Installation

This document describes how to install Carthago Operator for Jenkins on a Kubernetes cluster.

The easiest way to install Carthago Operator for Jenkins is with its official Helm charts.

If you’d like to learn about using Helm, visit it’s official documentation.

Create namespaces

First, create namespaces to deploy Operator and Jenkins in.

$ kubectl create ns <operator-namespace>
$ kubectl create ns <jenkins-namespace>

Create license secret (paid plan only)

For users of Carthago Operator for Jenkins paid plan, now is the time to create a secret containing license information obtained from Carthago team.

apiVersion: v1
kind: Secret
metadata:
  name: <license-secret-name>
  namespace: <operator-namespace>
stringData:
  clientName: "<your-name>"
  licenseKey: "<your-license-key>"
Take note of the name of the secret. It will be needed later - you will need to provide it in the values.yaml file for the Operator.
Additional configuration options for the operator can be found on the Operator Configuration page.

Add carthago to your list of Helm chart repositories

If you’re installing Carthago Operator for Jenkins for the first time, you need to add Carthago Helm charts repository to your local list of chart repositories. You can do that with:

$ helm repo add carthago https://carthago-cloud.github.io/op-jenkins-helm/

If you’re updating Carthago Operator for Jenkins, you need to update your list of repositories to get the latest charts. You can do that with:

$ helm repo update carthago

Prepare values.yaml files

Next, prepare your two values.yaml files: values-operator.yaml and values-crs.yaml, and specify all the desired configuration for the Operator and other available Custom Resources.

If you’re using paid version of Operator, don’t forget to set operator.licenseSecretName in values-operator.yaml to match the name of the license secret created earlier. Otherwise, the licensing mechanism won’t be able to find it.
Don’t forget to specify the namespace you created for Jenkins in values-operator.yaml operator.watchedNamespaces.
In the paid version, one Operator instance is capable of watching multiple namespaces and Jenkins instances. It’s recommended to have separate namespaces for each of the Jenkins instances.

You can copy and customize the default files:

# Carthago Operator for Jenkins Helm chart

# apiVersion is the version of the Custom Resources manifests
apiVersion: carthago.cloud/v1beta1

# operator is section for configuring operator deployment
operator:

  replicaCount: 1

  # image is the name (and tag) of the Carthago Operator for Jenkins image
  image: carthago.azurecr.io/carthago-op-jenkins:0.15.4

  # imagePullPolicy defines policy for pulling images
  imagePullPolicy: IfNotPresent

  # command
  command:
    - /manager

  # args is used to specify flags
  args:
    - --leader-elect=true

  # nameOverride overrides the app name
  nameOverride: ""

  # fullnameOverride overrides the deployment name
  fullnameOverride: ""

  # Resource limit/request for Carthago Operator
  # See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ for details
  resources: {}

  # NodeSelector for Carthago Operator
  # For more details see https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
  nodeSelector: {}

  # Tolerations are applied to pods, and allow the pods to schedule onto nodes with matching taints.
  # See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ for more details
  tolerations: []

  # Affinity allows you to constrain which nodes your pod is eligible to be scheduled on, based on labels on the node.
  # For more details see https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
  affinity: {}

  # watchedNamespaces specifies namespaces that will be watched by the operator, empty array ([]) sets the operator to watch all namespaces
  watchedNamespaces:
    - jenkins

  # labelSelector sets a selector for Operator's Custom Resources, useful when the operator is set to watch all namespaces
  labelSelector: ""

  # useClusterRBAC, if set to true, will deploy cluster-scoped role and role bindings for the operator's service account.
  # Set this to true, when configuring the operator to watch all namespaces in the cluster.
  useClusterRBAC: false

  # licenseSecretName specifies a name for the secret with license key. For paid plan features to be available,
  # a secret with this name containing valid information must be present in the same namespace as Carthago Operator
  # is deployed in.
  licenseSecretName: ""
# Carthago Operator for Jenkins Custom Resources Helm chart

# apiVersion is the version of the Custom Resources manifests
apiVersion: carthago.cloud/v1beta1

# Jenkins instance configuration
jenkins:
  # enabled can enable or disable the Jenkins instance
  # Set to false if you have configured CR already and/or you want to deploy an operator only
  enabled: true

