Issue
Rancher is a cluster management tool which allows users to manage all their clusters (e.g. Kubernetes clusters) through a single UI. But how can we configure Jenkins to use the Kubernetes cluster behind Rancher?
Environment
- CloudBees CI (CloudBees Core) on traditional platforms - Client controller
- CloudBees Jenkins Platform - Client controller
- CloudBees Jenkins Distribution
- Jenkins LTS
Resolution
- Rancher configuration (Steps 0-7)
- Jenkins configuration (Steps 8-12)
- Validation (Steps 13)
Rancher configuration
Rancher offers Authorized Cluster Endpoints which allows direct access to Kubernetes.
0. Go to your Rancher instance, Cluster and select a Cluster.
1. On the top right of the page are two links, Launch kubectl
and Kubeconfig File
. Select Launch kubectl
.
2. A shell opens up in a window within Rancher. Run the command:
kubectl get pods
to confirm that kubectl can access Kubernetes through Rancher.
3. Once confirmed, access the kubectl configuration file:
cat ~/.kube/config
Note the two settings, server
and certificate-authority
and save them in text files (to use in a later step, step #11).
4. For the certificate-authority reference, print the contents with the command:
cat /nonexistent/.kube/certs/ca.crt
and save the resulting certificate. Close the kubectl window.
5. Within Rancher, go to the top right to the User drop down and select API & Keys
.
6. Add Key
, in the Description field enter jenkins-api-key
, choose an expiry, choose your cluster for scope, and Create
.
7. Save the access key (i.e. username) and secret key (i.e. password).
Jenkins configuration
8. Go to Jenkins, and ensure the Kubernetes Plugin is installed.
Note: Kubernetes Plugin will be used to integrate Jenkins with Rancher 2.x.
Rancher Plugin can only be used for Rancher 1.x aka Rancher Server.
9. Go to Manage Jenkins
, Configure System
.
10. Add cloud
, select Kubernetes
.
11. Use the following settings:
Name: kubernetes
Kubernetes URL: [server field from step #3]
Kubernetes server certificate key: [certificate authority field from step #4]
Credentials: [see step #12]
12. Add Credential
, and user the following settings:
Kind: Username with password
Username: [access key from step #6]
Password: [secret key from step #6]
Validation
13. Finally, click Test Connection
to verify successful connectivity, and Save the configuration.
Alternative (Rancher configuration steps)
1a. Instead of Launch kubectl
select Kubeconfig File
.
2a. Save the server
and certificate-authority-data
for the cluster (not for the worker node).
3a. On a Mac, decode the certificate-authority-data
by copying the string and from a terminal window run the command
echo $CERTIFICATE_AUTHORITY_DATA | base64 -D
Save the resulting certificate. Close the Kubeconfig window.
0 Comments