[root@centos7 jenkins]# ll total 20 -rw-r--r--. 1 root root 1558 Aug 15 10:47 deployment.yml -rw-r--r--. 1 root root 349 Jan 5 2020 ingress.yml -rw-r--r--. 1 root root 908 Jan 5 2020 rbac.yml -rw-r--r--. 1 root root 914 Jan 5 2020 service-account.yml -rw-r--r--. 1 root root 270 Jan 5 2020 service.yml [root@centos7 jenkins]# [root@centos7 jenkins]# [root@centos7 jenkins]# cat deployment.yml apiVersion: apps/v1 kind: Deployment metadata: name: jenkins labels: name: jenkins spec: replicas: 1 selector: matchLabels: name: jenkins template: metadata: name: jenkins labels: name: jenkins spec: terminationGracePeriodSeconds: 10 serviceAccountName: jenkins containers: - name: jenkins image: jenkins/jenkins:lts imagePullPolicy: Always ports: - containerPort: 8080 - containerPort: 50000 resources: limits: cpu: 1 memory: 1Gi requests: cpu: 0.5 memory: 500Mi env: - name: LIMITS_MEMORY valueFrom: resourceFieldRef: resource: limits.memory divisor: 1Mi - name: JAVA_OPTS value: -Xmx$(LIMITS_MEMORY)m -XshowSettings:vm -Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85 volumeMounts: - name: jenkins-home mountPath: /var/jenkins_home securityContext: fsGroup: 1000 volumes: - name: jenkins-home persistentVolumeClaim: claimName: jenkins-home --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: jenkins-home spec: storageClassName: "managed-nfs-storage" accessModes: ["ReadWriteOnce"] resources: requests: storage: 5Gi [root@centos7 jenkins]# [root@centos7 jenkins]# cat ingress.yml apiVersion: extensions/v1beta1 kind: Ingress metadata: name: jenkins annotations: nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: 100m spec: rules: - host: jenkins.ctnrs.com http: paths: - path: / backend: serviceName: jenkins servicePort: 80 [root@centos7 jenkins]# [root@centos7 jenkins]# [root@centos7 jenkins]# cat rbac.yml --- # 创建名为jenkins的ServiceAccount apiVersion: v1 kind: ServiceAccount metadata: name: jenkins --- # 创建名为jenkins的Role,授予允许管理API组的资源Pod kind: Role apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: jenkins rules: - apiGroups: [""] resources: ["pods"] verbs: ["create","delete","get","list","patch","update","watch"] - apiGroups: [""] resources: ["pods/exec"] verbs: ["create","delete","get","list","patch","update","watch"] - apiGroups: [""] resources: ["pods/log"] verbs: ["get","list","watch"] - apiGroups: [""] resources: ["secrets"] verbs: ["get"] --- # 将名为jenkins的Role绑定到名为jenkins的ServiceAccount apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: name: jenkins roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: jenkins subjects: - kind: ServiceAccount name: jenkins [root@centos7 jenkins]# [root@centos7 jenkins]# cat service-account.yml # In GKE need to get RBAC permissions first with # kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin [--user=<user-name>|--group=<group-name>] --- apiVersion: v1 kind: ServiceAccount metadata: name: jenkins --- kind: Role apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: jenkins rules: - apiGroups: [""] resources: ["pods"] verbs: ["create","delete","get","list","patch","update","watch"] - apiGroups: [""] resources: ["pods/exec"] verbs: ["create","delete","get","list","patch","update","watch"] - apiGroups: [""] resources: ["pods/log"] verbs: ["get","list","watch"] - apiGroups: [""] resources: ["secrets"] verbs: ["get"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: name: jenkins roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: jenkins subjects: - kind: ServiceAccount name: jenkins [root@centos7 jenkins]# [root@centos7 jenkins]# cat service.yml apiVersion: v1 kind: Service metadata: name: jenkins spec: selector: name: jenkins type: NodePort ports: - name: http port: 80 targetPort: 8080 protocol: TCP nodePort: 30006 - name: agent port: 50000 protocol: TCP [root@centos7 jenkins]# [root@centos7 jenkins]# [root@centos7 jenkins]# kubectl apply -f . deployment.apps/jenkins configured persistentvolumeclaim/jenkins-home unchanged ingress.extensions/jenkins unchanged serviceaccount/jenkins unchanged role.rbac.authorization.k8s.io/jenkins unchanged rolebinding.rbac.authorization.k8s.io/jenkins unchanged serviceaccount/jenkins unchanged role.rbac.authorization.k8s.io/jenkins unchanged rolebinding.rbac.authorization.k8s.io/jenkins unchanged service/jenkins unchanged [root@centos7 jenkins]# [root@centos7 jenkins]# [root@centos7 jenkins]# kubectl get pods NAME READY STATUS RESTARTS AGE jenkins-f644fd667-46xhv 1/1 Running 0 29m nfs-client-provisioner-6dcbb9f588-dwqdz 1/1 Running 0 11h [root@centos7 jenkins]# 安装完成,访问http://node-ip:30006登陆jenkins。