If you're referring to using a GitHub webhook, we ended up having to create a simple application that would receive GitHub webhook events, verify the request against the webhook secret, and trigger the desired OpenShift build or Jenkins job. This is primarily because GitHub webhooks don't really support authentication mechanisms other than the webhook secret.
If you end up having to go this route, then would point out a few other things:
- openshift-sync Jenkins plugin will create a corresponding OpenShift Build for Jenkins job builds kicked off from Jenkins and vice versa from OpenShift BuildConfig within OpenShift UX, so you have more options over what you trigger
- openshift-login will require OpenShift edit or admin role to translate into Jenkins permissions to trigger Jenkins job; newer version of openshift-login supports customized OpenShift role to Jenkins permission assignment
- Have your app return diagnostic text within the body of the response so you can figure out whether/why a webhook didn't work correctly.
I'm trying to use a webhook to trigger a job. When I'm authenticated it works great, but coming from an anonymous point the request always takes me to the openshift login. Is there a way to exclude specific URLs from having to authenticate via openshift? I see that I can create a bearer token using a service account, but given RBAC's granularity i'd rather not do that. I specifically am trying to get a webhook setup that will trigger a jenkins job to run when a source container is pushed.
Andy Feller • Sr DevOps Engineer
900 Main Campus Drive, Suite 500, Raleigh, NC 27606
e: afeller bandwidth com