Step 9 - Kubernetes

In this step, we replace the simple docker run deployment with a Kubernetes deployment using kubectl.

Jenkinsfile

Here is the Jenkinsfile for this step. Source code: 30-09-Jenkinsfile-sonarqube-docker-build-push-anchore-deploy-to-kubernetes.

pipeline {
    agent any
    options {
      disableConcurrentBuilds()
      disableResume()
      buildDiscarder(logRotator(numToKeepStr: '10'))
      timeout(time: 1, unit: 'HOURS')
    }
    tools {
        maven 'maven-3.6.3' 
    }
    environment {
        DATE = new Date().format('yy.M')
        TAG = "${DATE}.${BUILD_NUMBER}"
        scannerHome = tool 'sonarscanner'
    }
    stages {
        stage ('Build') {
            steps {
                sh 'mvn clean package'
            }
        }
        stage('Docker Build') {
            steps {
                script {
                    docker.build("vigneshsweekaran/hello-world:${TAG}")
                }
            }
        }
        stage('Pushing Docker Image to Dockerhub') {
            steps {
                script {
                    docker.withRegistry('https://registry.hub.docker.com', 'docker_credential') {
                        docker.image("vigneshsweekaran/hello-world:${TAG}").push()
                        docker.image("vigneshsweekaran/hello-world:${TAG}").push("latest")
                    }
                }
            }
        }
        stage('Deploy to Kubernetes'){
            steps {
                withCredentials([sshUserPrivateKey(credentialsId: 'vm-key', keyFileVariable: 'SSH_PRIVATE_KEY_PATH')]) {
                    sh "scp -i $SSH_PRIVATE_KEY_PATH -o StrictHostKeyChecking=no deployment/deployment.yaml opc@k8s.letspractice.tk:/tmp/."
                    sh "ssh -i $SSH_PRIVATE_KEY_PATH -o StrictHostKeyChecking=no opc@k8s.letspractice.tk 'kubectl apply -f /tmp/deployment.yaml'"
                }
            }
        }
    }
    post {
      always {
        deleteDir()
      }
    }
}

Detailed Explanation

Deploy to Kubernetes Stage

• sshUserPrivateKey: Extracts the private key from Jenkins credentials and saves it to a temporary file (SSH_PRIVATE_KEY_PATH).
• scp: Securely copies the deployment.yaml from our workspace to the /tmp directory on the remote Kubernetes master/jump host.
• ssh ... 'kubectl apply ...': Connects to the remote host and executes the kubectl command to apply the configuration.

Important Tips

Note

This pattern (SSHing to a jump host) is common, but advanced setups often use the Kubernetes plugin to deploy directly from the Jenkins slave (if it's inside the cluster) or use a GitOps operator like ArgoCD.

Next Step: Shared Libraries

Quick Quiz

Quick Quiz

#

Which command is used to apply a configuration file to a Kubernetes cluster?

kubectl apply -f filename.yaml

kubectl create -f filename.yaml

kubectl run

kubectl deploy

kubectl apply creates or updates resources to match the specified state in the YAML file, making it idempotent and preferred for GitOps.

#

What is the purpose of the sshUserPrivateKey credential type in Jenkins?

To provide an SSH private key for connecting to remote servers securely

To store passwords

To store API tokens

To store certificates

This credential type allows Jenkins to access the SSH private key needed to authenticate as a user on a remote machine without a password.

#

Why might you copy a file to /tmp on the remote server before applying it?

To ensure the file exists on the machine where kubectl is running

To back it up

Because /tmp is the only writable directory

To check for syntax errors

Since Jenkins executes commands over SSH, the deployment.yaml needs to be physically present on the remote jump host/node so kubectl can read it.

📬 DevopsPilot Weekly — Learn DevOps, Cloud & Gen AI the simple way.
👉 Subscribe here