目錄

• • 一、版本說明
  • 二、部署步驟
  • 三、啟動
  • 四、初始配置
  • 五、k8s下的安裝
  • • 啟動minikube
    • 創(chuàng)建命名空間
    • 通過Helm安裝jenkins
    • 創(chuàng)建持久卷存儲數(shù)據(jù)
    • 創(chuàng)建jenkins用戶
    • 安裝 Jenkins
  • 六、總結(jié)

一、版本說明

• CentOS Linux 7

• Jenkins 2.332.2

• minikube version: v1.25.2

• MacOS 12.3.1

二、部署步驟

sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo --no-check-certificate

這里注意，pkg.jenkins.io的證書過期了，我們要加上--no-check-certificate

[xiaoyu@localhost ~]$ sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo --no-check-certificate --2022-04-22 19:54:23-- https://pkg.jenkins.io/redhat-stable/jenkins.repo 正在解析主機(jī) pkg.jenkins.io (pkg.jenkins.io)... 151.101.74.133, 2a04:4e42:1a::645 正在連接 pkg.jenkins.io (pkg.jenkins.io)|151.101.74.133|:443... 已連接。 警告: 無法驗(yàn)證 pkg.jenkins.io 的由 “/C=US/O=Let's Encrypt/CN=R3” 頒發(fā)的證書:頒發(fā)的證書已經(jīng)過期。 已發(fā)出 HTTP 請求，正在等待回應(yīng)... 200 OK 長度：85 正在保存至: “/etc/yum.repos.d/jenkins.repo”100%[=========================================================================================>] 85 --.-K/s 用時 0s 2022-04-22 19:54:24 (6.71 MB/s) - 已保存 “/etc/yum.repos.d/jenkins.repo” [85/85]) sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.keysudo yum install fontconfig java-11-openjdksudo yum install jenkinssudo systemctl daemon-reload

上面三條沒有什么問題，注意的是給root權(quán)限即可。

三、啟動

以下命令分別為

• 設(shè)置jenkins開機(jī)啟動
• 啟動jenkins服務(wù)
• 查看jenkins服務(wù)狀態(tài)

[xiaoyu@localhost ~]$ sudo systemctl enable jenkins Created symlink from /etc/systemd/system/multi-user.target.wants/jenkins.service to /usr/lib/systemd/system/jenkins.service. [xiaoyu@localhost ~]$ sudo systemctl start jenkins [xiaoyu@localhost ~]$ sudo systemctl status jenkins ● jenkins.service - Jenkins Continuous Integration ServerLoaded: loaded (/usr/lib/systemd/system/jenkins.service; enabled; vendor preset: disabled)Active: active (running) since 五 2022-04-22 20:19:45 CST; 10s agoMain PID: 20521 (java)Tasks: 42CGroup: /system.slice/jenkins.service└─20521 /usr/bin/java -Djava.awt.headless=true -jar /usr/share/java/jenkins.war --webroot=%C/jenkins/war --httpPort=8...4月 22 20:19:28 localhost.localdomain jenkins[20521]: This may also be found at: /var/lib/jenkins/secrets/initialAdminPassword 4月 22 20:19:28 localhost.localdomain jenkins[20521]: ************************************************************* 4月 22 20:19:28 localhost.localdomain jenkins[20521]: ************************************************************* 4月 22 20:19:28 localhost.localdomain jenkins[20521]: ************************************************************* 4月 22 20:19:45 localhost.localdomain jenkins[20521]: 2022-04-22 12:19:45.012+0000 [id=43] INFO h.m.Download...aller 4月 22 20:19:45 localhost.localdomain jenkins[20521]: 2022-04-22 12:19:45.012+0000 [id=43] INFO hudson.util....pt #1 4月 22 20:19:45 localhost.localdomain jenkins[20521]: 2022-04-22 12:19:45.014+0000 [id=43] INFO hudson.model...23 ms 4月 22 20:19:45 localhost.localdomain jenkins[20521]: 2022-04-22 12:19:45.867+0000 [id=28] INFO jenkins.Init...ation 4月 22 20:19:45 localhost.localdomain jenkins[20521]: 2022-04-22 12:19:45.884+0000 [id=20] INFO hudson.lifec...nning 4月 22 20:19:45 localhost.localdomain systemd[1]: Started Jenkins Continuous Integration Server. Hint: Some lines were ellipsized, use -l to show in full.

通過增加-l查看完整信息，我們可以看到j(luò)enkins用的是8080端口，初始密碼在/var/lib/jenkins/secrets/initialAdminPassword中，需要root權(quán)限查看。

[xiaoyu@localhost ~]$ sudo systemctl status jenkins -l ● jenkins.service - Jenkins Continuous Integration ServerLoaded: loaded (/usr/lib/systemd/system/jenkins.service; enabled; vendor preset: disabled)Active: active (running) since 五 2022-04-22 20:19:45 CST; 2min 44s agoMain PID: 20521 (java)Tasks: 35CGroup: /system.slice/jenkins.service└─20521 /usr/bin/java -Djava.awt.headless=true -jar /usr/share/java/jenkins.war --webroot=%C/jenkins/war --httpPort=80804月 22 20:19:28 localhost.localdomain jenkins[20521]: This may also be found at: /var/lib/jenkins/secrets/initialAdminPassword 4月 22 20:19:28 localhost.localdomain jenkins[20521]: ************************************************************* 4月 22 20:19:28 localhost.localdomain jenkins[20521]: ************************************************************* 4月 22 20:19:28 localhost.localdomain jenkins[20521]: ************************************************************* 4月 22 20:19:45 localhost.localdomain jenkins[20521]: 2022-04-22 12:19:45.012+0000 [id=43] INFO h.m.DownloadService$Downloadable#load: Obtained the updated data file for hudson.tasks.Maven.MavenInstaller 4月 22 20:19:45 localhost.localdomain jenkins[20521]: 2022-04-22 12:19:45.012+0000 [id=43] INFO hudson.util.Retrier#start: Performed the action check updates server successfully at the attempt #1 4月 22 20:19:45 localhost.localdomain jenkins[20521]: 2022-04-22 12:19:45.014+0000 [id=43] INFO hudson.model.AsyncPeriodicWork#lambda$doRun$1: Finished Download metadata. 16,623 ms 4月 22 20:19:45 localhost.localdomain jenkins[20521]: 2022-04-22 12:19:45.867+0000 [id=28] INFO jenkins.InitReactorRunner$1#onAttained: Completed initialization 4月 22 20:19:45 localhost.localdomain jenkins[20521]: 2022-04-22 12:19:45.884+0000 [id=20] INFO hudson.lifecycle.Lifecycle#onReady: Jenkins is fully up and running 4月 22 20:19:45 localhost.localdomain systemd[1]: Started Jenkins Continuous Integration Server. [xiaoyu@localhost ~]$ sudo cat /var/lib/jenkins/secrets/initialAdminPassword 9e87859e96cc49b39276d6a63f80df1b

云主機(jī)注意需要放行8080端口，不然無法訪問。

四、初始配置

瀏覽器訪問服務(wù)器的8080端口，即可訪問jenkins。

直接選擇推薦的插件即可。

創(chuàng)建第一個用戶。

下一步是配置地址，建議做一層nginx，生產(chǎn)環(huán)境使用域名解析，我這里用的本地虛擬機(jī)就這樣了。

到此，jenkins安裝完成。

五、k8s下的安裝

本文采用MacOS下本地安裝，基于minikebe。

啟動minikube

(base) xiaoyu@localhost ~ % minikube start 😄 Darwin 12.3.1 上的 minikube v1.25.2 ? 根據(jù)現(xiàn)有的配置文件使用 hyperkit 驅(qū)動程序 👍 Starting control plane node minikube in cluster minikube 🏃 Updating the running hyperkit "minikube" VM ... ? This VM is having trouble accessing https://k8s.gcr.io 💡 To pull new external images, you may need to configure a proxy: https://minikube.sigs.k8s.io/docs/reference/networking/proxy/ 🐳 正在 Docker 20.10.12 中準(zhǔn)備 Kubernetes v1.23.3…? kubelet.housekeeping-interval=5m 🔎 Verifying Kubernetes components...? Using image gcr.io/k8s-minikube/storage-provisioner:v5? Using image kubernetesui/metrics-scraper:v1.0.7? Using image kubernetesui/dashboard:v2.3.1 🌟 Enabled addons: default-storageclass, storage-provisioner, dashboard? /usr/local/bin/kubectl is version 1.21.2, which may have incompatibilites with Kubernetes 1.23.3.? Want kubectl v1.23.3? Try 'minikube kubectl -- get pods -A' 🏄 Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default

創(chuàng)建命名空間

(base) xiaoyu@localhost ~ % kubectl create namespace jenkins namespace/jenkins created

確定命名空間創(chuàng)建完成。

通過Helm安裝jenkins

Helm 是 Kubernetes 的包管理器，可以簡化jenkins的安裝。

brew install helm helm repo add jenkinsci https://charts.jenkins.iohelm repo update可以找到j(luò)enkinss包(base) xiaoyu@localhost ~ % helm search repo jenkinsciNAME CHART VERSION APP VERSION DESCRIPTION jenkinsci/jenkins 3.12.0 2.332.2 Jenkins - Build great things at any scale!

創(chuàng)建持久卷存儲數(shù)據(jù)

我們采用持久卷的方式掛載數(shù)據(jù)，防止每次minikube重啟的時候丟失數(shù)據(jù)。

以下內(nèi)容存放在jenkins-volume.yaml中，注意，hostPath下path為絕對路徑，需要根據(jù)實(shí)際情況更改。

apiVersion: v1 kind: PersistentVolume metadata:name: jenkins-pvnamespace: jenkins spec:storageClassName: jenkins-pvaccessModes:- ReadWriteOncecapacity:storage: 20GipersistentVolumeReclaimPolicy: RetainhostPath:path: /Users/xiaoyu/develop/jenkins-pv/data/

在文件當(dāng)前目錄執(zhí)行kubectl apply -f jenkins-volume.yaml。提示已經(jīng)創(chuàng)建。

(base) xiaoyu@localhost jenkinss-pv % kubectl apply -f jenkins-volume.yamlpersistentvolume/jenkins-pv created

配置權(quán)限

(base) xiaoyu@localhost ~ % minikube ssh _ _ _ _ ( ) ( ) ___ ___ (_) ___ (_)| |/') _ _ | |_ __ /' _ ` _ `\| |/' _ `\| || , < ( ) ( )| '_`\ /'__`\| ( ) ( ) || || ( ) || || |\`\ | (_) || |_) )( ___/(_) (_) (_)(_)(_) (_)(_)(_) (_)`\___/'(_,__/'`\____)$ sudo chown -R 1000:1000 /Users/xiaoyu/develop/jenkinss-pv/data

創(chuàng)建jenkins用戶

為了保證安全性，一般我們?yōu)槟硞€單獨(dú)的服務(wù)配置單獨(dú)的管理員用戶，用來處理單獨(dú)的工作。在k8s中，默認(rèn)配置一個和命名空間一致的用戶作為這個命名空間內(nèi)操作的授權(quán)用戶。

基于文件即配置的思想，我們依然創(chuàng)建一個文件，名稱是jenkins-sa.yaml,當(dāng)然名稱不是固定的，這樣比較好區(qū)分。并將下面內(nèi)容寫入文件內(nèi)，我們可以看到k8s是如何配置用戶并分配權(quán)限的。

--- apiVersion: v1 kind: ServiceAccount metadata:name: jenkinsnamespace: jenkins --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata:annotations:rbac.authorization.kubernetes.io/autoupdate: "true"labels:kubernetes.io/bootstrapping: rbac-defaultsname: jenkins rules: - apiGroups:- '*'resources:- statefulsets- services- replicationcontrollers- replicasets- podtemplates- podsecuritypolicies- pods- pods/log- pods/exec- podpreset- poddisruptionbudget- persistentvolumes- persistentvolumeclaims- jobs- endpoints- deployments- deployments/scale- daemonsets- cronjobs- configmaps- namespaces- events- secretsverbs:- create- get- watch- delete- list- patch- update - apiGroups:- ""resources:- nodesverbs:- get- list- watch- update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:annotations:rbac.authorization.kubernetes.io/autoupdate: "true"labels:kubernetes.io/bootstrapping: rbac-defaultsname: jenkins roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: jenkins subjects: - apiGroup: rbac.authorization.k8s.iokind: Groupname: system:serviceaccounts:jenkins (base) xiaoyu@localhost jenkinss-pv % kubectl apply -f jenkins-sa.yamlserviceaccount/jenkins createdclusterrole.rbac.authorization.k8s.io/jenkins createdclusterrolebinding.rbac.authorization.k8s.io/jenkins created

