0. git clone
git clone https://github.com/scriptcamp/kubernetes-jenkins
1. Create a Namespace
k apply -f namespace.yaml
namespace/devops-tools created2. Create a service account with Kubernetes admin permissions.
k apply -f serviceAccount.yaml
clusterrole.rbac.authorization.k8s.io/jenkins-admin created
serviceaccount/jenkins-admin created
clusterrolebinding.rbac.authorization.k8s.io/jenkins-admin created3. Create local persistent volume for persistent Jenkins data on Pod restarts.
NFS 로컬 pv 생성
mkdir /nfs_shared
sudo chown 1000:1000 /nfs_shared/jenkins/
sudo ./nfs-exporter.sh jenkins
nfs-exporter.sh
nfsdir=/nfs_shared/$1
if [ $# -eq 0 ]; then
echo "usage: nfs-exporter.sh <name>"; exit 0
fi
if [[ ! -d $nfsdir ]]; then
mkdir -p $nfsdir
echo "$nfsdir 192.168.1.0/24(rw,sync,no_root_squash)" >> /etc/exports
if [[ $(systemctl is-enabled nfs) -eq "disabled" ]]; then
systemctl enable nfs
fi
systemctl restart nfs
fi
volume.yaml
PV에
local --> nfs로 변경
nfs:
server: 192.168.1.1
path: /nfs_shared/jenkins
k apply -f volume.yaml
storageclass.storage.k8s.io/local-storage created
persistentvolume/jenkins-pv-volume created
persistentvolumeclaim/jenkins-pv-claim created4. Create a deployment YAML and deploy it.
k apply -f deployment.yaml
deployment.apps/jenkins created5. Create a service YAML and deploy it.
k apply -f service.yaml
service/jenkins-service created6. 배포 체크
k get po -n devops-tools
NAME READY STATUS RESTARTS AGE
jenkins-5bdc5bf9c6-j49xm 1/1 Running 0 5m35s
k exec -it -n devops-tools jenkins-5bdc5bf9c6-j49xm -- /bin/bash
(실제로 나온 pod명 입력 필요)
jenkins@jenkins-5bdc5bf9c6-j49xm:/$ cat /var/jenkins_home/secrets/initialAdminPassword
7455a7d475254b0eb16c8e7972f90be1
7455a7d475254b0eb16c8e7972f90be1 입력
Install Suggested plugins
참고사이트 : https://www.jenkins.io/doc/book/installing/kubernetes/
(추가!!)
Docker 배포할 때 권한 때문에.
spec:
securityContext:
fsGroup: 1000
runAsGroup: 992
runAsUser: 1000
추가 해줘야 한다.
1000 : jenkins id
992 : docker group id
(docker.sock 소유한 그룹)
volumeMounts:
- name: jenkins-data
mountPath: /var/jenkins_home
- name: docker-socket
mountPath: /var/run/docker.sock
- name: docker-binary
mountPath: /usr/bin/docker
- name: kubectl-binary
mountPath: /usr/bin/kubectl
volumes:
- name: jenkins-data
persistentVolumeClaim:
claimName: jenkins-pv-claim
- name: docker-socket
hostPath:
path: /var/run/docker.sock
- name: docker-binary
hostPath:
path: /usr/bin/docker
- name: kubectl-binary
hostPath:
path: /usr/bin/kubectl
jenkins volume 외에 hostVolume 3개 추가
jenkins 안에서 docker, kubectl 실행시 필요하다.
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: jenkins-admin
rules:
- apiGroups: ["apps"]
resources: ["*"]
verbs: ["*"]
- apiGroups: [""]
resources: ["services"]
verbs: ["*"]
serviceAccount.yaml에
jenkins-admin ClusterRole에
1. apiGroups에 apps 추가
2. resources에 services 추가
Deployment를 선언하고, services를 생성 할 수 있는 권한이 생긴다.
노력하는 프로그래머