英文:
Jenkins using k8s plugin runs on JNLP container
问题
I've decided to run a podTemplate with one container of main.
- 为什么我的 pod 模板配置中包含 JNLP?它是什么作用?我是否可以只有我的容器和我的镜像而没有 JNLP?
- 如何将 JNLP 镜像覆盖为我的镜像,而不是传入的镜像?
- 如何在我的 pod/container "main" 上运行我的作业,而不是在 JNLP 上运行?
我的 Jenkins 配置代码 -
config:Jenkins:cluster: non-prodJenkins:secrets:create: truesecretsList:- name: jenkins-github-token-non-prodvalue: /us-west-2-non-prod/jenkins/secrets/github-token- name: jenkins-slack-token-non-prodvalue: /us-west-2-non-prod/jenkins/secrets/slack-tokenJenkins:config:chart: jenkinsnamespace: defaultrepo: https://charts.jenkins.iovalues:agent:enabled: truepodTemplates:jenkins-slave-pod: |- name: jenkins-slave-podlabel: jenkins-slave-podcontainers:- name: mainimage: '805787217936.dkr.ecr.us-west-2.amazonaws.com/aba-jenkins-slave:ecs-global-node_master_57'command: "sleep"args: "30d"privileged: truemaster.JCasC.enabled: truemaster.JCasC.defaultConfig: truekubernetesConnectTimeout: 5kubernetesReadTimeout: 15maxRequestsPerHostStr: "32"namespace: defaultimage: "805787217936.dkr.ecr.us-west-2.amazonaws.com/aba-jenkins-slave"tag: "ecs-global-node_master_57"workingDir: "/home/jenkins/agent"nodeUsageMode: "NORMAL"imagePullSecretName:componentName: "eks-global-slave"websocket: falseprivileged: falserunAsUser:runAsGroup:resources:requests:cpu: "512m"memory: "512Mi"limits:cpu: "512m"memory: "512Mi"podRetention: "Never"volumes: [ ]workspaceVolume: { }envVars: [ ]command:args: "${computer.jnlpmac} ${computer.name}"sideContainerName: "jnlp"TTYEnabled: truecontainerCap: 10podName: "jnlp"idleMinutes: 0connectTimeout: 100serviceAccount:annotations: {}controller:numExecutors: 1additionalExistingSecrets: []JCasC:securityRealm: |local:allowsSignup: falseusers:- id: "aba"password: "aba"configScripts:credentials: |credentials:system:domainCredentials:- credentials:- string:scope: GLOBALid: slack-tokendescription: "Slack access token"secret: "${jenkins-slack-token-non-prod-value}"- usernamePassword:id: "github-credentials"password: "aba"scope: GLOBALusername: "aba"plugin-config: |jenkins:disabledAdministrativeMonitors:- "hudson.model.UpdateCenter$CoreUpdateMonitor"- "jenkins.diagnostics.ControllerExecutorsNoAgents"security:updateSiteWarningsConfiguration:ignoredWarnings:- "core-2_263"- "SECURITY-2617-extended-choice-parameter"- "SECURITY-2170"- "SECURITY-2796"- "SECURITY-2169"- "SECURITY-2332"- "SECURITY-2232"- "SECURITY-1351"- "SECURITY-1350"- "SECURITY-2888"unclassified:slackNotifier:teamDomain: "superops"baseUrl: "https://superops.slack.com/services/hooks/jenkins-ci/"tokenCredentialId: "slack-token"globalLibraries:libraries:- defaultVersion: "master"allowVersionOverride: truename: "aba-jenkins-library"implicit: trueretriever:modernSCM:scm:git:credentialsId: "github-credentials"id: "shared-library-creds"remote: "https://github.com/aba-aba/aba-jenkins-library.git"traits:- "gitBranchDiscovery"- "cleanBeforeCheckoutTrait"- "ignoreOnPushNotificationTrait"additionalPlugins:- junit:1119.1121.vc43d0fc45561- prometheus:2.0.11- saml:4.352.vb_722786ea_79d- role-strategy:546.ve16648865996- blueocean-web:1.25.5- github-branch-source:1677.v731f745ea_0cf- git-changelog:3.23- scriptler:3.5- sshd:3.249.v2dc2ea_416e33- rich-text-publisher-plugin:1.4- matrix-project:785.v06b_7f47b_c631- build-failure-analyzer:2.3.0- testng-plugin:555.va0d5f66521e3- allure-jenkins-plugin:2.30.2- timestamper:1.18- ws-cleanup:0.42- build-timeout:1.21- slack:616.v03b_1e98d13dd- email-ext:2.91- docker-commons:1.19- docker-workflow:521.v1a_a_dd2073b_2e- rundeck:3.6.11- parameter-separator:1.3- extended-choice-parameter:346.vd87693c5a_86c- uno-choice:2.6.3adminPassword: ""ingress:enabled: truehostName: jenkins.non-prod.us-west-2.int.isappcloud.comingressClassName: nginx-intinstallPlugins:- kubernetes:3883.v4d70a_a_a_df034- workflow-aggregator:590.v6a_d052e5a_a_b_5- git:5.0.0- configuration-as-code:1569.vb_72405<details><summary>英文:</summary>I've decided to run a podTemplate with one container of main.1. Why does my pod template configuration include JNLP? What is needed for? can I have only my pod with my container with my image?2. How do I overwrite the JNLP image with my image instead of inbound image?3. How do I run my job on my pod/container of 'main' and not JNLP?[![enter image description here][1]][1][![enter image description here][2]][2]My Jenkins configuration as code -```config:Jenkins:cluster: non-prodJenkins:secrets:create: truesecretsList:- name: jenkins-github-token-non-prodvalue: /us-west-2-non-prod/jenkins/secrets/github-token- name: jenkins-slack-token-non-prodvalue: /us-west-2-non-prod/jenkins/secrets/slack-tokenJenkins:config:chart: jenkinsnamespace: defaultrepo: https://charts.jenkins.iovalues:agent:enabled: truepodTemplates:jenkins-slave-pod: |- name: jenkins-slave-podlabel: jenkins-slave-podcontainers:- name: mainimage: '805787217936.dkr.ecr.us-west-2.amazonaws.com/aba-jenkins-slave:ecs-global-node_master_57'command: "sleep"args: "30d"privileged: truemaster.JCasC.enabled: truemaster.JCasC.defaultConfig: truekubernetesConnectTimeout: 5kubernetesReadTimeout: 15maxRequestsPerHostStr: "32"namespace: defaultimage: "805787217936.dkr.ecr.us-west-2.amazonaws.com/aba-jenkins-slave"tag: "ecs-global-node_master_57"workingDir: "/home/jenkins/agent"nodeUsageMode: "NORMAL"# name of the secret to be used for image pullingimagePullSecretName:componentName: "eks-global-slave"websocket: falseprivileged: falserunAsUser:runAsGroup:resources:requests:cpu: "512m"memory: "512Mi"limits:cpu: "512m"memory: "512Mi"podRetention: "Never"volumes: [ ]workspaceVolume: { }envVars: [ ]# - name: PATH# value: /usr/local/bincommand:args: "${computer.jnlpmac} ${computer.name}"# Side container namesideContainerName: "jnlp"# Doesn't allocate pseudo TTY by defaultTTYEnabled: true# Max number of spawned agentcontainerCap: 10# Pod namepodName: "jnlp"# Allows the Pod to remain active for reuse until the configured number of# minutes has passed since the last step was executed on it.idleMinutes: 0# Timeout in seconds for an agent to be onlineconnectTimeout: 100serviceAccount:annotations: {}controller:numExecutors: 1additionalExistingSecrets: []JCasC:securityRealm: |local:allowsSignup: falseusers:- id: "aba"password: "aba"# securityRealm: |# saml:# binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"# displayNameAttributeName: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"# groupsAttributeName: "http://schemas.xmlsoap.org/claims/Group"# idpMetadataConfiguration:# period: 0# url: "https://aba.onelogin.com/saml/metadata/34349e62-799f-4378-9d2a-03b870cbd965"# maximumAuthenticationLifetime: 86400# usernameCaseConversion: "none"# authorizationStrategy: |-# roleBased:# forceExistingJobs: trueconfigScripts:credentials: |credentials:system:domainCredentials:- credentials:- string:scope: GLOBALid: slack-tokendescription: "Slack access token"secret: "${jenkins-slack-token-non-prod-value}"- usernamePassword:id: "github-credentials"password: "aba"scope: GLOBALusername: "aba"plugin-config: |jenkins:disabledAdministrativeMonitors:- "hudson.model.UpdateCenter$CoreUpdateMonitor"- "jenkins.diagnostics.ControllerExecutorsNoAgents"security:updateSiteWarningsConfiguration:ignoredWarnings:- "core-2_263"- "SECURITY-2617-extended-choice-parameter"- "SECURITY-2170"- "SECURITY-2796"- "SECURITY-2169"- "SECURITY-2332"- "SECURITY-2232"- "SECURITY-1351"- "SECURITY-1350"- "SECURITY-2888"unclassified:slackNotifier:teamDomain: "superops"baseUrl: "https://superops.slack.com/services/hooks/jenkins-ci/"tokenCredentialId: "slack-token"globalLibraries:libraries:- defaultVersion: "master"allowVersionOverride: truename: "aba-jenkins-library"implicit: trueretriever:modernSCM:scm:git:credentialsId: "github-credentials"id: "shared-library-creds"remote: "https://github.com/aba-aba/aba-jenkins-library.git"traits:- "gitBranchDiscovery"- "cleanBeforeCheckoutTrait"- "ignoreOnPushNotificationTrait"additionalPlugins:- junit:1119.1121.vc43d0fc45561- prometheus:2.0.11- saml:4.352.vb_722786ea_79d- role-strategy:546.ve16648865996- blueocean-web:1.25.5- github-branch-source:1677.v731f745ea_0cf- git-changelog:3.23- scriptler:3.5- sshd:3.249.v2dc2ea_416e33- rich-text-publisher-plugin:1.4- matrix-project:785.v06b_7f47b_c631- build-failure-analyzer:2.3.0- testng-plugin:555.va0d5f66521e3- allure-jenkins-plugin:2.30.2- timestamper:1.18- ws-cleanup:0.42- build-timeout:1.21- slack:616.v03b_1e98d13dd- email-ext:2.91- docker-commons:1.19- docker-workflow:521.v1a_a_dd2073b_2e- rundeck:3.6.11- parameter-separator:1.3- extended-choice-parameter:346.vd87693c5a_86c- uno-choice:2.6.3adminPassword: ""ingress:enabled: truehostName: jenkins.non-prod.us-west-2.int.isappcloud.comingressClassName: nginx-intinstallPlugins:- kubernetes:3883.v4d70a_a_a_df034- workflow-aggregator:590.v6a_d052e5a_a_b_5- git:5.0.0- configuration-as-code:1569.vb_72405b_80249jenkinsUrlProtocol: httpsprometheus:enabled: trueresources:limits:cpu: "4"memory: 8Girequests:cpu: "2"memory: 4Gisidecars:configAutoReload:resources:requests:cpu: 128mmemory: 256MistatefulSetAnnotations:pulumi.com/patchForce: "true"Name: eks-non-prod-us-west-2-jenkinsdepartment: abadivision: enterpriseenvironment: non-prodowner: devopsproject: eks-non-prod-us-west-2-jenkinsteam: infratag: 2.362-jdk11version: 4.1.13Jenkins:stackTags:Name: eks-non-prod-us-west-2-jenkinsdepartment: abadivision: enterpriseenvironment: non-prodowner: devopsproject: eks-non-prod-us-west-2-jenkinsteam: infraaws:region: us-west-2
答案1
得分: 1
以下是翻译好的内容:
Kubernetes插件分配Jenkins代理在Kubernetes pod中。在这些pod中,总是有一个特殊的容器jnlp,它运行Jenkins代理。其他容器可以运行您选择的任意进程,并且可以在代理pod的任何容器中动态运行命令...
默认情况下,命令将在运行Jenkins代理的jnlp容器中执行。 (jnlp的名称是历史原因,为了兼容性而保留。)
...此外,在Kubernetes Pod模板部分,我们需要配置将用于启动代理pod的镜像。除非在不寻常情况下,我们不建议覆盖jnlp容器。
https://plugins.jenkins.io/kubernetes/
要自定义jnlp镜像,您可以在代理块中指定,然后在容器块中使用容器标签来运行该容器:
英文:
The kubernetes plugin has a summary of what the JNLP is used for. It's recommended to retain the JNLP container, and the name is JNLP mostly for historical reasons. It sounds like it's not JWS.
> The Kubernetes plugin allocates Jenkins agents in Kubernetes pods. Within these pods, there is always one special container jnlp that is running the Jenkins agent. Other containers can run arbitrary processes of your choosing, and it is possible to run commands dynamically in any container in the agent pod...
> Commands will be executed by default in the jnlp container, where the Jenkins agent is running. (The jnlp name is historical and is retained for compatibility.)
>...In addition to that, in the Kubernetes Pod Template section, we need to configure the image that will be used to spin up the agent pod. We do not recommend overriding the jnlp container except under unusual circumstances.
https://plugins.jenkins.io/kubernetes/
To customize the jnlp image you specify that in the agent block then using the container label in the container block to run on that container:
pipeline {agent {kubernetes {yaml '''apiVersion: v1kind: Podmetadata:labels:some-label: some-label-valuespec:containers:- name: jnlpimage: 'jenkins/inbound-agent' // your image you want to overrideargs: ['\$(JENKINS_SECRET)', '\$(JENKINS_NAME)']- name: mavenimage: maven:alpinecommand:- cattty: true- name: busyboximage: busyboxcommand:- cattty: true'''retries 2}}stages {stage('Run maven') {steps {container('maven') { // specify which container to run this onsh 'mvn -version'}container('busybox') {sh '/bin/busybox'}}}}}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论