We'll need a domain which we'll use to set Ingress' hostname and through which we'll be able to open Jenkins UI. We'll continue using nip.io service to generate domains. Just as before, remember that this is only a temporary solution and that you should use "real" domains with the IP of your external load balancer instead.
1 JENKINS_ADDR="jenkins.$LB_IP.nip.io"
2 3 echo $JENKINS_ADDR
The output of the latter command should provide a visual confirmation that the address we'll use for Jenkins looks OK. In my case, it is jenkins.52.15.140.221.nip.io.
Helm will try to install Jenkins Chart with the process in a container running as user 0. By default, that is not allowed in OpenShift. We'll skip discussing the best approach to correct the issue, and I'll assume you already know how to set the permissions on the per-Pod basis. Instead, we'll do the most straightforward fix. Please execute the command that follows to allow the creation of restricted Pods to run as any user.
oc patch scc restricted -p '{"runAsUser":{"type": "RunAsAny"}}'
We'll start exploring the steps we'll need to run Jenkins in a Kubernetes cluster by executing the same helm install command we used in the previous chapters. It won't provide everything we need, but it will be a good start. We'll improve the process throughout the rest of the chapter with the objective of having a fully automated Jenkins installation process. We might not be able to accomplish our goal 100%. Or, we might conclude that full automation is not worth the trouble. Nevertheless, we'll use the installation from the Chapter 4, Packaging Kubernetes Applications as the base and see how far we can go in our quest for full automation.
1 helm install stable/jenkins 2 --name jenkins 3 --namespace jenkins 4 --values helm/jenkins-values.yml 5 --set master.hostName=$JENKINS_ADDR
Next, we'll confirm that Jenkins is rolled out.
1 kubectl -n jenkins 2 rollout status deployment jenkins
The latter command will wait until jenkins deployment rolls out. Its output is as follows.
Waiting for rollout to finish: 0 of 1 updated replicas are available... deployment "jenkins" successfully rolled out
OpenShift requires Routes to make services accessible outside the cluster. To make things more complicated, they are not part of "standard Kubernetes" so we'll need to create one using oc. Please execute the command that follows.
oc -n jenkins create route edge --service jenkins --insecure-policy Allow --hostname $JENKINS_ADDR
Now that Jenkins is up-and-running, we can open it in your favorite browser.
1 open "http://$JENKINS_ADDR"
Git Bash might not be able to use the open command. If that's the case, please replace the open command with echo. As a result, you'll get the full address that should be opened directly in your browser of choice.
Since this is the first time we're accessing this Jenkins instance, we'll need to login first. Just as before, the password is stored in the Secret jenkins, under jenkins-admin-password. So, we'll query the secret to find out the password.
1 JENKINS_PASS=$(kubectl -n jenkins
2 get secret jenkins
3 -o jsonpath="{.data.jenkins-admin-password}"
4 | base64 --decode; echo)
5
6 echo $JENKINS_PASS
The output of the latter command should be a random string. As an example, I got Ucg2tab4FK. Please copy it, return to the Jenkins login screen opened in your browser, and use it to authenticate. We did not retrieve the username since it is hard-coded to admin.
We'll leave this admin user as-is since we won't explore authentication methods. When running Jenkins "for real", you should install a plugin that provides the desired authentication mechanism and configure Jenkins to use it instead. That could be LDAP, Google or GitHub authentication, and many other providers. For now, we'll continue using admin as the only god-like user.
Now that we got Jenkins up-and-running, we'll create a pipeline which can be used to test our setup.