Building the CI/CD of the Future, Install and configure Jenkins
In this tutorial, I will share my experience as a DevOps engineer, this is the fifth post of the tutorial in which I will describe how to install Jenkins with helm, configure it, use a persistent volume, and do daily Jenkins backups.
Building the CI/CD of the Future published posts:
- Introduction
- Creating the VPC for EKS cluster
- Creating the EKS cluster
- Adding the Cluster Autoscaler
- Add Ingress Nginx and Cert-Manager
- Install and configure Jenkins
- Create your first pipeline
Let’s start.
What is Jenkins?
Jenkins is a self-contained, open source automation server which can be used to automate all sorts of tasks related to building, testing, and delivering or deploying software.
https://jenkins.io/doc/
Install Jenkins to EKS cluster
To install Jenkins to our EKS cluster, I will use this helm chart and my custom jenkins-values.yaml to override the defaults.
Review the configuration of jenkins-values.yaml
Ingress definition
We enabled the Ingress rule and after Jenkins is installed, it will be accessible as jenkins.eks.cicd-future.com, and Let’s Encrypt certificate will be obtained for this domain. You can read about the ingress and certification mechanism in detail in the previous post.
Backup
To use backups we using kube-tasks, it’s a simple mechanism that copy files of /var/jenkins_home (Jenkins master POD) folder on daily basis to s3 bucket, using the Kubernetes scheduled job.
To enable this mechanism you need to define your backup schedule in cronjob format like: ‘0 3 * * *’ and to have access to s3 bucket, using kube2iam or in my case, I created a specific user in AWS with access to S3. If you using AWS user like I do you need to store the credentials (aws_access_key / aws_secret_key) of this user as kubernetes secret, you can create a secret by running this command:
ACCESS_KEY is aws_access_key you got from your user, after choosing programmatic access and exporting creds. SECRET_KEY is an aws_secret_key you exported.
The secret name is jenkinss3:
This mechanism worked for a couple of months till I found that 3 last jobs in a failed state and logs revealed ‘error in Stream: command terminated with exit code 1 src: file:”, you can read about this issue here. Failure occurs when files in /var/jenkins_home folder changing during upload to s3 bucket. This problem not solved, so my solution was to build this simple scheduled job which will archive /var/jenkins_home folder and uploads it to s3 on a daily basis.
You can read more about this solution here.
Persistent volume
We need a persistent volume for Jenkins to store all configuration and make sure the data not lost after POD restarted or worker node is rebooted.
It will use the default storage class:
if not selected otherwise, in my case it’s AWS EBS.
Set of plugins I am using
- Jenkins Kubernetes plugin
- Plugins for the pipeline in Jenkins
- blueocean plugin which is very useful
- google-login plugin which lets you log in to Jenkins with your Google account
- simple-theme-plugin which makes Jenkins UI sexier, I personally use material-theme
Create and configure service-account
In order for Jenkins to be authenticated/authorized to the Kubernetes cluster, we need to create a service account. The service account is bound to cluster roles and can be granted certain cluster privileges.
In jenkins-values.yaml you must enable service-account creation:
Then you must grant to you service-account cluster-admin role by running this command:
Now Jenkins can access the Kubernetes cluster and create/update/delete different Kubernetes resources like pods/deployments/services …
You can read more about RBAC Authorization here.
Install Jenkins master on the cluster to jenkins namespace
Assuming your custom values.yaml for Jenkins helm chart is jenkins-values.yaml
Get the admin password of Jenkins
The only thing left is to open Jenkins in the browser and login using the admin password you have from the previous step.
I the next post I will show you how to use a created service account on Jenkins and how to run a simple pipeline job that lists all pods in the Kubernetes cluster.
In this post, I explained how to install Jenkins, did an overview of my custom configuration, how to configure ingress rules, do daily backups, use persistent volume to store all the data, my set of plugins, how to create a service account with access to the Kubernetes cluster.
Please subscribe to my YT channel
Please follow me on Twitter (@warolv)
I will save all configuration created in this tutorial in my Github