This project provides a Docker Jenkins image designed to run Docker Workflows.
The fastest way to get started is to run make jenkins, which will automatically build and start Jenkins.
An external Docker volume called jenkins_home will be automatically created.
If
jenkins_homealready exists, then Jenkins will start with the existing configuration injenkins_home
$ make jenkins
=> Creating volumes...
jenkins_home
=> Starting services...
Creating jenkins_jenkins_1
=> Jenkins is running at http://172.16.154.128:32876...
make jenkinscreates a dynamic port mapping on the Docker Host so if you kill and remove the jenkins container, it will likely start on a new dynamic port mapping as displayed on themake jenkinsoutput
By default Jenkins will be configured with default credentials of admin:password.
If you need to make any changes to the Jenkins images, ensure you run make build to rebuild the images.
This workflow allows you to define KMS encrypted credentials for your admin user which are injected securely at container startup.
This requires your local environment to be setup correctly as follows:
- The
AWS_PROFILEenvironment variable is configured with an appropraite AWS profile in your local environment - A KMS encrypted password is defined for the
KMS_JENKINS_PASSWORDsetting
Once Jenkins is running, you can run one or more Jenkins slaves.
By default, the Makefile assumes you are using a username of admin and password of password:
$ cat Makefile
include Makefile.settings
.PHONY: init build run clean publish logs
DOCKER_REGISTRY ?= docker.io
ORG_NAME ?= dpaws
REPO_NAME ?= jenkins
export DOCKER_GID ?= 0
export JENKINS_USERNAME ?= admin
export JENKINS_PASSWORD ?= password
...
...
If you configure a different username and password, you must configure the Jenkins username and password as environment variables:
$ export JENKINS_USERNAME=admin
$ export JENKINS_PASSWORD=some-other-password
With this in place, you can use make slave [slave-count] to fire up slave-count slaves:
# This will spin up 5 Jenkins slaves
$ make slave 5
=> Checking network...
=> Creating volumes...
jenkins_home
=> Running 5 slave(s)...
Creating and starting cajenkins_jenkins-slave_1 ... done
Creating and starting cajenkins_jenkins-slave_2 ... done
Creating and starting cajenkins_jenkins-slave_3 ... done
Creating and starting cajenkins_jenkins-slave_4 ... done
Creating and starting cajenkins_jenkins-slave_5 ... done
=> 5 slave(s) running
You can use make clean to stop and remove the Jenkins container. This operation will NOT destroy your Jenkins configuration, which is persisted in the external jenkins_home volume.
If you want to remove your Jenkins configuration, use the make destroy command to remove this volume:
$ make clean
=> Stopping services...
Stopping jenkins_jenkins-slave_1 ... done
Stopping jenkins_jenkins_1 ... done
Removing jenkins_jenkins-slave_1 ... done
Removing jenkins_jenkins_1 ... done
Removing network jenkins_default
Volume jenkins_home is external, skipping
=> Services stopped
$ make destroy
=> Deleting jenkins home volume...
jenkins_home
=> Deletion complete
Because the Jenkins container runs as a non-root user, to get access to the underlying Docker Engine socket to run Docker workflows, you must set the correct group ID of the docker group (or group that has permissions to read/write to the Docker Engine socket) on the underlying Docker Engine.
The Makefile defines this via the DOCKER_GID variable, which defaults to 0 (root group ID as Docker for Desktop VM does not include a docker group):
$ cat Makefile
include Makefile.settings
.PHONY: init build run clean publish logs
DOCKER_REGISTRY ?= docker.io
ORG_NAME ?= dpaws
REPO_NAME ?= jenkins
export DOCKER_GID ?= 0
...
You can either update the Makefile with the correct group ID value for your environment, or override the Makefile default:
$ make jenkins DOCKER_GID=497
...
...
$ make slave DOCKER_GID=497
...
...
The entrypoint.sh script adds the jenkins user to the specified Docker Group ID, ensuring Jenkins can access the underlying Docker engine.