Skip to content

Instantly share code, notes, and snippets.

@rtyler

rtyler/Jenkinsfile

Last active November 4, 2024 04:40
Show Gist options
  • Save rtyler/14a43e3c2c21d876d3f6315b1e82bc25 to your computer and use it in GitHub Desktop.
Save rtyler/14a43e3c2c21d876d3f6315b1e82bc25 to your computer and use it in GitHub Desktop.
Download ZIP
Docker in docker within Jenkins on Kubernetes. Eat at Arby's.
Raw
Jenkinsfile
pipeline {
agent {
kubernetes {
label 'dind'
defaultContainer 'docker'
yaml """
---
apiVersion: v1
kind: Pod
metadata:
labels:
app: jenkins
spec:
containers:
- name: docker
image: docker:latest
command:
- /bin/cat
tty: true
volumeMounts:
- name: dind-certs
mountPath: /certs
env:
- name: DOCKER_TLS_CERTDIR
value: /certs
- name: DOCKER_CERT_PATH
value: /certs
- name: DOCKER_TLS_VERIFY
value: 1
- name: DOCKER_HOST
value: tcp://localhost:2376
- name: dind
image: docker:dind
securityContext:
privileged: true
env:
- name: DOCKER_TLS_CERTDIR
value: /certs
volumeMounts:
- name: dind-storage
mountPath: /var/lib/docker
- name: dind-certs
mountPath: /certs
volumes:
- name: dind-storage
emptyDir: {}
- name: dind-certs
emptyDir: {}
"""
}
}
stages {
stage('Run Docker Things') {
steps {
sh 'printenv'
sh 'docker info'
}
}
}
}
Raw
k8s.yaml
---
# The following is just like that above, but will configure a generally available container for all Pipelines using the configuration as code plugin
jenkins:
clouds:
- kubernetes:
connectTimeout: 5
# These variables must be present in the environment in order for the
# Jenkins agents to "find" the Jenkins master once they are launched,
# such that they may bootstrap.
jenkinsUrl: "http://${JENKINS_SERVICE_HOST}:${JENKINS_SERVICE_PORT}"
maxRequestsPerHostStr: "32"
name: "kubernetes"
readTimeout: 15
skipTlsVerify: true
templates:
# The "docker" container allows for the building and validation of
# Docker containers on top of the existing kubernetes cluster without
# requiring the kubernetes cluster to expose access to its docker socket
- containers:
- args: "cat"
command: "/bin/sh -c"
envVars:
- envVar:
key: 'DOCKER_HOST'
value: 'tcp://localhost:2376'
- envVar:
key: "DOCKER_TLS_CERTDIR"
value: "/certs"
- envVar:
key: "DOCKER_CERT_PATH"
value: "/certs/client"
- envVar:
key: "DOCKER_TLS_VERIFY"
value: "1"
image: 'docker:stable'
livenessProbe:
failureThreshold: 0
initialDelaySeconds: 0
periodSeconds: 0
successThreshold: 0
timeoutSeconds: 0
name: "docker"
ttyEnabled: true
- alwaysPullImage: true
envVars:
- envVar:
key: "DOCKER_TLS_CERTDIR"
value: "/certs"
image: 'docker:dind'
livenessProbe:
failureThreshold: 0
initialDelaySeconds: 0
periodSeconds: 0
successThreshold: 0
timeoutSeconds: 0
name: 'dind'
privileged: true
ttyEnabled: true
# The jenkins-agent image is required in order to have a Jenkins agent
# which can access resources like git.lo, etc.
#
# It is basically a jenkins agent image with our root certificate
# bundled into it
- args: "^${computer.jnlpmac} ^${computer.name}"
command: ""
image: "jenkins/jnlp-slave:latest"
alwaysPullImage: true
livenessProbe:
failureThreshold: 0
initialDelaySeconds: 0
periodSeconds: 0
successThreshold: 0
timeoutSeconds: 0
# The name "jnlp" is special and required in order to override the
# built in container which the Kubernetes pod launches.
name: "jnlp"
ttyEnabled: true
label: 'docker'
name: 'docker'
volumes:
- emptyDirVolume:
memory: false
mountPath: '/var/lib/docker'
- emptyDirVolume:
memory: false
mountPath: "/certs"
workspaceVolume:
emptyDirWorkspaceVolume:
memory: false
@yeongu-dev
Copy link

Thanks for sharing. For reference, in the dind image now, you need to modify it to the below content.
Replace mountPath: "/certs" in line 40 with mountPath: "/certs/client".

@Marv963
Copy link

Marv963 commented Mar 19, 2023

Thanks for sharing the configuration file, it helps me a lot to !

Replace the deprecated image: image: "jenkins/jnlp-slave:latest" in line 66 with image: "jenkins/inbound-agent:latest" to get it work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment