OpenShift CI/CD Operations - Collocated Persistent Jenkins Set Up: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 18: Line 18:


=Grant Required Permissions=
=Grant Required Permissions=
Jenkins components need to access the OpenShift API, so the service account that will run the Jenkins pod ("") must be given appropriate permissions:
oc policy add-role-to-user admin system:service account:<''project-name''>:default
More details about Jenkins security considerations:
{{Jenkins_and_OpenShift#Security_Considerations|Jenkins Security Considerations}}

Revision as of 02:04, 22 November 2017

Internal

Overview

This is the procedure to install a CI/CD pipeline based on Jenkins. The CI/CD pipeline will execute in the project that need CI/CD services: the Jenkins pod will be created in the same project it triggers builds and deployments for.

The pipeline is created based on the OpenShift "jenkins-persistent" template, available in the "openshift" project:

 oc get templates -n openshift | grep jenkins
NAME                  DESCRIPTION                                    PARAMETERS       OBJECTS
...
jenkins-persistent    Jenkins service, with persistent storage....   8 (all set)      7

No special service account will be created for Jenkins, it will be configured to use the default service account "system:service account:<project-name>:default"

Grant Required Permissions

Jenkins components need to access the OpenShift API, so the service account that will run the Jenkins pod ("") must be given appropriate permissions:

oc policy add-role-to-user admin system:service account:<project-name>:default

More details about Jenkins security considerations:

Template:Jenkins and OpenShift