Kubernetes - Deploy Jenkins Ingress to GCE

Deploy Jenkins with Nginx Ingress with SSL to Google Cloud form scratch with Helm.

Posted by Lukasz D. Tulikowski on January 10, 2019


google cloud

Installation sources:

Setup Kubernetes cluster

Login to Google Cloud

gcloud auth login

Set project

export PROJECT_ID=your-gce-project-id
gcloud config set project $PROJECT_ID

Create cluster (example)

gcloud container clusters create standard-cluster-1 \
    --disk-size=100 --disk-type=pd-ssd \
    --cluster-version 1.11.6-gke.3  \
    --enable-autoupgrade \
    --machine-type n1-standard-2 \
    --num-nodes 1 \
    --no-enable-basic-auth \
    --no-issue-client-certificate \
    --no-enable-ip-alias \
    --metadata disable-legacy-endpoints=true \
    --zone europe-west1-b 

Get cluster credentials

gcloud container clusters get-credentials standard-cluster-1 --zone europe-west1-b

Install Tiller on the Cluster

kubectl -n kube-system create serviceaccount tiller

kubectl create clusterrolebinding tiller \
    --clusterrole cluster-admin \

helm init --service-account tiller

Install Nginx ingress controller

helm install \
    --name nginx-ingress stable/nginx-ingress  \
    --set rbac.create=true \
    --namespace kube-system

Set up your domain

Get ingress ip address

kubectl get services --namespace kube-system | grep nginx-ingress-controller | awk '{print $4}' 

Add record to your DNS (example)

A	jenkins ingres-ip-address

Cert Manager and Let’s Encrypt

Install Cert Manager

helm install stable/cert-manager \
    --version 0.4.1 \
    --set ingressShim.defaultIssuerName=letsencrypt-prod \
    --set ingressShim.defaultIssuerKind=ClusterIssuer \
    --set cert-manager.createCustomResource=true \
    --namespace kube-system

Create Cert Issuers

kubectl apply -f cert-provider/staging-issuer.yaml
kubectl apply -f cert-provider/production-issuer.yaml

Jenkins Image

Build Jenkins image

docker build -t gcr.io/$PROJECT_ID/jenkins -t gcr.io/$PROJECT_ID/jenkins:latest dockerfiles

Push image to Container Registry

gcloud docker -- push gcr.io/$PROJECT_ID/jenkins

Create Jenkins Ingress

Deploy with Helm

helm install --name jenkins --namespace jenkins .

Get admin password

printf $(kubectl get secret --namespace jenkins jenkins -o jsonpath="{.data.jenkins-admin-password}" | base64 --decode);echo