Introduction
Jenkins is the most popular open source automation server. This tool helps developers and devops engineers to automate phases relating to building, testing, and deploying, facilitating continuous integration and continuous delivery.
There are many ways to install Jenkins server depending on the use case, platform and the environment requirements.
- Containerized install on Docker
- Binary install on Windows, Mac and Linux
- Install jenkins on public clouds
- Install jenkins on kubernetes based environment
Jenkins can be installed on Kubernetes in multiple ways :
- Install via yaml resources and Jenkins containerized image
- Install via Helm chart and manage parameterised configs
- Install via Operators
We would focus on the recommended and stable way of installing Jenkins on kubernetes platform via Helm chart.
Jenkins – helm chart
Helm being the package manager for Kubernetes, provides an elegant way to manage the deployment resources and configurations. It abstracts the install dependencies via “helm templates” and provides a single place for referring all the configs in “values.yaml”. Helm Charts provide “push button” deployment and deletion of apps, making adoption and development of Kubernetes apps easier for those with little container or microservices experience.
Jenkins helm chart’s are available from various repos.
I would recommend to follow the helm chart developed and maintained by the jenkins.io (i.e : jenkinsci/jenkins“)
Initial Setup
In order to install Jenkins on Kubernetes platform, Jenkins needs to be available as a containerized app. There are certain sub-components in Jenkins which need to be configured. The most important sub-component is “plugins“. Almost every capability of Jenkins server is managed by plugins. Thus, there are certain must have plugins, to be installed during the initial Jenkins setup.
Step1: Download the helm chart from the repo
Step2: Prepare the configurations (values.yaml)
There are many configs related to Jenkins and kubernetes in the values.yaml, including below major ones :
- Jenkins worker image
- numExecutors: 0 (default values)
- adminUser and it’s initial password
- usePodSecurityContext: true
- agentListenerPort: 50000
- disabledAgentProtocols: [JNLP-connect, JNLP2-connect]
- csrf – defaultCrumbIssuer –
{enabled: true, proxyCompatability: true}
- installPlugins – List of plugins to be install during Jenkins controller start
- agentListenerServiceType: “ClusterIP”
- ingress
- enabled
- hostName
- tls
- persistence
- networkPolicy
- serviceAccount
By default, the application expose the service to “ClusterIP”. We can either change the serviceType to “NodePort” or LoadBalancer to expose the app on a NodeIP and higher range post or on a LB_IP on exposed application port. We can even create an ingress resource by configuring the values.yaml as mentioned below :
Step3: Prepare the Kubernetes environment for the installation
The best part for Helm installation that it’s platform agnostic, and works same on any kubernetes setup from any vendor or environment. So, we need to have a kubernetes setup and the cluster should be accessible from the host-VM being used to store helm charts and install Jenkins.
Step4: Prepare plugin installation for jenkins
Ideally, we can include the required and mandatory plugins in the values.yaml within the installPlugins section as below :
But, this process, might have some issues depending on the environment setup. Actually, during init phase jenkins tries to download and install the plugins and may either hang or slow down the install process.
So, there is a better way, where we pre-build the Jenkins image with the plugins of our choice and use the image to install jenkins on kubernetes platform. It’s benefits are that it speeds up the install process and allows to maintain secure jenkins plugins setup separately.
To perform the alternative plugin setup, we follow below steps.
- Assuming docker daemon is installed on Host-VM, we pull the jenkins image. (i.e: jenkins/jenkins:2.277.3-lts)
- Prepare Dockerfile to use above image and pass instruction (script) to install plugins during docker build plase.
- As seen above, we are passing the list of the plugins via ” plugins.txt “. Thus, we need to prepare this file and put the list of all the mandatory and required plugins as shown in below example(Note: we can get the huge list of available plugins at plugins.jenkins.io
- Then, we can perform docker build and create the custom-jenkins image, which can be pushed to an image registry.
- In the values.yaml file, we can disable the plugin install step by updating as
installPlugins: []
and. replacing the image:tag with the custom image create in the previous step.
Setup in devops environment
Step1: Jenkins install – kickoff
Step2: Verify the installation in kubernetes
Verification
Thus , we can confirm that the installation is successful. The application can be accessed with this app-hostname as jenkins.172.16.44.11.nip.io which is exposed via ingress resources.
At this point, we can create a kubernetes-secret using the Jenkins >> Manage Jenkins >> Manage Credentials which would be used during pipeline job execution.
We can also observe an error notification, which shows that the Jenkins application lacks privilege on the kubernetes cluster.
Failed to initialize Kubernetes secret providerio.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://10.96.0.1/api/v1/namespaces/jenkins/secrets?labelSelector=jenkins.io%2Fcredentials-type. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. secrets is forbidden: User "system:serviceaccount:jenkins:jenkins" cannot list resource "secrets" in API group "" in the namespace "jenkins".
In order to resolve, we can create a clusterrolebinding for Jenkins service account with a clusterrole.
Thus, the installation of Jenkins is completed and operational in Kubernetes cluster.