-
Notifications
You must be signed in to change notification settings - Fork 1
Jenkins
This page includes information about the configuration and deployment of Jenkins. At the time writing, Jenkins is deployed onto an AWS EKS
cluster using the Pulumi Infrastructure as Code
that we have on this repository. Currently for Jenkins, the following are created:
-
EBS
on AWS to store data for the Jenkins instance: This is mounted on/var/jenkins_home/
inside the Jenkins pod. The EBS can only be available in one zone at a time, this means that the selector on the pod must check for labels on the nodes to make sure it's scheduled on a node that's in the same zone as theEBS
. You can check the labels on the nodes withkubectl get nodes --show-labels
. -
External Build Agent: For the time being, we're having issues mounting the Docker daemon from the nodes into the pods. That means, for our Docker image builds, we add an external build agent in Jenkins. This is usually an
EC2 Instance
on AWS and preferably runningUbuntu Server 18.04
. Currently, just for running Gauzy builds, we use at3.large
which has2 vCPUs
and8GB RAM
. For more builds, the size needs to be bigger. EspeciallyvCPUs
, aim for at least 4, ideally even 8. The current Docker images use multistage builds and transfer large amount of data between the stages, this makes the image builds I/O intensive. You can consider runningi3.*
ori3en.*
instances that have ephemeralNVMe
SSDs that can reduce the I/O bottleneck. I've managed to get a Gauzy build to as low as 5 minutes without any cache being used on such instances. This agent currently has to be added manually, and has to be configured using anAnsible Playbook
to set up dependencies, Docker etc... -
Kubernetes Namespace: It's a good practice to use a namespace for different apps/tools to keep things organized and isolate their resources. We use a namespace called
jenkins
for anything related to Jenkins. -
Kubernetes Deployment: We use a
deployment
to create and configure the pod for Jenkins. The image used right now isjenkins/jenkins:lts
but it's important to use a custom image if automation andconfiguration as code
is important. The repository includes aDockerfile
that creates our custom image which preinstalls plugins and copies ourconfiguration as code
. (Work in progress) Deployment exposesport 8080
for the Jenkins UI andport 50000
for the slave agents, which lets them connect back to master after slave pods are scheduled and finish (We currently don't use these right now since we can't build Docker images on them). -
Kubernetes Service: The service for Jenkins makes it publicly available using type
LoadBalancer
. We exposeport 443
on theElastic Load Balancer
and direct traffic toport 8080
. We doSSL/TLS
termination using the annotations we have and supply it theARN
of the certificate that's issued on AWS. After theELB
is assigned an IP/DNS, Pulumi automatically authenticates withCloudFlare
to make a newCNAME
record pointingci.ever.co
to theELB
.