常见命名空间
apiVersion: v1
kind: Namespace
metadata:
name: kube-ops
创建存储pv pvc
apiVersion: v1
kind: PersistentVolume
metadata:
name: opspv
labels:
name: opspv
spec:
nfs:
path: /storage
server: 192.168.1.132
accessModes: ["ReadWriteMany"]
capacity:
storage: 2Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: opspvc
namespace: kube-ops
spec:
accessModes: ["ReadWriteMany"]
resources:
requests:
storage: 2G
创建rbac授权
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
namespace: kube-ops
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: jenkins
rules:
- apiGroups: ["extensions", "apps"]
resources: ["deployments"]
verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
- apiGroups: [""]
resources: ["services"]
verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: jenkins
namespace: kube-ops
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
namespace: kube-ops
创建service
kind: Service
apiVersion: v1
metadata:
labels:
app: jenkins
name: jenkins
namespace: kube-ops
spec:
type: NodePort
ports:
- port: 8080
name: web
targetPort: 30002
- port: 50000
name: agent
targetPort: 50000
#targetPort: agent
selector:
app: jenkins
创建deployment
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: jenkins #deployment名称
namespace: abcdocker #命名空间
spec:
template:
metadata:
labels:
app: jenkins
spec:
terminationGracePeriodSeconds: 10 #优雅停止pod
serviceAccount: jenkins #jenkins认证,后面还需要创建服务账户
containers:
- name: jenkins
image: jenkins/jenkins:lts #镜像版本
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080 #外部访问端口
name: web
protocol: TCP
- containerPort: 50000 #jenkins save发现端口
name: agent
protocol: TCP
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 500m
memory: 512Mi
livenessProbe:
httpGet:
path: /login
port: 8080
initialDelaySeconds: 60 #容器初始化完成后,等待60秒进行探针检查
timeoutSeconds: 5
failureThreshold: 12 #当Pod成功启动且检查失败时,Kubernetes将在放弃之前尝试failureThreshold次。放弃生存检查意味着重新启动Pod。而放弃就绪检查,Pod将被标记为未就绪。默认为3.最小值为1
readinessProbe:
httpGet:
path: /login
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 5
failureThreshold: 12
volumeMounts: #需要将jenkins_home目录挂载出来
- name: jenkinshome
subPath: jenkins
mountPath: /var/jenkins_home
env:
- name: LIMITS_MEMORY
valueFrom:
resourceFieldRef:
resource: limits.memory
divisor: 1Mi
- name: JAVA_OPTS
value: -Xmx$(LIMITS_MEMORY)m -XshowSettings:vm -Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85 -Duser.timezone=Asia/Shanghai
securityContext:
fsGroup: 1000
volumes:
- name: jenkinshome
persistentVolumeClaim:
claimName: opspvc #这里将上面创建的pv关联到pvc上
#这里不进行创建