当前位置：首页 > news >正文

Kubernetes 创建 Jenkins 实现 CICD 配置指南

news 来源：原创 2025/4/22 6:55:49

Kubernetes 创建 Jenkins 实现 CICD 配置指南

拉取 Jenkins 镜像并推送到本地仓库

# 从官方仓库拉取镜像（若网络不通畅可使用国内镜像源）
docker pull jenkins/jenkins:lts-jdk11# 国内用户可去下面地址寻找镜像源并拉取：
https://docker.aityp.com# 推送到本地 Kubernetes 镜像仓库
docker tag jenkins/jenkins:lts-jdk11 192.168.1.13:5000/datasafe/jenkins:lts-jdk11
docker push 192.168.1.13:5000/datasafe/jenkins:lts-jdk11

1. 创建命名空间

kubectl create ns jenkins

2. 创建 ServiceAccount 和权限绑定

2.1 检查 ServiceAccount 是否存在

kubectl get serviceaccount -n jenkins

2.2 创建 jenkins-admin ServiceAccount

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:name: jenkins-adminnamespace: jenkins
EOF

2.3 配置权限绑定

集群管理员权限 (ClusterRoleBinding)

cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: jenkins-admin-binding
subjects:
- kind: ServiceAccountname: jenkins-adminnamespace: jenkins
roleRef:kind: ClusterRolename: cluster-adminapiGroup: rbac.authorization.k8s.io
EOF

命名空间权限 (RoleBinding)

cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:name: jenkins-admin-bindingnamespace: jenkins
subjects:
- kind: ServiceAccountname: jenkins-adminnamespace: jenkins
roleRef:kind: Rolename: jenkins-roleapiGroup: rbac.authorization.k8s.io
EOF

3. 部署 Jenkins YAML 配置

---
kind: Deployment
apiVersion: apps/v1
metadata:name: jenkinsnamespace: jenkins
spec:replicas: 1selector:matchLabels:app: jenkinstemplate:metadata:labels:app: jenkinsspec:volumes:- name: jenkinshomepersistentVolumeClaim:claimName: jenkins-data-pvccontainers:- name: jenkinsimage: '192.168.1.13:5000/datasafe/jenkins:lts-jdk11'ports:- name: webcontainerPort: 8080protocol: TCP- name: agentcontainerPort: 50000protocol: TCPenv:- name: JAVA_OPTSvalue: '-Duser.timezone=Asia/Shanghai'volumeMounts:- name: jenkinshomemountPath: /var/jenkins_homeserviceAccountName: jenkins-adminsecurityContext: {}---
kind: Service
apiVersion: v1
metadata:name: jenkinsnamespace: jenkinslabels:app: jenkins
spec:ports:- name: webprotocol: TCPport: 8080targetPort: 8080nodePort: 30010selector:app: jenkinstype: NodePort---
kind: Service
apiVersion: v1
metadata:name: jenkins-agentnamespace: jenkinslabels:app: jenkins
spec:ports:- name: agentprotocol: TCPport: 50000targetPort: 50000selector:app: jenkinstype: ClusterIP---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:name: jenkins-data-pvcnamespace: jenkins
spec:accessModes:- ReadWriteManyresources:requests:storage: 10GistorageClassName: nfs-client

4. 创建凭证（Git 服务器账户密码）

进入 Jenkins 管理界面
导航到"系统管理" → “凭据管理”
创建 Git 和节点服务器凭证
记录生成的唯一标识符

在这里插入图片描述

5. 绑定 Jenkins 服务器节点

5.1 准备工作

从节点需要安装以下环境：

Git
JDK
Maven
Docker（可选）

添加 Maven 环境变量：

echo 'export PATH=/usr/local/apache-maven-3.8.6/bin:$PATH' >> ~/.profile
source ~/.profile

5.2 创建从节点

进入"系统管理" → “节点和云管理”
创建新节点
配置节点信息：
- 名称
- 远程工作目录
- 启动方式（通过SSH）
- 凭据（使用之前创建的凭证）

5.3 常见问题及解决方案

问题1：Jenkins 连接不上远程机器

错误信息：

[SSH] Opening SSH connection to 192.168.1.4:22.
Searching for 192.168.1.4 in /var/jenkins_home/.ssh/known_hosts
Searching for 192.168.1.4:22 in /var/jenkins_home/.ssh/known_hosts
[04/21/25 12:59:00] [SSH] WARNING: No entry currently exists in the Known Hosts file for this host. Connections will be denied until this new host and its associated key is added to the Known Hosts file.
Key exchange was not finished, connection is closed.
SSH Connection failed with IOException: "Key exchange was not finished, connection is closed.", retrying in 15 seconds. There are 10 more retries left.

解决方案：

# 进入 Jenkins 容器执行
ssh-keyscan -H 从节点主机IP >> /var/jenkins_home/.ssh/known_hosts

问题2：加入 Jenkins 失败

错误信息：

Starting agent process: cd "/data/jenkins" && java  -jar remoting.jar -workDir /data/jenkins -jar-cache /data/jenkins/remoting/jarCache
Error: A JNI error has occurred, please check your installation and try again
Exception in thread "main" java.lang.UnsupportedClassVersionError: hudson/remoting/Launcher has been compiled by a more recent version of the Java Runtime (class file version 55.0), this version of the Java Runtime only recognizes class file versions up to 52.0at java.lang.ClassLoader.defineClass1(Native Method)at java.lang.ClassLoader.defineClass(ClassLoader.java:763)at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)at java.net.URLClassLoader.defineClass(URLClassLoader.java:468)at java.net.URLClassLoader.access$100(URLClassLoader.java:74)at java.net.URLClassLoader$1.run(URLClassLoader.java:369)at java.net.URLClassLoader$1.run(URLClassLoader.java:363)at java.security.AccessController.doPrivileged(Native Method)at java.net.URLClassLoader.findClass(URLClassLoader.java:362)at java.lang.ClassLoader.loadClass(ClassLoader.java:424)at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:349)at java.lang.ClassLoader.loadClass(ClassLoader.java:357)at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:495)
Agent JVM has terminated. Exit code=1

解决方案：

下载并安装 JDK 11 https://www.oracle.com/cn/java/technologies/javase/jdk11-archive-downloads.html#license-lightbox
在节点配置 → 启动方式 → 高级中指定 JDK11 路径

在这里插入图片描述

重新点击 launch agent即可

在这里插入图片描述

6. 创建 Pipeline 项目

6.1 Pipeline 脚本示例

pipeline {agent {label 'java' // 使用标签选择节点}environment {IMAGE_NAME = "micro-datamap"K8S_NAMESPACE = "development"K8S_PORT = "31090"K8S_DEBUG_PORT = "31091"SPRING_PROFILES_ACTIVE = "dev"}parameters {string(name: 'BUILD_VERSION',defaultValue: '3.0.4_hz250117',description: '构建版本号')}stages {stage("Checkout") {steps {echo "1. checkout integration branch"git branch: '分支',credentialsId: 'git凭据标识',url: '仓库地址'}}stage('Package&Build') {steps {echo "2.package project & build Image"script {sh "cat src/main/docker/Dockerfile"sh "cd src/main/docker/ && bash build.sh ${SPRING_PROFILES_ACTIVE} ${BUILD_VERSION}"}}}stage('Push') {steps {echo "3.push image"script {sh "docker push 镜像名称"}}}stage('Deploy') {steps {echo "4.deploy in k8s"script {sh "echo 'deleting current deployment...'"// 部署相关的kubectl命令}}}}
}