Setting up Jenkins on Kubernetes Engine

This tutorial shows you how to set up Jenkins on Google Kubernetes Engine to help orchestrate your software delivery pipeline.


  • Creating a Kubernetes cluster with Kubernetes Engine.
  • Creating a Jenkins deployment and services.
  • Configuring external load balancing.
  • Connecting to Jenkins.
  • Understanding the code.


This tutorial uses billable components of Cloud Platform, including:

  • Google Compute Engine

Use the Pricing Calculator to generate a cost estimate based on your projected usage. New Cloud Platform users might be eligible for a free trial.

Before you begin

  1. Sign in to your Google Account.

    If you don't already have one, sign up for a new account.

  2. Select or create a GCP project.

    Go to the Manage resources page

  3. Make sure that billing is enabled for your project.

    Learn how to enable billing

  4. Enable the Google Compute Engine, Google Kubernetes Engine APIs.

    Enable the APIs

Preparing your environment

First, prepare your deployment environment.

  1. Activate Google Cloud Shell. Cloud Shell gives you access to the command line in GCP Console, and includes Google Cloud SDK and other tools you need for Cloud Platform development. Cloud Shell can take several minutes to provision.

    Activate Cloud Shell

  2. After the process completes, you'll see the following output.

    Welcome to Cloud Shell! For help, visit
  3. Set the default Compute Engine zone to us-east1-d.

    gcloud config set compute/zone us-east1-d
  4. Clone the sample code, or, download the zip file.

    git clone

    The git repository contains Kubernetes manifests that you'll use to deploy Jenkins. The manifests and their settings are described in Configuring Jenkins for Kubernetes Engine.

  5. Navigate to the sample code directory.

    cd continuous-deployment-on-kubernetes

Creating a Kubernetes cluster

You can use Kubernetes Engine to create and manage your Kubernetes cluster.

  1. Create a Compute Engine network for the Kubernetes Engine cluster to connect to and use.

    gcloud compute networks create jenkins
  2. Provision a Kubernetes cluster using Kubernetes Engine. This step can take up to several minutes to complete.

    gcloud container clusters create jenkins-cd \
      --network jenkins \
      --scopes ",storage-rw"

    The extra scopes enable Jenkins to access Cloud Source Repositories and Google Container Registry.

  3. Confirm that your cluster is running.

    gcloud container clusters list

    Look for RUNNING in the STATUS column.

    jenkins-cd  us-east1-d       1.5.2   n1-standard-1     1.5.2         3       RUNNING

  4. Get the credentials for your cluster. Kubernetes Engine uses these credentials to access your newly provisioned cluster.

    gcloud container clusters get-credentials jenkins-cd
  5. Confirm that you can connect to your cluster.

    kubectl cluster-info

    If the cluster is running, the URLs of where your Kubernetes components are accessible display.

    Kubernetes master is running at
    GLBCDefaultBackend is running at
    Heapster is running at
    KubeDNS is running at
    kubernetes-dashboard is running at

Creating the Jenkins home volume

To pre-populate Jenkins with the configurations discussed in Jenkins on Kubernetes Engine, you’ll need to create the volume from the supplied tarball. Kubernetes Engine mounts this volume into your Jenkins pod. This step can take up to several minutes to complete.

gcloud compute images create jenkins-home-image --source-uri
gcloud compute disks create jenkins-home --image jenkins-home-image --zone us-east1-d

Configuring Jenkins credentials

First, set up the password for the default Jenkins user.

  1. Open the jenkins/k8s/options file, and replace CHANGE_ME with a new password.

  2. Save and exit the file.

  3. Enter cd ../../ to return to the project directory.

Alternately, you can run the following command to generate a random password and update the options file.

PASSWORD=`openssl rand -base64 15`; echo "Your password is $PASSWORD"; sed -i.bak s#CHANGE_ME#$PASSWORD# jenkins/k8s/options

The following output displays, where [PASSWORD_STRING] contains the password.

Your password is [PASSWORD STRING].

Next, create a Kubernetes namespace for Jenkins.

kubectl create ns jenkins

Namespaces allow you to use the same resource manifests across multiple environments without needing to give resources unique names.

Finally, create a Kubernetes secret. Kubernetes uses this object to provide Jenkins with the default username and password when Jenkins boots.

kubectl create secret generic jenkins --from-file=jenkins/k8s/options --namespace=jenkins

Creating the Jenkins deployment and services

In this section you’ll create a Jenkins deployment and services based on the Kubernetes resources defined in the jenkins/k8s folder of the sample code.

  1. Add your account as a cluster administrator:

        kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=$(gcloud config get-value account)

  2. Create the Jenkins deployment and services.

    kubectl apply -f jenkins/k8s/

    The following output displays.

    deployment "jenkins" created
    service "jenkins-ui" created
    service "jenkins-discovery" created

  3. Confirm that the pod is running.

    kubectl get pods --namespace jenkins

    Look for Running in the STATUS column.

    NAME                       READY     STATUS    RESTARTS   AGE
    jenkins-2477738154-iafn5   1/1       Running   0          1d

The kubectl apply command creates a Jenkins deployment that contains a container for running Jenkins, and a persistent disk that contains the Jenkins home directory. Keeping the home directory on the persistent disk ensures that your critical configuration data is maintained, even if the pod running your Jenkins master goes down.

The kubectl apply command also creates two services that enable your Jenkins master to be accessed by other pods in the cluster:

  • A NodePort service on port 8080 that allows pods and external users to access the Jenkins user interface. This type of service can be load balanced by an HTTP Load Balancer.

  • A ClusterIP service on port 50000 that the Jenkins executors use to communicate with the Jenkins master from within the cluster.

For an in-depth explanation of how the deployment is configured, see Configuring Jenkins for Kubernetes Engine.

Configuring external load balancing

Next, you’ll create an ingress resource that manages the external load balancing of the Jenkins user interface service. The ingress resource also acts as an SSL terminator to encrypt communication between users and the Jenkins user interface service.

Confirm that the services are set up correctly.

  1. List the Jenkins services.

    kubectl get svc --namespace jenkins

    Confirm that jenkins-discovery and jenkins-ui display.

    NAME                CLUSTER-IP      EXTERNAL-IP   PORT(S)     AGE
    jenkins-discovery   <none>        50000/TCP   10m
    jenkins-ui   <nodes>         8080/TCP    10m

Setting up encryption

Next, you’ll create and upload SSL certificates that the load balancer uses to encrypt connections.

  1. If you don’t already have an SSL certificate for your domain, you can create a temporary SSL certificate and key pair by running the following command.

    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/tls.key -out /tmp/tls.crt -subj "/CN=jenkins/O=jenkins"
  2. Upload the certificate to Kubernetes as a secret object.

    kubectl create secret generic tls --from-file=/tmp/tls.crt --from-file=/tmp/tls.key --namespace jenkins

Creating the load balancer

Create the load balancer. The command uses the ingress resource definition from the jenkins/k8s/lb/ingress.yaml file in the sample code.

kubectl apply -f jenkins/k8s/lb/ingress.yaml

Connecting to Jenkins

  1. Check the status of the load balancer’s health checks.

    kubectl describe ingress jenkins --namespace jenkins

    It can take several minutes for the load balancer to be provisioned and for the health checks to complete. The backends field displays as UNKNOWN or UNHEALTHY until the checks complete in a healthy state. Repeat this step until you see the backends field display HEALTHY.

    Name:           jenkins
    Namespace:      jenkins
    Default backend:    jenkins-ui:8080 (
      tls terminates
      Host  Path    Backends
      ----  ----    --------
      https-forwarding-rule:    k8s-fws-jenkins-jenkins
      https-target-proxy:       k8s-tps-jenkins-jenkins
      static-ip:            k8s-fw-jenkins-jenkins
      target-proxy:         k8s-tp-jenkins-jenkins
      url-map:          k8s-um-jenkins-jenkins
      backends:         {"k8s-be-32371":"HEALTHY"}

  2. From the same output, copy the [IP_ADDRESS] value of the Address field. This is the IP address you’ll use to connect to Jenkins.

    Address: [IP_ADDRESS]

  3. In a web browser, navigate to the IP address from the previous step.

  4. Open the jenkins/k8s/options file and get the [PASSWORD] value. This is the password you’ll use to log in to Jenkins.


  5. Click log in on the top right of the window. Input jenkins for the User form field and the password value from the previous step for the Password form field.

  6. Click the log in button.

You now have access to Jenkins and a Kubernetes cluster managed by Kubernetes Engine. To take this solution further, you could use these components in your continuous delivery pipeline.

Cleaning up

To avoid incurring charges to your Google Cloud Platform account for the resources used in this tutorial:

After you've finished the Jenkins on Kubernetes Engine tutorial, you can clean up the resources you created on Google Cloud Platform so you won't be billed for them in the future. The following sections describe how to delete or turn off these resources.

Deleting the project

The easiest way to eliminate billing is to delete the project you created for the tutorial.

To delete the project:

  1. In the GCP Console, go to the Projects page.

    Go to the Projects page

  2. In the project list, select the project you want to delete and click Delete project. After selecting the checkbox next to the project name, click
      Delete project
  3. In the dialog, type the project ID, and then click Shut down to delete the project.

Deleting disks

  1. In the GCP Console, go to the Disks page.

    Go to the Disks page

  2. Click the checkbox next to your jenkins-home disk.
  3. Click the Delete button at the top of the page to delete the disk.

Deleting instances

To delete a Compute Engine instance:

  1. In the GCP Console, go to the VM Instances page.

    Go to the VM Instances page

  2. Click the checkbox next to the instance you want to delete.
  3. Click the Delete button at the top of the page to delete the instance.

What's next

Was this page helpful? Let us know how we did:

Send feedback about...