Create docker/container images in a Kubernetes Jenkins pipeline

 The challenge is quite simple: To deploy a pice of software to Kubernetes it's necessary to create the (docker) container image in a pipeline.

But the solution was not found directly. The most articles found show how to use the docker socket or tcp port to create images but since docker is no more part of Kubernetes this will not work any more.

The solution is to use 'kaniko'. Looks like the project is able to master image creation.

1) First install and configure Jenkins

values.xml

controller:

  JCasC:

    securityRealm: |-

      local:

        allowsSignup: false

        enableCaptcha: false

        users:

        - id: "admin"

          name: "Jenkins Admin"

          password: "xxx"

    authorizationStrategy: |-

      loggedInUsersCanDoAnything:

        allowAnonymousRead: false

  ingress:

       enabled: true

       paths: []

       apiVersion: "extensions/v1beta1"

       hostName: jenkins.mycluster.de


kubectl create namespace jx
helm install jenkins jenkins/jenkins -f values.yaml

2) To push images in a repository (e.g. sonatype nexus) it's necessary to configure the repository credentials:

Create a file 'config.json' (the name must fit) and import it into the Jenkins namespace:

CI_REGISTRY=docker.mycluster.de
CI_REGISTRY_USER=managernexus
CI_REGISTRY_PASSWORD=$(pass cloud/prod/mycluster/managernexus)
echo "{\"auths\":{\"${CI_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > config.json

kubectl create secret generic -n jx docker-config --from-file=config.json

rm config.json

3) Create a pipeline:

pipeline {
agent {
kubernetes {
yamlFile 'jenkins-pod.yaml'
}
}
stages {
stage('Build image') {
steps {
container('kaniko') {
sh "/kaniko/executor \
--dockerfile `pwd`/Dockerfile \
--context `pwd` \
--destination=docker.mycluster.de/myimage:${env.BUILD_ID} \
--destination=docker.mycluster.de/myimage:latest"
}
}
}
}
}

4) Create a pod configuration

spec:
containers:
- name: kaniko
image: gcr.io/kaniko-project/executor:debug
command:
- cat
tty: true
volumeMounts:
- name: docker-config
mountPath: /kaniko/.docker
volumes:
- name: docker-config
secret:
secretName: docker-config

5) Create a Jenkins pipeline

In Jenkins create a new pipeline using the 'Jenkins' file as pipeline. Create a Dockerfile in the project root to create the container image.


Kommentare

Kommentar veröffentlichen

Beliebte Posts aus diesem Blog

Sonatype Nexus fails with random "peer not authenticated" errors behind ingress

 After installing nexus3 server in a kubernetes environment in the first view everything looks good. Server is running an accessible from the world. Users and roles are defined and working. But already in the first hours of working with the repository there are problems. The trick was retry the failed activity and everything went ok. It turned out that heavy activities failed a lot of times and a lot of retries have to be done to finish the tasks. Annoying if a release deploy failed. You need to increase the version number every time. There were a few support in the internet for the problems most of the time handling SSL problems between maven and nexus. But it did not fix the problem. It looks like maven and the used http library wagon have got problems with pooled connections if using ingress (a test with a standalone installation did not show the problem)  - The 'deep' reason is not really clear for me, need to invest more time for it. The solution is to deny wagon to use p...
Mehr anzeigen

[mhus lib] Reorg in generation 7 nearly finished

 The generation 7 shows massive reorganisations and reimplementations. After renaming repository names (moved the 'cherry' prefix to 'mhus') the reorg is finished and the sources are ready for a more stable generation 8. Generation 8 will add new features to work with none OSGi services in cloud environments. Actual changes: cherry-reactiive -> mhus-reactive cherry-vault -> mhus-vault cherry-web -> mhus-web mhus-osgi-cluster -> mhus-cluster
Mehr anzeigen

[mhus lib] Implemented Bearer JWS tokens

 mhus now supports bearer tokens for authentication. I used the project jjwt to implement the tokens and added dependencies of the current version 0.11.2. The token is implemented to be used with apache shiro. A new service JwtProvider implements creation and reading of the tokens. The keys if not exists will be created and stored in the keychain. Private and public keys in separate key sources. In this way the public keys can be published to other nodes. A new interface BearerRealm must be used to mark realms with Bearer support. Using the interface a token can be created from the realm implementation. You should use the AccessUtil to create tokens. The authentication is already implemented in rest and micro calls. Via rest a node '/jwt_token' can be used to create a token - expires after one hour - and use it as authentication. To use jjwt with osgi I as forced to create a port project. First the 'feature' character of the bundles is not supported in the current felix...
Mehr anzeigen