dcsimg
September 22, 2017
Hot Topics:

Using Jenkins on the Google Container Engine

  • August 17, 2017
  • By Deepak Vohra
  • Send Email »
  • More Articles »

Jenkins is an open source automation server commonly used for deploying and automating a CI/CD/DevOps project. Kubernetes is a cluster manager for Docker (and rckt) containers. In an earlier article, "Using the Google Container Engine on the Google Cloud Platform," we discussed getting started with the Google Container Engine on the Google Cloud Platform. We also downloaded a sample application for using Jenkins on the Google Container Engine. In this article, we shall discuss using Jenkins the on Google Cloud Platform, making use of the Google Container Engine. This article has the following sections:

Setting the Environment

The Setting the Environment section of the Using the Google Container Engine on the "Using the Google Container Engine on the Google Cloud Platform," also sets the required environment for this article.

Creating a Kubernetes Cluster

Using the gcloud compute networks create command, create a Compute Engine network which is to be used by the Container Engine cluster. The --mode option is set to "auto" to choose the network's subnet ranges automatically.

gcloud compute networks create jenkins --mode auto

A network called "jenkins" gets created. Create a Kubernetes cluster by using the gcloud container clusters create command. The --network option sets the network to use as "jenkins". The --scopes option enables access to the Cloud Source Repositories and the Google Container Registry.

gcloud container clusters create jenkins-cd \
   --network jenkins \
   --scopes
      https://www.googleapis.com/auth/projecthosting,storage-rw

A Kubernetes cluster called "jenkins-cd" gets created. The cluster detail also gets listed in the form of a table and lists the cluster name, master version, master IP, machine type, node version, number of nodes, and status.

The cluster also may be listed with the following command:

gcloud container clusters list

The same information as earlier gets re-listed.

Get the cluster credentials, which are used by the Container Engine to access the cluster.

gcloud container clusters get-credentials jenkins-cd

A kubeconfig entry gets generated for the Jenkins-cd project from the cluster endpoint and auth data, as shown in Figure 1.

Generating a kubeconfig entry
Figure 1: Generating a kubeconfig entry

To confirm the cluster is able to be connected to, run the following command:

kubectl cluster-info

The cluster detail—including the Kubernetes master, Heapster and Dashboard URLs—should get listed among others, as shown in Figure 2.

Getting cluster info
Figure 2: Getting cluster info

Creating a Jenkins Volume

Next, create a Jenkins home image from the Jenkins home volume source files, which includes XML configuration files and plugin JAR files for a Jenkins deployment. The following command obtains the Jenkins home volume source files from the specified URI and creates a Jenkins home image, which is just a Docker image.

gcloud compute images create jenkins-home-image
   --source-uri
      https://storage.googleapis.com/solutions-public-assets/jenkins-cd/jenkins-home-v2.tar.gz

A jenkins-home-image gets created, as shown in Figure 3.

Creating the jenkins-home-image image
Figure 3: Creating the jenkins-home-image image

Create a persistent disk (>= 10GB) from the jenkins-home-image to store the home directory so that the configuration data is available even if the Pod running the Jenkins master becomes unavailable.

gcloud compute disks create jenkins-home
   --image jenkins-home-image --zone us-east1-d

A new disk gets created, as shown in Figure 4. A newly created disk is unformatted. Container Engine mounts the disk/volume into a Jenkins pod.

Creating a new disk
Figure 4: Creating a new disk

Configuring Jenkins Credentials

Configure the password for the default Jenkins user in the jenkins/k8s/options file. Open the jenkins/k8s/options file in a vi editor.

sudo vi jenkins/k8s/option

The default Jenkins password is "CHANGE_ME", which is just a hint to change the password. Set the password to a new value, such as "jenkins", and save the file with :wq (see Figure 5).

Setting password
Figure 5: Setting password

Next, create a Kubernetes namespace for Jenkins. A namespace allows the same manifests to be used across multiple environments without name conflicts.

kubectl create ns jenkins

Create a Kubernetes secret which is used to assign Jenkins a default username and password when Jenkins boots up.

kubectl create secret generic jenkins
   --from-file=jenkins/k8s/options --namespace=jenkins

A "jenkins" namespace and a "jenkins" secret get created, as shown in Figure 6.

