Jenkins \uc5d0\uc11c \ube4c\ub4dc\uc791\uc5c5\uc744 \ud560 \ub54c \ud544\uc694\ud55c \ucd94\uac00 Pod \uc744 \ub3d9\uc801\uc73c\ub85c \uc0dd\uc131\ud569\ub2c8\ub2e4.<\/p>\n
\uc5ec\uae30<\/a> \ub97c \ucc38\uc870\ud558\uc5ec Jenkins \ub97c \uc0dd\uc131\ud574 \uc90d\ub2c8\ub2e4.<\/p>\n \ud50c\ub7ec\uadf8\uc778 Kubernetes \ub97c \uc124\uce58\ud569\ub2c8\ub2e4.<\/p>\n Jenkins \uad00\ub9ac > \ub178\ub4dc\uad00\ub9ac > Configure Clouds \uc5d0 Kubernetes \ub97c \uc0dd\uc131\ud569\ub2c8\ub2e4.<\/p>\n Test connection \uc744 \ud074\ub9ad\ud574\uc11c Jenkins \uc0dd\uc131\uc2dc Pod \uc0dd\uc131\uc744 \ud3ec\ud568\ud55c \ucda9\ubd84\ud55c \uad8c\ud55c\uc744 \uc8fc\uc5c8\uae30 \ub54c\ubb38\uc5d0, \uc820\ud0a8\uc2a4 \uc544\uc774\ud15c\uc744 \uc0dd\uc131\ud569\ub2c8\ub2e4.<\/p>\n \ube4c\ub4dc\uac00 \uc131\uacf5\ud558\ub294 \uac83\uc744 \ud655\uc778\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n Docker Private Repository \ub294 https \ub85c \uc124\uc815\ub418\uc5b4 \uc788\uc5b4\uc57c \ud569\ub2c8\ub2e4.<\/p>\n \ub610\ub294 insecure \uc124\uc815\uc744 \ud574\uc8fc\uc5b4\uc57c \ud558\ub294\ub370, \ubaa8\ub4e0 \uc124\uc815\ub4e4\uc774 Pod \uac00 \uc544\ub2cc \ud638\uc2a4\ud2b8\uc5d0 \uc774\ub8e8\uc5b4\uc838\uc57c \ud569\ub2c8\ub2e4.<\/p>\n \uc774 \uacbd\uc6b0 \uad00\ub9ac\uc0c1 \ub9e4\uc6b0 \uc548\uc88b\uc740 \ubc29\uc2dd\uc774 \ub429\ub2c8\ub2e4.<\/p>\n \uadf8\ub0e5 \uc77c\ubc18 \ub3c4\uba54\uc778 \ubc0f SSL\uc778\uc99d\uc11c\ub97c \ubc1c\uae09\ubc1b\uc544 \uc124\uce58\ud558\ub294\uac8c \uc88b\uc2b5\ub2c8\ub2e4.<\/p>\n docker \uc640 containerd \uc758 \uc5ed\ud560\uc740 docker \uac00 push\/pull \uc744 \ucc98\ub9ac\ud558\uace0, \ub530\ub77c\uc11c repo \uc5d0 push \uae4c\uc9c0\ub294 Job \uc744 \uc2e4\ud589\uc2dc\ud0a4\uace0 \ucf58\uc194 \ucd9c\ub825\uc744 \ud655\uc778\ud574 \ubcf4\uba74 Worker Node \uc5d0 \uc124\uc815\ub418\uc5b4 \uc788\ub294 Insecure Registries \ud45c\uc2dc\ub418\ub294 \uac83\uc744 \ubcfc \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n \uc8fc\uc758\ud560 \uac83\uc740 Worker Node \uac00 \uc5ec\ub7ec\ub300\uc778 \uacbd\uc6b0, \uc5ed\uc2dc Worker Node \uc5d0 \uc2e4\ud589\uc911\uc778 Docker \uc5d0 \uc0ac\uc124\uc778\uc99d\uc11c(\ub8e8\ud2b8\uc778\uc99d\uc11c) \ub97c \ub4f1\ub85d\ud574 \uc8fc\uc5b4\uc57c \ud569\ub2c8\ub2e4.<\/p>\n \uc8fc\uc758\ud560 \uac83\uc740 Worker Node \uac00 \uc5ec\ub7ec\ub300\uc778 \uacbd\uc6b0, \ub9c8\uc9c0\ub9c9\uc73c\ub85c \uc8fc\uc758\ud560 \uac83\uc740 host \uc758 Docker \ub370\ubaac\uc774 \uc774\uc6a9\ub418\ubbc0\ub85c, Kubernetes Jenkins Agent \ub3d9\uc801\uc0dd\uc131 Jenkins \uc5d0\uc11c \ube4c\ub4dc\uc791\uc5c5\uc744 \ud560 \ub54c \ud544\uc694\ud55c \ucd94\uac00 Pod \uc744 \ub3d9\uc801\uc73c\ub85c \uc0dd\uc131\ud569\ub2c8\ub2e4. Jenkins \uc0dd\uc131 \uc5ec\uae30 \ub97c \ucc38\uc870\ud558\uc5ec Jenkins \ub97c \uc0dd\uc131\ud574 \uc90d\ub2c8\ub2e4. \ud50c\ub7ec\uadf8\uc778 \uc124\uce58 \ud50c\ub7ec\uadf8\uc778 Kubernetes \ub97c \uc124\uce58\ud569\ub2c8\ub2e4. Kubernetes Cloud \uc815\ubcf4 \ucd94\uac00 kubectl get svc -n jenkins NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE jenkins NodePort 10.99.46.83 <none> 8080:30088\/TCP 20h Jenkins \uad00\ub9ac > \ub178\ub4dc\uad00\ub9ac\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"class_list":["post-6883","post","type-post","status-publish","format-standard","hentry","category-kubernetes"],"_links":{"self":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/6883","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6883"}],"version-history":[{"count":28,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/6883\/revisions"}],"predecessor-version":[{"id":7488,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/6883\/revisions\/7488"}],"wp:attachment":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6883"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6883"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6883"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\ud50c\ub7ec\uadf8\uc778 \uc124\uce58<\/h2>\n
Kubernetes Cloud \uc815\ubcf4 \ucd94\uac00<\/h2>\n
kubectl get svc -n jenkins\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\njenkins NodePort 10.99.46.83 <none> 8080:30088\/TCP 20h<\/code><\/pre>\n\n
Connected to Kubernetes v1.25.3<\/code> \uac00 \ub098\uc624\uba74 \uc131\uacf5\uc785\ub2c8\ub2e4.<\/p>\n
\n\ubcc4\ub3c4\ub85c \uad8c\ud55c \uc124\uc815\uc740 \ud544\uc694\uc5c6\uc2b5\ub2c8\ub2e4.<\/p>\njnlp \ud3ec\ud2b8 \ud65c\uc131\ud654<\/h2>\n
kubectl edit StatefulSet jenkins -n jenkins\n---------------------------\n spec:\n containers:\n - image: jenkins\/jenkins:lts\n imagePullPolicy: IfNotPresent\n name: jenkins\n ports:\n - containerPort: 8080\n name: http-port\n protocol: TCP\n - containerPort: 50000 # \uc5ec\uae30\n name: jnlp-port\n protocol: TCP\n---------------------------<\/code><\/pre>\nkubectl edit svc jenkins -n jenkins\n---------------------------\n ports:\n - name: http-port # \uc5ec\uae30\n nodePort: 30088\n port: 8080\n protocol: TCP\n targetPort: 8080\n - name: jnlp-port # \uc5ec\uae30\n port: 50000\n protocol: TCP\n targetPort: 50000\n---------------------------<\/code><\/pre>\nkubectl get svc -n jenkins\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\njenkins NodePort 10.99.46.83 <none> 8080:30088\/TCP,50000:31628\/TCP 21h<\/code><\/pre>\nTest<\/h2>\n
pipeline {\n agent {\n kubernetes {\n defaultContainer 'jnlp'\n yaml """\nspec:\n dnsPolicy: Default # \uc774\uac8c \uc65c \ud544\uc694\ud560\uae4c?\n containers:\n - name: docker\n image: docker:latest\n command:\n - cat\n tty: true\n privileged: true\n volumeMounts:\n - name: dockersock\n mountPath: \/var\/run\/docker.sock\n volumes:\n - name: dockersock\n hostPath:\n path: \/var\/run\/docker.sock\n """\n }\n }\n\n stages {\n stage('My test') {\n steps {\n container('docker') {\n sh "echo hello world"\n sh "docker ps"\n }\n }\n }\n }\n}<\/code><\/pre>\nDocker Private Repository \uc811\uadfc\ud558\uae30<\/h2>\n
