Installing CloudBees CI on modern cloud platforms on TKGI

5 minute read

Be sure that you have set up all the prerequisites before you install. The supported Helm versions are listed in the Supported platforms page.

The following steps allow you to install CloudBees CI on modern cloud platforms with either HTTP or HTTPS support. By default, the CloudBees CI Helm chart uses HTTP. To use HTTPS, you must enable the TLS support and provide your TLS certificate before you install. If the certificate that you plan to use is near expiration, CloudBees recommends that you replace the certificate before you install CloudBees CI on modern cloud platforms. Refer to Replacing an expired certificate for details.

The CloudBees CI on modern cloud platforms installation requires an NGINX Ingress Controller. If you do not already have a controller installed, you can install one when you install CloudBees CI on modern cloud platforms.

Installing CloudBees CI on modern cloud platforms does the following:

  • Uses the default values specified by CloudBees.

  • Sets the OperationCenter.HostName field, if provided.

  • Installs the chart with the release name cloudbees-core.

  • Uses hostname cloudbees-core.example.com.

  • Uses the default storage class defined in the target cluster.

CloudBees CI on modern cloud platforms uses Docker containers to run a cluster of computers within the Kubernetes container management system. You can optionally Verify the CloudBees CI on modern cloud platforms Docker images to ensure their origin and authenticity.

Refer to one of the following procedures to install CloudBees CI on modern cloud platforms:

Installing an Ingress Controller

An Ingress Controller must be installed separately.

To install an NGINX Ingress Controller using Helm chart:

  1. Add the NGINX Ingress Helm chart repository.

    helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm repo update
  2. Run the following commands to install the Ingress Controller:

    helm install \ ingress-nginx \ ingress-nginx/ingress-nginx \ --namespace ingress-nginx \ --create-namespace
  3. Once the Ingress Controller is installed, configure a DNS entry to target the corresponding external IP or hostname.

For more information about Ingress Controllers, refer to the Kubernetes documentation.

For more information on installing NGINX Ingress Controller, refer to the NGINX Ingress Controller Installation Guide.

Installing CloudBees CI on modern cloud platforms with HTTP support

  1. Add the CloudBees Helm chart repository as follows:

    helm repo add cloudbees https://public-charts.artifacts.cloudbees.com/repository/public/ helm repo update
  2. Before initiating an installation, type the following commands to create a namespace:

    kubectl create namespace cloudbees-core kubectl config set-context $(kubectl config current-context) --namespace=cloudbees-core

    You can obtain the full list of values using helm show values cloudbees/cloudbees-core or from Artifact HUB.

  3. Type the following commands:

    Fields are case-sensitive: OperationsCenter.HostName is different than operationscenter.hostname.
    helm install cloudbees-core \ cloudbees/cloudbees-core \ (1) --namespace cloudbees-core \ (2) --set OperationsCenter.HostName='cloudbees-core.example.com' (3)
    1 In this example, the command is using the CloudBees Helm chart repository. If you downloaded the CloudBees CI Helm chart using helm fetch, replace cloudbees/cloudbees-core with the file name.
    2 Adding the --namespace argument instructs Helm to install everything in the cloudbees-core namespace. Otherwise, it uses the currently selected namespace. If you are already in your desired namespace, this argument is not needed. Remember the namespace must already exist.
    3 OperationsCenter.HostName field is optional. If it is omitted, CloudBees CI uses Ingresses using wildcard hostnames and can be accessed through any hostname.

After you have installed CloudBees CI on modern cloud platforms, you should verify that it is installed correctly.

Installing CloudBees CI on modern cloud platforms with HTTPS support

To install CloudBees CI on modern cloud platforms with HTTPS support:

  1. Add the CloudBees Helm chart repository as follows:

    helm repo add cloudbees https://public-charts.artifacts.cloudbees.com/repository/public/ helm repo update
  2. Before initiating an installation, type the following commands to create a namespace:

    kubectl create namespace cloudbees-core kubectl config set-context $(kubectl config current-context) --namespace=cloudbees-core

    You can obtain the full list of values using helm show values cloudbees/cloudbees-core or from Artifact HUB.

