Help Center/ Cloud Container Engine/ Best Practices/ DevOps/ Installing and Deploying Jenkins on CCE/ Procedure/ Configuring a Jenkins Agent
Updated on 2026-01-05 GMT+08:00
View PDF
Share

Configuring a Jenkins Agent

After Jenkins is installed, information similar to that shown in the figure below may display. It indicates that Jenkins uses a master for local build and no agent is configured.

If you install Jenkins with one master, you can build a pipeline after performing operations in Installing and Deploying a Jenkins Master. For details, see Using Jenkins to Build a Pipeline.

If you install Jenkins using a master and some agents, you can select either of the following solutions to configure the agents.

  • Static agent: The agent container keeps running and occupies cluster resources after a job is built. It will not be killed even after the job build is complete. This configuration is simple.
  • Dynamic agent: The agent container is dynamically created during job build and is killed after the job is built. In this way, resources can be dynamically allocated and the resource utilization is high. This configuration is complex.

In this section, the agent is containerized using the jenkins/inbound-agent:4.13.3-1 image.

Adding a Static Agent to Jenkins

  1. Log in to the Jenkins dashboard, click Manage Jenkins on the left, and choose System Configuration > Manage nodes and clouds.
  2. Click New Node on the left, enter the node name fixed-agent (or another name), and select Permanent Agent for Type.

  3. Specify the following node information:

    • Number of executors: The default value is 1. Set this parameter as required.
    • Remote root directory: Enter /home/jenkins/agent.
    • Launch method: Select Launch agent by connecting it to the controller.

    Retain the values for other parameters and click Save.

  4. On the Nodes page, click the new node. The agent status is disconnected, and the method for connecting the node to Jenkins is provided. This command applies to VM installation. In this example, container-based installation is used. Therefore, you only need to copy the secret, as shown in the following figure.

  5. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Workloads. In the right pane, click the Deployments tab and click Create Workload in the upper right corner of the page.
  6. Configure basic workload parameters.

    • Workload Name: agent (or another name)
    • Namespace: Select the namespace where Jenkins will be deployed. You can create a namespace.
    • Pods: Set it to 1.

  7. Configure parameters in the Container Settings area.

    • Image Name: Enter jenkins/inbound-agent:4.13.3-1. The image tag may change with time. Select an image tag as required or use latest.
    • CPU Quota: In this example, set Limit to 2 cores.
    • Memory Quota: Set Limit to 2048 MiB.
    • Privileged Container: It must be enabled so that the container can obtain permissions on the node. Otherwise, Docker commands cannot be executed in the container.

    Retain the default values for other parameters.

  8. Configure environment variables.

    • JENKINS_URL: Jenkins access path, which should be the address of port 8080 configured in 6. (Both ports 8080 and 50000 must be enabled.) In this example, the cluster IP address and port 8080 and cluster IP address and port 50000 are used, for example, http://10.247.222.254:8080.
    • JENKINS_AGENT_NAME: name of the agent set in 2. In this example, the value is fixed-agent.
    • JENKINS_SECRET: secret copied from 4.
    • JENKINS_AGENT_WORKDIR: remote work directory configured in 3, that is, /home/jenkins/agent.

  9. Add permissions to the Jenkins container so that Docker commands can be executed in the Jenkins container.

    1. Ensure that Privileged Container is enabled in 3.
    2. Click Data Storage, click Add Volume, select hostPath, and mount the hostPath to the corresponding container path.
      Table 1 Mount path

      Storage Type

      Host Path

      Mount Path

      hostPath

      /var/run/docker.sock

      /var/run/docker.sock

      hostPath

      /usr/bin/docker

      /usr/bin/docker

      hostPath

      /usr/lib64/libltdl.so.7

      /usr/lib/x86_64-linux-gnu/libltdl.so.7

      hostPath

      /usr/bin/kubectl

      /usr/local/bin/kubectl
      After the mounting is complete, the page shown in Figure 1 is displayed.
      Figure 1 Mounting the hostPath volumes to the corresponding container paths

    3. In Security Context, set User ID to 0 (user root).
      Figure 2 Configuring the user

  10. Retain the default settings for Advanced Settings and click Create Workload.
  11. Go to the Jenkins page and refresh the node status to In sync.

    After the agent is configured, you are advised to set the number of concurrent build jobs of the master to 0. That is, you use the agent for build. For details, see Changing the Number of Concurrent Build Jobs.

Setting a Dynamic Agent for Jenkins

  1. Install the plugin.

    On the Jenkins dashboard page, click Manage Jenkins on the left and choose System Configuration > Manage Plugins. On the Available tab, search for Kubernetes and install Kubernetes CLI and Kubernetes.

    The plugin version may change with time. Select a plugin version as required.

    • Kubernetes plugin: 3734.v562b_b_a_627ea_c

      It is used to run dynamic agents in the Kubernetes cluster, create a Kubernetes pod for each started agent, and stop the pod after each build is complete.

    • Kubernetes CLI plugin: 1.10.3

      kubectl can be configured for jobs to interact with Kubernetes clusters.

    The Jenkins plugins are provided by the plugin maintenance engineer and may be iterated due to security risks.

  2. Add cluster access credentials to Jenkins.

    Add cluster access credentials to Jenkins in advance. For details, see Configuring Cluster Access Credentials.

  3. Configure basic cluster information.

    On the Jenkins dashboard page, click Manage Jenkins on the left and choose System Configuration > Manage nodes and clouds. Click Configure Clouds on the left to configure the cluster. Click Add a new cloud and select Kubernetes. You can use your own cluster name.

  4. Enter Kubernetes Cloud details.

    Configure the cluster parameters below and retain the default values for other parameters, as shown in Figure 3.
    • Kubernetes URL: Enter the cluster API server address. You can enter https://kubernetes.default.svc.cluster.local:443.
    • Credentials: Select the cluster credential added in 2. You can click Test Connection to check whether the cluster is connected.
    • Jenkins URL: Jenkins access path. Enter the IP address and port 8080 set in 6 (ports 8080 and 50000 must be enabled for the IP address, that is, the intra-cluster access address), for example, http://10.247.222.254:8080.
    Figure 3 Example

  5. Choose Add Pod Template > Pod Template details and configure the pod template.

    • Configure the basic parameters of the pod template, as shown in Figure 4.
      • Name: jenkins-agent
      • Namespace: cicd
      • Labels: jenkins-agent
      • Usage: Select Use this node as much as possible.
      Figure 4 Basic parameters of the pod template
    • Add a container. Choose Add Container > Container Template and configure the parameters as shown in Figure 5.
      • Name: The value must be jnlp.
      • Docker image: jenkins/inbound-agent:4.13.3-1. The image tag may change with time. Select an image tag as required or use latest.
      • Working directory: /home/jenkins/agent is selected by default.
      • Command to run/Arguments to pass to the command: Delete the existing default value and leave these two parameters empty.
      • Allocate pseudo-TTY: Select this parameter.
      • Select Run in privileged mode and set Run As User ID to 0 (root user).
      Figure 5 Configuring the container template parameters
    • Add a volume. Choose Add Volume > Host Path Volume to mount the hostPath volumes in Table 2 to the corresponding container paths.
      Table 2 Mount path

      Storage Type

      Host Path

      Mount Path

      hostPath

      /var/run/docker.sock

      /var/run/docker.sock

      hostPath

      /usr/bin/docker

      /usr/bin/docker

      hostPath

      /usr/lib64/libltdl.so.7

      /usr/lib/x86_64-linux-gnu/libltdl.so.7

      hostPath

      /usr/bin/kubectl

      /usr/local/bin/kubectl

      After the mounting is complete, the page shown in Figure 6 is displayed.

      Figure 6 Mounting the hostPath volumes to the corresponding container paths
    • Run As User ID: 0 (root user)
    • Workspace Volume: working directory of the agent. Persistence is recommended. Select Host Path Workspace Volume and set Host path to /home/jenkins/agent.

  6. Click Save.

    After the agent is configured, you are advised to set the number of concurrent build jobs of the master to 0. That is, you use the agent for builds. For details, see Changing the Number of Concurrent Build Jobs.

Configuring Cluster Access Credentials

The certificate file that can be identified in Jenkins is in PKCS#12 format. Therefore, convert the cluster certificate to a PFX certificate file in PKCS#12 format.

  1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Overview in the navigation pane. On the page displayed, locate the Connection Information area, and download the cluster certificate. The certificate contains ca.crt, client.crt, and client.key files.

  2. Log in to a Linux host, place the three certificate files in the same directory, and use OpenSSL to convert the certificate into a cert.pfx certificate. After the certificate is generated, the system prompts you to enter a custom password. 

    openssl pkcs12 -export -out cert.pfx -inkey client.key -in client.crt -certfile ca.crt

  3. On the Jenkins console, choose Manage Jenkins > Manage Credentials and click Global. You can also create a domain.

  4. Click Add Credential.

    • Kind: Select Certificate.
    • Scope: Select Global.
    • Certificate: Select Upload PKCS#12 certificate and upload the cert.pfx file generated in 2.
    • Password: The password customized during cert.pfx conversion.
    • ID: Set this parameter to k8s-test-cert, which can be customized.

Parent Topic: Procedure