Skip to Content
Last modified by Boris Folgmann on 2025/07/17 10:51
Hide last authors
DOaaS Operator 1.1 1 You can run your own Jenkins agents, which will connect to your Jenkins Master at {{code language="none"}}https://<YOUR_CUSTOMER_ID>.devops.t-systems.net/jenkins/{{/code}} (replace <YOUR_CUSTOMER_ID> with your customer ID).
2
3 The easiest way to do this is to use the Jenkins Auto-Slave Helm chart provided by DevOps-as-a-Service. Read [[doc:Rancher 2.WebHome||anchor="Addpublichelmcharts"]] to see how to add the public chart repo to one of your Kubernetes clusters managed with Rancher 2.
4
5 The Jenkins Auto-Slave is a Jenkins agent based on {{code language="none"}}openjdk:17-slim-bullseye{{/code}}. When started, the container will download the latest agent.jar from your Jenkins master and automatically register itself as a new agent (worker node). This way, you can easily execute delivery pipelines in your own target environment. You just need to bind your jobs to your Jenkins agent by referring to the Jenkins Agent Labels that you set on the Agent. This method can be used to issue commands in Jenkins that require direct access to your network.
6
7 {{toc/}}
8
9 = Create Technical User =
10
11 Goto Technical Users on the DevOps-as-a-Service Self-self service portal and create a new technical user {{code language="none"}}https://<YOUR_CUSTOMER_ID>.devops.t-systems.net/sdportal/#/technical-user/new{{/code}} (replace <YOUR_CUSTOMER_ID> with your customer ID).
12
13 (% class="table-bordered" %)
14 (% class="active" %)|=(((
15 Field
16 )))|=(((
17 Value
18 )))
19 |=(((
20 Username
21 )))|(((
Boris Folgmann 3.2 22 jenkins_auto_agent
DOaaS Operator 1.1 23 )))
24 |=(((
25 Password
26 )))|(((
27 use the provided default or choose another strong one, save it in a secure place to be able to use it later
28 )))
29 |=(% colspan="1" %)(((
30 Tool
31 )))|(% colspan="1" %)(((
32 Jenkins
33 )))
Boris Folgmann 1.3 34 |=(% colspan="1" %)Jenkins|(% colspan="1" %)Check "Allow to administer agents"
DOaaS Operator 1.1 35 |=(((
36 Description
37 )))|(((
38 used for connecting Jenkins agents to Jenkins master
39 )))
40
Boris Folgmann 4.1 41 [[image:1752749459893-107.png||height="596" width="400"]]
DOaaS Operator 1.1 42
Boris Folgmann 4.1 43 Choose a strong password and finally click //Save//.
DOaaS Operator 1.1 44
45 = Create Service Request =
46
Boris Folgmann 1.2 47 Create a Service Request at [[Service Desk DevOps-as-a-Service>>https://prd.sdc.t-systems.net/jira/||shape="rect"]].
DOaaS Operator 1.1 48
49 (% class="table-bordered" %)
50 (% class="active" %)|=(((
51 Field
52 )))|=(((
53 Value
54 )))
55 |=(((
56 Summary
57 )))|(((
58 Connect Jenkins inbound agents
59 )))
60 |=(((
61 Component
62 )))|(((
63 Jenkins
64 )))
65 |=(((
66 Description
67 )))|(((
Boris Folgmann 1.3 68 Please open port 50000 of our Jenkins Controller so that our agents can connect.
DOaaS Operator 1.1 69 )))
70
Boris Folgmann 1.3 71 If you use a fixed list of public IP addresses for your outgoing connections, we can set up a whitelist of allowed IP addresses or networks to further restrict access to port 50000.
DOaaS Operator 1.1 72
73 If unsure, try first without a whitelist and send us your whitelist later when everything is working.
74
75 = Create API Token in Jenkins =
76
77 Even before the Service Request has been finished, use the time to get the API token for the technical user on Jenkins.
78
79 * Login to Jenkins with the credentials of the Technical User (in the screenshot, jenkins_auto_slave_manoni is used).
80 * At the top of the page, click on the username and choose //Configure// from the menu.
81
82 (% style="margin-left: 30.0px;" %)
83 [[image:attach:image2021-4-12_13-37-55.png||data-xwiki-image-style-border="true" height="163" width="500"]]
84
85 * On the Configure page, click on "ADD NEW TOKEN"
86
87 (% style="margin-left: 30.0px;" %)
88 [[image:attach:image2021-4-12_13-39-34.png||data-xwiki-image-style-border="true" height="309" width="838"]]
89
90 * Copy and record the created token for the intended use, then click "SAVE".
91
92 (% style="margin-left: 30.0px;" %)
93 [[image:attach:image2021-4-12_13-41-17.png||data-xwiki-image-style-border="true" width="500"]]
94
95 * Log out
96
97 = Connect Agent to Jenkins Controller =
98
99 Using the Helm chart as mentioned at the top of the page, the remaining required steps in Rancher 2 are as follows.
100
101 {{info}}
102 **⚠ Pod Security Policy**
103
104 The provided Jenkins Agent container allows the installation of additional software during start-up. If you run the container with the restricted Pod Security Policy of Rancher which is the standard for new projects, this will not work, since some capabilities will not be granted to the pod. To fix this, you can associate the project in the cluster with the unrestricted Pod Security Policy.
105 {{/info}}
106
107 == Create Secret ==
108
109 Goto the cluster where you want to deploy the Jenkins agent and first create a secret of type Opaque
110
111 (% class="table-bordered" %)
112 (% class="active" %)|=(((
113 Field
114 )))|=(% colspan="1" %)(((
115 Key
116 )))|=(((
117 Value
118 )))
119 |(((
120 Name
121 )))|(% colspan="1" %)(((
122
123 )))|(((
124 jenkins-agent
125 )))
126 |(((
127 Description
128 )))|(% colspan="1" %)(((
129
130 )))|(((
131 Username and API-Token for Jenkins Auto-Agent
132 )))
133 |(((
134 Data
135 )))|(% colspan="1" %)(((
136 username
137 )))|(((
138 jenkins_agent
139 )))
140 |(% colspan="1" %)(((
141
142 )))|(% colspan="1" %)(((
143 token
144 )))|(% colspan="1" %)(((
145 //fill in the API-Token obtained from Jenkins here//
146 )))
147
148 [[image:attach:image-2023-5-22_11-58-27.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="400" width="968"]]
149
150 == Deploy Jenkins Auto-Agent Helm chart ==
151
152 Goto "Apps/+ Charts" and click on the tile //jenkins-auto-agent//.
153
154 [[image:attach:image-2023-11-14_17-21-41.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="250"]]
155
156 In the following dialogs, the only mandatory information that you have to enter is:
157
158 (% class="relative-table wrapped" style="width:72.7961%" %)
159 |=(((
160 Field
161 )))|=(((
162 Value
163 )))|=(((
164 Description
165 )))
166 |(((
167 Jenkins URL
168 )))|(((
169 [[https:~~/~~/CUSTOMER.devops.t-systems.net/jenkins/>>url:https://CUSTOMER.devops.t-systems.net/jenkins/||shape="rect"]]
170 )))|(((
171 The URL of the Jenkins controller. After registration the agent will connect to port 50000 of this host.
172
173 Make sure to replace CUSTOMER with the name of your DevOps-as-a-Service instance.
174 )))
175 |(((
176 Jenkins Authentication Secret
177 )))|(((
178 jenkins-agent
179 )))|(((
180 Name of the Opaque Secret that contains technical user in role agent-admin. The keys are username and token. Token refers to the API token you have created for the technical user.
181
182 Please note that due to the retry mechanism in the Jenkins Auto-Agent your Jenkins controller will block this user very fast if you use a wrong token!
183 )))
184
185 After clicking on //Install//, the agent will be deployed and started. Check the log of the pod to see what is happening. If everything works as expected, your new agent will automatically show up in the Jenkins controller UI.
186
187 == Controller Updates ==
188
189 Every time the Jenkins controller has been updated, please restart your agent pods so that they download the latest agent and CLI jars from the Jenkins controller. Without that, problems due to different software versions used on controller and agent are possible.
190
191 = Connecting custom agents =
192
193 Public documentation about launching inbound agents can be found at [[https:~~/~~/github.com/jenkinsci/remoting/blob/master/docs/inbound-agent.md>>url:https://github.com/jenkinsci/remoting/blob/master/docs/inbound-agent.md||shape="rect"]]. The Jenkins CLI is documented at [[https:~~/~~/www.jenkins.io/doc/book/managing/cli/#using-the-cli-client>>url:https://www.jenkins.io/doc/book/managing/cli/#using-the-cli-client||shape="rect"]].
194
195
196
© 2018-2025 T-Systems International GmbH