Installing CloudBees CI on modern cloud platforms on TKGI

5 minute read

Be sure that you have set up all the prerequisites before you install. The supported Helm versions are listed in the Supported platforms page.

The following steps allow you to install CloudBees CI on modern cloud platforms with either HTTP or HTTPS support. By default, the CloudBees CI Helm chart uses HTTP. To use HTTPS, you must enable the TLS support and provide your TLS certificate before you install. If the certificate that you plan to use is near expiration, CloudBees recommends that you replace the certificate before you install CloudBees CI on modern cloud platforms. See Replacing an expired certificate for details.

The CloudBees CI on modern cloud platforms installation requires an NGINX Ingress Controller. If you do not already have a controller installed, you can install one when you install CloudBees CI on modern cloud platforms.

Installing CloudBees CI on modern cloud platforms does the following:

  • Uses the default values specified by CloudBees.

  • Sets the OperationCenter.HostName field, if provided.

  • Installs the chart with the release name cloudbees-core.

  • Uses hostname cloudbees-core.example.com.

  • Uses the default storage class defined in the target cluster.

Refer to one of the following procedures to install CloudBees CI on modern cloud platforms:

Installing CloudBees CI on modern cloud platforms with HTTP support

  1. Add the CloudBees Helm chart repository as follows:

    helm repo add cloudbees https://charts.cloudbees.com/public/cloudbees
    helm repo update
  2. Before initiating an installation, type the following commands to create a namespace:

    kubectl create namespace cloudbees-core
    kubectl config set-context $(kubectl config current-context) --namespace=cloudbees-core

    You can obtain the full list of values using helm show values cloudbees/cloudbees-core or from Artifact HUB.

  3. Type the following commands:

    Fields are case-sensitive: OperationsCenter.HostName is different than operationcenter.hostname.
    helm install cloudbees-core \
                   cloudbees/cloudbees-core \ (1)
                   --namespace cloudbees-core \ (2)
                   --set OperationsCenter.HostName='cloudbees-core.example.com' (3)
                   --set ingress-nginx.Enabled=true (4)
    1In this example, the command is using the CloudBees Helm chart repository. If you downloaded the CloudBees CI Helm chart from the CloudBees download site, replace cloudbees/cloudbees-core with the file name.
    2Adding the --namespace argument instructs Helm to install everything in the cloudbees-core namespace. Otherwise, it uses the currently selected namespace. If you are already in your desired namespace, this argument is not needed. Remember the namespace must already exist.
    3OperationsCenter.HostName field is optional. If it is omitted, CloudBees CI uses Ingresses using wildcard hostnames and can be accessed through any hostname.
    4Setting ingress-nginx.Enabled to true causes the CloudBees CI Helm chart to also install an NGINX Ingress Controller using the NGINX Ingress Helm chart. This field is optional. You should only use it if you do not already have the NGINX Controller installed. Once the ingress controller is installed, you will need to configure a DNS entry to target the corresponding external IP or hostname.

After you have installed CloudBees CI on modern cloud platforms, you should verify that it is installed correctly.

Installing CloudBees CI on modern cloud platforms with HTTPS support

To install CloudBees CI on modern cloud platforms with HTTPS support:

  1. Add the CloudBees Helm chart repository as follows:

    helm repo add cloudbees https://charts.cloudbees.com/public/cloudbees
    helm repo update
  2. Before initiating an installation, type the following commands to create a namespace:

    kubectl create namespace cloudbees-core
    kubectl config set-context $(kubectl config current-context) --namespace=cloudbees-core

    You can obtain the full list of values using helm show values cloudbees/cloudbees-core or from Artifact HUB.

