Skip to Content
Version 3.2 by Boris Folgmann on 2025/07/17 10:51
Show last authors
1 You can run your own Jenkins agents, which will connect to your Jenkins Master at {{code language="none"}}https://<YOUR_CUSTOMER_ID>.devops.t-systems.net/jenkins/{{/code}} (replace <YOUR_CUSTOMER_ID> with your customer ID).
2
3 The easiest way to do this is to use the Jenkins Auto-Slave Helm chart provided by DevOps-as-a-Service. Read [[doc:Rancher 2.WebHome||anchor="Addpublichelmcharts"]] to see how to add the public chart repo to one of your Kubernetes clusters managed with Rancher 2.
4
5 The Jenkins Auto-Slave is a Jenkins agent based on {{code language="none"}}openjdk:17-slim-bullseye{{/code}}. When started, the container will download the latest agent.jar from your Jenkins master and automatically register itself as a new agent (worker node). This way, you can easily execute delivery pipelines in your own target environment. You just need to bind your jobs to your Jenkins agent by referring to the Jenkins Agent Labels that you set on the Agent. This method can be used to issue commands in Jenkins that require direct access to your network.
6
7 {{toc/}}
8
9 = Create Technical User =
10
11 Goto Technical Users on the DevOps-as-a-Service Self-self service portal and create a new technical user {{code language="none"}}https://<YOUR_CUSTOMER_ID>.devops.t-systems.net/sdportal/#/technical-user/new{{/code}} (replace <YOUR_CUSTOMER_ID> with your customer ID).
12
13 (% class="table-bordered" %)
14 (% class="active" %)|=(((
15 Field
16 )))|=(((
17 Value
18 )))
19 |=(((
20 Username
21 )))|(((
22 jenkins_auto_agent
23 )))
24 |=(((
25 Password
26 )))|(((
27 use the provided default or choose another strong one, save it in a secure place to be able to use it later
28 )))
29 |=(% colspan="1" %)(((
30 Tool
31 )))|(% colspan="1" %)(((
32 Jenkins
33 )))
34 |=(% colspan="1" %)Jenkins|(% colspan="1" %)Check "Allow to administer agents"
35 |=(((
36 Description
37 )))|(((
38 used for connecting Jenkins agents to Jenkins master
39 )))
40
41 [[image:1752749459893-107.png]]
42
43 Finally, click //Save//.
44
45 = Create Service Request =
46
47 Create a Service Request at [[Service Desk DevOps-as-a-Service>>https://prd.sdc.t-systems.net/jira/||shape="rect"]].
48
49 (% class="table-bordered" %)
50 (% class="active" %)|=(((
51 Field
52 )))|=(((
53 Value
54 )))
55 |=(((
56 Summary
57 )))|(((
58 Connect Jenkins inbound agents
59 )))
60 |=(((
61 Component
62 )))|(((
63 Jenkins
64 )))
65 |=(((
66 Description
67 )))|(((
68 Please open port 50000 of our Jenkins Controller so that our agents can connect.
69 )))
70
71
72
73 If you use a fixed list of public IP addresses for your outgoing connections, we can set up a whitelist of allowed IP addresses or networks to further restrict access to port 50000.
74
75 If unsure, try first without a whitelist and send us your whitelist later when everything is working.
76
77 = Create API Token in Jenkins =
78
79 Even before the Service Request has been finished, use the time to get the API token for the technical user on Jenkins.
80
81 * Login to Jenkins with the credentials of the Technical User (in the screenshot, jenkins_auto_slave_manoni is used).
82 * At the top of the page, click on the username and choose //Configure// from the menu.
83
84 (% style="margin-left: 30.0px;" %)
85 [[image:attach:image2021-4-12_13-37-55.png||data-xwiki-image-style-border="true" height="163" width="500"]]
86
87 * On the Configure page, click on "ADD NEW TOKEN"
88
89 (% style="margin-left: 30.0px;" %)
90 [[image:attach:image2021-4-12_13-39-34.png||data-xwiki-image-style-border="true" height="309" width="838"]]
91
92 * Copy and record the created token for the intended use, then click "SAVE".
93
94 (% style="margin-left: 30.0px;" %)
95 [[image:attach:image2021-4-12_13-41-17.png||data-xwiki-image-style-border="true" width="500"]]
96
97 * Log out
98
99 = Connect Agent to Jenkins Controller =
100
101 Using the Helm chart as mentioned at the top of the page, the remaining required steps in Rancher 2 are as follows.
102
103 {{info}}
104 **⚠ Pod Security Policy**
105
106 The provided Jenkins Agent container allows the installation of additional software during start-up. If you run the container with the restricted Pod Security Policy of Rancher which is the standard for new projects, this will not work, since some capabilities will not be granted to the pod. To fix this, you can associate the project in the cluster with the unrestricted Pod Security Policy.
107 {{/info}}
108
109 == Create Secret ==
110
111 Goto the cluster where you want to deploy the Jenkins agent and first create a secret of type Opaque
112
113 (% class="table-bordered" %)
114 (% class="active" %)|=(((
115 Field
116 )))|=(% colspan="1" %)(((
117 Key
118 )))|=(((
119 Value
120 )))
121 |(((
122 Name
123 )))|(% colspan="1" %)(((
124
125 )))|(((
126 jenkins-agent
127 )))
128 |(((
129 Description
130 )))|(% colspan="1" %)(((
131
132 )))|(((
133 Username and API-Token for Jenkins Auto-Agent
134 )))
135 |(((
136 Data
137 )))|(% colspan="1" %)(((
138 username
139 )))|(((
140 jenkins_agent
141 )))
142 |(% colspan="1" %)(((
143
144 )))|(% colspan="1" %)(((
145 token
146 )))|(% colspan="1" %)(((
147 //fill in the API-Token obtained from Jenkins here//
148 )))
149
150 [[image:attach:image-2023-5-22_11-58-27.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="400" width="968"]]
151
152 == Deploy Jenkins Auto-Agent Helm chart ==
153
154 Goto "Apps/+ Charts" and click on the tile //jenkins-auto-agent//.
155
156 [[image:attach:image-2023-11-14_17-21-41.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="250"]]
157
158 In the following dialogs, the only mandatory information that you have to enter is:
159
160 (% class="relative-table wrapped" style="width:72.7961%" %)
161 |=(((
162 Field
163 )))|=(((
164 Value
165 )))|=(((
166 Description
167 )))
168 |(((
169 Jenkins URL
170 )))|(((
171 [[https:~~/~~/CUSTOMER.devops.t-systems.net/jenkins/>>url:https://CUSTOMER.devops.t-systems.net/jenkins/||shape="rect"]]
172 )))|(((
173 The URL of the Jenkins controller. After registration the agent will connect to port 50000 of this host.
174
175 Make sure to replace CUSTOMER with the name of your DevOps-as-a-Service instance.
176 )))
177 |(((
178 Jenkins Authentication Secret
179 )))|(((
180 jenkins-agent
181 )))|(((
182 Name of the Opaque Secret that contains technical user in role agent-admin. The keys are username and token. Token refers to the API token you have created for the technical user.
183
184 Please note that due to the retry mechanism in the Jenkins Auto-Agent your Jenkins controller will block this user very fast if you use a wrong token!
185 )))
186
187 After clicking on //Install//, the agent will be deployed and started. Check the log of the pod to see what is happening. If everything works as expected, your new agent will automatically show up in the Jenkins controller UI.
188
189 == Controller Updates ==
190
191 Every time the Jenkins controller has been updated, please restart your agent pods so that they download the latest agent and CLI jars from the Jenkins controller. Without that, problems due to different software versions used on controller and agent are possible.
192
193 = Connecting custom agents =
194
195 Public documentation about launching inbound agents can be found at [[https:~~/~~/github.com/jenkinsci/remoting/blob/master/docs/inbound-agent.md>>url:https://github.com/jenkinsci/remoting/blob/master/docs/inbound-agent.md||shape="rect"]]. The Jenkins CLI is documented at [[https:~~/~~/www.jenkins.io/doc/book/managing/cli/#using-the-cli-client>>url:https://www.jenkins.io/doc/book/managing/cli/#using-the-cli-client||shape="rect"]].
196
197
198
© 2018-2025 T-Systems International GmbH