k8s部署jenkins和Pod始终为pending状态“persistentvolume-controller no persistent volumes available.....”解决办法
2024-05-07 15:23:04
文章目录
- 眼因多流泪而愈益清明,心因饱经风霜而愈益温厚
- 部署jenkins到k8s集群
- 1.部署持久存储卷
- 2.部署jenkins
- 报错分析
- 3.配置 Jenkins kubernetes 插件
眼因多流泪而愈益清明,心因饱经风霜而愈益温厚
首先说一下为什么在学习K8s的时候要学习Jenkins这个知识点,首先看图:
传统的CI/CD:
CI/CD的最终目的是减少人工干预,增加可管理性
非容器化CI/CD:
容器化的CI/CD
容器化可以保持环境的高度一致性,镜像可以部署到任何环境中
jenkins与k8s的CI/CD
jenkins会调用k8s的api接口(所以会有jenkins配置k8s的网络接口的操作),创建一个Pod(Pod具体会完成git→jenkins→maven)拉取代码,构建推送,都是在这个Pod中完成的,当任务完成时,它便会自动释放销毁。
部署jenkins到k8s集群
1.部署持久存储卷
这里说明一点,之前的文章中有使用kubeadm方式部署集群的步骤,这里使用的还是那个环境,一台master,两台node。
master:192.168.26.10
node1:192.168.26.11
node2:192.168.26.12
NFS的安装
我这里是用NODE1提供NFS服务,生产环境要独立,在node1上操作。
# yum -y install nfs-utils rpcbind
这里是做多个NFS目录用于挂载,因为一个PVC取消一个PV的绑定之后,原来的PV还是不能被其他PVC使用的
# mkdir /data/{nfs1,nfs2,nfs3,nfs4,nfs5,nfs6,nfs7,nfs8,nfs9,nfs10} -pv && chmod 777 /data/nfs*
# vim /etc/exports
/data/nfs1 */24(rw,async,insecure,anonuid=1000,anongid=1000,no_root_squash)
/data/nfs2 *(rw,async,insecure,anonuid=1000,anongid=1000,no_root_squash)
/data/nfs3 *(rw,async,insecure,anonuid=1000,anongid=1000,no_root_squash)
/data/nfs4 *(rw,async,insecure,anonuid=1000,anongid=1000,no_root_squash)
/data/nfs5 *(rw,async,insecure,anonuid=1000,anongid=1000,no_root_squash)
/data/nfs6 *(rw,async,insecure,anonuid=1000,anongid=1000,no_root_squash)
/data/nfs7 *(rw,async,insecure,anonuid=1000,anongid=1000,no_root_squash)
/data/nfs8 *(rw,async,insecure,anonuid=1000,anongid=1000,no_root_squash)
/data/nfs9 *(rw,async,insecure,anonuid=1000,anongid=1000,no_root_squash)
/data/nfs10 *(rw,async,insecure,anonuid=1000,anongid=1000,no_root_squash)
设置NFS
# exportfs -rv
# systemctl enable rpcbind nfs-server
# systemctl start nfs-server rpcbind
# rpcinfo -p
持久卷的运用
可以使用下面的explain子命令去查看学习pv的使用方法,这里不是要大家操作的,这些命令直接回车会看到帮助
#kubectl explain PersistentVolume
#kubectl explain PersistentVolume.spec
#kubectl explain PersistentVolume.spec.accessModes
在master节点使用YAML文件创建PV(声明一点,pv属于集群资源,不属于任何命名空间,因为笔者这里的集群已经做了名称解析,所以这里的【server】字段使用的是node1)
# cat nfs-pv.yaml //内容在子目录
apiVersion: v1
kind: PersistentVolume
metadata:name: pv001labels:name: pv001
spec:nfs:path: /data/nfs1server: node1accessModes: ["ReadWriteMany","ReadWriteOnce"]capacity:storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:name: pv002labels:name: pv002
spec:nfs:path: /data/nfs2server: node1accessModes: ["ReadWriteMany","ReadWriteOnce"]capacity:storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:name: pv003labels:name: pv003
spec:nfs:path: /data/nfs3server: node1accessModes: ["ReadWriteMany","ReadWriteOnce"]capacity:storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:name: pv004labels:name: pv004
spec:nfs:path: /data/nfs4server: node1accessModes: ["ReadWriteMany","ReadWriteOnce"]capacity:storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:name: pv005labels:name: pv005
spec:nfs:path: /data/nfs5server: node1accessModes: ["ReadWriteMany","ReadWriteOnce"]capacity:storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:name: pv006labels:name: pv006
spec:nfs:path: /data/nfs6server: node1accessModes: ["ReadWriteMany","ReadWriteOnce"]capacity:storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:name: pv007labels:name: pv007
