-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bake additional cert into Jenkins controller image #775
Conversation
I don't really have a good grasp of the jenkins architecture here so it might help to name things a little more explicitly to try to hint at what the architecture is. How about we go for something like I wouldn't be opposed to putting |
I like the
? IOW, this is saying "these are the same as the regular OpenShift images, except they have a cert added". And then we rename our S2I buildconfig and output to And I'll add a diagram somewhere showing how they're connected. |
yeah let's try that and see what it looks like in the next upload. |
The `jenkins-agent` BuildConfig outputs an image that is basically the same as the `jenkins-agent-base` image from OpenShift but with a cert, so use `jenkins-agent-base-with-cert` as its name to be clear. While we're here, rename the template filename to `jenkins-with-cert` to match (a future patch will add another buildconfig in there for the controller too).
Prep for next patch where we use this tag not just for the agent.
Just like we did for the agent image, play a similar trick to have the additional cert baked into the controller image. This is required if we need to fetch resources from HTTPS URLs covered by the root CA in code that runs directly on the controller. This situation comes up in RHCOS where we want to be able to load the pipecfg from an internal repo early on in jobs.
The `jenkins` word is overloaded. Add `-s2i` to make it clear this is the S2I build. This also matches the template name and filename it's part of.
This adds a diagram to make it easier to picture how the different imagestreams and buildconfigs are connected.
1527816
to
cab85ff
Compare
Updated this now with better naming and a diagram! |
Looks much better now. Thanks for the diagram! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Just like we did for the agent image, play a similar trick to have the
additional cert baked into the controller image. This is required if we
need to fetch resources from HTTPS URLs covered by the root CA in code
that runs directly on the controller. This situation comes up in RHCOS
where we want to be able to load the pipecfg from an internal repo early
on in jobs.