Running Jenkins jobs using Kubernetes plugin run by DEFAULT on JNLP container instead of my container

huangapple
go评论97阅读模式
英文:

Running Jenkins jobs using Kubernetes plugin run by DEFAULT on JNLP container instead of my container

问题

根据这里的文档,默认情况下,Jenkins 代理中的命令将在 jnlp 容器中运行。

是的,当我运行我的 Jenkins 流水线使用这段代码时,它将在我的主容器上运行 -

  1. node('node-agent'){
  2.   container('main'){
  3.   sh "ls -la"
  4.  }
  5. }

我希望我的作业默认在 'main' 容器上运行。

比如,如果我编写以下流水线代码 ->

  1. node('node-agent'){
  2.   sh "ls -la"
  3. }

它将在 'main' 容器而不是 JNLP 上运行!

我的 Jenkins 作为代码的配置 -

  1. Jenkins:cluster: non-prod
  2.   Jenkins:secrets:
  3.     create: true
  4.     secretsList:
  5.       - name: jenkins-github-token-non-prod
  6.         value: /us-west-2-non-prod/jenkins/secrets/github-token
  7.       - name: jenkins-slack-token-non-prod
  8.         value: /us-west-2-non-prod/jenkins/secrets/slack-token
  9.   Jenkins:config:
  10.     chart: jenkins
  11.     namespace: default
  12.     repo: https://charts.jenkins.io
  13.     values:
  14.       agent:
  15.         enabled: true
  16.         podTemplates:
  17.           jenkins-slave-pod: |
  18.             - name: jenkins-slave-pod
  19.               label: jenkins-slave-pod
  20.               containers:
  21.                 - name: main
  22.                   image: '805787217936.dkr.ecr.us-west-2.amazonaws.com/aba-jenkins-slave:ecs-global-node_master_57'
  23.                   command: "sleep"
  24.                   args: "30d"
  25.                   privileged: true            
  26.         master.JCasC.enabled: true
  27.         master.JCasC.defaultConfig: true
  28.         kubernetesConnectTimeout: 5
  29.         kubernetesReadTimeout: 15
  30.         maxRequestsPerHostStr: "32"
  31.         namespace: default
  32.         image: "805787217936.dkr.ecr.us-west-2.amazonaws.com/aba-jenkins-slave"
  33.         tag: "ecs-global-node_master_57"
  34.         workingDir: "/home/jenkins/agent"
  35.         nodeUsageMode: "NORMAL"
  36.         imagePullSecretName:
  37.         componentName: "eks-global-slave"
  38.         websocket: false
  39.         privileged: false
  40.         runAsUser:
  41.         runAsGroup:
  42.         resources:
  43.           requests:
  44.             cpu: "512m"
  45.             memory: "512Mi"
  46.           limits:
  47.             cpu: "512m"
  48.             memory: "512Mi"
  49.         podRetention: "Never"
  50.         volumes: [ ]
  51.         workspaceVolume: { }
  52.         envVars: [ ]
  53.         command:
  54.         args: "${computer.jnlpmac} ${computer.name}"
  55.         sideContainerName: "jnlp"
  56.         TTYEnabled: true
  57.         containerCap: 10
  58.         podName: "jnlp"
  59.         idleMinutes: 0
  60.         connectTimeout: 100
  61.       serviceAccount:
  62.         annotations: {}
  63.       controller:
  64.         numExecutors: 1
  65.         additionalExistingSecrets: []
  66.         JCasC:
  67.           securityRealm: |
  68.             local:
  69.                   allowsSignup: false
  70.                   users:
  71.                     - id: "aba"
  72.                       password: "aba"            
  73.           configScripts:
  74.             credentials: |
  75.               credentials:
  76.                 system:
  77.                   domainCredentials:
  78.                     - credentials:
  79.                         - string:
  80.                             scope: GLOBAL
  81.                             id: slack-token
  82.                             description: "Slack access token"
  83.                             secret: "${jenkins-slack-token-non-prod-value}"
  84.                         - usernamePassword:
  85.                             id: "github-credentials"
  86.                             password: "aba"
