Get Started w/ the Jenkins Operator v0.4.0 on Openshift 4

6 min readApr 27, 2020

Mostly accurate representation of what a Jenkins Pipeline looks like in everyone’s mind. — Photo by JJ Ying on Unsplash

Jenkins in the past has been provided as a first class Build option alongside Dockerfile build and s2i build in Openshift. Currently, Jenkins is well integrated in the Openshift ecosystem and with the movement of everything towards Operators, it is only natural that Jenkins make the move as well.

We will go through the current Jenkins Operator specification and how you can migrate from your earlier workflow for Jenkins on Openshift to the Jenkins Operator with minimal changes to your current infrastructure.

What is the Jenkins Operator ?

The Jenkins Operator is a Kubernetes Operator which aims to carry out Day 2 operational tasks with minimal or no intervention allowing for automation of operational tasks which can be repetetive at times. Operations like SeedJobs creation and Backup management are aimed at being automated in this case.

The Jenkins Operator has initially been developed by VirtusLab and is now being adopted by us folks working at Red Hat on Openshift. With it’s strong backing from the community as well as it being a part of the JenkinsCI organization on Github, there lies a lot of potential to make this the defacto Jenkins Operator for people who cannot move to other CI/CD systems.

Your Traditional Jenkins Workflow on Openshift

If you already have Jenkins running in your Openshift Cluster, this is what your workflow might resemble from deploying to kickstarting a Jenkins Job.

Deploy Jenkins via an Openshift Template
Create a Jenkins Job from a BuildConfig
Create Builds as instances of Runs for the Jenkins Job

As we move forward we will carry out the same with a Jenkins instance deployed via a Jenkins Operator and also look at how to install the Operator itself.

Deploying the Operator via Operator Lifecycle Manager

Installation

Go to Operators sub-menu in the burger menu and select OperatorHub and search for Jenkins Operator.

Select Jenkins Operator and press theInstall button and in the next page for the Subscription, click on the Subscribe button for the Operator.

Wait for the Operator to get installed and show up under your Installed Operators

Installed Operators in the current namespace

Create Jenkins

To create a Jenkins instance, click on the Jenkins Operator as shown above and you would be presented with the menu below and then press on the + Create Instance in the Jenkins resource shown below, Provided APIs.

You would be presented with the following option to make changes to the example. You can configure the size of the Jenkins as well as make other changes to the Instance via the YAML config. Press on Create once you are happy with the settings. Do remove the securityContext under the spec to avoid any problems regarding the same. We are working on getting this removed from example.

If everything goes well, a Jenkins Instance would be created and be shown here.

Let’s login and check from the terminal.

$ oc login -u kubeadmin -p password
$ oc get pods -n jenkins-operator-test
NAME                                READY   STATUS    RESTARTS   AGE
jenkins-example                     1/1     Running   0          6m18s
jenkins-operator-5d7bf9c657-8g96b   1/1     Running   0          16m

Configuring additional necessary resources

Considering that the Jenkins instance is up and running let’s set it up to work with the right configuration necessary to run with Openshift.

Add ClusterRole edit to the ServiceAccount used by the Jenkins instance created by the Operator.

$ oc adm policy add-cluster-role-to-user edit -z jenkins-operator-example -n jenkins-operator-test

Expose the Service pointing to the Jenkins instance to be used as a Route so we can access the Jenkins instance from outside the Cluster Network.

Get the service which points to the Jenkins instance

$ oc get svc | grep jenkins-operator-httpjenkins-operator-http-example    ClusterIP   172.30.54.123    <none>        8080/TCP            11m

Expose the Http Service pointing to the Jenkins instance via a Route

$ oc expose svc jenkins-operator-http-example

Update the Route to use TLS Edge Temination and set the HA Proxy timout

# TLS Edge Termination
$  oc patch route jenkins-operator-http-example -p '{"spec":{"tls":{"insecureEdgeTerminationPolicy":"Redirect","termination":"edge"}}}'# HA Proxy Timeout
$  oc annotate route jenkins-operator-http-example "haproxy.router.openshift.io/timeout"="4m"

Configure Jenkins instance ServiceAccount to be used for the Redirection.

$ oc annotate sa jenkins-operator-example "serviceaccounts.openshift.io/oauth-redirectreference.jenkins"="{\"kind\":\"OAuthRedirectReference\",\"apiVersion\":\"v1\",\"reference\":{\"kind\":\"Route\",\"name\":\"jenkins-operator-http-example\"}}"

With the above you should be able to have a Jenkins working that will comply with Openshift Builds with which the jobs can be triggered as well.

Triggering Jenkins Jobs using the Openshift Builds

Simple example to create a BuildConfig with a Jenkinsfile Strategy would be to have a git repo with a Jenkinsfile at the root of the repo as it is given here

$ oc new-app https://github.com/waveywaves/nodejs-ex --context-dir openshift/pipelines

Upon doing the above, a BuildConfig would be created based on the Jenkinsfile strategy.

List of BuildConfigs in the namespace as seen in the Openshift Console

List of Builds in the namespace as seen in the Openshift Console

Above we can see the BuildConfig nodejs-ex has been created by the oc new-app command given above and the Build nodejs-ex-1 has also succeeded which is an instance of the same. This Build is responsible for deploying a NodeJS application including the creation of the BuildConfig, Deployment, Services and Route of the same which are prefixed with nodejs-example in their names.

Let’s check the Build from Jenkins itself and see what exactly happened. We have the Route from before from when we exposed the Service which we are going to use to access the the Jenkins.

$ oc get route | grep jenkins-operator-http

After going to the Route and logging in via our Openshift Credentials, we should be able to see the Jenkins User Interface. Click on the folder with the name of the Namespace.

Folder with all Jobs in the particular namespace

You should now be able to see the Jenkins Job that resembles the <namespace>/<build-config> name pattern pointing to our BuildConfig.

Once you click on the same you can see the Build and the different stages it has gone through. Click on the Build and then click on the Console Output option given in the left column of the screen.

After doing that you can see the output of your Job Run and in times of failure you can check here, if the Build succeeded or not.

Conclusion

As of now the Operator provides basic functionality and few extra features like creation of SeedJobs and Backing Up Jenkins instances etc. But wouldn’t be considered production ready for Openshift.

The current state of support for the Operator in Openshift is Developer Preview only and is not completely supported yet. A lot of the features and improvements are still Work In Progress. We will keep updating the progress on this and let the world know the story of the Jenkins Operator ;)