Jenkins使用k8s插件在JNLP容器上运行。

huangapple go评论75阅读模式
英文:

Jenkins using k8s plugin runs on JNLP container

问题

I've decided to run a podTemplate with one container of main.

  1. 为什么我的 pod 模板配置中包含 JNLP?它是什么作用?我是否可以只有我的容器和我的镜像而没有 JNLP?
  2. 如何将 JNLP 镜像覆盖为我的镜像,而不是传入的镜像?
  3. 如何在我的 pod/container "main" 上运行我的作业,而不是在 JNLP 上运行?

Jenkins使用k8s插件在JNLP容器上运行。
Jenkins使用k8s插件在JNLP容器上运行。

我的 Jenkins 配置代码 -

config:
  Jenkins:cluster: non-prod
  Jenkins:secrets:
    create: true
    secretsList:
      - name: jenkins-github-token-non-prod
        value: /us-west-2-non-prod/jenkins/secrets/github-token
      - name: jenkins-slack-token-non-prod
        value: /us-west-2-non-prod/jenkins/secrets/slack-token
  Jenkins:config:
    chart: jenkins
    namespace: default
    repo: https://charts.jenkins.io
    values:
      agent:
        enabled: true
        podTemplates:
          jenkins-slave-pod: |
            - name: jenkins-slave-pod
              label: jenkins-slave-pod
              containers:
                - name: main
                  image: '805787217936.dkr.ecr.us-west-2.amazonaws.com/aba-jenkins-slave:ecs-global-node_master_57'
                  command: "sleep"
                  args: "30d"
                  privileged: true            
        master.JCasC.enabled: true
        master.JCasC.defaultConfig: true
        kubernetesConnectTimeout: 5
        kubernetesReadTimeout: 15
        maxRequestsPerHostStr: "32"
        namespace: default
        image: "805787217936.dkr.ecr.us-west-2.amazonaws.com/aba-jenkins-slave"
        tag: "ecs-global-node_master_57"
        workingDir: "/home/jenkins/agent"
        nodeUsageMode: "NORMAL"
        imagePullSecretName:
        componentName: "eks-global-slave"
        websocket: false
        privileged: false
        runAsUser:
        runAsGroup:
        resources:
          requests:
            cpu: "512m"
            memory: "512Mi"
          limits:
            cpu: "512m"
            memory: "512Mi"
        podRetention: "Never"
        volumes: [ ]
        workspaceVolume: { }
        envVars: [ ]
        command:
        args: "${computer.jnlpmac} ${computer.name}"
        sideContainerName: "jnlp"
        TTYEnabled: true
        containerCap: 10
        podName: "jnlp"
        idleMinutes: 0
        connectTimeout: 100
      serviceAccount:
        annotations: {}
      controller:
        numExecutors: 1
        additionalExistingSecrets: []
        JCasC:
          securityRealm: |
            local:
                  allowsSignup: false
                  users:
                    - id: "aba"
                      password: "aba"            
          configScripts:
            credentials: |
              credentials:
                system:
                  domainCredentials:
                    - credentials:
                        - string:
                            scope: GLOBAL
                            id: slack-token
                            description: "Slack access token"
                            secret: "${jenkins-slack-token-non-prod-value}"
                        - usernamePassword:
                            id: "github-credentials"
                            password: "aba"
                            scope: GLOBAL
                            username: "aba"              
            plugin-config: |
              jenkins:
                disabledAdministrativeMonitors:
                  - "hudson.model.UpdateCenter$CoreUpdateMonitor"
                  - "jenkins.diagnostics.ControllerExecutorsNoAgents"
              security:
                updateSiteWarningsConfiguration:
                  ignoredWarnings:
                    - "core-2_263"
                    - "SECURITY-2617-extended-choice-parameter"
                    - "SECURITY-2170"
                    - "SECURITY-2796"
                    - "SECURITY-2169"
                    - "SECURITY-2332"
                    - "SECURITY-2232"
                    - "SECURITY-1351"
                    - "SECURITY-1350"
                    - "SECURITY-2888"
              unclassified:
                slackNotifier:
                  teamDomain: "superops"
                  baseUrl: "https://superops.slack.com/services/hooks/jenkins-ci/"
                  tokenCredentialId: "slack-token"
                globalLibraries:
                  libraries:
                    - defaultVersion: "master"
                      allowVersionOverride: true
                      name: "aba-jenkins-library"
                      implicit: true
                      retriever:
                        modernSCM:
                          scm:
                            git:
                              credentialsId: "github-credentials"
                              id: "shared-library-creds"
                              remote: "https://github.com/aba-aba/aba-jenkins-library.git"
                              traits:
                                - "gitBranchDiscovery"
                                - "cleanBeforeCheckoutTrait"
                                - "ignoreOnPushNotificationTrait"              
        additionalPlugins:
        - junit:1119.1121.vc43d0fc45561
        - prometheus:2.0.11
        - saml:4.352.vb_722786ea_79d
        - role-strategy:546.ve16648865996
        - blueocean-web:1.25.5
        - github-branch-source:1677.v731f745ea_0cf
        - git-changelog:3.23
        - scriptler:3.5
        - sshd:3.249.v2dc2ea_416e33
        - rich-text-publisher-plugin:1.4
        - matrix-project:785.v06b_7f47b_c631
        - build-failure-analyzer:2.3.0
        - testng-plugin:555.va0d5f66521e3
        - allure-jenkins-plugin:2.30.2
        - timestamper:1.18
        - ws-cleanup:0.42
        - build-timeout:1.21
        - slack:616.v03b_1e98d13dd
        - email-ext:2.91
        - docker-commons:1.19
        - docker-workflow:521.v1a_a_dd2073b_2e
        - rundeck:3.6.11
        - parameter-separator:1.3
        - extended-choice-parameter:346.vd87693c5a_86c
        - uno-choice:2.6.3
        adminPassword: ""
        ingress:
          enabled: true
          hostName: jenkins.non-prod.us-west-2.int.isappcloud.com
          ingressClassName: nginx-int
        installPlugins:
        - kubernetes:3883.v4d70a_a_a_df034
        - workflow-aggregator:590.v6a_d052e5a_a_b_5
        - git:5.0.0
        - configuration-as-code:1569.vb_72405

