infra

History

Dustin 2f9d8ad618 jenkins: Add CA key to ssh_known_hosts Since (almost) all managed hosts have SSH certificates signed by SSHCA now, the need to maintain a pseudo-dynamic SSH key list is winding down. If we include the SSH CA key in the global known hosts file, and explicitly list the couple of hosts that do not have a certificate, we can let Ansible use that instead of fetching the host keys on each run.		2024-01-22 17:52:35 -06:00
..
README.md	jenkins: Run Jenkins in Kubernetes	2022-11-25 13:38:10 -06:00
argocd-sync-hook.yaml	jenkins: Add Argo CD pre-sync hook	2023-10-22 21:50:25 -05:00
jenkins.yaml	jenkins: Allow Jenkins to read pod logs	2023-12-27 15:33:36 -06:00
kustomization.yaml	jenkins: Add default imagePullSecrets for jobs	2023-11-10 15:13:19 -06:00
secrets.yaml	jenkins: Add credentials to sign, publish RPMs	2023-11-10 15:31:55 -06:00
ssh_known_hosts	jenkins: Add CA key to ssh_known_hosts	2024-01-22 17:52:35 -06:00

Jenkins in Kubernetes

Kubernetes Setup

Configure Jenkins resources:

ln imagepull-gitea jenkins/.dockerconfigjson
kubectl apply -k jenkins

Set TCP port for inbound agents setting (Manage Jenkins → Configure Global Security) to Fixed and enter 40414.

Configure Kubernetes (Manage Jenkins → Manage Nodes and Clouds → Configure Clouds:

Add a new cloud → Kubernetes
Enter a name
Kubernetes Cloud details...
- Kubernetes URL: (leave blank; will use Kubernetes service discovery)
- Kubernetes Namespace: jenkins-jobs
- Credentials: - none - (will use Service Account token)
- Jenkins tunnel: jenkins.jenkins.svc.cluster.local: (trailing colon!)