以上操作分別完成了創(chuàng)建用戶、創(chuàng)建權(quán)限、綁定權(quán)限操作。

安裝 Jenkins

和上面操作一樣，新建文件jenkins-values.yaml。

# Default values for jenkins. # This is a YAML-formatted file. # Declare name/value pairs to be passed into your templates. # name: value## Overrides for generated resource names # See templates/_helpers.tpl # nameOverride: # fullnameOverride: # namespaceOverride:# For FQDN resolving of the controller service. Change this value to match your existing configuration. # ref: https://github.com/kubernetes/dns/blob/master/docs/specification.md clusterZone: "cluster.local"renderHelmLabels: truecontroller:# Used for label app.kubernetes.io/componentcomponentName: "jenkins-controller"image: "jenkins/jenkins"# tag: "2.332.2-jdk11"tagLabel: jdk11imagePullPolicy: "Always"imagePullSecretName:# Optionally configure lifetime for controller-containerlifecycle:# postStart:# exec:# command:# - "uname"# - "-a"disableRememberMe: falsenumExecutors: 0# configures the executor mode of the Jenkins node. Possible values are: NORMAL or EXCLUSIVEexecutorMode: "NORMAL"# This is ignored if enableRawHtmlMarkupFormatter is truemarkupFormatter: plainTextcustomJenkinsLabels: []# The default configuration uses this secret to configure an admin user# If you don't need that user or use a different security realm then you can disable itadminSecret: truehostNetworking: false# When enabling LDAP or another non-Jenkins identity source, the built-in admin account will no longer exist.# If you disable the non-Jenkins identity store and instead use the Jenkins internal one,# you should revert controller.adminUser to your preferred admin user:adminUser: "admin"# adminPassword: <defaults to random>admin:existingSecret: ""userKey: xiaoyuqingnianpasswordKey: xiaoyuqingnian# This values should not be changed unless you use your custom image of jenkins or any devired from. If you want to use# Cloudbees Jenkins Distribution docker, you should set jenkinsHome: "/var/cloudbees-jenkins-distribution"jenkinsHome: "/var/jenkins_home"# This values should not be changed unless you use your custom image of jenkins or any devired from. If you want to use# Cloudbees Jenkins Distribution docker, you should set jenkinsRef: "/usr/share/cloudbees-jenkins-distribution/ref"jenkinsRef: "/usr/share/jenkins/ref"# Path to the jenkins war file which is used by jenkins-plugin-cli.jenkinsWar: "/usr/share/jenkins/jenkins.war"# Overrides the default arguments passed to the war# overrideArgs:# - --httpPort=8080resources:requests:cpu: "50m"memory: "256Mi"limits:cpu: "2000m"memory: "4096Mi"# Overrides the init container default values# initContainerResources:# requests:# cpu: "50m"# memory: "256Mi"# limits:# cpu: "2000m"# memory: "4096Mi"# Environment variables that get added to the init container (useful for e.g. http_proxy)# initContainerEnv:# - name: http_proxy# value: "http://192.168.64.1:3128"# containerEnv:# - name: http_proxy# value: "http://192.168.64.1:3128"# Set min/max heap here if needed with:# javaOpts: "-Xms512m -Xmx512m"# jenkinsOpts: ""# If you are using the ingress definitions provided by this chart via the `controller.ingress` block the configured hostname will be the ingress hostname starting with `https://` or `http://` depending on the `tls` configuration.# The Protocol can be overwritten by specifying `controller.jenkinsUrlProtocol`.# jenkinsUrlProtocol: "https"# If you are not using the provided ingress you can specify `controller.jenkinsUrl` to change the url definition.# jenkinsUrl: ""# If you set this prefix and use ingress controller then you might want to set the ingress path below# jenkinsUriPrefix: "/jenkins"# Enable pod security context (must be `true` if podSecurityContextOverride, runAsUser or fsGroup are set)usePodSecurityContext: true# Note that `runAsUser`, `fsGroup`, and `securityContextCapabilities` are# being deprecated and replaced by `podSecurityContextOverride`.# Set runAsUser to 1000 to let Jenkins run as non-root user 'jenkins' which exists in 'jenkins/jenkins' docker image.# When setting runAsUser to a different value than 0 also set fsGroup to the same value:runAsUser: 1000fsGroup: 1000# If you have PodSecurityPolicies that require dropping of capabilities as suggested by CIS K8s benchmark, put them heresecurityContextCapabilities: {}# drop:# - NET_RAW# Completely overwrites the contents of the `securityContext`, ignoring the# values provided for the deprecated fields: `runAsUser`, `fsGroup`, and# `securityContextCapabilities`. In the case of mounting an ext4 filesystem,# it might be desirable to use `supplementalGroups` instead of `fsGroup` in# the `securityContext` block: https://github.com/kubernetes/kubernetes/issues/67014#issuecomment-589915496# podSecurityContextOverride:# runAsUser: 1000# runAsNonRoot: true# supplementalGroups: [1000]# # capabilities: {}# Container securityContextcontainerSecurityContext:runAsUser: 1000runAsGroup: 1000readOnlyRootFilesystem: trueallowPrivilegeEscalation: falseservicePort: 8080targetPort: 8080# For minikube, set this to NodePort, elsewhere use LoadBalancer# Use ClusterIP if your setup includes ingress controllerserviceType: ClusterIP# Use Local to preserve the client source IP and avoids a second hop for LoadBalancer and Nodeport type services,# but risks potentially imbalanced traffic spreading.serviceExternalTrafficPolicy:# Jenkins controller service annotationsserviceAnnotations: {}# Jenkins controller custom labelsstatefulSetLabels: {}# foo: bar# bar: foo# Jenkins controller service labelsserviceLabels: {}# service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https# Put labels on Jenkins controller podpodLabels: {}# Used to create Ingress record (should used with ServiceType: ClusterIP)# nodePort: <to set explicitly, choose port between 30000-32767# Enable Kubernetes Startup, Liveness and Readiness Probes# if Startup Probe is supported, enable it too# ~ 2 minutes to allow Jenkins to restart when upgrading plugins. Set ReadinessTimeout to be shorter than LivenessTimeout.healthProbes: trueprobes:startupProbe:httpGet:path: '{{ default "" .Values.controller.jenkinsUriPrefix }}/login'port: httpperiodSeconds: 10timeoutSeconds: 5failureThreshold: 12livenessProbe:failureThreshold: 5httpGet:path: '{{ default "" .Values.controller.jenkinsUriPrefix }}/login'port: httpperiodSeconds: 10timeoutSeconds: 5# If Startup Probe is not supported on your Kubernetes cluster, you might want to use "initialDelaySeconds" instead.# It delays the initial liveness probe while Jenkins is starting# initialDelaySeconds: 60readinessProbe:failureThreshold: 3httpGet:path: '{{ default "" .Values.controller.jenkinsUriPrefix }}/login'port: httpperiodSeconds: 10timeoutSeconds: 5# If Startup Probe is not supported on your Kubernetes cluster, you might want to use "initialDelaySeconds" instead.# It delays the initial readyness probe while Jenkins is starting# initialDelaySeconds: 60# PodDisruptionBudget configpodDisruptionBudget:enabled: false# For Kubernetes v1.5+, use 'policy/v1beta1'# For Kubernetes v1.21+, use 'policy/v1'apiVersion: "policy/v1beta1"annotations: {}labels: {}# maxUnavailable: "0"agentListenerEnabled: trueagentListenerPort: 50000agentListenerHostPort:agentListenerNodePort:agentListenerExternalTrafficPolicy:agentListenerLoadBalancerSourceRanges:- 0.0.0.0/0disabledAgentProtocols:- JNLP-connect- JNLP2-connectcsrf:defaultCrumbIssuer:enabled: trueproxyCompatability: true# Kubernetes service type for the JNLP agent service# agentListenerServiceType is the Kubernetes Service type for the JNLP agent service,# either 'LoadBalancer', 'NodePort', or 'ClusterIP'# Note if you set this to 'LoadBalancer', you *must* define annotations to secure it. By default# this will be an external load balancer and allowing inbound 0.0.0.0/0, a HUGE# security risk: https://github.com/kubernetes/charts/issues/1341agentListenerServiceType: "ClusterIP"# Optionally assign an IP to the LoadBalancer agentListenerService LoadBalancer# GKE users: only regional static IPs will work for Service Load balancer.agentListenerLoadBalancerIP:agentListenerServiceAnnotations: {}# Example of 'LoadBalancer' type of agent listener with annotations securing it# agentListenerServiceType: LoadBalancer# agentListenerServiceAnnotations:# service.beta.kubernetes.io/aws-load-balancer-internal: "True"# service.beta.kubernetes.io/load-balancer-source-ranges: "172.0.0.0/8, 10.0.0.0/8"# LoadBalancerSourcesRange is a list of allowed CIDR values, which are combined with ServicePort to# set allowed inbound rules on the security group assigned to the controller load balancerloadBalancerSourceRanges:- 0.0.0.0/0# Optionally assign a known public LB IP# loadBalancerIP: 1.2.3.4# Optionally configure a JMX port# requires additional javaOpts, ie# javaOpts: ># -Dcom.sun.management.jmxremote.port=4000# -Dcom.sun.management.jmxremote.authenticate=false# -Dcom.sun.management.jmxremote.ssl=false# jmxPort: 4000# Optionally configure other ports to expose in the controller containerextraPorts: []# - name: BuildInfoProxy# port: 9000# List of plugins to be install during Jenkins controller startinstallPlugins:- kubernetes:1.31.3- workflow-aggregator:2.6- git:4.10.2- configuration-as-code:1414.v878271fc496f# Set to false to download the minimum required version of all dependencies.installLatestPlugins: true# Set to true to download latest dependencies of any plugin that is requested to have the latest version.installLatestSpecifiedPlugins: false# List of plugins to install in addition to those listed in controller.installPluginsadditionalPlugins: []# Enable to initialize the Jenkins controller only once on initial installation.# Without this, whenever the controller gets restarted (Evicted, etc.) it will fetch plugin updates which has the potential to cause breakage.# Note that for this to work, `persistence.enabled` needs to be set to `true`initializeOnce: false# Enable to always override the installed plugins with the values of 'controller.installPlugins' on upgrade or redeployment.# overwritePlugins: true# Configures if plugins bundled with `controller.image` should be overwritten with the values of 'controller.installPlugins' on upgrade or redeployment.overwritePluginsFromImage: true# Enable HTML parsing using OWASP Markup Formatter Plugin (antisamy-markup-formatter), useful with ghprb plugin.# The plugin is not installed by default, please update controller.installPlugins.enableRawHtmlMarkupFormatter: false# Used to approve a list of groovy functions in pipelines used the script-security plugin. Can be viewed under /scriptApprovalscriptApproval: []# - "method groovy.json.JsonSlurperClassic parseText java.lang.String"# - "new groovy.json.JsonSlurperClassic"# List of groovy init scripts to be executed during Jenkins controller startinitScripts: []# - |# print 'adding global pipeline libraries, register properties, bootstrap jobs...'# 'name' is a name of an existing secret in same namespace as jenkins,# 'keyName' is the name of one of the keys inside current secret.# the 'name' and 'keyName' are concatenated with a '-' in between, so for example:# an existing secret "secret-credentials" and a key inside it named "github-password" should be used in Jcasc as ${secret-credentials-github-password}# 'name' and 'keyName' must be lowercase RFC 1123 label must consist of lower case alphanumeric characters or '-',# and must start and end with an alphanumeric character (e.g. 'my-name', or '123-abc')additionalExistingSecrets: []# - name: secret-name-1# keyName: username# - name: secret-name-1# keyName: passwordadditionalSecrets: []# - name: nameOfSecret# value: secretText# Generate SecretClaim resources in order to create Kubernetes secrets from HashiCorp Vault using kube-vault-controller.# 'name' is name of the secret that will be created in Kubernetes. The Jenkins fullname is prepended to this value.# 'path' is the fully qualified path to the secret in Vault# 'type' is an optional Kubernetes secret type. Defaults to 'Opaque'# 'renew' is an optional secret renewal time in secondssecretClaims: []# - name: secretName # required# path: testPath # required# type: kubernetes.io/tls # optional# renew: 60 # optional# Name of default cloud configuration.cloudName: "kubernetes"# Below is the implementation of Jenkins Configuration as Code. Add a key under configScripts for each configuration area,# where each corresponds to a plugin or section of the UI. Each key (prior to | character) is just a label, and can be any value.# Keys are only used to give the section a meaningful name. The only restriction is they may only contain RFC 1123 \ DNS label# characters: lowercase letters, numbers, and hyphens. The keys become the name of a configuration yaml file on the controller in# /var/jenkins_home/casc_configs (by default) and will be processed by the Configuration as Code Plugin. The lines after each |# become the content of the configuration yaml file. The first line after this is a JCasC root element, eg jenkins, credentials,# etc. Best reference is https://<jenkins_url>/configuration-as-code/reference. The example below creates a welcome message:JCasC:defaultConfig: trueconfigScripts: {}# welcome-message: |# jenkins:# systemMessage: Welcome to our CI\CD server. This Jenkins is configured and managed 'as code'.