[AWS] EKS Jenkins 설치

dongdorrong·2022년 12월 18일
0

AWS

목록 보기
7/7
post-thumbnail

0. kubectl 설치 (링크)

1. Helm 설치 (링크)

2. EKS 클러스터 생성

3. 서비스 계정에 대한 Amazon EBS CSI 드라이버 IAM 역할 생성 (링크)

4. Amazon EKS 추가 기능으로 Amazon EBS CSI 드라이버 관리 (링크)

5. jenkins 설치 (링크)

Jenkins에서 가이드를 제공해 주고 있어서 그대로 진행해보려고 한다.

네임스페이스 생성

root@jenkinshost:~# kubectl create ns jenkins
namespace/jenkins created

서비스 어카운트 생성

root@jenkinshost:~# cat sa.yml
# cat sa.yml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: jenkins-admin
rules:
  - apiGroups: [""]
    resources: ["*"]
    verbs: ["*"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins-admin
  namespace: jenkins
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: jenkins-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: jenkins-admin
subjects:
- kind: ServiceAccount
  name: jenkins-admin
  namespace: jenkins
root@jenkinshost:~# 
root@jenkinshost:~# kubectl apply -f sa.yml
clusterrole.rbac.authorization.k8s.io/jenkins-admin created
serviceaccount/jenkins-admin created
clusterrolebinding.rbac.authorization.k8s.io/jenkins-admin created

스토리지 클래스 생성

root@jenkinshost:~# cat stc.yml
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: local-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
root@jenkinshost:~# kubectl apply -f stc.yml
storageclass.storage.k8s.io/local-storage created 

퍼시스턴트 볼륨 생성

root@jenkinshost:~# cat pv.yml
apiVersion: v1
kind: PersistentVolume
metadata:
  name: jenkins-pv-volume
  labels:
    type: local
spec:
  storageClassName: local-storage
  claimRef:
    name: jenkins-pv-claim
    namespace: jenkins
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  local:
    path: /mnt
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - ip-192-168-66-119.ap-southeast-1.compute.internal 
root@jenkinshost:~# kubectl apply -f pv.yml
persistentvolume/jenkins-pv-volume created

퍼시스턴트 볼륨 클레임 생성

root@jenkinshost:~# cat pvc.yml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: jenkins-pv-claim
  namespace: jenkins
spec:
  storageClassName: local-storage
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 3Gi
root@jenkinshost:~# kubectl apply -f pvc.yml
persistentvolumeclaim/jenkins-pv-claim created

jenkins 배포

root@jenkinshost:~# cat deploy.yml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: jenkins
  namespace: jenkins
spec:
  replicas: 1
  selector:
    matchLabels:
      app: jenkins-server
  template:
    metadata:
      labels:
        app: jenkins-server
    spec:
      securityContext:
            fsGroup: 1000
            runAsUser: 1000
      serviceAccountName: jenkins-admin
      containers:
        - name: jenkins
          image: jenkins/jenkins:lts
          resources:
            limits:
              memory: "2Gi"
              cpu: "1000m"
            requests:
              memory: "500Mi"
              cpu: "500m"
          ports:
            - name: httpport
              containerPort: 8080
            - name: jnlpport
              containerPort: 50000
          livenessProbe:
            httpGet:
              path: "/login"
              port: 8080
            initialDelaySeconds: 90
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 5
          readinessProbe:
            httpGet:
              path: "/login"
              port: 8080
            initialDelaySeconds: 60
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 3
          volumeMounts:
            - name: jenkins-data
              mountPath: /var/jenkins_home
      volumes:
        - name: jenkins-data
          persistentVolumeClaim:
              claimName: jenkins-pv-claim
root@jenkinshost:~# kubectl apply -f deploy.yml
deployment.apps/jenkins created
root@jenkinshost:~# kubectl get deploy -n jenkins
NAME      READY   UP-TO-DATE   AVAILABLE   AGE
jenkins   1/1     1            1           107s

jenkins 접속하기 위한 서비스 생성

root@jenkinshost:~# cat svc.yml
apiVersion: v1
kind: Service
metadata:
  name: jenkins-service
  namespace: jenkins
  annotations:
      prometheus.io/scrape: 'true'
      prometheus.io/path:   /
      prometheus.io/port:   '8080'
spec:
  selector:
    app: jenkins-server
  type: NodePort
  ports:
    - port: 8080
      targetPort: 8080
      nodePort: 32000
root@jenkinshost:~# kubectl apply -f svc.yml
service/jenkins-service created
root@jenkinshost:~# kubectl get svc -n jenkins
NAME              TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
jenkins-service   NodePort   10.100.161.85   <none>        8080:32000/TCP   9s
root@jenkinshost:~# kubectl get po -n jenkins -o wide
NAME                      READY   STATUS    RESTARTS   AGE     IP              NODE                                                NOMINATED NODE   READINESS GATES
jenkins-b96f7764f-dt5j8   1/1     Running   0          3m55s   192.168.91.99   ip-192-168-66-119.ap-southeast-1.compute.internal   <none>           <none>
root@jenkinshost:~# kubectl exec -it jenkins-b96f7764f-dt5j8 cat /var/jenkins_home/secrets/initialAdminPassword -n jenkins
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
f1ef110db33e4d11904dac5b0c32a0a3

NodePort 타입의 서비스를 만들고 jenkins 파드가 위치한 노드를 확인해서 접속 테스트를 했을 때 정상 접속 가능 함을 확인하였다.

profile
DevOps 엔지니어 / 열심히 해서 잘하자

0개의 댓글