Creating a Kubernetes namespace and secret
Figure 6: Creating a Kubernetes namespace and secret

Creating the Jenkins Deployment and Services

The sample code includes Kubernetes resource files in the jenkins/k8s folder; we will use these to create a Jenkins deployment and services. The kubectl apply command creates the deployment and services when you supply the resource directory with the -f option.

kubectl apply -f jenkins/k8s/

As the output indicates, deployment "jenkins", service "jenkins-ui", and service "jenkins-discovery" get created. List the Pods in the "jenkins" namespace.

kubectl get pods --namespace jenkins

Initially, the Pod listed could be in "ContainerCreating" Status and 0/1 Ready state, as shown in Figure 7. This indicates that the container is still being created and is not ready.

Initially, Pod status is "ContainerCreating"
Figure 7: Initially, Pod status is "ContainerCreating"

Run the same command again after a minute or so:

kubectl get pods --namespace jenkins

The container should get listed as running and ready, as shown in Figure 8.

Container running and ready
Figure 8: Container running and ready

Configuring External Load Balancing

Next, we shall create an ingress resource to manage the external load balancing of the Jenkins user interface. Ingress is a set of rules that allows inbound connections to reach cluster services. The ingress gives the services a load balanced traffic and also encrypts communications between users and Jenkins user interface service. First, ensure the services for which an ingress is to be created are running:

kubectl get svc --namespace Jenkins

The jenkins-discovery and jenkins-ui services should get listed, as shown in Figure 9.

Listing services in "Jenkins" namespace
Figure 9: Listing services in "Jenkins" namespace

Next, create the SSL certificates that the load balancer uses to encrypt connections.

openssl req -x509 -nodes -days 365 -newkey rsa:2048
   -keyout /tmp/tls.key -out /tmp/tls.crt
   -subj "/CN=jenkins/O=jenkins"

A new private key gets generated, as shown in Figure 10.

Generating a new private key
Figure 10: Generating a new private key

Upload the private key to Kubernetes as a secret.

kubectl create secret generic tls --from-file=/tmp/tls.crt
   --from-file=/tmp/tls.key --namespace jenkins

A secret "tls" gets created from the private key (see Figure 11).

Generating a secret from the private key
Figure 11: Generating a secret from the private key

Listing the files and directories in the jenkins/k8s directory should list the Jenkins service file and other resource files, as shown in Figure 12. The ingress resource file is the jenkins/k8s/lb/ingress.yaml file.

Listing files and directories in the jenkins/k8s directory
Figure 12: Listing files and directories in the jenkins/k8s directory

Create the ingress from the resource file jenkins/k8s/lb/ingress.yaml:

kubectl apply -f jenkins/k8s/lb/ingress.yaml

Ingress "jenkins" gets created, as shown in Figure 13.

Creating ingress "jenkins"
Figure 13: Creating ingress "jenkins"

Connecting to Jenkins

To connect to Jenkins, we need to obtain the IP Address of the ingress. List the description for the ingress:

kubectl describe ingress jenkins --namespace jenkins

The IP Address is listed in the Address field, as shown in Figure 14. Copy the IP Address.

Listing ingress description, including IP address
Figure 14: Listing ingress description, including IP address

Copy and paste the ingress IP address in a browser to access the Jenkins Dashboard, as shown in Figure 15.

Jenkins Dashboard
Figure 15: Jenkins Dashboard

Click Log in to log in to Jenkins (see Figure 16).

Log in link
Figure 16: Log in link

Specify User as "jenkins" and Password as the password set in the jenkins/k8s/options file, which was "jenkins". Click log in, as shown in Figure 17.

Logging in to Jenkins
Figure 17: Logging in to Jenkins

The Jenkins Dashboard gets displayed, as shown in Figure 18.

Jenkins Dashboard Logged In
Figure 18: Jenkins Dashboard Logged In

Conclusion

In this article, we installed Jenkins in the Google Container Engine on a Kubernetes Cluster. First, a Google Cloud Platform is created and subsequently the Compute engine and Container Engine APIs are enabled, as shown in an earlier article, "Using the Google Container Engine on the Google Cloud Platform,." A sample application is downloaded, which contains the Kubernetes manifests for Jenkins. And, in this article, a Kubernetes cluster is created and subsequently a Jenkins deployment and services are created. An ingress load balancer is configured for Jenkins and the IP address of the ingress is used to access the Jenkins Dashboard.






Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 


Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Sitemap | Contact Us

Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel