Created pipeline for Jenkins in Kubernetes cluster

.jenkins/Jenkinsfile

@@ -0,0 +1,90 @@
+pipeline {
+    agent {
+        kubernetes {
+            defaultContainer 'kubectl'
+            yamlFile '.jenkins/podTemplate.yaml'
+        }
+    }
+    environment {
+        RESOURCE_GROUP = 'tst-aks-rg'
+        CLUSTER_NAME   = 'build'
+        DEPLOY_FILES   = 'namespace.yaml secret-store.yaml deploy.yaml ingress.yaml'
+        NAMESPACE      = 'user-microservice'
+        DEPLOYMENT     = 'api'
+    }
+    stages {
+        stage('Checkout') {
+            steps {
+                container('kubectl') {
+                    checkout scm
+                }
+            }
+        }
+        stage('Login to Azure & Get Kubeconfig') {
+            steps {
+                container('kubectl') {
+                    sh '''
+                        az login --identity
+                        az aks get-credentials --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME --overwrite-existing
+                    '''
+                }
+                container('kubelogin') {
+                    sh '''
+                        kubelogin convert-kubeconfig -l azurecli
+                    '''
+                }
+            }
+        }
+        stage('Apply Kubernetes Resources') {
+            steps {
+                container('kubectl') {
+                    script {
+                        def files = DEPLOY_FILES.tokenize()
+                        for (file in files) {
+                            sh "kubectl apply -f ${file}"
+                        }
+                    }
+                }
+            }
+        }
+
+        stage('Verify Deployment') {
+            steps {
+                container('kubectl') {
+                    script {
+                        // Waiting until all pods reach "ready" status
+                        sh '''
+                            echo "Waiting for deployment rollout..."
+                            kubectl rollout status deployment/$DEPLOYMENT -n $NAMESPACE --timeout=60s
+                        '''
+                    }
+                }
+            }
+        }
+
+        stage('Health Check') {
+            steps {
+                container('kubectl') {
+                    script {
+                        // Check if app is healthy
+                        def ingressUrl = "https://user-microservice.marcin00.pl/health"
+                        sh """
+                            echo "Checking app health ${ingressUrl}..."
+                            for i in {1..30}; do
+                                if curl -sf $ingressUrl; then
+                                    echo "Health check OK"
+                                    exit 0
+                                else
+                                    echo "Health check failed. Retry \$i..."
+                                    sleep 5
+                                fi
+                            done
+                            echo "Health check failed."
+                            exit 1
+                        """
+                    }
+                }
+            }
+        }
+    }
+}

.jenkins/podTemplate.yaml

@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    some-label: jenkins-agent
+spec:
+  containers:
+  - name: kubectl
+    image: mcr.microsoft.com/azure-cli:latest
+    command:
+    - cat
+    tty: true
+    volumeMounts:
+    - name: azure-config
+      mountPath: /root/.azure
+
+  - name: kubelogin
+    image: ghcr.io/int128/kubelogin:latest
+    command:
+    - cat
+    tty: true
+
+  volumes:
+  - name: azure-config
+    emptyDir: {}
+
+  nodeSelector:
+    kubernetes.io/os: linux
+
+  restartPolicy: Never

Jenkinsfile

@@ -1,34 +0,0 @@
-pipeline {
-    agent any
-    stages {
-        stage('Checkout') {
-            steps {
-                checkout scm
-            }
-        }
-        stage('Get credentials to Cluster') {
-            steps {
-                sh '''
-                az login --identity
-                az aks get-credentials --resource-group tst-aks-rg --name edu
-                kubelogin convert-kubeconfig -l azurecli
-                '''
-            }
-        }
-        stage('Apply to Cluster') {
-            steps {
-                sh '''
-                kubectl apply -f namespace.yaml
-                kubectl apply -f secret-store.yaml
-                kubectl apply -f deploy.yaml
-                kubectl apply -f ingress.yaml
-                '''
-            }
-        }
-    }
-    post {
-        cleanup {
-            sh 'rm -f ~/.kube/config || true'
-        }
-    }
-}

rbac-role.yaml

@@ -4,7 +4,7 @@ metadata:
   name: deployer-binding
 subjects:
 - kind: User
-  name: daabce80-f745-413f-8377-00472517521c
+  name: f91aef65-7d2a-4df8-a884-e33b05d54a31
   apiGroup: rbac.authorization.k8s.io
 roleRef:
   kind: ClusterRole

secret-store.yaml

@@ -24,8 +24,8 @@ spec:
   parameters:
     usePodIdentity: "false"
     useVMManagedIdentity: "true"
-    userAssignedIdentityID: "0c2780e4-8594-4aab-8f1a-8a19f71924bd" # client_id of the user-assigned managed identity
+    userAssignedIdentityID: "f91aef65-7d2a-4df8-a884-e33b05d54a31" # client_id of the user-assigned managed identity
-    clientID: "0c2780e4-8594-4aab-8f1a-8a19f71924bd"               # client_id of the user-assigned managed identity
+    clientID: "f91aef65-7d2a-4df8-a884-e33b05d54a31"               # client_id of the user-assigned managed identity
     keyvaultName: "dev-aks"
     objects:  |
       array: