Cloud Native 6 min read

OpenShift Jenkins Integration: Network Permissions, Persistent Storage, RBAC, and Pipeline Configuration

This guide details how to configure OpenShift network access for Jenkins, set up persistent volumes and claims, define RBAC roles, label nodes for scheduling, and create Jenkins credentials and a Kubernetes‑based pipeline for CI/CD.

DevOps Cloud Academy

Aug 22, 2019

OpenShift Jenkins Integration: Network Permissions, Persistent Storage, RBAC, and Pipeline Configuration

OpenShift network can connect to Jenkins port 8080, and Jenkins can access the container PaaS platform.

OpenShift Configuration

1. Persistent Data

Configuration file: /etc/exports.d/openshift-ansible.exports

# Add entries:
"/mnt/exports/jenkins" *(rw,root_squash)    # Jenkins workspace
"/mnt/exports/m2repo" *(rw,root_squash)     # Maven Cache

mkdir -p /mnt/exports/jenkins
mkdir -p /mnt/exports/m2repo
chmod 777 -R /mnt/exports/m2repo/
chmod 777 -R /mnt/exports/jenkins/
exportfs -a   # Apply configuration

2. Create Project

3. Create PersistentVolume (PV)

Run:

oc create -f jenkins-pv.yml

apiVersion: v1
kind: PersistentVolume
metadata:
  labels:
    pv: jenkins
  name: jenkins-volume
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 50Gi
  claimRef:
    apiVersion: v1
    kind: PersistentVolumeClaim
    name: jenkins
    namespace: jenkins
  nfs:
    path: /mnt/exports/jenkins
    server: 192.168.0.20
  persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolume
metadata:
  labels:
    pv: m2repo
  name: m2repo-volume
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 50Gi
  claimRef:
    apiVersion: v1
    kind: PersistentVolumeClaim
    name: m2repo
    namespace: jenkins
  nfs:
    path: /mnt/exports/m2repo
    server: 192.168.0.20
  persistentVolumeReclaimPolicy: Retain

4. Create PersistentVolumeClaim (PVC)

Run:

oc create -f jenkins-pvc.yml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: jenkins
  namespace: jenkins
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 50Gi
  volumeName: jenkins-volume
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: m2repo
  namespace: jenkins
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 50Gi
  volumeName: m2repo-volume

5. Create RBAC

apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins
  namespace: jenkins
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: jenkins
  name: jenkins
rules:
  - apiGroups: [""]
    resources: ["pods", "configmaps","namespaces"]
    verbs: ["get","watch","list","create","update","delete","patch"]
  - apiGroups: [""]
    resources: ["pods/exec"]
    verbs: ["get","watch","list","create","update","delete","patch"]
  - apiGroups: [""]
    resources: ["pods/log"]
    verbs: ["get","watch","list"]
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: jenkins-rb
  namespace: jenkins
subjects:
- kind: ServiceAccount
  name: jenkins
  namespace: jenkins
roleRef:
  kind: Role
  name: jenkins
  apiGroups: rbac.authorization.k8s.io

6. Create Scheduling Label

oc label node node01.abcd.com build-infra=true

Jenkins Configuration

1. Create Credentials

In OpenShift, go to the Jenkins project → Resources → Secrets → jenkins-token, reveal the hidden data, copy the token and store it in Jenkins.

2. Configure Kubernetes Plugin

3. Create Test Project (Pipeline)

// Pipeline
pipeline{
    agent{
        kubernetes{
            label "${runserver}"
            cloud 'openshift-prod'
            yaml '''
apiVersion: v1
kind: Pod
metadata:
  labels:
    jenkins: slave
  namespace: jenkins
spec:
  containers:
    - name: jnlp
      env:
        - name: JAVA_HOME
          value: /usr/local/jdk1.8.0_121
        - name: M3_HOME
          value: /usr/local/apache-maven-3.5.0
        - name: ANT_HOME
          value: /usr/local/apache-ant-1.9.9
        - name: CLASS_PATH
          value: /usr/local/jdk1.8.0_121/jre/lib/rt.jar:/usr/local/jdk1.8.0_121/jre/lib/dt.jar:/usr/local/jdk1.8.0_121/jre/lib/tools.jar
        - name: PATH
          value: /usr/local/jdk1.8.0_121/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/apache-maven-3.5.0/bin:/usr/local/apache-ant-1.9.9/bin:
      image: xxxxxxxx/jenkins/slave:v2
      imagePullPolicy: IfNotPresent
      resources:
        limits:
          cpu: '8'
          memory: 16Gi
        requests:
          cpu: '4'
          memory: 8Gi
      tty: true
      volumeMounts:
        - mountPath: /u02/jenkins
          name: volume-1
        - mountPath: /etc/data/m2repository
          name: volume-2
        - mountPath: /home/jenkins
          name: workspace-volume
      workingDir: /home/jenkins
  nodeSelector:
    build-infra: 'true'
    node-role.kubernetes.io/compute: 'true'
  volumes:
    - name: volume-2
      persistentVolumeClaim:
        claimName: m2repo
    - name: volume-1
      persistentVolumeClaim:
        claimName: jenkins
    - emptyDir: {}
      name: workspace-volume
'''            
        }
    }
}

CI/CD Kubernetes RBAC Jenkins PersistentVolume OpenShift

Written by

DevOps Cloud Academy

Exploring industry DevOps practices and technical expertise.

0 followers

Reader feedback

How this landed with the community

Rate this article

Was this worth your time?

Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.