Skip to content

Jenkins Controller StatefulSet Configuration

The Jenkins Controller StatefulSet configuration defines the deployment strategy, resource allocation, and security settings for the primary Jenkins instance within a Kubernetes cluster^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].

Overview

The Jenkins controller is deployed as a Kubernetes StatefulSet^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md]. This configuration section allows administrators to customize the container image, assign hardware resources, define security contexts, and control scheduling and networking behaviors^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].

container Image Configuration

The core container running the Jenkins controller is defined by the following parameters^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md]:

  • controller.image: The name of the container image (default: jenkins/jenkins).
  • controller.tagLabel: A label used to tag the image (default: jdk11).
  • controller.tag: Overrides the image tag.
  • controller.imagePullPolicy: Defines when the image is pulled (default: Always).

Resource Allocation

Resource limits and requests can be configured to manage performance and stability^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].

  • controller.resources: Specifies CPU and memory requests and limits. The default configuration requests 50m CPU and 256Mi memory, with limits set to 2000m CPU and 4096Mi memory^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].
  • controller.initContainerResources: Allows setting specific resource allocation for the Init containers.

Security Context

Configuring the security context is essential for defining the permissions under which the Jenkins controller runs^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].

Pod-Level Security

  • controller.usePodSecurityContext: Must be true if setting user IDs or file system groups^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].
  • controller.runAsUser: The user ID that Jenkins runs as (deprecated in favor of podSecurityContextOverride; default: 1000)^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].
  • controller.fsGroup: The group ID for the persistent volume (deprecated in favor of podSecurityContextOverride; default: 1000)^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].
  • controller.podSecurityContextOverride: A field to completely overwrite the pod security context, ignoring deprecated runAsUser and fsGroup values^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].

Container-Level Security

  • controller.containerSecurityContext: Controls the security context specifically for the Jenkins container^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md]. The default settings enforce a read-only root filesystem and disable privilege escalation^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].

Networking and Service Exposure

The StatefulSet configuration interacts with Kubernetes Service objects to manage networking^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].

  • Service Type: controller.serviceType defaults to ClusterIP^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].
  • Ports:
    • controller.servicePort: The service port (default: 8080)^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].
    • controller.targetPort: The target port on the pod (default: 8080)^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].
    • controller.jmxPort: Optional port for JMX statistics^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].
    • controller.extraPorts: Configuration for opening additional ports^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].
  • Load Balancing:
    • controller.loadBalancerSourceRanges: Restricts inbound traffic to specific IP ranges (default: 0.0.0.0/0)^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].
    • controller.loadBalancerIP: Specifies a fixed external IP^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].

Scheduling and Pod Placement

Administrators can control where the Jenkins controller pod is deployed using standard Kubernetes scheduling primitives^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].

  • controller.nodeSelector: Defines node labels to constrain pod placement^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].
  • controller.affinity: Specifies affinity rules for advanced scheduling logic^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].
  • controller.tolerations: Allows the pod to be scheduled on nodes with matching taints^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].
  • controller.priorityClassName: Assigns a priority class to the pod to influence scheduling priority^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].

Health Probes

Kubernetes probes are configured to monitor the status of the controller^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].

  • controller.healthProbes: Enables the configuration of liveness, readiness, and startup probes (default: true)^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].
  • Probe Paths: By default, probes check the /login endpoint (or the path defined by controller.jenkinsUriPrefix)^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].

Labels and Annotations

Metadata can be attached to the StatefulSet, Pod, or Service to organize and manage resources^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].

  • controller.statefulSetLabels / controller.statefulSetAnnotations: Custom metadata for the StatefulSet^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].
  • controller.podLabels / controller.podAnnotations: Custom metadata for the Pod^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].
  • controller.serviceLabels / controller.serviceAnnotations: Custom metadata for the Service^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].
  • [[流程化筆記]]: Use process-oriented notes to record the specific steps taken to configure the StatefulSet, ensuring settings are replicated correctly in future deployments.
  • [[Persistent Volume Claim]]: The StatefulSet typically relies on a PVC for data persistence; configuration options for persistence are closely related to the StatefulSet setup.

Sources

^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md]