1. Cài đặt Jenkins với Docker Compose
Cấu trúc thư mục
├── gitlab
│ ├── config
│ ├── data
│ └── logs
├── gitlab-runner
│ └── config
├── jenkins
│ ├── agent
│ └── jenkins_home
├── lost+found
└── setup
├── docker-compose.yaml
└── jenkins
├── agent
│ └── Dockerfile
└── DockerfileNội dung docker-compose.yaml
version: '3.8'
services:
gitlab:
image: 'gitlab/gitlab-ce:latest'
container_name: gitlab
restart: always
hostname: 'gitlab.local'
environment:
GITLAB_OMNIBUS_CONFIG: |
gitlab_rails['gitlab_shell_ssh_port'] = 2222
external_url 'http://gitlab.local'
### SMTP config for Gmail
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.gmail.com"
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_user_name'] = "[email protected]"
gitlab_rails['smtp_password'] = "your_app_password"
gitlab_rails['smtp_domain'] = "smtp.gmail.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = false
gitlab_rails['gitlab_email_from'] = '[email protected]'
gitlab_rails['gitlab_email_reply_to'] = '[email protected]'
gitlab_rails['gitlab_email_display_name'] = 'GitLab'
ports:
- '80:80'
- '443:443'
- '2222:22'
volumes:
- '/opt/gitlab/config:/etc/gitlab'
- '/opt/gitlab/logs:/var/log/gitlab'
- '/opt/gitlab/data:/var/opt/gitlab'
networks:
- gitlab-network
gitlab-runner:
image: 'gitlab/gitlab-runner:latest'
container_name: gitlab-runner
restart: always
depends_on:
- gitlab
volumes:
- '/opt/gitlab-runner/config:/etc/gitlab-runner'
- '/var/run/docker.sock:/var/run/docker.sock'
networks:
- gitlab-network
jenkins:
build:
context: ./jenkins
container_name: jenkins
restart: unless-stopped
privileged: true
user: root
ports:
- "8080:8080" # Jenkins UI
- "50000:50000" # Agent communication
volumes:
- /home/iadmin/.kube:/root/.kube # mount local kube config
- /home/iadmin/.minikube:/root/.minikube # mount minikube certs and keys
- /opt/jenkins/jenkins_home:/var/jenkins_home
- /var/run/docker.sock:/var/run/docker.sock # Allows Jenkins to run docker commands
networks:
- gitlab-network
extra_hosts:
- "gitlab.local:host-gateway"
jenkins-agent:
build:
context: ./jenkins/agent
container_name: jenkins-agent
restart: unless-stopped
privileged: true
extra_hosts:
- "jenkins.local:host-gateway"
environment:
- JENKINS_URL=http://jenkins:8080
- JENKINS_AGENT_NAME=docker-agent
- JENKINS_SECRET=<SECRET>
- JENKINS_WEB_SOCKET=true
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /opt/jenkins/agent:/home/jenkins/agent
networks:
- gitlab-network
volumes:
jenkins_home:
name: jenkins_home
networks:
gitlab-network:
external: true
name: gitlab-networkNội dung file jenkins/Dockerfile
FROM jenkins/jenkins:lts
USER root
# install curl, kubectl and docker CLI
RUN apt-get update \
&& apt-get install -y ca-certificates curl apt-transport-https gnupg2 lsb-release docker.io \
&& curl -fsSL "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" -o /usr/local/bin/kubectl \
&& chmod +x /usr/local/bin/kubectl /usr/bin/docker || true \
&& apt-get clean && rm -rf /var/lib/apt/lists/*
USER jenkinsNội dung file jenkins/agent/Dockerfile
FROM jenkins/inbound-agent:latest
USER root
# install docker CLI and kubectl
RUN apt-get update \
&& apt-get install -y ca-certificates curl apt-transport-https gnupg2 lsb-release docker.io \
&& curl -fsSL "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" -o /usr/local/bin/kubectl \
&& chmod +x /usr/local/bin/kubectl /usr/bin/docker \
&& usermod -aG docker jenkins || true \
&& apt-get clean && rm -rf /var/lib/apt/lists/*
USER jenkinsKhởi chạy môi trườngdocker compose up -d
Sau khi Jenkins khởi động:
- Truy cập
http://jenkins.local:8080 - Xem mật khẩu khởi tạo ban đầu:
docker exec -it jenkins cat /var/jenkins_home/secrets/initialAdminPassword
- Dán vào màn hình “Unlock Jenkins”.
- Cài đặt plugin khuyến nghị.
2. Giao diện và cấu hình Jenkins
Đăng nhập vào Giao diện Jenkins
Dashboard: danh sách các pipeline
Manage Jenkins: Cấu hình hệ thống, cài plugin, credentials,..
Users/People: Quản lý User
Credentials: Nói lưu mật khẩu, token an toàn
Cài đặt plugin cần thiết
– Vào Manage Jenkins -> Plugins -> Available Plugins
Cài đặt các plugin:
Blue OceanDocker PipelineKubernetes CLIGitlab PluginRole-based Authorization Strategy
Phân quyền RBAC và tạo user CTO
Bật phân quyền:
- Vào
Manage Jenkins -> Configure Global Security - Chọn
- ✅ “Enable security”
- ✅ “Jenkins’ own user database”
- ✅ “Matrix-based security”
Tạo User:
Manage Jenkins -> Users -> Create User- User: dev, cto
- Password:
Cấp quyền:
Trong Matrix Authorization:
admin: tất cả quyềncto: chỉ có quyền (Read, Build, Job -> Discovery, Read, Build, Overall -> Read)dev:
