部署Jenkins pod, jenkins-rc.yaml:
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: jenkins
spec:
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: jenkins
spec:
imagePullSecrets:
- name: myregistrykey
containers:
- name: jenkins
image: harbor.test.com/common/jenkins:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
name: web
protocol: TCP
- containerPort: 50000
name: agent
protocol: TCP
volumeMounts:
- name: jenkinshome
mountPath: /var/jenkins_home
env:
- name: JAVA_OPTS
value: "-Duser.timezone=Asia/Shanghai"
volumes:
- name: jenkinshome
nfs:
server: 192.168.1.131
path: "/data/nfs/jenkins"
创建pod,并查看:
[root@k8s-master jenkins]# kubectl get pod
NAME READY STATUS RESTARTS AGE
jenkins-2366461543-cjxjq 0/1 CrashLoopBackOff 6 8m
查看pod日志:
[root@k8s-master jenkins]# kubectl logs jenkins-2366461543-cjxjq
touch: cannot touch ‘/var/jenkins_home/copy_reference_file.log’: Permission denied
Can not write to /var/jenkins_home/copy_reference_file.log. Wrong volume permissions?
问题出在pod挂载了nfs共享过来的目录,但没有写的权限。启动一个Jenkins docker查看Jenkins用户:
jenkins@6f9c8a27d26f:~$ cat /etc/passwd | grep jenkins
jenkins:x:1000:1000::/var/jenkins_home:/bin/bash
在NFS 服务器上修改共享目录的所有人:
[root@k8s-nfs data]# cd nfs/
[root@k8s-nfs nfs]# chown 1000 jenkins/
重新创建Jenkins pod,查看状态:
[root@k8s-master jenkins]# kubectl get pod
NAME READY STATUS RESTARTS AGE
jenkins-2366461543-97tjs 1/1 Running 0 4s
创建Service,jenkins-service.yaml:
kind: Service
apiVersion: v1
metadata:
labels:
app: jenkins
name: jenkins
spec:
ports:
- port: 8080
targetPort: 8080
name: web
- port: 50000
targetPort: 50000
name: agent
selector:
app: jenkins
创建Ingress,jenkins-ingress.yaml:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: jenkins
spec:
tls:
- hosts:
- autobuild.test.com
secretName: jenkins-secret
rules:
- host: autobuild.test.com
http:
paths:
- backend:
serviceName: jenkins
servicePort: 8080
path: /
在公网解析域名便可以访问页面。