Jenkins에서 가이드를 제공해 주고 있어서 그대로 진행해보려고 한다.
root@jenkinshost:~# kubectl create ns jenkins
namespace/jenkins created
root@jenkinshost:~# cat sa.yml
# cat sa.yml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: jenkins-admin
rules:
- apiGroups: [""]
resources: ["*"]
verbs: ["*"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins-admin
namespace: jenkins
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: jenkins-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: jenkins-admin
subjects:
- kind: ServiceAccount
name: jenkins-admin
namespace: jenkins
root@jenkinshost:~#
root@jenkinshost:~# kubectl apply -f sa.yml
clusterrole.rbac.authorization.k8s.io/jenkins-admin created
serviceaccount/jenkins-admin created
clusterrolebinding.rbac.authorization.k8s.io/jenkins-admin created
root@jenkinshost:~# cat stc.yml
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: local-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
root@jenkinshost:~# kubectl apply -f stc.yml
storageclass.storage.k8s.io/local-storage created
root@jenkinshost:~# cat pv.yml
apiVersion: v1
kind: PersistentVolume
metadata:
name: jenkins-pv-volume
labels:
type: local
spec:
storageClassName: local-storage
claimRef:
name: jenkins-pv-claim
namespace: jenkins
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
local:
path: /mnt
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- ip-192-168-66-119.ap-southeast-1.compute.internal
root@jenkinshost:~# kubectl apply -f pv.yml
persistentvolume/jenkins-pv-volume created
root@jenkinshost:~# cat pvc.yml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins-pv-claim
namespace: jenkins
spec:
storageClassName: local-storage
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 3Gi
root@jenkinshost:~# kubectl apply -f pvc.yml
persistentvolumeclaim/jenkins-pv-claim created
root@jenkinshost:~# cat deploy.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: jenkins
spec:
replicas: 1
selector:
matchLabels:
app: jenkins-server
template:
metadata:
labels:
app: jenkins-server
spec:
securityContext:
fsGroup: 1000
runAsUser: 1000
serviceAccountName: jenkins-admin
containers:
- name: jenkins
image: jenkins/jenkins:lts
resources:
limits:
memory: "2Gi"
cpu: "1000m"
requests:
memory: "500Mi"
cpu: "500m"
ports:
- name: httpport
containerPort: 8080
- name: jnlpport
containerPort: 50000
livenessProbe:
httpGet:
path: "/login"
port: 8080
initialDelaySeconds: 90
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
readinessProbe:
httpGet:
path: "/login"
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
volumeMounts:
- name: jenkins-data
mountPath: /var/jenkins_home
volumes:
- name: jenkins-data
persistentVolumeClaim:
claimName: jenkins-pv-claim
root@jenkinshost:~# kubectl apply -f deploy.yml
deployment.apps/jenkins created
root@jenkinshost:~# kubectl get deploy -n jenkins
NAME READY UP-TO-DATE AVAILABLE AGE
jenkins 1/1 1 1 107s
root@jenkinshost:~# cat svc.yml
apiVersion: v1
kind: Service
metadata:
name: jenkins-service
namespace: jenkins
annotations:
prometheus.io/scrape: 'true'
prometheus.io/path: /
prometheus.io/port: '8080'
spec:
selector:
app: jenkins-server
type: NodePort
ports:
- port: 8080
targetPort: 8080
nodePort: 32000
root@jenkinshost:~# kubectl apply -f svc.yml
service/jenkins-service created
root@jenkinshost:~# kubectl get svc -n jenkins
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
jenkins-service NodePort 10.100.161.85 <none> 8080:32000/TCP 9s
root@jenkinshost:~# kubectl get po -n jenkins -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
jenkins-b96f7764f-dt5j8 1/1 Running 0 3m55s 192.168.91.99 ip-192-168-66-119.ap-southeast-1.compute.internal <none> <none>
root@jenkinshost:~# kubectl exec -it jenkins-b96f7764f-dt5j8 cat /var/jenkins_home/secrets/initialAdminPassword -n jenkins
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
f1ef110db33e4d11904dac5b0c32a0a3
NodePort 타입의 서비스를 만들고 jenkins 파드가 위치한 노드를 확인해서 접속 테스트를 했을 때 정상 접속 가능 함을 확인하였다.