OpenShift CI/CD Operations - Collocated Persistent Jenkins Set Up: Difference between revisions
Jump to navigation
Jump to search
| Line 18: | Line 18: | ||
=Grant Required Permissions= | =Grant Required Permissions= | ||
Jenkins components need to access the OpenShift API, so the service account that will run the Jenkins pod ("") must be given appropriate permissions: | |||
oc policy add-role-to-user admin system:service account:<''project-name''>:default | |||
More details about Jenkins security considerations: | |||
{{Jenkins_and_OpenShift#Security_Considerations|Jenkins Security Considerations}} | |||
Revision as of 02:04, 22 November 2017
Internal
Overview
This is the procedure to install a CI/CD pipeline based on Jenkins. The CI/CD pipeline will execute in the project that need CI/CD services: the Jenkins pod will be created in the same project it triggers builds and deployments for.
The pipeline is created based on the OpenShift "jenkins-persistent" template, available in the "openshift" project:
oc get templates -n openshift | grep jenkins
NAME DESCRIPTION PARAMETERS OBJECTS ... jenkins-persistent Jenkins service, with persistent storage.... 8 (all set) 7
No special service account will be created for Jenkins, it will be configured to use the default service account "system:service account:<project-name>:default"
Grant Required Permissions
Jenkins components need to access the OpenShift API, so the service account that will run the Jenkins pod ("") must be given appropriate permissions:
oc policy add-role-to-user admin system:service account:<project-name>:default
More details about Jenkins security considerations: