diff --git a/website/content/en/docs/Developer Guide/_index.md b/website/content/en/docs/Developer Guide/_index.md index 2753f3fb..d86fce2f 100644 --- a/website/content/en/docs/Developer Guide/_index.md +++ b/website/content/en/docs/Developer Guide/_index.md @@ -241,7 +241,7 @@ kubectl --context remote-k8s --namespace default get po Tests are written using [Ginkgo](https://onsi.github.io/ginkgo/) with [Gomega](https://onsi.github.io/gomega/). -Run unit tests with go fmt, lint, statickcheck, vet: +Run unit tests with go fmt, lint, staticcheck, vet: ```bash make verify @@ -262,6 +262,12 @@ make minikube-start make e2e ``` +Run helm e2e tests: +```bash +eval $(bin/minikube docker-env) +make helm-e2e +``` + Run the specific e2e test: ```bash @@ -292,8 +298,12 @@ kubectl get secret jenkins-operator-credentials- -o 'jsonpath={.data.us kubectl get secret jenkins-operator-credentials- -o 'jsonpath={.data.password}' | base64 -d ``` - - +### Webhook +To deploy the operator along with webhook, run : +```bash +make deploy-webhook +``` +It uses [cert-manager](https://cert-manager.io/) as an external dependancy. ## Self-learning @@ -314,4 +324,3 @@ kubectl get secret jenkins-operator-credentials- -o 'jsonpath={.data.pa [minikube]:https://kubernetes.io/docs/tasks/tools/install-minikube/ [virtualbox]:https://www.virtualbox.org/wiki/Downloads [install_dev_tools]:https://jenkinsci.github.io/kubernetes-operator/docs/developer-guide/tools/ - diff --git a/website/content/en/docs/How it works/architecture-and-design.md b/website/content/en/docs/How it works/architecture-and-design.md index c9434c7d..10754a7e 100644 --- a/website/content/en/docs/How it works/architecture-and-design.md +++ b/website/content/en/docs/How it works/architecture-and-design.md @@ -35,3 +35,8 @@ The **Jenkins Operator** design incorporates the following concepts: Operator state is kept in the custom resource status section, which is used for storing any configuration events or job statuses managed by the operator. It helps to maintain or recover the desired state even after the operator or Jenkins restarts. + +## Webhook + +It rejects/accepts admission requests based on potential security warnings in plugins present in the jenkins custom resource. + diff --git a/website/content/en/docs/Installation/_index.md b/website/content/en/docs/Installation/_index.md index 17b8df64..635d2e0d 100644 --- a/website/content/en/docs/Installation/_index.md +++ b/website/content/en/docs/Installation/_index.md @@ -898,4 +898,15 @@ below is the full list of those volumeMounts: * jenkins-home * scripts * init-configuration -* operator-credentials \ No newline at end of file +* operator-credentials + +## Validating Webhook +You can also have a validating webhook which can be used to validate security warnings in plugins. It can be easily installed via helm charts by setting webhook.enabled in values.yaml or in the command line flag. +>webhook.enabled=true + +Also, you can deploy it via kubectl manifests, + +To enable security validation in the jenkins custom resource set +>jenkins.ValidateSecurityWarnings=true + +**Note**: The webhook takes some time to get up and running,also when helm renders the template the validating webhook configuration is applied at last, hence if the user wants to deploy a jenkins custom resource with validation turned on, he needs to wait for sometime. After the webhook is up and running the user can deploy the jenkins custom resource using *helm* or *kubectl* diff --git a/website/content/en/docs/Installation/_webhook.md b/website/content/en/docs/Installation/_webhook.md new file mode 100644 index 00000000..1f411fbd --- /dev/null +++ b/website/content/en/docs/Installation/_webhook.md @@ -0,0 +1,4 @@ +# Webhook +You can also have a validating webhook which can be used to validate security warnings in plugins. It can be easily deployed via helm charts just set webhook.enabled to true in helm charts and set jenkins.ValidateSecurityWarnings to true in the jenkins cr. + +