IntroductionPre-installation requirementsInstallingVerifying Docker imagesUninstalling
IntroductionPre-installation requirementsInstallingVerifying Docker imagesUninstalling
IntroductionPre-installation requirementsInstallingVerifying Docker imagesUninstalling
IntroductionPre-installation requirementsInstallingVerifying Docker imagesUninstalling
IntroductionPre-installation requirementsInstallingVerifying Docker imagesUninstalling
IntroductionPre-installation requirementsInstallingVerifying Docker imagesUninstalling
IntroductionSystem requirementsVerifying Docker imagesInstalling operations centerInstalling client controllersInstalling build agentsVerifying build componentsVerifying WAR filesHigh availability
IntroductionPipeline termsPipeline project typesCloudBees Pipeline benefits
IntroductionUsing Pipeline development utilitiesDetermining plugin compatibilityPipeline best practices
IntroductionPrerequisitesCreating your first PipelineCreating Pipelines in SCMCreating Pipelines in Web UIUsing Pipeline as Code
IntroductionConfig Adv ScriptedConfig Build StageConfig Deploy StageConfig Optional Step ArgsConfig Test StageCreating JenkinsfileCustomizing ParametersHandling FailuresString InterpolationUsing Multiple AgentsWorking With The Env
IntroductionManaging artifactsTracing artifactsTriggering jobs with a simple webhookRestoring filesVisualizing PipelineInserting checkpointsSecuring PipelinesConfiguring Pipelines with user-scoped credentialsUsing Pipeline PoliciesSpecifying a matrix of one or more dimensionsConverting a Freestyle project to a Declarative Pipeline
IntroductionRestarting aborted buildsLong-running buildsSkip next buildConsolidated Build View pluginCloudBees Quiet Start pluginCloudBees Template pluginCloudBees Git Validated Merge plugin
IntroductionTrigger a job with a notification event using Cross Team CollaborationEnable external notification events with external HTTP endpointsCluster-wide copy artifactsCluster-wide job triggers
IntroductionSetting up a Pipeline Template CatalogDefining Pipeline Template CatalogsSetting Up A Pipeline TemplateUsing parameters in template.yamlManaging multibranch Pipeline options in template.yamlManaging Pipeline Template Catalogs in bulkExample full Maven/Java app Jenkinsfile
IntroductionUsing Declarative Pipeline syntaxUsing Scripted Pipeline syntax
IntroductionBranch SourceBitbucketGitBranch Property StrategyExamples
CloudBees Docker Build and Publish pluginCloudBees Docker TraceabilityDocker Pipeline pluginCloudBees Docker Hub/Registry Notification plugin
IntroductionGetting startedNavigating the operations centerProvisioning managed controllers in multiple Kubernetes clustersProvisioning agents in a separate Kubernetes cluster from a managed controllerProvisioning a controller in a different namespace than the operations centerProvisioning a controller in a different OpenShift project than the operations centerManaging controllersManaging controllers in specific Kubernetes namespacesManaging agentsShared agentsShared configurationShared cloud configurationTrigger restrictionsChanging NFS storage locationQuiet startMove/Copy/PromoteCluster operationsInbound agentsUsing KanikoSidecar injector for self-signed certificates on KubernetesSidecar injector for self-signed certificates on OpenShiftUsing auto-scaling nodes on EKSUsing auto-scaling nodes on GKECloudBees Amazon Web Services Deploy EngineAmazon Web Services CLI PluginCloud Foundry CLI PluginIntegrate OpenShift CLIServiceNow integrationCreating projects based on GitHub repository structureUsing GitHub App authenticationWikiText plugin
IntroductionGetting startedNavigating the Operations CenterManaging client controllersManaging agentsShared agentsShared configurationShared cloud configurationTrigger restrictionsQuiet startMove/Copy/PromoteCluster operationsJava web start agentsServiceNow integrationCreating projects based on GitHub repository structureUsing GitHub App authenticationUsing GitHub App authentication
IntroductionTrust modelCentrally managing security for controllersCyberark Credential Provider PluginEnabling advanced use cases: cross controller triggers and bulk operationsRestricting access and delegating administration with Role-Based Access ControlCreating secure folders with Role-Based Access Control Auto ConfigurerRestricting job triggersSetting up operations center access controlsSetting up access controls on connected controllersTesting the SSH connection to an agentConfiguring restricted credentials with the CloudBees Restricted Credentials pluginFoldersFolders PlusInjecting secrets into buildsManaging build agents with Nodes Plus pluginExtended security settingsEnhanced credentials maskingUnderstanding Beekeeper security warningsPreventing unauthorized interaction between buildsSecurity recommendationsUsing single sign-on (SSO)operations center specific permissionsAuthentication mappingExample configurationsDelegating administrationData collection for the CloudBees Analytics PluginExternal secrets managementReplacing an expired certificateList of URLs that need accessBlocking access to URL patterns using the CloudBees Request Filter PluginServing resources from JenkinsVerifying Helm Charts Published with a Signature
IntroductionConfiguring network requirementsCentrally managing security for controllersCyberark Credential Provider PluginEnabling advanced use cases: cross-controller triggers and bulk operationsRestricting access and delegating administration with Role-Based Access ControlCreating secure folders with Role-Based Access Control Auto ConfigurerRestricting job triggersTesting the SSH connection to an agentConfiguring restricted credentials with the CloudBees Restricted Credentials pluginFoldersFolders PlusInjecting secrets into buildsManaging build agents with Nodes Plus pluginUnderstanding Beekeeper security warningsPreventing unauthorized interaction between buildsSecurity recommendationsExtended security settingsUsing single sign-on (SSO)Operations Center specific permissionsAuthentication mappingExample configurationsDelegating administrationData collection for the CloudBees Analytics PluginExternal secrets managementList of URLs that need accessBlocking access to URL patterns using the CloudBees Request Filter PluginServing resources from Jenkins
IntroductionExplaining $JENKINS_HOMEBest practices for backup and restoreBacking up manuallyRestoring manuallyRestoring credentialsUsing the CloudBees Backup PluginScheduling your backups in the CloudBees Backup PluginRestoring from CloudBees Backup PluginBackup and restore on KubernetesBackup and restore on AWSUsing Velero for backup and restore of Kubernetes clustersUsing cluster operations to run backups
IntroductionGetting the CLI toolUsing the CLI toolExamples of usageConfiguring multiple client controllersConfiguring an alias for the Jenkins CLI toolConfiguring the Jenkins CLI tool to work with non-TrustStore SSL certificatesCasC bundle management on operations center
CloudBees Inactive Items Plugin
Jenkins Health Advisor by CloudBees
CloudBees Pull Request Builder for GitHub plugin
Counting and monitoring user licenses with the CloudBees User Activity Monitoring plugin

Validating Kubernetes requirements

2 minute read

This CloudBees CI requirements validation tool examines your CNCF cluster, mainly Kubernetes, to determine if it meets the known requirements for CloudBees CI. It can not guarantee that CloudBees CI will run successfully on an examined cluster, but it will point out known problems.

It extends Sonobuoy.

Downloading

Download the appropriate package for your operating system:

Unpack the file, and place it in your executable path.

Using

To use the CloudBees CI requirements validation tool, you must have:

  • kubectl installed

  • A valid context with overall access (cluster-admin preferred) to the Kubernetes cluster you want to verify

    1. To run the CloudBees CI requirements validation tool, using the following command, replacing your.example.com with the domain name for your CloudBees CI installation:

      shell% cloudbees check kubernetes --host-name your.example.com

    2. To view other available commands:

      shell% cloudbees check kubernetes --help`

Example

An example of a successful run:

+

# cloudbees check kubernetes --host-name your.example.com
[OK] Kubernetes Client version is higher or equal to 1.10 - v1.11.5
[OK] Kubernetes client can be created
[OK] Kubernetes server is accessible
[OK] Kubernetes Server version is higher or equal to 1.10 - v1.11.5
[OK] Client and server have same major version - 1
[OK] Client and server have less than 1 minor version difference
[OK] Ingress service exists - nginx-ingress/nginx-ingress-controller
[OK] Ingress has an external address - good.address.amazonaws.com
[OK] Ingress deployment exists - nginx-ingress/nginx-ingress-controller (image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.17.1)
[OK] Host name resolves to ingress external address
[OK] Can access the ingress controller using http
[OK] Can access the ingress controller using https
[OK] Has a default storage class - gp2
[OK] Storage provisioner is supported - gp2
--------------------------
Summary: 14 run, 14 passed

Troubleshooting

DNS misconfigured

A misconfigured DNS that doesn’t point to the external address of the ingress:

[KO] Host name resolves to ingress external address - Unable to resolve bad.example.com (lookup bad.example.com on 10.0.0.1:53: no such host)

Solution: Correct DNS entry to have hostname route to the external address of the ingress controller.

Missing NGINX ingress service

If the NGINX ingress service is not deployed, an error message similar to the following is shown:

[KO] Ingress service exists

Solution: install the NGINX Ingress service using Helm or install the NGINX Ingress service using the Kubernetes Installer.

Certificate problems

Problems with TLS certificates that are preventing HTTPS access:

[KO] Can access the ingress controller using https - Accessing https://id.zone.elb.amazonaws.com/ won't work : Get https://id.zone.elb.amazonaws.com/: x509: certificate is valid for ingress.local, not id.zone.elb.amazonaws.com

or

[KO] Can access the ingress controller using https - Accessing https://10.0.0.10/ won't work : Get https://10.0.0.10/: x509: cannot validate certificate for 10.0.0.10 because it doesn't contain any IP SANs

Solution: Correct TLS Certificates to support HTTPS at Ingress or at load balancer.

Storage problems

Problem: Unsupported storage type.

[KO] Storage provisioner is supported - Change the default storage to one of these: [ssd]. Or specify supported storage class upon installation.

Solution: Change default storage provisioner for the cluster to a supported type.

Problem: User doesn’t have permission to view storage settings.

[KO] Has a default storage class - A storage class name has to be provided in configuration or dynamic provisioning won't work. failed to load StorageClasses storageclasses.storage.k8s.io is forbidden: User "user" cannot list storageclasses.storage.k8s.io at the cluster scope

Solution: Fix user permissions or change contexts to allow user to examine the storage defaults.

Introduction