I'm finding my way in OpenShift v3.2 and have been following a blog post that instructs on how to create a continuous-delivery project using jenkins that will build and deploy a demo project. The blog post can be found here: https://blog.openshift.com/pipelines-with-jenkins-2-on-openshift/
What I've done is:
- created a new project in OS called ci
- added a jenkins 2.x pod using the jenkins persistent storage template as described in the blog
created a demo project with the following command:
oc new-app eap64-basic-s2i \ --param=APPLICATION_NAME=ticket-monster \ --param=SOURCE_REPOSITORY_URL=https://github.com/jboss-developer/ticket-monster.git \ --param=SOURCE_REPOSITORY_REF=2.7.0.Final \ --param=CONTEXT_DIR=demo
Added the appropriate rights for a service account using the command:
oc policy add-role-to-user edit system:systemaccount:ci:default -n demo
next configured a new jenkins pipeline build that makes use of the openshift pipeline plugin. There the only thing I configured was the groovy dsl:
node {
stage 'Checkout'
git branch: '2.7.0.Final', url: 'https://github.com/jboss-developer/ticket-monster.git'
// ** NOTE: This 'M3' maven tool must be configured in the global configuration.
def mvnHome = tool 'M3'
stage 'Build'
sh "${mvnHome}/bin/mvn -f demo/pom.xml clean install"
stage 'Deploy'
def builder = new com.openshift.jenkins.plugins.pipeline.OpenShiftBuilder("", "ticket-monster", "demo", "", "", "", "", "true", "", "")
step builder
}
When I start the jenkins job, the checkout and build stages succeed but the deploy stage fails with the message:
Caused by: com.openshift.internal.restclient.http.HttpClientException: {
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Failure",
"message": "User \"system:serviceaccount:ci:default\" cannot list routes in project \"ci\"",
"reason": "Forbidden",
"details": {
"kind": "routes"
},
"code": 403
}
So hope you can help me out.
