Created pipeline for Jenkins in Kubernetes cluster

Updated managed identity
2025-06-12 19:02:29 +00:00 · 2025-06-11 18:42:21 +00:00
5 changed files with 123 additions and 37 deletions
--- a/.jenkins/Jenkinsfile
+++ b/.jenkins/Jenkinsfile
@ -0,0 +1,90 @@
+pipeline {
+    agent {
+        kubernetes {
+            defaultContainer 'kubectl'
+            yamlFile '.jenkins/podTemplate.yaml'
+        }
+    }
+    environment {
+        RESOURCE_GROUP = 'tst-aks-rg'
+        CLUSTER_NAME   = 'build'
+        DEPLOY_FILES   = 'namespace.yaml secret-store.yaml deploy.yaml ingress.yaml'
+        NAMESPACE      = 'user-microservice'
+        DEPLOYMENT     = 'api'
+    }
+    stages {
+        stage('Checkout') {
+            steps {
+                container('kubectl') {
+                    checkout scm
+                }
+            }
+        }
+        stage('Login to Azure & Get Kubeconfig') {
+            steps {
+                container('kubectl') {
+                    sh '''
+                        az login --identity
+                        az aks get-credentials --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME --overwrite-existing
+                    '''
+                }
+                container('kubelogin') {
+                    sh '''
+                        kubelogin convert-kubeconfig -l azurecli
+                    '''
+                }
+            }
+        }
+        stage('Apply Kubernetes Resources') {
+            steps {
+                container('kubectl') {
+                    script {
+                        def files = DEPLOY_FILES.tokenize()
+                        for (file in files) {
+                            sh "kubectl apply -f ${file}"
+                        }
+                    }
+                }
+            }
+        }
+
+        stage('Verify Deployment') {
+            steps {
+                container('kubectl') {
+                    script {
+                        // Waiting until all pods reach "ready" status
+                        sh '''
+                            echo "Waiting for deployment rollout..."
+                            kubectl rollout status deployment/$DEPLOYMENT -n $NAMESPACE --timeout=60s
+                        '''
+                    }
+                }
+            }
+        }
+
+        stage('Health Check') {
+            steps {
+                container('kubectl') {
+                    script {
+                        // Check if app is healthy
+                        def ingressUrl = "https://user-microservice.marcin00.pl/health"
+                        sh """
+                            echo "Checking app health ${ingressUrl}..."
+                            for i in {1..30}; do
+                                if curl -sf $ingressUrl; then
+                                    echo "Health check OK"
+                                    exit 0
+                                else
+                                    echo "Health check failed. Retry \$i..."
+                                    sleep 5
+                                fi
+                            done
+                            echo "Health check failed."
+                            exit 1
+                        """
+                    }
+                }
+            }
+        }
+    }
+}
--- a/.jenkins/podTemplate.yaml
+++ b/.jenkins/podTemplate.yaml
@ -0,0 +1,30 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    some-label: jenkins-agent
+spec:
+  containers:
+  - name: kubectl
+    image: mcr.microsoft.com/azure-cli:latest
+    command:
+    - cat
+    tty: true
+    volumeMounts:
+    - name: azure-config
+      mountPath: /root/.azure
+
+  - name: kubelogin
+    image: ghcr.io/int128/kubelogin:latest
+    command:
+    - cat
+    tty: true
+
+  volumes:
+  - name: azure-config
+    emptyDir: {}
+
+  nodeSelector:
+    kubernetes.io/os: linux
+
+  restartPolicy: Never
--- a/34
+++ b/34
@ -1,34 +0,0 @@
-pipeline {
-    agent any
-    stages {
-        stage('Checkout') {
-            steps {
-                checkout scm
-            }
-        }
-        stage('Get credentials to Cluster') {
-            steps {
-                sh '''
-                az login --identity
-                az aks get-credentials --resource-group tst-aks-rg --name edu
-                kubelogin convert-kubeconfig -l azurecli
-                '''
-            }
-        }
-        stage('Apply to Cluster') {
-            steps {
-                sh '''
-                kubectl apply -f namespace.yaml
-                kubectl apply -f secret-store.yaml
-                kubectl apply -f deploy.yaml
-                kubectl apply -f ingress.yaml
-                '''
-            }
-        }
-    }
-    post {
-        cleanup {
-            sh 'rm -f ~/.kube/config || true'
-        }
-    }
-}
--- a/rbac-role.yaml
+++ b/rbac-role.yaml
@ -4,7 +4,7 @@ metadata:
  name: deployer-binding
 subjects:
 - kind: User
-  name: daabce80-f745-413f-8377-00472517521c
+  name: f91aef65-7d2a-4df8-a884-e33b05d54a31
  apiGroup: rbac.authorization.k8s.io
 roleRef:
  kind: ClusterRole
--- a/secret-store.yaml
+++ b/secret-store.yaml
@ -24,8 +24,8 @@ spec:
  parameters:
    usePodIdentity: "false"
    useVMManagedIdentity: "true"
-    userAssignedIdentityID: "0c2780e4-8594-4aab-8f1a-8a19f71924bd" # client_id of the user-assigned managed identity
-    clientID: "0c2780e4-8594-4aab-8f1a-8a19f71924bd"               # client_id of the user-assigned managed identity
+    userAssignedIdentityID: "f91aef65-7d2a-4df8-a884-e33b05d54a31" # client_id of the user-assigned managed identity
+    clientID: "f91aef65-7d2a-4df8-a884-e33b05d54a31"               # client_id of the user-assigned managed identity
    keyvaultName: "dev-aks"
    objects:  |
      array:
Author	SHA1	Message	Date
Marcin-Ramotowski	4901890d0e	Created pipeline for Jenkins in Kubernetes cluster	2025-06-12 19:02:29 +00:00
Marcin-Ramotowski	f55776916e	Updated managed identity	2025-06-11 18:42:21 +00:00