# jenkins 部署

## 准备

- 创建namespace

```shell
kubectl create ns devops
```

- 准备pvc，用于jenkins插件等持久化的存储

```shell
# 查看是否有storageclass
kubectl get sc

# 如果已经有sc，
# 修改pvc.yaml中的storageClassName
# 默认写的是nas-storage
kubectl apply -f pvc.yaml -n devops
```

## 部署

- 修改clusterRoleBing 中的namespace

```yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
 name: jenkins
roleRef:
 apiGroup: rbac.authorization.k8s.io
 kind: ClusterRole
 name: jenkins
subjects:
 - kind: ServiceAccount
   name: jenkins
   namespace: devops
```

- 如果需要ingress，修改对应的域名

```yaml
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: jenkins-ingress
spec:
  ingressClassName: nginx
  rules:
  - host: jenkins.sxkj.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: jenkins
            port:
              number: 30080
```
- 部署jenkins应用

```shell
kubectl apply -f deploy.yaml -n devops
```

- 验证，访问ip:30080，ip为pod调度到k8s某一个节点的ip，或者直接访问对应的域名: 如，jenkins.sxkj.com

## 配置jenkins

- 管理插件中下载插件
  - git
  - Pipeline
  - git parameter
  - publish over ssh
  - Localization: Chinese (Simplified)
  - kubernetes
  - Blue Ocean
  - Role-based Authorization Strategy

- 节点管理 -> Configure Cloud 

![](configue-cloud.png)

- 添加凭据 

![](secret-file.png)

## Jenkinsfile demo

```groovy
def label = "slave-${UUID.randomUUID().toString()}"

podTemplate(cloud: 'kubernetes', namespace:'devops',label: label, serviceAccount: 'jenkins',containers: [
  containerTemplate(name: 'docker', image: 'docker:latest', command: 'cat', ttyEnabled: true),
  containerTemplate(name: 'kubectl', image: 'cnych/kubectl', command: 'cat', ttyEnabled: true)
],volumes: [
  hostPathVolume(mountPath: '/home/jenkins/.kube', hostPath: '/root/.kube'),
  hostPathVolume(mountPath: '/var/run/docker.sock', hostPath: '/var/run/docker.sock'),
  hostPathVolume(mountPath: '/etc/docker/daemon.json', hostPath: '/etc/docker/daemon.json')
], yaml: """
spec:
  nodeSelector:
    kubernetes.io/hostname: h249
  hostalias:
  - ip: 192.168.199.31
    hostnames:
    - "SXKJ"
"""
) {
    node(label) {
        stage('构建 Docker 镜像') {
          git url: ' http://gogs.soaringnova.com/sxwl_DL/meta_be.git', branch: 'master'
          container('docker') {
            echo "构建 Docker 镜像阶段"
            retry(2) { sh "docker build  -t SXKJ:32775/meta-app:latest --output type=docker ." }
            echo "build success"
          }
        }
        stage('Docker Push 镜像') {
            container('docker') {
              retry(2) { sh "docker push SXKJ:32775/meta-app:latest" }
              echo "Push success"
            }
        }
        stage('运行 Kubectl') {
          container('kubectl') {
            echo "重启 pod"
            sh "kubectl rollout restart deployments/app-be  -n meta-demo"
          }
        }
    }
}

```

## 参考文档

- [devops-k8s部署jenkins和动态创建slave节点](https://developer.aliyun.com/article/1112049)
- [使用 RBAC 鉴权](https://kubernetes.io/zh-cn/docs/reference/access-authn-authz/rbac/)
- [Kubernetes plugin for Jenkins](https://plugins.jenkins.io/kubernetes/)
- [Docker in Docker with Jenkins Pod on Kubernetes](https://blog.thecloudside.com/docker-in-docker-with-jenkins-pod-on-kubernetes-f2b9877936f2)
- [基于kubernetes集成cicd工具](https://blog.jairmir.com/index.php/2021/03/27/%E5%9F%BA%E4%BA%8Ekubernetes%E9%9B%86%E6%88%90cicd%E5%B7%A5%E5%85%B7/)