How to K8s: Deploy a Jenkins Master in Kubernetes with Helm

MacStadium’s Orka is built on Kubernetes, and as such, users have access to the underlying cluster via a sandbox environment that is accessible within your Orka environment. This makes all kinds of powerful configurations possible within a single cloud environment, which means fewer networking headaches to work through when setting up enterprise-grade continuous integration for macOS and iOS applications.

One such configuration option is to stand up a Jenkins master in K8s, so that it runs alongside the macOS VMs Orka manages that will ultimately act as your build agents. Today, we’ll look at using Helm to deploy a Jenkins master to a K8s cluster, but we’ll be using Minikube on macOS, so you can follow along on your local machine without an Orka account if you prefer.

Prerequisites

To follow along, you’ll need to install a couple of tools first. You’ll need to install Docker Desktop for Mac and Homebrew if you don’t yet have them installed, and finally you can use Homebrew to install Minikube, along with the rest of the packages we’ll be using today.

• Install Docker: you can download and install Docker Desktop for Mac here.
• Install Minikube: you can install everything else we’ll be using today with Homebrew.

brew install minikube

Setup

With the above in place, we can get started. First, we’ll need to install Helm, the de facto package manager for Kubernetes. On macOS, installation is simple. We can just install with Homebrew, like so:

brew install helm

Next, we’ll need to spin up our local K8s cluster. For this, we’ll be using Minikube, which we can use to spin up a single-node cluster on our local machine with the following command:

minikube start
😄  minikube v1.25.2 on Darwin 12.1 (arm64)
✨  Automatically selected the docker driver
👍  Starting control plane node minikube in cluster minikube
🚜  Pulling base image ...
🔥  Creating docker container (CPUs=2, Memory=2200MB) ...
🐳  Preparing Kubernetes v1.23.3 on Docker 20.10.12 ...
    ▪ kubelet.housekeeping-interval=5m
    ▪ Generating certificates and keys ...
    ▪ Booting up control plane ...
    ▪ Configuring RBAC rules ...
🔎  Verifying Kubernetes components...
    ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
🌟  Enabled addons: storage-provisioner, default-storageclass
🏄  Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default

Notice that kubectl will also have be installed and configured to interact with your new cluster, so once our cluster is up, we can list the K8s service we just spun up by running the following:

kubectl get all
service/kubernetes   ClusterIP   10.96.0.1    <none>        443/TCP   2m12s

Prepare your K8s environment

When we started our Minikube cluster, it created the default namespace, which we could install Jenkins into if we liked, but to keep things tidy, let’s create a jenkins namespace. Paste the following code into a file called namespace.yml and then, from the same directory, run kubectl apply -f namespace.yml.

# namespace.yml
apiVersion: v1
kind: Namespace
metadata:
 name: jenkins

Installing Jenkins in K8s with Helm

Helm’s default behavior is to download packages from ArtifactHub, which is where the Jenkins package we’ll be installing today lives. To install the Jenkins package, run the following:

helm install k8s-jenkins jenkinsci/jenkins --version 3.11.10 --namespace jenkins

A couple of notes about the above command: if the download fails, check ArtifactHub to see if there has been a recent release. For some reason, versions can get a little funny when this happens. And, if the download succeeds, but you get an error that says ... container not found ("jenkins"), just wait a bit and try again. There are lots of pieces spinning up and it can take a couple of minutes to complete.

When everything is up and running, we can get our admin password for Jenkins like so:

kubectl exec --namespace jenkins -it svc/k8s-jenkins -c jenkins -- /bin/cat /run/secrets/chart-admin-password && echo

Get the Jenkins URL to visit by running these commands in the same shell:

kubectl --namespace jenkins port-forward svc/k8s-jenkins :8080
Forwarding from 127.0.0.1:52182 -> 8080
Forwarding from [::1]:52182 -> 8080

NOTE: allow Kubernetes to provision the port dynamically as it performs much more reliably than when set manually – i.e. change the command you see in the terminal output after installing from 8080:8080 to what’s shown above. In this particular case, we could navigate to 127.0.0.1:52182 to access the Jenkins UI and log in with the username admin and the password that was returned from the above kubectl exec command.

TL;DR

MacStadium’s macOS virtualization platform, Orka, runs on Kubernetes, and it exposes the underlying K8s cluster within your Orka environment. This makes it easy to cook up all manner of powerful configurations for your CI/CD processes targeting macOS or iOS within the same environment, which makes for simple networking and less troubleshooting. Above, we demonstrated the process of standing up a Jenkins master in K8s locally via Minikube, as a parallel to one such possible configuration in Orka.