  3. Type the following commands to create a new Kubernetes certificate secret:

    Fields are case-sensitive: OperationsCenter.HostName is different than operationcenter.hostname.
    kubectl create secret tls cloudbees-core-example-com-tls \ (1)
            --key /etc/letsencrypt/live/example.com/privkey.pem \ (2)
            --cert /etc/letsencrypt/live/example.com/fullchain.pem \ (3)
            --namespace cloudbees-core (4)
    1You are creating a new TLS secret with the name cloudbees-core-example-com-tls, which is the CloudBees CI Helm default TLS secret name. If you want to change this name, you need to also update OperationsCenter.Ingress.tls.SecretName with your secret name.
    2Use your key file.
    3Use your certificate. fullchain.pem should start with your certificate (-----BEGIN CERTIFICATE-----…​-----END CERTIFICATE-----), followed by any intermediate certificates. The order is important. Each intermediate certificate should be on its own line in the file, and also have the same header -----BEGIN CERTIFICATE-----…​-----END CERTIFICATE-----. Do not change the headers to try to comment which one is an intermediate certificate.
    4The secret should be in the same namespace as the pod that will use it. You can ensure this by using the --namespace argument. CloudBees recommends working within the namespace.
  1. Type the following commands to set the OperationsCenter.Ingress.tls.Enable to true:

    helm install cloudbees-core \
                 cloudbees/cloudbees-core \
                 --namespace cloudbees-core \ (1)
                 --set OperationsCenter.HostName='cloudbees-core.example.com' \ (2)
                 --set OperationsCenter.Ingress.tls.Enable=true \ (3)
                 --set OperationsCenter.Ingress.tls.SecretName='cloudbees-core-example-com-tls' (4)
                 --set ingress-nginx.Enabled=true (5)
    1Adding the --namespace argument instructs Helm to install everything in the cloudbees-core namespace. Otherwise, it uses the currently selected namespace. If you are already in your desired namespace, this argument is not needed. Remember the namespace must already exist.
    2OperationsCenter.HostName field is optional. To specify one, replace cloudbees-core.example.com domain name with your domain name.
    3The property OperationsCenter.Ingress.tls.Enable=true enables CloudBees CI TLS support at Ingress level.
    4You need to set OperationsCenter.Ingress.tls.SecretName with your secret name.
    5Setting ingress-nginx.Enabled to true causes the CloudBees CI Helm chart to also install an NGINX Ingress Controller using the NGINX Ingress Helm chart. This field is optional. You should only use it if you do not already have the NGINX Controller installed. Once the ingress controller is installed, you will need to configure a DNS entry to target the corresponding external IP or hostname.

After you have installed CloudBees CI on modern cloud platforms, you should verify that it is installed correctly.

Verifying your CloudBees CI installation

The helm status command displays the status of the CloudBees CI release. This command is also executed after helm install and helm upgrade commands are executed.

The helm status command displays two areas of information:

  • Current CloudBees CI release

  • Installation notes

helm status cloudbees-core
NAME:   cloudbees-core
LAST DEPLOYED: Tue Apr 16 17:44:12 2019
NAMESPACE: cloudbees-core
STATUS: DEPLOYED
REVISION: 1
TEST SUITE: None
NOTES:
1. Once operations center is up and running, get your initial admin user password by running:
  kubectl rollout status sts cjoc --namespace cloudbees-core
  kubectl exec cjoc-0 --namespace cloudbees-core -- cat /var/jenkins_home/secrets/initialAdminPassword
2. Visit https://cloudbees-core.example.com/cjoc/

3. Sign in with the password from step 1.

Signing in to your CloudBees CI installation

Now that you’ve installed CloudBees CI and operations center, you’ll want to see your system in action.

  1. Type the following command to retrieve your administrative user password:

    kubectl exec cjoc-0 -- cat /var/jenkins_home/secrets/initialAdminPassword
  2. Open a browser to http://cloudbees-core.example.com/cjoc/.

  3. Sign in with the username admin and the password you retrieved.

For more information on running CloudBees CI on Kubernetes, see the CloudBees CI on modern cloud platforms administration guide.

Using self-signed certificates

If you need access to resources using a corporate self-signed Certificate Authority (CA), read this article.