本文共 3332 字，大约阅读时间需要 11 分钟。

前提条件是，有storageclass，利用pvc 创建持久化存储 创建kube-ops namespace

这里创建opspvc 另外把accessmode 换成readwritemany，因为会有多个pod 进行读写

然后部署jenkins master deployment如下

---apiVersion: extensions/v1beta1kind: Deploymentmetadata:  name: jenkins  namespace: kube-opsspec:  template:    metadata:      labels:        app: jenkins    spec:      terminationGracePeriodSeconds: 10      serviceAccountName: jenkins      containers:      - name: jenkins        image: jenkins/jenkins:lts        imagePullPolicy: IfNotPresent        ports:        - containerPort: 8080          name: web          protocol: TCP        - containerPort: 50000          name: agent          protocol: TCP        resources:          limits:            cpu: 2000m            memory: 4Gi          requests:            cpu: 1000m            memory: 2Gi        livenessProbe:          httpGet:            path: /login            port: 8080          initialDelaySeconds: 60          timeoutSeconds: 5          failureThreshold: 12        readinessProbe:          httpGet:            path: /login            port: 8080          initialDelaySeconds: 60          timeoutSeconds: 5          failureThreshold: 12        volumeMounts:        - name: jenkinshome          subPath: jenkins          mountPath: /var/jenkins_home        env:        - name: LIMITS_MEMORY          valueFrom:            resourceFieldRef:              resource: limits.memory              divisor: 1Mi        - name: JAVA_OPTS          value: -Xmx$(LIMITS_MEMORY)m -XshowSettings:vm -Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85 -Duser.timezone=Asia/Shanghai      securityContext:        fsGroup: 1000      volumes:      - name: jenkinshome        persistentVolumeClaim:          claimName: opspvc---apiVersion: v1kind: Servicemetadata:  name: jenkins  namespace: kube-ops  labels:    app: jenkinsspec:  selector:    app: jenkins  ports:  - name: web    port: 8080    targetPort: web  - name: agent    port: 50000    targetPort: agent

分配权限，配置rbac如下

apiVersion: v1kind: ServiceAccountmetadata:  name: jenkins  namespace: kube-ops---kind: RoleapiVersion: rbac.authorization.k8s.io/v1beta1metadata:  name: jenkins  namespace: kube-opsrules:  - apiGroups: [""]    resources: ["pods"]    verbs: ["create","delete","get","list","patch","update","watch"]  - apiGroups: [""]    resources: ["pods/exec"]    verbs: ["create","delete","get","list","patch","update","watch"]  - apiGroups: [""]    resources: ["pods/log"]    verbs: ["get","list","watch"]  - apiGroups: [""]    resources: ["secrets"]    verbs: ["get"]---apiVersion: rbac.authorization.k8s.io/v1beta1kind: RoleBindingmetadata:  name: jenkins  namespace: kube-opsroleRef:  apiGroup: rbac.authorization.k8s.io  kind: Role  name: jenkinssubjects:  - kind: ServiceAccount    name: jenkins    namespace: kube-ops

安装k8s 插件，与k8s 目标集群进行远程连接

因为是腾讯云，并没有提供tls 客户端认证，所以直接利用账号密码，进行认证，记得，禁用https 证书检查,jenkins和k8s 就集成好了

划重点！！！：jenkins地址，这里我这里写的是内网地址以及暴露了50000端口（用来与slave 建立通信使用），因为master 和slave 分别在不通的k8s 集群里，那么需要远程进行联通，而jenkins-ui 我是以ingress 的方式对外暴露

slave 的配置

这里需要注意的是标签列表，这里填写的标签，需要在slave 所在k8s 集群的节点上进行标注，而这个名字，是label这个字段里的key 并未是value，这里要注意

job 里配置

这个意思就是 slave 会尽可能的在这个节点build

本文地址：

转载地址：http://uztmz.baihongyu.com/