英文:
Jenkins using k8s plugin runs on JNLP container
问题
I've decided to run a podTemplate with one container of main.
- 为什么我的 pod 模板配置中包含 JNLP?它是什么作用?我是否可以只有我的容器和我的镜像而没有 JNLP?
- 如何将 JNLP 镜像覆盖为我的镜像,而不是传入的镜像?
- 如何在我的 pod/container "main" 上运行我的作业,而不是在 JNLP 上运行?
我的 Jenkins 配置代码 -
config:
Jenkins:cluster: non-prod
Jenkins:secrets:
create: true
secretsList:
- name: jenkins-github-token-non-prod
value: /us-west-2-non-prod/jenkins/secrets/github-token
- name: jenkins-slack-token-non-prod
value: /us-west-2-non-prod/jenkins/secrets/slack-token
Jenkins:config:
chart: jenkins
namespace: default
repo: https://charts.jenkins.io
values:
agent:
enabled: true
podTemplates:
jenkins-slave-pod: |
- name: jenkins-slave-pod
label: jenkins-slave-pod
containers:
- name: main
image: '805787217936.dkr.ecr.us-west-2.amazonaws.com/aba-jenkins-slave:ecs-global-node_master_57'
command: "sleep"
args: "30d"
privileged: true
master.JCasC.enabled: true
master.JCasC.defaultConfig: true
kubernetesConnectTimeout: 5
kubernetesReadTimeout: 15
maxRequestsPerHostStr: "32"
namespace: default
image: "805787217936.dkr.ecr.us-west-2.amazonaws.com/aba-jenkins-slave"
tag: "ecs-global-node_master_57"
workingDir: "/home/jenkins/agent"
nodeUsageMode: "NORMAL"
imagePullSecretName:
componentName: "eks-global-slave"
websocket: false
privileged: false
runAsUser:
runAsGroup:
resources:
requests:
cpu: "512m"
memory: "512Mi"
limits:
cpu: "512m"
memory: "512Mi"
podRetention: "Never"
volumes: [ ]
workspaceVolume: { }
envVars: [ ]
command:
args: "${computer.jnlpmac} ${computer.name}"
sideContainerName: "jnlp"
TTYEnabled: true
containerCap: 10
podName: "jnlp"
idleMinutes: 0
connectTimeout: 100
serviceAccount:
annotations: {}
controller:
numExecutors: 1
additionalExistingSecrets: []
JCasC:
securityRealm: |
local:
allowsSignup: false
users:
- id: "aba"
password: "aba"
configScripts:
credentials: |
credentials:
system:
domainCredentials:
- credentials:
- string:
scope: GLOBAL
id: slack-token
description: "Slack access token"
secret: "${jenkins-slack-token-non-prod-value}"
- usernamePassword:
id: "github-credentials"
password: "aba"
scope: GLOBAL
username: "aba"
plugin-config: |
jenkins:
disabledAdministrativeMonitors:
- "hudson.model.UpdateCenter$CoreUpdateMonitor"
- "jenkins.diagnostics.ControllerExecutorsNoAgents"
security:
updateSiteWarningsConfiguration:
ignoredWarnings:
- "core-2_263"
- "SECURITY-2617-extended-choice-parameter"
- "SECURITY-2170"
- "SECURITY-2796"
- "SECURITY-2169"
- "SECURITY-2332"
- "SECURITY-2232"
- "SECURITY-1351"
- "SECURITY-1350"
- "SECURITY-2888"
unclassified:
slackNotifier:
teamDomain: "superops"
baseUrl: "https://superops.slack.com/services/hooks/jenkins-ci/"
tokenCredentialId: "slack-token"
globalLibraries:
libraries:
- defaultVersion: "master"
allowVersionOverride: true
name: "aba-jenkins-library"
implicit: true
retriever:
modernSCM:
scm:
git:
credentialsId: "github-credentials"
id: "shared-library-creds"
remote: "https://github.com/aba-aba/aba-jenkins-library.git"
traits:
- "gitBranchDiscovery"
- "cleanBeforeCheckoutTrait"
- "ignoreOnPushNotificationTrait"
additionalPlugins:
- junit:1119.1121.vc43d0fc45561
- prometheus:2.0.11
- saml:4.352.vb_722786ea_79d
- role-strategy:546.ve16648865996
- blueocean-web:1.25.5
- github-branch-source:1677.v731f745ea_0cf
- git-changelog:3.23
- scriptler:3.5
- sshd:3.249.v2dc2ea_416e33
- rich-text-publisher-plugin:1.4
- matrix-project:785.v06b_7f47b_c631
- build-failure-analyzer:2.3.0
- testng-plugin:555.va0d5f66521e3
- allure-jenkins-plugin:2.30.2
- timestamper:1.18
- ws-cleanup:0.42
- build-timeout:1.21
- slack:616.v03b_1e98d13dd
- email-ext:2.91
- docker-commons:1.19
- docker-workflow:521.v1a_a_dd2073b_2e
- rundeck:3.6.11
- parameter-separator:1.3
- extended-choice-parameter:346.vd87693c5a_86c
- uno-choice:2.6.3
adminPassword: ""
ingress:
enabled: true
hostName: jenkins.non-prod.us-west-2.int.isappcloud.com
ingressClassName: nginx-int
installPlugins:
- kubernetes:3883.v4d70a_a_a_df034
- workflow-aggregator:590.v6a_d052e5a_a_b_5
- git:5.0.0
- configuration-as-code:1569.vb_72405
<details>
<summary>英文:</summary>
I've decided to run a podTemplate with one container of main.
1. Why does my pod template configuration include JNLP? What is needed for? can I have only my pod with my container with my image?
2. How do I overwrite the JNLP image with my image instead of inbound image?
3. How do I run my job on my pod/container of 'main' and not JNLP?
[![enter image description here][1]][1]
[![enter image description here][2]][2]
My Jenkins configuration as code -
```config:
Jenkins:cluster: non-prod
Jenkins:secrets:
create: true
secretsList:
- name: jenkins-github-token-non-prod
value: /us-west-2-non-prod/jenkins/secrets/github-token
- name: jenkins-slack-token-non-prod
value: /us-west-2-non-prod/jenkins/secrets/slack-token
Jenkins:config:
chart: jenkins
namespace: default
repo: https://charts.jenkins.io
values:
agent:
enabled: true
podTemplates:
jenkins-slave-pod: |
- name: jenkins-slave-pod
label: jenkins-slave-pod
containers:
- name: main
image: '805787217936.dkr.ecr.us-west-2.amazonaws.com/aba-jenkins-slave:ecs-global-node_master_57'
command: "sleep"
args: "30d"
privileged: true
master.JCasC.enabled: true
master.JCasC.defaultConfig: true
kubernetesConnectTimeout: 5
kubernetesReadTimeout: 15
maxRequestsPerHostStr: "32"
namespace: default
image: "805787217936.dkr.ecr.us-west-2.amazonaws.com/aba-jenkins-slave"
tag: "ecs-global-node_master_57"
workingDir: "/home/jenkins/agent"
nodeUsageMode: "NORMAL"
# name of the secret to be used for image pulling
imagePullSecretName:
componentName: "eks-global-slave"
websocket: false
privileged: false
runAsUser:
runAsGroup:
resources:
requests:
cpu: "512m"
memory: "512Mi"
limits:
cpu: "512m"
memory: "512Mi"
podRetention: "Never"
volumes: [ ]
workspaceVolume: { }
envVars: [ ]
# - name: PATH
# value: /usr/local/bin
command:
args: "${computer.jnlpmac} ${computer.name}"
# Side container name
sideContainerName: "jnlp"
# Doesn't allocate pseudo TTY by default
TTYEnabled: true
# Max number of spawned agent
containerCap: 10
# Pod name
podName: "jnlp"
# Allows the Pod to remain active for reuse until the configured number of
# minutes has passed since the last step was executed on it.
idleMinutes: 0
# Timeout in seconds for an agent to be online
connectTimeout: 100
serviceAccount:
annotations: {}
controller:
numExecutors: 1
additionalExistingSecrets: []
JCasC:
securityRealm: |
local:
allowsSignup: false
users:
- id: "aba"
password: "aba"
# securityRealm: |
# saml:
# binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
# displayNameAttributeName: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
# groupsAttributeName: "http://schemas.xmlsoap.org/claims/Group"
# idpMetadataConfiguration:
# period: 0
# url: "https://aba.onelogin.com/saml/metadata/34349e62-799f-4378-9d2a-03b870cbd965"
# maximumAuthenticationLifetime: 86400
# usernameCaseConversion: "none"
# authorizationStrategy: |-
# roleBased:
# forceExistingJobs: true
configScripts:
credentials: |
credentials:
system:
domainCredentials:
- credentials:
- string:
scope: GLOBAL
id: slack-token
description: "Slack access token"
secret: "${jenkins-slack-token-non-prod-value}"
- usernamePassword:
id: "github-credentials"
password: "aba"
scope: GLOBAL
username: "aba"
plugin-config: |
jenkins:
disabledAdministrativeMonitors:
- "hudson.model.UpdateCenter$CoreUpdateMonitor"
- "jenkins.diagnostics.ControllerExecutorsNoAgents"
security:
updateSiteWarningsConfiguration:
ignoredWarnings:
- "core-2_263"
- "SECURITY-2617-extended-choice-parameter"
- "SECURITY-2170"
- "SECURITY-2796"
- "SECURITY-2169"
- "SECURITY-2332"
- "SECURITY-2232"
- "SECURITY-1351"
- "SECURITY-1350"
- "SECURITY-2888"
unclassified:
slackNotifier:
teamDomain: "superops"
baseUrl: "https://superops.slack.com/services/hooks/jenkins-ci/"
tokenCredentialId: "slack-token"
globalLibraries:
libraries:
- defaultVersion: "master"
allowVersionOverride: true
name: "aba-jenkins-library"
implicit: true
retriever:
modernSCM:
scm:
git:
credentialsId: "github-credentials"
id: "shared-library-creds"
remote: "https://github.com/aba-aba/aba-jenkins-library.git"
traits:
- "gitBranchDiscovery"
- "cleanBeforeCheckoutTrait"
- "ignoreOnPushNotificationTrait"
additionalPlugins:
- junit:1119.1121.vc43d0fc45561
- prometheus:2.0.11
- saml:4.352.vb_722786ea_79d
- role-strategy:546.ve16648865996
- blueocean-web:1.25.5
- github-branch-source:1677.v731f745ea_0cf
- git-changelog:3.23
- scriptler:3.5
- sshd:3.249.v2dc2ea_416e33
- rich-text-publisher-plugin:1.4
- matrix-project:785.v06b_7f47b_c631
- build-failure-analyzer:2.3.0
- testng-plugin:555.va0d5f66521e3
- allure-jenkins-plugin:2.30.2
- timestamper:1.18
- ws-cleanup:0.42
- build-timeout:1.21
- slack:616.v03b_1e98d13dd
- email-ext:2.91
- docker-commons:1.19
- docker-workflow:521.v1a_a_dd2073b_2e
- rundeck:3.6.11
- parameter-separator:1.3
- extended-choice-parameter:346.vd87693c5a_86c
- uno-choice:2.6.3
adminPassword: ""
ingress:
enabled: true
hostName: jenkins.non-prod.us-west-2.int.isappcloud.com
ingressClassName: nginx-int
installPlugins:
- kubernetes:3883.v4d70a_a_a_df034
- workflow-aggregator:590.v6a_d052e5a_a_b_5
- git:5.0.0
- configuration-as-code:1569.vb_72405b_80249
jenkinsUrlProtocol: https
prometheus:
enabled: true
resources:
limits:
cpu: "4"
memory: 8Gi
requests:
cpu: "2"
memory: 4Gi
sidecars:
configAutoReload:
resources:
requests:
cpu: 128m
memory: 256Mi
statefulSetAnnotations:
pulumi.com/patchForce: "true"
Name: eks-non-prod-us-west-2-jenkins
department: aba
division: enterprise
environment: non-prod
owner: devops
project: eks-non-prod-us-west-2-jenkins
team: infra
tag: 2.362-jdk11
version: 4.1.13
Jenkins:stackTags:
Name: eks-non-prod-us-west-2-jenkins
department: aba
division: enterprise
environment: non-prod
owner: devops
project: eks-non-prod-us-west-2-jenkins
team: infra
aws:region: us-west-2
答案1
得分: 1
以下是翻译好的内容:
Kubernetes插件分配Jenkins代理在Kubernetes pod中。在这些pod中,总是有一个特殊的容器jnlp,它运行Jenkins代理。其他容器可以运行您选择的任意进程,并且可以在代理pod的任何容器中动态运行命令...
默认情况下,命令将在运行Jenkins代理的jnlp容器中执行。 (jnlp的名称是历史原因,为了兼容性而保留。)
...此外,在Kubernetes Pod模板部分,我们需要配置将用于启动代理pod的镜像。除非在不寻常情况下,我们不建议覆盖jnlp容器。
https://plugins.jenkins.io/kubernetes/
要自定义jnlp镜像,您可以在代理块中指定,然后在容器块中使用容器标签来运行该容器:
英文:
The kubernetes plugin has a summary of what the JNLP is used for. It's recommended to retain the JNLP container, and the name is JNLP mostly for historical reasons. It sounds like it's not JWS.
> The Kubernetes plugin allocates Jenkins agents in Kubernetes pods. Within these pods, there is always one special container jnlp that is running the Jenkins agent. Other containers can run arbitrary processes of your choosing, and it is possible to run commands dynamically in any container in the agent pod...
> Commands will be executed by default in the jnlp container, where the Jenkins agent is running. (The jnlp name is historical and is retained for compatibility.)
>...In addition to that, in the Kubernetes Pod Template section, we need to configure the image that will be used to spin up the agent pod. We do not recommend overriding the jnlp container except under unusual circumstances.
https://plugins.jenkins.io/kubernetes/
To customize the jnlp image you specify that in the agent block then using the container label in the container block to run on that container:
pipeline {
agent {
kubernetes {
yaml '''
apiVersion: v1
kind: Pod
metadata:
labels:
some-label: some-label-value
spec:
containers:
- name: jnlp
image: 'jenkins/inbound-agent' // your image you want to override
args: ['\$(JENKINS_SECRET)', '\$(JENKINS_NAME)']
- name: maven
image: maven:alpine
command:
- cat
tty: true
- name: busybox
image: busybox
command:
- cat
tty: true
'''
retries 2
}
}
stages {
stage('Run maven') {
steps {
container('maven') { // specify which container to run this on
sh 'mvn -version'
}
container('busybox') {
sh '/bin/busybox'
}
}
}
}
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论