the default GitOps source repository for booting up Jenkins X
Nom | Taille | Révision | l'heure | Auteur | Message de Log |
---|---|---|---|---|---|
README.md | 9.25 k | 5cf1039 | 2019-07-03 17:05:57 | James Strachan | fix: add the kube provider overrides ... |
values.tmpl.yaml | 430 | 5cf1039 | 2019-07-03 17:05:57 | James Strachan | fix: add the kube provider overrides ... |
CAUTION: Current iks
clusters need kaniko
if you want to use them for building Docker images in the course of your CI pipeline (which is an essential step to get your applications into your JX k8s cluster). This is not yet implemented, cf. https://github.com/jenkins-x/jx/issues/3971.
NOTE: A free IBM cloud account does not include all necessary permissions and resources to run k8s and JX.
Run the following shell script, it should setup the local cloud tools (ibmcloud
) on your machine.
# An IKS 1.10 cluster must be used, 1.11 was broken with jenkins-x at the time of writing
curl -sL https://ibm.biz/idt-installer | bash
If the automatic setup fails, you may perform a manual setup, as described here: https://console.bluemix.net/docs/cli/index.html#overview
And install some additional plugins
ibmcloud plugin install container-service
ibmcloud plugin install container-registry
and some tools used by JX
Then login to the IBM cloud
ibmcloud login -a https://api.us-east.bluemix.net (--sso / --apikey as appropriate)
NOTE: Check out the open issues section at the end of the document (before the Appendix section) for some known limitations!
One of the large strengths of JX is, that it can even set up a k8s cluster automatically during the install process.
Just call:
jx create cluster iks \
-n jx-wdc04 \
-r us-east \
-z wdc04 \
-m b2c.4x16 \
--workers=3 \
--kube-version=1.11.9 \
\
--namespace='jx'
and answer some remaining questions, e.g., for your Git/GitHub user.
NOTE: If you run into problems or want to customize parts of the setup, follow the instructions in the next section.
ibmcloud ks regions
ibmcloud ks region-set us-east
ibmcloud ks zones
b2c.4x16 minimum
): ibmcloud ks machine-types --zone wdc07
ibmcloud ks kube-versions
ibmcloud ks vlans --zone wdc07
docker-registry.jx.<clustername>.<regionname>.containers.appdomain.cloud
is less than 64 characters (will be checked automatically during install), eg., docker-registry.jx.jx-wdc07.us-east.container.appdomain.cloud < 64 chars
(Smallest possible is best). ibmcloud ks cluster-create \
--name jx-wdc07 \
--kube-version 1.11.9 \
--zone wdc07 \
--machine-type b2c.4x16 \
--workers 3 \
--private-vlan 2323675 \
--public-vlan 2323691
ibmcloud ks cluster-get --cluster jx-wdc07
eval $(ibmcloud ks cluster-config --export --cluster jx-wdc07)
CAUTION: This gives Tiller all privileges, do not use it for production environments!
kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
# kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
helm init --service-account tiller --upgrade
# helm init # Unless you already have initialized helm in the setup step before?
helm repo add ibm https://registry.bluemix.net/helm/ibm
helm repo update
helm install ibm/ibmcloud-block-storage-plugin --name ibmcloud-block-storage-plugin
kubectl patch storageclass ibmc-file-bronze -p \
'{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"false"}}}'
ibmc-block-silver
or ibmc-block-gold
for better IOPS kubectl patch storageclass ibmc-block-silver -p \
'{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
WARNING: This does not work and needs further testing/investigation!
Note: There is also a jenkins- addon, may work but never tested with IBM Cloud
# Optional/Sometime necessary? kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.6.1/deploy/manifests/00-crds.yaml
helm install \
--namespace=kube-system \
--name=cert-manager stable/cert-manager \
--set=ingressShim.defaultIssuerKind=ClusterIssuer \
--set=ingressShim.defaultIssuerName=letsencrypt-staging \
--version v0.5.2
cat << EOF| kubectl create -n kube-system -f -
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: YOUREEMAIL@ca.ibm.com
privateKeySecretRef:
name: letsencrypt-staging
http01: {}
EOF
jx install cluster --provider=iks \
--domain='jx-wdc07.us-east.containers.appdomain.cloud' \
[ --default-admin-password=<password> ]
kubectl get deployments,services,pvc,pv,ingress -n jx
in another terminaljx upgrade ingress
ibmcloud cr token-add --non-expiring --readwrite --description "Jenkins-X Token"
There are some open issues at the time of this writing (2019-02-05), some of which may limit your usage of IKS.
NOTE: This is only a snapshot, check out their state or if others exist meanwhile: https://github.com/jenkins-x/jx/issues?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+label%3Aarea%2FIKS+
Limitation | GitHub Issue | WIP |
---|---|---|
Currently it is only possible to create a cluster in the region us-east | #2984 | - |
JX environments are not created automatically | #2985 | - |
Cluster registry is not automatically created | #2997 | - |
batch-mode , verbose -Flag etc. not possible |
#2996 | - |
kaniko
to perform builds | #3971 | - |These setups are usually not necessary.
kubectl --namespace default create secret docker-registry registrysecret --docker-server=registry.<region>.bluemix.net --docker-username=token --docker-password=<token_value> --docker-email=<email>
Copy the "Token"
echo -n token: | base64 -w0
Copy the base64 value and create a file called config.json
with this contents:
{
"auths": {
"registry.ng.bluemix.net": {
"auth": "<base64 encoded token>"
}
}
}
Replace the existing Docker secret
kubectl delete secret jenkins-docker-cfg -n jx kubectl create secret generic jenkins-docker-cfg --from-file=./config.json -n jx
At this point the jenkins server needs to restarted to pick up the new docker creds: kubectl -njx delete pods
-lapp=jenkins
If you want to use git.ng.bluemix.net (gitlab), create a personal access token there
jx create git server gitlab https://git.ng.bluemix.net -n gitlab
jx create git token -n gitlab -t <gitlab token> <gitlab username>