--- title: "Configuration" linkTitle: "Configuration" weight: 2 date: 2019-08-05 description: > How to configure Jenkins with Operator --- ## Configure Seed Jobs and Pipelines Jenkins operator uses [job-dsl][job-dsl] and [kubernetes-credentials-provider][kubernetes-credentials-provider] plugins for configuring jobs and deploy keys. ## Prepare job definitions and pipelines First you have to prepare pipelines and job definition in your GitHub repository using the following structure: ``` cicd/ ├── jobs │   └── build.jenkins └── pipelines └── build.jenkins ``` **cicd/jobs/build.jenkins** it's a job definition: ``` #!/usr/bin/env groovy pipelineJob('build-jenkins-operator') { displayName('Build jenkins-operator') definition { cpsScm { scm { git { remote { url('https://github.com/jenkinsci/kubernetes-operator.git') credentials('jenkins-operator') } branches('*/master') } } scriptPath('cicd/pipelines/build.jenkins') } } } ``` **cicd/jobs/build.jenkins** it's an actual Jenkins pipeline: ``` #!/usr/bin/env groovy def label = "build-jenkins-operator-${UUID.randomUUID().toString()}" def home = "/home/jenkins" def workspace = "${home}/workspace/build-jenkins-operator" def workdir = "${workspace}/src/github.com/jenkinsci/kubernetes-operator/" podTemplate(label: label, containers: [ containerTemplate(name: 'jnlp', image: 'jenkins/jnlp-slave:alpine'), containerTemplate(name: 'go', image: 'golang:1-alpine', command: 'cat', ttyEnabled: true), ], envVars: [ envVar(key: 'GOPATH', value: workspace), ], ) { node(label) { dir(workdir) { stage('Init') { timeout(time: 3, unit: 'MINUTES') { checkout scm } container('go') { sh 'apk --no-cache --update add make git gcc libc-dev' } } stage('Dep') { container('go') { sh 'make dep' } } stage('Test') { container('go') { sh 'make test' } } stage('Build') { container('go') { sh 'make build' } } } } } ``` ## Configure Seed Jobs Jenkins Seed Jobs are configured using `Jenkins.spec.seedJobs` section from your custom resource manifest: ``` apiVersion: jenkins.io/v1alpha2 kind: Jenkins metadata: name: example spec: seedJobs: - id: jenkins-operator targets: "cicd/jobs/*.jenkins" description: "Jenkins Operator repository" repositoryBranch: master repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.git ``` **jenkins-operator** will automatically discover and configure all seed jobs. You can verify if deploy keys were successfully configured in Jenkins **Credentials** tab. ![jenkins](/img/jenkins-credentials.png) You can verify if your pipelines were successfully configured in Jenkins Seed Job console output. ![jenkins](/img/jenkins-seed.png) If your GitHub repository is **private** you have to configure SSH or username/password authentication. ### SSH authentication #### Generate SSH Keys There are two methods of SSH private key generation: ```bash $ openssl genrsa -out 2048 ``` or ```bash $ ssh-keygen -t rsa -b 2048 $ ssh-keygen -p -f -m pem ``` Then copy content from generated file. #### Public key If you want to upload your public key to your Git server you need to extract it. If key was generated by `openssl` then you need to type this to extract public key: ```bash $ openssl rsa -in -pubout > .pub ``` If key was generated by `ssh-keygen` the public key content is located in .pub and there is no need to extract public key #### Configure SSH authentication Configure seed job like: ``` apiVersion: jenkins.io/v1alpha2 kind: Jenkins metadata: name: example spec: seedJobs: - id: jenkins-operator-ssh credentialType: basicSSHUserPrivateKey credentialID: k8s-ssh targets: "cicd/jobs/*.jenkins" description: "Jenkins Operator repository" repositoryBranch: master repositoryUrl: git@github.com:jenkinsci/kubernetes-operator.git ``` and create Kubernetes Secret(name of secret should be the same from `credentialID` field): ``` apiVersion: v1 kind: Secret metadata: name: k8s-ssh stringData: privateKey: | -----BEGIN RSA PRIVATE KEY----- MIIJKAIBAAKCAgEAxxDpleJjMCN5nusfW/AtBAZhx8UVVlhhhIKXvQ+dFODQIdzO oDXybs1zVHWOj31zqbbJnsfsVZ9Uf3p9k6xpJ3WFY9b85WasqTDN1xmSd6swD4N8 ... username: github_user_name ``` ### Username & password authentication Configure seed job like: ``` apiVersion: jenkins.io/v1alpha2 kind: Jenkins metadata: name: example spec: seedJobs: - id: jenkins-operator-user-pass credentialType: usernamePassword credentialID: k8s-user-pass targets: "cicd/jobs/*.jenkins" description: "Jenkins Operator repository" repositoryBranch: master repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.git ``` and create Kubernetes Secret(name of secret should be the same from `credentialID` field): ``` apiVersion: v1 kind: Secret metadata: name: k8s-user-pass stringData: username: github_user_name password: password_or_token ``` ## Pulling Docker images from private repositories To pull Docker Image from private repository you can use `imagePullSecrets`. Please follow the instructions on [creating a secret with a docker config](https://kubernetes.io/docs/concepts/containers/images/?origin_team=T42NTAGHM#creating-a-secret-with-a-docker-config). ### Docker Hub Configuration To use Docker Hub additional steps are required. Edit the previously created secret: ```bash kubectl -n edit secret ``` The `.dockerconfigjson` key's value needs to be replaced with a modified version. After modifications it needs to be encoded as Base64 value before setting the `.dockerconfigjson` key:q. Example config file to modify and use: ``` { "auths":{ "https://index.docker.io/v1/":{ "username":"user", "password":"password", "email":"yourdockeremail@gmail.com", "auth":"base64 of string user:password" }, "auth.docker.io":{ "username":"user", "password":"password", "email":"yourdockeremail@gmail.com", "auth":"base64 of string user:password" }, "registry.docker.io":{ "username":"user", "password":"password", "email":"yourdockeremail@gmail.com", "auth":"base64 of string user:password" }, "docker.io":{ "username":"user", "password":"password", "email":"yourdockeremail@gmail.com", "auth":"base64 of string user:password" }, "https://registry-1.docker.io/v2/": { "username":"user", "password":"password", "email":"yourdockeremail@gmail.com", "auth":"base64 of string user:password" }, "registry-1.docker.io/v2/": { "username":"user", "password":"password", "email":"yourdockeremail@gmail.com", "auth":"base64 of string user:password" }, "registry-1.docker.io": { "username":"user", "password":"password", "email":"yourdockeremail@gmail.com", "auth":"base64 of string user:password" }, "https://registry-1.docker.io": { "username":"user", "password":"password", "email":"yourdockeremail@gmail.com", "auth":"base64 of string user:password" } } } ``` [job-dsl]:https://github.com/jenkinsci/job-dsl-plugin [kubernetes-credentials-provider]:https://jenkinsci.github.io/kubernetes-credentials-provider-plugin/