  87.                             scope: GLOBAL
  88.                             username: "aba"              
  89.             plugin-config: |
  90.               jenkins:
  91.                 disabledAdministrativeMonitors:
  92.                   - "hudson.model.UpdateCenter$CoreUpdateMonitor"
  93.                   - "jenkins.diagnostics.ControllerExecutorsNoAgents"
  94.               security:
  95.                 updateSiteWarningsConfiguration:
  96.                   ignoredWarnings:
  97.                     - "core-2_263"
  98.                     - "SECURITY-2617-extended-choice-parameter"
  99.                     - "SECURITY-2170"
  100.                     - "SECURITY-2796"
  101.                     - "SECURITY-2169"
  102.                     - "SECURITY-2332"
  103.                     - "SECURITY-2232"
  104.                     - "SECURITY-1351"
  105.                     - "SECURITY-1350"
  106.                     - "SECURITY-2888"
  107.               unclassified:
  108.                 slackNotifier:
  109.                   teamDomain: "superops"
  110.                   baseUrl: "https://superops.slack.com/services/hooks/jenkins-ci/"
  111.                   tokenCredentialId: "slack-token"
  112.                 globalLibraries:
  113.                   libraries:
  114.                     - defaultVersion: "master"
  115.                       allowVersionOverride: true
  116.                       name: "aba-jenkins-library"
  117.                       implicit: true
  118.                       retriever:
  119.                         modernSCM:
  120.                           scm:
  121.                             git:
  122.                               credentialsId: "github-credentials"
  123.                               id: "shared-library-creds"
  124.                               remote: "https://github.com/aba-aba/aba-jenkins-library.git"
  125.                               traits:
  126.                                 - "gitBranchDiscovery"
  127.                                 - "cleanBeforeCheckoutTrait"
  128.                                 - "ignoreOnPushNotificationTrait"              
  129.         additionalPlugins:
  130.         - junit:1119.1121.vc43d0fc45561
  131.         - prometheus:2.0.11
  132.         - saml:4.352.vb_722786ea_79d
  133.         - role-strategy:546.ve16648865996
  134.         - blueocean-web:1.25.5
  135.         - github-branch-source:1677.v731f745ea_0cf
  136.         - git-changelog:3.23
  137.         - scriptler:3.5
  138.         - sshd:3.249.v2dc2ea_416e33
  139.         - rich-text-publisher-plugin:1.4
  140.         - matrix-project:785.v06b_7f47b_c631
  141.         - build-failure-analyzer:2.3.0
  142.         - testng-plugin:555.va0d5f66521e3
  143.         - allure-jenkins-plugin:2.30.2
  144.         - timestamper:1.18
  145.         - ws-cleanup:0.42
  146.         - build-timeout:1.21
  147.         - slack:616.v03b_1e98d13dd
  148.         - email-ext:2.91
  149.         - docker-commons:1.19
  150.         - docker-workflow:521.v1a_a_dd2073b_2e
  151.         - rundeck:3.6.11
  152.         - parameter-separator:1.3
  153.         - extended-choice-parameter:346.vd87693c5a_86c
  154.         - uno-choice:2.6.3
  155.         adminPassword: ""
  156.         ingress:
  157.           enabled: true
  158.           hostName: jenkins.non-prod.us-west-2.int.isappcloud.com
  159.           ingressClassName: nginx-int
  160.         installPlugins:
  161.         - kubernetes:3883.v4d70a_a_a_df034
  164. <details>
  165. <summary>英文:</summary>
  167. as documented [here](https://plugins.jenkins.io/kubernetes/#plugin-content-using-the-pipeline-step), by default, commands in Jenkins agents will run in the jnlp container.
  169. And yes, when I run my jenkins pipeline using this code, it will run on my main container -

