Kubernetes部署 #
本节介绍如何在Jenkins Pipeline中集成Kubernetes,实现云原生应用的部署。
Kubernetes插件安装 #
text
插件名称: Kubernetes
插件ID: kubernetes
Kubernetes Cloud配置 #
添加Kubernetes Cloud #
Manage Jenkins → Manage Nodes and Clouds → Configure Clouds
text
Add a new cloud: Kubernetes
Name: kubernetes
Kubernetes URL: https://kubernetes.default
Kubernetes Namespace: jenkins
Credentials: kubeconfig
Jenkins URL: http://jenkins:8080
Jenkins tunnel: jenkins:50000
Kubernetes Agent #
使用Kubernetes Pod作为Agent #
groovy
pipeline {
agent {
kubernetes {
yaml '''
apiVersion: v1
kind: Pod
spec:
containers:
- name: maven
image: maven:3.8-openjdk-11
command:
- cat
tty: true
volumeMounts:
- name: maven-cache
mountPath: /root/.m2
volumes:
- name: maven-cache
persistentVolumeClaim:
claimName: maven-cache-pvc
'''
}
}
stages {
stage('Build') {
steps {
container('maven') {
sh 'mvn clean package'
}
}
}
}
}
多容器Pod #
groovy
pipeline {
agent {
kubernetes {
yaml '''
apiVersion: v1
kind: Pod
spec:
containers:
- name: maven
image: maven:3.8-openjdk-11
command:
- cat
tty: true
- name: docker
image: docker:latest
command:
- cat
tty: true
volumeMounts:
- name: docker-sock
mountPath: /var/run/docker.sock
volumes:
- name: docker-sock
hostPath:
path: /var/run/docker.sock
'''
}
}
stages {
stage('Build') {
steps {
container('maven') {
sh 'mvn clean package'
}
}
}
stage('Docker Build') {
steps {
container('docker') {
sh 'docker build -t myapp .'
}
}
}
}
}
kubectl部署 #
配置kubeconfig #
groovy
stage('Deploy') {
steps {
withCredentials([file(
credentialsId: 'kubeconfig',
variable: 'KUBECONFIG'
)]) {
sh 'kubectl get pods'
}
}
}
部署应用 #
groovy
stage('Deploy') {
steps {
withCredentials([file(
credentialsId: 'kubeconfig',
variable: 'KUBECONFIG'
)]) {
sh '''
kubectl apply -f k8s/deployment.yaml
kubectl apply -f k8s/service.yaml
kubectl rollout status deployment/myapp
'''
}
}
}
更新镜像 #
groovy
stage('Update Image') {
steps {
withCredentials([file(
credentialsId: 'kubeconfig',
variable: 'KUBECONFIG'
)]) {
sh """
kubectl set image deployment/myapp \
myapp=registry.example.com/myapp:${BUILD_NUMBER} \
--namespace production
"""
}
}
}
Helm部署 #
安装Helm #
groovy
stage('Helm Deploy') {
steps {
container('helm') {
sh '''
helm upgrade --install myapp ./helm \
--namespace production \
--set image.tag=${BUILD_NUMBER} \
--values helm/values-production.yaml
'''
}
}
}
Helm模板 #
groovy
stage('Helm Template') {
steps {
container('helm') {
sh '''
helm template myapp ./helm \
--namespace production \
--set image.tag=${BUILD_NUMBER}
'''
}
}
}
完整示例 #
groovy
pipeline {
agent {
kubernetes {
yaml '''
apiVersion: v1
kind: Pod
spec:
serviceAccountName: jenkins-deployer
containers:
- name: maven
image: maven:3.8-openjdk-11
command:
- cat
tty: true
volumeMounts:
- name: maven-cache
mountPath: /root/.m2
- name: docker
image: docker:latest
command:
- cat
tty: true
volumeMounts:
- name: docker-sock
mountPath: /var/run/docker.sock
- name: kubectl
image: bitnami/kubectl:latest
command:
- cat
tty: true
volumes:
- name: maven-cache
persistentVolumeClaim:
claimName: maven-cache-pvc
- name: docker-sock
hostPath:
path: /var/run/docker.sock
'''
}
}
environment {
APP_NAME = 'myapp'
DOCKER_REGISTRY = 'registry.example.com'
NAMESPACE = 'production'
}
stages {
stage('Checkout') {
steps {
checkout scm
}
}
stage('Build') {
steps {
container('maven') {
sh 'mvn clean package -DskipTests'
}
}
}
stage('Test') {
steps {
container('maven') {
sh 'mvn test'
}
}
}
stage('Docker Build') {
steps {
container('docker') {
sh """
docker build -t ${DOCKER_REGISTRY}/${APP_NAME}:${BUILD_NUMBER} .
docker push ${DOCKER_REGISTRY}/${APP_NAME}:${BUILD_NUMBER}
"""
}
}
}
stage('Deploy') {
steps {
container('kubectl') {
sh """
kubectl set image deployment/${APP_NAME} \
${APP_NAME}=${DOCKER_REGISTRY}/${APP_NAME}:${BUILD_NUMBER} \
-n ${NAMESPACE}
kubectl rollout status deployment/${APP_NAME} \
-n ${NAMESPACE}
"""
}
}
}
stage('Verify') {
steps {
container('kubectl') {
sh """
kubectl get pods -l app=${APP_NAME} -n ${NAMESPACE}
kubectl get services -n ${NAMESPACE}
"""
}
}
}
}
}
RBAC配置 #
ServiceAccount #
yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins-deployer
namespace: jenkins
Role #
yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: jenkins-deployer
namespace: production
rules:
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [""]
resources: ["pods", "services"]
verbs: ["get", "list", "watch"]
RoleBinding #
yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins-deployer
namespace: production
subjects:
- kind: ServiceAccount
name: jenkins-deployer
namespace: jenkins
roleRef:
kind: Role
name: jenkins-deployer
apiGroup: rbac.authorization.k8s.io
最佳实践 #
1. 使用ServiceAccount #
text
为Jenkins创建专用ServiceAccount
授予最小必要权限
2. 使用Helm管理应用 #
text
使用Helm Chart管理K8s资源
版本化管理部署配置
3. 健康检查 #
groovy
stage('Health Check') {
steps {
container('kubectl') {
sh """
kubectl wait --for=condition=ready pod -l app=${APP_NAME} \
-n ${NAMESPACE} --timeout=300s
"""
}
}
}
4. 回滚机制 #
groovy
stage('Rollback') {
when {
expression { currentBuild.result == 'FAILURE' }
}
steps {
container('kubectl') {
sh "kubectl rollout undo deployment/${APP_NAME} -n ${NAMESPACE}"
}
}
}
小结 #
- Kubernetes Agent使用Pod作为构建环境
- 支持多容器Pod
- kubectl命令行部署
- Helm管理复杂应用
- 配置RBAC权限
- 实现健康检查和回滚
最后更新:2026-03-28