Download - 2016-09 - Jenkins World - Dockerizing Jenkins Platform

Jenkins World

#JenkinsWorld

Dockerizing Your Jenkins Platform,Why it’s ImportantCyrille Le Clerc

Director of Product @ CloudBees

© 2016 CloudBees, Inc. All Rights Reserved

Jenkins World

#JenkinsWorld

Agenda

• Jenkins platform bird’s eye view• Dockerizing Jenkins? What? Why? How? Masters & Agents• Setting up a Dockerized build environment

–Tools–Credentials and configuration settings

•Managing Docker images• The Role of Docker registries• Architecture of a Dockerized Jenkins Platform• Conclusion: How to Start


Jenkins World

#JenkinsWorld

Jenkins Platform Bird’s Eye View

• Jenkins master

• Build agents

• Source code repository

• Artifact repository

• Deployment servers


Jenkins Platform

Jenkins Master …

Jenkins Agent

Jenkins Agent

Artifact Repositories

Jenkins World

#JenkinsWorld

Jenkins Platform – Master & Build Agents

• Jenkins master

• Build agents


Artifact Repositories

Jenkins Platform

Jenkins Master …

Jenkins Agent

Jenkins Agent

Jenkins World

#JenkinsWorld

Jenkins Platform – Build Agents

Requirements

• Operating Systems (Ubuntu…)

• Software (Firefox…)

© 2016 CloudBees, Inc. All Rights Reserved Jenkins Platform

Jenkins Master

…

Jenkins Agent

Jenkins Agent

Jenkins Agent

Jenkins Agent

Jenkins Agent

• Credentials and config files

Jenkins World

#JenkinsWorld

Dockerizing Masters


Jenkins World

#JenkinsWorld

Dockerizing Masters

Benefits


Jenkins Platform

Jenkins Master …

Jenkins Agent

Jenkins Agent

Jenkins World

#JenkinsWorld

Dockerizing Masters

Benefits


Jenkins Platform

Linux Host

Jenkins Master

Jenkins Master

Jenkins Master

Jenkins Master

…

…

Jenkins Agents

Jenkins World

#JenkinsWorld

Dockerizing Masters

Benefits

• Better density

• Scale-out with smaller masters


Jenkins Platform

Linux Host

Jenkins Master

Jenkins Master

Jenkins Master

Jenkins Master

…

…

Jenkins Agents

Jenkins World

#JenkinsWorld

Dockerizing Masters

Challenges

• Configuration Management of

smaller masters

• Management of Docker containers


Jenkins Platform

Linux Host

Jenkins Master

Jenkins Master

Jenkins Master

Jenkins Master

…

…

Jenkins Agents

Jenkins World

#JenkinsWorld

Dockerizing Build Agents


Jenkins World

#JenkinsWorld

Dockerizing Build Agents


Jenkins Master

…

Jenkins Agent

Jenkins Agent

Jenkins Agent

Jenkins Agent

Jenkins Agent

How?

• Install a Docker Engine on each

existing Linux build agent

• Replace existing build agents by

agents running as Docker containers

Jenkins World

#JenkinsWorld

Dockerizing Agents – Docker Engine


How?

• Install a Docker Engine on each

existing Linux build agent

Jenkins Platform

Jenkins Masters

Jenkins Agent

Jenkins Agent

…docker.image('maven:3.3.9').inside {sh 'mvn clean package'

}

Jenkins World

#JenkinsWorld

Dockerizing Agents – Docker Engine

Benefits

• Simple & iterative approach to Dockerize


Jenkins Platform

Jenkins Masters

Jenkins Agent

Jenkins Agent

…

Jenkins World

#JenkinsWorld

Dockerizing Agents – Docker Agents


How?

• Replace existing Linux build agents by Linux

servers with a “Docker ‘orchestration’ service”

Standalone Docker engines, Swarm, Kubernetes, Mesos, Amazon ECS

• User the associated Jenkins Docker Cloud Plugin

Jenkins Platform

Linux Host

Jenkins Agent

Jenkins Agent

Jenkins Agent

Jenkins Agent

…

…

Jenkins Masters

Jenkins World

#JenkinsWorld


Challenges

Need to choose a ‘Docker orchestration service’

Plugin maturity

• Docker image complexity: require “JNLP Agent” plumbing

• Docker image mgmt: by the Jenkins admin, not by the users

• Workspace: caching and browsing

• Jenkins not yet optimized for Dockerized agents

© 2016 CloudBees, Inc. All Rights ReservedJenkins Platform

Linux Host

Jenkins Agent

Jenkins Agent

Jenkins Agent

Jenkins Agent

…

…

Jenkins Masters

Jenkins World

#JenkinsWorld


Benefits

• Ease of mgmt of the infra … once installed

• Scalability

• Build isolation and multi tenancy

© 2016 CloudBees, Inc. All Rights ReservedJenkins Platform

Linux Host

Jenkins Agent

Jenkins Agent

Jenkins Agent

Jenkins Agent

…

…

Jenkins Masters

Jenkins World

#JenkinsWorld


Implementations

• Kubernetes

• Mesos

• Amazon ECS

• Docker Swarm


Jenkins World

#JenkinsWorld

Dockerizing with CloudBees Private SaaS Edition

CloudBees Jenkins Platform Private SaaS Edition

• On Demand Jenkins masters

• On Demand build agents


CloudBees Jenkins PlatformPrivate SaaS Edition

Jenkins Master

Jenkins Master

Jenkins Master

Jenkins Master

…

…

Jenkins Agent

Jenkins Agent

Jenkins Agent

Jenkins Agent

…

…

Jenkins World

#JenkinsWorld

Customizing Build AgentsTools, credentials, configuration files


Jenkins World

#JenkinsWorld

Customizing Agents: Tools

Why?• General purpose & reusable build agents

What? • Compilers and build : Java, CMake, NodeJS• Deployment: Terraform, Packer, AWS CLI…