node('node-agent'){
container('main'){
sh "ls -la"
}
}

  2. I want my jobs to run on &#39;main&#39; container by default.
  3. Like if I write this pipeline -&gt;

node('node-agent'){
sh "ls -la"
}

  1. It will run on main instead of JNLP!
  2. My jenkins as a code configuration -

Jenkins:cluster: non-prod
Jenkins:secrets:
create: true
secretsList:
- name: jenkins-github-token-non-prod
value: /us-west-2-non-prod/jenkins/secrets/github-token
- name: jenkins-slack-token-non-prod
value: /us-west-2-non-prod/jenkins/secrets/slack-token
Jenkins:config:
chart: jenkins
namespace: default
repo: https://charts.jenkins.io
values:
agent:
enabled: true
podTemplates:
jenkins-slave-pod: |
- name: jenkins-slave-pod
label: jenkins-slave-pod
containers:
- name: main
image: '805787217936.dkr.ecr.us-west-2.amazonaws.com/aba-jenkins-slave:ecs-global-node_master_57'
command: "sleep"
args: "30d"
privileged: true
master.JCasC.enabled: true
master.JCasC.defaultConfig: true
kubernetesConnectTimeout: 5
kubernetesReadTimeout: 15
maxRequestsPerHostStr: "32"
namespace: default
image: "805787217936.dkr.ecr.us-west-2.amazonaws.com/aba-jenkins-slave"
tag: "ecs-global-node_master_57"
workingDir: "/home/jenkins/agent"
nodeUsageMode: "NORMAL"
# name of the secret to be used for image pulling
imagePullSecretName:
componentName: "eks-global-slave"
websocket: false
privileged: false
runAsUser:
runAsGroup:
resources:
requests:
cpu: "512m"
memory: "512Mi"
limits:
cpu: "512m"
memory: "512Mi"
podRetention: "Never"
volumes: [ ]
workspaceVolume: { }
envVars: [ ]
# - name: PATH
# value: /usr/local/bin
command:
args: "${computer.jnlpmac} ${computer.name}"
# Side container name
sideContainerName: "jnlp"
# Doesn't allocate pseudo TTY by default
TTYEnabled: true
# Max number of spawned agent
containerCap: 10
# Pod name
podName: "jnlp"
# Allows the Pod to remain active for reuse until the configured number of
# minutes has passed since the last step was executed on it.
idleMinutes: 0
# Timeout in seconds for an agent to be online
connectTimeout: 100
serviceAccount:
annotations: {}
controller:
numExecutors: 1
additionalExistingSecrets: []
JCasC:
securityRealm: |
local:
allowsSignup: false
users:
- id: "aba"
password: "aba"

securityRealm: |

saml:

binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"

displayNameAttributeName: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"

groupsAttributeName: "http://schemas.xmlsoap.org/claims/Group"

idpMetadataConfiguration:

period: 0

url: "https://aba.onelogin.com/saml/metadata/34349e62-799f-4378-9d2a-03b870cbd965"

maximumAuthenticationLifetime: 86400

usernameCaseConversion: "none"

authorizationStrategy: |-

roleBased:

forceExistingJobs: true

  1.       configScripts:
  2. credentials: |
  3. credentials:
  4. system:
  5. domainCredentials:
  6. - credentials:
  7. - string:
  8. scope: GLOBAL
  9. id: slack-token
  10. description: &quot;Slack access token&quot;
  11. secret: &quot;${jenkins-slack-token-non-prod-value}&quot;
  12. - usernamePassword:
  13. id: &quot;github-credentials&quot;
  14. password: &quot;aba&quot;
  15. scope: GLOBAL
  16. username: &quot;aba&quot;
  17. plugin-config: |
  18. jenkins:
  19. disabledAdministrativeMonitors:
  20. - &quot;hudson.model.UpdateCenter$CoreUpdateMonitor&quot;
  21. - &quot;jenkins.diagnostics.ControllerExecutorsNoAgents&quot;
  22. security:
  23. updateSiteWarningsConfiguration:
  24. ignoredWarnings:
  25. - &quot;core-2_263&quot;
  26. - &quot;SECURITY-2617-extended-choice-parameter&quot;
  27. - &quot;SECURITY-2170&quot;
  28. - &quot;SECURITY-2796&quot;
  29. - &quot;SECURITY-2169&quot;
  30. - &quot;SECURITY-2332&quot;
  31. - &quot;SECURITY-2232&quot;
  32. - &quot;SECURITY-1351&quot;
  33. - &quot;SECURITY-1350&quot;
  34. - &quot;SECURITY-2888&quot;
  35. unclassified:
  36. slackNotifier:
  37. teamDomain: &quot;superops&quot;
  38. baseUrl: &quot;https://superops.slack.com/services/hooks/jenkins-ci/&quot;
  39. tokenCredentialId: &quot;slack-token&quot;
  40. globalLibraries:
  41. libraries:
  42. - defaultVersion: &quot;master&quot;
  43. allowVersionOverride: true
  44. name: &quot;aba-jenkins-library&quot;
  45. implicit: true
  46. retriever:
  47. modernSCM:
  48. scm:
  49. git:
  50. credentialsId: &quot;github-credentials&quot;
  51. id: &quot;shared-library-creds&quot;
  52. remote: &quot;https://github.com/aba-aba/aba-jenkins-library.git&quot;
  53. traits:
  54. - &quot;gitBranchDiscovery&quot;
  55. - &quot;cleanBeforeCheckoutTrait&quot;
  56. - &quot;ignoreOnPushNotificationTrait&quot;
  57. additionalPlugins:
  58. - junit:1119.1121.vc43d0fc45561
  59. - prometheus:2.0.11
  60. - saml:4.352.vb_722786ea_79d
  61. - role-strategy:546.ve16648865996
  62. - blueocean-web:1.25.5
  63. - github-branch-source:1677.v731f745ea_0cf
  64. - git-changelog:3.23
  65. - scriptler:3.5
  66. - sshd:3.249.v2dc2ea_416e33
  67. - rich-text-publisher-plugin:1.4
  68. - matrix-project:785.v06b_7f47b_c631
  69. - build-failure-analyzer:2.3.0
  70. - testng-plugin:555.va0d5f66521e3
  71. - allure-jenkins-plugin:2.30.2
  72. - timestamper:1.18
  73. - ws-cleanup:0.42
  74. - build-timeout:1.21
  75. - slack:616.v03b_1e98d13dd
  76. - email-ext:2.91
  77. - docker-commons:1.19
  78. - docker-workflow:521.v1a_a_dd2073b_2e
  79. - rundeck:3.6.11
  80. - parameter-separator:1.3
  81. - extended-choice-parameter:346.vd87693c5a_86c
  82. - uno-choice:2.6.3
  83. adminPassword: &quot;&quot;
  84. ingress:
  85. enabled: true
  86. hostName: jenkins.non-prod.us-west-2.int.isappcloud.com
  87. ingressClassName: nginx-int
  88. installPlugins:
  89. - kubernetes:3883.v4d70a_a_a_df034
  90. - workflow-aggregator:590.v6a_d052e5a_a_b_5
  91. - git:5.0.0
  92. - configuration-as-code:1569.vb_72405b_80249
  93. jenkinsUrlProtocol: https
  94. prometheus:
  95. enabled: true
  96. resources:
  97. limits:
  98. cpu: &quot;4&quot;
  99. memory: 8Gi
  100. requests:
  101. cpu: &quot;2&quot;
  102. memory: 4Gi
  103. sidecars:
  104. configAutoReload:
  105. resources:
  106. requests:
  107. cpu: 128m
  108. memory: 256Mi
  109. statefulSetAnnotations:
  110. pulumi.com/patchForce: &quot;true&quot;
  111. Name: eks-non-prod-us-west-2-jenkins
  112. department: aba
  113. division: enterprise
  114. environment: non-prod
  115. owner: devops
  116. project: eks-non-prod-us-west-2-jenkins
  117. team: infra
  118. tag: 2.362-jdk11
  119. version: 4.1.13

Jenkins:stackTags:
Name: eks-non-prod-us-west-2-jenkins
department: aba
division: enterprise
environment: non-prod
owner: devops
project: eks-non-prod-us-west-2-jenkins
team: infra
aws:region: us-west-2

  2. </details>
  3. # 答案1
  4. **得分**: 1
  5. 更方便的方法是使用[声明式流水线][1],并使用`defaultContainer`指令。然后,您可以将执行器定义指定为标准的`pod`定义文件(将其放在应用程序存储库或共享库中),然后通过`name`来调用它们。这是文档中的示例:
  6. ```yaml
  7. pipeline {
  8. agent {
  9. kubernetes {
  10. defaultContainer 'maven'
  11. yamlFile 'KubernetesPod.yaml'
  12. }
  13. }
  14. stages {
  15. stage('Run maven') {
  16. steps {
  17. sh 'mvn -version'
  18. }
  19. }
  20. }
  21. }
英文:

I would say that more convenient way will be using declarative pipeline with defaultContainer directive.
Then you can specify provide your executor definition as standard pod definition file (put this in app repo or shared libraries) call them by name.
This is example from doc:

  1. pipeline {
  2. agent {
  3. kubernetes {
  4. defaultContainer &#39;maven&#39;
  5. yamlFile &#39;KubernetesPod.yaml&#39;
  6. }
  7. }
  8. stages {
  9. stage(&#39;Run maven&#39;) {
  10. steps {
  11. sh &#39;mvn -version&#39;
  12. }
  13. }
  14. }
  15. }

huangapple
  • 本文由 发表于 2023年2月26日 19:33:33
  • 转载请务必保留本文链接:https://go.coder-hub.com/75571687.html
  • groovy
  • jcasc
  • jenkins
  • jenkins-pipeline
  • kubernetes
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定