Jenkins在Pod中实现Docker in Docker并用kubectl进行部署

准备工作

说明

Jenkins的kubernetes-plugin在执行构建时会在kubernetes集群中自动创建一个Pod,并在Pod内部创建一个名为jnlp的容器,该容器会连接Jenkins并运行Agent程序,形成一个Jenkins的Master和Slave架构,然后Slave会执行构建脚本进行构建,但如果构建内容是要创建Docker Image就要实现Docker In Docker方案(在Docker里运行Docker),如果要在集群集群内部进行部署操作可以使用kubectl执行命令,要解决kubectl的安装和权限分配问题。

因为默认的jnlp容器可以执行的命令比较少,所以要实现Docker In Docker和执行kubectl命令,就要自定义构建Docker Image,因为一个Pod内部可以运行多个容器,所以可以用自定义的Docker容器实现上述目的。

实现Docker In Docker

构建自定义镜像:

FROM scratch
ADD centos-7-x86_64-docker.tar.xz / LABEL \
org.label-schema.schema-version="1.0" \
org.label-schema.name="CentOS Base Image" \
org.label-schema.vendor="CentOS" \
org.label-schema.license="GPLv2" \
org.label-schema.build-date="20200504" \
org.opencontainers.image.title="CentOS Base Image" \
org.opencontainers.image.vendor="CentOS" \
org.opencontainers.image.licenses="GPL-2.0-only" \
org.opencontainers.image.created="2020-05-04 00:00:00+01:00" USER root COPY docker-ce.repo /etc/yum.repos.d/docker-ce.repo
COPY kubernetes.repo /etc/yum.repos.d/kubernetes.repo RUN yum install -y docker-ce kubectl RUN systemctl enable docker CMD ["/bin/bash"]

需要的文件下载

更多镜像

# 构建命令
docker build -t bluersw/centos-7-docker-kubectl:2.0 . # 试运行命令
docker run -v /var/run/docker.sock:/var/run/docker.sock -it bluersw/centos-7-docker-kubectl:2.0 /bin/bash # Pull命令
docker pull bluersw/centos-7-docker-kubectl:2.0

运行容器时需要将宿主机的/var/run/docker.sock挂载到容器中去,因为容器内运行不了Docker Daemon,但这样有安全隐患因为可以通过docker.sock提权进而获得宿主机root权限,所以只能运行安全可靠的镜像。

配置Pod Templates

为了方便配置一个Pod Templates,在配置kubernetes连接内容的下面,这里的模板只是模板(与类一样使用时还要实例化过程),名称和标签列表不要以为是Pod的name和label,这里的名称和标签列表只是Jenkins查找选择模板时使用的,Jenkins自动创建Pod的name是项目名称+随机字母的组合,所以我们填写jenkins-slave-temp,命名空间填写jenkins-ops(创建命令:kubectl create namespace jenkins-ops),Pod内添加一个容器名称是jnlp-docker(默认的jnlp容器会自动创建),Docker镜像填写:repo.bluersw.com:8083/bluersw/centos-7-docker-kubectl:2.0,repo.bluersw.com:8083是家里的Docker私有仓库(搭建Docker私有仓库),下面增加两个Host Path Volume:/var/run/docker.sock、/etc/docker/daemon.json,保存回到系统管理页面。



测试运行

修改构建脚本

podTemplate (inheritFrom: "jenkins-slave-temp"){
node(POD_LABEL) {
container('jnlp'){
stage('Run shell') {
sh 'echo hello world'
}
}
container('jnlp-docker'){
stage("Run docker"){
sh 'docker info'
}
}
}
}
  • podTemplate:用Pod模版示例化一个Pod配置并在kubernetes内自动创建
  • inheritFrom:意思是创建的Pod配置继承自jenkins-slave-temp模版
  • POD_LABEL:自动创建Pod的label
  • container:选择哪个容器执行脚本

执行构建结果:

Running on jenkins-test-10-dp8sp-8zxtg-m4x35 in /home/jenkins/agent/workspace/Jenkins-Test
[Pipeline] {
[Pipeline] container
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Run shell)
[Pipeline] sh
+ echo hello world
hello world
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // container
[Pipeline] container
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Run docker)
[Pipeline] sh
+ docker info
Client:
Debug Mode: false Server:
Containers: 32
Running: 19
Paused: 0
Stopped: 13
Images: 11
Server Version: 19.03.9
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 4.4.224-1.el7.elrepo.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 3.858GiB
Name: centos7-k8s-node1
ID: 3R5I:DJGZ:YRZY:ESCH:VW7H:VGAD:5SCC:GYZV:QZZS:EX5M:MV3N:246K
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
repo.bluersw.com:8083
repo.bluersw.com:8082
127.0.0.0/8
Live Restore Enabled: false [Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // container
[Pipeline] }
[Pipeline] // node
[Pipeline] }
[Pipeline] // podTemplate
[Pipeline] End of Pipeline
Finished: SUCCESS

注意:我K8S集群使用root运行的所以权限很高,你如果使用其他账号运行的K8S集群,会遇到/var/run/docker.sock没有访问权限的问题,因为Docker必须是root权限运行,解决办法是:

# Docker 服务重启要重新执行
chmod 777 /var/run/docker.sock

Pod内使用Kubectl命令

在所有Node节点上执行:

mkdir -p $HOME/.kube
cp -i /etc/kubernetes/kubelet.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config # 测试一下
kubectl get pod -A

修改Pod Templates配置

在Pod Templates配置中增加两个Host Path Volume:/root/.kube、/var/lib/kubelet/pki/

测试运行kubectl

修改构建脚本:

podTemplate (inheritFrom: "jenkins-slave-temp"){
node(POD_LABEL) {
container('jnlp'){
stage('Run shell') {
sh 'echo hello world'
}
}
container('jnlp-docker'){
stage("Run docker"){
sh 'kubectl get pods -A'
}
}
}
}

运行结果:

Running on jenkins-test-11-7m94s-nxrj4-j2z0g in /home/jenkins/agent/workspace/Jenkins-Test
[Pipeline] {
[Pipeline] container
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Run shell)
[Pipeline] sh
+ echo hello world
hello world
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // container
[Pipeline] container
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Run docker)
[Pipeline] sh
+ kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
jenkins-ops jenkins-test-11-7m94s-nxrj4-j2z0g 2/2 Running 0 15s
kube-system coredns-7ff77c879f-ck49p 1/1 Running 9 5d2h
kube-system coredns-7ff77c879f-d2xfc 1/1 Running 10 5d2h
kube-system dnsutils 1/1 Running 16 5d1h
kube-system etcd-centos7-k8s-master 1/1 Running 11 5d2h
kube-system kube-apiserver-centos7-k8s-master 1/1 Running 6 4d
kube-system kube-controller-manager-centos7-k8s-master 1/1 Running 12 5d2h
kube-system kube-flannel-ds-amd64-52vcn 1/1 Running 9 5d1h
kube-system kube-flannel-ds-amd64-vtw58 1/1 Running 12 5d1h
kube-system kube-flannel-ds-amd64-xm8d5 1/1 Running 10 5d1h
kube-system kube-proxy-l8875 1/1 Running 18 5d1h
kube-system kube-proxy-p5fdr 1/1 Running 9 5d1h
kube-system kube-proxy-pdvz2 1/1 Running 16 5d1h
kube-system kube-scheduler-centos7-k8s-master 1/1 Running 10 5d2h
kube-system metrics-server-7f6d95d688-vjsbj 1/1 Running 7 4d
kubernetes-dashboard dashboard-metrics-scraper-6b4884c9d5-8hblg 1/1 Running 7 4d
kubernetes-dashboard kubernetes-dashboard-7b544877d5-tz4xj 1/1 Running 7 4d
nginx-ingress coffee-5f56ff9788-2745d 1/1 Running 6 3d23h
nginx-ingress coffee-5f56ff9788-c8jlx 1/1 Running 6 3d23h
nginx-ingress nginx-ingress-hjqzc 1/1 Running 6 3d23h
nginx-ingress nginx-ingress-jfh6h 1/1 Running 6 3d23h
nginx-ingress tea-69c99ff568-cpp2k 1/1 Running 6 3d23h
nginx-ingress tea-69c99ff568-rmnr2 1/1 Running 6 3d23h
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // container
[Pipeline] }
[Pipeline] // node
[Pipeline] }
[Pipeline] // podTemplate
[Pipeline] End of Pipeline
Finished: SUCCESS

虽然运行成功了,但目前kubectl使用的账号权限只能用于查询,如果项目进行部署是不行的,所以要创建新的账号供Jenkins使用,权限在某个命名空间内可以管理Pod资源即可。

为Jenkins创建kubernetes集群账号和证书

在Master上执行:

# 进入集群CA证书所在目录
cd /etc/kubernetes/pki # 执行创建证书命令
(umask 077;openssl genrsa -out jenkins.key 2048) # O=组织信息,CN=用户名
openssl req -new -key jenkins.key -out jenkins.csr -subj "/O=kubernetes/CN=jenkins" # 签署证书
openssl x509 -req -in jenkins.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out jenkins.crt -days 3650

将jenkins.crt和jenkins.key两个文件复制到所有Node节点上的/etc/kubernetes/pki目录内:

# jenkins.crt
cat jenkins.crt -----BEGIN CERTIFICATE-----
MIICuDCCAaACCQD6pvA8Ecor7zANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwpr
dWJlcm5ldGVzMB4XDTIwMDUyOTE2MDE0OFoXDTMwMDUyNzE2MDE0OFowJzETMBEG
A1UECgwKa3ViZXJuZXRlczEQMA4GA1UEAwwHamVua2luczCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALQS8ft94y2inZF7rWgc3xfkUP+4RUgab4FGBE7r
iQ5eSqQ5Hxwgx0mbYqh12xs/IhGp4YY/NUqU5hXchQ7urEKdefmQjD3CcPPWgIsJ
8MA1uAdc6wG4d9eo0qcUcisPk6giPmXOtqw4EukH0VZLTPrRp/zle5SQHUSpSyuP
CciuFSoWnm6xMo2fvTeH3WWM7MCFyCn7+OJkIaWlFWmp/qUGtsYI8lq2D4BVk0lf
jw51KmYznj1izKxyEm8Kn/qpJ+myFHdc0GdxjLUCpFXpeHLxCEFAhJBnpUtuOA4O
2uBIDxp2j7f4BnLzQvPifnMPb5o6WF7Q/2fYOKcMvC1MWtECAwEAATANBgkqhkiG
9w0BAQsFAAOCAQEAaLpkGaFhpjLe6zO4vvDJXvGWhaY0XZKv8HrFQq6+Vqv+yf7f
LCMwDaO2sLPZNVY8ruSYgbbG+Qbj8KNsDwKrMyf++fmxcpyo9XXkfnsh209hbL9C
oMImnRRiw5bVX5nto2EEgpjPoI1EW79dfMUN8+KLj4IKe910vJ1rK3PsaNmh7T7m
3bVrfZFwz8yamHn629gxxvxZZfoN4f0kc2PqGSFsLxwYuRGGueZjNK9z5ixis/S3
yEaGnjXBPZuoTC78X+avJhxBKLczVNLIiet+HWAcUsic9Ot49QfYZj4ovIrR+Uqg
HJeI+VavIrgYd9T42XeWGBKTnEhfcniKwEZxog==
-----END CERTIFICATE----- # jenkins.key
cat jenkins.key -----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAtBLx+33jLaKdkXutaBzfF+RQ/7hFSBpvgUYETuuJDl5KpDkf
HCDHSZtiqHXbGz8iEanhhj81SpTmFdyFDu6sQp15+ZCMPcJw89aAiwnwwDW4B1zr
Abh316jSpxRyKw+TqCI+Zc62rDgS6QfRVktM+tGn/OV7lJAdRKlLK48JyK4VKhae
brEyjZ+9N4fdZYzswIXIKfv44mQhpaUVaan+pQa2xgjyWrYPgFWTSV+PDnUqZjOe
PWLMrHISbwqf+qkn6bIUd1zQZ3GMtQKkVel4cvEIQUCEkGelS244Dg7a4EgPGnaP
t/gGcvNC8+J+cw9vmjpYXtD/Z9g4pwy8LUxa0QIDAQABAoIBAHajjL4u4H/uhXWW
UFcpvmoVSLBSDYNFt3UqVihQ0gmfYfn0kGSNy/7Y2xU2INdArweIL0etWUT7+OMq
WJfP87on2nbsHxmJg7WC+0mfkPhx6/8d3s9RY9O4LKFbvSRVrOi3NvkISh4JC5xw
RCFglyUhAFaEMvlcQYw9JYNbSAzoWRLAdDIZJ5bOsedOtcJkpxQczr3ngYvJ2nXC
0sLCY6/Je9BDl01K4IHXIpKVrEmhJNj+KV9L8Umrkwr87RGr4jb25aHURW2abRY4
16qU8YUrdTG8eQqT/xMZtea1QcERyRr3y29FK8pO1ID+tyoNc/KEG3oEGbJPKzHj
WB9CxukCgYEA5RLulHqyEAb2vEwaIRnbA5KPqDS0nfbe5L87FYO3J6KcJBokMlBm
aNqlCiTThu5H4SOMaYJO4u9yxMPGYDNbPKdwt27trgqYoCso1tWcDv3DQsgi/M0q
vip/ciH37vK3f+AlaQeSrtJi4TH7xTJYwgsN3X9TuToq958+F5qqTe8CgYEAyT2O
GBinOOn349IDeHxYbzFgjmLtW2YEGp8FnpU/sziluPNCA9muTUUiBm9VUHN7YSEm
DDQmohhee4IeseIrMBnHGuKkwpBDl+235tVCtCNXeTIx/hAGALw1BnNMVrHKspt2
nqMch0+VMPypZ9HyA81I+Xqd5Zr3QA1IR/J8oz8CgYBjzIO0nF/HK8GC94TKtwD7
5XZAyfWGfG9PKSEMln3M/sMX12u9n9l+BQOyD6k4N8eJBnu928+Sfs95efGLJ9Sv
8CLjR6i1Eli8LxFzx0xeG6BeD+NuT9Q3VTyA9NuXdpcLVxP1Vh9Jms8JXUVa/Dw/
DaHUxgwrvnPJvc7HadKYcQKBgCYR3QW19DySFnEk079BVsGCR8/n6xs1S2V12+xK
M8jF2KQKcNylm5HGmE87VJppnlebm8UHQJ+9mHIpBYGFVcI9virZ4W1lOUROllG2
2m2VmgC1fDuh8GDHOgjEWxazf7MWMfSEyurWJVUlFy8qymvps/puNdyv2kJlwNzL
hMSlAoGBAI/OWcteFYjPsYQM6d6FL9HMeuksN75nVqaZYOA59e+BUnt0e9r7D4cG
4wupqWA66IHo89t/JkkZ7Utxw/MO7kuyXy1tnxO6/Of1p6XWn3ckPQkGMADXfP/u
1osgYu8jLmVDMJ4nTTAZ3i/O6T3pqnl3TDbIgL9FRLxyggp5ZwRN
-----END RSA PRIVATE KEY-----

复制文件完成后在所有Node节点上执行:

# 创建jenkins用户信息
kubectl config set-credentials jenkins --client-certificate=jenkins.crt --client-key=jenkins.key --embed-certs=true # 设置上下文信息,jenkins用户与集群建立关系
kubectl config set-context jenkins@default-cluster --cluster=default-cluster --user=jenkins # 查看结果
kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://192.168.122.3:6443
name: default-cluster
contexts:
- context:
cluster: default-cluster
namespace: default
user: default-auth
name: default-context
- context:
cluster: default-cluster
user: jenkins
name: jenkins@default-cluster
current-context: default-context
kind: Config
preferences: {}
users:
- name: default-auth
user:
client-certificate: /var/lib/kubelet/pki/kubelet-client-current.pem
client-key: /var/lib/kubelet/pki/kubelet-client-current.pem
- name: jenkins
user:
client-certificate-data: REDACTED
client-key-data: REDACTED

切换刚创建的上下文(切换用户)

# 切换用户
kubectl config use-context jenkins@default-cluster # 测试
kubectl get pod # 没有权限
Error from server (Forbidden): pods is forbidden: User "jenkins" cannot list resource "pods" in API group "" in the namespace "default"

目前新账号没有分配权限无法使用,创建dev-test命名空间,并创建管理该命名空间下pod资源的角色,然后绑定到jenkins账户:

# 创建yaml内容但不执行,查看资源yaml可以加--dry-run -o yaml参数
kubectl create namespace dev-test

创建角色:

kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: jenkins-role
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
# 创建
kubectl apply -f jenkins-role.yaml -n dev-test

绑定账号与角色:

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins-role-bind
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins-role
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: jenkins
# 创建
kubectl apply -f jenkins-role-bind.yaml -n dev-test

注意:Role和RoleBinding的命名空间都是dev-test权限才生效,否则是不会生效的,账号jenkins此时拥有对dev-test命名空间pod的管理权限。

测试权限:

# 在Node节点执行
[root@centos7-k8s-node1 ~]# kubectl apply -f ndsutils.yaml -n dev-test
pod/dnsutils created
[root@centos7-k8s-node1 ~]# kubectl get pod -n dev-test
NAME READY STATUS RESTARTS AGE
dnsutils 1/1 Running 0 11s
[root@centos7-k8s-node1 ~]# kubectl get pod -n default
Error from server (Forbidden): pods is forbidden: User "jenkins" cannot list resource "pods" in API group "" in the namespace "default"

测试kubectl删除和创建Pod

在PodTemplate中增加Host Path Volume:/root/yaml,里面放入一个pod资源的yaml文件

修改构建脚本:

podTemplate (inheritFrom: "jenkins-slave-temp"){
node(POD_LABEL) {
container('jnlp'){
stage('Run shell') {
sh 'echo hello world'
}
}
container('jnlp-docker'){
stage("Run docker"){
sh 'kubectl config use-context jenkins@default-cluster'
sh 'kubectl delete -f /root/yaml/ndsutils.yaml -n dev-test'
sh 'kubectl get pod -n dev-test'
sh 'kubectl apply -f /root/yaml/ndsutils.yaml -n dev-test'
sh 'kubectl get pod -n dev-test'
}
}
}
}

构建运行结果:

Running on jenkins-test-13-lpcwk-fjw2j-4rzxf in /home/jenkins/agent/workspace/Jenkins-Test
[Pipeline] {
[Pipeline] container
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Run shell)
[Pipeline] sh
+ echo hello world
hello world
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // container
[Pipeline] container
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Run docker)
[Pipeline] sh
+ kubectl config use-context jenkins@default-cluster
Switched to context "jenkins@default-cluster".
[Pipeline] sh
+ kubectl delete -f /root/yaml/ndsutils.yaml -n dev-test
pod "dnsutils" deleted
[Pipeline] sh
+ kubectl get pod -n dev-test
No resources found in dev-test namespace.
[Pipeline] sh
+ kubectl apply -f /root/yaml/ndsutils.yaml -n dev-test
pod/dnsutils created
[Pipeline] sh
+ kubectl get pod -n dev-test
NAME READY STATUS RESTARTS AGE
dnsutils 0/1 ContainerCreating 0 1s
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // container
[Pipeline] }
[Pipeline] // node
[Pipeline] }
[Pipeline] // podTemplate
[Pipeline] End of Pipeline
Finished: SUCCESS

为jenkins账号赋予集群角色

创建集群角色,此集群角色只有查看Pod的权限:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cluster-reader
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get","list","watch"]

绑定账号和集群角色:

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: cluster-reader-jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-reader
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: jenkins

集群角色没有命名空间的概念,集群角色是在所有命名空间有效。

# 创建
kubectl apply -f cluster-reader.yaml # 绑定
kubectl apply -f cluster-reader-jenkins.yaml

在Node节点上执行:

[root@centos7-k8s-node1 yaml]# kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
dev-test dnsutils 1/1 Running 0 7m17s
kube-system coredns-7ff77c879f-ck49p 1/1 Running 9 5d3h
kube-system coredns-7ff77c879f-d2xfc 1/1 Running 10 5d3h
kube-system etcd-centos7-k8s-master 1/1 Running 11 5d3h
kube-system kube-apiserver-centos7-k8s-master 1/1 Running 6 4d1h
kube-system kube-controller-manager-centos7-k8s-master 1/1 Running 12 5d3h
kube-system kube-flannel-ds-amd64-52vcn 1/1 Running 9 5d3h
kube-system kube-flannel-ds-amd64-vtw58 1/1 Running 12 5d3h
kube-system kube-flannel-ds-amd64-xm8d5 1/1 Running 10 5d3h
kube-system kube-proxy-l8875 1/1 Running 18 5d3h
kube-system kube-proxy-p5fdr 1/1 Running 9 5d3h
kube-system kube-proxy-pdvz2 1/1 Running 16 5d3h
kube-system kube-scheduler-centos7-k8s-master 1/1 Running 10 5d3h
kube-system metrics-server-7f6d95d688-vjsbj 1/1 Running 7 4d1h
kubernetes-dashboard dashboard-metrics-scraper-6b4884c9d5-8hblg 1/1 Running 7 4d1h
kubernetes-dashboard kubernetes-dashboard-7b544877d5-tz4xj 1/1 Running 7 4d1h
nginx-ingress coffee-5f56ff9788-2745d 1/1 Running 6 4d1h
nginx-ingress coffee-5f56ff9788-c8jlx 1/1 Running 6 4d1h
nginx-ingress nginx-ingress-hjqzc 1/1 Running 6 4d1h
nginx-ingress nginx-ingress-jfh6h 1/1 Running 6 4d1h
nginx-ingress tea-69c99ff568-cpp2k 1/1 Running 6 4d1h
nginx-ingress tea-69c99ff568-rmnr2 1/1 Running 6 4d1h

Jenkins在Pod中实现Docker in Docker并用kubectl进行部署的更多相关文章

  1. Docker+Maven+Jenkins在Devops中完整应用

    过去与现在 很早之前,当我们需要一个部署环境的时候,我们可能指的是一台PowerEdge R710 2U服务器,走一系列冗长的申请流程,然后上架到机房.调试网络.安装系统.调试环境.最终部署应用,就这 ...

  2. kubernetes部署jenkins(Docker in Docker)及认证

    引言 Jenkins是一款开源 CI&CD 软件,用于自动化各种任务,包括构建.测试和部署软件. 本文将Jenkins的master与slave置于Pod中,部署在namespace:jenk ...

  3. jenkins和docker 使用docker作为slave

    使用docker作为jenkins slave. 文章来自:http://www.ciandcd.com文中的代码来自可以从github下载: https://github.com/ciandcd 参 ...

