容器化部署Jenkins

发表于 | 更新于: | 分类于 | 阅读次数:
字数统计: 1.2k

说明

  • 基于容器来快速部署Jenkins
  • jenkins版本使用LTS
  • jenkins版本说明
    • LTS(长期支持):每12周从常规版本流中选择,作为该时间段的稳定版本。 每隔 4 周,我们会发布稳定版本,其中包括错误和安全修复反向移植。
    • Weekly(定期发布):每周都会发布一个新版本,为用户和插件开发人员提供错误修复和功能。
  • jenkins官方镜像默认不带任何插件,启动的时候设置向导默认会下载最新的,可能跟LTS版本不兼容
  • jenkins插件配置方法仅限于当前时间点,后面有变更可能会不适用
  • 由于需要使用宿主机的Docker程序,因此容器运行的用户设置为root
  • 通过传入JAVA_OPTSJENKINS_OPTS设置以下内容
    • 跳过初始化启动时的设置向导,跳过设置向导的话,jenkins会关闭安全功能,匿名用户可以做任何事,建议部署后打开安全功能
    • 修改默认update.json地址
    • 监听地址和监听端口

列出jenkins已安装的插件

1
2
3
4
Jenkins.instance.pluginManager.plugins.each{
  plugin -> 
    println ("${plugin.getShortName()}:${plugin.getVersion()}")
}

install-plugins.sh脚本说明

1
2
3
4
5
6
7
8
9
10
11
12
# Environment variables:
# REF: directory with preinstalled plugins. Default: /usr/share/jenkins/ref/plugins
# JENKINS_WAR: full path to the jenkins.war. Default: /usr/share/jenkins/jenkins.war
# JENKINS_UC: url of the Update Center. Default: ""
# JENKINS_UC_EXPERIMENTAL: url of the Experimental Update Center for experimental versions of plugins. Default: ""
# JENKINS_INCREMENTALS_REPO_MIRROR: url of the incrementals repo mirror. Default: ""
# JENKINS_UC_DOWNLOAD: download url of the Update Center. Default: JENKINS_UC/download
# CURL_OPTIONS When downloading the plugins with curl. Curl options. Default: -sSfL
# CURL_CONNECTION_TIMEOUT When downloading the plugins with curl. <seconds> Maximum time allowed for connection. Default: 20
# CURL_RETRY When downloading the plugins with curl. Retry request if transient problems occur. Default: 3
# CURL_RETRY_DELAY When downloading the plugins with curl. <seconds> Wait time between retries. Default: 0
# CURL_RETRY_MAX_TIME When downloading the plugins with curl. <seconds> Retry only within this period. Default: 60
  • 这里基本只需要声明JENKINS_UCJENKINS_UC_DOWNLOAD这两个环境变量即可
1
2
export JENKINS_UC='https://mirrors.huaweicloud.com' \
       JENKINS_UC_DOWNLOAD='https://mirrors.huaweicloud.com/jenkins'
  • 如果是用来覆盖当前环境的jenkins插件,可以声明REF变量
1
export REF="${JENKINS_HOME}"
  • 然后就是安装插件了
1
install-plugins.sh localization-zh-cn:1.0.17 git:latest

创建容器镜像

Dockerfile

  • 指定环境变量,指向jenkins国内镜像源(这里用的华为云)
  • 关于插件安装脚本说明,请看Preinstalling plugins
  • 这里演示安装jenkins中文社区的插件和git插件
  • 下载的插件会默认放在/usr/share/jenkins/ref/plugins
1
2
3
4
5
6
7
8
FROM jenkins/jenkins:lts
ENV \
    JENKINS_UC='https://mirrors.huaweicloud.com' \
    JENKINS_UC_DOWNLOAD='https://mirrors.huaweicloud.com/jenkins'
RUN \
    /usr/local/bin/install-plugins.sh \
    localization-zh-cn:1.0.17 \
    git:latest

构建容器

1
docker build --force-rm --no-cache -t jenkins:lts-with-plugins .

容器化部署jenkins

Docker启动

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
docker run \
       -d \
       --user=root \
       --name=jenkins \
       -e TZ='Asia/Shanghai' \
       -e JAVA_OPTS='-Djenkins.install.runSetupWizard=false -Duser.timezone=Asia/Shanghai -Dhudson.model.UpdateCenter.updateCenterUrl="https://mirrors.huaweicloud.com/jenkins/updates/" -Dhudson.Functions.autoRefreshSeconds=10 -Dhudson.model.DownloadService.noSignatureCheck=false' \
       -e JENKINS_OPTS='--prefix=/ --sessionTimeout=60 --httpPort=8080 --httpListenAddress=0.0.0.0'
       -e JENKINS_UC='https://mirrors.huaweicloud.com/jenkins' \
       -e JENKINS_UC_DOWNLOAD='https://mirrors.huaweicloud.com/jenkins' \
       -v /etc/localtime:/etc/localtime:ro \
       -v /opt/jenkins-home/:/var/jenkins_home \
       -v /var/run/docker.sock:/var/run/docker.sock \
       -v /usr/bin/docker:/usr/local/bin/docker \
       -v /usr/lib64/libltdl.so.7:/usr/lib/libltdl.so.7 、
       -p 8080:8080 \
       -p 50000:50000 \
       --privileged \
       jenkins:lts-with-plugins

