Creation of Kubernetes Jenkins with my own image redirects to 'Unlock Jenkins'

Hello ,

I am having an issue that Jenkins redirects to ‘Unlock Jenkins’.

I am providing here all the details :

Dockerfile :

FROM jenkins/jenkins:lts-jdk11

USER root

#Install necessary dependencies

RUN apt-get update && apt-get install -y
vim
wget
software-properties-common
lsb-release apt-transport-https ca-certificates
curl
unzip

#Install PHP7.3

RUN wget -O /etc/apt/trusted.gpg.d/php.gpg < link to apt repo >
RUN echo “deb < link to package > $(lsb_release -sc) main” | tee /etc/apt/sources.list.d/php7.3.list
RUN apt-get update && apt-get install php7.3 -y

#Install PHP dependencies

RUN apt-get install -y \
php-codesniffer
phpunit
phpmd
phpcpd
phploc
php7.3-mbstring
php7.3-dom
php7.3-curl
php7.3-cli
php7.3-zip
php7.3-intl
php7.3-pcov
php7.3-bcmath
php7.3-gd
php7.3-memcached
php7.3-xsl

#Create symlink for Jenkins

RUN ln -s /var/jenkins_home /var/lib/jenkins

#Install PHP Composer

RUN curl -sS https://getcomposer.org/installer -o /tmp/composer-setup.php && php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=composer

#Install Selenium and Chrome Drivers

RUN mkdir /usr/local/share/selenium
RUN wget http://selenium-release.storage.googleapis.com/3.7/selenium-server-standalone-3.7.1.jar -P /usr/local/share/selenium
RUN java -jar /usr/local/share/selenium/selenium-server-standalone-3.7.1.jar &
RUN wget https://chromedriver.storage.googleapis.com/2.33/chromedriver_linux64.zip -P /usr/local/share
RUN unzip /usr/local/share/chromedriver_linux64.zip -d /usr/local/share
RUN rm /usr/local/share/chromedriver_linux64.zip
RUN java -jar -Dwebdriver.chrome.driver="/usr/local/share/chromedriver" /usr/local/share/selenium/selenium-server-standalone-3.7.1.jar &
RUN wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb -P ~/
RUN dpkg -i ~/google-chrome*.deb || true && apt-get install -f -y
RUN dpkg -i ~/google-chrome*.deb

#Install Kubectl

RUN curl -LO “https://storage.googleapis.com/kubernetes-release/release/$(curl -s ttps://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl”
RUN chmod +x ./kubectl
RUN mv ./kubectl /usr/local/bin/kubectl

#for main web interface:
EXPOSE 8080

#will be used by attached slave agents:
EXPOSE 50000

USER jenkins

Kubernetes deployment :

apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
spec:
replicas: 1
selector:
matchLabels:
app: jenkins
template:
metadata:
labels:
app: jenkins
spec:
serviceAccountName: jenkins
securityContext:
fsGroup: 1000
runAsUser: 1000
containers:
- name: jenkins
image: < an image that is on ECR AWS >
securityContext:
allowPrivilegeEscalation: false
runAsUser: 0
ports:
- containerPort: 8080
volumeMounts:
- name: jenkins-datas
mountPath: /var/jenkins_home
- name: jenkins-ssh
mountPath: /var/jenkins_home/.ssh
subPath: .ssh
initContainers:
- name: git-clone-repo-ssh-keys
image: alpine/git
args:
- clone
- --single-branch
- –
- < path to my git repo >
- /var/jenkins_home
volumeMounts:
- name: jenkins-ssh
mountPath: /var/jenkins_home
volumes:
- name: jenkins-datas
persistentVolumeClaim:
claimName: jenkins-datas
- name: jenkins-ssh
emptyDir: {}

Service of Kubernetes :

apiVersion: v1
kind: Service
metadata:
name: jenkins
labels:
app: jenkins
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
spec:
type: LoadBalancer # Regular k8s Service manifest with type as LoadBalancer
selector:
app: jenkins
ports:

  • port: 8080
    targetPort: 8080

Also i have point the network internal load balancer to a Route53 CNAME record.

I create the deployment, Jenkins is installed , i unlock it , Setup wizard installed all the neseccary plugins and then i navigate to the Dashboard.

Issue is that after i do some tasks , for example create some user or make some configurations redirects me to the ‘Unlock Page’ as in the beginning.

Could you please give me a help here ?

Thanks

so

  1. Huge and hard to read, so its kinda hard to see if anything stands out.
  2. Its highly discouraged from running your jobs directly on the controller. Its better to create an agent image and spin up an agent on demand, or have a ssh agent, or whatever. Running jenkins jobs directly on the controller is considered a security risk. Plus it’ll make things unresponsive if too busy
  3. My only guess is that somehow your $JENKINS_HOME isn’t set to /var/jenkins_home or maybe your volume mounts are setup wrong