Erwin Müller

Jenk­ins on Ku­ber­netes — Part 2

Part 2 — Con­fig File Man­age­ment

This is part 2 of a con­tin­ued se­ries on how to con­fig­ure Jenk­ins on a Ku­ber­netes clus­ter. The goal of the se­ries is to have a ful­ly func­tion­ing con­tin­ues in­te­gra­tion and de­liv­ery Jenk­ins up and run­ning. Part 1 de­scribed how to in­stall Jenk­ins and the nec­es­sary plu­g­ins and how to con­fig­ure them for Ku­ber­netes. This part will de­scribe the nec­es­sary con­fig­u­ra­tion files that are go­ing to be used in the pipeline.

Con­fig File Man­age­ment

Jenkins, Config File Management

We need two files for a Maven re­lease. The gpg-key that will be used to sign the de­ploy­ment ar­ti­facts and the settings.xml for serv­er Ids, de­ploy­ment URLs and Jenk­ins user names and pass­words.

gpg-key

Jenkins, gpg-key
  • ID: gpg-key
  • Name: gpg-key
  • Con­tent: — – BEGIN PGP PRIVATE KEY BLOCK — – …

The pri­vate key will be used to sign de­ploy­ment ar­ti­facts via maven. We are go­ing to use the maven-gpg-plu­g­in plu­g­in. The key­name must be set to the name of the gpg-key. The Jenk­ins Dock­er im­age that we are us­ing will start a gpg dae­mon and is go­ing to use the pro­vid­ed gpg-key and the pro­vid­ed gpg pri­vate passphrase to sign ar­ti­facts au­to­mat­i­cal­ly.

            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-gpg-plugin</artifactId>
                <configuration>
                    <keyname>ANRI Software</keyname>
                </configuration>
                <executions>
                    <execution>
                        <id>sign-artifacts</id>
                        <phase>verify</phase>
                        <goals>
                            <goal>sign</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>

maven-set­tings-glob­al

Jenkins, maven-settings-global
  • ID: maven-set­tings-glob­al
  • Name: settings.xml
  • Com­ment: glob­al set­tings
  • [x] Re­place All
  • Con­tent: <set­tings xmlns=“http://maven.apache.org/SETTINGS/1.0.0” …

Ex­am­ple settings.xml

We are not go­ing to use Serv­er Cre­den­tials. If we use Serv­er Cre­den­tials then all servers that are man­u­al­ly added in the <servers> block are go­ing to be re­placed by those Cre­den­tials, but we need at least one spe­cial serv­er con­fig­u­ra­tion: the site-ssh. There we must con­fig­ure the SSH ports to ac­cess the Dock­er Con­tain­er where we are go­ing to send our gen­er­at­ed site pages. via scp.

There are ad­di­tion­al con­fig­u­ra­tions that will work on­ly with our Jenk­ins Dock­er im­age. We are go­ing to use scp to copy HTML pages to a Dock­er Ng­inx Im­age. The Dock­er Ng­inx Im­age is go­ing to be de­ployed as a con­tain­er on our Ku­ber­netes cloud and will pro­vide the gen­er­at­ed mvn site:site HTML pages. I was think­ing in us­ing Web­DAV to trans­fer files to the Ng­inx web serv­er, but for that I had to im­ple­ment an au­then­ti­ca­tion and user man­age­ment. SSH al­ready pro­vides au­then­ti­ca­tion and I can safe­ly use the Jenk­ins SSH key to trans­fer the HTML pages.

        <server>
            <id>site-ssh</id>
            <username>rsync</username>
            <privateKey>/home/devent/Private/andrea-master-0.muellerpublic.de/jenkins/jenkins</privateKey>
            <configuration>
                <sshExecutable>ssh</sshExecutable>
                <scpExecutable>scp</scpExecutable>
                <sshArgs>-p 30101</sshArgs>
                <scpArgs>-P 30101</scpArgs>
            </configuration>
        </server>
...
        <profile>
            <id>site-ssh</id>
            <activation>
                <activeByDefault>true</activeByDefault>
            </activation>
            <properties>
                <site.ssh.url>scpexe://javadoc.anrisoftware.com:/data/${project.groupId}/${project.artifactId}/${project.version}</site.ssh.url>
            </properties>
        </profile>

We are al­so adding Sonar­Qube host URL and lo­gin to­ken. That will be used by the maven sonar:sonar goal. This con­fig­u­ra­tion is tak­en from the of­fi­cial doc­u­men­ta­tion: An­a­lyz­ing with Sonar­Qube Scan­ner for Maven

    <pluginGroups>
        <pluginGroup>org.sonarsource.scanner.maven</pluginGroup>
    </pluginGroups>
...
        <profile>
            <id>sonar</id>
            <activation>
                <activeByDefault>true</activeByDefault>
            </activation>
            <properties>
                <sonar.host.url>https://sonarqube.anrisoftware.com</sonar.host.url>
                <sonar.login>xxxx</sonar.login>
            </properties>
        </profile>

Leave a Reply

Your email address will not be published. Required fields are marked *