This document discusses using Jenkins and Helm to enable continuous delivery to Kubernetes. It recommends running Jenkins on Kubernetes to take advantage of features like containerization, isolation, and dynamic scaling. It provides instructions for deploying Jenkins with Helm and using the Kubernetes plugin for Jenkins to dynamically provision agents as Kubernetes pods. It also covers how to create custom Helm charts to package and deploy applications, customize the Jenkins Helm chart, and considerations for performance and access control when using Jenkins and Helm together.
4. Getting started with Helm
• ‘Package manager’ for Kubernetes
• Packages called charts stored in one or more repositories
• Charts contain templatized Kubernetes configuration
• Setup client configuration and install server-side tiller
> helm init
• Check tiller is available
> kubectl rollout status deployment -n kube-system tiller-deploy
/* Discover. Collaborate. Deploy. */ 4
https://helm.sh/
5. Deploying Jenkins with Helm
• Find the Jenkins Helm chart
• Search kubeapps.com or
> helm search jenkins
• Install the chart
> helm install --name cd stable/jenkins
• Creates deployment, services, secret, config maps and persistent
volume claim
• Follow the instructions to retrieve the Jenkins admin password
• Access the Jenkins UI
> minikube service cd-jenkins
/* Discover. Collaborate. Deploy. */ 5
6. Kubernetes plugin for Jenkins
• Developed by Carlos Sanchez @ CloudBees
• Spins up Jenkins slave as Kubernetes pod on demand
• Pod template defines containers that should exist in pod
• JNLP agent is always one of them
• Enables re-use of existing Docker images e.g. maven, golang or docker
• Template can define other configuration for the pod/containers
• Environment variables
• Mount from secret, config map or volume
/* Discover. Collaborate. Deploy. */ 6
7. Kubernetes plugin and Jenkins pipelines
• Pod templates can be defined in Jenkins configuration or
declaratively as part of a Jenkins pipeline either in the job
definition or in version control as a Jenkinsfile
podTemplate(label: 'mypod', inheritFrom: 'default',
containers: [
containerTemplate(name: 'maven', image: 'maven',
ttyEnabled: true, command: 'cat')
]) {
node('mypod') {
stage ('Extract') { checkout scm }
stage ('Build') { container ('maven') { mvn package } }
}
}
/* Discover. Collaborate. Deploy. */ 7
8. Creating your own Helm charts
>helm create test
test/
Chart.yaml
values.yaml
charts/
templates/
NOTES.txt
_helpers.tpl
deployment.yaml
ingress.yaml
service.yaml
/* Discover. Collaborate. Deploy. */ 8
10. Overriding chart values
• Variables can be overridden at install time
• As command line parameters:
> helm install test --set image.tag=1.13
• And/or via a file:
> helm install test --values overrides.yaml
/* Discover. Collaborate. Deploy. */ 10
11. Installing charts in a pipeline
• Charts can be kept in a separate repository or stored alongside
the application source code
• Create a Docker image containing the Helm client
• Deploy tiller independently and use
> helm init --client-only
• Kubernetes configuration automatically available in pod
• To perform an install or upgrade, use:
> helm upgrade --install ...
• Use overrides to define image to deploy
• The --wait option can be used to wait for pods to start
/* Discover. Collaborate. Deploy. */ 11
12. More advanced Helm
• Ensure Helm chart is well formed:
> helm lint --strict ...
• Verify successful deployment
> helm test ...
• Executes and tests exit code for pods annotated with "helm.sh/hook":
test-success or test-failure
• Specify sub-charts in charts directory or requirements.yaml
• E.g. to satisfy a database dependency
• Hooks for lifecycle events e.g. pre/post install
/* Discover. Collaborate. Deploy. */ 12
13. Jenkins Helm chart customization
• Chart values allow customization of almost everything!
• Master.InstallPlugins – list of Jenkins plugins to install
• Master/Agent.image – Docker image for master/slave
• Master.InitScripts – list of Jenkins init scripts
• Master.Jobs – Jenkins XML job configs
• Agent.Cpu/Memory – resource constraints for agent
• Master.CustomConfigMap – allows a parent chart to override
the entire Jenkins config via override_config_map template
• …
/* Discover. Collaborate. Deploy. */ 13
14. Things to watch out for
• Poor Jenkins performance with network storage
• Jenkins slave pods may get re-used if long-lived
• Lack of access control for Helm
• Enable SSL and deploy tiller per namespace with RBAC
• Don’t use latest tag with images
• If the config doesn’t change, Kubernetes won’t see it as an update
• Use AlwaysPullImages admission controller
• helm --wait only requires minimum pod count to be satisfied
• For replicas=1 and maxUnavailable=1 that is zero!
/* Discover. Collaborate. Deploy. */ 14
15. Microservice Builder and Microclimate
• Microservice Builder provides a dev-ops pipeline based on the
community Jenkins chart and adding:
• Opinionated Jenkins library
• Docker images pre-built with plugins and adding Power support
• GitHub org and oauth plugins
• Microclimate provides a containerized development
environment capable of running locally or on Kubernetes
• Generates starter templates for Java (Spring or MicroProfile), Node.js
and Swift containing application source, Dockerfile, Helm chart, …
• Rapid iterative build/run/test in a containerized environment
• Option to use a web based or local IDE
/* Discover. Collaborate. Deploy. */ 15
https://microclimate-dev2ops.github.io
16. Other IBM Helm Charts
https://raw.githubusercontent.com/IBM/charts/master/repo/stable/
/* Discover. Collaborate. Deploy. */ 16
18. Notices and disclaimers continued
• Information concerning non-IBM products was obtained from
the suppliers of those products, their
published announcements or other publicly available
sources. IBM has not tested those products about this
publication and cannot confirm the accuracy of performance,
compatibility or any other claims related to non-IBM
products. Questions on the capabilities of non-IBM products
should be addressed to the suppliers of those products.
IBM does not warrant the quality of any third-party products,
or the ability of any such third-party products to
interoperate with IBM’s products. IBM expressly disclaims all
warranties, expressed or implied, including but not limited
to, the implied warranties of merchantability and fitness for
a purpose.
• The provision of the information contained herein is not
intended to, and does not, grant any right or license under any
IBM patents, copyrights, trademarks or other intellectual
property right.
• IBM, the IBM logo, ibm.com and [names of other referenced
IBM products and services used in the presentation] are
trademarks of International Business Machines Corporation,
registered in many jurisdictions worldwide. Other product and
service names might be trademarks of IBM or other
companies. A current list of IBM trademarks is available on
the Web at "Copyright and trademark information" at:
www.ibm.com/legal/copytrade.shtml.
18/* Discover. Collaborate. Deploy. */