  # name of resource
  # The pod name will be jenkins-<name> (name will be set as suffix)
  name: jenkins

  # labels are injected into metadata labels field
  #labels: {}

  # annotations are injected into metadata annotations field
  annotations: {}

  # podLabels are injected into Jenkins Controller Pod's metadata labels field
  podLabels: {}

  # podSpec
  podSpec:
    initContainers: []
    sidecars: []
    jenkinsController:
      name: jenkins-controller
      image: jenkins/jenkins:2.332.1-lts
      imagePullPolicy: IfNotPresent
      command: []
      livenessProbe: {}
      readinessProbe: {}
      # Resource limit/request for Jenkins
      # See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ for details
      resources:
        limits:
          cpu: 1500m
          memory: 3Gi
        requests:
          cpu: 1
          memory: 500Mi
      env: []
      envFrom: []
      volumeMounts: []
    volumes: []
    restartPolicy: ""
    imagePullSecrets: []
    hostAliases: []
    podSecurityContext: {}
    affinity: {}
    priorityClassName: ""
    tolerations: []

  # pvcSettings allows setting PersistentVolumeClaim properties for Jenkins home
  pvcSettings: {}
  # name of Jenkins Home PVC
  # name: ""

  # accessMode specifies the way Jenkins home Volume can be mounted
  # accessMode: ""

  # resourceStorage is the volume size of Jenkins home Volume
  # resourceStorage: ""

  # storageClassName is the name of the StorageClass required by the claim
  # storageClassName: ""
  # storageClassName: ""

  # pluginsCache allows setting PersistentVolumeClaim properties for plugins cache
  # pluginsCache is not available in the free plan and requires a valid license
  pluginsCache: {}
  # name of plugins cache PVC
  # name: ""

  # accessMode specifies the way the plugins cache can be mounted
  # accessMode: ""

  # resourceStorage is the plugins cache volume size
  # resourceStorage: ""

  # storageClassName is the name of the StorageClass required by the claim
  # storageClassName: ""

  # plugins are plugins required by the user
  # You can define plugins here
  #
  # Example:
  #
  # plugins:
  # - name: jacoco
  #   version: "3.1.1"
  plugins: []

  # roles define a list of extra RBAC roles for the Jenkins Master pod service account
  roles: []

  # services allow configuring Jenkins services
  services: {}
#    Http is Jenkins web UI service
#    http:
#      labels are injected into metadata labels field
#      labels: {}
#
#      annotations are injected into metadata annotations field
#      annotations: {}
#
#      Spec describes the attributes that a user creates on a service.
#      spec: {}
#
#    Agent is Jenkins agent service
#    agent:
#      labels are injected into metadata labels field
#      labels: {}
#
#      annotations are injected into metadata annotations field
#      annotations: {}
#
#      Spec describes the attributes that a user creates on a service.
#      spec: {}

  # defines authorization strategy of the operator for the Jenkins API.
  authorizationStrategy: createUser

  # disableCSRFProtection can enable or disable operator built-in CSRF protection
  # Set it to true if you are using OpenShift Jenkins Plugin
  # See https://github.com/jenkinsci/kubernetes-operator/pull/193 for more info
  disableCSRFProtection: false

  # pluginSnapshot creates a configMap containing all the plugins in Jenkins at a particular moment and allows to keep a history of changes and restore
  pluginSnapshot: {}
#    restoreEnabled makes Jenkins use plugins specified in snapshotConfigMapRef
#    restoreEnabled: false
#
#    snapshotConfigMapRef specifies which configMap to use for restore if restoreEnabled is set. Otherwise it will overwrite the configMap whenever plugins change
#    snapshotConfigMapRef:
#      name: "config-map-name"
#
#    snapshotHistoryLength specifies, how many historical snapshots are to be kept. Has no effect if snapshotConfigMapRef is specified
#    snapshotHistoryLength: 3

# jenkinsGroovyScriptsEnabled can enable or disable the JenkinsGroovyScript instances
# Set to false if you have configured CR(s) already and/or you want to deploy an operator only
jenkinsGroovyScriptsEnabled: true

# JenkinsGroovyScripts instances configuration
# JenkinsGroovyScriptSpec defines the desired state of JenkinsGroovyScript. It allows to write Groovy Scripts to modify the Jenkins.
jenkinsGroovyScripts:
  # name of resource
  - name: groovy

    # labels are injected into metadata labels field. Each JenkinsSeedJob Custom Resource need to reference corresponding
    # Jenkins Custom Resource via labels field
    labels:
      carthago.cloud/jenkins: jenkins

    # annotations are injected into metadata annotations field
    annotations: {}

    # data is inline Groovy script
    data: |
      import jenkins.model.Jenkins

      def systemMessage = "Hello from v1beta1.JenkinsGroovyScript!"

      Jenkins jenkins = Jenkins.getInstance()
      jenkins.setSystemMessage(systemMessage)
      jenkins.save()

      println "Hello world!"      

    # secretRef is secret reference which allows to inject the secrets into Groovy script code
    #secretRef:
      #name: ""
      #namespace: ""

    # dependsOn is JenkinsGroovyScript reference which determines the order of the Groovy scripts
    #dependsOn:
      #name: ""
      #namespace: ""

# jenkinsSeedJobsEnabled can enable or disable the JenkinsSeedJobs instances
# Set to false if you have configured CR(s) already and/or you want to deploy an operator only
jenkinsSeedJobsEnabled: true

# JenkinsSeedJobs instances configuration
# See https://docs.carthago.cloud/latest-version/getting-started/seedjob-configuration/ for additional info
jenkinsSeedJobs:
  # name of resource
  - name: example

    # labels are injected into metadata labels field. Each JenkinsSeedJob Custom Resource need to reference corresponding
    # Jenkins Custom Resource via labels field
    labels:
      carthago.cloud/jenkins: jenkins

    # annotations are injected into metadata annotations field
    annotations: {}

    # Repository is VCS repository settings
    repository:

      # branch is the repository branch where seed job definitions are stored
      branch: master

      # URL is the repository access URL. Can be SSH or HTTPS.
      url: https://github.com/jenkinsci/kubernetes-operator.git

      # targets is the path from repository root where seed job definitions are stored
      targets: "cicd/jobs/*.jenkins"

      # credentialID is the Kubernetes secret name which stores repository access credentials
      credentialID: ""

      # credentialType is the https://jenkinsci.github.io/kubernetes-credentials-provider-plugin/ credential type (optional)
      # allowed types:
      # "" define none Jenkins credential type
      # "basicSSHUserPrivateKey" basic SSH Jenkins credential type
      # "usernamePassword" define username & password Jenkins credential type
      # "external" defines other credential type
      credentialType: ""

    # agentRef represents a Jenkins Kubernetes Agent Reference. It has enough information to retrieve agent
    # in any namespace
    #agentRef:

      # name is unique within a namespace to reference a secret resource.
      #name:

      # namespace defines the space within which the secret name must be unique.
      #namespace:

    # triggers define circumstances that execute jobs
    triggers:

      # bitbucketTrigger is used for Bitbucket web hooks (optional)
      bitbucketTrigger:
        push: false

      # gitHubTrigger is used for GitHub web hooks (optional)
      gitHubTrigger:
        push: false

      # buildPeriodically is used for scheduled timer trigger (optional)
      buildPeriodically: ""

      # pollSCM is setting for polling changes in SCM (optional)
      pollSCM: ""

    # settings configure the job build options
    settings:

      # ignoreMissingFiles is setting for Job DSL API plugin to ignore files that are missing (optional)
      ignoreMissingFiles: false

      # additionalClasspath is setting for Job DSL API plugin to set Additional Classpath (optional)
      additionalClasspath: ""

      # failOnMissingPlugin is setting for Job DSL API plugin that fails job if required plugin is missing (optional)
      failOnMissingPlugin: false

      # unstableOnDeprecation is setting for Job DSL API plugin that sets build status as unstable if build using deprecated features (optional)
      unstableOnDeprecation: false

# jenkinsConfigurationsAsCodeEnabled can enable or disable the JenkinsConfigurationAsCode instances
# Set to false if you have configured CR(s) already and/or you want to deploy an operator only
jenkinsConfigurationsAsCodeEnabled: true

# JenkinsConfigurationAsCode instances configuration
# For configuration as code creation tutorial, check https://docs.carthago.cloud/latest-version/getting-started/customization/
jenkinsConfigurationsAsCode:
  # name of resource
  - name: casc

    # labels are injected into metadata labels field. Each JenkinsConfigurationAsCode Custom Resource need to reference corresponding
    # Jenkins Custom Resource via labels field
    labels:
      carthago.cloud/jenkins: jenkins

    # annotations are injected into metadata annotations field
    annotations: {}

    # data is inline Groovy script
    data: |
      jenkins:
        systemMessage: |
          Welcome to your CI/CD server managed by Carthago Operator for Jenkins!      

    # secretRef is secret reference which allows to inject the secrets into Configuration As Code script
    #secretRef:
      #name: ""
      #namespace: ""

# jenkinsKubernetesAgentEnabled can enable or disable the JenkinsKubernetesAgent instances
# Set to false if you have configured CR(s) already and/or you want to deploy an operator only
jenkinsKubernetesAgentEnabled: true

# JenkinsKubernetesAgent instances configuration
# In the free plan, only 1 jenkinsKubernetesAgent can be configured, and its name must be equal to seed-job-agent
# For configuration as code creation tutorial, check https://docs.carthago.cloud/latest-version/getting-started/seedjob-configuration/
jenkinsKubernetesAgents:
  # name of resource
  # in the free plan, it must be equal to seed-job-agent
  - name: seed-job-agent

    # labels are injected into metadata labels field. Each JenkinsKubernetesAgent Custom Resource need to reference corresponding
    # Jenkins Custom Resource via labels field
    labels:
      carthago.cloud/jenkins: jenkins

    # annotations are injected into metadata annotations field
    annotations: {}

    # PodSpec allows setting Jenkins Kubernetes Agent specific pod properties
    podSpec:
      containers:
        - name: jnlp
          image: jenkins/inbound-agent:4.11.2-4
          imagePullPolicy: IfNotPresent
    # Description of Jenkins Agent
    description: ""

    # Executors defines the maximum number of concurrent builds that Jenkins may perform on this node.
    executors:

    # RemoteRootDirectory is directory dedicated to Jenkins for temporary files storage purposes.
    remoteRootDirectory: ""

    # Usage controls how Jenkins schedules builds on this node.
    # Available usage options are defined by AgentUsage enum
    usage: ""

    # TunnelConnectionThrough allows to route connection to another host
    # Field allowed values: "HOST:PORT", ":PORT" and "HOST:"
    tunnelConnectionThrough: ""

    # JVMOptions are additional startup arguments for Java Virtual Machine which runs agent
    jvmOptions: ""

    # Roles defines list of extra RBAC roles for the Jenkins Kubernetes Agent pod service account
    roles: []

# JenkinsAuthenticationEnabled can enable or disable the JenkinsAuthentication instance
# Set to true if you want to deploy the resource, set to false if have configured CR(s) already and/or you want to deploy an operator only
jenkinsAuthenticationEnabled: false

# JenkinsAuthentication configuration
# It is not available in the free plan and requires a valid license.
# For authentication creation tutorial, check https://docs.carthago.cloud/latest-version/getting-started/authentication/
jenkinsAuthentication:
  # name of resource
  name: authentication

  # labels are injected into metadata labels field. Each JenkinsAuthentication Custom Resource need to reference corresponding
  # Jenkins Custom Resource via labels field
  labels:
    carthago.cloud/jenkins: jenkins

  # annotations are injected into metadata annotations field
  annotations: {}

  # type indicates which authentication provider is set
  type: "githubOAuth"

  # githubOAuth is configuration for GitHub OAuth provider
  githubOAuth:
    # clientID is the client ID you received from GitHub for your OAuth App.
    clientID: ""

    # clientSecretRef is a secret reference which allows to safely pass into Authorization Spec. Has to contain "clientSecret" key with value of
    # the client secret you received from GitHub for your OAuth App.
    clientSecretRef:
      name: ""
      namespace: ""

    # WebURI used if you are using GitHub Enterprise. The URL to the web UI root of your GitHub installation.
    # The 'https://' or 'http://' part needs to be specified. There should not be any trailing slash (/).
    # By default set to 'https://github.com'. (optional)
    webUri: "https://github.com"

    # APIURI used if you are using GitHub Enterprise. The URI to the API root of your GitHub installation.
    # The 'https://' or 'http://' part needs to be specified. There should not be any trailing slash (/).
    # By default set to 'https://api.github.com'. (optional)
    apiUri: "https://api.github.com"

    # Scopes let you specify exactly what your app is requesting access to. Scopes limit access for OAuth tokens.
    # They do not grant any additional permission beyond that which the user already has.
    # By default these are set to "org:user,user:email" (optional)
    scopes:
      - "read:org"
      - "user:email"

  # googleOAuth is configuration for Google OAuth provider
  googleOAuth:
    # clientID is the client ID you from Google OAuth credentials
    clientID: ""

    # clientSecretRef is a secret reference which allows to safely pass into Authorization Spec. Has to contain "clientSecret" key with value of
    # the client secret from Google OAuth credentials
    clientSecretRef:
      name: ""
      namespace: ""

