Setting up Jenkins on Container Engine

This tutorial shows you how to set up Jenkins on Google Container Engine to help orchestrate your software delivery pipeline.

Objectives

  • Creating a Kubernetes cluster with Container Engine.
  • Creating a Jenkins deployment and services.
  • Configuring external load balancing.
  • Connecting to Jenkins.
  • Understanding the code.

Costs

This tutorial uses billable components of Cloud Platform, including:

  • Google Compute Engine

Use the Pricing Calculator to generate a cost estimate based on your projected usage. New Cloud Platform users might be eligible for a free trial.

Before you begin

  1. Sign in to your Google account.

    If you don't already have one, sign up for a new account.

  2. Select or create a Cloud Platform project.

    Go to the Projects page

  3. Enable billing for your project.

    Enable billing

  4. Enable the Google Compute Engine, Google Container Engine APIs.

    Enable the APIs

Preparing your environment

First, prepare your deployment environment.

  1. Activate Google Cloud Shell. Cloud Shell gives you access to the command line in Cloud Platform Console, and includes Google Cloud SDK and other tools you need for Cloud Platform development. Cloud Shell can take several minutes to provision.

    Activate Cloud Shell

  2. After the process completes, you'll see the following output.

    Welcome to Cloud Shell! For help, visit https://cloud.google.com/cloud-shell/help.
    
  3. Set the default Compute Engine zone to us-east1-d.

    gcloud config set compute/zone us-east1-d
    
  4. Clone the sample code, or, download the zip file.

    git clone https://github.com/GoogleCloudPlatform/continuous-deployment-on-kubernetes.git
    

    The git repository contains Kubernetes manifests that you'll use to deploy Jenkins. The manifests and their settings are described in Configuring Jenkins for Container Engine.

  5. Navigate to the sample code directory.

    cd continuous-deployment-on-kubernetes
    

Creating a Kubernetes cluster

You can use Container Engine to create and manage your Kubernetes cluster.

  1. Create a Compute Engine network for the Container Engine cluster to connect to and use.

    gcloud compute networks create jenkins --mode auto
    

    Setting the mode flag to auto indicates that the network’s subnet ranges are automatically chosen.

  2. Provision a Kubernetes cluster using Container Engine. This step can take up to several minutes to complete.

    gcloud container clusters create jenkins-cd \
      --network jenkins \
      --scopes "https://www.googleapis.com/auth/projecthosting,storage-rw"
    

    The extra scopes enable Jenkins to access Cloud Source Repositories and Google Container Registry.

  3. Confirm that your cluster is running.

    gcloud container clusters list
    

    Look for RUNNING in the STATUS column.

    NAME            ZONE        MASTER_VERSION   MASTER_IP      MACHINE_TYPE   NODE_VERSION  NUM_NODES  STATUS
    jenkins-cd  us-east1-d       1.5.2      104.198.123.88   n1-standard-1     1.5.2         3       RUNNING
    

  4. Get the credentials for your cluster. Container Engine uses these credentials to access your newly provisioned cluster.

    gcloud container clusters get-credentials jenkins-cd
    
  5. Confirm that you can connect to your cluster.

    kubectl cluster-info
    

    If the cluster is running, the URLs of where your Kubernetes components are accessible display.

    Kubernetes master is running at https://130.211.178.38
    GLBCDefaultBackend is running at https://130.211.178.38/api/v1/proxy/namespaces/kube-system/services/default-http-backend
    Heapster is running at https://130.211.178.38/api/v1/proxy/namespaces/kube-system/services/heapster
    KubeDNS is running at https://130.211.178.38/api/v1/proxy/namespaces/kube-system/services/kube-dns
    kubernetes-dashboard is running at https://130.211.178.38/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard
    

Creating the Jenkins home volume

To pre-populate Jenkins with the configurations discussed in Jenkins on Container Engine, you’ll need to create the volume from the supplied tarball. Container Engine mounts this volume into your Jenkins pod. This step can take up to several minutes to complete.

gcloud compute images create jenkins-home-image --source-uri https://storage.googleapis.com/solutions-public-assets/jenkins-cd/jenkins-home-v3.tar.gz
gcloud compute disks create jenkins-home --image jenkins-home-image --zone us-east1-d

Configuring Jenkins credentials

First, set up the password for the default Jenkins user.

  1. Open the jenkins/k8s/options file, and replace CHANGE_ME with a new password.

  2. Save and exit the file.

  3. Enter cd ../../ to return to the project directory.

Alternately, you can run the following command to generate a random password and update the options file.

PASSWORD=`openssl rand -base64 15`; echo "Your password is $PASSWORD"; sed -i.bak s#CHANGE_ME#$PASSWORD# jenkins/k8s/options

The following output displays, where [PASSWORD_STRING] contains the password.

Your password is [PASSWORD STRING].

Next, create a Kubernetes namespace for Jenkins.

kubectl create ns jenkins

Namespaces allow you to use the same resource manifests across multiple environments without needing to give resources unique names.

Finally, create a Kubernetes secret. Kubernetes uses this object to provide Jenkins with the default username and password when Jenkins boots.

kubectl create secret generic jenkins --from-file=jenkins/k8s/options --namespace=jenkins

Creating the Jenkins deployment and services

In this section you’ll create a Jenkins deployment and services based on the Kubernetes resources defined in the jenkins/k8s folder of the sample code.

  1. Create the Jenkins deployment and services.

    kubectl apply -f jenkins/k8s/
    

    The following output displays.

    deployment "jenkins" created
    service "jenkins-ui" created
    service "jenkins-discovery" created
    

  2. Confirm that the pod is running.

    kubectl get pods --namespace jenkins
    

    Look for Running in the STATUS column.

    NAME                       READY     STATUS    RESTARTS   AGE
    jenkins-2477738154-iafn5   1/1       Running   0          1d
    

The kubetcl apply command creates a Jenkins deployment that contains a container for running Jenkins, and a persistent disk that contains the Jenkins home directory. Keeping the home directory on the persistent disk ensures that your critical configuration data is maintained, even if the pod running your Jenkins master goes down.

The kubetcl apply command also creates two services that enable your Jenkins master to be accessed by other pods in the cluster:

  • A NodePort service on port 8080 that allows pods and external users to access the Jenkins user interface. This type of service can be load balanced by an HTTP Load Balancer.

  • A ClusterIP service on port 50000 that the Jenkins executors use to communicate with the Jenkins master from within the cluster.

For an in-depth explanation of how the deployment is configured, see Configuring Jenkins for Container Engine.

Configuring external load balancing

Next, you’ll create an ingress resource that manages the external load balancing of the Jenkins user interface service. The ingress resource also acts as an SSL terminator to encrypt communication between users and the Jenkins user interface service.

Confirm that the services are set up correctly.

  1. List the Jenkins services.

    kubectl get svc --namespace jenkins
    

    Confirm that jenkins-discovery and jenkins-ui display.

    NAME                CLUSTER-IP      EXTERNAL-IP   PORT(S)     AGE
    jenkins-discovery   10.79.254.142   <none>        50000/TCP   10m
    jenkins-ui          10.79.242.143   <nodes>         8080/TCP    10m
    

Setting up encryption

Next, you’ll create and upload SSL certificates that the load balancer uses to encrypt connections.

  1. If you don’t already have an SSL certificate for your domain, you can create a temporary SSL certificate and key pair by running the following command.

    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/tls.key -out /tmp/tls.crt -subj "/CN=jenkins/O=jenkins"
    
  2. Upload the certificate to Kubernetes as a secret object.

    kubectl create secret generic tls --from-file=/tmp/tls.crt --from-file=/tmp/tls.key --namespace jenkins
    

Creating the load balancer

Create the load balancer. The command uses the ingress resource definition from the jenkins/k8s/lb/ingress.yaml file in the sample code.

kubectl apply -f jenkins/k8s/lb/ingress.yaml

Connecting to Jenkins

  1. Check the status of the load balancer’s health checks.

    kubectl describe ingress jenkins --namespace jenkins
    

    It can take several minutes for the load balancer to be provisioned and for the health checks to complete. The backends field displays as UNKNOWN or UNHEALTHY until the checks complete in a healthy state. Repeat this step until you see the backends field display HEALTHY.

    Name:           jenkins
    Namespace:      jenkins
    Address:        130.211.14.253
    Default backend:    jenkins-ui:8080 (10.76.2.3:8080)
    TLS:
      tls terminates
    Rules:
      Host  Path    Backends
      ----  ----    --------
    Annotations:
      https-forwarding-rule:    k8s-fws-jenkins-jenkins
      https-target-proxy:       k8s-tps-jenkins-jenkins
      static-ip:            k8s-fw-jenkins-jenkins
      target-proxy:         k8s-tp-jenkins-jenkins
      url-map:          k8s-um-jenkins-jenkins
      backends:         {"k8s-be-32371":"HEALTHY"}
    

  2. From the same output, copy the [IP_ADDRESS] value of the Address field. This is the IP address you’ll use to connect to Jenkins.

    Address: [IP_ADDRESS]

  3. In a web browser, navigate to the IP address from the previous step.

  4. Open the jenkins/k8s/options file and get the [PASSWORD] value. This is the password you’ll use to log in to Jenkins.

    --argumentsRealm.passwd.jenkins=[PASSWORD]

  5. Click log in on the top right of the window. Input jenkins for the User form field and the password value from the previous step for the Password form field.

  6. Click the log in button.

You now have access to Jenkins and a Kubernetes cluster managed by Container Engine. To take this solution further, you could use these components in your continuous delivery pipeline.

Cleaning up

To avoid incurring charges to your Google Cloud Platform account for the resources used in this tutorial:

After you've finished the Jenkins on Container Engine tutorial, you can clean up the resources you created on Google Cloud Platform so you won't be billed for them in the future. The following sections describe how to delete or turn off these resources.

Deleting the project

The easiest way to eliminate billing is to delete the project you created for the tutorial.

To delete the project:

  1. In the Cloud Platform Console, go to the Projects page.

    Go to the Projects page

  2. In the project list, select the project you want to delete and click Delete project. After selecting the checkbox next to the project name, click
      Delete project
  3. In the dialog, type the project ID, and then click Shut down to delete the project.

Deleting disks

  1. In the Cloud Platform Console, go to the Disks page.

    Go to the Disks page

  2. Click the checkbox next to your jenkins-home disk.
  3. Click the Delete button at the top of the page to delete the disk.

Deleting instances

To delete a Compute Engine instance:

  1. In the Cloud Platform Console, go to the VM Instances page.

    Go to the VM Instances page

  2. Click the checkbox next to the instance you want to delete.
  3. Click the Delete button at the top of the page to delete the instance.

What's next

Send feedback about...