本次cicd中,将jenkins通过helm也部署在集群中,而Jenkins又需要持久化数据,所以需要定义存储类,来保证数据不会丢失。
那么就基于NFS定义一个存储类。首先把nfs下载下来,我把存储卷的地址放在了master节点上的/mnt目录下
由于官方的jenkins时间不同步在加上插件下载失败,所以使用Dockerfile自己构建一个jenkins镜像来使用。首先去下载一下官方的jenkins(“https://github.com/jenkinsci/docker”),下不下来,手动下载后传至服务器中并解压,目录内容如下
编写Dockerfile,全文为:
FROM openjdk:8-jdk-alpine
ENV LANG=C.UTF-8 \
TZ=Asia/Shanghai
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone && sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories && apk add --no-cache \
bash \
coreutils \
curl \
git \
git-lfs \
openssh-client \
tini \
ttf-dejavu \
tzdata \
unzip
ARG user=jenkins
ARG group=jenkins
ARG uid=1000
ARG gid=1000
ARG http_port=8080
ARG agent_port=50000
ARG JENKINS_HOME=/var/jenkins_home
ARG REF=/usr/share/jenkins/ref
ENV JENKINS_HOME $JENKINS_HOME
ENV JENKINS_SLAVE_AGENT_PORT ${agent_port}
ENV REF $REF
# Jenkins is run with user `jenkins`, uid = 1000
# If you bind mount a volume from the host or a data container,
# ensure you use the same uid
RUN mkdir -p $JENKINS_HOME \
&& chown ${uid}:${gid} $JENKINS_HOME \
&& addgroup -g ${gid} ${group} \
&& adduser -h "$JENKINS_HOME" -u ${uid} -G ${group} -s /bin/bash -D ${user}
# Jenkins home directory is a volume, so configuration and build history
# can be persisted and survive image upgrades
VOLUME $JENKINS_HOME
# $REF (defaults to `/usr/share/jenkins/ref/`) contains all reference configuration we want
# to set on a fresh new installation. Use it to bundle additional plugins
# or config file with your custom jenkins Docker image.
RUN mkdir -p ${REF}/init.groovy.d
# jenkins version being bundled in this docker image
ARG JENKINS_VERSION
ENV JENKINS_VERSION ${JENKINS_VERSION:-2.222.4}
# jenkins.war checksum, download will be validated using it
ARG JENKINS_SHA=6c95721b90272949ed8802cab8a84d7429306f72b180c5babc33f5b073e1c47c
# Can be used to customize where jenkins.war get downloaded from
ARG JENKINS_URL=https://mirrors.aliyun.com/jenkins/war-stable/${JENKINS_VERSION}/jenkins.war
# could use ADD but this one does not check Last-Modified header neither does it allow to control checksum
# see https://github.com/docker/docker/issues/8331
RUN curl -fsSL ${JENKINS_URL} -o /usr/share/jenkins/jenkins.war \
&& echo "${JENKINS_SHA} /usr/share/jenkins/jenkins.war" | sha256sum -c -
ENV JENKINS_UC https://updates.jenkins-zh.cn
ENV JENKINS_UC_EXPERIMENTAL=https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/experimental
ENV JENKINS_INCREMENTALS_REPO_MIRROR=https://repo.jenkins-ci.org/incrementals
RUN chown -R ${user} "$JENKINS_HOME" "$REF"
# for main web interface:
EXPOSE ${http_port}
# will be used by attached slave agents:
EXPOSE ${agent_port}
ENV COPY_REFERENCE_FILE_LOG $JENKINS_HOME/copy_reference_file.log
USER ${user}
COPY jenkins-support /usr/local/bin/jenkins-support
COPY jenkins.sh /usr/local/bin/jenkins.sh
COPY tini-shim.sh /bin/tini
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/jenkins.sh"]
# from a derived Dockerfile, can use `RUN plugins.sh active.txt` to setup $REF/plugins from a support bundle
COPY plugins.sh /usr/local/bin/plugins.sh
COPY install-plugins.sh /usr/local/bin/install-plugins.sh
这个Dockerfile是基于jdk8,且时区设置为上海,然后通过ARG设置初始的一些变量,之后再创建了jenkins用户和用户组,并设置jnekins_home的属主属组改为jenkins,以便后续存储密码,插件等各种jenkins的数据。然后将jenkins的更新源设为国内的清华源,防止更新失败。然后将端口暴露出去,用来网页访问。最后运行两个官方提供的脚本。这两个脚本就在下载下来的包中,把他们移出来,然后构建自己的jenkins镜像。