tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Tencent Kubernetes Engine
    Documentation
    Download PDF

    Step 1: Configure the TKE cluster and Jenkins

    Last updated: 2023-05-06 17:36:46
    Download PDF

      TKE Cluster Configuration

      This document describes how to customize RBAC authorization ServiceAccount in TKE and get the cluster access address, token, and cluster CA certificate information required during Jenkins configuration.

      Getting the cluster credential

      Note
      You need to enable private network access in the current cluster. For more information, see Basic Features.
      1. Use the following Shell script to create a test namespace ci and a test user jenkins of the ServiceAccount type and get the cluster access credential (token):
      # Create the test namespace `ci`
      kubectl create namespace ci
      # Create the test ServiceAccount account
      kubectl create sa jenkins -n ci
      # Get the secret token automatically created by the ServiceAccount account
      kubectl get secret $(kubectl get sa jenkins -n ci -o jsonpath={.secrets[0].name}) -n ci -o jsonpath={.data.token} | base64 --decode
      2. Create a Role permission object resource file jenkins-role.yaml in the ci test namespace as follows:
      kind: Role
      apiVersion: rbac.authorization.k8s.io/v1beta1
      metadata:
        name: jenkins
      rules:
      - apiGroups: [""]
        resources: ["pods"]
        verbs: ["create","delete","get","list","patch","update","watch"]
      - apiGroups: [""]
        resources: ["pods/exec"]
        verbs: ["create","delete","get","list","patch","update","watch"]
      - apiGroups: [""]
        resources: ["pods/log"]
        verbs: ["get","list","watch"]
      - apiGroups: [""]
        resources: ["secrets"]
        verbs: ["get"]
      3. Create a RoleBinding object resource file jenkins-rolebinding.yaml. The following permission binding indicates that the jenkins user of the ServiceAccount type has jenkins (Role type) permissions in the ci namespace, as shown below:
      apiVersion: rbac.authorization.k8s.io/v1beta1
      kind: RoleBinding
      metadata:
        name: jenkins
        namespace: ci
      roleRef:
        apiGroup: rbac.authorization.k8s.io
        kind: Role
        name: jenkins
      subjects:
      - kind: ServiceAccount
        name: jenkins

      Getting the cluster CA certificate

      1. Log in to the node of the cluster as instructed in Logging In To Linux Instance (Web Shell).
      2. Run the following command to view the cluster CA certificate:
      cat /etc/kubernetes/cluster-ca.crt
      3. Record and save the returned certificate information as shown below:
      

      Authorizing docker.sock

      Each node of the TKE cluster has a docker.sock file. The slave pod connects to this file when running docker build. Before that, you need to log in to each node and run the following commands to authorize docker build:
      chmod 666 /var/run/docker.sock
      ls -l /var/run/docker.sock

      Configuring Jenkins

      Note
      The UI of Jenkins varies with the product version. Select an appropriate version based on your business needs.

      Adding a TKE private network access address

      1. Log in to the Jenkins master node as instructed in Logging In To Linux Instance (Web Shell).
      2. Run the following command to configure the access address (domain name):
      sudo sed -i '$a 10.x.x.x cls-ixxxelli.ccs.tencent-cloud.com' /etc/hosts
      Note
      This command can be obtained from Cluster APIServer Information on the basic information page of the cluster after private network access is enabled for the cluster. For more information, see Getting the cluster credential.
      3. Run the following command to query whether the configuration is successful:
      cat /etc/hosts
      If the result shown in the following figure appears, the configuration was successful.
      

      Required plug-ins for Jenkins installation

      1. Log in to the Jenkins backend and click Manage Jenkins in the left sidebar.
      2. On the Manage Jenkins panel, click Manage plug-ins.
      3. In the Available tab, check Locale, Kubernetes, Git Parameter, and Extended Choice Parameter.
      Locale indicates a Chinese language plug-in. If this plug-in is installed, the Jenkins UI is in Chinese by default.
      Kubernetes indicates the Kubernetes plug-in.
      Git Parameter and Extended Choice Parameter are used to pass parameters during package building. The following figure shows the Kubernetes plug-in as an example:
      
      4. After checking the preceding plug-ins, click Install without restart and restart Jenkins.

      Enabling the jnlp port

      1. Log in to the Jenkins backend and click Manage Jenkins in the left sidebar.
      2. On the Manage Jenkins panel, click Configure global security.
      3. In TCP port for inbound agents, check Fixed and enter 50000.
      4. Keep other configuration items as their defaults and click Save at the bottom of the page.

      Adding the TKE cluster credential

      1. Log in to the Jenkins backend and choose Credentials > System in the left sidebar.
      2. On the System panel, select **Global credentials (unrestricted)**.
      3. On the page that appears, click Add credentials in the left sidebar, and configure the basic credential information as follows:
      Kind: Select Secret text.
      Scope: Use the default option **Global (Jenkins, nodes, items, all child items, etc)**.
      Secret: Enter the token of ServiceAccount jenkins obtained in Getting the cluster credential.
      ID: Leave it blank as default.
      Description: Complete the information about the credential, which is displayed as the credential name and descriptive information. This document uses tke-token as an example.
      4. Click OK to add the credential. Once successfully added, the credential is displayed in the credential list as shown below:
      

      Adding the GitLab credential

      1. On the Global credentials (unrestricted) page, click Add credentials in the left sidebar, and configure the basic credential information as follows:
      Kind: Select Username with password.
      Scope: Use the default option **Global (Jenkins, nodes, items, all child items, etc)**.
      Username: Enter the GitLab username.
      Password: Enter the GitLab login password.
      ID: Leave it blank as default.
      Description: Complete the information about the credential, which is displayed as the credential name and descriptive information. This document uses gitlab-password as an example.
      2. Click OK.

      Configuring the slave pod template

      1. Log in to the Jenkins backend and click Manage Jenkins in the left sidebar.
      2. On the Manage Jenkins panel, click Configure system.
      3. At the bottom of the Configure system panel, choose Add a new cloud > Kubernetes in the Cloud section.
      4. Click Kubernetes Cloud details... to configure the following basic information for Kubernetes. The following describes the main parameters. For other parameters, simply keep them as their defaults:
      Name: Enter a custom name. This document uses kubernetes as an example.
      Kubernetes URL: Specify the TKE cluster access address. For more information, see Getting the cluster credential.
      Kubernetes server certificate key: Specify the cluster CA certificate. For more information, see Getting the cluster CA certificate.
      Credentials: Select the tke-token credential created in the Adding the TKE cluster token step and then click Test connection. If the connection succeeds, the "Connection successful" prompt appears.
      Jenkins URL: Enter a Jenkins private network address, such as http://10.x.x.x:8080.
      5. Choose Pod templates > Add pod template > Pod template details... and configure the basic information of the pod template. The following describes the main parameters. For other parameters, simply keep them as their defaults:
      Name: Enter a custom name. This document uses jnlp-agent as an example.
      Labels: Define the tag name. You can select a pod for building based on the tag. This document uses jnlp-agent as an example.
      Usage: Select Use this node as much as possible.
      6. In the Containers drop-down list, choose Add container > Container template and configure the following container information:
      Name: Enter a custom container name. This document uses jnlp-agent as an example.
      Docker image: Enter the image address jenkins/jnlp-slave:alpine.
      **Working directory*: Keep it as its default. Save the working directory, which will be used for building and packaging shell scripts.
      Leave other configuration items as their defaults.
      7. In Volume, complete the following steps to add a volume and configure the docker command for the slave pod.
      7.1 Choose Add volume > Host path volume. Enter /usr/bin/docker for both the host and mount paths.
      7.2 Choose Add volume > Host path volume. Enter /var/run/docker.sock for both the host and mount paths.
      7.3 Click Save at the bottom of the page to finish configuring the slave pod template.

      Subsequent Operations

      Go to Step 2: Configure Slave Pod Building to create a task and configure task parameters.
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy