Before you install CloudBees CI on modern cloud platforms on OpenShift, you must do the following:
Ensure you are using a supported version of OpenShift.
Only production releases of OpenShift are supported. Beta releases are not supported.
NOTE: You must have network access to container images, such as a public Docker Hub or a private Docker Registry.
Configure a load balancer that points to the Router service.
A DNS record that points to the load balancer and TLS certificates (needed when you deploy CloudBees CI).
Create an OpenShift cluster that meets the cluster requirements
Set up an OpenShift project
Set up a CloudBees CI administrative workstation
Set up the Helm client
Set up the CloudBees Helm chart repository
Understand the security considerations for OpenShift
CloudBees CI runs on an OpenShift cluster, and the cluster must meet the following requirements:
A production release of OpenShift and OpenShift CLI and Helm. Beta or test releases of OpenShift and Helm are not supported.
Network access to container images (public Docker Hub or a private Docker Registry).
A project in the cluster, provided by your OpenShift admin, with permissions to create
Access to the DNS record that points to your installation.
TLS certificates, which are needed when you deploy CloudBees CI.
See the Red Hat OpenShift documentation for complete instructions on how to deploy an OpenShift cluster on your own infrastructure or create an OpenShift cluster via the OpenShift online service.
CloudBees recommends using an OpenShift project when you install CloudBees CI.
When combined with OpenShift RBAC security, an OpenShift administrator can use an OpenShift project to restrict who has access to a project and its data.
Create an OpenShift project, then set it as the current OpenShift project:
$ oc new-project cjoc $ oc project cjoc
To change projects on OpenShift use the |
The CloudBees CI administrative workstation is the computer used to install, update and maintain CloudBees CI.
In organizations where multiple people are performing CloudBees CI administration duties, it may be beneficial to use a bastion host instead of setting up a workstation for each CloudBees CI administrator.
This workstation may be either the CloudBees CI administrative workstation or a Kubernetes administrative workstation. It just needs to be a workstation on which you have full command privileges for the following utilities:
If you intend to use the Helm |
CloudBees hosts the Helm chart on CloudBees' public Helm Chart Repository. Before you can use the
CloudBees repository you must add it to your Helm environment with the
helm repo add command.
To add the CloudBees Public Helm Chart Repository to your Helm environment:
helm repo add cloudbees https://charts.cloudbees.com/public/cloudbees (1) helm repo update (2)
Always run |
OpenShift comes with some security constraints that make it slightly harder to work with when running Jenkins agents:
Containers must run as a non-root user and group.
Containers must not be privileged.