(https://hub.docker.com/r/jenkins/jenkins)
(https://github.com/istresearch/jenkins/blob/master/README.md)
-p 8080:8080 so the 8080 port in the container receives all requests to port 8080 on the host. Jenkins runs on Tomcat, which uses port 8080 as the default
-p 5000:5000 required to attach slave servers; port 50000 is used to communicate between master and slaves
(https://www.jenkins.io/doc/book/installing/#accessing-the-jenkins-home-directory)
Map the home dir to the volumes, then you can access and check the contents of the Jenkins App
A jenkins deployment only supports one replica because jenkins home can only be read/wrote by one jenkins master
A jenkins deployment spec has container iamge: jenkins/jenkins:lts
A jenkins deployment spec has containers ports: 8080 and 50000
A jenkins deployment spec has container volume mount: /var/jenkins_home
kubectl apply -f deployment.yaml
A deployment creation brings a replicaset created automatically.
kubectl apply -f pvc.yaml
kubectl apply -f service.yaml
A service helps discover the endpoints as backend servers.
kubectl apply -f ingress.yaml
get the pod IP
[root@vxlan-vm-111-38 jenkins-k8s]# kubectl get pod -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
jenkins-deployment-687ffcd9c4-7fmpf 1/1 Running 0 7h14m 10.2.1.22 vxlan-vm-111-4 <none> <none>
curl pod IP with the container ports (works from each node since pod is reachable inside a cluster):
[root@vxlan-vm-111-38 jenkins-k8s]# curl http://10.2.1.22:8080
<html><head><meta http-equiv='refresh' content='1;url=/login?from=%2F'/><script>window.location.replace('/login?from=%2F');</script></head><body style='background-color:white; color:white;'>
Authentication required
<!--
You are authenticated as: anonymous
Groups that you are in:
Permission you need to have (but didn't): hudson.model.Hudson.Read
... which is implied by: hudson.security.Permission.GenericRead
... which is implied by: hudson.model.Hudson.Administer
-->
</body></html>
and
[root@vxlan-vm-111-38 jenkins-k8s]# curl http://10.2.1.22:50000
Jenkins-Agent-Protocols: JNLP4-connect, Ping
Jenkins-Version: 2.222.3
Jenkins-Session: 966a9424
Client: 10.2.0.0
Server: 10.2.1.22
Remoting-Minimum-Version: 3.14
get the svc cluster IP
[root@vxlan-vm-111-38 jenkins-k8s]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
jenkins-master-service ClusterIP 10.1.128.125 <none> 80/TCP,50000/TCP 7h16m
curl the cluster IP with cluster ports (works from each node):
[root@vxlan-vm-111-38 jenkins-k8s]# curl http://10.1.128.125:80
<html><head><meta http-equiv='refresh' content='1;url=/login?from=%2F'/><script>window.location.replace('/login?from=%2F');</script></head><body style='background-color:white; color:white;'>
Authentication required
<!--
You are authenticated as: anonymous
Groups that you are in:
Permission you need to have (but didn't): hudson.model.Hudson.Read
... which is implied by: hudson.security.Permission.GenericRead
... which is implied by: hudson.model.Hudson.Administer
-->
</body></html>
and
[root@vxlan-vm-111-38 jenkins-k8s]# curl http://10.1.128.125:50000
Jenkins-Agent-Protocols: JNLP4-connect, Ping
Jenkins-Version: 2.222.3
Jenkins-Session: 966a9424
Client: 10.2.0.0
Server: 10.2.1.22
Remoting-Minimum-Version: 3.14
The reason we can reach cluster IP from each node:
kube-ipvs0 inets are created on each node:
kube-ipvs0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default
link/ether 82:3c:2e:25:d1:19 brd ff:ff:ff:ff:ff:ff
inet 10.1.0.1/32 brd 10.1.0.1 scope global kube-ipvs0
valid_lft forever preferred_lft forever
inet 10.1.0.10/32 brd 10.1.0.10 scope global kube-ipvs0
valid_lft forever preferred_lft forever
inet 10.1.77.75/32 brd 10.1.77.75 scope global kube-ipvs0
valid_lft forever preferred_lft forever
inet 10.1.24.217/32 brd 10.1.24.217 scope global kube-ipvs0
valid_lft forever preferred_lft forever
inet 10.1.128.125/32 brd 10.1.128.125 scope global kube-ipvs0
valid_lft forever preferred_lft forever
and rules are created on each node:
[root@vxlan-vm-111-38 jenkins-k8s]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
...
TCP 10.1.128.125:80 rr
-> 10.2.1.22:8080 Masq 1 0 0
TCP 10.1.128.125:50000 rr
-> 10.2.1.22:50000 Masq 1 0 0
...
192.168.111.15 jenkins.example.com
(node IP which ingress controller runs on / jenkins ingress rules host)
note: I have used an nimubs isolated env which has a jumper. I need to add entry in /etc/hosts and also configure /etc/squid/squid.conf to make sure jenkins.example.com can be resoved from browser
curl -H 'Host: jenkins.example.com' http://192.168.111.15
192.168.111.15 is the node IP which ingress controller runs on
Input http://jenkins.example.com or jenkins.example.com or jenkins.example.com:80 in browser and go
note: If jenkins.example.com, browser will complement to http://jenkins.example.com:80 by default (add http:// as prefix and suffix :80)