\nDocker \uc774\ubbf8\uc9c0\uac00 \uc544\ub2cc \ud638\uc2a4\ud2b8 \uc11c\ubc84\uc5d0 \uc124\uc815\ub418\uc5b4 \uc788\uc5b4\uc57c \ud569\ub2c8\ub2e4.<\/p>\n\uc8fc\uc758\uc0ac\ud56d 01<\/h3>\n
\uc8fc\uc758\uc0ac\ud56d 02<\/h3>\n
\ncontainerd \uac00 \ucee8\ud14c\uc774\ub108\ub97c \uc2e4\ud589\uc2dc\ud0b5\ub2c8\ub2e4.<\/p>\nsystemctl restart docker<\/code> \ub9cc \ud574\uc8fc\uc5b4\ub3c4 \uc791\ub3d9\ud558\uc9c0\ub9cc,
\nrepo \uc5d0\uc11c pull \ud55c \uc774\ubbf8\uc9c0\ub97c \uc2e4\uc81c Pod \ub85c \uc62c\ub9ac\uae30 \uc704\ud574\uc11c\ub294 systemctl restart containerd<\/code> \ub3c4 \uc2e4\ud589\uc2dc\ucf1c \uc8fc\uc5b4\uc57c \ud569\ub2c8\ub2e4.<\/p>\nsystemctl restart docker\nsystemctl restart containerd<\/code><\/pre>\ninsecure-registries \uc124\uc815<\/h3>\n
pipeline {\n agent {\n kubernetes {\n defaultContainer 'jnlp'\n yaml """\nspec:\n # dnsPolicy: Default # \uc774\uac8c \uc65c \ud544\uc694\ud560\uae4c?\n containers:\n - name: docker\n image: docker:20.10.22\n command:\n - cat\n tty: true\n # privileged: true\n volumeMounts:\n - name: dockersock\n mountPath: \/var\/run\/docker.sock\n volumes:\n - name: dockersock\n hostPath:\n path: \/var\/run\/docker.sock\n"""\n }\n }\n\n stages {\n stage("Create Dockerfile") {\n steps {\n writeFile file: 'Dockerfile', text: """\nFROM docker.elastic.co\/elasticsearch\/elasticsearch:7.17.8\n\n# RUN \/usr\/share\/elasticsearch\/bin\/elasticsearch-plugin install --batch https:\/\/github.com\/skyer9\/elasticsearch-jaso-analyzer\/releases\/download\/7.17.8\/jaso-analyzer-plugin-7.17.8-plugin.zip\nRUN \/usr\/share\/elasticsearch\/bin\/elasticsearch-plugin install --batch https:\/\/github.com\/skyer9\/elasticsearch-jaso-analyzer\/releases\/download\/7.17.8\/elasticsearch-jaso-analyzer-7.17.8.jar\nRUN \/usr\/share\/elasticsearch\/bin\/elasticsearch-plugin install --batch analysis-icu\nRUN \/usr\/share\/elasticsearch\/bin\/elasticsearch-plugin install --batch analysis-nori\n """\n }\n }\n\n stage('Docker Build') {\n steps {\n container('docker') {\n sh "docker info"\n }\n }\n }\n }\n}<\/code><\/pre>\n
\nAgent \uac00 \uc5b4\ub514\uc5d0\uc11c \uc0dd\uc131\ub420\uc9c0 \ubaa8\ub974\uae30 \ub54c\ubb38\uc5d0,
\n\ubaa8\ub4e0 \uc11c\ubc84\uc5d0 \ub3d9\uc77c\ud55c \uc124\uc815\uc744 \ud574\uc8fc\uc5b4\uc57c \ud569\ub2c8\ub2e4.<\/p>\n......\n Experimental: false\n Insecure Registries:\n docker-repository.repository.svc.cluster.local\n 127.0.0.0\/8\n Live Restore Enabled: false\n......<\/code><\/pre>\n[Worker Node ~]$ cat \/etc\/docker\/daemon.json\n{\n "insecure-registries" : ["docker-repository.repository.svc.cluster.local"]\n}<\/code><\/pre>\n\uc0ac\uc124\uc778\uc99d\uc11c\ub85c Repository \ub97c \uad6c\uc131\ud55c \uacbd\uc6b0<\/h3>\n
\nAgent \uac00 \uc5b4\ub514\uc5d0\uc11c \uc0dd\uc131\ub420\uc9c0 \ubaa8\ub974\uae30 \ub54c\ubb38\uc5d0,
\n\ubaa8\ub4e0 \uc11c\ubc84\uc5d0 \ub3d9\uc77c\ud55c \uc124\uc815\uc744 \ud574\uc8fc\uc5b4\uc57c \ud569\ub2c8\ub2e4.<\/p>\n
\n\ub124\ud2b8\uc6cc\ud06c \ud1b5\uc2e0 \ub610\ud55c \ud638\uc2a4\ud2b8\uc5d0\uc11c \uc774\ub8e8\uc5b4\uc9d1\ub2c8\ub2e4.
\n\ub530\ub77c\uc11c DNS \uc124\uc815\ub3c4 \ud638\uc2a4\ud2b8\uc5d0 \uc788\uc5b4\uc57c \ud569\ub2c8\ub2e4.<\/p>\nsudo mkdir -p \/etc\/docker\/certs.d\/docker-repository.repository.svc.cluster.local\nsudo vi \/etc\/docker\/certs.d\/docker-repository.repository.svc.cluster.local\/ca.crt\n\n# \ucc38\uc870 : https:\/\/www.skyer9.pe.kr\/wordpress\/?p=2585\nsudo yum install -y ca-certificates\nsudo update-ca-trust force-enable\nsudo cp \/etc\/docker\/certs.d\/docker-repository.repository.svc.cluster.local\/ca.crt \/etc\/pki\/ca-trust\/source\/anchors\/\nsudo update-ca-trust extract\n\nsudo vi \/etc\/hosts\n......\n10.96.251.68 docker-repository.repository.svc.cluster.local\n......\n\nsudo systemctl restart docker\nsudo systemctl restart containerd<\/code><\/pre>\npipeline {\n agent {\n kubernetes {\n defaultContainer 'jnlp'\n yaml """\nspec:\n # dnsPolicy: Default # \uc774\uac8c \uc65c \ud544\uc694\ud560\uae4c?\n containers:\n - name: docker\n image: docker:20.10.22\n command:\n - cat\n tty: true\n # privileged: true\n volumeMounts:\n - name: dockersock\n mountPath: \/var\/run\/docker.sock\n volumes:\n - name: dockersock\n hostPath:\n path: \/var\/run\/docker.sock\n"""\n }\n }\n\n stages {\n stage("Get Source") {\n steps {\n writeFile file: 'Dockerfile', text: """\nFROM docker.elastic.co\/elasticsearch\/elasticsearch:7.17.8\n\n# RUN \/usr\/share\/elasticsearch\/bin\/elasticsearch-plugin install --batch https:\/\/github.com\/skyer9\/elasticsearch-jaso-analyzer\/releases\/download\/7.17.8\/jaso-analyzer-plugin-7.17.8-plugin.zip\nRUN \/usr\/share\/elasticsearch\/bin\/elasticsearch-plugin install --batch https:\/\/github.com\/skyer9\/elasticsearch-jaso-analyzer\/releases\/download\/7.17.8\/elasticsearch-jaso-analyzer-7.17.8.jar\nRUN \/usr\/share\/elasticsearch\/bin\/elasticsearch-plugin install --batch analysis-icu\nRUN \/usr\/share\/elasticsearch\/bin\/elasticsearch-plugin install --batch analysis-nori\n """\n }\n }\n\n stage('Docker Build') {\n steps {\n container('docker') {\n sh "docker build -t docker-repository.repository.svc.cluster.local\/elasticsearch:7.17.8.${build_number} ."\n sh "docker push docker-repository.repository.svc.cluster.local\/elasticsearch:7.17.8.${build_number}"\n }\n }\n }\n }\n}<\/code><\/pre>\nsudo su -\n\nopenssl s_client -showcerts -connect docker-repository.repository.svc.cluster.local:443 < \/dev\/null | sed -ne '\/-BEGIN CERTIFICATE-\/,\/-END CERTIFICATE-\/p' > \/etc\/docker\/certs.d\/docker-repository.repository.svc.cluster.local\/ca.crt\n\ncp \/etc\/docker\/certs.d\/docker-repository.repository.svc.cluster.local\/ca.crt \/etc\/pki\/ca-trust\/source\/anchors\/\nupdate-ca-trust extract\n\nsystemctl restart docker\nsystemctl restart containerd\n\nexit<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"