Issue
Rancher is a cluster management tool which allows users to manage all their clusters (e.g. Kubernetes clusters) through a single UI. But how can we configure Jenkins to use the Kubernetes cluster behind Rancher?
Environment
- CloudBees Core on traditional platforms - Client Master
- CloudBees Jenkins Platform - Client Master
- CloudBees Jenkins Distribution
- Jenkins LTS
Resolution
- Rancher configuration (Steps 0-7)
- Jenkins configuratiion (Steps 8-12)
- Validation (Steps 13)
Rancher configuration
Rancher offers Authorized Cluster Endpoints which allows direct access to Kubernetes.
- Go to your Rancher instance, Cluster and select a Cluster.
- On the top right of the page are two links,
Launch kubectl
andKubeconfig File
. SelectLaunch kubectl
.
- A shell opens up in a window within Rancher. Run the command:
kubectl get pods
to confirm that kubectl can access Kubernetes through Rancher.
- Once confirmed, access the kubectl configuration file:
cat ~/.kube/config
Note the two settings, server
and certificate-authority
and save them in text files (to use in a later step, step #11).
- For the certificate-authority reference, print the contents with the command:
cat /nonexistent/.kube/certs/ca.crt
and save the resulting certificate. Close the kubectl window.
- Within Rancher, go to the top right to the User drop down and select
API & Keys
. Add Key
, in the Description field enterjenkins-api-key
, choose an expiry, choose your cluster for scope, andCreate
.- Save the access key (i.e. username) and secret key (i.e. password).
Jenkins configuration
- Go to Jenkins, and ensure the Kubernetes Plugin is installed.
Note: Kubernetes Plugin will be used to integrate Jenkins with Rancher 2.x.
Rancher Plugin can only be used for Rancher 1.x aka Rancher Server.
- Go to
Manage Jenkins
,Configure System
. Add cloud
, selectKubernetes
.- Use the following settings:
Name: kubernetes
Kubernetes URL: [server field from step #3]
Kubernetes server certificate key: [certificate authority field from step #4]
Credentials: [see step #12]
Add Credential
, and user the following settings:
Kind: Username with password
Username: [access key from step #6]
Password: [secret key from step #6]
Validation
- Finally, click
Test Connection
to verify successful connectivity, and Save the configuration.
Alternative (Rancher configuration steps)
1a. Instead of Launch kubectl
select Kubeconfig File
.
2a. Save the server
and certificate-authority-data
for the cluster (not for the worker node).
3a. On a Mac, decode the certificate-authority-data
by copying the string and from a terminal window run the command
echo $CERTIFICATE_AUTHORITY_DATA | base64 -D
Save the resulting certificate. Close the Kubeconfig window.
0 Comments