infra/kubernetes
1
0
Fork 0
Code Pull Requests 3 Activity

jenkins: Run Jenkins in Kubernetes

Browse Source 
Running Jenkins in Kubernetes is relatively straightforward.  The
Kubernetes plugin automatically discovers all the connection and
authentication configuration, so a `kubeconfig` file is no longer
necessary.  I did set the *Jenkins tunnel* option, though, so that
agents will connect directly to the Jenkins JNLP port instead of going
through the ingress controller.

Jobs now run in pods in the *jenkins-job* namespace instead of the
*jenkins* namespace.  The latter is now where the Jenkins controller
runs, and the controller should not have permission to modify its own
resources.
This commit is contained in:
Dustin
2022-11-16 08:55:19 -06:00
parent 19ad5023b8
commit 404fadc68a
3 changed files with 153 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
jenkins/README.md
View File

@@ -1,38 +1,31 @@
# Jenkins Kubernetes Integration
# Jenkins in Kubernetes
## Kubernetes Setup
Create *jenkins* user:
```sh
kubeadm kubeconfig user \
--client-name jenkins \
--config kubeadm-user.yaml \
--org jenkins \
> jenkins.kubeconfig
```
Configure Jenkins resources:
```sh
kubectl apply -f jenkins.yaml
ln imagepull-gitea jenkins/.dockerconfigjson
kubectl apply -k jenkins
```
## Jenkins Setup
Install [Kubernetes plugin][0].
Set *TCP port for inbound agents* setting (*Manage Jenkins* → *Configure Global
Security*) to *Fixed* and enter a number. Be sure to open this port with
*firewalld* on the Jenkins server.
Security*) to *Fixed* and enter `40414`.
Configure Kubernetes (*Manage Jenkins* → *Manage Nodes and Clouds* → *Configure
Clouds*:
* *Kubernetes URL*: https://kubernetes.pyrocufflink.blue:6443
* *Kubernetes server certificate key*: Contents of `/etc/kubernetes/pki/ca.crt`
* *Kubernetes Namespace*: jenkins
* *Credentials*: Certificate and private key from `jenkins.kubeconfig`
1. *Add a new cloud**Kubernetes*
2. Enter a name
3. *Kubernetes Cloud details...*
* *Kubernetes URL*: (leave blank; will use Kubernetes service discovery)
* *Kubernetes Namespace*: `jenkins-jobs`
* *Credentials*: `- none -` (will use Service Account token)
* *Jenkins tunnel*: `jenkins.jenkins.svc.cluster.local:` (trailing colon!)
[0]: https://plugins.jenkins.io/kubernetes/