spec:nfs:path: /data/nfs7server: node1accessModes: ["ReadWriteMany","ReadWriteOnce"]capacity:storage: 2Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:name: pv008labels:name: pv008
spec:nfs:path: /data/nfs8server: node1accessModes: ["ReadWriteMany","ReadWriteOnce"]capacity:storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:name: pv009labels:name: pv009
spec:nfs:path: /data/nfs9server: node1accessModes: ["ReadWriteMany","ReadWriteOnce"]capacity:storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:name: pv010labels:name: pv010
spec:nfs:path: /data/nfs10server: node1accessModes: ["ReadWriteMany","ReadWriteOnce"]capacity:storage: 1Gi
创建与查看pv
[root@master volume]# kubectl apply -f nfs-pv.yaml --record
persistentvolume/pv001 created
persistentvolume/pv002 created
persistentvolume/pv003 created
persistentvolume/pv004 created
persistentvolume/pv005 created
persistentvolume/pv006 created
persistentvolume/pv007 created
persistentvolume/pv008 created
persistentvolume/pv009 created
persistentvolume/pv010 created[root@master volume]# kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
pv001 1Gi RWO,RWX Retain Available 16s
pv002 1Gi RWO,RWX Retain Available 16s
pv003 1Gi RWO,RWX Retain Available 16s
pv004 1Gi RWO,RWX Retain Available 16s
pv005 1Gi RWO,RWX Retain Available 16s
pv006 1Gi RWO,RWX Retain Available 16s
pv007 2Gi RWO,RWX Retain Available 16s
pv008 1Gi RWO,RWX Retain Available 16s
pv009 1Gi RWO,RWX Retain Available 16s
pv010 1Gi RWO,RWX Retain Available 16s
#############################################
注意:下面的步骤不用操作
创建pvc的YAML文件(此处需要注意,如果按照步骤搭建后,Pod一直处于pending状态,请将下面的accessModes: [“ReadWriteMany”]字段修改为accessModes: [“ReadWriteOnce”])
# cat volume/nfs-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: mypvcnamespace: default
spec:accessModes: ["ReadWriteMany"]resources:requests:storage: 2Gi
创建与查看pvc
[root@master volume]# kubectl apply -f nfs-pvc.yaml --record
persistentvolumeclaim/mypvc created
[root@master volume]# kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
mypvc Bound pv007 2Gi RWO,RWX 5s
#############################################################
2.部署jenkins
创建nginx代理
[root@master /]# cat mandatory.yaml
apiVersion: v1
kind: Namespace
metadata:name: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx---kind: ConfigMap
apiVersion: v1
metadata:name: nginx-configurationnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx---
kind: ConfigMap
apiVersion: v1
metadata:name: tcp-servicesnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx---
kind: ConfigMap
apiVersion: v1
metadata:name: udp-servicesnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx---
apiVersion: v1
kind: ServiceAccount
metadata:name: nginx-ingress-serviceaccountnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:name: nginx-ingress-clusterrolelabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
rules:- apiGroups:- ""resources:- configmaps- endpoints- nodes- pods- secretsverbs:- list- watch- apiGroups:- ""resources:- nodesverbs:- get- apiGroups:- ""resources:- servicesverbs:- get- list- watch- apiGroups:- "extensions"resources:- ingressesverbs:- get- list- watch- apiGroups:- ""resources:- eventsverbs:- create- patch- apiGroups:- "extensions"resources:- ingresses/statusverbs:- update---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:name: nginx-ingress-rolenamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
rules:- apiGroups:- ""resources:- configmaps- pods- secrets- namespacesverbs:- get- apiGroups:- ""resources:- configmapsresourceNames:# Defaults to "<election-id>-<ingress-class>"# Here: "<ingress-controller-leader>-<nginx>"# This has to be adapted if you change either parameter# when launching the nginx-ingress-controller.- "ingress-controller-leader-nginx"verbs:- get- update- apiGroups:- ""resources:- configmapsverbs:- create- apiGroups:- ""resources:- endpointsverbs:- get---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:name: nginx-ingress-role-nisa-bindingnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: nginx-ingress-role
subjects:- kind: ServiceAccountname: nginx-ingress-serviceaccountnamespace: ingress-nginx---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:name: nginx-ingress-clusterrole-nisa-bindinglabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: nginx-ingress-clusterrole
subjects:- kind: ServiceAccountname: nginx-ingress-serviceaccountnamespace: ingress-nginx---apiVersion: apps/v1
kind: Deployment
metadata:name: nginx-ingress-controllernamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
spec:replicas: 1selector:matchLabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginxtemplate:metadata:labels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginxannotations:prometheus.io/port: "10254"prometheus.io/scrape: "true"spec:serviceAccountName: nginx-ingress-serviceaccountcontainers:- name: nginx-ingress-controllerimage: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.24.1args:- /nginx-ingress-controller- --configmap=$(POD_NAMESPACE)/nginx-configuration- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services- --udp-services-configmap=$(POD_NAMESPACE)/udp-services- --publish-service=$(POD_NAMESPACE)/ingress-nginx- --annotations-prefix=nginx.ingress.kubernetes.iosecurityContext:allowPrivilegeEscalation: truecapabilities:drop:- ALLadd:- NET_BIND_SERVICE# www-data -> 33runAsUser: 33env:- name: POD_NAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespaceports:- name: httpcontainerPort: 80- name: httpscontainerPort: 443livenessProbe:failureThreshold: 3httpGet:path: /healthzport: 10254scheme: HTTPinitialDelaySeconds: 10periodSeconds: 10successThreshold: 1timeoutSeconds: 10readinessProbe:failureThreshold: 3httpGet:path: /healthzport: 10254scheme: HTTPperiodSeconds: 10successThreshold: 1timeoutSeconds: 10---
根据yaml文件创建
[root@master /]# kubectl apply -f mandatory.yaml # kubectl get pods -n ingress-nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-ingress-controller-689498bc7c-xmf8j 1/1 Running 0 9s 10.244.2.226 node2 <none> <none>
创建jenkins的Statefulset(部署jenkins的yaml文件,statefulset中已经定义了pvc的字段,所以它会自动创建pvc,上面的步骤中使用YAML文件创建pvc的步骤应该跳过。)
# cat stateful/jenkins.yaml
#定义命名空间进行隔离
apiVersion: v1
kind: Namespace
metadata:name: jenkins---
#service用于服务暴露
apiVersion: v1
kind: Service
metadata:name: jenkinsnamespace: jenkins
spec:selector:app: jenkinsports:- name: httpport: 80targetPort: 8080protocol: TCP- name: agentport: 50000protocol: TCP---
#ingress用于将不同的URL的访问请求转发到后端不同的Service
apiVersion: extensions/v1beta1
kind: Ingress
metadata:name: jenkinsnamespace: jenkinsannotations:kubernetes.io/ingress.class: "nginx"ingress.kubernetes.io/ssl-redirect: "false"ingress.kubernetes.io/proxy-body-size: 50mingress.kubernetes.io/proxy-request-buffering: "off"nginx.ingress.kubernetes.io/ssl-redirect: "false"nginx.ingress.kubernetes.io/proxy-body-size: 50mnginx.ingress.kubernetes.io/proxy-request-buffering: "off"
spec:rules:- http:paths:- path: /jenkinsbackend:serviceName: jenkinsservicePort: 80---
#state用于创建稳定有唯一标识的Pod,这里的配置是Jenkins的核心配置
apiVersion: apps/v1beta2
kind: StatefulSet
metadata:name: jenkinsnamespace: jenkins
spec: #pod核心配置selector:matchLabels: #匹配标签app: jenkinsserviceName: jenkinsreplicas: 1updateStrategy: #更新策略type: RollingUpdate #滚动更新template: #模板metadata: #元数据labels:app: jenkinsspec:terminationGracePeriodSeconds: 10 #终止宽限期秒containers:- name: jenkinsimage: jenkins/jenkins:lts-alpineimagePullPolicy: Always #镜像下载策略ports:- containerPort: 8080- containerPort: 50000resources: #资源配置项limits:cpu: 1memory: 1Girequests:cpu: 0.5memory: 500Mienv: #容器运行前配置的环境变量列表- name: JENKINS_OPTSvalue: --prefix=/jenkins- name: LIMITS_MEMORYvalueFrom:resourceFieldRef: #资源领域判断(资源占用标准)resource: limits.memory #内存资源边界divisor: 1Mi- name: JAVA_OPTSvalue: -Xmx$(LIMITS_MEMORY)m -XshowSettings:vm -Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85volumeMounts: #逻辑卷挂载项- name: jenkins-homemountPath: /var/jenkins_homelivenessProbe: #存活性探针httpGet:path: /jenkins/loginport: 8080initialDelaySeconds: 60 #初始探测时间timeoutSeconds: 5 failureThreshold: 12 # ~2 minutesreadinessProbe: #服务可用性探针httpGet:path: /jenkins/loginport: 8080initialDelaySeconds: 60timeoutSeconds: 5failureThreshold: 12 # ~2 minutessecurityContext: #安全上下文 fsGroup: 1000volumeClaimTemplates: #存储卷体积(大小)要求,使用volumeclaim定义pvc模板- metadata:name: jenkins-homespec:accessModes: [ "ReadWriteOnce" ] #存储方式为读写一次性resources:requests:storage: 2Gi
下面就是创建与检查集群状态的操作
# kubectl apply -f jenkins.yaml --record
namespace/jenkins created
service/jenkins created
ingress.extensions/jenkins created
statefulset.apps/jenkins created
# kubectl get pods -n jenkins
NAME READY STATUS RESTARTS AGE
jenkins-0 0/1 Running 0 28s等一下再次查看:
# kubectl get pods -n jenkins
NAME READY STATUS RESTARTS AGE
jenkins-0 1/1 Running 0 7m55s
报错分析
这里读者可以参考这篇文档中使用Stateflset的使用事项:
https://www.cnblogs.com/wn1m/p/11289079.html
注意:
在这里jenkins-0的状态会如果显示为pending状态,说明pvc没有与pv进行绑定,如果系统中没有满足pvc要求的pv,pvc会一直无限期处于pending状态。直到系统管理员创建了一个符合要求的pv。pv一旦绑定到某个pvc上,就会被这个pvc独占,不能在与其他的pvc进行绑定了。
statefulset创建后,这些 PVC,都以"<PVC 名字 >-<StatefulSet 名字 >-< 编号 >"的方式命名,并且处于 Bound 状态。
这时查看pvc 的详细信息会显示:没有可用于此声明的持久卷,并且未设置任何存储类
如下所示
[root@master edu-kubernetes]# kubectl describe pvc
Name: mypvc
Namespace: default
StorageClass:
Status: Pending
Volume:
Labels: <none>
Annotations: kubectl.kubernetes.io/last-applied-configuration:{"apiVersion":"v1","kind":"PersistentVolumeClaim","metadata":{"annotations":{},"name":"mypvc","namespace":"default"},"spec":{"accessModes"...
