Jenkins is an open source automation server commonly used for deploying and automating a CI/CD/DevOps project. Kubernetes is a cluster manager for Docker (and rckt) containers. In an earlier article, “Using the Google Container Engine on the Google Cloud Platform,” we discussed getting started with the Google Container Engine on the Google Cloud Platform. We also downloaded a sample application for using Jenkins on the Google Container Engine. In this article, we shall discuss using Jenkins the on Google Cloud Platform, making use of the Google Container Engine. This article has the following sections:
- Setting the Environment
- Creating a Kubernetes Cluster
- Creating a Jenkins Volume
- Configuring Jenkins Credentials
- Creating the Jenkins Deployment and Services
- Configuring External Load Balancing
- Connecting to Jenkins
The Setting the Environment section of the Using the Google Container Engine on the “Using the Google Container Engine on the Google Cloud Platform,” also sets the required environment for this article.
Using the gcloud compute networks create command, create a Compute Engine network which is to be used by the Container Engine cluster. The --mode option is set to “auto” to choose the network’s subnet ranges automatically.
gcloud compute networks create jenkins --mode auto
A network called “jenkins” gets created. Create a Kubernetes cluster by using the gcloud container clusters create command. The --network option sets the network to use as “jenkins”. The --scopes option enables access to the Cloud Source Repositories and the Google Container Registry.
gcloud container clusters create jenkins-cd --network jenkins --scopes https://www.googleapis.com/auth/projecthosting,storage-rw
A Kubernetes cluster called “jenkins-cd” gets created. The cluster detail also gets listed in the form of a table and lists the cluster name, master version, master IP, machine type, node version, number of nodes, and status.
The cluster also may be listed with the following command:
gcloud container clusters list
The same information as earlier gets re-listed.
Get the cluster credentials, which are used by the Container Engine to access the cluster.
gcloud container clusters get-credentials jenkins-cd
A kubeconfig entry gets generated for the Jenkins-cd project from the cluster endpoint and auth data, as shown in Figure 1.
Figure 1: Generating a kubeconfig entry
To confirm the cluster is able to be connected to, run the following command:
The cluster detail—including the Kubernetes master, Heapster and Dashboard URLs—should get listed among others, as shown in Figure 2.
Figure 2: Getting cluster info
Next, create a Jenkins home image from the Jenkins home volume source files, which includes XML configuration files and plugin JAR files for a Jenkins deployment. The following command obtains the Jenkins home volume source files from the specified URI and creates a Jenkins home image, which is just a Docker image.
gcloud compute images create jenkins-home-image --source-uri https://storage.googleapis.com/solutions-public-assets/jenkins-cd/jenkins-home-v2.tar.gz
A jenkins-home-image gets created, as shown in Figure 3.
Figure 3: Creating the jenkins-home-image image
Create a persistent disk (>= 10GB) from the jenkins-home-image to store the home directory so that the configuration data is available even if the Pod running the Jenkins master becomes unavailable.
gcloud compute disks create jenkins-home --image jenkins-home-image --zone us-east1-d
A new disk gets created, as shown in Figure 4. A newly created disk is unformatted. Container Engine mounts the disk/volume into a Jenkins pod.
Figure 4: Creating a new disk
Configure the password for the default Jenkins user in the jenkins/k8s/options file. Open the jenkins/k8s/options file in a vi editor.
sudo vi jenkins/k8s/option
The default Jenkins password is “CHANGE_ME”, which is just a hint to change the password. Set the password to a new value, such as “jenkins”, and save the file with :wq (see Figure 5).
Figure 5: Setting password
Next, create a Kubernetes namespace for Jenkins. A namespace allows the same manifests to be used across multiple environments without name conflicts.
kubectl create ns jenkins
Create a Kubernetes secret which is used to assign Jenkins a default username and password when Jenkins boots up.
kubectl create secret generic jenkins --from-file=jenkins/k8s/options --namespace=jenkins
A “jenkins” namespace and a “jenkins” secret get created, as shown in Figure 6.
