Deploy Jenkins on OpenShift with Custom OAuth Server URL
Issue
Background: In OpenShift 4.9, you can customize the internal URL for the cluster's OAuth server with its own hostname and TLS key pair, as described in the Customizing the internal OAuth server URL topic. OpenShift's Jenkins image includes a plugin that integrates with the OAuth server, enabling OpenShift to manage identity and access for the Jenkins instance (for example, access to the Jenkins web console). This integration is enabled by default in the provided Jenkins templates, as shown in the OpenShift Container Platform OAuth authentication topic.
Issue: When the custom URL uses a TLS key pair that has not been signed by a globally trusted authority, Jenkins does not trust the OAuth server and does not allow anyone to access the web console.
Environment
- OpenShift 4.9 and later.
- The cluster's
Ingress
configuration has a custom hostname and TLS key pair for theoauth-openshift
route.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.