CI/CD Infrastructure Setup: Difference between revisions
Line 50: | Line 50: | ||
{{Internal|OpenShift_PersistentVolume_Operations#Overview|Persistent Volume Operations}} | {{Internal|OpenShift_PersistentVolume_Operations#Overview|Persistent Volume Operations}} | ||
= | ==Create the Jenkins Components== | ||
{{External|https://github.com/openshift/origin/blob/master/examples/jenkins/README.md}} | {{External|https://github.com/openshift/origin/blob/master/examples/jenkins/README.md}} |
Revision as of 02:39, 22 November 2017
Internal
Overview
This is the procedure to install a CI/CD pipeline based on Jenkins. The CI/CD pipeline will execute in a separate project from the projects that need CI/CD services, named "CICD".
The deployment is based on https://github.com/OpenShiftDemos/openshift-cd-demo/blob/ocp-3.5/cicd-template.yaml (or newer).
A special special service account ("system:serviceaccount:CICD:jenkins") will be created for Jenkins.
Create Required Image Streams
Create Projects
Create the following projects:
1. A project for the CI/CD components, named "CICD":
oc new-project CICD --display-name="CI/CD pipeline with Jenkins"
2. A project to host development-stage containers and processes, named "dev":
oc new-project dev --display-name="Test Development Project"
3. A project to host publicly-accessible application produced by the CI/CD pipeline, named "stage":
oc new-project stage --display-name="Test Stage Project"
Grant Required Permissions
Jenkins components need to access the OpenShift API, so the service account that will run the Jenkins pod ("system:serviceaccount:CICD:jenkins") must be given appropriate permissions for the projects it must service:
oc policy add-role-to-user admin system:serviceaccount:CICD:jenkins
oc policy add-role-to-user edit system:serviceaccount:CICD:jenkins -n dev oc policy add-role-to-user edit system:serviceaccount:CICD:jenkins -n stage
More details about Jenkins security considerations:
Provision a Persistent Volume
"jenkins-persistent" requires a persistent volume, which must be provisioned before the installation.
Create the Jenkins Components
Jenkins instance won't be integrated into the OAuth infrastructure, so authentication must be done independently (admin/password).
Make sure to specify a volume capacity in sync with the capacity of the persistent volume that was provisioned for Jenkins.
oc new-app jenkins-persistent -p MEMORY_LIMIT=2Gi -p VOLUME_CAPACITY=2Gi -p ENABLE_OAUTH=false
Successful run output:
--> Deploying template "openshift/jenkins-persistent" to project lab-nodejs Jenkins (Persistent) --------- Jenkins service, with persistent storage. NOTE: You must have persistent volumes available in your cluster to use this template. A Jenkins service has been created in your project. Log into Jenkins with your OpenShift account. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template. * With parameters: * Jenkins Service Name=jenkins * Jenkins JNLP Service Name=jenkins-jnlp * Enable OAuth in Jenkins=false * Jenkins JVM Architecture=i386 * Memory Limit=2Gi * Volume Capacity=2Gi * Jenkins ImageStream Namespace=openshift * Jenkins ImageStreamTag=jenkins:latest --> Creating resources ... route "jenkins" created persistentvolumeclaim "jenkins" created deploymentconfig "jenkins" created serviceaccount "jenkins" created rolebinding "jenkins_edit" created service "jenkins-jnlp" created service "jenkins" created --> Success Run 'oc status' to view your app.
Post-Install Adjustments
Adjust Readiness Probe Timeout
oc set probe dc jenkins --readiness --initial-delay-seconds=500