Securing Jenkins on GKE with IAP
Jenkins is a self-contained, open source, automation tool written in Java and has plugins mostly built for continuous integration purposes. You can automate all types of tasks related to building, testing, and deploying software with Jenkins. DevOps is all about speeding up the software development and release process. And Jenkins is widely popular in the DevOps space because of the same reason. Organizations can speed up the software development process through automation with the help of Jenkins. Google Kubernetes Engine (GKE) is a managed environment for deploying, managing, and scaling your containerized applications in the Google infrastructure. It is used to create and operate the Kubernetes clusters in a simplified way. Through GKE, your Kubernetes deployment will get a top-quality support GCP (Google Cloud Platform), IAM (Identity and Access Management) identities, built-in HA configuration along with secured clusters. It will also get native access to GCP’s networking features.
Security is an essential aspect of any IT assembly and securing Jenkins is not an exception. In this blog, I will talk about how to secure Jenkins deployed on GKE using IAP. IAP stands for Identity Aware Proxy, and it is a GCP Kubernetes offering that secures your web applications. So, let’s see what the prerequisites are:
- Jenkins deployed on GKE.
- Domain, e.g. test.xyz
- An inbuilt Ingress controller of GKE, so you don’t have to deploy an external Ingress controller (like Nginx).
I am assuming that you should have already deployed Jenkins on GKE and created a NodePort/ClusterIP service to expose your deployment. As GKE has an inbuilt Ingress controller, create a global reserved IP address which will be utilized by HTTPS load balancer using the following command:
gcloud compute addresses create jenkins-gke-ip –global
Now, create an Ingress using the YAML code given below:…read more.