Automating Jenkins Deployments in K8s with Docker and Groovy - Part II

In our last installment of “How to K8s,” we introduced the concepts needed to automate the deployment of a Jenkins server to Kubernetes. We did so through a look at the process of automating user creation upon startup of a dockerized Jenkins server.

Today, we will build upon that foundation as we incorporate additional Groovy code to our Groovy Init Hook script that will install and configure the Orka plugin for Jenkins. This will enable this Jenkins server to execute jobs in a MacStadium’s Orka for macOS and iOS CI. The principles covered here can easily be adapted to other cloud providers with a Jenkins integration plugin.

As we introduced each of the three files discussed here in the previous post, we will move it along and just highlight the additions. The full source code is available here.

Dockerfile

This file, aside from the introduction of the ENV variables, is what we were working with in the previous post. Check it out for any missing details. Briefly, we are copying in our plugins, installing them, and copying our Groovy Init Hook script, init-cloud.groovy.

# Dockerfile

FROM jenkins/jenkins:lts

ENV JENKINS_USER admin
ENV JENKINS_PASS admin

# Skip initial setup
ENV JAVA_OPTS -Djenkins.install.runSetupWizard=false

COPY plugins.txt /usr/share/jenkins/ref/plugins.txt
RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt

COPY init-cloud.groovy /usr/share/jenkins/ref/init.groovy.d/init-cloud.groovy

plugins.txt

Simply a text file containing a list of required plugins. Formatting is as so: <plugin>:<tag></tag></plugin>.

# plugins.txt

credentials-binding:latest
embeddable-build-status:latest
ssh-agent:latest
timestamper:latest
gradle:latest
workflow-aggregator:latest
git:latest
git-parameter:latest
ssh-slaves:latest
greenballs:latest
macstadium-orka:latest

init-cloud.groovy

This is the meat of our work today. As you can see, our list of imports has grown considerably.

#!/usr/bin/env groovy

import com.cloudbees.plugins.credentials.Credentials
import com.cloudbees.plugins.credentials.CredentialsScope
import com.cloudbees.plugins.credentials.domains.Domain
import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl
import com.cloudbees.plugins.credentials.SystemCredentialsProvider
import hudson.model.AdministrativeMonitor
import hudson.model.Node.Mode
import io.jenkins.plugins.orka.OrkaCloud
import io.jenkins.plugins.orka.AgentTemplate
import io.jenkins.plugins.orka.RunOnceCloudRetentionStrategy
import java.util.ArrayList
import java.util.Collections
import jenkins.model.Jenkins

In addition to the credentials plugin we handled last time, we now also have to account for our interface with Orka. As such, we will have to import plugins to configure our build templates.

After handling our imports, we will continue in the same Groovy file and initialize our required variables. Notice that ORKA_ENDPOINT, ORKA_USERNAME and ORKA_PASSWORD are required values.

String orkaEndpoint = System.getenv()['ORKA_ENDPOINT'];

String orkaUsername = System.getenv()['ORKA_USERNAME'];
String orkaPassword = System.getenv()['ORKA_PASSWORD'];
String sshUsername =  System.getenv()['SSH_USERNAME'] ?: "admin"
String sshPassword =  System.getenv()['SSH_PASSWORD'] ?: "admin"

String vmConfigName = System.getenv()['VM_CONFIG_NAME'] ?: "orka-jenkins"
String vmBaseImage = System.getenv()['VM_BASE_IMAGE'];
String vmCpuCountString = System.getenv()['VM_CPU_COUNT'] ?: 3
int vmCpuCount = Integer.parseInt(vmCpuCountString);
String agentLabel = System.getenv()['AGENT_LABEL'] ?: "orka"

String remoteFs = System.getenv()['REMOTE_FS_ROOT'] ?: "/Users/admin"

String sshUserCredentialsId = java.util.UUID.randomUUID().toString()
String orkaUserCredentialsId = java.util.UUID.randomUUID().toString()

With our variables assigned, we can generate both tiers of our required credentials.

Credentials sshCredentials = (Credentials) new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, sshUserCredentialsId, "VM SSH credentials", sshUsername, sshPassword)
SystemCredentialsProvider.getInstance().getStore().addCredentials(Domain.global(), sshCredentials)

Credentials orkaCredentials = (Credentials) new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, orkaUserCredentialsId, "Orka credentials", orkaUsername, orkaPassword)
SystemCredentialsProvider.getInstance().getStore().addCredentials(Domain.global(), orkaCredentials)

Finally, with all our pieces in hand, we can generate our build agent template, pass that in the instantiation of our OrkaCloud, pass our cloud instance to Jenkins, disable various administrativeMonitors, and finally save the updated Jenkins instance.

AgentTemplate template = new AgentTemplate(sshUserCredentialsId, null, true, vmConfigName,
   vmBaseImage, vmCpuCount, 1, remoteFs,
   Mode.NORMAL, agentLabel, new RunOnceCloudRetentionStrategy(5), Collections.emptyList());

ArrayList<agenttemplate> templates = new ArrayList<agenttemplate>()</agenttemplate></agenttemplate>
templates.add(template)

OrkaCloud cloud = new OrkaCloud("Orka Cloud", orkaUserCredentialsId, orkaEndpoint, null, templates)

Jenkins.instance.clouds.add(cloud)

Jenkins.instance.administrativeMonitors.each { x->
   String name = x.getClass().name
   if (name.contains("SecurityIsOffMonitor") ||
       name.contains("URICheckEncodingMonitor") ||
       name.contains("UpdateCenter") ||
       name.contains("UpdateSiteWarningsMonitor") ||
       name.contains("RootUrlNotSetMonitor") ||
       name.contains("CSRFAdministrativeMonitor")) {
       x.disable(true)
   }
}

Jenkins.instance.save()

TL;DR

Today, we have taken what we learned in the previous “How to K8s” post, and extended it so that Jenkins can actually create and communicate with an Orka environment. This process is fully automated to include the creation of a Jenkins user. To learn more, check out How to K8s: Jenkins Deployments in Kubernetes with Docker and Groovy.

‍