Skip to Content
Version 1.2 by Boris Folgmann on 2025/07/17 10:47
Show last authors
1 You can run your own Jenkins agents, which will connect to your Jenkins Master at {{code language="none"}}https://<YOUR_CUSTOMER_ID>.devops.t-systems.net/jenkins/{{/code}} (replace <YOUR_CUSTOMER_ID> with your customer ID).
2
3 The easiest way to do this is to use the Jenkins Auto-Slave Helm chart provided by DevOps-as-a-Service. Read [[doc:Rancher 2.WebHome||anchor="Addpublichelmcharts"]] to see how to add the public chart repo to one of your Kubernetes clusters managed with Rancher 2.
4
5 The Jenkins Auto-Slave is a Jenkins agent based on {{code language="none"}}openjdk:17-slim-bullseye{{/code}}. When started, the container will download the latest agent.jar from your Jenkins master and automatically register itself as a new agent (worker node). This way, you can easily execute delivery pipelines in your own target environment. You just need to bind your jobs to your Jenkins agent by referring to the Jenkins Agent Labels that you set on the Agent. This method can be used to issue commands in Jenkins that require direct access to your network.
6
7 {{toc/}}
8
9 = Create Technical User =
10
11 Goto Technical Users on the DevOps-as-a-Service Self-self service portal and create a new technical user {{code language="none"}}https://<YOUR_CUSTOMER_ID>.devops.t-systems.net/sdportal/#/technical-user/new{{/code}} (replace <YOUR_CUSTOMER_ID> with your customer ID).
12
13 (% class="table-bordered" %)
14 (% class="active" %)|=(((
15 Field
16 )))|=(((
17 Value
18 )))
19 |=(((
20 Username
21 )))|(((
22 e.g. jenkins_agent
23 )))
24 |=(((
25 Password
26 )))|(((
27 use the provided default or choose another strong one, save it in a secure place to be able to use it later
28 )))
29 |=(% colspan="1" %)(((
30 Tool
31 )))|(% colspan="1" %)(((
32 Jenkins
33 )))
34 |=(((
35 Description
36 )))|(((
37 used for connecting Jenkins agents to Jenkins master
38 )))
39
40 [[image:attach:image2021-7-28_10-47-55.png||queryparams="effects=drop-shadow" height="400"]]
41
42 Don't use the password from the example screenshot. Finally, click //Save//.
43
44 = Create Service Request =
45
46 Create a Service Request at [[Service Desk DevOps-as-a-Service>>https://prd.sdc.t-systems.net/jira/||shape="rect"]].
47
48 (% class="table-bordered" %)
49 (% class="active" %)|=(((
50 Field
51 )))|=(((
52 Value
53 )))
54 |=(((
55 Summary
56 )))|(((
57 Connect Jenkins inbound agents
58 )))
59 |=(((
60 Component
61 )))|(((
62 Jenkins
63 )))
64 |=(((
65 Description
66 )))|(((
67 Please open port 50000 of our Jenkins Master so that our agents can connect.
68 )))
69
70
71
72 If you use a fixed list of public IP addresses for your outgoing connections, we can set-up a whitelist of allowed IP addresses or networks to further restrict access to port 50000.
73
74 If unsure, try first without a whitelist and send us your whitelist later when everything is working.
75
76 = Create API Token in Jenkins =
77
78 Even before the Service Request has been finished, use the time to get the API token for the technical user on Jenkins.
79
80 * Login to Jenkins with the credentials of the Technical User (in the screenshot, jenkins_auto_slave_manoni is used).
81 * At the top of the page, click on the username and choose //Configure// from the menu.
82
83 (% style="margin-left: 30.0px;" %)
84 [[image:attach:image2021-4-12_13-37-55.png||data-xwiki-image-style-border="true" height="163" width="500"]]
85
86 * On the Configure page, click on "ADD NEW TOKEN"
87
88 (% style="margin-left: 30.0px;" %)
89 [[image:attach:image2021-4-12_13-39-34.png||data-xwiki-image-style-border="true" height="309" width="838"]]
90
91 * Copy and record the created token for the intended use, then click "SAVE".
92
93 (% style="margin-left: 30.0px;" %)
94 [[image:attach:image2021-4-12_13-41-17.png||data-xwiki-image-style-border="true" width="500"]]
95
96 * Log out
97
98 = Connect Agent to Jenkins Controller =
99
100 Using the Helm chart as mentioned at the top of the page, the remaining required steps in Rancher 2 are as follows.
101
102 {{info}}
103 **⚠ Pod Security Policy**
104
105 The provided Jenkins Agent container allows the installation of additional software during start-up. If you run the container with the restricted Pod Security Policy of Rancher which is the standard for new projects, this will not work, since some capabilities will not be granted to the pod. To fix this, you can associate the project in the cluster with the unrestricted Pod Security Policy.
106 {{/info}}
107
108 == Create Secret ==
109
110 Goto the cluster where you want to deploy the Jenkins agent and first create a secret of type Opaque
111
112 (% class="table-bordered" %)
113 (% class="active" %)|=(((
114 Field
115 )))|=(% colspan="1" %)(((
116 Key
117 )))|=(((
118 Value
119 )))
120 |(((
121 Name
122 )))|(% colspan="1" %)(((
123
124 )))|(((
125 jenkins-agent
126 )))
127 |(((
128 Description
129 )))|(% colspan="1" %)(((
130
131 )))|(((
132 Username and API-Token for Jenkins Auto-Agent
133 )))
134 |(((
135 Data
136 )))|(% colspan="1" %)(((
137 username
138 )))|(((
139 jenkins_agent
140 )))
141 |(% colspan="1" %)(((
142
143 )))|(% colspan="1" %)(((
144 token
145 )))|(% colspan="1" %)(((
146 //fill in the API-Token obtained from Jenkins here//
147 )))
148
149 [[image:attach:image-2023-5-22_11-58-27.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="400" width="968"]]
150
151 == Deploy Jenkins Auto-Agent Helm chart ==
152
153 Goto "Apps/+ Charts" and click on the tile //jenkins-auto-agent//.
154
155 [[image:attach:image-2023-11-14_17-21-41.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="250"]]
156
157 In the following dialogs, the only mandatory information that you have to enter is:
158
159 (% class="relative-table wrapped" style="width:72.7961%" %)
160 |=(((
161 Field
162 )))|=(((
163 Value
164 )))|=(((
165 Description
166 )))
167 |(((
168 Jenkins URL
169 )))|(((
170 [[https:~~/~~/CUSTOMER.devops.t-systems.net/jenkins/>>url:https://CUSTOMER.devops.t-systems.net/jenkins/||shape="rect"]]
171 )))|(((
172 The URL of the Jenkins controller. After registration the agent will connect to port 50000 of this host.
173
174 Make sure to replace CUSTOMER with the name of your DevOps-as-a-Service instance.
175 )))
176 |(((
177 Jenkins Authentication Secret
178 )))|(((
179 jenkins-agent
180 )))|(((
181 Name of the Opaque Secret that contains technical user in role agent-admin. The keys are username and token. Token refers to the API token you have created for the technical user.
182
183 Please note that due to the retry mechanism in the Jenkins Auto-Agent your Jenkins controller will block this user very fast if you use a wrong token!
184 )))
185
186 After clicking on //Install//, the agent will be deployed and started. Check the log of the pod to see what is happening. If everything works as expected, your new agent will automatically show up in the Jenkins controller UI.
187
188 == Controller Updates ==
189
190 Every time the Jenkins controller has been updated, please restart your agent pods so that they download the latest agent and CLI jars from the Jenkins controller. Without that, problems due to different software versions used on controller and agent are possible.
191
192 = Connecting custom agents =
193
194 Public documentation about launching inbound agents can be found at [[https:~~/~~/github.com/jenkinsci/remoting/blob/master/docs/inbound-agent.md>>url:https://github.com/jenkinsci/remoting/blob/master/docs/inbound-agent.md||shape="rect"]]. The Jenkins CLI is documented at [[https:~~/~~/www.jenkins.io/doc/book/managing/cli/#using-the-cli-client>>url:https://www.jenkins.io/doc/book/managing/cli/#using-the-cli-client||shape="rect"]].
195
196
197
© 2018-2025 T-Systems International GmbH