Skip to main content

Docker

In our Docker-based Jenkins setup, we follow a Master-Agent architecture, where:

  • The Jenkins Master handles:
    • Web UI
    • Scheduling jobs
    • Dispatching builds to agents
    • Aggregating results
  • The Jenkins Agent is responsible for:
    • Running actual build jobs
    • Isolating workloads from the master

This design gives us flexibility, scalability, and security, especially when running CI/CD pipelines that could require different environments or tools.

Folder Layout

jenkins-docker/
├── agent/
│   ├── Dockerfile              # Jenkins agent definition
│   ├── docker-compose.yml      # Agent container setup
│   └── jenkins-agent-ssh       # SSH key used by the agent (private key)
└── docker-compose.yml          # Jenkins master container setup

Gerrit Integration with Jenkins Agent

To enable Jenkins to build code from Gerrit repositories, a secure SSH-based integration was set up using a bot account and private key authentication.

What’s Already Configured:

  • A dedicated Gerrit bot user (jenkins-bot) has been created with appropriate access rights to repositories and refs.

  • An SSH key pair was generated specifically for the Jenkins agent inside the agent/jenkins-agent-ssh/ directory.

  • The public key (id_ed25519.pub) has been added to the jenkins-bot user's SSH settings in Gerrit.

  • The private key (id_ed25519) was added to Jenkins master via the Credentials Manager:

    • Type: "SSH Username with private key"
    • Username: jenkins-bot
    • This allows Jenkins jobs to authenticate securely when cloning repositories.

  • The Jenkins agent uses this key to authenticate with Gerrit and pull code as part of the pipeline process.

Build Workflow Summary

  1. Jenkins master schedules a build job.
  2. The job is dispatched to the Jenkins agent.
  3. The agent connects to Gerrit using the jenkins-bot SSH credentials.
  4. Code is cloned from Gerrit and the build is executed.
  5. Results are sent back to the master for storage and feedback.

Why This Setup Is Used

  • Security: SSH keys remove the need for username/password combinations.
  • Scalability: Agents can be distributed, containerized, and replaced easily.
  • Modularity: Builds run independently of the Jenkins master environment.