Jenkins

2021.03.20

1. Jenkins ?

- Jenkins is a self-contained, open source automation server which can be used to automate all sorts of tasks related to building, testing, and delivering or deploying software.
- https://www.jenkins.io/


2. Environments
- Kubernetes 1.16.15
- jenkinsci/jenkins chart 3.2.4
- Jenkins 2.277.1
- Jenkins plug-in
   ✓ Kubernetes plugin 1.29.2  
   ✓ Matrix Authorization Strategy 2.6.5
   ✓ Docker Pipeline (Docker Worflow) 1.26
   ✓ Docker plugin for Jenkins 1.2.2
   ✓ Blue ocean 1.24.4

 

3. Install Jenkins with Helm v3
- https://www.jenkins.io/doc/book/installing/kubernetes/#install-jenkins-with-helm-v3

$ helm repo add jenkinsci https://charts.jenkins.io
$ helm repo update
$ helm inspect values jenkinsci/jenkins --version 3.2.4 > jenkins-values.yaml
$ vi jenkins-values.yaml
…
  # Use ClusterIP if your setup includes ingress controller
  serviceType: NodePort             # Default: ClusterIP
  nodePort: 31443                   # Default: Null
…
$ helm install jenkins jenkinsci/jenkins --create-namespace --namespace jenkins --version 3.2.4 --values jenkins-values.yaml
NAME: jenkins
LAST DEPLOYED: Sat Mar 20 17:36:40 2021
NAMESPACE: jenkins
STATUS: deployed
REVISION: 1
NOTES:
1. Get your 'admin' user password by running:
  kubectl exec --namespace jenkins -it svc/jenkins -c jenkins -- /bin/cat /run/secrets/chart-admin-password && echo
2. Get the Jenkins URL to visit by running these commands in the same shell:
  export NODE_PORT=$(kubectl get --namespace jenkins -o jsonpath="{.spec.ports[0].nodePort}" services jenkins)
  export NODE_IP=$(kubectl get nodes --namespace jenkins -o jsonpath="{.items[0].status.addresses[0].address}")
  echo http://$NODE_IP:$NODE_PORT/login
3. Login with the password from step 1 and the username: admin
4. Configure security realm and authorization strategy
5. Use Jenkins Configuration as Code by specifying configScripts in your values.yaml file, see documentation: http:///configuration-as-code and examples: https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos

For more information on running Jenkins on Kubernetes, visit:
https://cloud.google.com/solutions/jenkins-on-container-engine
For more information about Jenkins Configuration as Code, visit:
https://jenkins.io/projects/jcasc/
NOTE: Consider using a custom image with pre-installed plugins
$
$ helm list -A | egrep 'NAME|jenkins'
NAME       NAMESPACE   REVISION   UPDATED                                    STATUS    CHART           APP VERSION
jenkins    enkins      1          2021-03-20 17:36:40.172838423 +0900 KST   deployed   jenkins-3.2.4   2.277.1
$ k get svc -n jenkins
NAME            TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
jenkins         NodePort    10.105.107.253   <none>        8080:31443/TCP   2m
jenkins-agent   ClusterIP   10.106.128.133   <none>        50000/TCP        2m1s
$ k get pod -n jenkins
NAME        READY   STATUS     RESTARTS   AGE
jenkins-0   0/2     Init:0/1   0          2m13s
$ k get pvc -n jenkins
NAME      STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS             AGE
jenkins   Bound    pvc-61b8b45d-a278-44d7-9fb0-69ecd4c35b46   8Gi        RWO            rook-ceph-block-sc-iap   2m13s
$

4. Using Jenkins
a. Connect to Jenkins
    - http://14.52.244.136:31443/
       ✓ Username: admin
       ✓ Password: 
           $ kubectl exec --namespace jenkins -it svc/jenkins -c jenkins -- /bin/cat /run/secrets/chart-admin-password && echo
           dlTtlV01wGUHsvnkjBteDG
           $

b. config Jenkins
    Jenkins 관리 > System Configuration > 시스템 설정 > Jenkins Location > Jenkins URL
    Jenkins URL 입력 & 저장 & Apply

c. update plug-in

    Jenkins 관리 > System Configuration > 플러그인 관리 > 업데이트된 플러그 인 목록

설치할 항목 Check > “지금 다운로드하고 재 시작 후 설치하기”

 

d. Install plug-in

- https://plugins.jenkins.io/

- download plug-in into local

   ✓ Matrix Authorization Strategy 2.6.6 (https://plugins.jenkins.io/matrix-auth/)

       Matrix Authorization allows configuring the lowest level permissions, such as starting new builds, configuring items, or deleting them, individually.
       Project-based Matrix Authorization Strategy
       다운로드: https://updates.jenkins.io/download/plugins/matrix-auth/2.6.6/matrix-auth.hpi

   ✓ Docker Pipeline (Docker Worflow) 1.26 (https://plugins.jenkins.io/docker-workflow/)

       Jenkins plugin which allows building, testing, and using Docker images from Jenkins Pipeline projects.

       다운로드: https://updates.jenkins.io/download/plugins/docker-workflow/1.26/docker-workflow.hpi

   ✓ Docker plugin for Jenkins 1.2.2 (https://plugins.jenkins.io/docker-plugin/) - 선택

       This plugin allows containers to be dynamically provisioned as Jenkins nodes using Docker. 

       Freestyle project 타입으로 Docker build 진행시 사용

       다운로드: https://updates.jenkins.io/download/plugins/docker-plugin/1.2.2/docker-plugin.hpi

   ✓ Blue ocean 1.24.4 (https://plugins.jenkins.io/blueocean/) - 선택

       Blue Ocean rethinks the Jenkins user experience. 

       다운로드: https://updates.jenkins.io/download/plugins/blueocean/1.24.4/blueocean.hpi

 

- 플러그인 설치하기 #1

   Jenkins 관리 > System Configuration > 플러그인 관리 > 고급 

   다운로드 한 플러그인 파일을 선택 후 올리기

- 플러그인 설치하기 #2

   Jenkins 관리 > System Configuration > 플러그인 관리  > 설치 가능

   설치할 플러그인 조회 후 "install without restart"

- 설치된 플러그인 확인

 

 

5. Add users

a. create user  

    Jenkins 관리 > Security > Manage Users > 사용자 생성

b. config Authorization

    Jenkins 관리 > Security > Configure Global Security > Authorization > Project-based Matrix Authorization Strategy

        Add user or group: test-dev 추가

        check Authorizations & Save

 

 

6.  Jenkins Plugins Download

- 방화벽 설정 필요

   updates.jenkins.io, get.jenkins.io, mirrors.tuna.tsinghua.edu.cn 또는 ftp.yz.yamagata-u.ac.jp

- 참고사항

   kt GTH 사외망에서 mirrors.tuna.tsinghua.edu.cn 방화벽 설정 후 IPS에서 차단되어 후속 처리 함

 

  $ vi jenkins-values.yaml

  …

    installPlugins:

      - kubernetes:1.29.2

      - workflow-aggregator:2.6

      - git:4.6.0

      - configuration-as-code:1.47

  …

  $

 

a. updates.jenkins.io 방화벽 설정 추가

    $ k logs jenkins-0 -c init -n jenkins

    disable Setup Wizard

    download plugins

    Downloading plugin echarts-api from url: https://updates.jenkins.io/download/plugins/echarts-api/5.0.1-1/echarts-api.hpi

    Downloading plugin checks-api from url: https://updates.jenkins.io/download/plugins/checks-api/1.6.1/checks-api.hpi 

     …

b. get.jenkins.io 방화벽 설정 추가

     $ k logs jenkins-0 -c init -n jenkins -f

     disable Setup Wizard

     download plugins

     Tried downloading workflow-step-api from https://get.jenkins.io/plugins/workflow-step-api/2.23/workflow-step-api.hpi

     Tried downloading junit from https://get.jenkins.io/plugins/junit/1.49/junit.hpi

     …

c. mirrors.tuna.tsinghua.edu.cn, ftp.yz.yamagata-u.ac.jp 방화벽 설정 추가

     https://get.jenkins.io/plugins/msbuild/1.29/msbuild.hpi?mirrorlist

     $ k logs jenkins-0 -c init -n jenkins -f

     download plugins

     Tried downloading durable-task from https://mirrors.tuna.tsinghua.edu.cn/jenkins/plugins/durable-task/1.35/durable-task.hpi

     Tried downloading echarts-api from https://mirrors.tuna.tsinghua.edu.cn/jenkins/plugins/echarts-api/5.0.1-1/echarts-api.hpi

     …

d. 정상 동작시

     $ k logs jenkins-0 -c init -n jenkins

     disable Setup Wizard

     download plugins

     Done

     copy plugins to shared volume

     finished initialization

     $