Help Center> Cloud Container Engine> Best Practices> DevOps> Installing, Deploying, and Interconnecting Jenkins with SWR and CCE Clusters> Procedure> Configuring Jenkins Agent
Updated on 2024-05-31 GMT+08:00
View PDF

Configuring Jenkins Agent

After Jenkins is installed, the following information may display, indicating that Jenkins uses a Master for local build and Agents are not configured.

If you install Jenkins using a Master, you can build a pipeline after performing operations in Installing and Deploying Jenkins Master. For details, see Using Jenkins to Build a Pipeline.

If you install Jenkins using a Master and Agents, you can select either of the following solutions to configure Agents.

  • Fixed Agent: The Agent container keeps running and occupying cluster resources after a job is built. This configuration is simple.
  • Dynamic Agent: An Agent container is dynamically created during job build and is killed after the job is built. In this way, resources can be dynamically allocated and the resource utilization is high. This configuration is complex.

In this section, the Agent is containerized using the jenkins/inbound-agent:4.13.3-1 image.

Adding a Fixed Agent to Jenkins

  1. Log in to the Jenkins dashboard, click Manage Jenkins on the left, and choose System Configuration > Manage nodes and clouds.
  2. Click New Node on the left, enter the node name fixed-agent (which can be customized), and select Permanent Agent for Type.

  3. Specify the following node information:

    • Number of executors: The default value is 1. Set this parameter as required.
    • Remote root directory: Enter /home/jenkins/agent.
    • Launch method: Select Launch agent by connecting it to the controller.

    Retain the values for other parameters and click Save.

  4. In the Nodes page, click the new node. The Agent status is disconnected, and the method for connecting the node to Jenkins is provided. This command applies to VM installation. In this example, container-based installation is used. Therefore, you only need to copy the secret, as shown in the following figure.

  5. Log in to the CCE console, click the target cluster. Choose Workloads > Deployments and click Create Workload on the right.
  6. Configure basic workload parameters.

    • Workload Name: agent (user-defined)
    • Namespace: Select the namespace where Jenkins will be deployed. You can create a namespace.
    • Pods: Set it to 1.

  7. Configure basic container parameters.

    • Image Name: Enter jenkins/inbound-agent:4.13.3-1. The image version may change with time. Select an image version as required or use the latest version.
    • CPU Quota: In this example, set Limit to 2 cores.
    • Memory Quota: Set Limit to 2048 MiB.
    • Privileged Container: must be enabled so that the container can obtain permissions on the host. Otherwise, Docker commands cannot be executed in the container.

    Retain the default values for other parameters.

  8. Run the following commands to configure the environment variables:

    • JENKINS_URL: access path of Jenkins. Enter the IP address of port 8080 set in 6 (ports 8080 and 50000 must be enabled for the IP address), for example, http://10.247.222.254:8080.
    • JENKINS_AGENT_NAME: name of the Agent set in 2. In this example, the value is fixed-agent.
    • JENKINS_SECRET: secret copied from 4.
    • JENKINS_AGENT_WORKDIR: remote work directory configured in 3, that is, /home/jenkins/agent.

  9. Add permissions to the Jenkins container so that Docker commands can be executed in the Jenkins container.

    1. Ensure that Privileged Container is enabled in 3.
    2. Choose Data Storage > Local Volumes, add a local volume, and mount the host path to the corresponding container path.
      Table 1 Mounting path

      Storage Type

      Host Path

      Mounting Path

      hostPath

      /var/run/docker.sock

      /var/run/docker.sock

      hostPath

      /usr/bin/docker

      /usr/bin/docker

      hostPath

      /usr/lib64/libltdl.so.7

      /usr/lib/x86_64-linux-gnu/libltdl.so.7

      hostPath

      /usr/bin/kubectl

      /usr/local/bin/kubectl
      After the mounting is complete, the page shown in Figure 1 is displayed.
      Figure 1 Mounting the host paths to the corresponding container paths
    3. In Security Context, set User ID to 0 (user root).
      Figure 2 Configuring the user

  10. Retain the default settings for Advanced Settings and click Create Workload.
  11. Go to the Jenkins page and refresh the node status to In sync.

    After the Agent is configured, you are advised to set the number of concurrent build jobs of the Master to 0. That is, you use the Agent for build. For details, see Modifying the Number of Concurrent Build Jobs.

Setting a Dynamic Agent for Jenkins

  1. Install the plug-in.

    On the Jenkins dashboard page, click Manage Jenkins on the left and choose System Configuration > Manage Plugins. On the Available tab, search for Kubernetes and install Kubernetes CLI and Kubernetes.

    The plug-in version may change with time. Select a plug-in version as required.

    • Kubernetes Plugin: 3734.v562b_b_a_627ea_c

      It is used to run dynamic Agents in the Kubernetes cluster, create a Kubernetes pod for each started Agent, and stop the pod after each build is complete.

    • Kubernetes CLI Plugin: 1.10.3

      kubectl can be configured for jobs to interact with Kubernetes clusters.

    The Jenkins plug-ins are provided by the plug-in maintainer and may be iterated due to security risks.

  2. Add cluster access credentials to Jenkins.

    Add cluster access credentials to Jenkins in advance. For details, see Setting Cluster Access Credentials.

  3. Configure basic cluster information.

    On the Jenkins dashboard page, click Manage Jenkins on the left and choose System Configuration > Manage nodes and clouds. Click Configure Clouds on the left to configure the cluster. Click Add a new cloud and select Kubernetes. The cluster name can be customized.

  4. Enter Kubernetes Cloud details.

    Set the following cluster parameters and retain the values for other parameters, as shown in Figure 3.
    • Kubernetes URL: cluster API server address. You can enter https://kubernetes.default.svc.cluster.local:443.
    • Credentials: Select the cluster credential added in 2. You can click Test Connection to check whether the cluster is connected.
    • Jenkins URL: Jenkins access path. Enter the IP address of port 8080 set in 6 (ports 8080 and 50000 must be enabled for the IP address, that is, the intra-cluster access address), for example, http://10.247.222.254:8080.
    Figure 3 Example

  5. Pod Template: Click Add Pod Template > Pod Template details and set pod template parameters.

    • Set the basic parameters of the pod template, as shown in Figure 4.
      • Name: jenkins-agent
      • Namespace: cicd
      • Labels: jenkins-agent
      • Usage: Select Use this node as much as possible.
      Figure 4 Basic parameters of the pod template
    • Add a container. Click Add Container > Container Template. Figure 5 shows the parameters.
      • Name: The value must be jnlp.
      • Docker image: jenkins/inbound-agent:4.13.3-1. The image version may change with time. Select an image version as required or use the latest version.
      • Working directory: /home/jenkins/agent is selected by default.
      • Command to run/Arguments to pass to the command: Delete the existing default value and leave these two parameters empty.
      • Allocate pseudo-TTY: Select this parameter.
      • Select Run in privileged mode and set Run As User ID to 0 (root user).
      Figure 5 Container template parameters
    • Add a volume: Choose Add Volume > Host Path Volume to mount the host path in Table 2 to the corresponding path of the container.
      Table 2 Mounting path

      Storage Type

      Host Path

      Mounting Path

      hostPath

      /var/run/docker.sock

      /var/run/docker.sock

      hostPath

      /usr/bin/docker

      /usr/bin/docker

      hostPath

      /usr/lib64/libltdl.so.7

      /usr/lib/x86_64-linux-gnu/libltdl.so.7

      hostPath

      /usr/bin/kubectl

      /usr/local/bin/kubectl

      After the mounting is complete, the page shown in Figure 6 is displayed.

      Figure 6 Mounting the host paths to the corresponding container paths
    • Run As User ID: 0 (root user)
    • Workspace Volume: working directory of the agent. Persistence is recommended. Select Host Path Workspace Volume and set Host path to /home/jenkins/agent.

  6. Click Save.

    After the Agent is configured, you are advised to set the number of concurrent build jobs of the Master to 0. That is, you use the Agent for build. For details, see Modifying the Number of Concurrent Build Jobs.

Setting Cluster Access Credentials

The certificate file that can be identified in Jenkins is in PKCS#12 format. Therefore, convert the cluster certificate to a PFX certificate file in PKCS#12 format.

  1. Log in to the CCE console and go to the cluster console. Choose Cluster Information > Connection Information to download the cluster certificate. The downloaded certificate contains three files: ca.crt, client.crt, and client.key.

  2. Log in to a Linux host, place the three certificate files in the same directory, and use OpenSSL to convert the certificate into a cert.pfx certificate. After the certificate is generated, the system prompts you to enter a custom password.

    openssl pkcs12 -export -out cert.pfx -inkey client.key -in client.crt -certfile ca.crt

  3. On the Jenkins console, choose Manage Jenkins > Manage Credentials and click Global. You can also create a domain.

  4. Click Add Credential.

    • Kind: Select Certificate.
    • Scope: Select Global.
    • Certificate: Select Upload PKCS#12 certificate and upload the cert.pfx file generated in 2.
    • Password: The password customized during cert.pfx conversion.
    • ID: Set this parameter to k8s-test-cert, which can be customized.

Parent Topic: Procedure