search

wso2 / kubernetes-pipeline

This project contains the Helm resources required to deploy CI/CD Pipeline in a Kubernetes environment for WSO2 products.
Apache License 2.0
47 stars 19 forks source link

Upgrade Base Jenkins Docker Image And Plugins Used #72

Closed chirangaalwis closed 4 years ago

chirangaalwis commented 4 years ago

Description: It was noticed that the base Jenkins Docker Image used in the Jenkins Docker image for WSO2 Kubernetes Pipeline is outdated, as of 2020/05/25.

Further, the Jenkins plugin versions are outdated, as well. The following error logs are observed during the Jenkins Server startup.

INFO: Listed all plugins
May 24, 2020 9:29:38 PM jenkins.InitReactorRunner$1 onTaskFailed
SEVERE: Failed Loading plugin Lockable Resources plugin v2.8 (lockable-resources)
java.io.IOException: Lockable Resources plugin v2.8 failed to load.
 - Structs Plugin v1.17 is older than required. To fix, install v1.20 or later.
 - Script Security Plugin v1.53 is older than required. To fix, install v1.62 or later.
 - Pipeline: Supporting APIs v3.2 is older than required. To fix, install v3.4 or later.
 - Matrix Project Plugin v1.13 is older than required. To fix, install v1.14 or later.
    at hudson.PluginWrapper.resolvePluginDependencies(PluginWrapper.java:652)
    at hudson.PluginManager$2$1$1.run(PluginManager.java:517)
    at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:169)
    at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:296)
    at jenkins.model.Jenkins$5.runTask(Jenkins.java:1083)
    at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:214)
    at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)

May 24, 2020 9:29:39 PM jenkins.InitReactorRunner$1 onTaskFailed
SEVERE: Failed Loading plugin Pipeline v2.6 (workflow-aggregator)
java.io.IOException: Pipeline v2.6 failed to load.
 - Lockable Resources plugin v2.8 failed to load. Fix this plugin first.
    at hudson.PluginWrapper.resolvePluginDependencies(PluginWrapper.java:652)
    at hudson.PluginManager$2$1$1.run(PluginManager.java:517)
    at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:169)
    at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:296)
    at jenkins.model.Jenkins$5.runTask(Jenkins.java:1083)
    at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:214)
    at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)

These need to be updated.

Affected Product Version: WSO2 Product Kubernetes Pipeline version 1.0.0

Aaquiff commented 4 years ago

Added PR #73 to remove unwanted plugins.

chirangaalwis commented 4 years ago

Just to update on the progress, we managed to update the Jenkins version to 2.235.2 Docker image which is the latest at the time (2020-07-25) and its plugins.

But it has to be noted that, Spinnaker's interaction with Jenkins as the CI engine fails (when running integration tests in Jenkins - value.yaml) since, Jenkins no longer supports basic authentication with password based support, by default.

Using an API token which is the most recommended approach for API calls requires a user to manually intervene and create the API token once Jenkins starts up. Thus, in an automated setup such as the default WSO2 Kubernetes Pipeline, this is not an option.

Furthermore, we can use Jenkins crumbs but we need to separately evaluate this support on Spinnaker's side. As per the official documentation for Halyard, this also requires manual intervention.

Thus, as of now I suggest disabling CSRF protection by default in Jenkins, though this is not the recommended approach suggested by Jenkins. Testing with this feature disabled is currently in-progress.

Your thoughts, suggestions and concerns are appreciated.

ThilinaManamgoda commented 4 years ago

@chirangaalwis I think we can go with disabling CSRF protection for Jenkins as it is required for providing the expected first-hand user experience. At the same time, we will have to highlight the fact that, once the set is up and running, Enable disabling CSRF protection.

chirangaalwis commented 4 years ago

@chirangaalwis I think we can go with disabling CSRF protection for Jenkins as it is required for providing the expected first-hand user experience. At the same time, we will have to highlight the fact that, once the set is up and running, Enable disabling CSRF protection.

@ThilinaManamgoda +1. And we may also have to provide the users the option to provide an API token for API calls (API token instead of the password for basic authentication) going forward which is the recommended approach. This will need the UI to be accessed which means this is possible once the initial setup is done. WDYT?

chirangaalwis commented 4 years ago

Fixed.