fbpixel

Fast Prototyping - Jenkins

Tommaso Doninelli}
Tommaso Doninelli
Share:

Deploy a Jenkins CI/CD server in less than 1 minute!

Part of our mission at HakunaCloud is to help companies embracing the DevOps methodology. Cloud Computing and containers simplify the adoption of the so called Full CI/CD pipeline, and Jenkins is a must for build, test and deploy almost any kind of application.

In this post, we’re going to

  • run a Jenkins server in less than 1 minute;
  • BONUS: configure a secure SSL connection to protect your data
Jenkins CI/CD
Jenkins CI/CD

Deploy Jenkins in 5 seconds with HakunaCloud

HakunaCloud is a managed container platform, that run on top of the cloud computing power provided by AWS and Google Cloud. Basically, it is docker in the clouds :). For this tutorial we’ll deploy the Jenkins image in the public docker registry

Create a network

A network isolate containers. Containers within the same network can connect each other using a service discovery system based on their names.

1
beekube network create jenkins

Create a persistent volume

Jenkins persist all its data, configuration and plugins in the /var/jenkins_home folder. We want that folder to be persisted - we don’t want to loose the configuration and the plugins we installed if the container is restarted!

We also rmay need some space to checkout the code and run the build. Create a persistent volume of 20 gb ith this command:

1
beekube volume create jenkins_data --size 20

Run Jenins!

Now we can run the service. From the service readme, we need to

  • expose it to the internet: -p 80:8080
  • mount the volume: -v jenkins_data:/var/jenkins_home
  • give to it a name and the network: --name jenkins --network jenkins
    1
    
    beekube run -p 80:8080 -v jenkins_data:/var/jenkins_home --name jenkins --cpus 6 jenkins/jenkins:lts 
    

Jenkins setup

Now we can use the Jenkins web installer. HakunaCloud automatically maps an FQDN fur us, that we can retrieve with beekube ps:

1
2
3
name     image                status   publishs
-------  -------------------  -------  ----------------------------------------------------------------------------------
jenkins  jenkins/jenkins:lts  running  jenkins.eu-central-1.<ns>.v1.beekube.cloud:80 -> 8080

Le’ts open a browser to http://jenkins.eu-central-1..v1.beekube.cloud

Jenkins creates a one-time password for the admin login. We must retrieve it from the logs:

1
beekube logs jenkins

You’ll find something like

1
2
3
4
5
6
7
8
9
10
1572279016521  *************************************************************
1572279016521  *************************************************************
1572279016521  *************************************************************
1572279016521  Jenkins initial setup is required. An admin user has been created and a password generated.
1572279016521  Please use the following password to proceed to installation:
1572279016521  eb2851a17c5f45e48a85516bc3552bde
1572279016521  This may also be found at: /var/jenkins_home/secrets/initialAdminPassword
1572279016521  *************************************************************
1572279016521  *************************************************************
1572279016521  *************************************************************

That’s it! We can now proceed with our configuration of Jenkins!

Bonus Track: Configure TLS/SSL encryption

TLS/SSL is a must. It protects your data and is becoming a mandatory standard in the web. In order to use TLS/SSL, you only need

  • a private docker registry
  • a DNS domain name

TL;DR

  • Crate a DNS human-friendly record that points to the DNS of the container
  • Create the SSL/TLS certificates with Let’s Encrypt
  • Build a new Jenkins container embedded with the SSL/TLS certificates
  • Done

Create the DNS record

HakunaCloud assign a DNS record to containers following this schema: <name>.<region>.<user>.v1.beekube.cloud. To use our custom DNS name, we can simply configure in our DNS provider a CNAME record that point to the record created by HakunaCloud.

This is how we configured Route53:

Create a DNS recod of type CNAME that point to the record created by HakunaCloud
CNAME record in AWS Route53

Create the SSL certificates

Let’s Encrypt is a free, automated, and open Certificate Authority. It allows to create ssl certificates using the DNS domain verification method. In our case, we will create the certificates offline, and we will import them manually. Thus, we need to use the DNS-01 challenge.

Once we have generated the certificates, we must convert the privke1.pem in RSA: openssl rsa -in privkey.pem -out privkey-rsa.pem

Create a private Docker image

Now we’ll embed the SSL certificates in the container, so all the traffic will be encrypted. We can customize the official docker image, and then we can publish it in a private registry. We user AWS ECR, but you can use also the official Docker registry.

The first step is to create a Dockerfile

1
2
3
4
5
6
FROM jenkins/jenkins:lts

COPY fullchain1.pem /var/lib/jenkins/cert/fullchain1.pem
COPY privkey1-rsa.pem /var/lib/jenkins/pk/privkey1-rsa.pem
ENV JENKINS_OPTS --httpPort=-1 --httpsPort=443 --httpsCertificate=/var/lib/jenkins/cert/fullchain1.pem --httpsPrivateKey=/var/lib/jenkins/pk/privkey1-rsa.pem
EXPOSE 443

Here we have copied the certificate fullchain1.pem and the private key in rsa format privkey1-rsa.pem where we have placed the Dockerfile.
ow build your docker image and push to your private registry

Update the Jenkins container

Now we will replace the running Jenkins with our new container confugured with SSL. We won’t loose any data, since plugins and configurations are stored in the persistent volume! Configure your private registry as per /docs/registries.html.

Then, stop the running container beekube stop jenksins && beekube rm jenkins

And start a new Jenkins container with the new image:

1
beekube run -p 443:8083 -v jenkins_data_3:/var/jenkins_home --name jenkins3 --cpus 6 242728094507.dkr.ecr.eu-central-1.amazonaws.com/my-ideas/jenkins:latest

Tommaso Doninelli

CEO @ HakunaCloud

10 years as CTO, former Software Engineer at Amazon AWS, Cloud Solution Architect with projects in US, Europe and United Arab Emirates.

"I am a DevOps and automation advocate; you can test, deploy, analyze and improve even your grandma recipes. "