Terraform

Jenkins World

#JenkinsWorld


How?• Until now: Jenkins tool installers

Benefits• Zero admin• Composability of installers• No licensing issue

Challenges• Fragility of the installers


Jenkins World

#JenkinsWorld


How?• Docker enabled agents: Docker Image

Benefits• No more fragility• Everything available on DockerHub

Challenge• How to combine tools?• Governance of Docker images• Licensing• Compatibility with Docker JNLP Agents?


Jenkins World

#JenkinsWorld


cloudbees/java-build-tools• Docker image started in January 2016• Combine common build tools• Documented and versioned• Easy to fork• Also available for Docker JNLP Agents


Jenkins World

#JenkinsWorld

Customizing Agents: Credentials and Config Files

Same principle as for general purpose agents

• Nothing on disk• Jenkins Credentials• Jenkins Config File Provider


Jenkins World

#JenkinsWorld #JenkinsWorld

Customizing Agents: Credentials and Config Files


withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: 'my-secret', passwordVariable: 'MY_PASSWORD', usernameVariable: 'MY_USERNAME']]) {

...}

withCredentials([[$class: 'AmazonWebServicesCredentialsBinding',credentialsId: 'my-aws-iam-credentials']) {

sh 'aws ec2 decribe-instances...'}

sshagent(['my-ssh-key']) {sh 'scp my.war jenkins@my-server:.'

}

Jenkins World

#JenkinsWorld

Managing Docker Images


Jenkins World

#JenkinsWorld


• Requirements–Flexibility for the Jenkins users / DEV–“Control” for the Jenkins admins

• Proposal for a Governance model–Shared governance–Dockerfile stored in a Git repo–Jenkins admins: control the base Docker image–Jenkins DEV: choose the tools installed on the Docker image


Jenkins World

#JenkinsWorld


Challenges with Dockerized agents

• Docker images declared in Jenkins Global Config

• Change the content of the image rather than Jenkins config?


FROM jenkinsci/jnlp-slave

# MavenRUN curl –fsSL http://...ENV MAVEN_HOME /usr/share/maven

…

Jenkins World

#JenkinsWorld

The role of Docker Registries


Jenkins World

#JenkinsWorld

Docker Registries

• Pull images to customize the build

environment

• Pull images to build images

• Push images created by builds

• Notify Jenkins when images change


Jenkins Master

Agents created on demand

Linux Agent

Docker Container Agent

Push Docker images created

by Jenkins builds

Pull Docker

images to customise the build

environment

Pull Docker images to build other

images

notifi

catio

n

pull

pull

push

Trigger builds

on image push

Jenkins World

#JenkinsWorld

Docker Registries

Start small

Use Docker Hub, use the cloud

© 2016 CloudBees, Inc. All Rights Reserved My Company

Internet

CloudBees Jenkins PlatformMaster

Dockerized Jenkins Agent

hub.docker.com


by Jenkins builds

Pull Docker images to customise the build

environment

Pull Docker

images to build other

images

notifi

catio

n

pull

pull

push

Trigger builds

on image push

Jenkins World

#JenkinsWorld

Docker Registries

Challenges

• Security

• Network

• DockerHub may remove images


Internet



hub.docker.com


by Jenkins builds


environment

Pull Docker


images

notifi

catio

n

pull

pull

push

Trigger builds

on image push

Jenkins World

#JenkinsWorld

Docker Registries

Benefits

• No need to chose a software

• Limited management, it’s a SaaS


Internet



hub.docker.com


by Jenkins builds


environment

Pull Docker


images

notifi

catio

n

pull

pull

push

Trigger builds

on image push

Jenkins World

#JenkinsWorld

Docker Registries

• If needed, go through proxies


Outbound Proxy

My Company

Internet

JenkinsMaster


hub.docker.com


by Jenkins builds


environment

Pull Docker


images

notifi

catio

n

pull

pull

push

Trigger builds

on image push

Jenkins World

#JenkinsWorld

Docker Registries

Private Docker registry

Benefits

• Registry behind the firewalls

• Network

• Security

Challenges

• Choose a technology

• Manage disk space

© 2016 CloudBees, Inc. All Rights ReservedMy Company

Docker Registry

Image Registry

Internet

JenkinsMaster


hub.docker.com

Push Docker images created by Jenkins builds

Pull Docker images to build other images

notification

pull

push

Proxypull-through cached

mirroring

pull

notification

Trigger builds on image push

Pull Docker images to customise

the build environment

pull

Jenkins World

#JenkinsWorld

How to start?


Jenkins World

#JenkinsWorld

How to start

Jenkins infra

• Docker Engine on existing Linux Agents or CloudBees Private SaaS Edition

Docker images• cloudbees/java-build-tools (or cloudbees/jnlp-slave-with-java-build-tools)

Docker Registry• DockerHub


Jenkins World#JenkinsWorld
