tencent cloud

Tencent Kubernetes Engine

Release Notes and Announcements
Release Notes
Announcements
Release Notes
Product Introduction
Overview
Strengths
Architecture
Scenarios
Features
Concepts
Native Kubernetes Terms
Common High-Risk Operations
Regions and Availability Zones
Service Regions and Service Providers
Open Source Components
Purchase Guide
Purchase Instructions
Purchase a TKE General Cluster
Purchasing Native Nodes
Purchasing a Super Node
Getting Started
Beginner’s Guide
Quickly Creating a Standard Cluster
Examples
Container Application Deployment Check List
Cluster Configuration
General Cluster Overview
Cluster Management
Network Management
Storage Management
Node Management
GPU Resource Management
Remote Terminals
Application Configuration
Workload Management
Service and Configuration Management
Component and Application Management
Auto Scaling
Container Login Methods
Observability Configuration
Ops Observability
Cost Insights and Optimization
Scheduler Configuration
Scheduling Component Overview
Resource Utilization Optimization Scheduling
Business Priority Assurance Scheduling
QoS Awareness Scheduling
Security and Stability
TKE Security Group Settings
Identity Authentication and Authorization
Application Security
Multi-cluster Management
Planned Upgrade
Backup Center
Cloud Native Service Guide
Cloud Service for etcd
TMP
TKE Serverless Cluster Guide
TKE Registered Cluster Guide
Use Cases
Cluster
Serverless Cluster
Scheduling
Security
Service Deployment
Network
Release
Logs
Monitoring
OPS
Terraform
DevOps
Auto Scaling
Containerization
Microservice
Cost Management
Hybrid Cloud
AI
Troubleshooting
Disk Full
High Workload
Memory Fragmentation
Cluster DNS Troubleshooting
Cluster kube-proxy Troubleshooting
Cluster API Server Inaccessibility Troubleshooting
Service and Ingress Inaccessibility Troubleshooting
Common Service & Ingress Errors and Solutions
Engel Ingres appears in Connechtin Reverside
CLB Ingress Creation Error
Troubleshooting for Pod Network Inaccessibility
Pod Status Exception and Handling
Authorizing Tencent Cloud OPS Team for Troubleshooting
CLB Loopback
API Documentation
History
Introduction
API Category
Making API Requests
Elastic Cluster APIs
Resource Reserved Coupon APIs
Cluster APIs
Third-party Node APIs
Relevant APIs for Addon
Network APIs
Node APIs
Node Pool APIs
TKE Edge Cluster APIs
Cloud Native Monitoring APIs
Scaling group APIs
Super Node APIs
Other APIs
Data Types
Error Codes
TKE API 2022-05-01
FAQs
TKE General Cluster
TKE Serverless Cluster
About OPS
Hidden Danger Handling
About Services
Image Repositories
About Remote Terminals
Event FAQs
Resource Management
Service Agreement
TKE Service Level Agreement
TKE Serverless Service Level Agreement
Contact Us
Glossary
DocumentationTencent Kubernetes EngineUse CasesDevOpsConstruction and Deployment of Jenkins Public Network Framework Appications based on TKEStep 1: Configure the TKE cluster and Jenkins

Step 1: Configure the TKE cluster and Jenkins

PDF
Focus Mode
Font Size
Last updated: 2025-09-25 18:46:43

TKE Cluster Configuration

This document describes how to customize RBAC authorization ServiceAccount in TKE and get the cluster access address, token, and cluster CA certificate information required during Jenkins configuration.

Getting the cluster credential

Note
You need to enable private network access in the current cluster. For more information, see Basic Features.
1. Use the following Shell script to create a test namespace ci and a test user jenkins of the ServiceAccount type and get the cluster access credential (token):
# Create the test namespace `ci`
kubectl create namespace ci
# Create the test ServiceAccount account
kubectl create sa jenkins -n ci
# Get the secret token automatically created by the ServiceAccount account
kubectl get secret $(kubectl get sa jenkins -n ci -o jsonpath={.secrets[0].name}) -n ci -o jsonpath={.data.token} | base64 --decode
2. Create a Role permission object resource file jenkins-role.yaml in the ci test namespace as follows:
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: jenkins
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/exec"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/log"]
  verbs: ["get","list","watch"]
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]
3. Create a RoleBinding object resource file jenkins-rolebinding.yaml. The following permission binding indicates that the jenkins user of the ServiceAccount type has jenkins (Role type) permissions in the ci namespace, as shown below:
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  name: jenkins
  namespace: ci
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: jenkins
subjects:
- kind: ServiceAccount
  name: jenkins

Getting the cluster CA certificate

1. Log in to the node of the cluster as instructed in Logging In To Linux Instance (Web Shell).
2. Run the following command to view the cluster CA certificate:
cat /etc/kubernetes/cluster-ca.crt
3. Record and save the returned certificate information as shown below:


Authorizing docker.sock

Each node of the TKE cluster has a docker.sock file. The slave pod connects to this file when running docker build. Before that, you need to log in to each node and run the following commands to authorize docker build:
chmod 666 /var/run/docker.sock
ls -l /var/run/docker.sock

Configuring Jenkins

Note
The UI of Jenkins varies with the product version. Select an appropriate version based on your business needs.

