Deploy Jenkins as StatefulSet<\/h2>\n
The following image shows the setup architecture and workflow.<\/p>\n Follow the below steps to deploy Jenkins as a StatefulSet.<\/p>\n The first step is to create a separate namespace to deploy Jenkins.<\/p>\n Run the following command to create a namespace<\/p>\n After creating the namespace, the next step is to create a clusterrole<\/strong>, serviceaccount<\/strong> and bind the clusterrole<\/strong> to a service account.<\/p>\n This service account grants Jenkins the necessary permissions to interact with the Kubernetes API.<\/p>\n This is primarily required for CI\/CD tasks where Jenkins need to create, update, and manage resources within the cluster (e.g., pods, services, and deployments).<\/p>\n Create a YAML file sa.yaml<\/strong> and copy the below contents<\/p>\n This file creates a ServiceAccount<\/strong> and a ClusterRole<\/strong> with admin permission, you can limit the permissions as you want.<\/p>\n Then it binds the ClusterRole with the ServiceAccount. Run the following command to create the service account<\/p>\n The next step is to create a Secret which creates a token for the serviceaccount.<\/p>\n Create a YAML file secret.yaml<\/strong> and copy the below contents in to it<\/p>\n This creates a secret and links it with the service account using the annotation.<\/p>\n The token in the secret is particularly useful when you use Kubernetes pods and dynamic jenkins agents.<\/a><\/p>\n Now, create a PersistentVolumeClaim<\/strong> for Jenkins.<\/p>\n Create a YAML file pvc.yaml <\/strong>and copy the below contents<\/p>\n This file creates a PVC which requests 10GB<\/strong> of storage with readwriteonce<\/strong> access mode.<\/p>\n Run the following command to create a PVC<\/p>\n Once the required resources for Jenkins are created, deploy Jenkins as a Statefulset on the cluster.<\/p>\n Create a YAML file statefulset.yaml<\/strong> and copy the below contents into it<\/p>\n This file deploys Jenkins on the Jenkins namespace with the following:<\/p>\n Run the following command to deploy Jenkins as statefulset<\/p>\n The final step is to expose Jenkins as NodePort using a service so that we can access the Jenkins UI on the web.<\/p>\n Create a YAML file sva.yaml <\/strong>and copy the below content into it<\/p>\n The jenkins-service<\/strong> service exposes the Jenkins port 8080 on NodePort 30000<\/strong> to access the Jenkins UI on the web.<\/p>\n Run the following command to create the service<\/p>\n Note:<\/strong> Exposing Jenkins as NodePort is not suitable for the production environment. In actual projects need to setup Ingress<\/a> to access Jenkins.<\/p><\/blockquote>\n Now access your Jenkins on the web using the following URL<\/p>\n After running this command Jenkins will as you to enter the initialAdminPassword<\/strong> as shown below<\/p>\n To get the admin password run the following command. Replace After entering the admin password, it will ask you to install the plugins, and create an admin user and you can see the Jenkins workspace after completing the steps.<\/p>\n If you want to add additional plugins to your Jenkins, go to<\/p>\n Manage Jenkins->Plugins->Available plugins<\/strong> and search for the plugin you need.<\/p>\n For example, in the below image, I am installing the Blue Ocean plugin on Jenkins, select the plugin and click the Install<\/strong> button to install it<\/p>\n After installing the plugin you can see it on the left side of your Jenkins dashboard as shown below<\/p>\n![\"Jenkins](\"https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/2025\/03\/jenkins-controller.gif\")
<\/figure>\nStep 1: Create a Namespace<\/h3>\n
kubectl create ns jenkins<\/code><\/pre>\nStep 2: Create a ClusterRole and ServiceAccount<\/h3>\n
apiVersion: rbac.authorization.k8s.io\/v1\nkind: ClusterRole\nmetadata:\n name: jenkins-admin\nrules:\n - apiGroups: [\"\"]\n resources: [\"*\"]\n verbs: [\"*\"]\n\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: jenkins-admin\n namespace: jenkins\n\n---\napiVersion: rbac.authorization.k8s.io\/v1\nkind: ClusterRoleBinding\nmetadata:\n name: jenkins-admin\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: jenkins-admin\nsubjects:\n- kind: ServiceAccount\n name: jenkins-admin\n namespace: jenkins<\/code><\/pre>\nkubectl apply -f sa.yaml<\/code><\/pre>\nStep 3: Create a Secret<\/h3>\n
apiVersion: v1\nkind: Secret\nmetadata:\n name: sa-token-secret\n namespace: jenkins\n annotations:\n kubernetes.io\/service-account.name: jenkins-admin\ntype: kubernetes.io\/service-account-token<\/code><\/pre>\nStep 4: Create a PersistentVolumeClaim (PVC)<\/h3>\n
apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: jenkins-pv-claim\n namespace: jenkins\nspec:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi<\/code><\/pre>\nkubectl apply -f pvc.yaml<\/code><\/pre>\nStep 5: Deploy Jenkins as SatefulSet<\/h3>\n
apiVersion: apps\/v1\nkind: StatefulSet\nmetadata:\n name: jenkins\n namespace: jenkins\nspec:\n serviceName: \"jenkins\"\n replicas: 1\n selector:\n matchLabels:\n app: jenkins-server\n template:\n metadata:\n labels:\n app: jenkins-server\n spec:\n securityContext:\n fsGroup: 1000 \n runAsUser: 1000\n serviceAccountName: jenkins-admin\n containers:\n - name: jenkins\n image: jenkins\/jenkins:lts\n resources:\n limits:\n memory: \"2Gi\"\n cpu: \"1000m\"\n requests:\n memory: \"500Mi\"\n cpu: \"500m\"\n ports:\n - name: httpport\n containerPort: 8080\n - name: jnlpport\n containerPort: 50000\n livenessProbe:\n httpGet:\n path: \"\/login\"\n port: 8080\n initialDelaySeconds: 90\n periodSeconds: 10\n timeoutSeconds: 5\n failureThreshold: 5\n readinessProbe:\n httpGet:\n path: \"\/login\"\n port: 8080\n initialDelaySeconds: 60\n periodSeconds: 10\n timeoutSeconds: 5\n failureThreshold: 3\n volumeMounts:\n - name: jenkins-data\n mountPath: \/var\/jenkins_home\n volumes:\n - name: jenkins-data\n persistentVolumeClaim:\n claimName: jenkins-pv-claim<\/code><\/pre>\n\n
kubectl apply -f statefulset.yaml<\/code><\/pre>\nStep 6: Expose Jenkins<\/h3>\n
apiVersion: v1\nkind: Service\nmetadata:\n name: jenkins-service\n namespace: jenkins\nspec:\n selector: \n app: jenkins-server\n type: NodePort\n ports:\n - name: http-port\n port: 8080\n targetPort: 8080\n nodePort: 30000\n - name: jnlp-port\n port: 50000\n targetPort: 50000<\/code><\/pre>\nkubectl apply -f svc.yaml<\/code><\/pre>\nhttp:\/\/<node-ip>:30000<\/code><\/pre>\n![\"Jenkins](\"https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/2025\/03\/image-40-9.png\")
<\/figure>\n jenkins-0<\/code> with your pod name.<\/p>\nkubectl exec -it jenkins-0 cat \/var\/jenkins_home\/secrets\/initialAdminPassword -n jenkins<\/code><\/pre>\n![\"Jenkins](\"https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/2025\/03\/image-41-8.png\")
<\/figure>\n![\"Add](\"https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/2025\/03\/image-42-10.png\")
<\/figure>\n![\"Installed](\"https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/2025\/03\/image-43-11.png\")
<\/figure>\n
![\"Blue](\"https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/2025\/03\/image-44-11.png\")
<\/figure>\n