Инсталляция Jenkins в Minikube с помощью Helm
Делаю:
2024.11.23
P.S. Не разобрался как работать с docker в данном конкретном случае! Менял агенты, все равно получал ошибку.
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
Дока:
https://www.jenkins.io/doc/book/installing/kubernetes/#install-jenkins-with-helm-v3
$ helm repo add jenkinsci https://charts.jenkins.io
$ helm repo update
$ helm search repo jenkinsci
NAME CHART VERSION APP VERSION DESCRIPTION
jenkinsci/jenkins 5.7.12 2.479.1 Jenkins - Build great things at any scale! As t...
$ kubectl create namespace jenkins
Create a persistent volume
$ cat << 'EOF' | kubectl apply -f -
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: jenkins-pv
namespace: jenkins
spec:
storageClassName: jenkins-pv
accessModes:
- ReadWriteOnce
capacity:
storage: 20Gi
persistentVolumeReclaimPolicy: Retain
hostPath:
path: /data/jenkins-volume/
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: jenkins-pv
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
EOF
$ export \
PROFILE=${USER}-minikube
// Не помню точно нужно это делать или нет
$ minikube ssh --profile ${PROFILE}
minikube:~$ sudo mkdir -p /data/jenkins-volume
minikube:~$ sudo chown -R 1000:1000 /data/jenkins-volume
^D
Create a service account
$ cat << 'EOF' | kubectl apply -f -
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
namespace: jenkins
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: jenkins
rules:
- apiGroups:
- '*'
resources:
- statefulsets
- services
- replicationcontrollers
- replicasets
- podtemplates
- podsecuritypolicies
- pods
- pods/log
- pods/exec
- podpreset
- poddisruptionbudget
- persistentvolumes
- persistentvolumeclaims
- jobs
- endpoints
- deployments
- deployments/scale
- daemonsets
- cronjobs
- configmaps
- namespaces
- events
- secrets
verbs:
- create
- get
- watch
- delete
- list
- patch
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: jenkins
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:serviceaccounts:jenkins
EOF
Install Jenkins
$ mkdir -p ~/tmp
$ cd ~/tmp
$ wget https://raw.githubusercontent.com/jenkinsci/helm-charts/main/charts/jenkins/values.yaml -O jenkins-values.yaml
$ vi jenkins-values.yaml
storageClass: jenkins-pv
serviceAccount:
create: false
name: jenkins
$ helm install jenkins -n jenkins -f jenkins-values.yaml jenkinsci/jenkins
// uninstall
// $ helm uninstall jenkins -n jenkins
$ kubectl get pods -n jenkins
NAME READY STATUS RESTARTS AGE
jenkins-0 2/2 Running 0 7m45s
Вариант 1. Подключения с использованием обычного ingress
$ export INGRESS_HOST=$(minikube --profile ${PROFILE} ip)
$ echo ${INGRESS_HOST}
192.168.49.2
$ envsubst << 'EOF' | cat | kubectl create -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jenkins-ingress-service
namespace: jenkins
annotations:
nginx.ingress.kubernetes.io/default-backend: ingress-nginx-controller
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: "true"
spec:
rules:
- host: ${INGRESS_HOST}.nip.io
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: jenkins
port:
number: 8080
EOF
$ kubectl get ingress -n jenkins
NAME CLASS HOSTS ADDRESS PORTS AGE
jenkins-ingress-service <none> 192.168.49.2.nip.io 192.168.49.2 80 27s
Подкючаюсь: 192.168.49.2.nip.io
Заработало!
Вариант 2. Подключения с использованием ngrok ingress. Вариант когда нужно подключиться из интернета, а белого IP нет.
Моя дока
// https://dashboard.ngrok.com/cloud-edge/domains - копируем домен
$ export NGROK_DOMAIN="hugely-amusing-owl.ngrok-free.app"
Со следующим ingress
$ envsubst << 'EOF' | cat | kubectl create -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ngrok-jenkins-ingress-service
namespace: jenkins
spec:
ingressClassName: ngrok
rules:
- host: ${NGROK_DOMAIN}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: jenkins
port:
number: 8080
EOF
Подкючаюсь: https://hugely-amusing-owl.ngrok-free.app
Заработало!
Получить пароль админа для логина в UI
// Get your 'admin' user password by running:
$ jsonpath="{.data.jenkins-admin-password}" secret=$(kubectl get secret -n jenkins jenkins -o jsonpath=$jsonpath)
$ echo $(echo $secret | base64 --decode)