  3. Type the following commands to create a new Kubernetes certificate secret:

    Fields are case-sensitive: OperationsCenter.HostName is different than operationscenter.hostname.
    kubectl create secret tls cloudbees-core-example-com-tls \ (1) --key /etc/letsencrypt/live/example.com/privkey.pem \ (2) --cert /etc/letsencrypt/live/example.com/fullchain.pem \ (3) --namespace cloudbees-core (4)
    1 You are creating a new TLS secret with the name cloudbees-core-example-com-tls, which is the CloudBees CI Helm default TLS secret name. If you want to change this name, you need to also update OperationsCenter.Ingress.tls.SecretName with your secret name.
    2 Use your key file.
    3 Use your certificate. fullchain.pem should start with your certificate (-----BEGIN CERTIFICATE-----…​-----END CERTIFICATE-----), followed by any intermediate certificates. The order is important. Each intermediate certificate should be on its own line in the file, and also have the same header -----BEGIN CERTIFICATE-----…​-----END CERTIFICATE-----. Do not change the headers to try to comment which one is an intermediate certificate.
    4 The secret should be in the same namespace as the pod that will use it. You can ensure this by using the --namespace argument. CloudBees recommends working within the namespace.
  1. Type the following commands to set the OperationsCenter.Ingress.tls.Enable to true:

    helm install cloudbees-core \ cloudbees/cloudbees-core \ --namespace cloudbees-core \ (1) --set OperationsCenter.HostName='cloudbees-core.example.com' \ (2) --set OperationsCenter.Ingress.tls.Enable=true \ (3) --set OperationsCenter.Ingress.tls.SecretName='cloudbees-core-example-com-tls' (4)
    1 Adding the --namespace argument instructs Helm to install everything in the cloudbees-core namespace. Otherwise, it uses the currently selected namespace. If you are already in your desired namespace, this argument is not needed. Remember the namespace must already exist.
    2 OperationsCenter.HostName field is optional. To specify one, replace cloudbees-core.example.com domain name with your domain name.
    3 The property OperationsCenter.Ingress.tls.Enable=true enables CloudBees CI TLS support at Ingress level.
    4 You need to set OperationsCenter.Ingress.tls.SecretName with your secret name.

After you have installed CloudBees CI on modern cloud platforms, you should verify that it is installed correctly.

Verifying your CloudBees CI installation

The helm status command displays the status of the CloudBees CI release. This command is also executed after helm install and helm upgrade commands are executed.

The helm status command displays two areas of information:

  • Current CloudBees CI release

  • Installation notes

helm status cloudbees-core
NAME: cloudbees-core LAST DEPLOYED: Tue Apr 16 17:44:12 2019 NAMESPACE: cloudbees-core STATUS: DEPLOYED REVISION: 1 TEST SUITE: None NOTES: 1. Once operations center is up and running, get your initial admin user password by running: kubectl rollout status sts cjoc --namespace cloudbees-core kubectl exec cjoc-0 --namespace cloudbees-core -- cat /var/jenkins_home/secrets/initialAdminPassword 2. Visit https://cloudbees-core.example.com/cjoc/ 3. Sign in with the password from step 1.

Signing in to your CloudBees CI installation

Now that you’ve installed CloudBees CI and operations center, you’ll want to see your system in action.

  1. Type the following command to retrieve your administrative user password:

    kubectl exec cjoc-0 -- cat /var/jenkins_home/secrets/initialAdminPassword
  2. Open a browser to http://cloudbees-core.example.com/cjoc/.

  3. Sign in with the username admin and the password you retrieved.

For more information on running CloudBees CI on Kubernetes, refer to the CloudBees CI on modern cloud platforms administration guide.

Using self-signed certificates

If you need access to resources using a corporate self-signed Certificate Authority (CA), read this article.