  4. jenkins和docker 在docker里运行jenkins

    在docker里运行jenkins server. 文章来自:http://www.ciandcd.com文中的代码来自可以从github下载: https://github.com/ciandcd ...

  5. jenkins+docker 持续构建非docker in docker jenkins docker svn maven

    工欲善其事必先利其器,为了解脱程序员的,我们程序员本身发明了很多好用的工具,通过各种工具的组合来达到我们想要的结果 本文采用jenkins docker svn maven作为相关工具,项目sprin ...

  6. jenkins+docker 持续构建非docker in docker

    工欲善其事必先利其器,为了解脱程序员的,我们程序员本身发明了很多好用的工具,通过各种工具的组合来达到我们想要的结果 本文采用jenkins docker svn maven作为相关工具,项目sprin ...

  7. Docker 以 docker 方式运行 jenkins

    https://testerhome.com/topics/5798 Docker 以 docker 方式运行 jenkins jmcn · 2016年08月26日 · 最后由 blueshark 回 ...

  8. docker安装mysql、es、jenkins等一些步骤以及如何设置docker国内镜像

    CentOS7安装Docker步骤: (0)删除旧的可能安装过的包 yum remove docker \                   docker-client \              ...

  9. 【Docker】docker安装Jenkins

    一.下载镜像 docker pull jenkinsci/jenkins 二.运行Jenkins容器 docker run --name myjenkins -d -p 8580:8080 -p 50 ...

随机推荐

  1. mysql5.7 修改密码,修改权限

    1.修改数据库对指定用户和ip权限 a. IP为192.168.0.1的用户jack拥有对数据库datebase的表table的 增删改查权限, ,连接密码为password grant select ...

  2. Spring Framework 之AOP

    Spring Framework 之AOP 目录 Spring Framework 之AOP 问题 AOP概述 AOP知识 1.连接点(Joinpoint) 2.切点(PointCut) 3.增强(A ...

  3. Element upload组件上传图片与回显图片

    场景:新增商品时需要添加商品主图,新增成功之后可编辑 上传图片: <el-form-item label="专区logo:" style="height:160px ...

  4. 从0开始学自定义View -1

    PS:好久没有写博客了,之前的东西有所忘记,百度一下竟然查到了自己的写过的博客,访问量还可以,一开始的写博客的初衷是把自己不会的记录下来,现在没想到也有博友会关注我,这就给了我动力,工作之余把零零碎碎 ...

  5. Java——Lambda表达式

    一.Lambda表达式入门 我们先来看一段代码:匿名内部类的方式实现参数的传递 interface Command{ public abstract void test(); } public cla ...

  6. EOS基础全家桶(十)交易Action操作

    简介 区块链上的所有操作都是通过交易(Transaction)上链的,无论你是转账交易还是发起的智能合约的调用,而EOS和传统区块链不同的是EOS在一个交易里可以发起多个行为(Action),这使得E ...

  7. Oracle条件判断

    一. if/else 语法:if 条件表达式 then语句块:if 条件表达式 then 语句块end if;elsif 条件表达式 then语句块:...else语句块:end if;举例:输入一个 ...

  8. IDEA中如何使用debug调试项目 一步一步详细教程

    转载该文章:https://blog.csdn.net/yxl_1207/article/details/80973622 一.Debug开篇 首先看下IDEA中Debug模式下的界面. 如下是在ID ...

  9. Coursera课程笔记----计算导论与C语言基础----Week 11

    C程序中的字符串(Week 11) 字符数组 所有的字符串,都是以\0结尾的 只能在数组定义并初始化的时候:char c[6] = "China"; 不能用赋值语句将一个字符串常量 ...

  10. Coursera课程笔记----计算导论与C语言基础----Week 7

    C语言中的数据成分(Week7) 内存 把内存想象成长带,带子上有许多方格,每个方格有8位(8bit) 2^10 = 1024 1B = 8 b 1KB = 1024Byte MB.GB.TB.PB- ...