The page has been translated by Gen AI.
Register User-installed Jenkins Tool
Reference
- It is recommended to use the Samsung Cloud Platform Marketplace for installing and operating Jenkins.
- If you cannot use the Marketplace or need to register a self‑installed Jenkins as a tool in the DevOps Console, refer to this document.
- This document guides the registration of the Jenkins tool in DevOps Console, so it provides only a brief overview of Jenkins installation and operation.
Getting started with registering a user-installed Jenkins tool
Install Jenkins and plugins.
Jenkins installation
Before installing
To register Jenkins in the DevOps Console, Jenkins generally must meet the following conditions. If there are other conditions, register an SR before installation to verify.
- Use a domain for Jenkins access
- Jenkins domain is registered in DNS
- Use HTTPS (port 443) and a public certificate for Jenkins communication.
Installation
Install Jenkins on a VM or Kubernetes
Plugin Installation
Install the following plugins in Jenkins.
| Plugin ID | Name |
|---|---|
| apache-httpcomponents-client-4-api | Apache HttpComponents Client 4.x API |
| credentials | Credentials |
| credentials-binding | Credentials Binding |
| github | GitHub |
| jobConfigHistory | Job Configuration History |
| kubernetes | Kubernetes |
| mask-passwords | Mask Passwords |
| maven-plugin | Maven Integration |
| matrix-auth | Matrix Authorization Strategy |
| metrics | Metrics |
| pipeline-stage-view | Pipeline: Stage View |
| pipeline-utility-steps | Pipeline Utility Steps |
| script-security | Script Security |
| ssh-steps | SSH Pipeline Steps |
| workflow-aggregator | Pipeline |
| workflow-step-api | Pipeline: Step API |
Table. List of installed plugins
Reference
You can view the plugin details at https://plugins.jenkins.io/{Plugin ID}.
Jenkins configuration
Common Settings
Jenkins Administration > System
| Item | value | Explanation |
|---|---|---|
| of executors | 0 | Set to 0 to restrict direct build execution on the Controller and allow builds only on the Agent. |
| Jenkins URL | (ex) https://{YOUR_DOMAIN}/jenkins/ | |
| System Admin e-mail address | (ex) admin@example.com |
Table. Jenkins Management > System Settings
Jenkins Administration > Security
| Item | value | Explanation |
|---|---|---|
| Authorization | Project-based Matrix Authorization Strategy | |
| Authenticated Users | Overall > Read | |
| <ADMIN_USER> | Overall > Administer | Add admin account using Add user |
Table. Jenkins Management > Security Settings
Support email format for Jenkins Username
- By default, Jenkins does not allow the @ sign or dot (.) to be used in the login username. However, since DevOps Console uses an email address as the username, we configure Jenkins to allow email addresses as usernames as well.
- Create the file
/{JENKINS_HOME}/init.groovy.d/init.groovy, add the following content, and restart Jenkins.- (ex)
/var/jenkins_home/init.groovy.d/init.groovy
- (ex)
Color mode
hudson.security.HudsonPrivateSecurityRealm.ID_REGEX=/^[\w-\.\@\_]+$/hudson.security.HudsonPrivateSecurityRealm.ID_REGEX=/^[\w-\.\@\_]+$/Additional Jenkins configuration installed on Kubernetes
RBAC
Configure RBAC on Jenkins’s Service Account so that Jenkins can create Pods in Kubernetes.
Color mode
# In GKE need to get RBAC permissions first with
# kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin [--user=<user-name>|--group=<group-name>]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: jenkins
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins# In GKE need to get RBAC permissions first with
# kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin [--user=<user-name>|--group=<group-name>]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: jenkins
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkinsReference
Jenkins Management > Clouds
kubernetes
- Add the kubernetes cloud.
- Set up the Kubernetes cloud as follows. Use the default values for the remaining items.
| Item | value | Explanation |
|---|---|---|
| Cloud name | kubernetes | |
| Type | Kubernetes selection | |
| Kubernetes URL | https://kubernetes.default | Create a Pod (Agent) in the cluster where Jenkins is running |
| Disable https certificate | check | |
| Kubernetes Namespace | (example) jenkins | Enter the Namespace where the Jenkins Controller is running, and a Pod (Agent) is created in that Namespace. |
| WebSocket | check | |
| Jenkins URL | (example) http://{JENKINS_SERVICE_NAME}:{PORT}/jenkins |
|
Table. Jenkins Management > Clouds > kubernetes Configuration
kubernetes > Pod Templates
- Add a Pod Template.
- BASE-TEMPLATE is a parent template used in the DevOps Console to define values that should be shared across all Pod Templates.
| Item | value | Explanation |
|---|---|---|
| Name | BASE-TEMPLATE | |
| Image Pull Secret | {IMAGE_PULL_SECRET} Enter name | Create a Secret in the Namespace so that the Pod(Agent) image can be pulled, and enter its name. |
Table. Jenkins Management > Clouds > kubernetes > Pod Templates Settings
Register Jenkins tool in DevOps Console
Register Firewall
Refer to the table below and register the firewall in Jenkins.
| Origin | Destination | Destination Port |
|---|---|---|
| User install Jenkins | DevOps Console web | 443 |
| DevOps Console source IP | User install Jenkins web | 443 |
Table. Jenkins (Destination) Firewall List
Reference
To check the source IP of the DevOps Console, click the URL ⓘ on the Add Tool screen. You can view the DevOps Console’s source IP in the tooltip.
DevOps Console Tasks
- For detailed information about registering the Jenkins tool, see Add Tool
- In the tool registration step, check the plugins installed on Jenkins, and if any plugins need to be installed, a plugin installation guide page will be displayed. Download and install the plugins as instructed.
Jenkins Verification
Jenkins Management > System
Global Trusted Pipeline Libraries
- Check that cicdpaas is configured in the Library.
- If it is not configured
- Verify the communication between DevOps Console and Jenkins.
- DevOps Console > Management > Jenkins detail screen > Check the settings in the Global Library tab.
DevOps Console Credentials
- Test Connection Click the button to confirm that Success appears.
Add an agent (VM) to Jenkins
DevOps Console Tasks
Jenkins Tasks
Jenkins Management > Nodes > Agent Detail View
Verify that the Agent added in the DevOps Console has been created. Run the Agent according to the guide on the Jenkins screen and connect it to Jenkins.
Add an agent (Kubernetes) to Jenkins
Before Adding a Kubernetes Agent
Create User‑Jenkins Agent Image
- For CI/CD in Jenkins, an agent image is required.
- Create a Jenkins agent image that matches the user’s needs by using the default images provided by Jenkins.
- After creating the image, push it to the user’s image repository.
Color mode
FROM jenkins/inbound-agent:latest-jdk17
USER root
# Docker CLI
RUN curl -L0 "https://download.docker.com/linux/static/stable/x86_64/docker-29.1.3.tgz" -o /tmp/docker.tgz && \
tar --extract \
--file /tmp/docker.tgz \
--strip-components 1 \
--directory /usr/local/bin/ && \
rm /tmp/docker.tgz
COPY --from=docker/buildx-bin /buildx /usr/libexec/docker/cli-plugins/docker-buildx
# Install your build tools...
# xxx
USER jenkinsFROM jenkins/inbound-agent:latest-jdk17
USER root
# Docker CLI
RUN curl -L0 "https://download.docker.com/linux/static/stable/x86_64/docker-29.1.3.tgz" -o /tmp/docker.tgz && \
tar --extract \
--file /tmp/docker.tgz \
--strip-components 1 \
--directory /usr/local/bin/ && \
rm /tmp/docker.tgz
COPY --from=docker/buildx-bin /buildx /usr/libexec/docker/cli-plugins/docker-buildx
# Install your build tools...
# xxx
USER jenkinsDocker‑in‑Docker Image
- In the DevOps Console, Docker in Docker is used to create Docker images in a Kubernetes environment.
- Use Docker’s provided
dind(Docker‑in‑Docker) image and push it to your repository.
Reference
DevOps Console Tasks
- Add Pod Template
- By default, one (or multiple) agents are registered. Delete the default registered agent.
- If you need to build a Docker image, select Docker in Docker.
- Enter the JNLP image URL with the Jenkins agent address of the user you created above.
Jenkins Tasks
Jenkins Management > Clouds > Kubernetes > Pod Templates
- The agent (Kubernetes) added from the DevOps Console is registered as a Pod Template.
- If Docker‑in‑Docker is selected in DevOps Console, the default image address is pre‑filled in the dind container. Replace it with the image address you pushed to your repository.