# Ignored if securityRealm is defined in controller.JCasC.configScripts and# ignored if controller.enableXmlConfig=true as controller.securityRealm takes precedencesecurityRealm: |-local:allowsSignup: falseenableCaptcha: falseusers:- id: "${chart-admin-username}"name: "Jenkins Admin"password: "${chart-admin-password}"# Ignored if authorizationStrategy is defined in controller.JCasC.configScriptsauthorizationStrategy: |-loggedInUsersCanDoAnything:allowAnonymousRead: false# Optionally specify additional init-containerscustomInitContainers: []# - name: custom-init# image: "alpine:3.7"# imagePullPolicy: Always# command: [ "uname", "-a" ]sidecars:configAutoReload:# If enabled: true, Jenkins Configuration as Code will be reloaded on-the-fly without a reboot. If false or not-specified,# jcasc changes will cause a reboot and will only be applied at the subsequent start-up. Auto-reload uses the# http://<jenkins_url>/reload-configuration-as-code endpoint to reapply config when changes to the configScripts are detected.enabled: trueimage: kiwigrid/k8s-sidecar:1.15.0imagePullPolicy: IfNotPresentresources: {}# limits:# cpu: 100m# memory: 100Mi# requests:# cpu: 50m# memory: 50Mi# How many connection-related errors to retry onreqRetryConnect: 10# env:# - name: REQ_TIMEOUT# value: "30"# SSH port value can be set to any unused TCP port. The default, 1044, is a non-standard SSH port that has been chosen at random.# Is only used to reload jcasc config from the sidecar container running in the Jenkins controller pod.# This TCP port will not be open in the pod (unless you specifically configure this), so Jenkins will not be# accessible via SSH from outside of the pod. Note if you use non-root pod privileges (runAsUser & fsGroup),# this must be > 1024:sshTcpPort: 1044# folder in the pod that should hold the collected dashboards:folder: "/var/jenkins_home/casc_configs"# If specified, the sidecar will search for JCasC config-maps inside this namespace.# Otherwise the namespace in which the sidecar is running will be used.# It's also possible to specify ALL to search in all namespaces:# searchNamespace:containerSecurityContext:readOnlyRootFilesystem: trueallowPrivilegeEscalation: false# Allows you to inject additional/other sidecarsother: []## The example below runs the client for https://smee.io as sidecar container next to Jenkins,## that allows to trigger build behind a secure firewall.## https://jenkins.io/blog/2019/01/07/webhook-firewalls/#triggering-builds-with-webhooks-behind-a-secure-firewall#### Note: To use it you should go to https://smee.io/new and update the url to the generete one.# - name: smee# image: docker.io/twalter/smee-client:1.0.2# args: ["--port", "{{ .Values.controller.servicePort }}", "--path", "/github-webhook/", "--url", "https://smee.io/new"]# resources:# limits:# cpu: 50m# memory: 128Mi# requests:# cpu: 10m# memory: 32Mi# Name of the Kubernetes scheduler to useschedulerName: ""# Node labels and tolerations for pod assignment# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-featurenodeSelector: {}terminationGracePeriodSeconds:terminationMessagePath:terminationMessagePolicy:tolerations: []affinity: {}# Leverage a priorityClass to ensure your pods survive resource shortages# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/priorityClassName:podAnnotations: {}# Add StatefulSet annotationsstatefulSetAnnotations: {}# StatefulSet updateStrategy# ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategiesupdateStrategy: {}ingress:enabled: false# Override for the default paths that map requests to the backendpaths: []# - backend:# serviceName: ssl-redirect# servicePort: use-annotation# - backend:# serviceName: >-# {{ template "jenkins.fullname" . }}# # Don't use string here, use only integer value!# servicePort: 8080# For Kubernetes v1.14+, use 'networking.k8s.io/v1beta1'# For Kubernetes v1.19+, use 'networking.k8s.io/v1'apiVersion: "extensions/v1beta1"labels: {}annotations: {}# kubernetes.io/ingress.class: nginx# kubernetes.io/tls-acme: "true"# For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress# ingressClassName: nginx# Set this path to jenkinsUriPrefix above or use annotations to rewrite path# path: "/jenkins"# configures the hostname e.g. jenkins.example.comhostName:tls:# - secretName: jenkins.cluster.local# hosts:# - jenkins.cluster.local# often you want to have your controller all locked down and private# but you still want to get webhooks from your SCM# A secondary ingress will let you expose different urls# with a differnt configurationsecondaryingress:enabled: false# paths you want forwarded to the backend# ex /github-webhookpaths: []# For Kubernetes v1.14+, use 'networking.k8s.io/v1beta1'# For Kubernetes v1.19+, use 'networking.k8s.io/v1'apiVersion: "extensions/v1beta1"labels: {}annotations: {}# kubernetes.io/ingress.class: nginx# kubernetes.io/tls-acme: "true"# For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress# ingressClassName: nginx# configures the hostname e.g. jenkins-external.example.comhostName:tls:# - secretName: jenkins-external.example.com# hosts:# - jenkins-external.example.com# If you're running on GKE and need to configure a backendconfig# to finish ingress setup, use the following values.# Docs: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfigbackendconfig:enabled: falseapiVersion: "extensions/v1beta1"name:labels: {}annotations: {}spec: {}# Openshift routeroute:enabled: falselabels: {}annotations: {}# path: "/jenkins"# controller.hostAliases allows for adding entries to Pod /etc/hosts:# https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/hostAliases: []# - ip: 192.168.50.50# hostnames:# - something.local# - ip: 10.0.50.50# hostnames:# - other.local# Expose Prometheus metricsprometheus:# If enabled, add the prometheus plugin to the list of plugins to install# https://plugins.jenkins.io/prometheusenabled: false# Additional labels to add to the ServiceMonitor objectserviceMonitorAdditionalLabels: {}# Set a custom namespace where to deploy ServiceMonitor resource# serviceMonitorNamespace: monitoringscrapeInterval: 60s# This is the default endpoint used by the prometheus pluginscrapeEndpoint: /prometheus# Additional labels to add to the PrometheusRule objectalertingRulesAdditionalLabels: {}# An array of prometheus alerting rules# See here: https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/# The `groups` root object is added by default, simply add the rule entriesalertingrules: []# Set a custom namespace where to deploy PrometheusRule resourceprometheusRuleNamespace: ""# Can be used to disable rendering controller test resources when using helm templatetestEnabled: truehttpsKeyStore:jenkinsHttpsJksSecretName: ''enable: falsehttpPort: 8081path: "/var/jenkins_keystore"fileName: "keystore.jks"password: "password"# Convert keystore.jks files content to base64 ( cat keystore.jks | base64 ) and put the output herejenkinsKeyStoreBase64Encoded: |/u3+7QAAAAIAAAABAAAAAQANamVua2luc2NpLmNvbQAAAW2r/b1ZAAAFATCCBP0wDgYKKwYBBAEqAhEBAQUABIIE6QbCqasvoHS0pSwYqSvdydMCB9t+VNfwhFIiiuAelJfO5sSe2SebJbtwHgLcRz1ZgMtWgOSFdl3bWSzA7vrW2LED52h+jXLYSWvZzuDuh8hYO85m10ikF6QR+dTi4jra0whIFDvq3pxeTnESxEsN+DvbZM3jA3qsjQJSeISNpDjO099dqQvHpnCn18lyk7J4TWJ8sOQQb1EM2zDAfAOSqA/xQuPEFl74DlY+5DIk6EBvpmWhaMSvXzWZACGA0sYqa157dq7O0AqmuLG/EI5EkHETO4CrtBW+yLcy2dUCXOMA+j+NjM1BjrQkYE5vtSfNO6lFZcISyKo5pTFlcA7ut0Fx2nZ8GhHTn32CpeWwNcZBn1gRpZVt6DxVVkhTAkMLhR4rL2wGIi/1WRs23ZOLGKtyDNvDHnQyDiQEoJGy9nAthA8aNHa3cfdF10vBDrb19vtpFHmpvKEEhpk2EBRF4fTi644Fuhu2Ied6118AlaPvEea+n6G4vBz+8RWuVCmZjLU+7h8lHy3/WdUPoIL5eW7Kz+hS+sRTFzfu9C48dMkQH3a6f3wSY+mufizNF9U298r98TnYy+PfDJK0bstGPh6yPWx8DGXKQBwrhWJWXI6JwZDeC5Ny+l8p1SypTmAjpIaSW3ge+KgcL6Wtt1R5hUV1ajVwVSUiHF/FachKqPqyLJFZTGjNrxnmNYpt8P1d5JTvJfmfr55Su/P9n7kcyWp7zMcb2Q5nlXt4tWogOHLIOzEWKCacbFfVHE+PpdrcvCVZMDzFogIq5EqGTOZe2poPpBVE+1y9mf5+TXBegy5HToLWvmfmJNTONCDuBjgLs2tdw2yMPm4YEr57PnMX5gGTC3f2ZihXCIJDCRCdQ9sVBOjIQbOCzxFXkVITo0BAZhCiYz61wt3Ud8e//zhXWCkCsSV+IZCxxPzhEFd+RFVjW0Nm9hsb2FgAhkXCjsGROgoleYgaZJWvQaAgUyBzMmKDPKTllBHyE3Gy1ehBNGPgEBChf17/9M+j8pcm1OmlM434ctWQ4qW7RU56//yq1soFY0Tefu2ei03a6m68fYuW6s7XEEK58QisJWRAvEbpwu/eyqfs7PsQ+zSgJHyk2rO95IxdMtEESb2GRuoiBs+AHNdYFTAi+GBWw9dvEgqQ0Mpv0//6bBE/Fb4d7b7f56uUNnnE7mFnjGmGQN+MvC62pfwfvJTTEkT1iZ9kjM9FprTFWXT4UmO3XTvesGeE50sV9YPm71X4DCQwc4KE8vyuwj0s6oMNAUACW2ClU9QQy0tRpaF1tzs4N42Q5zl0TzWxbCCjAtC3u6xf+c8MCGrr7DzNhm42LOQiHTa4MwX4x96q7235oiAUiQqSI/hyF5yLpWw4etyUvsx2/0/0wkuTU1FozbLoCWJEWcPS7QadMrRRISxHf0YobIeQyz34reglt1qSQ3dCU9D6AHLgX6kqllx4X0fnFq7LtfN7fA2itW26v+kAT2QFZ3qZhINGfofCja/pITC1uNAZgsJaTMcQ600krj/ynoxnjT+n1gmeqThac6/Mi3YlVeRtaxI2InL82ZuD+w/dfY9OpPssQjy3xiQajPuaMWXRxz/sS9syOoGVH7XBwKrWpQcpchozWJt40QV5DslJkclcr8aC2AGlzuJMTdEgz1eqV0+HbAXG9HRHN/0eJTn1/QAAAAEABVguNTA5AAADjzCCA4swggJzAhRGqVxH4HTLYPGO4rzHcCPeGDKnxTANBgkqhkiG9w0BAQsFADCBgTELMAkGA1UEBhMCY2ExEDAOBgNVBAgMB29udGFyaW8xEDAOBgNVBAcMB3Rvcm9udG8xFDASBgNVBAoMC2plbmtpbnN0ZXN0MRkwFwYDVQQDDBBqZW5raW5zdGVzdC5pbmZvMR0wGwYJKoZIhvcNAQkBFg50ZXN0QHRlc3QuaW5mbzAeFw0xOTEwMDgxNTI5NTVaFw0xOTExMDcxNTI5NTVaMIGBMQswCQYDVQQGEwJjYTEQMA4GA1UECAwHb250YXJpbzEQMA4GA1UEBwwHdG9yb250bzEUMBIGA1UECgwLamVua2luc3Rlc3QxGTAXBgNVBAMMEGplbmtpbnN0ZXN0LmluZm8xHTAbBgkqhkiG9w0BCQEWDnRlc3RAdGVzdC5pbmZvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA02q352JTHGvROMBhSHvSv+vnoOTDKSTz2aLQn0tYrIRqRo+8bfmMjXuhkwZPSnCpvUGNAJ+wJrt/dqMoYUjCBkjylD/qHmnXN5EwS1cMg1Djh65gi5JJLFJ7eNcoSsr/0AJ+TweIal1jJSP3t3PF9Uv21gm6xdm7HnNK66WpUUXLDTKaIs/jtagVY1bLOo9oEVeLN4nT2CYWztpMvdCyEDUzgEdDbmrPF5nKUPK5hrFqo1Dc5rUI4ZshL3Lpv398aMxv6n2adQvuL++URMEbXXBhxOrT6rCtYzbcR5fkwS9id3Br45CoWOQro02JAepoU0MQKY5+xQ4Bq9Q7tB9BAwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAe4xc+mSvKkrKBHg9/zpkWgZUiOp4ENJCi8H4tea/PCM439v6y/kfjT/okOokFvX8N5aa1OSz2Vsrlm8kjIc6hiA7bKzT6lb0EyjUShFFZ5jmGVP4S7/hviDvgB5yEQxOPpumkdRP513YnEGj/o9Pazi5h/MwpRxxazoda9r45kqQpyG+XoM4pB+Fd3JzMc4FUGxfVPxJU4jLawnJJiZ3vqiSyaB0YyUL+Er1Q6NnqtR4gEBF0ZVlQmkycFvD4EC2boP943dLqNUvop+4R3SM1QMM6P5u8iTXtHd/VN4MwMyy1wtoghYAzODo1Jt59pcqqKJEas0C/lFJEB3frw4ImNx5fNlJYOpx+ijfQs9m39CevDq0=agent:enabled: truedefaultsProviderTemplate: ""# URL for connecting to the Jenkins contollerjenkinsUrl:# connect to the specified host and port, instead of connecting directly to the Jenkins controllerjenkinsTunnel:kubernetesConnectTimeout: 5kubernetesReadTimeout: 15maxRequestsPerHostStr: "32"namespace:image: "jenkins/inbound-agent"tag: "4.11.2-4"workingDir: "/home/jenkins/agent"nodeUsageMode: "NORMAL"customJenkinsLabels: []# name of the secret to be used for image pullingimagePullSecretName:componentName: "jenkins-agent"websocket: falseprivileged: falserunAsUser:runAsGroup:resources:requests:cpu: "512m"memory: "512Mi"limits:cpu: "512m"memory: "512Mi"# You may want to change this to true while testing a new imagealwaysPullImage: false# Controls how agent pods are retained after the Jenkins build completes# Possible values: Always, Never, OnFailurepodRetention: "Never"# Disable if you do not want the Yaml the agent pod template to show up# in the job Console Output. This can be helpful for either security reasons# or simply to clean up the output to make it easier to read.showRawYaml: true# You can define the volumes that you want to mount for this container# Allowed types are: ConfigMap, EmptyDir, HostPath, Nfs, PVC, Secret# Configure the attributes as they appear in the corresponding Java class for that type# https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumesvolumes: []# - type: ConfigMap# configMapName: myconfigmap# mountPath: /var/myapp/myconfigmap# - type: EmptyDir# mountPath: /var/myapp/myemptydir# memory: false# - type: HostPath# hostPath: /var/lib/containers# mountPath: /var/myapp/myhostpath# - type: Nfs# mountPath: /var/myapp/mynfs# readOnly: false# serverAddress: "192.0.2.0"# serverPath: /var/lib/containers# - type: PVC# claimName: mypvc# mountPath: /var/myapp/mypvc# readOnly: false# - type: Secret# defaultMode: "600"# mountPath: /var/myapp/mysecret# secretName: mysecret# Pod-wide environment, these vars are visible to any container in the agent pod# You can define the workspaceVolume that you want to mount for this container# Allowed types are: DynamicPVC, EmptyDir, HostPath, Nfs, PVC# Configure the attributes as they appear in the corresponding Java class for that type# https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes/workspaceworkspaceVolume: {}## DynamicPVC example# type: DynamicPVC# configMapName: myconfigmap## EmptyDir example# type: EmptyDir# memory: false## HostPath example# type: HostPath# hostPath: /var/lib/containers## NFS example# type: Nfs# readOnly: false# serverAddress: "192.0.2.0"# serverPath: /var/lib/containers## PVC example# type: PVC# claimName: mypvc# readOnly: false## Pod-wide environment, these vars are visible to any container in the agent podenvVars: []# - name: PATH# value: /usr/local/binnodeSelector: {}# Key Value selectors. Ex:# jenkins-agent: v1# Executed command when side container gets startedcommand:args: "${computer.jnlpmac} ${computer.name}"# Side container namesideContainerName: "jnlp"# Doesn't allocate pseudo TTY by defaultTTYEnabled: false# Max number of spawned agentcontainerCap: 10# Pod namepodName: "default"# Allows the Pod to remain active for reuse until the configured number of# minutes has passed since the last step was executed on it.idleMinutes: 0# Raw yaml template for the Pod. For example this allows usage of toleration for agent pods.# https://github.com/jenkinsci/kubernetes-plugin#using-yaml-to-define-pod-templates# https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/yamlTemplate: ""# yamlTemplate: |-# apiVersion: v1# kind: Pod# spec:# tolerations:# - key: "key"# operator: "Equal"# value: "value"# Defines how the raw yaml field gets merged with yaml definitions from inherited pod templates: merge or overrideyamlMergeStrategy: "override"# Timeout in seconds for an agent to be onlineconnectTimeout: 100# Annotations to apply to the pod.annotations: {}# Disable the default Jenkins Agent configuration.# Useful when configuring agents only with the podTemplates value, since the default podTemplate populated by values mentioned above will be excluded in the rendered template.disableDefaultAgent: false# Below is the implementation of custom pod templates for the default configured kubernetes cloud.# Add a key under podTemplates for each pod template. Each key (prior to | character) is just a label, and can be any value.# Keys are only used to give the pod template a meaningful name. The only restriction is they may only contain RFC 1123 \ DNS label# characters: lowercase letters, numbers, and hyphens. Each pod template can contain multiple containers.# For this pod templates configuration to be loaded the following values must be set:# controller.JCasC.defaultConfig: true# Best reference is https://<jenkins_url>/configuration-as-code/reference#Cloud-kubernetes. The example below creates a python pod template.podTemplates: {}# python: |# - name: python# label: jenkins-python# serviceAccount: jenkins# containers:# - name: python# image: python:3# command: "/bin/sh -c"# args: "cat"# ttyEnabled: true# privileged: true# resourceRequestCpu: "400m"# resourceRequestMemory: "512Mi"# resourceLimitCpu: "1"# resourceLimitMemory: "1024Mi"# Here you can add additional agents # They inherit all values from `agent` so you only need to specify values which differ additionalAgents: {} # maven: # podName: maven # customJenkinsLabels: maven # # An example of overriding the jnlp container # # sideContainerName: jnlp # image: jenkins/jnlp-agent-maven # tag: latest # python: # podName: python # customJenkinsLabels: python # sideContainerName: python # image: python # tag: "3" # command: "/bin/sh -c" # args: "cat" # TTYEnabled: truepersistence:enabled: true## A manually managed Persistent Volume and Claim## Requires persistence.enabled: true## If defined, PVC must be created manually before volume will be boundexistingClaim:## jenkins data Persistent Volume Storage Class## If defined, storageClassName: <storageClass>## If set to "-", storageClassName: "", which disables dynamic provisioning## If undefined (the default) or set to null, no storageClassName spec is## set, choosing the default provisioner. (gp2 on AWS, standard on## GKE, AWS & OpenStack)##storageClass: jenkins-pvannotations: {}labels: {}accessMode: "ReadWriteOnce"size: "8Gi"volumes:# - name: nothing# emptyDir: {}mounts:# - mountPath: /var/nothing# name: nothing# readOnly: truenetworkPolicy:# Enable creation of NetworkPolicy resources.enabled: false# For Kubernetes v1.4, v1.5 and v1.6, use 'extensions/v1beta1'# For Kubernetes v1.7, use 'networking.k8s.io/v1'apiVersion: networking.k8s.io/v1# You can allow agents to connect from both within the cluster (from within specific/all namespaces) AND/OR from a given external IP rangeinternalAgents:allowed: truepodLabels: {}namespaceLabels: {}# project: myprojectexternalAgents: {}# ipCIDR: 172.17.0.0/16# except:# - 172.17.1.0/24## Install Default RBAC roles and bindings rbac:create: truereadSecrets: falseserviceAccount:create: false# The name of the service account is autogenerated by defaultname: jenkinsannotations: {}imagePullSecretName:serviceAccountAgent:# Specifies whether a ServiceAccount should be createdcreate: false# The name of the ServiceAccount to use.# If not set and create is true, a name is generated using the fullname templatename:annotations: {}imagePullSecretName:## Backup cronjob configuration ## Ref: https://github.com/maorfr/kube-tasks backup:# Backup must use RBAC# So by enabling backup you are enabling RBAC specific for backupenabled: false# Used for label app.kubernetes.io/componentcomponentName: "backup"# Schedule to run jobs. Must be in cron time format# Ref: https://crontab.guru/schedule: "0 2 * * *"labels: {}serviceAccount:create: truename:annotations: {}# Example for authorization to AWS S3 using kube2iam or IRSA# Can also be done using environment variables# iam.amazonaws.com/role: "jenkins"# "eks.amazonaws.com/role-arn": "arn:aws:iam::123456789012:role/jenkins-backup"# Set this to terminate the job that is running/failing continously and set the job status to "Failed"activeDeadlineSeconds: ""image:repository: "maorfr/kube-tasks"tag: "0.2.0"# Additional arguments for kube-tasks# Ref: https://github.com/maorfr/kube-tasks#simple-backupextraArgs: []# Add existingSecret for AWS credentialsexistingSecret: {}## Example for using an existing secret# jenkinsaws:## Use this key for AWS access key ID# awsaccesskey: jenkins_aws_access_key## Use this key for AWS secret access key# awssecretkey: jenkins_aws_secret_key# Add additional environment variables# jenkinsgcp:## Use this key for GCP credentials# gcpcredentials: credentials.jsonenv: []# Example environment variable required for AWS credentials chain# - name: "AWS_REGION"# value: "us-east-1"resources:requests:memory: 1Gicpu: 1limits:memory: 1Gicpu: 1# Destination to store the backup artifacts# Supported cloud storage services: AWS S3, Minio S3, Azure Blob Storage, Google Cloud Storage# Additional support can added. Visit this repository for details# Ref: https://github.com/maorfr/skbndestination: "s3://jenkins-data/backup"# By enabling only the jenkins_home/jobs folder gets backed up, not the whole jenkins instanceonlyJobs: false# Enable backup pod security context (must be `true` if runAsUser or fsGroup are set)usePodSecurityContext: true# When setting runAsUser to a different value than 0 also set fsGroup to the same value:runAsUser: 1000fsGroup: 1000securityContextCapabilities: {}# drop:# - NET_RAW checkDeprecation: trueawsSecurityGroupPolicies:enabled: falsepolicies:- name: ""securityGroupIds: []podSelector: {} chart=jenkinsci/jenkins (base) xiaoyu@localhost jenkinss-pv % helm install jenkins -n jenkins -f jenkins-values.yaml $chartNAME: jenkinsLAST DEPLOYED: Thu Apr 28 09:52:04 2022NAMESPACE: jenkinsSTATUS: deployedREVISION: 1NOTES:1. Get your 'admin' user password by running: kubectl exec --namespace jenkins -it svc/jenkins -c jenkins -- /bin/cat /run/secrets/chart-admin-password && echo2. Get the Jenkins URL to visit by running these commands in the same shell: echo http://127.0.0.1:8080 kubectl --namespace jenkins port-forward svc/jenkins 8080:80803. Login with the password from step 1 and the username: admin4. Configure security realm and authorization strategy5. Use Jenkins Configuration as Code by specifying configScripts in your values.yaml file, see documentation: http:///configuration-as-code and examples: https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demosFor more information on running Jenkins on Kubernetes, visit:https://cloud.google.com/solutions/jenkins-on-container-engineFor more information about Jenkins Configuration as Code, visit:https://jenkins.io/projects/jcasc/NOTE: Consider using a custom image with pre-installed plugins

上面已經(jīng)提示部署完成了，接下來獲取初始密碼。

(base) xiaoyu@localhost jenkinss-pv % jsonpath="{.data.jenkins-admin-password}"(base) xiaoyu@localhost jenkinss-pv % secret=$(kubectl get secret -n jenkins jenkins -o jsonpath=$jsonpath)(base) xiaoyu@localhost jenkinss-pv % echo $(echo $secret | base64 --decode)By8cnPs8g8s1vO4MgCYRIw

得到初始密碼之后，獲取jenkins的URL。

(base) xiaoyu@localhost jenkinss-pv % jsonpath="{.spec.ports[0].nodePort}"(base) xiaoyu@localhost jenkinss-pv % NODE_PORT=$(kubectl get -n jenkins -o jsonpath=$jsonpath services jenkins)(base) xiaoyu@localhost jenkinss-pv % jsonpath="{.items[0].status.addresses[0].address}"(base) xiaoyu@localhost jenkinss-pv % NODE_IP=$(kubectl get nodes -n jenkins -o jsonpath=$jsonpath)(base) xiaoyu@localhost jenkinss-pv % echo http://$NODE_IP:$NODE_PORT/loginhttp://192.168.64.3:/login

獲取jenkins的pod信息。

(base) xiaoyu@localhost jenkinss-pv % kubectl get pods -n jenkinsNAME READY STATUS RESTARTS AGEjenkins-0 2/2 Running 0 4h52m

同樣配置在控制面板中我們也可以看到，注意切換命名空間。

配置接口轉(zhuǎn)發(fā)。

(base) xiaoyu@localhost jenkinss-pv % kubectl -n jenkins port-forward jenkins-0 8080:8080Forwarding from 127.0.0.1:8080 -> 8080Forwarding from [::1]:8080 -> 8080

這樣就可以訪問到了，用戶名admin，密碼對應(yīng)上面的查到的密碼。

六、總結(jié)

本文介紹了兩種jenkins的部署方式，其中基于k8s的部署方式是重點(diǎn)，后續(xù)的jenkins的實(shí)踐也是基于在k8s上展開的。

總結(jié)

以上是生活随笔為你收集整理的【Jenkins】Jenkins在CentOS和k8s(minikube)上的部署记录的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。