CI/CD Infrastructure Setup: Difference between revisions
| Line 19: | Line 19: | ||
--description="Shared CI/CD tools to provide release pipeline services for other projects" | --description="Shared CI/CD tools to provide release pipeline services for other projects" | ||
[[OpenShift_PersistentVolume_Operations#Create_a_NFS_Persistent_Volume|Provision]] | [[OpenShift_PersistentVolume_Operations#Create_a_NFS_Persistent_Volume|Provision]] 4Gi persistent volumes to be used by Jenkins, Nexus, Gogs config, Gogs data, Gogs Postgres, Sonar and Sonar Postrgres. | ||
Verify that the persistent Jenkins template is available. | Verify that the persistent Jenkins template is available. | ||
Revision as of 05:52, 29 November 2017
External
Internal
Overview
This article describes the procedure to install a CI/CD pipeline based on Jenkins and auxiliary tools (Nexus, Gogs, SonarQube). It is based on "CI/CD Demo - OpenShift Container Platform 3.6" https://github.com/OpenShiftDemos/openshift-cd-demo. The Jenkins instance will be a shared instance, deployed within its own dedicated "cicd" project to server any other project that may need CI/CD services.
Pre-Requisites
Create the "cicd" project to host the Jenkins instance and auxiliaries.
oc new-project cicd \ --display-name="CI/CD" \ --description="Shared CI/CD tools to provide release pipeline services for other projects"
Provision 4Gi persistent volumes to be used by Jenkins, Nexus, Gogs config, Gogs data, Gogs Postgres, Sonar and Sonar Postrgres.
Verify that the persistent Jenkins template is available.
oc get template/jenkins-persistent -n openshift
REFACTOR BELOW
A special special service account ("system:serviceaccount:CICD:jenkins") will be created for Jenkins.
Additional components (Gogs, Sonar, Nexus) will also be deployed.
Create Required Image Streams
Create Projects
Create the following projects:
1. A project for the CI/CD components, named "CICD":
oc new-project CICD --display-name="CI/CD pipeline with Jenkins"
2. A project to host development-stage containers and processes, named "dev":
oc new-project dev --display-name="Test Development Project"
3. A project to host publicly-accessible application produced by the CI/CD pipeline, named "stage":
oc new-project stage --display-name="Test Stage Project"
Grant Required Permissions
Jenkins components need to access the OpenShift API, so the service account that will run the Jenkins pod ("system:serviceaccount:CICD:jenkins") must be given appropriate permissions for the projects it must service:
Do we really need "admin" to "jenkins"?
oc policy add-role-to-user admin system:serviceaccount:CICD:jenkins
oc policy add-role-to-user edit system:serviceaccount:CICD:jenkins -n dev oc policy add-role-to-user edit system:serviceaccount:CICD:jenkins -n stage
More details about Jenkins security considerations:
Provision a Persistent Volume
The template requires a persistent volume, which must be provisioned before the installation.
Create Jenkins Components
oc project CICD oc process -f ./cicd-template.yaml --param DEV_PROJECT=dev --param STAGE_PROJECT=stage \ | oc create -f -
A template example for OpenShift 3.5 is available at https://github.com/OpenShiftDemos/openshift-cd-demo/blob/ocp-3.5/cicd-template.yaml. A version is also available here:
Post-Install Adjustments
Adjust Readiness Probe Timeout
oc set probe dc jenkins --readiness --initial-delay-seconds=500
Adjust Memory
oc project CICD oc set resources dc/jenkins --limits=memory=1Gi
Verification
- Jenkins should start and be available at https://jenkins-cicd.apps.openshift.novaordis.io/
- Gogs should start and be available at https://gogs-cicd.apps.openshift.novaordis.io/
- Nexus should start and be available at https://nexus-cicd.apps.openshift.novaordis.io/