OpenShift CI/CD Operations - Collocated Persistent Jenkins Set Up: Difference between revisions
Line 19: | Line 19: | ||
=Grant Required Permissions= | =Grant Required Permissions= | ||
Jenkins components need to access the OpenShift API, so the service account that will run the Jenkins pod ("") must be given appropriate permissions: | Jenkins components need to access the OpenShift API, so the service account that will run the Jenkins pod ("system:service account:<''project-name''>:default") must be given appropriate permissions: | ||
oc policy add-role-to-user admin system:service account:<''project-name''>:default | oc policy add-role-to-user admin system:service account:<''project-name''>:default |
Revision as of 02:06, 22 November 2017
Internal
Overview
This is the procedure to install a CI/CD pipeline based on Jenkins. The CI/CD pipeline will execute in the project that need CI/CD services: the Jenkins pod will be created in the same project it triggers builds and deployments for.
The pipeline is created based on the OpenShift "jenkins-persistent" template, available in the "openshift" project:
oc get templates -n openshift | grep jenkins
NAME DESCRIPTION PARAMETERS OBJECTS ... jenkins-persistent Jenkins service, with persistent storage.... 8 (all set) 7
No special service account will be created for Jenkins, it will be configured to use the default service account "system:service account:<project-name>:default"
Grant Required Permissions
Jenkins components need to access the OpenShift API, so the service account that will run the Jenkins pod ("system:service account:<project-name>:default") must be given appropriate permissions:
oc policy add-role-to-user admin system:service account:<project-name>:default
More details about Jenkins security considerations:
Provision a Persistent Volume
"jenkins-persistent" requires a persistent volume, which must be provisioned before the installation.