Jenkins

Steps to Configure Jenkins for Spinnaker

  • Jenkins is a self-contained, open source automation server which can be used to automate all sorts of tasks related to building, testing, and delivering or deploying software.

  • Using this CI system on Spinnaker, lets you trigger pipelines with Jenkins, add a Jenkins stage to your pipeline, or add a Script stage to your pipeline.

  • Prerequisites:

    1. Below are the requirements to Connect Jenkins to Spinnaker

      • An active & stable Jenkins Master, should be reachable at a URL from the provider that Spinnaker will be deployed in.

      • User Credentials, able to authenticate against Jenkins using HTTP Basic Auth, if Jenkins is secured.

  • Steps to Add Jenkins Master to Spinnaker:

    1. Ensure, to have Jenkins master to be enabled on Spinnaker

       hal config ci jenkins enable
    2. Now, add Jenkins master named my-jenkins-master to Spinnaker

      echo $PASSWORD | hal config ci jenkins master add my-jenkins-master \
      --address $BASEURL \
      --username $USERNAME \
      --password # password will be read from STDIN to avoid appearing
          # in your .bash_history

      Note

      In case of using GitHub OAuth plugin for authentication into Jenkins, you can use the GitHub $USERNAME, and use the OAuth token as the $PASSWORD.

    3. Upon, successful execution of the above commands re-deploy spinnaker

      hal deploy apply
  • Configure Jenkins and Spinnaker for CSRF protection:

    Note

    CSRF is compatible only for Jenkins 2.x

  • To enable CSRF against Jenkins and Spinnaker, follow the below steps

    1. Enable CSRF flag using Halyard

      hal config ci jenkins master edit MASTER --csrf true

      (MASTER is the name of the Jenkins master you’ve previously configured. If you haven’t yet added your master, use hal config ci jenkins master add instead of edit. )

    2. Ensure to re-deploy Spinnaker to invoke changes

      hal deploy apply
    3. Enable CSRF protection on Jenkins

      • Login to Jenkins Console -> Manage Jenkins -> Configure Global Security, select Prevent Cross Site Request Forgery exploits.

      • Under Crumb Algorithm, select Default Crumb Algorithm

  • Next Steps

  • Upon Completion of above, Jenkins can be used in your pipelines in one of three ways:

    1. Using the built-in Jenkins stage

    2. Using the Script stage

Last updated