Dynamic Jenkins Agents with ECS Fargate
In this article, we will look into the setup of Jenkins in an EC2 Instance and dynamically deploy its agents in AWS Fargate, a serverless compute engine.
Jenkins
The Jenkins architecture is designed for distributed build environments. It allows us to use different environments for each building project balancing the workload among multiple agents running jobs in parallel.
The Jenkins controller is the original node in the Jenkins installation (here, we will be using AWS EC2 as the controller node). The Jenkins controller administers the Jenkins agents and orchestrates their work, including scheduling jobs on agents and monitoring agents. Agents may be connected to the Jenkins controller using either local or cloud computers.
AWS ECS Fargate
AWS Fargate is a technology that you can use with Amazon ECS to run containers without having to manage servers or clusters of Amazon EC2 instances. With Fargate, you no longer have to provision, configure, or scale clusters of virtual machines to run containers. This removes the need to choose server types, decide when to scale your clusters, or optimize cluster packing.
When you run your Amazon ECS tasks and services with the Fargate launch type or a Fargate capacity provider, you package your application in containers, specify the Operating System, CPU and memory requirements, define networking and IAM policies, and launch the application. Each Fargate task has its own isolation boundary and does not share the underlying kernel, CPU resources, memory resources, or elastic network interface with another task.
For setting up the environment, first, we need to provision an EC2 instance for running as Jenkins master. Also, make sure to allow port 8080 in the security group as it is the default Jenkins port.
In this instance, we will now install Java and Jenkins. Jenkins requires Java to run, there are multiple Java implementations that you can use, and OpenJDK is the most popular one. Jenkins installers are available for several Linux distributions. I have an Ubuntu instance, so I’ll use the following commands:
For Java Installation
sudo apt update
sudo apt install openjdk-11-jre
java -version
For Jenkins
curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo tee \
/usr/share/keyrings/jenkins-keyring.asc > /dev/null
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
/etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt-get update
sudo apt-get install jenkins
Use the public IP of the instance to open the Jenkins page in the browser
<public_ip>:8080
As mentioned in this page we need to grab the password from this location and paste it here to unlock Jenkins
sudo cat /var/lib/jenkins/secrets/initialAdminPassword
For the first-time setup, Jenkins will provide you with two options, ‘Install suggested plugins’ and ‘Select the plugins to install’. I always prefer to proceed with installing suggested plugins.
Once the plugins are installed, Jenkins will ask you to create the admin user and password, and you can start using Jenkins.
In the dashboard, go to Manage Jenkins -> Plugin Manager-> Available plugin, search for Amazon ECS/Fargate plugin, and install it without restarting.
In the AWS Console, migration to ECS cluster page and create one by specifying the name and VPC.
In the Cloud Formation you can see the cluster stack created.
Next, we will create a role and attach it to our EC2 instance which will have full access to ECS cluster.
In the IAM Management Console -> Create role for EC2 -> Add permission -> Name the role
Attach the created role to the Jenkins Master instance:
Next, in Jenkins we need to configure the Amazon ECS cloud.
We need to provide the name and region of the cluster (which is ap-south-1 in my case) and it will automatically detect the clusters of that region.
Note: Attaching the role to the instance is the securest way, but according to your requirements, you can also add credentials (access key and secret key) in Jenkins.
Migrate to Dashboard -> Manage Jenkins -> Configure Global Security, and add a fixed port for TCP inbound agents. Here, I’ve used port 50000.
Back in the Configure Cloud page, add the Jenkins IP and this port in the ‘Tunnel Connection through’ field and open this port in the security group of the Jenkins master instance to establish a tunnel connection.
Next, we will configure ECS Agent Templates. The label attribute executes the pipeline, or stage, on an agent available in the Jenkins environment with the provided label. The launch type would be Fargate, and I will use the Linux Operating system (You can choose any OS according to your requirement).
In the subnets field, we need to provide the subnets of the ECS Cluster VPC. We also need to create a security group for Jenkins to allow inbound rules for port 8080 and provide it in the configuration.
Lastly, we create a simple pipeline job that will execute on dynamically provisioned ECS Fargate.
This pipeline will simply print a statement in the Console, but you can create one according to your requirements, such as automatically trigger each build on Jenkins after each Commit on your Git repository.
After building the pipeline, you can watch the tasks in ECS Cluster
That’s all geeks. Thanks for reading :)