如何用 Helm 管理 Jenkins，看这篇就够了

Helm3 简介

Helm 创建于2015年，同年加入CNCF，2020年毕业。

Helm 是为 kubernetes 提供的包管理工具。包指的是 helm charts，charts 是预先配置的 kubernetes 资源对象集合，类似于 linux 上的 rpm 包。使用 Helm 可以管理 kubernetes 资源对象、应用的配置管理及发布更新等。

helm chart 可以托管在统一制品仓库，开源工具的如 nexus、harbor。

使用 Helm-Chart 部署 Jenkins

从结构中我们看到有不同级别的文件夹，以及一些yaml文件。

• charts：用于存放其他依赖和关联的chart。例如应用依赖数据库的chart。
• Chart.yaml：存储一些元数据，例如chart的信息，描述等等
• templates文件夹：是所有资源的位置，我们可以看到很多kubernetes的资源文件都在这里存放。
• 其中的_helpers.tpl，用于存储模板片段，可以在文件中直接使用template函数调用。
• value.yaml：存储该chart的默认值，实际安装时可以对默认值进行覆盖。
• NOTES.txt：相当于你运行helm install的时候给用户输出的提示

Helm部署Jenkins

1、Jenkins 官方 helm-charts https://github.com/jenkinsci/configuration-as-code-plugin.git

2、数据持久化配置 由于jenkins helm-charts默认使用hostPath方式持久化数据，uninstall或容器集群爆炸后可能造成数据丢失，故使用本地存储目录进行数据持久化（个人环境，无nfs等其他网络存储或持久化存储设备）。2.1、创建pv

apiVersion: v1
kind: PersistentVolume
metadata:
  name: jenkins-pv-local
spec:
  capacity:
    storage: 10Gi
  volumeMode: Filesystem
  accessModes:
  - ReadWriteOnce
  persistentVolumeReclaimPolicy: Delete
  storageClassName: local-storage
  local:
    path: /Users/zhang/data/jenkins  # ydzs-node1节点上的目录
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - docker-desktop

2.2、创建pvc

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: jenkins-pvc-local
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  storageClassName: local-storage

2.3、创建后验证

zhangdeMacBook-Pro:charts zhang$ kubectl get pv,pvc -n default
NAME                                CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                       STORAGECLASS    REASON   AGE
persistentvolume/jenkins-pv-local   10Gi       RWO            Delete           Bound    default/jenkins-pvc-local   local-storage            3h48m

NAME                                      STATUS   VOLUME             CAPACITY   ACCESS MODES   STORAGECLASS    AGE
persistentvolumeclaim/jenkins-pvc-local   Bound    jenkins-pv-local   10Gi       RWO            local-storage   3h46m

3、执行部署

git clone https://github.com/jenkinsci/helm-charts.gitcd ${helm-charts}helm install jenkins jenkins# return infoNAME: jenkins
LAST DEPLOYED: Tue Feb  2 21:21:28 2021NAMESPACE: default
STATUS: deployed
REVISION: 1NOTES:1. Get your 'admin' user password by running:
  kubectl exec --namespace default -it svc/jenkins -c jenkins -- /bin/cat /run/secrets/chart-admin-password && echo2. Get the Jenkins URL to visit by running these commands in the same shell:  echo http://127.0.0.1:8080
  kubectl --namespace default port-forward svc/jenkins 8080:80803. Login with the password from step 1 and the username: admin4. Configure security realm and authorization strategy5. Use Jenkins Configuration as Code by specifying configScripts in your values.yaml file, see documentation: http:///configuration-as-code and examples: https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos

For more information on running Jenkins on Kubernetes, visit:
https://cloud.google.com/solutions/jenkins-on-container-engine

For more information about Jenkins Configuration as Code, visit:
https://jenkins.io/projects/jcasc/

NOTE: Consider using a custom image with pre-installed plugins

zhang@zhangdeMacBook-Pro local-helmChartCenter % helm list
NAME    NAMESPACE   REVISION    UPDATED                                 STATUS      CHART           APP VERSION
jenkins default     1           2021-02-02 21:21:28.681602 +0800 CST    deployed    jenkins-3.1.8   2.263.3    zhang@zhangdeMacBook-Pro local-helmChartCenter % kubectl get all  -n default
NAME             READY   STATUS    RESTARTS   AGE
pod/jenkins-0    2/2     Running   6          2d12h

NAME                     TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)     AGE
service/jenkins          ClusterIP   10.109.107.40    <none>        8080/TCP    2d12h
service/jenkins-agent    ClusterIP   10.103.205.142   <none>        50000/TCP   2d12h
service/kubernetes       ClusterIP   10.96.0.1        <none>        443/TCP     6d23h

NAME                       READY   AGE
statefulset.apps/jenkins   1/1     2d12h

4、映射端口到宿主机端口

1. Get your 'admin' user password by running:
  kubectl exec --namespace default -it svc/jenkins -c jenkins -- /bin/cat /run/secrets/chart-admin-password && echo2. Get the Jenkins URL to visit by running these commands in the same shell:  echo http://127.0.0.1:8080
  kubectl --namespace default port-forward svc/jenkins 8080:8080

5、访问 web 进行验证

JCasC 管理 Jenkins 配置

JCasC 全称 Configuration as Code

1. Plugins

plugins:
        required:
        - kubernetes:1.27.6
        - workflow-aggregator:2.6
        - git:4.5.2
        - configuration-as-code:1.46

2.Tools Installations

tool:
  git:
    installations:
    - home: "git"
      name: "Default"

3.Tools Integration

unclassified:
  buildDiscarders:
    configuredBuildDiscarders:
    - "jobBuildDiscarder"
  fingerprints:
    fingerprintCleanupDisabled: false
    storage: "file"
  gitSCM:
    addGitTagAction: false
    allowSecondFetch: false
    createAccountBasedOnEmail: false
    disableGitToolChooser: false
    hideCredentials: false
    showEntireCommitSummaryInChanges: false
    useExistingAccountWithSameEmail: false
  junitTestResultStorage:
    storage: "file"
  location:
    adminAddress: "address not configured yet <nobody@nowhere>"
    url: "http://jenkins:8080/"
  mailer:
    charset: "UTF-8"
    useSsl: false
    useTls: false
  pollSCM:
    pollingThreadCount: 10
  sonarGlobalConfiguration:
    buildWrapperEnabled: false