITS_MEMORY)m -XshowSettings:vm -Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85
          volumeMounts:
            - name: jenkins-home
              mountPath: /var/jenkins_home
      securityContext:
        fsGroup: 1000
      volumes:
        - name: jenkins-home
          persistentVolumeClaim:
            claimName: jenkins-home
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: jenkins-home
spec:
  storageClassName: "managed-nfs-storage"
  accessModes: ["ReadWriteOnce"]
  resources:
    requests:
      storage: 5Gi
[root@centos7 jenkins]# 


[root@centos7 jenkins]# cat ingress.yml 
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: jenkins
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/proxy-body-size: 100m
spec:
  rules:
  - host: jenkins.ctnrs.com
    http:
      paths:
      - path: /
        backend:
          serviceName: jenkins
          servicePort: 80
[root@centos7 jenkins]# 


[root@centos7 jenkins]# 
[root@centos7 jenkins]# cat rbac.yml 
---
# 创建名为jenkins的ServiceAccount
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins

---
# 创建名为jenkins的Role，授予允许管理API组的资源Pod
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: jenkins
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/exec"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/log"]
  verbs: ["get","list","watch"]
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]

---
# 将名为jenkins的Role绑定到名为jenkins的ServiceAccount
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  name: jenkins
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: jenkins
subjects:
- kind: ServiceAccount
  name: jenkins
[root@centos7 jenkins]# 


[root@centos7 jenkins]# cat service-account.yml 
# In GKE need to get RBAC permissions first with
# kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin [--user=<user-name>|--group=<group-name>]

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins

---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: jenkins
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/exec"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/log"]
  verbs: ["get","list","watch"]
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  name: jenkins
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: jenkins
subjects:
- kind: ServiceAccount
  name: jenkins
[root@centos7 jenkins]# 


[root@centos7 jenkins]# cat service.yml 
apiVersion: v1
kind: Service
metadata:
  name: jenkins
spec:
  selector:
    name: jenkins
  type: NodePort
  ports:
    - name: http
      port: 80
      targetPort: 8080
      protocol: TCP
      nodePort: 30006
    - name: agent
      port: 50000
      protocol: TCP
[root@centos7 jenkins]# 


[root@centos7 jenkins]# 
[root@centos7 jenkins]# kubectl apply -f .
deployment.apps/jenkins configured
persistentvolumeclaim/jenkins-home unchanged
ingress.extensions/jenkins unchanged
serviceaccount/jenkins unchanged
role.rbac.authorization.k8s.io/jenkins unchanged
rolebinding.rbac.authorization.k8s.io/jenkins unchanged
serviceaccount/jenkins unchanged
role.rbac.authorization.k8s.io/jenkins unchanged
rolebinding.rbac.authorization.k8s.io/jenkins unchanged
service/jenkins unchanged
[root@centos7 jenkins]#  
[root@centos7 jenkins]# 
[root@centos7 jenkins]# kubectl get pods
NAME                                      READY   STATUS    RESTARTS   AGE
jenkins-f644fd667-46xhv                   1/1     Running   0          29m
nfs-client-provisioner-6dcbb9f588-dwqdz   1/1     Running   0          11h
[root@centos7 jenkins]# 

安装完成，访问http://node-ip:30006登陆jenkins。