Deploy Jenkins on OpenShift with Custom OAuth Server URL

Solution In Progress - Updated -

Issue

Background: In OpenShift 4.9, you can customize the internal URL for the cluster's OAuth server with its own hostname and TLS key pair, as described in the Customizing the internal OAuth server URL topic. OpenShift's Jenkins image includes a plugin that integrates with the OAuth server, enabling OpenShift to manage identity and access for the Jenkins instance (for example, access to the Jenkins web console). This integration is enabled by default in the provided Jenkins templates, as shown in the OpenShift Container Platform OAuth authentication topic.

Issue: When the custom URL uses a TLS key pair that has not been signed by a globally trusted authority, Jenkins does not trust the OAuth server and does not allow anyone to access the web console.

Environment

  • OpenShift 4.9 and later.
  • The cluster's Ingress configuration has a custom hostname and TLS key pair for the oauth-openshift route.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content