CI/CD Infrastructure Setup: Difference between revisions
| Line 9: | Line 9: | ||
=Overview= | =Overview= | ||
This | This article describes the procedure to install a CI/CD pipeline based on Jenkins and auxiliary tools ([[OpenShift Nexus|Nexus]], [[OpenShift Gogs|Gogs]],[[OpenShift SonarQube|SonarQube]]). | ||
The CI/CD pipeline will execute in a separate project from the projects that need CI/CD services, named "CICD". | |||
The deployment is based on https://github.com/OpenShiftDemos/openshift-cd-demo/blob/ocp-3.5/cicd-template.yaml (or newer). | The deployment is based on https://github.com/OpenShiftDemos/openshift-cd-demo/blob/ocp-3.5/cicd-template.yaml (or newer). | ||
Revision as of 04:45, 29 November 2017
External
Internal
Overview
This article describes the procedure to install a CI/CD pipeline based on Jenkins and auxiliary tools (Nexus, Gogs,SonarQube).
The CI/CD pipeline will execute in a separate project from the projects that need CI/CD services, named "CICD".
The deployment is based on https://github.com/OpenShiftDemos/openshift-cd-demo/blob/ocp-3.5/cicd-template.yaml (or newer).
A special special service account ("system:serviceaccount:CICD:jenkins") will be created for Jenkins.
Additional components (Gogs, Sonar, Nexus) will also be deployed.
Create Required Image Streams
Create Projects
Create the following projects:
1. A project for the CI/CD components, named "CICD":
oc new-project CICD --display-name="CI/CD pipeline with Jenkins"
2. A project to host development-stage containers and processes, named "dev":
oc new-project dev --display-name="Test Development Project"
3. A project to host publicly-accessible application produced by the CI/CD pipeline, named "stage":
oc new-project stage --display-name="Test Stage Project"
Grant Required Permissions
Jenkins components need to access the OpenShift API, so the service account that will run the Jenkins pod ("system:serviceaccount:CICD:jenkins") must be given appropriate permissions for the projects it must service:
Do we really need "admin" to "jenkins"?
oc policy add-role-to-user admin system:serviceaccount:CICD:jenkins
oc policy add-role-to-user edit system:serviceaccount:CICD:jenkins -n dev oc policy add-role-to-user edit system:serviceaccount:CICD:jenkins -n stage
More details about Jenkins security considerations:
Provision a Persistent Volume
The template requires a persistent volume, which must be provisioned before the installation.
Create Jenkins Components
oc project CICD oc process -f ./cicd-template.yaml --param DEV_PROJECT=dev --param STAGE_PROJECT=stage \ | oc create -f -
A template example for OpenShift 3.5 is available at https://github.com/OpenShiftDemos/openshift-cd-demo/blob/ocp-3.5/cicd-template.yaml. A version is also available here:
Post-Install Adjustments
Adjust Readiness Probe Timeout
oc set probe dc jenkins --readiness --initial-delay-seconds=500
Adjust Memory
oc project CICD oc set resources dc/jenkins --limits=memory=1Gi
Verification
- Jenkins should start and be available at https://jenkins-cicd.apps.openshift.novaordis.io/
- Gogs should start and be available at https://gogs-cicd.apps.openshift.novaordis.io/
- Nexus should start and be available at https://nexus-cicd.apps.openshift.novaordis.io/