OpenShift CI/CD Operations - Collocated Persistent Jenkins Set Up

From NovaOrdis Knowledge Base
Revision as of 18:45, 25 November 2017 by Ovidiu (talk | contribs) (→‎Overview)
Jump to navigation Jump to search

Internal

Overview

This is the procedure to install a CI/CD pipeline based on Jenkins. The CI/CD pipeline will execute in the project that requires CI/CD services: the Jenkins pod will be created in the same project it triggers builds and deployments for.

The pipeline is created based on the OpenShift "jenkins-persistent" template, available in the "openshift" project: 

 oc get templates -n openshift | grep jenkins

NAME                  DESCRIPTION                                    PARAMETERS       OBJECTS
...
jenkins-persistent    Jenkins service, with persistent storage....   8 (all set)      7

new-app procedure will create a special service account for Jenkins ("system:service account:<project-name>:jenkins") and it will give it the appropriate roles (/edit).

More details about Jenkins security considerations:

Jenkins Security Considerations

Provision a Persistent Volume

"jenkins-persistent" requires a persistent volume, which must be provisioned before the installation.

Persistent Volume Operations

Create Jenkins Components

https://github.com/openshift/origin/blob/master/examples/jenkins/README.md

Jenkins instance won't be integrated into the OAuth infrastructure, so authentication must be done independently (admin/password).

Make sure to specify a volume capacity in sync with the capacity of the persistent volume that was provisioned for Jenkins. 

oc new-app jenkins-persistent -p MEMORY_LIMIT=2Gi -p VOLUME_CAPACITY=2Gi -p ENABLE_OAUTH=false

Successful run output: 

--> Deploying template "openshift/jenkins-persistent" to project lab7

     Jenkins (Persistent)
     ---------
     Jenkins service, with persistent storage.

     NOTE: You must have persistent volumes available in your cluster to use this template.

     A Jenkins service has been created in your project.  Log into Jenkins with your OpenShift account.  The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.

     * With parameters:
        * Jenkins Service Name=jenkins
        * Jenkins JNLP Service Name=jenkins-jnlp
        * Enable OAuth in Jenkins=false
        * Jenkins JVM Architecture=i386
        * Memory Limit=1Gi
        * Volume Capacity=2Gi
        * Jenkins ImageStream Namespace=openshift
        * Jenkins ImageStreamTag=jenkins:latest

--> Creating resources ...
    route "jenkins" created
    persistentvolumeclaim "jenkins" created
    deploymentconfig "jenkins" created
    serviceaccount "jenkins" created
    rolebinding "jenkins_edit" created
    service "jenkins-jnlp" created
    service "jenkins" created
--> Success
    Run 'oc status' to view your app.

Post-Install Adjustments

Adjust Readiness Probe Timeout

 oc set probe dc jenkins --readiness --initial-delay-seconds=500

The same effect can be achieved with 

oc edit dc/jenkins

and changing spec/template/spec/containers/name=jenkins/livenessProbe/initialDelaySeconds

Adjust Memory

oc set resources dc/jenkins --limits=memory=3Gi

Verification

Access the UI at https://jenkins-lab7.apps.openshift.novaordis.io and log in with admin/password.

For causes not yet elucidated yet, the Jenkins pod had to be deleted upon the first deployment - and thus a redeployment be triggered - in order to become accessible.

Configure the Jenkins Pipeline

Configure the Jenkins Pipeline
Retrieved from "https://kb.novaordis.com/index.php?title=OpenShift_CI/CD_Operations_-_Collocated_Persistent_Jenkins_Set_Up&oldid=32473"