OpenShift CI/CD Operations: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 28: Line 28:
  oc new-project stage --display-name="Tasks - Stage"
  oc new-project stage --display-name="Tasks - Stage"


==Grant Jenkins
==Grant Jenkins Needed Privileges for the Projects that Require CI/CD Services==


The Jenkins component needs to access the OpenShift API for various operations: access container images, etc. so it needs to be granted sufficient privileges to invoke the OpenShift API for the projects requiring CI/CD pipeline services - in our case "dev" and "stage":
The Jenkins component needs to access the OpenShift API for various operations: access container images, etc. so it needs to be granted sufficient privileges to invoke the OpenShift API for the projects requiring CI/CD pipeline services - in our case "dev" and "stage":

Revision as of 16:49, 1 November 2017

Internal

Overview

Set Up a Jenkins CI/CD Pipeline

Create Required Image Streams

Create an Image Stream

Create Required Projects

Create the following projects:

1. A project for the CI/CD components, named "cicd":

oc new-project cicd --display-name="CI/CD pipeline with Jenkins"

2. A project to host development-stage containers and processes, named "dev":

oc new-project dev --display-name="Tasks - Dev"

3. A project to host publicly-accessible application produced by the CI/CD pipeline, named "stage":

oc new-project stage --display-name="Tasks - Stage"

Grant Jenkins Needed Privileges for the Projects that Require CI/CD Services

The Jenkins component needs to access the OpenShift API for various operations: access container images, etc. so it needs to be granted sufficient privileges to invoke the OpenShift API for the projects requiring CI/CD pipeline services - in our case "dev" and "stage":

oc policy add-role-to-user edit system:serviceaccount:cicd:jenkins -n dev
oc policy add-role-to-user edit system:serviceaccount:cicd:jenkins -n stage

For more details, see: oc policy.

Organizatorium

The Jenkins container must be able to access the OpenShift API:

oc policy add-role-to-user edit system:service account:cicd:default -n cicd
oc policy add-role-to-user edit system:service account:cicd:default -n cicd-dev
oc policy add-role-to-user edit system:service account:cicd:default -n cicd-stage


oc project cicd

Instantiate components. Use templates. 'cicd-github-template.yaml'.

oc process -f https://raw.githubusercontent.com/OpenShiftDemos/openshift-cd-demo/master/cicd-github-template.yaml | oc create -f - 


Inspect Nexus

Inspect Jenkins