There are two important parts to go through in the Jenkins setup:
- Jenkins needs to run a docker command to build your application to compose your container image
- Jenkins need to communicate with the Kubernetes master to control deployment
To achieve step 1, there is a tricky part that needs something like a Docker-in-Docker (dind). This is because Jenkins is run by Kubernetes as a pod (Docker container), and Jenkins also needs to invoke a docker command to build your application. It can be achieved by mounting /var/run/docker.sock from the Kubernetes node to the Jenkins pod that can communicate with Jenkins, the Kubernetes node, and the Docker daemon.
Docker-in-Docker and mounting /var/run/docker.sock have been described at https://blog.docker.com/2013/09/docker-can-now-run-within-docker/ and http://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/.
In order to achieve step 2, we will set up a Kubernetes service account and assign one ClusterRole so that the Jenkins service account can have a necessary privilege.
Let's do it step by step.