> The easiest way to get Jenkins deployed on Kubernetes Cluster (we are using a dedicated cluster for Jenkins, but that’s not necessary) is to build your own Helm chart
barf So much of this post I disagree with. I guess I should look at the kubernetes plugin again, but I abandoned using it last year. At the time, it seemed like you had to declare you base images in the plugin configuration itself, and if people launch things that need to spin up their own containers for tests, you have to expose the base docker socket.
They post talks about using Docker-in-Docker, but that still has to run in privileged mode, and isn't recommended. At least you don't get dangling containers, but you don't really block developer access to the host.
> Mount a persistent volume to /var/lib/docker to make sure your layers are cached persistently for awesome build performance.
Do you want data corruption? Because that's pretty much how you get data corruption. It's not clear if they have a single Docker-in-docker instance per volume, but I assume you'd have to.
Also, and maybe I need to revisit this, when I attempted this, it seemed like the Jenkinsfile had to be heavily modified to run on k8s agents. It wasn't a simple transition at all.
And you pretty much do want a dedicated cluster for this. That was another issue, where at the time we only had one dev and one prod cluster. We now have a cluster just for platform stuff, so it might be worth looking at again, but I'm still hesitant.
barf So much of this post I disagree with. I guess I should look at the kubernetes plugin again, but I abandoned using it last year. At the time, it seemed like you had to declare you base images in the plugin configuration itself, and if people launch things that need to spin up their own containers for tests, you have to expose the base docker socket.
They post talks about using Docker-in-Docker, but that still has to run in privileged mode, and isn't recommended. At least you don't get dangling containers, but you don't really block developer access to the host.
> Mount a persistent volume to /var/lib/docker to make sure your layers are cached persistently for awesome build performance.
Do you want data corruption? Because that's pretty much how you get data corruption. It's not clear if they have a single Docker-in-docker instance per volume, but I assume you'd have to.
Also, and maybe I need to revisit this, when I attempted this, it seemed like the Jenkinsfile had to be heavily modified to run on k8s agents. It wasn't a simple transition at all.
And you pretty much do want a dedicated cluster for this. That was another issue, where at the time we only had one dev and one prod cluster. We now have a cluster just for platform stuff, so it might be worth looking at again, but I'm still hesitant.