<details>
<summary>英文:</summary>

I&#39;ve decided to run a podTemplate with one container of main.

1. Why does my pod template configuration include JNLP? What is needed for? can I have only my pod with my container with my image?
2. How do I overwrite the JNLP image with my image instead of inbound image?
3. How do I run my job on my pod/container of &#39;main&#39; and not JNLP?

[![enter image description here][1]][1]
[![enter image description here][2]][2]



My Jenkins configuration as code -

```config:
  Jenkins:cluster: non-prod
  Jenkins:secrets:
    create: true
    secretsList:
      - name: jenkins-github-token-non-prod
        value: /us-west-2-non-prod/jenkins/secrets/github-token
      - name: jenkins-slack-token-non-prod
        value: /us-west-2-non-prod/jenkins/secrets/slack-token
  Jenkins:config:
    chart: jenkins
    namespace: default
    repo: https://charts.jenkins.io
    values:
      agent:
        enabled: true
        podTemplates:
          jenkins-slave-pod: |
            - name: jenkins-slave-pod
              label: jenkins-slave-pod
              containers:
                - name: main
                  image: &#39;805787217936.dkr.ecr.us-west-2.amazonaws.com/aba-jenkins-slave:ecs-global-node_master_57&#39;
                  command: &quot;sleep&quot;
                  args: &quot;30d&quot;
                  privileged: true            
        master.JCasC.enabled: true
        master.JCasC.defaultConfig: true
        kubernetesConnectTimeout: 5
        kubernetesReadTimeout: 15
        maxRequestsPerHostStr: &quot;32&quot;
        namespace: default
        image: &quot;805787217936.dkr.ecr.us-west-2.amazonaws.com/aba-jenkins-slave&quot;
        tag: &quot;ecs-global-node_master_57&quot;
        workingDir: &quot;/home/jenkins/agent&quot;
        nodeUsageMode: &quot;NORMAL&quot;
        # name of the secret to be used for image pulling
        imagePullSecretName:
        componentName: &quot;eks-global-slave&quot;
        websocket: false
        privileged: false
        runAsUser:
        runAsGroup:
        resources:
          requests:
            cpu: &quot;512m&quot;
            memory: &quot;512Mi&quot;
          limits:
            cpu: &quot;512m&quot;
            memory: &quot;512Mi&quot;
        podRetention: &quot;Never&quot;
        volumes: [ ]
        workspaceVolume: { }
        envVars: [ ]
        # - name: PATH
        #   value: /usr/local/bin
        command:
        args: &quot;${computer.jnlpmac} ${computer.name}&quot;
        # Side container name
        sideContainerName: &quot;jnlp&quot;
        # Doesn&#39;t allocate pseudo TTY by default
        TTYEnabled: true
        # Max number of spawned agent
        containerCap: 10
        # Pod name
        podName: &quot;jnlp&quot;
        # Allows the Pod to remain active for reuse until the configured number of
        # minutes has passed since the last step was executed on it.
        idleMinutes: 0
        # Timeout in seconds for an agent to be online
        connectTimeout: 100
      serviceAccount:
        annotations: {}
      controller:
        numExecutors: 1
        additionalExistingSecrets: []
        JCasC:
          securityRealm: |
            local:
                  allowsSignup: false
                  users:
                    - id: &quot;aba&quot;
                      password: &quot;aba&quot;            
#          securityRealm: |
#            saml:
#              binding: &quot;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect&quot;
#              displayNameAttributeName: &quot;http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name&quot;
#              groupsAttributeName: &quot;http://schemas.xmlsoap.org/claims/Group&quot;
#              idpMetadataConfiguration:
#                period: 0
#                url: &quot;https://aba.onelogin.com/saml/metadata/34349e62-799f-4378-9d2a-03b870cbd965&quot;
#              maximumAuthenticationLifetime: 86400
#              usernameCaseConversion: &quot;none&quot;
#          authorizationStrategy: |-
#            roleBased:
#              forceExistingJobs: true
          configScripts:
            credentials: |
              credentials:
                system:
                  domainCredentials:
                    - credentials:
                        - string:
                            scope: GLOBAL
                            id: slack-token
                            description: &quot;Slack access token&quot;
                            secret: &quot;${jenkins-slack-token-non-prod-value}&quot;
                        - usernamePassword:
                            id: &quot;github-credentials&quot;
                            password: &quot;aba&quot;
                            scope: GLOBAL
                            username: &quot;aba&quot;              
            plugin-config: |
              jenkins:
                disabledAdministrativeMonitors:
                  - &quot;hudson.model.UpdateCenter$CoreUpdateMonitor&quot;
                  - &quot;jenkins.diagnostics.ControllerExecutorsNoAgents&quot;
              security:
                updateSiteWarningsConfiguration:
                  ignoredWarnings:
                    - &quot;core-2_263&quot;
                    - &quot;SECURITY-2617-extended-choice-parameter&quot;
                    - &quot;SECURITY-2170&quot;
                    - &quot;SECURITY-2796&quot;
                    - &quot;SECURITY-2169&quot;
                    - &quot;SECURITY-2332&quot;
                    - &quot;SECURITY-2232&quot;
                    - &quot;SECURITY-1351&quot;
                    - &quot;SECURITY-1350&quot;
                    - &quot;SECURITY-2888&quot;
              unclassified:
                slackNotifier:
                  teamDomain: &quot;superops&quot;
                  baseUrl: &quot;https://superops.slack.com/services/hooks/jenkins-ci/&quot;
                  tokenCredentialId: &quot;slack-token&quot;
                globalLibraries:
                  libraries:
                    - defaultVersion: &quot;master&quot;
                      allowVersionOverride: true
                      name: &quot;aba-jenkins-library&quot;
                      implicit: true
                      retriever:
                        modernSCM:
                          scm:
                            git:
                              credentialsId: &quot;github-credentials&quot;
                              id: &quot;shared-library-creds&quot;
                              remote: &quot;https://github.com/aba-aba/aba-jenkins-library.git&quot;
                              traits:
                                - &quot;gitBranchDiscovery&quot;
                                - &quot;cleanBeforeCheckoutTrait&quot;
                                - &quot;ignoreOnPushNotificationTrait&quot;              
        additionalPlugins:
        - junit:1119.1121.vc43d0fc45561
        - prometheus:2.0.11
        - saml:4.352.vb_722786ea_79d
        - role-strategy:546.ve16648865996
        - blueocean-web:1.25.5
        - github-branch-source:1677.v731f745ea_0cf
        - git-changelog:3.23
        - scriptler:3.5
        - sshd:3.249.v2dc2ea_416e33
        - rich-text-publisher-plugin:1.4
        - matrix-project:785.v06b_7f47b_c631
        - build-failure-analyzer:2.3.0
        - testng-plugin:555.va0d5f66521e3
        - allure-jenkins-plugin:2.30.2
        - timestamper:1.18
        - ws-cleanup:0.42
        - build-timeout:1.21
        - slack:616.v03b_1e98d13dd
        - email-ext:2.91
        - docker-commons:1.19
