--- apiVersion: v1 kind: ServiceAccount metadata: name: jenkins-admin namespace: tools labels: name: jenkins --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: jenkins-admin labels: name: jenkins subjects: - kind: ServiceAccount name: jenkins-admin namespace: tools roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io --- apiVersion: apps/v1 kind: StatefulSet metadata: name: jenkins namespace: tools spec: replicas: 1 selector: matchLabels: app: jenkins template: metadata: labels: app: jenkins spec: terminationGracePeriodSeconds: 10 serviceAccount: jenkins-admin containers: - name: jenkins #image: jenkins/jenkins:lts image: harbor.uenpay.com/base/jenkins:lts imagePullPolicy: IfNotPresent env: - name: JAVA_OPTS value: -Duser.timezone=Asia/Shanghai ports: - containerPort: 8080 name: web protocol: TCP - containerPort: 50000 name: agent protocol: TCP resources: limits: cpu: 4 memory: 8Gi requests: cpu: 4 memory: 8Gi securityContext: runAsNonRoot: false runAsUser: 0 volumeMounts: - name: data mountPath: /var/jenkins_home volumeClaimTemplates: - metadata: name: data #不写下面两行使用默认存储类 annotations: volume.beta.kubernetes.io/storage-class: "cephrbd-sc" spec: accessModes: [ "ReadWriteOnce" ] resources: requests: storage: 30Gi --- apiVersion: v1 kind: Service metadata: name: jenkins namespace: tools labels: app: jenkins spec: selector: app: jenkins type: ClusterIP ports: - name: web port: 8080 targetPort: 8080 --- apiVersion: v1 kind: Service metadata: name: jenkins-agent namespace: tools labels: app: jenkins spec: selector: app: jenkins type: NodePort ports: - name: agent port: 50000 targetPort: 50000 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: jenkins.uenpay.com-ingress namespace: tools spec: ingressClassName: nginx rules: - host: jenkins.uenpay.com http: paths: - backend: service: name: jenkins port: number: 8080 path: / pathType: Prefix tls: - hosts: - jenkins.uenpay.com secretName: uenpay.com