Revision as of 02:42, 22 November 2017

Internal

OpenShift CI/CD Operations

Overview

This is the procedure to install a CI/CD pipeline based on Jenkins. The CI/CD pipeline will execute in a separate project from the projects that need CI/CD services, named "CICD".

The deployment is based on https://github.com/OpenShiftDemos/openshift-cd-demo/blob/ocp-3.5/cicd-template.yaml (or newer).

A special special service account ("system:serviceaccount:CICD:jenkins") will be created for Jenkins.

Create Required Image Streams

Create an Image Stream

Create Projects

Create the following projects:

1. A project for the CI/CD components, named "CICD":

oc new-project CICD --display-name="CI/CD pipeline with Jenkins"

2. A project to host development-stage containers and processes, named "dev":

oc new-project dev --display-name="Test Development Project"

3. A project to host publicly-accessible application produced by the CI/CD pipeline, named "stage":

oc new-project stage --display-name="Test Stage Project"

Grant Required Permissions

Jenkins components need to access the OpenShift API, so the service account that will run the Jenkins pod ("system:serviceaccount:CICD:jenkins") must be given appropriate permissions for the projects it must service:

oc policy add-role-to-user admin system:serviceaccount:CICD:jenkins

oc policy add-role-to-user edit system:serviceaccount:CICD:jenkins -n dev
oc policy add-role-to-user edit system:serviceaccount:CICD:jenkins -n stage

More details about Jenkins security considerations:

Jenkins Security Considerations

Provision a Persistent Volume

The template requires a persistent volume, which must be provisioned before the installation.

Persistent Volume Operations

Create Jenkins Components

oc project CICD

oc process -f ./cicd-template.yaml --param DEV_PROJECT=dev --param STAGE_PROJECT=stage \
| oc create -f -

A template example for OpenShift 3.5 is available at https://github.com/OpenShiftDemos/openshift-cd-demo/blob/ocp-3.5/cicd-template.yaml. A version is also available here: OpenShift CICD Template Example.

Note that "jenkins-persistent" and "jenkins-ephemeral" are available templates in the "openshift" project, they probably can be also used:

oc get templates -n openshift | grep jenkins

Configure Jenkins

oc project cicd
oc set resources dc/jenkins --limits=memory=1Gi

Post-Install Adjustments

Adjust Readiness Probe Timeout

 oc set probe dc jenkins --readiness --initial-delay-seconds=500

Configure the Jenkins Pipeline

Configure the Jenkins Pipeline

@@ Line 52: / Line 52: @@
 =Create Jenkins Components=
-{{External|https://github.com/openshift/origin/blob/master/examples/jenkins/README.md}}
+ oc project CICD
+ [[Oc process|oc process]] -f ./cicd-template.yaml --param DEV_PROJECT=dev --param STAGE_PROJECT=stage \
+ | oc create -f -
-Jenkins instance won't be integrated into the OAuth infrastructure, so authentication must be done independently (admin/password).
+A template example for OpenShift 3.5 is available at https://github.com/OpenShiftDemos/openshift-cd-demo/blob/ocp-3.5/cicd-template.yaml. A version is also available here: [[OpenShift CICD Template Example]].
-Make sure to specify a volume capacity in sync with the capacity of the persistent volume that was provisioned for Jenkins.
+Note that "jenkins-persistent" and "jenkins-ephemeral" are available templates in the "openshift" project, they probably can be also used:
-  oc new-app jenkins-persistent -p MEMORY_LIMIT=2Gi -p VOLUME_CAPACITY=2Gi -p ENABLE_OAUTH=false
+  oc get templates -n openshift | grep jenkins
-Successful run output:
+==Configure Jenkins==
-<pre>
+ oc project cicd
---> Deploying template "openshift/jenkins-persistent" to project lab-nodejs
+  [[Oc_set#resources|oc set resources]] dc/jenkins --limits=memory=1Gi
-     Jenkins (Persistent)
-     ---------
-     Jenkins service, with persistent storage.
-     NOTE: You must have persistent volumes available in your cluster to use this template.
-     A Jenkins service has been created in your project.  Log into Jenkins with your OpenShift account.  The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.
-     * With parameters:
-        * Jenkins Service Name=jenkins
-        * Jenkins JNLP Service Name=jenkins-jnlp
-        * Enable OAuth in Jenkins=false
-        * Jenkins JVM Architecture=i386
-        * Memory Limit=2Gi
-        * Volume Capacity=2Gi
-        * Jenkins ImageStream Namespace=openshift
-        * Jenkins ImageStreamTag=jenkins:latest
---> Creating resources ...
-    route "jenkins" created
-    persistentvolumeclaim "jenkins" created
-    deploymentconfig "jenkins" created
-    serviceaccount "jenkins" created
-    rolebinding "jenkins_edit" created
-    service "jenkins-jnlp" created
-    service "jenkins" created
---> Success
-    Run 'oc status' to view your app.
-</pre>
 =Post-Install Adjustments=

CI/CD Infrastructure Setup: Difference between revisions

Revision as of 02:42, 22 November 2017

Contents

Internal

Overview

Create Required Image Streams

Create Projects

Grant Required Permissions

Provision a Persistent Volume

Create Jenkins Components

Configure Jenkins

Post-Install Adjustments

Adjust Readiness Probe Timeout

Configure the Jenkins Pipeline

Navigation menu

CI/CD Infrastructure Setup: Difference between revisions

Revision as of 02:42, 22 November 2017

Internal

Overview

Create Required Image Streams

Create Projects

Grant Required Permissions

Provision a Persistent Volume

Create Jenkins Components

Configure Jenkins

Post-Install Adjustments

Adjust Readiness Probe Timeout

Configure the Jenkins Pipeline

Navigation menu

Search