A production-ready deployment of Jenkins CI/CD server on Kubernetes using Kustomize for configuration management.
- Scalable: Runs on Kubernetes for high availability
- Persistent: Configured with persistent storage to maintain state
- Secure: Preconfigured with best security practices
- Customizable: Uses Kustomize for environment-specific configurations
- Ingress Ready: Includes ingress configuration for easy access
This deployment uses:
- Jenkins master deployment with configurable resources
- Persistent volume claims for durability
- Kubernetes Service for network access
- Ingress configuration for external access
- Kustomize overlays for environment-specific configurations
- Kubernetes cluster (v1.25+)
- kubectl configured to communicate with your cluster
- Kustomize (v4.0+)
- Storage class available in your cluster
Create the Jenkins namespace first:
kubectl create namespace jenkinsgit clone https://github.com/illimaniJavier/jenkins.git
cd jenkinsThis deployment requires a Jenkins user on your host system for proper permissions:
# Create the Jenkins user
sudo adduser jenkins
# Verify the user's UID and GID
id jenkinsYou should see output like:
uid=1004(jenkins) gid=1004(jenkins) groups=1004(jenkins),100(users)
Now update your deployment.yaml with your Jenkins user's UID/GID:
securityContext:
fsGroup: 1004 # Replace with YOUR jenkins user's GID
runAsUser: 1004 # Replace with YOUR jenkins user's UID
runAsNonRoot: trueThe Ingress configuration uses a placeholder domain jenkins.example.com.
You must replace this with your actual domain before deploying:
# In base/ingress.yaml
spec:
rules:
- host: jenkins.example.com # Replace with your domainkubectl apply -k overlays/dev/Verify your deployment is running correctly:
# Check if pods are running
kubectl get pods -n jenkins
# Check the service
kubectl get svc -n jenkins
# Check the ingress
kubectl get ingress -n jenkinsIf Jenkins fails to start or you see permission errors in the logs:
-
Verify user setup:
id jenkins
-
Check directory permissions:
ls -la /home/jenkins/
-
Ensure values match in your deployment.yaml:
securityContext: fsGroup: YOUR_JENKINS_GID runAsUser: YOUR_JENKINS_UID
-
Check pod status and events:
kubectl describe pod -n jenkins -l app=jenkins
This deployment has been successfully tested with the following environment:
$ kubectl version
Client Version: v1.31.4+k3s1
Kustomize Version: v5.4.2
Server Version: v1.31.4+k3s1Upon successful deployment, you'll have access to a fully configured Jenkins instance. The initial admin password is automatically generated during the first startup.
-
Navigate to your configured domain (e.g.,
https://jenkins.example.com. -
You'll be presented with the Jenkins unlock screen as shown below:
-
Retrieve the initial admin password:
kubectl exec -n jenkins $(kubectl get pods -n jenkins -l app=jenkins -o jsonpath='{.items[0].metadata.name}') -- cat /var/jenkins_home/secrets/initialAdminPassword
-
Enter the password to unlock Jenkins and proceed with the setup wizard to:
- Install recommended plugins or select specific plugins
- Create your first admin user
- Configure the Jenkins URL
After installation, consider implementing these best practices:
- Configure proper backup solutions for the Jenkins home directory
- Set up CI/CD pipelines using Jenkins Pipeline or Multibranch Pipeline jobs
- Implement Jenkins Configuration as Code (JCasC) for reproducible configurations
- Connect your source code repositories (GitHub, GitLab, etc.)
- Configure build agents for distributed workloads
The deployed environment provides a solid foundation for implementing enterprise-grade CI/CD workflows with proper security and scalability considerations.
MIT
Contributions are welcome! Please feel free to submit a Pull Request.