OpenShift CI/CD Operations: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 67: Line 67:
  oc policy add-role-to-user admin system:serviceaccount:lab-nodejs:default
  oc policy add-role-to-user admin system:serviceaccount:lab-nodejs:default


<span id="new-app-jenkins-persistent"></span>
  oc new-app jenkins-persistent -p MEMORY_LIMIT=2Gi -p VOLUME_CAPACITY=2Gi -p ENABLE_OAUTH=false
  oc new-app jenkins-persistent -p MEMORY_LIMIT=2Gi -p VOLUME_CAPACITY=2Gi -p ENABLE_OAUTH=false



Revision as of 00:08, 22 November 2017

Internal

Overview

Set Up a Jenkins CI/CD Pipeline

Create Required Image Streams

Create an Image Stream

Create Required Projects

Create the following projects:

1. A project for the CI/CD components, named "cicd":

oc new-project cicd --display-name="CI/CD pipeline with Jenkins"

2. A project to host development-stage containers and processes, named "dev":

oc new-project dev --display-name="Tasks - Dev"

3. A project to host publicly-accessible application produced by the CI/CD pipeline, named "stage":

oc new-project stage --display-name="Tasks - Stage"

Grant Jenkins Needed Privileges for the Projects that Require CI/CD Services

For reasons behind these actions, see:

Jenkins and OpenShift - Security Considerations
oc policy add-role-to-user edit system:serviceaccount:cicd:jenkins -n dev
oc policy add-role-to-user edit system:serviceaccount:cicd:jenkins -n stage

Create the CI/CD Components

oc project cicd

oc process -f ./cicd-template.yaml --param DEV_PROJECT=dev --param STAGE_PROJECT=stage \
| oc create -f - 

A template example for OpenShift 3.5 is available at https://github.com/OpenShiftDemos/openshift-cd-demo/blob/ocp-3.5/cicd-template.yaml. A version is also available here: OpenShift CICD Template Example.

Note that "jenkins-persistent" and "jenkins-ephemeral" are available templates in the "openshift" project, they probably can be also used:

oc get templates -n openshift | grep jenkins

Configure Jenkins

oc project cicd
oc set resources dc/jenkins --limits=memory=1Gi

Checkpoint

Set Up a Jenkins CI/CD Pipeline based on jerkins-persistent Template

TO PROCESS and INTEGRATE

This procedure sets up Jenkins infrastructure in a target project, and Jenkins runs as "system:serviceaccount:<project-name>:default"

oc policy add-role-to-user admin system:serviceaccount:lab-nodejs:default

oc new-app jenkins-persistent -p MEMORY_LIMIT=2Gi -p VOLUME_CAPACITY=2Gi -p ENABLE_OAUTH=false
--> Deploying template "openshift/jenkins-persistent" to project lab-nodejs

     Jenkins (Persistent)
     ---------
     Jenkins service, with persistent storage.

     NOTE: You must have persistent volumes available in your cluster to use this template.

     A Jenkins service has been created in your project.  Log into Jenkins with your OpenShift account.  The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.

     * With parameters:
        * Jenkins Service Name=jenkins
        * Jenkins JNLP Service Name=jenkins-jnlp
        * Enable OAuth in Jenkins=false
        * Jenkins JVM Architecture=i386
        * Memory Limit=2Gi
        * Volume Capacity=2Gi
        * Jenkins ImageStream Namespace=openshift
        * Jenkins ImageStreamTag=jenkins:latest

--> Creating resources ...
    route "jenkins" created
    persistentvolumeclaim "jenkins" created
    deploymentconfig "jenkins" created
    serviceaccount "jenkins" created
    rolebinding "jenkins_edit" created
    service "jenkins-jnlp" created
    service "jenkins" created
--> Success
    Run 'oc status' to view your app.

Adjust Readiness Probe Timeout

 oc set probe dc jenkins --readiness --initial-delay-seconds=500


OpenShift Pipeline

New Item -> "hello-nodejs-pipeline" -> Pipeline -> OK

Pipeline -> Definition -> Pipeline script:

node {
  stage ("Build") {
    echo '*** Build Starting ***'
    openshiftBuild apiURL: 'https://openshift.default.svc.cluster.local', authToken: '', bldCfg: 'hello-nodejs', buildName: '', checkForTriggeredDeployments: 'false', commitID: '', namespace: '', showBuildLogs: 'false', verbose: 'false', waitTime: ''
    openshiftVerifyBuild apiURL: 'https://openshift.default.svc.cluster.local', authToken: '', bldCfg: 'hello-nodejs', checkForTriggeredDeployments: 'false', namespace: '', verbose: 'false'
    echo '*** Build Complete ***'
  }
  stage ("Deploy") {
    echo '*** Deployment Starting ***'
    openshiftDeploy apiURL: 'https://openshift.default.svc.cluster.local', authToken: '', depCfg: 'hello-nodejs', namespace: '', verbose: 'false', waitTime: ''
    openshiftVerifyDeployment apiURL: 'https://openshift.default.svc.cluster.local', authToken: '', depCfg: 'hello-nodejs', namespace: '', replicaCount: '1', verbose: 'false', verifyReplicaCount: 'false', waitTime: ''
    echo '*** Deployment Complete ***'
  }
  stage ("Verify") {
    echo '*** Service Verification Starting ***'
    openshiftVerifyService apiURL: 'https://openshift.default.svc.cluster.local', authToken: '', namespace: '', svcName: 'hello-nodejs', verbose: 'false'
    echo '*** Service Verification Complete ***'
  }
}