英文:
Running Jenkins jobs using Kubernetes plugin run by DEFAULT on JNLP container instead of my container
问题
根据这里的文档,默认情况下,Jenkins 代理中的命令将在 jnlp 容器中运行。
是的,当我运行我的 Jenkins 流水线使用这段代码时,它将在我的主容器上运行 -
node('node-agent'){
container('main'){
sh "ls -la"
}
}
我希望我的作业默认在 'main' 容器上运行。
比如,如果我编写以下流水线代码 ->
node('node-agent'){
sh "ls -la"
}
它将在 'main' 容器而不是 JNLP 上运行!
我的 Jenkins 作为代码的配置 -
Jenkins:cluster: non-prod
Jenkins:secrets:
create: true
secretsList:
- name: jenkins-github-token-non-prod
value: /us-west-2-non-prod/jenkins/secrets/github-token
- name: jenkins-slack-token-non-prod
value: /us-west-2-non-prod/jenkins/secrets/slack-token
Jenkins:config:
chart: jenkins
namespace: default
repo: https://charts.jenkins.io
values:
agent:
enabled: true
podTemplates:
jenkins-slave-pod: |
- name: jenkins-slave-pod
label: jenkins-slave-pod
containers:
- name: main
image: '805787217936.dkr.ecr.us-west-2.amazonaws.com/aba-jenkins-slave:ecs-global-node_master_57'
command: "sleep"
args: "30d"
privileged: true
master.JCasC.enabled: true
master.JCasC.defaultConfig: true
kubernetesConnectTimeout: 5
kubernetesReadTimeout: 15
maxRequestsPerHostStr: "32"
namespace: default
image: "805787217936.dkr.ecr.us-west-2.amazonaws.com/aba-jenkins-slave"
tag: "ecs-global-node_master_57"
workingDir: "/home/jenkins/agent"
nodeUsageMode: "NORMAL"
imagePullSecretName:
componentName: "eks-global-slave"
websocket: false
privileged: false
runAsUser:
runAsGroup:
resources:
requests:
cpu: "512m"
memory: "512Mi"
limits:
cpu: "512m"
memory: "512Mi"
podRetention: "Never"
volumes: [ ]
workspaceVolume: { }
envVars: [ ]
command:
args: "${computer.jnlpmac} ${computer.name}"
sideContainerName: "jnlp"
TTYEnabled: true
containerCap: 10
podName: "jnlp"
idleMinutes: 0
connectTimeout: 100
serviceAccount:
annotations: {}
controller:
numExecutors: 1
additionalExistingSecrets: []
JCasC:
securityRealm: |
local:
allowsSignup: false
users:
- id: "aba"
password: "aba"
configScripts:
credentials: |
credentials:
system:
domainCredentials:
- credentials:
- string:
scope: GLOBAL
id: slack-token
description: "Slack access token"
secret: "${jenkins-slack-token-non-prod-value}"
- usernamePassword:
id: "github-credentials"
password: "aba"
scope: GLOBAL
username: "aba"
plugin-config: |
jenkins:
disabledAdministrativeMonitors:
- "hudson.model.UpdateCenter$CoreUpdateMonitor"
- "jenkins.diagnostics.ControllerExecutorsNoAgents"
security:
updateSiteWarningsConfiguration:
ignoredWarnings:
- "core-2_263"
- "SECURITY-2617-extended-choice-parameter"
- "SECURITY-2170"
- "SECURITY-2796"
- "SECURITY-2169"
- "SECURITY-2332"
- "SECURITY-2232"
- "SECURITY-1351"
- "SECURITY-1350"
- "SECURITY-2888"
unclassified:
slackNotifier:
teamDomain: "superops"
baseUrl: "https://superops.slack.com/services/hooks/jenkins-ci/"
tokenCredentialId: "slack-token"
globalLibraries:
libraries:
- defaultVersion: "master"
allowVersionOverride: true
name: "aba-jenkins-library"
implicit: true
retriever:
modernSCM:
scm:
git:
credentialsId: "github-credentials"
id: "shared-library-creds"
remote: "https://github.com/aba-aba/aba-jenkins-library.git"
traits:
- "gitBranchDiscovery"
- "cleanBeforeCheckoutTrait"
- "ignoreOnPushNotificationTrait"
additionalPlugins:
- junit:1119.1121.vc43d0fc45561
- prometheus:2.0.11
- saml:4.352.vb_722786ea_79d
- role-strategy:546.ve16648865996
- blueocean-web:1.25.5
- github-branch-source:1677.v731f745ea_0cf
- git-changelog:3.23
- scriptler:3.5
- sshd:3.249.v2dc2ea_416e33
- rich-text-publisher-plugin:1.4
- matrix-project:785.v06b_7f47b_c631
- build-failure-analyzer:2.3.0
- testng-plugin:555.va0d5f66521e3
- allure-jenkins-plugin:2.30.2
- timestamper:1.18
- ws-cleanup:0.42
- build-timeout:1.21
- slack:616.v03b_1e98d13dd
- email-ext:2.91
- docker-commons:1.19
- docker-workflow:521.v1a_a_dd2073b_2e
- rundeck:3.6.11
- parameter-separator:1.3
- extended-choice-parameter:346.vd87693c5a_86c
- uno-choice:2.6.3
adminPassword: ""
ingress:
enabled: true
hostName: jenkins.non-prod.us-west-2.int.isappcloud.com
ingressClassName: nginx-int
installPlugins:
- kubernetes:3883.v4d70a_a_a_df034
<details>
<summary>英文:</summary>
as documented [here](https://plugins.jenkins.io/kubernetes/#plugin-content-using-the-pipeline-step), by default, commands in Jenkins agents will run in the jnlp container.
And yes, when I run my jenkins pipeline using this code, it will run on my main container -
node('node-agent'){
container('main'){
sh "ls -la"
}
}
I want my jobs to run on 'main' container by default.
Like if I write this pipeline ->
node('node-agent'){
sh "ls -la"
}
It will run on main instead of JNLP!
My jenkins as a code configuration -
Jenkins:cluster: non-prod
Jenkins:secrets:
create: true
secretsList:
- name: jenkins-github-token-non-prod
value: /us-west-2-non-prod/jenkins/secrets/github-token
- name: jenkins-slack-token-non-prod
value: /us-west-2-non-prod/jenkins/secrets/slack-token
Jenkins:config:
chart: jenkins
namespace: default
repo: https://charts.jenkins.io
values:
agent:
enabled: true
podTemplates:
jenkins-slave-pod: |
- name: jenkins-slave-pod
label: jenkins-slave-pod
containers:
- name: main
image: '805787217936.dkr.ecr.us-west-2.amazonaws.com/aba-jenkins-slave:ecs-global-node_master_57'
command: "sleep"
args: "30d"
privileged: true
master.JCasC.enabled: true
master.JCasC.defaultConfig: true
kubernetesConnectTimeout: 5
kubernetesReadTimeout: 15
maxRequestsPerHostStr: "32"
namespace: default
image: "805787217936.dkr.ecr.us-west-2.amazonaws.com/aba-jenkins-slave"
tag: "ecs-global-node_master_57"
workingDir: "/home/jenkins/agent"
nodeUsageMode: "NORMAL"
# name of the secret to be used for image pulling
imagePullSecretName:
componentName: "eks-global-slave"
websocket: false
privileged: false
runAsUser:
runAsGroup:
resources:
requests:
cpu: "512m"
memory: "512Mi"
limits:
cpu: "512m"
memory: "512Mi"
podRetention: "Never"
volumes: [ ]
workspaceVolume: { }
envVars: [ ]
# - name: PATH
# value: /usr/local/bin
command:
args: "${computer.jnlpmac} ${computer.name}"
# Side container name
sideContainerName: "jnlp"
# Doesn't allocate pseudo TTY by default
TTYEnabled: true
# Max number of spawned agent
containerCap: 10
# Pod name
podName: "jnlp"
# Allows the Pod to remain active for reuse until the configured number of
# minutes has passed since the last step was executed on it.
idleMinutes: 0
# Timeout in seconds for an agent to be online
connectTimeout: 100
serviceAccount:
annotations: {}
controller:
numExecutors: 1
additionalExistingSecrets: []
JCasC:
securityRealm: |
local:
allowsSignup: false
users:
- id: "aba"
password: "aba"
securityRealm: |
saml:
binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
displayNameAttributeName: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
groupsAttributeName: "http://schemas.xmlsoap.org/claims/Group"
idpMetadataConfiguration:
period: 0
url: "https://aba.onelogin.com/saml/metadata/34349e62-799f-4378-9d2a-03b870cbd965"
maximumAuthenticationLifetime: 86400
usernameCaseConversion: "none"
authorizationStrategy: |-
roleBased:
forceExistingJobs: true
configScripts:
credentials: |
credentials:
system:
domainCredentials:
- credentials:
- string:
scope: GLOBAL
id: slack-token
description: "Slack access token"
secret: "${jenkins-slack-token-non-prod-value}"
- usernamePassword:
id: "github-credentials"
password: "aba"
scope: GLOBAL
username: "aba"
plugin-config: |
jenkins:
disabledAdministrativeMonitors:
- "hudson.model.UpdateCenter$CoreUpdateMonitor"
- "jenkins.diagnostics.ControllerExecutorsNoAgents"
security:
updateSiteWarningsConfiguration:
ignoredWarnings:
- "core-2_263"
- "SECURITY-2617-extended-choice-parameter"
- "SECURITY-2170"
- "SECURITY-2796"
- "SECURITY-2169"
- "SECURITY-2332"
- "SECURITY-2232"
- "SECURITY-1351"
- "SECURITY-1350"
- "SECURITY-2888"
unclassified:
slackNotifier:
teamDomain: "superops"
baseUrl: "https://superops.slack.com/services/hooks/jenkins-ci/"
tokenCredentialId: "slack-token"
globalLibraries:
libraries:
- defaultVersion: "master"
allowVersionOverride: true
name: "aba-jenkins-library"
implicit: true
retriever:
modernSCM:
scm:
git:
credentialsId: "github-credentials"
id: "shared-library-creds"
remote: "https://github.com/aba-aba/aba-jenkins-library.git"
traits:
- "gitBranchDiscovery"
- "cleanBeforeCheckoutTrait"
- "ignoreOnPushNotificationTrait"
additionalPlugins:
- junit:1119.1121.vc43d0fc45561
- prometheus:2.0.11
- saml:4.352.vb_722786ea_79d
- role-strategy:546.ve16648865996
- blueocean-web:1.25.5
- github-branch-source:1677.v731f745ea_0cf
- git-changelog:3.23
- scriptler:3.5
- sshd:3.249.v2dc2ea_416e33
- rich-text-publisher-plugin:1.4
- matrix-project:785.v06b_7f47b_c631
- build-failure-analyzer:2.3.0
- testng-plugin:555.va0d5f66521e3
- allure-jenkins-plugin:2.30.2
- timestamper:1.18
- ws-cleanup:0.42
- build-timeout:1.21
- slack:616.v03b_1e98d13dd
- email-ext:2.91
- docker-commons:1.19
- docker-workflow:521.v1a_a_dd2073b_2e
- rundeck:3.6.11
- parameter-separator:1.3
- extended-choice-parameter:346.vd87693c5a_86c
- uno-choice:2.6.3
adminPassword: ""
ingress:
enabled: true
hostName: jenkins.non-prod.us-west-2.int.isappcloud.com
ingressClassName: nginx-int
installPlugins:
- kubernetes:3883.v4d70a_a_a_df034
- workflow-aggregator:590.v6a_d052e5a_a_b_5
- git:5.0.0
- configuration-as-code:1569.vb_72405b_80249
jenkinsUrlProtocol: https
prometheus:
enabled: true
resources:
limits:
cpu: "4"
memory: 8Gi
requests:
cpu: "2"
memory: 4Gi
sidecars:
configAutoReload:
resources:
requests:
cpu: 128m
memory: 256Mi
statefulSetAnnotations:
pulumi.com/patchForce: "true"
Name: eks-non-prod-us-west-2-jenkins
department: aba
division: enterprise
environment: non-prod
owner: devops
project: eks-non-prod-us-west-2-jenkins
team: infra
tag: 2.362-jdk11
version: 4.1.13
Jenkins:stackTags:
Name: eks-non-prod-us-west-2-jenkins
department: aba
division: enterprise
environment: non-prod
owner: devops
project: eks-non-prod-us-west-2-jenkins
team: infra
aws:region: us-west-2
</details>
# 答案1
**得分**: 1
更方便的方法是使用[声明式流水线][1],并使用`defaultContainer`指令。然后,您可以将执行器定义指定为标准的`pod`定义文件(将其放在应用程序存储库或共享库中),然后通过`name`来调用它们。这是文档中的示例:
```yaml
pipeline {
agent {
kubernetes {
defaultContainer 'maven'
yamlFile 'KubernetesPod.yaml'
}
}
stages {
stage('Run maven') {
steps {
sh 'mvn -version'
}
}
}
}
英文:
I would say that more convenient way will be using declarative pipeline with defaultContainer directive.
Then you can specify provide your executor definition as standard pod definition file (put this in app repo or shared libraries) call them by name.
This is example from doc:
pipeline {
agent {
kubernetes {
defaultContainer 'maven'
yamlFile 'KubernetesPod.yaml'
}
}
stages {
stage('Run maven') {
steps {
sh 'mvn -version'
}
}
}
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论