Finalizers: [kubernetes.io/pvc-protection]
Capacity:
Access Modes:
VolumeMode: Filesystem
Mounted By: <none>
Events:Type Reason Age From Message---- ------ ---- ---- -------Normal FailedBinding 5s (x3 over 35s) persistentvolume-controller no persistent volumes available for this claim and no storage class is set
如果上述Pod的状态为Runing,则可以进行以下步骤。
# kubectl get pvc -n jenkins
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
jenkins-home-jenkins-0 Bound pv007 2Gi RWO,RWX 50s# kubectl get ingress -n jenkins
NAME HOSTS ADDRESS PORTS AGE
jenkins * 80 84s[root@master /]# cat service-nodeport.yaml
apiVersion: v1
kind: Service
metadata:name: ingress-nginxnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
spec:type: NodePortports:- name: httpport: 80targetPort: 80nodePort: 30080protocol: TCP- name: httpsport: 443targetPort: 443nodePort: 30043protocol: TCPselector:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx---# kubectl apply -f service-nodeport.yaml
service/ingress-nginx created# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx NodePort 10.111.117.150 <none> 80:30080/TCP,443:30043/TCP 40s# curl http://Node:Port/jenkins# kubectl get pods -n ingress-nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-ingress-controller-689498bc7c-xmf8j 1/1 Running 0 7m34s 10.244.2.226 node2 <none> <none>
浏览器访问jenkins:http://node1:30080/jenkins
查询管理员密码:
[root@master /]# kubectl get pods -n jenkins
NAME READY STATUS RESTARTS AGE
jenkins-0 1/1 Running 0 131m[root@master /]# kubectl exec -it jenkins-0 cat /var/jenkins_home/secrets/initialAdminPassword -n jenkins
82841678e8f845edbdf45c579cf9eb55
输入查询出来的管理员密码到JENKINS界面上:
到此部署JENKINS到K8S完成,但是没有添加RBAC权限,下一步配置JENKINS支持K8S中完成
3.配置 Jenkins kubernetes 插件
添加 BlueOcean 插件
添加 Kubernetes 插件,单击测试,应该会报:禁止类的错误
系统管理–>系统设置:
在最后新增一个云
选择:Kubernetes
查询Kubernetes地址
[root@master stateful]# kubectl cluster-info
Kubernetes master is running at https://192.168.1.200:6443
KubeDNS is running at https://192.168.1.205:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
为 jenkins 插件 kubernetes 配置 ServiceAccounts
~# cat serviceaccount/jenkins.yml //见下图解释,在原来stateful/jenkins.yml的基础上加了sa和rbac
apiVersion: v1
kind: Namespace
metadata:name: jenkins---apiVersion: v1
kind: Namespace
metadata:name: build---apiVersion: v1
kind: ServiceAccount
metadata:name: jenkinsnamespace: jenkins---kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:name: jenkinsnamespace: build
rules:
- apiGroups: [""]resources: ["pods", "pods/exec", "pods/log"]verbs: ["*"]
- apiGroups: [""]resources: ["secrets"]verbs: ["get"]---apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:name: jenkinsnamespace: build
roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: jenkins
subjects:
- kind: ServiceAccountname: jenkinsnamespace: jenkins---apiVersion: v1
kind: Service
metadata:name: jenkinsnamespace: jenkins
spec:selector:app: jenkinsports:- name: httpport: 80targetPort: 8080protocol: TCP- name: agentport: 50000protocol: TCP---apiVersion: extensions/v1beta1
kind: Ingress
metadata:name: jenkinsnamespace: jenkinsannotations:kubernetes.io/ingress.class: "nginx"ingress.kubernetes.io/ssl-redirect: "false"ingress.kubernetes.io/proxy-body-size: 50mingress.kubernetes.io/proxy-request-buffering: "off"nginx.ingress.kubernetes.io/ssl-redirect: "false"nginx.ingress.kubernetes.io/proxy-body-size: 50mnginx.ingress.kubernetes.io/proxy-request-buffering: "off"
spec:rules:- http:paths:- path: /jenkinsbackend:serviceName: jenkinsservicePort: 80---apiVersion: apps/v1beta2
kind: StatefulSet
metadata:name: jenkinsnamespace: jenkins
spec:selector:matchLabels:app: jenkinsserviceName: jenkinsreplicas: 1updateStrategy:type: RollingUpdatetemplate:metadata:labels:app: jenkinsspec:terminationGracePeriodSeconds: 10serviceAccountName: jenkinscontainers:- name: jenkinsimage: jenkins/jenkins:lts-alpineimagePullPolicy: Alwaysports:- containerPort: 8080- containerPort: 50000resources:limits:cpu: 1memory: 1Girequests:cpu: 0.5memory: 500Mienv:- name: JENKINS_OPTSvalue: --prefix=/jenkins- name: LIMITS_MEMORYvalueFrom:resourceFieldRef:resource: limits.memorydivisor: 1Mi- name: JAVA_OPTSvalue: -Xmx$(LIMITS_MEMORY)m -XshowSettings:vm -Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85volumeMounts:- name: jenkins-homemountPath: /var/jenkins_homelivenessProbe:httpGet:path: /jenkins/loginport: 8080initialDelaySeconds: 60timeoutSeconds: 5failureThreshold: 12 # ~2 minutesreadinessProbe:httpGet:path: /jenkins/loginport: 8080initialDelaySeconds: 60timeoutSeconds: 5failureThreshold: 12 # ~2 minutessecurityContext:fsGroup: 1000volumeClaimTemplates:- metadata:name: jenkins-homespec:accessModes: [ "ReadWriteOnce" ]resources:requests:storage: 2Gi
创建了第二个命名空间 build 和 jenkins命名空间中的ServiceAccount jenkins。
创建了一个 角色和提供构建中所需权限的角色绑定 build 名称空间。
将角色绑定到jenkins命名空间中的 ServiceAccount。
因此,Jenkins应该能够在构建中创建豆荚,但是它不能在自己的命名空间Jenkins中做任何事情。这样就可以相对安全地保证构建中的问题不会影响Jenkins。如果我们为这两个名称空间指定了resourcequota和 LimitRanges,那么解决方案将更加可靠。
# kubectl apply -f serviceaccount/jenkins.yml --record
namespace/jenkins unchanged
namespace/build created
serviceaccount/jenkins created
role.rbac.authorization.k8s.io/jenkins created
rolebinding.rbac.authorization.k8s.io/jenkins created
service/jenkins unchanged
ingress.extensions/jenkins unchanged
statefulset.apps/jenkins configured# kubectl -n jenkins rollout status sts jenkins
Waiting for 1 pods to be ready...
statefulset rolling update complete 1 pods at revision jenkins-5d6c46d5d...
注:
sts是statefuset的简写
浏览器打开:http://node2:30080/jenkins
获取密码
因为需要重新登陆,我之前没有记住密码
# kubectl -n jenkins exec jenkins-0 -it -- cat /var/jenkins_home/secrets/initialAdminPassword
继续前面的添加云的操作:
这次填写命名空间并点击连接测试
填写JNLP地址:
当我们创建一个使用Kubernetes Pods的作业时,将添加一个额外的容器。该容器将使用JNLP与 jenkins master通信。
需要指定一个有效的地址JNLP可以用来连接到主机。因为pod将在build命名空间中,而主pod是 jenkins ,因此需要使用更长的DNS名称,它指定服务的名称(jenkins)和名称空间(jenkins)。最重要的是,主配置为使用根路径 /jenkins 响应请求。
总之,完整的地址豆荚可以用来与Jenkins master通信,它应该是 http://[SERVICE_NAME].[NAMESPACE]/[PATH] 。
因为这三个元素都是 jenkins,所以"真实"地址是 http://jenkins.jenkins/jenkins 。
请在Jenkins URL字段中键入它并单击Save按钮。
到此配置完成
=======================
k8s部署jenkins和Pod始终为pending状态“persistentvolume-controller no persistent volumes available.....”解决办法相关推荐
- K8S集群中Pod资源处于Pending状态排查思路
K8S集群中Pod资源处于Pending状态排查思路 文章目录 K8S集群中Pod资源处于Pending状态排查思路 1.Pod资源处于Pending状态的原因 2.Pod资源处于Pending状态的 ...
- K8S集群中Pod资源处于CrashLoopBackOff状态排查思路
K8S集群中Pod资源处于CrashLoopBackOff状态排查思路 文章目录 K8S集群中Pod资源处于CrashLoopBackOff状态排查思路 1.Pod资源处于CrashLoopBackO ...
- Jenkins+k8s部署Jenkins slave
一.构建镜像 下载基础镜像,这里使用openvz的包,下载centos7的镜像 1.1 下载镜像后导入到本地 JENKINS VERSION为: 2.222.4 ------------------- ...
- postfix 部署ssl后还是25_宝塔面板的邮局管理器Postfix无法启动解决办法
今天群里有童鞋的宝塔邮局管理器的Postfix无法启动,所以这篇文章就来水这个,如果碰到Postfix无法启动的问题,可以参考本教程~~ 1.宝塔邮局管理器 说实话,这玩意自己用用足够了,而且配置简单 ...
- 安装kubeflow过程中minio和mysql Pod一直是pending状态
问题如图 查看详细 kubectl -n kubeflow describe pod minio-d56488484-5drv8 发现pvc没有绑定 解决: 查看pvc kubectl -n kube ...
- 显示文件已在其他地方打开,文件始终删不掉怎么办【简单安全高效的解决办法!】
问题: 显示文件已在其他地方打开,可是发现没打开啥相关程序啊,文件始终删不掉怎么办?重启电脑后再删除也没用咋办?更改操作改文件的权限后还是无法删除咋办? 解决: 1,将该文件重命名(随便命名) 2,重 ...
- K8s 部署java项目
K8s 部署jenkins项目 创建目录 [root@master ~]# tree /java/ /java/ ├── dockerfile └── files├── apache-tomcat-9 ...
- k8s+kubeedge+sedna安装全套流程+避坑指南+解决办法
最近在学习边缘计算要用到kubeedge,安装了好多次总会遇到各种各样的问题,因此在这里一一列出,以方便下次安装.则里面可能出错的地方太多,如果有问题,请私信联系. 一.环境准备 节点 IP 环境 软 ...
- k8s部署jar包_学习K8S之路.6--- 在K8S中部署Jenkins,并使用Jenkins打包jar包
一:部署jenkins jenkins官网:https://jenkins.io/download/ jenkins镜像:https://hub.docker.com/r/jenkins/jenkin ...
最新文章
- Vmo前端数据模型设计
- mapreduce程序输出评分8.6分以上的书名和评分_如何选编程入门资料?光评分高怎么够|文末赠书...
- 程序步骤_小程序平台搭建步骤是什么?
- efcore调用函数_EF Core 3.1 执行sql语句的几种方法
- android 百度地图大头针,百度地图(大头针)
- Servlet自动刷新页面
- sqoop-1.4.7安装
- 百度地图实战Android开发视频教程
- sass(css) 分层构架
- php 将中文字符转英文字母_php 中英文语言转换类
- 关于GL中uniform类型sampler系列变量的值的设定
- 学习笔记——Kaggle_Digit Recognizer (朴素贝叶斯 Python实现)
- JavaScript之DOM(中)
- OneNote桌面版与UWP版避免自动切换字体的方案
- 利用Python进行数据分析之金融数据的统计分析
- OLA/SOLA/WSOLA语音重叠相加算法分析
- 尚硅谷前端-京东左侧导航栏及网易新闻列表练习——CSS
- laravel5 timestamp
- java并发编程实战wwj----------第三阶段-------------CompletableFuture---------------56-59
- 图像降噪python