// Use when working with KubeSphere DevOps extension, CI/CD pipelines, Jenkins integration, or pipeline troubleshooting
Operate the KubeSphere network extension. Use when Codex needs to install, upgrade, configure, enable, disable, or inspect the `network` extension; manage Calico `IPPool` resources, namespace bindings, migrations, or network isolation flows; or consult the bundled network extension references in this skill.
Use when creating, running, or managing CI/CD pipelines in KubeSphere DevOps, including pipeline API operations and run monitoring
Use when working with WizTelemetry Logging extension for KubeSphere, including installation, configuration, and log query API
KubeSphere Fluid management Skill. Use when user asks to install or enable Fluid, check Fluid status, view Fluid pods/logs/CRDs, create or update Dataset, AlluxioRuntime, JuiceFSRuntime, or ThinRuntime, perform DataLoad or cache warming, scale runtime, or troubleshoot Fluid issues in KubeSphere.
Use when managing credentials in KubeSphere DevOps, including repository credentials, kubeconfig, and API tokens
NodeGroup operation Skill for the edgewize nodegroup project. Use this whenever the user wants to query, create, update, delete, bind, unbind, or troubleshoot NodeGroup resources, including node binding, namespace binding, workspace binding, and deployment/config inspection for nodegroup.
| name | kubesphere-devops-overview |
| description | Use when working with KubeSphere DevOps extension, CI/CD pipelines, Jenkins integration, or pipeline troubleshooting |
KubeSphere DevOps provides CI/CD capabilities through Jenkins integration, supporting both graphical pipeline editing and Jenkinsfile-based pipelines. It enables automated builds, testing, and deployments across multi-cluster environments with ArgoCD integration for GitOps continuous deployment.
KubeSphere DevOps maps resources across three layers:
KubeSphere Kubernetes Jenkins
─────────────────────────────────────────────────────────────
Workspace Workspace CR (authorization)
└── DevOpsProject ├── DevOpsProject CR └── Folder
(Namespace) └── Namespace (with label)
└── Pipeline ├── Pipeline CR └── WorkflowJob
└── Run ├── PipelineRun CR └── Build #N
Key Concept: A "DevOps Project" in KubeSphere is fundamentally a Kubernetes namespace with the devops.kubesphere.io/managed=true label. The DevOpsProject CR exists as a wrapper resource, but when querying for accessible DevOps projects, you interact with namespaces, not the DevOpsProject CRs directly.
For tenants: Use the /kapis/devops.kubesphere.io/v1alpha3/workspaces/{workspace}/namespaces endpoint to list accessible DevOps projects (returns namespace resources). The /apis/devops.kubesphere.io/v1alpha3/devopsprojects endpoint requires cluster-scoped permissions and returns 403 for tenants.
DevOps projects have two forms of names:
| Name Type | Example | Source | Usage |
|---|---|---|---|
| Shortname | devopstest | .metadata.generateName in DevOpsProject CR | Display/user-friendly name |
| Fullname | devopstestc2nj7 | .metadata.name in DevOpsProject CR and Namespace | Actual resource identifier |
Important:
devopstestc2nj7)devopstest, KubeSphere generates a unique fullname by appending random charactersDevOpsProjects belong to a Workspace via label:
apiVersion: devops.kubesphere.io/v1alpha3
kind: DevOpsProject
metadata:
name: my-project
labels:
kubesphere.io/workspace: demo # Associates with Workspace 'demo'
To create and associate:
# 1. Create Workspace
kubectl apply -f - <<EOF
apiVersion: tenant.kubesphere.io/v1beta1
kind: Workspace
metadata:
name: demo
EOF
# 2. Create DevOpsProject with label
kubectl apply -f - <<EOF
apiVersion: devops.kubesphere.io/v1alpha3
kind: DevOpsProject
metadata:
name: my-project
labels:
kubesphere.io/workspace: demo
EOF
┌──────────────────────────────────────────────────────────────┐
│ DevOps Project │
│ (Namespace with devops.kubesphere.io/managed=true label) │
└──────────────────────┬───────────────────────────────────────┘
│
┌──────────────┼──────────────┐
│ │ │
┌───────▼──────┐ ┌─────▼─────┐ ┌──────▼──────┐
│ Pipelines │ │Credentials│ │ Webhooks │
│ │ │ │ │ │
│ - Graphical │ │ - SSH │ │ - GitHub │
│ - Jenkinsfile│ │ - Basic │ │ - GitLab │
│ - Multi-branch│ │ - Token │ │ - Generic │
└──────────────┘ └───────────┘ └─────────────┘
Minimal Installation (Default Config) - RECOMMENDED:
apiVersion: kubesphere.io/v1alpha1
kind: InstallPlan
metadata:
name: devops
namespace: kubesphere-system
spec:
extension:
name: devops
version: 1.2.4
enabled: true
upgradeStrategy: Manual # Required for production
# Note: spec.config is omitted to use extension default values
When to use minimal installation:
Custom Configuration (Only When Needed):
apiVersion: kubesphere.io/v1alpha1
kind: InstallPlan
metadata:
name: devops
namespace: kubesphere-system
spec:
extension:
name: devops
version: 1.2.4
enabled: true
upgradeStrategy: Manual # Required for production
# config: leave empty to use default values
Custom Configuration (Override Defaults):
apiVersion: kubesphere.io/v1alpha1
kind: InstallPlan
metadata:
name: devops
namespace: kubesphere-system
spec:
extension:
name: devops
version: 1.2.4
enabled: true
upgradeStrategy: Manual # Required for production
config: |
# Overrides values from DevOps chart's values.yaml
agent:
jenkins:
Master:
NodeSelector: {}
resources:
requests:
cpu: "500m"
memory: "4Gi"
limits:
cpu: "2000m"
memory: "8Gi"
Agent:
Image: "jenkins/inbound-agent"
Tag: "3309.v27b_9314fd1a_4-1-jdk21"
Privileged: false
Important:
upgradeStrategy: Manual for productionconfig is optional - omit or leave empty to use extension defaultsvalues.yaml settingsTo install DevOps agent on member clusters, add clusterScheduling:
apiVersion: kubesphere.io/v1alpha1
kind: InstallPlan
metadata:
name: devops
namespace: kubesphere-system
spec:
extension:
name: devops
version: 1.2.4
enabled: true
upgradeStrategy: Manual
config: |
# Base config for all clusters
agent:
jenkins:
Master:
resources:
requests:
cpu: "500m"
memory: "4Gi"
clusterScheduling:
placement:
clusters:
- host # Install on host cluster
- member1 # Install on member1
- member2 # Install on member2
# Optional: per-cluster overrides
overrides:
member1: |
agent:
jenkins:
Master:
resources:
limits:
memory: "8Gi" # Larger master for member1
member2: |
agent:
jenkins:
Agent:
NodeSelector:
zone: west
Key Points:
clusterScheduling.placement.clusters: List clusters where DevOps agent runsclusterScheduling.overrides: Cluster-specific config overridesclusterScheduling, DevOps only runs on the host clusterhelm upgrade --install devops kse-extensions/devops \
-n kubesphere-devops-system \
--create-namespace
Verify the DevOps installation:
# Check DevOps pods
kubectl get pods -n kubesphere-devops-system
# Check InstallPlan status
kubectl get installplan devops -n kubesphere-system
# For multi-cluster: check agent status on each cluster
kubectl get installplan devops -n kubesphere-system -o jsonpath='{.status.clusterSchedulingStatuses}'
| Component | Purpose | Namespace |
|---|---|---|
| devops-jenkins | Jenkins master | kubesphere-devops-system |
| devops-apiserver | DevOps API service | kubesphere-devops-system |
| devops-controller | Resource controllers | kubesphere-devops-system |
| devops-argocd-* | ArgoCD (GitOps) | argocd |
| Jenkins Agent | Pipeline executors | Dynamic (per pipeline) |
| ----------- | --------- | ----------- |
| devops-jenkins | Jenkins master | kubesphere-devops-system |
| devops-apiserver | DevOps API service | kubesphere-devops-system |
| devops-controller | Resource controllers | kubesphere-devops-system |
| Jenkins Agent | Pipeline executors | Dynamic (per pipeline) |
KubeSphere DevOps integrates with Jenkins for CI/CD execution. The secret devops-jenkins contains the admin token for direct Jenkins access:
# Get Jenkins admin token
TOKEN=$(kubectl -n kubesphere-devops-system get secret devops-jenkins -o jsonpath='{.data.jenkins-admin-token}' | base64 -d)
# Access Jenkins API
kubectl run curl-jenkins --rm -i --restart=Never --image=curlimages/curl \
-- "http://admin:${TOKEN}@devops-jenkins.kubesphere-devops-system:80/api/json"
Jenkins NodePort:
kubectl get svc devops-jenkins -n kubesphere-devops-system
# Default: 30180
Access Jenkins Console:
http://<node-ip>:30180adminKubeSphere DevOps includes ArgoCD v2.11.7 for GitOps continuous deployment:
ArgoCD Components:
| Component | Purpose |
|---|---|
| application-controller | Manages Application state |
| applicationset-controller | Manages ApplicationSet resources |
| dex-server | SSO authentication |
| notifications-controller | Event notifications |
| repo-server | Repository operations |
| argocd-server | API/UI server |
| redis | Cache layer |
Access ArgoCD:
# Get ArgoCD server URL
kubectl get svc devops-agent-argocd-server -n argocd
# Get admin password
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath='{.data.password}' | base64 -d
Key Features:
| Resource | API Version | Purpose |
|---|---|---|
| Pipeline | devops.kubesphere.io/v1alpha3 | CI/CD pipeline definition |
| DevOpsProject | devops.kubesphere.io/v1alpha3 | DevOps project (namespace wrapper) |
| Credential | v1/Secret | Repository and deployment credentials |
# List DevOps projects
kubectl get devopsprojects
# List pipelines in a project
kubectl get pipelines -n <devops-project-namespace>
# Get pipeline runs
kubectl get pipelineruns -n <devops-project-namespace>
# Check Jenkins status
kubectl -n kubesphere-devops-system get pods -l app=devops-jenkins
# View Jenkins logs
kubectl -n kubesphere-devops-system logs -l app=devops-jenkins
# Get Jenkins admin password
kubectl -n kubesphere-devops-system get secret devops-jenkins -o jsonpath='{.data.jenkins-admin-password}' | base64 -d
| Type | Description | Use Case |
|---|---|---|
| Graphical | Visual pipeline editor | Simple pipelines, no code |
| Jenkinsfile (SCM) | Pipeline defined in repository | Version-controlled pipelines |
| Jenkinsfile (Inline) | Pipeline defined in KubeSphere | Quick testing |
| Multi-branch | Auto-discovers branches | GitFlow, feature branches |
| Mistake | Fix |
|---|---|
| Pipeline fails with "No agent" | Check Jenkins agent configuration |
| Cannot access Git repository | Verify credentials and webhook setup |
| kubeconfig credentials fail | Use string type instead of kubeconfigContent (v1.2+) |
| Jenkins out of memory | Increase Jenkins master resources |
| Pipeline hangs | Check agent pod status and resource limits |
| DevOps | Jenkins | Notes |
|---|---|---|
| v1.2.x | 2.504.1 LTS | kubernetes-cd plugin removed |
| v1.1.x | 2.346.3 LTS | Legacy kubeconfigContent supported |