OpenShift CI/CD Operations - Collocated Persistent Jenkins Set Up
Internal
Overview
This is the procedure to install a CI/CD pipeline based on Jenkins. The CI/CD pipeline will execute in the project that need CI/CD services: the Jenkins pod will be created in the same project it triggers builds and deployments for.
The pipeline is created based on the OpenShift "jenkins-persistent" template, available in the "openshift" project:
oc get templates -n openshift | grep jenkins
NAME DESCRIPTION PARAMETERS OBJECTS ... jenkins-persistent Jenkins service, with persistent storage.... 8 (all set) 7
No special service account will be created for Jenkins, it will be configured to use the default service account "system:service account:<project-name>:default"
Grant Required Permissions
Jenkins components need to access the OpenShift API, so the service account that will run the Jenkins pod ("system:service account:<project-name>:default") must be given appropriate permissions:
oc policy add-role-to-user admin system:service account:<project-name>:default
More details about Jenkins security considerations:
Provision a Persistent Volume
"jenkins-persistent" requires a persistent volume, which must be provisioned before the installation.
Deploy Jenkins
Jenkins instance won't be integrated into the OAuth infrastructure, so authentication must be done independently (admin/password).
Make sure to specify a volume capacity in sync with the capacity of the persistent volume that was provisioned for Jenkins.
oc new-app jenkins-persistent -p MEMORY_LIMIT=2Gi -p VOLUME_CAPACITY=2Gi -p ENABLE_OAUTH=false
Successful run output:
Post-Install Adjustments
OpenShift Pipeline
New Item -> "hello-nodejs-pipeline" -> Pipeline -> OK
Pipeline -> Definition -> Pipeline script:
node {
stage ("Build") {
echo '*** Build Starting ***'
openshiftBuild apiURL: 'https://openshift.default.svc.cluster.local', authToken: '', bldCfg: 'hello-nodejs', buildName: '', checkForTriggeredDeployments: 'false', commitID: '', namespace: '', showBuildLogs: 'false', verbose: 'false', waitTime: ''
openshiftVerifyBuild apiURL: 'https://openshift.default.svc.cluster.local', authToken: '', bldCfg: 'hello-nodejs', checkForTriggeredDeployments: 'false', namespace: '', verbose: 'false'
echo '*** Build Complete ***'
}
stage ("Deploy") {
echo '*** Deployment Starting ***'
openshiftDeploy apiURL: 'https://openshift.default.svc.cluster.local', authToken: '', depCfg: 'hello-nodejs', namespace: '', verbose: 'false', waitTime: ''
openshiftVerifyDeployment apiURL: 'https://openshift.default.svc.cluster.local', authToken: '', depCfg: 'hello-nodejs', namespace: '', replicaCount: '1', verbose: 'false', verifyReplicaCount: 'false', waitTime: ''
echo '*** Deployment Complete ***'
}
stage ("Verify") {
echo '*** Service Verification Starting ***'
openshiftVerifyService apiURL: 'https://openshift.default.svc.cluster.local', authToken: '', namespace: '', svcName: 'hello-nodejs', verbose: 'false'
echo '*** Service Verification Complete ***'
}
}
Adjust Readiness Probe Timeout
oc set probe dc jenkins --readiness --initial-delay-seconds=500