Dustin
98651cf9d9
Instead of routing iSCSI traffic from the Kubernetes network, through the firewall, to the storage network, nodes now have a second network adapter connected to directly to the storage network. The nodes with such an adapter are labelled `network.du5t1n.me/storage`, so we can pin the Jenkins PersistentVolume to them via a node affinity rule. |
||
|---|---|---|
| .. | ||
| .gitignore | ||
| README.md | ||
| argocd-sync-hook.yaml | ||
| iscsi-migrate.yaml | ||
| iscsi.yaml | ||
| jenkins.yaml | ||
| kustomization.yaml | ||
| secrets.yaml | ||
| ssh_known_hosts | ||
README.md
Jenkins in Kubernetes
Kubernetes Setup
Configure Jenkins resources:
ln imagepull-gitea jenkins/.dockerconfigjson
kubectl apply -k jenkins
Jenkins Setup
Install Kubernetes plugin.
Set TCP port for inbound agents setting (Manage Jenkins → Configure Global
Security) to Fixed and enter 40414.
Configure Kubernetes (Manage Jenkins → Manage Nodes and Clouds → Configure Clouds:
- Add a new cloud → Kubernetes
- Enter a name
- Kubernetes Cloud details...
- Kubernetes URL: (leave blank; will use Kubernetes service discovery)
- Kubernetes Namespace:
jenkins-jobs - Credentials:
- none -(will use Service Account token) - Jenkins tunnel:
jenkins.jenkins.svc.cluster.local:(trailing colon!)
iSCSI Persistent Volume
Because of the large size of the Jenkins volume, it does not work well managed by Longhorn. Instead, we use a pre-provisioned iSCSI volume on the Synology NAS. This improves performance and avoids keeping multiple replicas of the Jenkins data, while still benefiting from snapshots, etc.