OpenShift CI/CD Operations - Collocated Persistent Jenkins Set Up
Internal
Overview
This is the procedure to deploy a persistent Jenkins instance in the same project as the application that intends to use it.
Pre-Requisites
Create the project to host the Jenkins instance and the application instance:
oc new-project os3-jenkins-example
Provision a 2Gi persistent volume to be used by Jenkins.
Verify that the persistent Jenkins template is available.
oc get template/jenkins-persistent -n openshift
Deploy Persistent Jenkins
oc new-app -p VOLUME_CAPACITY=2Gi jenkins-persistent
By default, the template enables OAuth integration.
After the deployment completes, you should be left with a Jenkins pod that can be accessed with the public URL https://jenkins-os3-jenkins-example.apps.openshift.novaordis.io, using OpenShift credentials, since OAuth integration is supposed to be active.
The installation procedure should have created a "system:serviceaccount:os3-jenkins-example:jenkins" service account and given it the "edit" role. Jenkins will authenticate as "system:serviceaccount:os3-jenkins-example:jenkins" to the OpenShift master and will need these permissions to perform its functions. For more security details, see OpenShift CI/CD Security Considerations.
Various configuration adjustments can be performed after installation:
Post-Install Adjustments
Adjust Readiness Probe Timeout
oc set probe dc jenkins --readiness --initial-delay-seconds=500
The same effect can be achieved with
oc edit dc/jenkins
and changing spec/template/spec/containers/name=jenkins/livenessProbe/initialDelaySeconds
Adjust Memory
oc set resources dc/jenkins --limits=memory=3Gi
Verification
Access the UI at https://jenkins-lab7.apps.openshift.novaordis.io and log in with admin/password.
For causes not yet elucidated yet, the Jenkins pod had to be deleted upon the first deployment - and thus a redeployment be triggered - in order to become accessible.