docker-compose启动

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
jenkins:
  image: jenkins:lts-with-plugins
  container_name: jenkins
  environment:
    TZ: 'Asia/Shanghai'
    JAVA_OPTS: '-Djenkins.install.runSetupWizard=false -Duser.timezone=Asia/Shanghai -Dhudson.model.UpdateCenter.updateCenterUrl="https://mirrors.huaweicloud.com/jenkins/updates/" -Dhudson.Functions.autoRefreshSeconds=10 -Dhudson.model.DownloadService.noSignatureCheck=false'
    JENKINS_OPTS: '--prefix=/ --sessionTimeout=60 --httpPort=8080 --httpListenAddress=0.0.0.0'
    JENKINS_UC: 'https://mirrors.huaweicloud.com/jenkins'
    JENKINS_UC_DOWNLOAD: 'https://mirrors.huaweicloud.com/jenkins'
  privileged: true
  user: root
  ports:
    - 8080:8080
    - 50000:50000
  volumes:
    - '/etc/localtime:/etc/localtime'
    - '/opt/jenkins-home/:/var/jenkins_home'
    - '/var/run/docker.sock:/var/run/docker.sock'
    - '/usr/bin/docker:/usr/local/bin/docker'
    - '/usr/lib64/libltdl.so.7:/usr/lib/libltdl.so.7'

修改jenkins插件地址

1
2
3
sed -e 's#http://updates.jenkins-ci.org/download#https://mirrors.huaweicloud.com/jenkins#g' \
    -e 's#https://www.google.com#https://www.baidu.com#g' \
    -i ${JENKINS_HOME}/updates/default.json

部署到K8S

  • 这里不用Helm部署,Helm部署的另起一文

  • 调用阿里云的高效云盘作为数据盘

  • YAML文件如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: jenkins-master-data
  namespace: jenkins
  labels:
    app: jenkins
spec:
  accessModes:
  - "ReadWriteOnce"
  storageClassName: alicloud-disk-efficiency
  resources:
    requests:
      storage: "100Gi"
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: jenkins-master
  namespace: jenkins
  labels:
    app: jenkins-master
spec:
  selector:
    matchLabels:
      app: jenkins-master
  template:
    metadata:
      labels:
        app: jenkins-master
    spec:      
      containers:
      - name: jenkins
        image: jenkins/jenkins:2.235.4-lts
        imagePullPolicy: "IfNotPresent"
        env:
        - name: TZ
          value: 'Asia/Shanghai'
        - name: JAVA_OPTS
          value: '-Djenkins.install.runSetupWizard=false -Duser.timezone=Asia/Shanghai -Dhudson.model.UpdateCenter.updateCenterUrl="https://mirrors.huaweicloud.com/jenkins/updates/" -Dhudson.Functions.autoRefreshSeconds=10 -Dhudson.model.DownloadService.noSignatureCheck=false'
        - name: JENKINS_OPTS
          value: '--prefix=/ --sessionTimeout=60 --httpPort=8080 --httpListenAddress=0.0.0.0'
        - name: JENKINS_UC
          value: 'https://mirrors.huaweicloud.com/jenkins'
        - name: JENKINS_UC_DOWNLOAD
          value: 'https://mirrors.huaweicloud.com/jenkins'
        ports:
        - name: http
          containerPort: 8080
        livenessProbe:
          httpGet:
            path: /login
            port: http
          initialDelaySeconds: 180
          periodSeconds: 10
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 6
        readinessProbe:
          httpGet:
            path: /login
            port: http
          initialDelaySeconds: 30
          periodSeconds: 5
          timeoutSeconds: 3
          successThreshold: 1
          failureThreshold: 3
        resources:
          limits:
            cpu: 500m
            memory: 1Gi
          requests:
            cpu: 300m
            memory: 512Mi
        volumeMounts:
        - name: jenkins-data
          mountPath: /var/jenkins_home
      volumes:
      - name: jenkins-master-data
        persistentVolumeClaim:
          claimName: jenkins-master-data
---
apiVersion: v1
kind: Service
metadata:
  name: jenkins-master
  labels:
    app: jenkins
spec:
  type: ClusterIP
  ports:
    - name: http
      port: 8080
      targetPort: http
  selector:
    app: jenkins-master