Installing Jenkins X on Alibaba Cloud Container Service

Written by: Carlos Sanchez
4 min read

Editor's Note: This blog post was originally published on the Jenkins X website .

Jenkins X has just added initial support to install in Alibaba Container Service , its Kubernetes offering.

The following instructions allow installation in a managed Kubernetes cluster in any region outside of mainland China, where more configuration is needed avoid using Google services blocked by chinese authorities (Docker images in GCR). There is a pending issue for that.

Creating a Kubernetes cluster

Alibaba requires several things in order to create a Kubernetes cluster, so it is easier to do it through the web UI the first time.

The following services need to be activated: Container Service, Resource Orchestration Service (ROS), RAM, and Auto Scaling service, and created the Container Service roles .

If we want to use the command line we can install the aliyun cli. I have added all the steps needed below in case you want to use it.

<code data-lang="shell">brew install aliyun-cli
aliyun configure

The clusters need to be created in a VPC, so that needs to be created with VSwitches for each zone to be used.

<code data-lang="shell">aliyun vpc CreateVpc \
    --VpcName jx \
    --Description "Jenkins X" \
    --RegionId ${REGION} \

    "ResourceGroupId": "rg-acfmv2nomuaaaaa",
    "RequestId": "2E795E99-AD73-4EA7-8BF5-F6F391000000",
    "RouteTableId": "vtb-t4nesimu804j33p4aaaaa",
    "VRouterId": "vrt-t4n2w07mdra52kakaaaaa",
    "VpcId": "vpc-t4nszyte14vie746aaaaa"


aliyun vpc CreateVSwitch \
    --VSwitchName jx \
    --VpcId ${VPC} \
    --RegionId ${REGION} \
    --ZoneId ${REGION}a \
    --Description "Jenkins X" \

    "RequestId": "89D9AB1F-B4AB-4B4B-8CAA-F68F84417502",
    "VSwitchId": "vsw-t4n7uxycbwgtg14maaaaa"


Next, a keypair (or password) is needed for the cluster instances.

<code data-lang="shell">aliyun ecs ImportKeyPair \
    --KeyPairName jx \
    --RegionId ${REGION} \
    --PublicKeyBody "$(cat ~/.ssh/" 

The last step is to create the cluster using the just created VPC, VSwitch and Keypair. It’s important to select the option Expose API Server with EIP (public_slb in the API json) to be able to connect to the API from the internet.

<code data-lang="shell">echo &#x3C;&#x3C; EOF > cluster.json
    "name": "jx-rocks",
    "cluster_type": "ManagedKubernetes",
    "disable_rollback": true,
    "timeout_mins": 60,
    "region_id": "${REGION}",
    "zoneid": "${REGION}a",
    "snat_entry": true,
    "cloud_monitor_flags": false,
    "public_slb": true,
    "worker_instance_type": "ecs.c4.xlarge",
    "num_of_nodes": 3,
    "worker_system_disk_category": "cloud_efficiency",
    "worker_system_disk_size": 120,
    "worker_instance_charge_type": "PostPaid",
    "vpcid": "${VPC}",
    "vswitchid": "${VSWITCH}",
    "container_cidr": "",
    "service_cidr": "",
    "key_pair": "jx"

aliyun cs  POST /clusters \
    --header "Content-Type=application/json" \
    --body "$(cat create.json)"

    "cluster_id": "cb643152f97ae4e44980f6199f298f223",
    "request_id": "0C1E16F8-6A9E-4726-AF6E-A8F37CDDC50C",
    "task_id": "T-5cd93cf5b8ff804bb40000e1",
    "instanceId": "cb643152f97ae4e44980f6199f298f223"


We can now download kubectl configuration with

<code data-lang="shell">aliyun cs GET /k8s/${CLUSTER}/user_config | jq -r .config > ~/.kube/config-alibaba
export KUBECONFIG=$KUBECONFIG:~/.kube/config-alibaba 

Another detail before being able to install applications that use PersistentVolumeClaims is to configure a default storage class . There are several volume options that can be listed with kubectl get storageclass .

<code data-lang="shell">NAME                          PROVISIONER     AGE
alicloud-disk-available       alicloud/disk   44h
alicloud-disk-common          alicloud/disk   44h
alicloud-disk-efficiency      alicloud/disk   44h
alicloud-disk-ssd             alicloud/disk   44h 

Each of them matches the following cloud disks:

  • alicloud-disk-common: basic cloud disk (minimum size 5GiB). Only available in some zones (us-west-1a, cn-beijing-b,…)

  • alicloud-disk-efficiency: high-efficiency cloud disk, ultra disk (minimum size 20GiB).

  • alicloud-disk-ssd: SSD disk (minimum size 20GiB).

  • alicloud-disk-available: provides highly available options, first attempts to create a high-efficiency cloud disk. If the corresponding AZ’s efficient cloud disk resources are sold out, tries to create an SSD disk. If the SSD is sold out, tries to create a common cloud disk.

To set SSDs as the default:

<code data-lang="shell">kubectl patch storageclass alicloud-disk-ssd \
    -p '{"metadata": {"annotations": {"":"true"}}}' 

NOTE: Alibaba cloud disks must be more than 5GiB (basic) or 20GiB (SSD and Ultra) ) so we will need to configure any service that is deployed with PVCs to have that size as a minimum or the PersistentVolume provision will fail. The Jenkins X deployments are already configured with this in mind .

Installing Jenkins X

Alibaba Kubernetes clusters won’t be able to pull images from the insecure docker registry included in Jenkins X, we need to use Alibaba’s Container Registry by going to and setting a password.

Then we need to create a Container Registry namespace that allows us to push any image and make them public by default.

From the web UI we can create a Docker login password that we will be using later.

<code data-lang="shell">NAMESPACE=jenkins-x-$(cat /dev/urandom | env LC_CTYPE=C tr -dc 'a-z' | fold -w 6 | head -n 1)
cat &#x3C;&#x3C; EOF > namespace.json
    "Namespace": {
        "Namespace": "${NAMESPACE}"
aliyun cr PUT /namespace \
    --header "Content-Type=application/json" \
    --body "$(cat namespace.json)"

cat &#x3C;&#x3C; EOF > namespace.json
    "namespace": {
        "namespace": "${NAMESPACE}",
        "defaultVisibility": "PUBLIC",
        "autoCreate": true

aliyun cr POST /namespace/${NAMESPACE} \
    --header "Content-Type=application/json" \
    --body "$(cat namespace.json)" 

Now we can install Jenkins X as usual, passing the --provider alibaba flag.

<code data-lang="shell">jx install \
    --provider alibaba \
    --default-admin-password=admin \
    --default-environment-prefix=jx-rocks \
    --tekton \
    --docker-registry=registry.${REGION} \
    --docker-registry-org=${NAMESPACE} \

After installation we need to add the Container Registry credentials to the cluster, the Docker password we have previously created.

<code data-lang="bash">AUTH=$(echo -n "${DOCKER_USERNAME}:${DOCKER_PASSWORD}" | base64)
DATA=$(cat &#x3C;&#x3C; EOF | base64
    "auths": {
        "registry.${REGION}": {
            "auth": "${AUTH}"
cat &#x3C;&#x3C; EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
type: Opaque
  name: jenkins-docker-cfg
  namespace: jx
  config.json: ${DATA}

Installing add-ons

Addons can be installed normally with the caveat mentioned above about PVC minimum size. Which means that we may need to pass some Helm values to the create addon command, depending on the chart we are installing.

For instance to install Prometheus with 20Gi disks:

<code data-lang="shell">jx create addon prometheus \
    -s alertmanager.persistentVolume.size=20Gi,pushgateway.persistentVolume.size=20Gi,server.persistentVolume.size=20Gi 


Tekton builds need to be configured to use PVCs bigger than 20Gi due to the same reasons. The default is to use 5GiB PVCs.

<code data-lang="shell">cat &#x3C;&#x3C; EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
  name: config-artifact-pvc
  namespace: jx
  size: 20Gi

Additional resources

Stay up to date

We'll never share your email address and you can opt out at any time, we promise.