        - docker-workflow:521.v1a_a_dd2073b_2e
        - rundeck:3.6.11
        - parameter-separator:1.3
        - extended-choice-parameter:346.vd87693c5a_86c
        - uno-choice:2.6.3
        adminPassword: &quot;&quot;
        ingress:
          enabled: true
          hostName: jenkins.non-prod.us-west-2.int.isappcloud.com
          ingressClassName: nginx-int
        installPlugins:
        - kubernetes:3883.v4d70a_a_a_df034
        - workflow-aggregator:590.v6a_d052e5a_a_b_5
        - git:5.0.0
        - configuration-as-code:1569.vb_72405b_80249
        jenkinsUrlProtocol: https
        prometheus:
          enabled: true
        resources:
          limits:
            cpu: &quot;4&quot;
            memory: 8Gi
          requests:
            cpu: &quot;2&quot;
            memory: 4Gi
        sidecars:
          configAutoReload:
            resources:
              requests:
                cpu: 128m
                memory: 256Mi
        statefulSetAnnotations:
          pulumi.com/patchForce: &quot;true&quot;
          Name: eks-non-prod-us-west-2-jenkins
          department: aba
          division: enterprise
          environment: non-prod
          owner: devops
          project: eks-non-prod-us-west-2-jenkins
          team: infra
        tag: 2.362-jdk11
    version: 4.1.13
  Jenkins:stackTags:
    Name: eks-non-prod-us-west-2-jenkins
    department: aba
    division: enterprise
    environment: non-prod
    owner: devops
    project: eks-non-prod-us-west-2-jenkins
    team: infra
  aws:region: us-west-2

答案1

得分: 1

以下是翻译好的内容:

Kubernetes插件分配Jenkins代理在Kubernetes pod中。在这些pod中,总是有一个特殊的容器jnlp,它运行Jenkins代理。其他容器可以运行您选择的任意进程,并且可以在代理pod的任何容器中动态运行命令...
默认情况下,命令将在运行Jenkins代理的jnlp容器中执行。 (jnlp的名称是历史原因,为了兼容性而保留。)
...此外,在Kubernetes Pod模板部分,我们需要配置将用于启动代理pod的镜像。除非在不寻常情况下,我们不建议覆盖jnlp容器。

https://plugins.jenkins.io/kubernetes/

要自定义jnlp镜像,您可以在代理块中指定,然后在容器块中使用容器标签来运行该容器:

英文:

The kubernetes plugin has a summary of what the JNLP is used for. It's recommended to retain the JNLP container, and the name is JNLP mostly for historical reasons. It sounds like it's not JWS.

> The Kubernetes plugin allocates Jenkins agents in Kubernetes pods. Within these pods, there is always one special container jnlp that is running the Jenkins agent. Other containers can run arbitrary processes of your choosing, and it is possible to run commands dynamically in any container in the agent pod...
> Commands will be executed by default in the jnlp container, where the Jenkins agent is running. (The jnlp name is historical and is retained for compatibility.)
>...In addition to that, in the Kubernetes Pod Template section, we need to configure the image that will be used to spin up the agent pod. We do not recommend overriding the jnlp container except under unusual circumstances.

https://plugins.jenkins.io/kubernetes/

To customize the jnlp image you specify that in the agent block then using the container label in the container block to run on that container:

pipeline {
agent {
kubernetes {
yaml &#39;&#39;&#39;
apiVersion: v1
kind: Pod
metadata:
labels:
some-label: some-label-value
spec:
containers:
- name: jnlp
image: &#39;jenkins/inbound-agent&#39;     // your image you want to override
args: [&#39;\$(JENKINS_SECRET)&#39;, &#39;\$(JENKINS_NAME)&#39;]
- name: maven
image: maven:alpine
command:
- cat
tty: true
- name: busybox
image: busybox
command:
- cat
tty: true
&#39;&#39;&#39;
retries 2
}
}
stages {
stage(&#39;Run maven&#39;) {
steps {
container(&#39;maven&#39;) { // specify which container to run this on
sh &#39;mvn -version&#39;
}
container(&#39;busybox&#39;) {
sh &#39;/bin/busybox&#39;
}
}
}
}
}

huangapple
  • 本文由 发表于 2023年2月23日 22:02:26
  • 转载请务必保留本文链接:https://go.coder-hub.com/75545833.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定