Figure 6: Creating a Kubernetes namespace and secret
The sample code includes Kubernetes resource files in the jenkins/k8s folder; we will use these to create a Jenkins deployment and services. The kubectl apply command creates the deployment and services when you supply the resource directory with the -f option.
kubectl apply -f jenkins/k8s/
As the output indicates, deployment “jenkins”, service “jenkins-ui”, and service “jenkins-discovery” get created. List the Pods in the “jenkins” namespace.
kubectl get pods --namespace jenkins
Initially, the Pod listed could be in “ContainerCreating” Status and 0/1 Ready state, as shown in Figure 7. This indicates that the container is still being created and is not ready.
Figure 7: Initially, Pod status is “ContainerCreating”
Run the same command again after a minute or so:
kubectl get pods --namespace jenkins
The container should get listed as running and ready, as shown in Figure 8.
Figure 8: Container running and ready
Next, we shall create an ingress resource to manage the external load balancing of the Jenkins user interface. Ingress is a set of rules that allows inbound connections to reach cluster services. The ingress gives the services a load balanced traffic and also encrypts communications between users and Jenkins user interface service. First, ensure the services for which an ingress is to be created are running:
kubectl get svc --namespace Jenkins
The jenkins-discovery and jenkins-ui services should get listed, as shown in Figure 9.
Figure 9: Listing services in “Jenkins” namespace
Next, create the SSL certificates that the load balancer uses to encrypt connections.
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/tls.key -out /tmp/tls.crt -subj "/CN=jenkins/O=jenkins"
A new private key gets generated, as shown in Figure 10.
Figure 10: Generating a new private key
Upload the private key to Kubernetes as a secret.
kubectl create secret generic tls --from-file=/tmp/tls.crt --from-file=/tmp/tls.key --namespace jenkins
A secret “tls” gets created from the private key (see Figure 11).
Figure 11: Generating a secret from the private key
Listing the files and directories in the jenkins/k8s directory should list the Jenkins service file and other resource files, as shown in Figure 12. The ingress resource file is the jenkins/k8s/lb/ingress.yaml file.
Figure 12: Listing files and directories in the jenkins/k8s directory
Create the ingress from the resource file jenkins/k8s/lb/ingress.yaml:
kubectl apply -f jenkins/k8s/lb/ingress.yaml
Ingress “jenkins” gets created, as shown in Figure 13.
Figure 13: Creating ingress “jenkins”
To connect to Jenkins, we need to obtain the IP Address of the ingress. List the description for the ingress:
kubectl describe ingress jenkins --namespace jenkins
The IP Address is listed in the Address field, as shown in Figure 14. Copy the IP Address.
Figure 14: Listing ingress description, including IP address
Copy and paste the ingress IP address in a browser to access the Jenkins Dashboard, as shown in Figure 15.
Figure 15: Jenkins Dashboard
Click Log in to log in to Jenkins (see Figure 16).
Figure 16: Log in link
Specify User as “jenkins” and Password as the password set in the jenkins/k8s/options file, which was “jenkins”. Click log in, as shown in Figure 17.
Figure 17: Logging in to Jenkins
The Jenkins Dashboard gets displayed, as shown in Figure 18.
Figure 18: Jenkins Dashboard Logged In
In this article, we installed Jenkins in the Google Container Engine on a Kubernetes Cluster. First, a Google Cloud Platform is created and subsequently the Compute engine and Container Engine APIs are enabled, as shown in an earlier article, “Using the Google Container Engine on the Google Cloud Platform,.” A sample application is downloaded, which contains the Kubernetes manifests for Jenkins. And, in this article, a Kubernetes cluster is created and subsequently a Jenkins deployment and services are created. An ingress load balancer is configured for Jenkins and the IP address of the ingress is used to access the Jenkins Dashboard.