October 25, 2019 By Vidyasagar Machupalli 3 min read

This post explains two of the ways to create an OpenShift project—inside the Jenkinsfile and using a template.

While working on a demo, I came across a use case where I need to create an OpenShift project via a Jenkinsfile. So, I started exploring various ways to create a project. This post explains two of the ways—one inside the Jenkinsfile and other using a template. 

If you are new to the OpenShift world, a project is a Kubernetes namespace with additional annotations.   

The easiest way to create a project is by using the oc command:

oc new-project <NAME_OF_THE_PROJECT>

Creating an OpenShift project in a Jenkinsfile

Jenkinsfiles are written in Groovy Domain Specific Language (DSL) syntax. The Jenkins Pipeline execution engine supports two DSL syntaxes: Declarative and Scripted. A part of the declarative pipeline syntax looks as shown below:

       stage('preamble') {
   steps {
     script {
       openshift.withCluster() {
         sh 'oc new-project development'
         sh 'oc new-project testing'
         sh 'oc new-project production'
         openshift.withProject() {
           echo "Using project: ${openshift.project()}"
         }
       }
     }
   }
 }

As you can see, the sh' ' line in the syntax above is an indication that shell commands can be executed inside the Jenkinsfile. You can also execute a shell script file.

Refer to this link to see a sample Jenkinsfile with declarative syntax.

Before using the above syntax, the Jenkins service account needs to have self-provisioner permission:

oc adm policy add-cluster-role-to-user self-provisioner -z jenkins

This is the simple and straightforward. The other way to create a project is using a template, which I’ll detail in the following section.

Creating an OpenShift project using templates

A template describes a set of objects that can be parameterized and processed to produce a list of objects for creation by the OpenShift Container Platform. A template can be processed to create anything you have permission to create within a project, such as services, build configurations, and deployment configurations. A template can also define a set of labels to apply to every object defined in the template.

The OpenShift cluster comes with built-in templates. To check all of them, run the following command:

oc get templates -n openshift

Let’s start by creating a bootstrap template file: 

oc adm create-bootstrap-project-template -o yaml > template.yaml

The generated template.yaml should look like this:

apiVersion: template.openshift.io/v1
kind: Template
metadata:
  creationTimestamp: null
  name: project-request
objects:
- apiVersion: project.openshift.io/v1
  kind: Project
  metadata:
    annotations:
      openshift.io/description: ${PROJECT_DESCRIPTION}
      openshift.io/display-name: ${PROJECT_DISPLAYNAME}
      openshift.io/requester: ${PROJECT_REQUESTING_USER}
    creationTimestamp: null
    name: ${PROJECT_NAME}
  spec: {}
  status: {}
- apiVersion: rbac.authorization.k8s.io/v1
  kind: RoleBinding
  metadata:
    annotations:
      openshift.io/description: Allows all pods in this namespace to pull images from
        this namespace.  It is auto-managed by a controller; remove subjects to disable.
    creationTimestamp: null
    name: system:image-pullers
    namespace: ${PROJECT_NAME}
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: system:image-puller
  subjects:
  - apiGroup: rbac.authorization.k8s.io
    kind: Group
    name: system:serviceaccounts:${PROJECT_NAME}
- apiVersion: rbac.authorization.k8s.io/v1
  kind: RoleBinding
  metadata:
    annotations:
      openshift.io/description: Allows builds in this namespace to push images to
        this namespace.  It is auto-managed by a controller; remove subjects to disable.
    creationTimestamp: null
    name: system:image-builders
    namespace: ${PROJECT_NAME}
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: system:image-builder
  subjects:
  - kind: ServiceAccount
    name: builder
    namespace: ${PROJECT_NAME}
- apiVersion: rbac.authorization.k8s.io/v1
  kind: RoleBinding
  metadata:
    annotations:
      openshift.io/description: Allows deploymentconfigs in this namespace to rollout
        pods in this namespace.  It is auto-managed by a controller; remove subjects
        to disable.
    creationTimestamp: null
    name: system:deployers
    namespace: ${PROJECT_NAME}
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: system:deployer
  subjects:
  - kind: ServiceAccount
    name: deployer
    namespace: ${PROJECT_NAME}
- apiVersion: rbac.authorization.k8s.io/v1
  kind: RoleBinding
  metadata:
    creationTimestamp: null
    name: admin
    namespace: ${PROJECT_NAME}
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: admin
  subjects:
  - apiGroup: rbac.authorization.k8s.io
    kind: User
    name: ${PROJECT_ADMIN_USER}
parameters:
- name: PROJECT_NAME
- name: PROJECT_DISPLAYNAME
- name: PROJECT_DESCRIPTION
- name: PROJECT_ADMIN_USER
- name: PROJECT_REQUESTING_USER

f you observe closely, there are few parameters that needs to be passed, and you can do that with the following command. This command created a project called dev:

oc process -f template.yaml -p PROJECT_NAME=dev -p PROJECT_DESCRIPTION=development -p PROJECT_DISPLAYNAME=dev -p PROJECT_REQUESTING_USER=vidya | oc create -f -

Now, when you run the below command you should see a new project dev in the list of projects:

oc projects

See the solution tutorial to learn more

Experience all of this by creating a Red Hat OpenShift cluster on IBM Cloud by following the step-by-step instructions mentioned in this solution tutorial: “Scalable web application on OpenShift.”

Was this article helpful?
YesNo

More from Cloud

Fortressing the digital frontier: A comprehensive look at IBM Cloud network security services

6 min read - The cloud revolution has fundamentally transformed how businesses operate. Its superior scalability, agility and cost-effectiveness have made it the go-to platform for organizations of all sizes. However, this shift to the cloud has introduced a new landscape of ever-evolving security threats. Data breaches and cyberattacks continue to hit organizations, making robust cloud network security an absolute necessity. IBM®, a titan in the tech industry, recognizes this critical need, provides a comprehensive suite of tools and offers unmatched expertise to fortify…

How well do you know your hypervisor and firmware?

6 min read - IBM Cloud® Virtual Private Cloud (VPC) is designed for secured cloud computing, and several features of our platform planning, development and operations help ensure that design. However, because security in the cloud is typically a shared responsibility between the cloud service provider and the customer, it’s essential for you to fully understand the layers of security that your workloads run on here with us. That’s why here, we detail a few key security components of IBM Cloud VPC that aim…

New IBM study: How business leaders can harness the power of gen AI to drive sustainable IT transformation

3 min read - As organizations strive to balance productivity, innovation and environmental responsibility, the need for sustainable IT practices is even more pressing. A new global study from the IBM Institute for Business Value reveals that emerging technologies, particularly generative AI, can play a pivotal role in advancing sustainable IT initiatives. However, successful transformation of IT systems demands a strategic and enterprise-wide approach to sustainability. The power of generative AI in sustainable IT Generative AI is creating new opportunities to transform IT operations…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters