This topic describes how to deploy Jenkins, a continuous integration environment, in an Alibaba Cloud Kubernetes cluster, and how to perform an application pipeline build. The example in this topic details the pipeline build, including how to compile the source code of the application, build and push the application image, and deploy the application.


You have created a Kubernetes cluster. For more information, see Create a Kubernetes cluster.

Deploy Jenkins

  1. Log on to the Container Service console.
  2. In the left-side navigation pane, choose Container Service-Kubernetes > Store > App Catalog. Then, click jenkins.

  3. Click the Values tab.
  4. Modify the AdminPassword field to set a password.
    Note To ensure that your password takes effect, you must remove the pound sign (#) before AdminPassword
    If you do not set any password, the system generates a password after Jenkins is deployed. You can run the following command to view the password:
    $ printf $(kubectl get secret --namespace ci jenkins-ci-jenkins -o jsonpath="{.data.jenkins-admin-password}" | base64 --decode);echo
  5. Select the target Cluster and Namespace, enter a Release Name, then click DEPLOY.

    Note We recommend that you select a custom namespace or the default namespace. In this example, a custome namespace named test is selected.
  6. In the left-side navigation pane, choose Discovery and Load Balancing > Service.
  7. Select the cluster and the namespace used for deploying Jenkins.
  8. Click the external endpoint of the Jenkins service to log on to Jenkins.

Create a cluster certificate and an image repository certificate, and build and deploy an application

  1. Create a Kubernetes cluster certificate.
    1. In the left-side navigation pane, click Manage Jenkins.
    2. On the Manage Jenkins page, click Configure System.
    3. In the Cloud area, click Add on the right of Credentials.

      Before adding a credential, you must obtain KubeConfig on the Basic Information tab page of the target Kubernetes cluster.

    4. In the diaplayed dialog box, set the following parameters:

      • Kind: Select Docker Host Certificate Authentication.
      • Client Key: Paste the copied client-key-data content in KubeConfig.
      • Client Certificate: Paste the copied client-certificate-data content in KubeConfig.
      • ID: Enter the certificate ID. In this example, k8sCertAuth is entered.
      • Description : Enter description content.
    5. Click Add.
    6. Test connectivity.
      Select the added credential in the preceding step from the Credentials drop-down list, and then click Test Connection.

    7. Set the Kubernetes cluster to dynamically build pods as follows.

    8. Set the Kubernetes pod template.

      The slave-pipeline uses four containers to create each corresponding stage of the pipeline.

      • Set container jnlp as follows.

        Use jenkins-slave-jnlp as a Docker image. The jenkins-slave-jnlp image is used to create the jnlp node to connect the Jenkins master.
      • Set container kaniko as follows.

        Use jenkins-slave-kaniko as a Docker image. The jenkins-slave-kaniko image is used to create and push an image.
      • Set container kubectl as follows.

        Use jenkins-slave-kubectl as a Docker image. The jenkins-slave-kubectl image is used to deploy the application.
      • Set container maven as follows.

        Use jenkins-slave-maven as a Docker image.The jenkins-slave-maven image is used by mvn to package and build the application.
    9. Set image repository permission for kaniko as follows.

    10. Click Save.
  2. To set image repository permission, use kubectl to create jenkins-docker-cfg secret in the target Kubernetes cluster.
    In this example, the Beijing image repository provided by Alibaba Cloud is used.
    $ docker login -u xxx -p xxx
    Login Succeeded
    $ kubectl create secret generic jenkins-docker-cfg -n ci --from-file=/root/.docker/config.json
  3. Create demo-pipeline and access the application service.
    1. On the Jenkins home page, click demo-pipeline.

    2. In the left-side navigation pane, click Build with Parameters.
    3. Modify the parameters according to your image repository information. In this example, the source code repository is master, and the image is

    4. Click Build.
    5. Click Build History to check the result. The following figure indicates a success.

    6. Log on to the Container Service console to view the IP addresses of the services provided by the application.

Click Here to obtain the source code repository used in the example.

For more information, see Container Service.

For more information, see kaniko.