小橘子大叔

  • 首页
  • nginx
  • Linux
  • docker
  • Kubernetes
  • Prometheus
  • 生活
  • 文章归档
  • 友情链接
  • Instagram
  • TikTok
  • X
欢迎随时联系本人
  • Mail

K8s部署Jenkins和gitlab

  • luxy
  • 2023-12-22
  • 3

临近期末,所以没啥时间写文章了,就水一篇最近在搞的吧。哎,yaml这玩意儿真的很容易搞忘记啊???
部署Jenkins.yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: jenkins
  namespace: cicd
  labels:
    name: jenkins
spec:
  replicas: 1
  selector:     
    matchLabels:        
      name: jenkins
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
      maxSurge: 1
  revisionHistoryLimit: 7
  progressDeadlineSeconds: 600
  template:
    metadata:
      labels:
        name: jenkins
    spec:
      terminationGracePeriodSeconds: 10
      volumes:
        - name: data
          nfs:
            server: master01
            path: /root/data/nfs_volume/jenkins_home
        - name: docker
          hostPath: 
            path: /run/docker.sock
            type: ""
      imagePullSecrets:
        - name: my-harbor-secret
      serviceAccount: jenkins
      containers:
        - name: jenkins
          image: 192.168.239.100:8080/jenkins/jenkins_docker@sha256:b4aeaeef569348e901a78a42bc6da8012dbc72de292651cba63d2b8c64ab5d53
          imagePullPolicy: IfNotPresent
          resources:
            limits:
              cpu: 1000m
              memory: 1Gi
            requests:
              cpu: 500m
              memory: 512Mi
          ports:
            - containerPort: 8080
              protocol: TCP
          volumeMounts:
            - name: data
              mountPath: /var/jenkins_home
            - name: docker
              mountPath: /run/docker.sock
          livenessProbe:
            httpGet:
              path: /login
              port: 8080
            initialDelaySeconds: 60
            timeoutSeconds: 5
            failureThreshold: 12
          readinessProbe:
            httpGet:
              path: /login
              port: 8080
            initialDelaySeconds: 60
            timeoutSeconds: 5
            failureThreshold: 12 

部署jenkins_ingress.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: jenkins
  namespace: cicd
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  rules:
    - host: jenkins.od.com
      http:
        paths:
          - path: /
           # pathType: Prefix
            backend:
              serviceName: jenkins
              servicePort: 80

部署jenkins_svc.yaml

apiVersion: v1
kind: Service
metadata:
  name: jenkins
  namespace: cicd
spec:
  ports:
    - port: 80
      targetPort: 8080
      protocol: TCP
  selector:
    name: jenkins

部署rbac.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins
  namespace: cicd

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: cicd
rules:
  - apiGroups: ["apps", "extensions"]
    resources: ["deployments"]
    verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
  - apiGroups: [""]
    resources: ["services"]
    verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["create","delete","get","list","patch","update","watch"]
  - apiGroups: [""]
    resources: ["pods/exec"]
    verbs: ["create","delete","get","list","patch","update","watch"]
  - apiGroups: [""]
    resources: ["pods/log"]
    verbs: ["get","list","watch"]
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get"]

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: jenkins
  namespace: cicd
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: jenkins
subjects:
  - kind: ServiceAccount
    name: jenkins
    namespace: cicd

部署gitlab:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: gitlab-dep
  namespace: cicd
spec:
  selector:
    matchLabels:
      app: gitlab
  progressDeadlineSeconds: 60
  revisionHistoryLimit: 2
  replicas: 1
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
      maxSurge: 1
  template:
    metadata:
      labels:
        app: gitlab
    spec:
      containers:
        - image: gitlab/gitlab-ce
          name: gitlab
          imagePullPolicy: IfNotPresent
          resources:
            requests:
              memory: "2Gi"
              cpu: "1"
            limits:
              memory: "3Gi"
              cpu: "2"
          livenessProbe:
            httpGet:
              path: /users/sign_in
              port: 80
            initialDelaySeconds: 120
            periodSeconds: 60
            failureThreshold: 3
          readinessProbe:
            httpGet:
              path: /users/sign_in
              port: 80
            initialDelaySeconds: 120
            periodSeconds: 60
            failureThreshold: 3
          ports:
            - containerPort: 443
              name: https
            - containerPort: 80
              name: http
            - containerPort: 22
              name: ssh
          volumeMounts:
            - name: gitlab-config
              mountPath: /etc/gitlab
            - name: gitlab-logs
              mountPath: /var/log/gitlab
            - name: gitlab-data
              mountPath: /var/opt/gitlab
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: role
                    operator: In
                    values:
                      - gitlab
      volumes:
         - name: gitlab-config
           persistentVolumeClaim:
             claimName: mycalim1
         - name: gitlab-logs
           persistentVolumeClaim:
             claimName: mycalim2
         - name: gitlab-data
           persistentVolumeClaim:
             claimName: mycalim3

部署pv.yaml

apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv1
spec:
  capacity:
    storage: 1Gi
  accessModes:
    - ReadWriteMany
  storageClassName: gitlab1
  persistentVolumeReclaimPolicy: Retain
  nfs:
    server: 192.168.239.100
    path: /root/data/gitlab/config

---

apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv2
spec:
  capacity:
    storage: 1Gi
  accessModes:
    - ReadWriteMany
  storageClassName: gitlab2
  persistentVolumeReclaimPolicy: Retain
  nfs:
    server: 192.168.239.100
    path: /root/data/gitlab/logs

---

apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv3
spec:
  capacity:
    storage: 1Gi
  accessModes:
    - ReadWriteMany
  storageClassName: gitlab3
  persistentVolumeReclaimPolicy: Retain
  nfs:
    server: 192.168.239.100
    path: /root/data/gitlab/data

部署gitlab_pvc.yaml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: mycalim1
  namespace: cicd
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  storageClassName: gitlab1

---

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: mycalim2
  namespace: cicd
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  storageClassName: gitlab2

---

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: mycalim3
  namespace: cicd
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  storageClassName: gitlab3

部署gitlab_svc.yaml

apiVersion: v1
kind: Service
metadata:
  name: gitlab
  namespace: cicd
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  selector:
    app: gitlab

部署gitlab_ingress.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: gitlab
  namespace: cicd
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  rules:
    - host: gitlab.od.com
      http:
        paths:
          - path: /
            backend:
              serviceName: gitlab
              servicePort: 80
© 2025 小橘子大叔
Theme by Wing
  • {{ item.name }}
  • {{ item.name }}