Completed Documentation

2021-08-27 02:57:32 +05:30 · 2021-08-27 02:57:32 +05:30 · d4917b46dd
parent 5423173340
commit d4917b46dd
3 changed files with 83 additions and 5 deletions
--- a/website/content/en/docs/Developer
+++ b/website/content/en/docs/Developer
@ -301,6 +301,7 @@ kubectl get secret jenkins-operator-credentials-<cr_name> -o 'jsonpath={.data.pa
 ### Webhook
 To deploy the operator along with webhook, run :
 ```bash
 eval $(minikube docker-env)
 make deploy-webhook
 ```
 It uses [cert-manager](https://cert-manager.io/) as an external dependancy.
@ -314,6 +315,8 @@ It uses [cert-manager](https://cert-manager.io/) as an external dependancy.
 * [Operator SDK Tutorial for Go](https://sdk.operatorframework.io/docs/building-operators/golang/tutorial/)
 * [Kubebuilder Validating Webhook Implementation](https://book.kubebuilder.io/cronjob-tutorial/webhook-implementation.html)
 [dep_tool]:https://golang.github.io/dep/docs/installation.html
 [git_tool]:https://git-scm.com/downloads
 [go_tool]:https://golang.org/dl/
--- a/works/architecture-and-design.md
+++ b/works/architecture-and-design.md
@ -39,4 +39,3 @@ It helps to maintain or recover the desired state even after the operator or Jen
 ## Webhook 
 It rejects/accepts admission requests based on potential security warnings in plugins present in the jenkins custom resource. 
--- a/website/content/en/docs/Installation/_index.md
+++ b/website/content/en/docs/Installation/_index.md
@ -901,12 +901,88 @@ below is the full list of those volumeMounts:
 * operator-credentials
 ## Validating Webhook 
-You can also have a validating webhook which can be used to validate security warnings in plugins. It can be easily installed via helm charts by setting webhook.enabled in values.yaml or in the command line flag.
+A validating webhook can be used in order to increase monitoring capabilities of the security issues. It will look for security vulnerabilities in the base and requested plugins. It can be easily installed via helm charts by setting webhook.enabled in values.yaml. 
 >webhook.enabled=true
-Also, you can deploy it via kubectl manifests,  
+**Note**: The webhook takes some time to get up and running. It's recommended to first deploy Operator and later Jenkins Custom Resource by using toggles in values.yaml
 If the installation happens with yamls, 
 First, install cert-manager:
 ```bash
 kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.1/cert-manager.yaml 
 ```
 It takes some time to get cert-manager up and running.
 Then, install the webhook and other required resources:
 ```bash
 kubectl apply -f https://raw.githubusercontent.com/jenkinsci/kubernetes-operator/master/deploy/all-in-one-webhook.yaml
 ```
 Now, download the manifests for the operator and other resources from [here](https://raw.githubusercontent.com/jenkinsci/kubernetes-operator/master/deploy/all-in-one-v1alpha2.yaml)and please provide these additional fields in the operator manifest:
 <pre><code>
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: jenkins-operator
  labels:
    control-plane: controller-manager
 spec:
  selector:
    matchLabels:
      control-plane: controller-manager
  replicas: 1
  template:
    metadata:
      labels:
        control-plane: controller-manager
    spec:
      serviceAccountName: jenkins-operator
      securityContext:
        runAsUser: 65532
      containers:
      - command:
        - /manager
        args:
        - --leader-elect
        <span style="color:orange">- --validate-security-warnings</span>
        image: jenkins-operator:54231733-dirty 
        name: jenkins-operator
        imagePullPolicy: IfNotPresent
        securityContext:
          allowPrivilegeEscalation: false
        livenessProbe:
          httpGet:
            path: /healthz
            port: 8081
          initialDelaySeconds: 15
          periodSeconds: 20
        readinessProbe:
          httpGet:
            path: /readyz
            port: 8081
          initialDelaySeconds: 5
          periodSeconds: 10
        resources:
          limits:
            cpu: 200m
            memory: 100Mi
          requests:
            cpu: 100m
            memory: 20Mi
        env:
          - name: WATCH_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
        <span style="color:orange">volumeMounts:
          - mountPath: /tmp/k8s-webhook-server/serving-certs
            name: webhook-certs
            readOnly: true       
      volumes:
      - name: webhook-certs
        secret:
          defaultMode: 420
          secretName: jenkins-webhook-certificate
      terminationGracePeriodSeconds: 10</span>
 </code>
 </pre>
 To enable security validation in the jenkins custom resource set
 >jenkins.ValidateSecurityWarnings=true
 **Note**: The webhook takes some time to get up and running,also when helm renders the template the validating webhook configuration is applied at last, hence if the user wants to deploy a jenkins custom resource with validation turned on, he needs to wait for sometime. After the webhook is up and running the user can deploy the jenkins custom resource using *helm* or *kubectl*
`@ -39,4 +39,3 @@ It helps to maintain or recover the desired state even after the operator or Jen`
	`## Webhook`	`## Webhook`

	`It rejects/accepts admission requests based on potential security warnings in plugins present in the jenkins custom resource.`	`It rejects/accepts admission requests based on potential security warnings in plugins present in the jenkins custom resource.`