Cloud
Open source
October 25, 2019 By Vidyasagar Machupalli 3 min read

This post explains two of the ways to create an OpenShift project—inside the Jenkinsfile and using a template.

While working on a demo, I came across a use case where I need to create an OpenShift project via a Jenkinsfile. So, I started exploring various ways to create a project. This post explains two of the ways—one inside the Jenkinsfile and other using a template. 

If you are new to the OpenShift world, a project is a Kubernetes namespace with additional annotations.   

The easiest way to create a project is by using the oc command:

oc new-project <NAME_OF_THE_PROJECT>

Creating an OpenShift project in a Jenkinsfile

Jenkinsfiles are written in Groovy Domain Specific Language (DSL) syntax. The Jenkins Pipeline execution engine supports two DSL syntaxes: Declarative and Scripted. A part of the declarative pipeline syntax looks as shown below:

       stage('preamble') {
   steps {
     script {
       openshift.withCluster() {
         sh 'oc new-project development'
         sh 'oc new-project testing'
         sh 'oc new-project production'
         openshift.withProject() {
           echo "Using project: ${openshift.project()}"
         }
       }
     }
   }
 }

As you can see, the sh' ' line in the syntax above is an indication that shell commands can be executed inside the Jenkinsfile. You can also execute a shell script file.

Refer to this link to see a sample Jenkinsfile with declarative syntax.

Before using the above syntax, the Jenkins service account needs to have self-provisioner permission:

oc adm policy add-cluster-role-to-user self-provisioner -z jenkins

This is the simple and straightforward. The other way to create a project is using a template, which I’ll detail in the following section.

Creating an OpenShift project using templates

A template describes a set of objects that can be parameterized and processed to produce a list of objects for creation by the OpenShift Container Platform. A template can be processed to create anything you have permission to create within a project, such as services, build configurations, and deployment configurations. A template can also define a set of labels to apply to every object defined in the template.

The OpenShift cluster comes with built-in templates. To check all of them, run the following command:

oc get templates -n openshift

Let’s start by creating a bootstrap template file: 

oc adm create-bootstrap-project-template -o yaml > template.yaml

The generated template.yaml should look like this:

apiVersion: template.openshift.io/v1
kind: Template
metadata:
  creationTimestamp: null
  name: project-request
objects:
- apiVersion: project.openshift.io/v1
  kind: Project
  metadata:
    annotations:
      openshift.io/description: ${PROJECT_DESCRIPTION}
      openshift.io/display-name: ${PROJECT_DISPLAYNAME}
      openshift.io/requester: ${PROJECT_REQUESTING_USER}
    creationTimestamp: null
    name: ${PROJECT_NAME}
  spec: {}
  status: {}
- apiVersion: rbac.authorization.k8s.io/v1
  kind: RoleBinding
  metadata:
    annotations:
      openshift.io/description: Allows all pods in this namespace to pull images from
        this namespace.  It is auto-managed by a controller; remove subjects to disable.
    creationTimestamp: null
    name: system:image-pullers
    namespace: ${PROJECT_NAME}
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: system:image-puller
  subjects:
  - apiGroup: rbac.authorization.k8s.io
    kind: Group
    name: system:serviceaccounts:${PROJECT_NAME}
- apiVersion: rbac.authorization.k8s.io/v1
  kind: RoleBinding
  metadata:
    annotations:
      openshift.io/description: Allows builds in this namespace to push images to
        this namespace.  It is auto-managed by a controller; remove subjects to disable.
    creationTimestamp: null
    name: system:image-builders
    namespace: ${PROJECT_NAME}
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: system:image-builder
  subjects:
  - kind: ServiceAccount
    name: builder
    namespace: ${PROJECT_NAME}
- apiVersion: rbac.authorization.k8s.io/v1
  kind: RoleBinding
  metadata:
    annotations:
      openshift.io/description: Allows deploymentconfigs in this namespace to rollout
        pods in this namespace.  It is auto-managed by a controller; remove subjects
        to disable.
    creationTimestamp: null
    name: system:deployers
    namespace: ${PROJECT_NAME}
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: system:deployer
  subjects:
  - kind: ServiceAccount
    name: deployer
    namespace: ${PROJECT_NAME}
- apiVersion: rbac.authorization.k8s.io/v1
  kind: RoleBinding
  metadata:
    creationTimestamp: null
    name: admin
    namespace: ${PROJECT_NAME}
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: admin
  subjects:
  - apiGroup: rbac.authorization.k8s.io
    kind: User
    name: ${PROJECT_ADMIN_USER}
parameters:
- name: PROJECT_NAME
- name: PROJECT_DISPLAYNAME
- name: PROJECT_DESCRIPTION
- name: PROJECT_ADMIN_USER
- name: PROJECT_REQUESTING_USER

f you observe closely, there are few parameters that needs to be passed, and you can do that with the following command. This command created a project called dev:

oc process -f template.yaml -p PROJECT_NAME=dev -p PROJECT_DESCRIPTION=development -p PROJECT_DISPLAYNAME=dev -p PROJECT_REQUESTING_USER=vidya | oc create -f -

Now, when you run the below command you should see a new project dev in the list of projects:

oc projects

See the solution tutorial to learn more

Experience all of this by creating a Red Hat OpenShift cluster on IBM Cloud by following the step-by-step instructions mentioned in this solution tutorial: “Scalable web application on OpenShift.”

Was this article helpful?
YesNo
Vidyasagar Machupalli
Sr. Solutions Architect & Cloud Deployment Leader

More from Cloud
May 23, 2024

Attention new clients: exciting financial incentives for VMware Cloud Foundation on IBM Cloud

4 min read - New client specials: Get up to 50% off when you commit to a 1- or 3-year term contract on new VCF-as-a-Service offerings, plus an additional value of up to USD 200K in credits through 30 June 2025 when you migrate your VMware workloads to IBM Cloud®.1 Low starting prices: On-demand VCF-as-a-Service deployments begin under USD 200 per month.2 The IBM Cloud benefit: See the potential for a 201%3 return on investment (ROI) over 3 years with reduced downtime, cost and…

May 9, 2024

24 IBM offerings winning TrustRadius 2024 Top Rated Awards

2 min read - TrustRadius is a buyer intelligence platform for business technology. Comprehensive product information, in-depth customer insights and peer conversations enable buyers to make confident decisions. “Earning a Top Rated Award means the vendor has excellent customer satisfaction and proven credibility. It’s based entirely on reviews and customer sentiment,” said Becky Susko, TrustRadius, Marketing Program Manager of Awards. Top Rated Awards have to be earned: Gain 10+ new reviews in the past 12 months Earn a trScore of 7.5 or higher from…

April 8, 2024

IBM Tech Now: April 8, 2024

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 96 On this episode, we're covering the following topics: IBM Cloud Logs A collaboration with IBM watsonx.ai and Anaconda IBM offerings in the G2 Spring Reports Stay plugged in You can check out the…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters