This post explains two of the ways to create an OpenShift project—inside the Jenkinsfile and using a template.
While working on a demo, I came across a use case where I need to create an OpenShift project via a Jenkinsfile. So, I started exploring various ways to create a project. This post explains two of the ways—one inside the Jenkinsfile and other using a template.
If you are new to the OpenShift world, a project is a Kubernetes namespace with additional annotations.
The easiest way to create a project is by using the oc
command:
oc new-project <NAME_OF_THE_PROJECT>
Creating an OpenShift project in a Jenkinsfile
Jenkinsfiles are written in Groovy Domain Specific Language (DSL) syntax. The Jenkins Pipeline execution engine supports two DSL syntaxes: Declarative and Scripted. A part of the declarative pipeline syntax looks as shown below:
stage('preamble') {
steps {
script {
openshift.withCluster() {
sh 'oc new-project development'
sh 'oc new-project testing'
sh 'oc new-project production'
openshift.withProject() {
echo "Using project: ${openshift.project()}"
}
}
}
}
}
As you can see, the sh' '
line in the syntax above is an indication that shell commands can be executed inside the Jenkinsfile. You can also execute a shell script file.
Refer to this link to see a sample Jenkinsfile with declarative syntax.
Before using the above syntax, the Jenkins service account needs to have self-provisioner permission:
oc adm policy add-cluster-role-to-user self-provisioner -z jenkins
This is the simple and straightforward. The other way to create a project is using a template, which I’ll detail in the following section.
Creating an OpenShift project using templates
A template describes a set of objects that can be parameterized and processed to produce a list of objects for creation by the OpenShift Container Platform. A template can be processed to create anything you have permission to create within a project, such as services, build configurations, and deployment configurations. A template can also define a set of labels to apply to every object defined in the template.
The OpenShift cluster comes with built-in templates. To check all of them, run the following command:
oc get templates -n openshift
Let’s start by creating a bootstrap template file:
oc adm create-bootstrap-project-template -o yaml > template.yaml
The generated template.yaml
should look like this:
apiVersion: template.openshift.io/v1
kind: Template
metadata:
creationTimestamp: null
name: project-request
objects:
- apiVersion: project.openshift.io/v1
kind: Project
metadata:
annotations:
openshift.io/description: ${PROJECT_DESCRIPTION}
openshift.io/display-name: ${PROJECT_DISPLAYNAME}
openshift.io/requester: ${PROJECT_REQUESTING_USER}
creationTimestamp: null
name: ${PROJECT_NAME}
spec: {}
status: {}
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations:
openshift.io/description: Allows all pods in this namespace to pull images from
this namespace. It is auto-managed by a controller; remove subjects to disable.
creationTimestamp: null
name: system:image-pullers
namespace: ${PROJECT_NAME}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:image-puller
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:serviceaccounts:${PROJECT_NAME}
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations:
openshift.io/description: Allows builds in this namespace to push images to
this namespace. It is auto-managed by a controller; remove subjects to disable.
creationTimestamp: null
name: system:image-builders
namespace: ${PROJECT_NAME}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:image-builder
subjects:
- kind: ServiceAccount
name: builder
namespace: ${PROJECT_NAME}
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations:
openshift.io/description: Allows deploymentconfigs in this namespace to rollout
pods in this namespace. It is auto-managed by a controller; remove subjects
to disable.
creationTimestamp: null
name: system:deployers
namespace: ${PROJECT_NAME}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:deployer
subjects:
- kind: ServiceAccount
name: deployer
namespace: ${PROJECT_NAME}
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
creationTimestamp: null
name: admin
namespace: ${PROJECT_NAME}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: ${PROJECT_ADMIN_USER}
parameters:
- name: PROJECT_NAME
- name: PROJECT_DISPLAYNAME
- name: PROJECT_DESCRIPTION
- name: PROJECT_ADMIN_USER
- name: PROJECT_REQUESTING_USER
f you observe closely, there are few parameters that needs to be passed, and you can do that with the following command. This command created a project called dev
:
oc process -f template.yaml -p PROJECT_NAME=dev -p PROJECT_DESCRIPTION=development -p PROJECT_DISPLAYNAME=dev -p PROJECT_REQUESTING_USER=vidya | oc create -f -
Now, when you run the below command you should see a new project dev
in the list of projects:
See the solution tutorial to learn more
Experience all of this by creating a Red Hat OpenShift cluster on IBM Cloud by following the step-by-step instructions mentioned in this solution tutorial: “Scalable web application on OpenShift.”