    # Domain is the public domain of your Jenkins instance. Leave empty for localhost (optional)
    domain: ""

  # openIDConnectAuth is configuration for various authentication providers compliant with OpenID Connect standard.
  # For more information, visit the documentation of the oic-auth: https://github.com/jenkinsci/oic-auth-plugin
  openIDConnectAuth:
    # clientID is the client ID you received from your identity provider
    clientID: ""

    # clientSecretRef is a secret reference which lets you safely pass the client secret to Authentication Spec.
    # The secret has to contain the "clientSecret" key with value of the client secret from OpenID Connect credentials.
    clientSecretRef:
      name: ""
      namespace: ""

    # autoManualConfigure specifies configuration mode. This can be either auto or manual.
    # If set to auto, WellKnownOpenIDConfigurationURL will be required and configuration will be fetched from the
    # well-known configuration endpoint. If set to false, tokenServerURL and authorizationServerURL will be required.
    autoManualConfig: ""

    # WellKnownOpenIDConfigurationURL is an endpoint with well-known configuration endpoint, where your OpenID server
    # publishes its metadata. Required when autoManualConfigure is set to auto, otherwise optional.
    wellKnownOpenIDConfigurationURL: ""

    # Required when autoManualConfigure is set to manual, otherwise optional.
    tokenServerURL: ""

    # Required when autoManualConfigure is set to manual, otherwise optional.
    authorizationServerURL: ""

    # (optional)
    userInfoServerURL: ""

    # (optional)
    userNameField: ""

    # (optional)
    tokenFieldToCheckKey: ""

    # (optional)
    tokenFieldToCheckValue: ""

    # (optional)
    fullNameFieldName: ""

    # (optional)
    emailFieldName: ""

    # scopes are used to specify access privileges while authenticating. It is a string containing space-separated
    # scopes. (optional)
    #
    # Example:
    #
    # scopes: "openid email profile"
    scopes: ""

    # (optional)
    groupsFieldName: ""

    # (optional)
    disableSSLVerification: false

    # logoutFromOpenIDProvider specifies whether to call endSessionEndpoint on logout from Jenkins. (optional)
    logoutFromOpenIDProvider: false

    # endSessionEndpoint is an endpoint to be called on logging out from Jenkins.
    # Required when logoutFromOpenIDProvider is set to true, otherwise optional.
    endSessionEndpoint: ""

    # (optional)
    postLogoutRedirectURL: ""

    # (optional)
    escapeHatchEnabled: false

    # (optional)
    escapeHatchUsername: ""

    # escapeHatchSecretRef is a secret reference which lets you safely pass the escape hatch secret to Authentication Spec.
    # It is required when EscapeHatchEnabled is set to true.
    # The secret has to contain the "escapeHatchSecret" key with value of the client secret from OpenID Connect credentials.
    # Required when escapeHatchEnabled is set to true, otherwise optional.
    escapeHatchSecretRef:
      name: ""
      namespace: ""

    # (optional)
    escapeHatchGroup: ""

  samlAuth:
    # idpMetadata is Identity Provider Metadata in XML format.
    # idpMetadata:

    # idpMetadataURL The Identity Provider metadata file source URL. If you provide idpMetadataURL please add refreshPeriod.
    idpMetadataURL:

    # refreshPeriod in minutes between Identity Provider metadata refreshes. Setting it to 0 disables refreshing metadata.
    refreshPeriod:

    # displayNameAttribute is the name of the attribute that carries the display name (optional)
    displayNameAttribute:

    # groupAttribute is the name of the attribute that carries user groups (optional)
    groupAttribute:

    # maximumAuthenticationLifetime is the number of seconds since the user was authenticated in IdP for which his authentication is considering as active.
    maximumAuthenitcationLifetime:

    # usernameAttribute is the name of the attribute that carries user name which will be used as the Jenkins ID (optional).
    usernameAttribute:

    # emailAttribute is the field name of email attribute in SAML response. (optional)
    emailAttribute:

    # usernameCaseConversion specifies how ID returned from SAML will be converted to the username for Authorization.
    usernameCaseConversion:

    # dataBindingMethod SAML specifies the method of redirection binding that will be used by SAML plugin.
    # The plugin supports HTTP-Redirect and HTTP-POST and by default it uses HTTP-Redirect.
    # Enum: http-post ; http-redirect
    dataBindingMethod:

    # logoutURL is the logout URL of your Identity Provider. Users will be redirected there on logout.
    logoutURL:

    # advancedConfiguration:

      # forceAuthentication specifies whether to request the SAML IdP to force reauthentication of the user,
      # rather than allowing an existing session with the IdP to be reused.
      # (optional) bool
      # forceAuthentication:

      # authenticationContext makes SAML IdP use a specific authentication context instead of its default one.
      # If left empty, default authentication context will be used.
      # (optional)
      # authenticationContext:

      # SPEntityID it overrides the default Entity ID for this Service Provider.
      # (optional)
      # SPEntityID:

      # nameIDPolicyFormat:

    # encryptionConfiguration can be used to specify the keystore details if your provider requires encryption or signing.
    # encryptionConfiguration:

      # keystorePath is the path to the keystore file created with the keygen command.
      # (optional)
      # keystorePath:

      # keystorePassword is the password used in the -storepass argument of the keytool command.
      # (optional)
      # keystorePasswordRef: 

      # privateKeyAlias is the alias used in the -alias argument of the keytool< command.
      # (optional)
      # privateKeyAlias:

      # privateKeyPassword is the password used in the -keypass argument of keytool.
      # (optional)
      # privateKeyPasswordRef:

      # authRequestSignature enables signature of the Redirect Binding Auth Request.
      # If you enable it the encryption and signing key would available in the SP metadata file and URL (JENKINS_URL/securityRealm/metadata).
      # (optional) bool
      # authRequestSignature:

      # wantsAssertionSigned makes authentication accept only signed assertion sent by the IdP.
      # (optional) bool
      # wantsAssertionSigned:

# JenkinsAuthorizationEnabled can enable or disable the jenkinsAuthorization instance
# Set to true if you want to deploy the resource, set to false if have configured CR(s) already and/or you want to deploy an operator only
jenkinsAuthorizationEnabled: false

# JenkinsAuthorization configuration
# For authorization creation tutorial, check https://docs.carthago.cloud/latest-version/getting-started/authorization/
jenkinsAuthorization:
  # name of resource
  name: authorization

  # labels are injected into metadata labels field. Each JenkinsAuthorization Custom Resource need to reference corresponding
  # Jenkins Custom Resource via labels field
  labels:
    carthago.cloud/jenkins: jenkins

  # annotations are injected into metadata annotations field
  annotations: {}

  # type indicates which authorization provider is set
  type: "matrix"

  # Matrix Authorization Strategy
  matrix:
    users:
      - name: "user-example"
        permissions:
          - Overall/Read

  # Role-Based Authorization Strategy
  roleBased:
    roles:
      - name: "reader"
        permissions:
          - Overall/Read
        usersOrGroups:
          - anonymous

Install charts for Operator and Jenkins and Custom Resources

With values.yaml files prepared, you can proceed with installing the Operator and Jenkins alongside other Custom Resources.

Deploy Operator

Deploy Carthago Operator for Jenkins in the namespace you prepared for it by running helm install command:

$ helm install carthago-op-jenkins carthago/carthago-op-jenkins -f values-operator.yaml -n <operator-namespace>

Installing the Operator will also install Custom Resource Definitions of Custom Resources related to Operator and Jenkins on your cluster.

At that moment, the Operator pod will be created. You can watch over the process by running:

$ kubectl get pods -n <operator-namespace> -w

When Operator becomes ready, you can proceed with deploying the chart containing Jenkins and other Custom Resources.

Deploy Jenkins and other Custom Resources

Deploy Jenkins and other Custom Resources in the namespace you prepared for them by running helm install command:

$ helm install carthago-op-jenkins-crs carthago/carthago-op-jenkins-crs -f values-crs.yaml -n <jenkins-namespace>

Soon, Jenkins pod will be created. It typically takes a few minutes for Jenkins pod to become Ready.

You can watch over the process by running:

$ kubectl get pods -n <jenkins-namespace> -w

Log in to Jenkins

Set up port forwarding

To connect to the UI, you can set up port forwarding from your local machine to Jenkins pod. You can do that with:

$ kubectl -n <jenkins-namespace> port-forward <jenkins-pod> 8080:8080

You will then find Jenkins UI at http://localhost:8080.

Login credentials can be obtained using commands below:

Obtain login credentials

$ kubectl -n <jenkins-namespace> get secret <jenkins-name>-credentials -o 'jsonpath={.data.user}' | base64 -d
$ kubectl -n <jenkins-namespace> get secret <jenkins-name>-credentials -o 'jsonpath={.data.password}' | base64 -d

Jenkins UI

What’s next?

For further information about customization and configuration of Jenkins please refer to the rest of Getting Started section.