OpenShift CI/CD Operations - Collocated Persistent Jenkins Set Up: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 28: Line 28:


The installation procedure should have created a "system:serviceaccount:os3-jenkins-example:jenkins" service account and given it the "edit" role. Jenkins will authenticate as "system:serviceaccount:os3-jenkins-example:jenkins" to the OpenShift master and will need these permissions to perform its functions. For more security details, see [[OpenShift_CI/CD_Concepts#Security_Considerations|OpenShift CI/CD Security Considerations]].
The installation procedure should have created a "system:serviceaccount:os3-jenkins-example:jenkins" service account and given it the "edit" role. Jenkins will authenticate as "system:serviceaccount:os3-jenkins-example:jenkins" to the OpenShift master and will need these permissions to perform its functions. For more security details, see [[OpenShift_CI/CD_Concepts#Security_Considerations|OpenShift CI/CD Security Considerations]].
=Create Jenkins Components=
{{External|https://github.com/openshift/origin/blob/master/examples/jenkins/README.md}}
Jenkins instance won't be integrated into the OAuth infrastructure, so authentication must be done independently (admin/password).
Make sure to specify a volume capacity in sync with the capacity of the persistent volume that was provisioned for Jenkins.
oc new-app jenkins-persistent -p MEMORY_LIMIT=2Gi -p VOLUME_CAPACITY=2Gi -p ENABLE_OAUTH=false
Successful run output:
<pre>
--> Deploying template "openshift/jenkins-persistent" to project lab7
    Jenkins (Persistent)
    ---------
    Jenkins service, with persistent storage.
    NOTE: You must have persistent volumes available in your cluster to use this template.
    A Jenkins service has been created in your project.  Log into Jenkins with your OpenShift account.  The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.
    * With parameters:
        * Jenkins Service Name=jenkins
        * Jenkins JNLP Service Name=jenkins-jnlp
        * Enable OAuth in Jenkins=false
        * Jenkins JVM Architecture=i386
        * Memory Limit=1Gi
        * Volume Capacity=2Gi
        * Jenkins ImageStream Namespace=openshift
        * Jenkins ImageStreamTag=jenkins:latest
--> Creating resources ...
    route "jenkins" created
    persistentvolumeclaim "jenkins" created
    deploymentconfig "jenkins" created
    serviceaccount "jenkins" created
    rolebinding "jenkins_edit" created
    service "jenkins-jnlp" created
    service "jenkins" created
--> Success
    Run 'oc status' to view your app.
</pre>


=Post-Install Adjustments=
=Post-Install Adjustments=

Revision as of 21:28, 28 November 2017

Internal

Overview

This is the procedure to deploy a persistent Jenkins instance in the same project as the application that intends to use it.

Pre-Requisites

Create the project to host the Jenkins instance and the application instance: 

oc new-project os3-jenkins-example

Provision a 2Gi persistent volume to be used by Jenkins.

Verify that the persistent Jenkins template is available. 

 oc get template/jenkins-persistent -n openshift

Deploy Persistent Jenkins

oc new-app -p VOLUME_CAPACITY=2Gi jenkins-persistent

By default, the template enables OAuth integration.

After the deployment completes, you should be left with a Jenkins pod that can be accessed with the public URL https://jenkins-os3-jenkins-example.apps.openshift.novaordis.io, using OpenShift credentials, since OAuth integration is supposed to be active.

The installation procedure should have created a "system:serviceaccount:os3-jenkins-example:jenkins" service account and given it the "edit" role. Jenkins will authenticate as "system:serviceaccount:os3-jenkins-example:jenkins" to the OpenShift master and will need these permissions to perform its functions. For more security details, see OpenShift CI/CD Security Considerations.

Post-Install Adjustments

Adjust Readiness Probe Timeout

 oc set probe dc jenkins --readiness --initial-delay-seconds=500

The same effect can be achieved with 

oc edit dc/jenkins

and changing spec/template/spec/containers/name=jenkins/livenessProbe/initialDelaySeconds

Adjust Memory

oc set resources dc/jenkins --limits=memory=3Gi

Verification

Access the UI at https://jenkins-lab7.apps.openshift.novaordis.io and log in with admin/password.

For causes not yet elucidated yet, the Jenkins pod had to be deleted upon the first deployment - and thus a redeployment be triggered - in order to become accessible.

Configure the Jenkins Pipeline

Configure the Jenkins Pipeline
Retrieved from "https://kb.novaordis.com/index.php?title=OpenShift_CI/CD_Operations_-_Collocated_Persistent_Jenkins_Set_Up&oldid=33001"