Adding a TKE private network access address

1. Log in to the Jenkins master node as instructed in Logging In To Linux Instance (Web Shell).
2. Run the following command to configure the access address (domain name):
sudo sed -i '$a 10.x.x.x cls-ixxxelli.ccs.tencent-cloud.com' /etc/hosts
Note
This command can be obtained from Cluster APIServer Information on the basic information page of the cluster after private network access is enabled for the cluster. For more information, see Getting the cluster credential.
3. Run the following command to query whether the configuration is successful:
cat /etc/hosts
If the result shown in the following figure appears, the configuration was successful.


Required plug-ins for Jenkins installation

1. Log in to the Jenkins backend and click Manage Jenkins in the left sidebar.
2. On the Manage Jenkins panel, click Manage plug-ins.
3. In the Available tab, check Locale, Kubernetes, Git Parameter, and Extended Choice Parameter.
Locale indicates a Chinese language plug-in. If this plug-in is installed, the Jenkins UI is in Chinese by default.
Kubernetes indicates the Kubernetes plug-in.
Git Parameter and Extended Choice Parameter are used to pass parameters during package building. The following figure shows the Kubernetes plug-in as an example:


4. After checking the preceding plug-ins, click Install without restart and restart Jenkins.

Enabling the jnlp port

1. Log in to the Jenkins backend and click Manage Jenkins in the left sidebar.
2. On the Manage Jenkins panel, click Configure global security.
3. In TCP port for inbound agents, check Fixed and enter 50000.
4. Keep other configuration items as their defaults and click Save at the bottom of the page.

Adding the TKE cluster credential

1. Log in to the Jenkins backend and choose Credentials > System in the left sidebar.
2. On the System panel, select **Global credentials (unrestricted)**.
3. On the page that appears, click Add credentials in the left sidebar, and configure the basic credential information as follows:
Kind: Select Secret text.
Scope: Use the default option Global (Jenkins, nodes, items, all child items, etc).
Secret: Enter the token of ServiceAccount jenkins obtained in Getting the cluster credential.
ID: Leave it blank as default.
Description: Complete the information about the credential, which is displayed as the credential name and descriptive information. This document uses tke-token as an example.
4. Click OK to add the credential. Once successfully added, the credential is displayed in the credential list as shown below:


Adding the GitLab credential

1. On the Global credentials (unrestricted) page, click Add credentials in the left sidebar, and configure the basic credential information as follows:
Kind: Select Username with password.
Scope: Use the default option **Global (Jenkins, nodes, items, all child items, etc)**.
Username: Enter the GitLab username.
Password: Enter the GitLab login password.
ID: Leave it blank as default.
Description: Complete the information about the credential, which is displayed as the credential name and descriptive information. This document uses gitlab-password as an example.
2. Click OK.

Configuring the slave pod template

1. Log in to the Jenkins backend and click Manage Jenkins in the left sidebar.
2. On the Manage Jenkins panel, click Configure system.
3. At the bottom of the Configure system panel, choose Add a new cloud > Kubernetes in the Cloud section.
4. Click Kubernetes Cloud details... to configure the following basic information for Kubernetes. The following describes the main parameters. For other parameters, simply keep them as their defaults:
Name: Enter a custom name. This document uses kubernetes as an example.
Kubernetes URL: Specify the TKE cluster access address. For more information, see Getting the cluster credential.
Kubernetes server certificate key: Specify the cluster CA certificate. For more information, see Getting the cluster CA certificate.
Credentials: Select the tke-token credential created in the Adding the TKE cluster token step and then click Test connection. If the connection succeeds, the "Connection successful" prompt appears.
Jenkins URL: Enter a Jenkins private network address, such as http://10.x.x.x:8080.
5. Choose Pod templates > Add pod template > Pod template details... and configure the basic information of the pod template. The following describes the main parameters. For other parameters, simply keep them as their defaults:
Name: Enter a custom name. This document uses jnlp-agent as an example.
Labels: Define the tag name. You can select a pod for building based on the tag. This document uses jnlp-agent as an example.
Usage: Select Use this node as much as possible.
6. In the Containers drop-down list, choose Add container > Container template and configure the following container information:
Name: Enter a custom container name. This document uses jnlp-agent as an example.
Docker image: Enter the image address jenkins/jnlp-slave:alpine.
Working directory: Keep it as its default. Save the working directory, which will be used for building and packaging shell scripts.
Leave other configuration items as their defaults.
7. In Volume, complete the following steps to add a volume and configure the docker command for the slave pod.
7.1 Choose Add volume > Host path volume. Enter /usr/bin/docker for both the host and mount paths.
7.2 Choose Add volume > Host path volume. Enter /var/run/docker.sock for both the host and mount paths.
7.3 Click Save at the bottom of the page to finish configuring the slave pod template.

Subsequent Operations

Go to Step 2: Configure Slave Pod Building to create a task and configure task parameters.
Previous Topic: ExampleNext Topic: Step 2:Slave pod build configuration

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback