Switch Jenkins image tracking to registry tag due to Samples Operator… … deprecation

HACKING.md

@@ -532,12 +532,6 @@ using a development cluster, it normally isn't, and you can drop it. For
 the Fedora prod cluster, use `ocs-storagecluster-ceph-rbd` as shown
 above.
 
-If using an additional root CA certificate, then you will also need to
-specify the `AGENT_NAMESPACE` parameter to yours, e.g.:
-
-```
-  --param=AGENT_NAMESPACE=fedora-coreos-pipeline \
-```
 
 Now, create the Jenkins configmap:
 
@@ -586,6 +580,10 @@ This will create:
 3. the Jenkins agent BuildConfig (if a root CA cert was provided),
 4. the jenkins-config configmap.
 
+Note: If you are working with the Fedora staging pipeline, specify the
+`staging` branch for the pipecfg: `--pipecfg
+https://github.com/coreos/fedora-coreos-pipeline@staging`.
+
 If a root CA cert was provided, we need to build the base images that
 will bake in the cert in the controller and agent:
 
@@ -600,6 +598,12 @@ We can now start an S2I build of the Jenkins controller:
 oc start-build --follow jenkins-s2i
 ```
 
+If you added the root CA:
+```
+oc start-build jenkins-s2i --follow -e JENKINS_IMAGE_STREAM_TAG=upstream
+```
+
+
 Once the Jenkins controller image is built, Jenkins should start up (verify
 with `oc get pods`). Once the pod is marked READY, you should be able to
 login to the Jenkins UI at https://jenkins-$NAMESPACE.$CLUSTER_URL/

deploy

@@ -47,7 +47,7 @@ def get_username():
 
 
 def process_template(args):
-    templates = ['pipeline.yaml', 'jenkins-s2i.yaml']
+    templates = ['pipeline.yaml', 'jenkins-images.yaml', 'jenkins-s2i.yaml']
 
     params = {}
     if args.pipeline:
@@ -57,8 +57,7 @@ def process_template(args):
         params.update(params_from_git_refspec(args.pipecfg, 'PIPECFG'))
     if has_additional_root_ca(args):
         templates += ['jenkins-with-cert.yaml']
-        params['JENKINS_S2I_SRC_IMAGESTREAM_NAME'] = "jenkins:latest"
-        params['JENKINS_S2I_SRC_IMAGESTREAM_NAMESPACE'] = get_current_namespace(args)
+        params['JENKINS_IMAGE_STREAM_TAG'] = "upstream"
 
     print("Parameters:")
     for k, v in params.items():

manifests/jenkins-images.yaml

@@ -0,0 +1,34 @@
+apiVersion: template.openshift.io/v1
+kind: Template
+metadata:
+  name: jenkins-images-template
+objects:
+  - apiVersion: image.openshift.io/v1
+    kind: ImageStream
+    metadata:
+      name: jenkins-agent-base
+    spec:
+      tags:
+        - name: latest
+          from:
+            kind: DockerImage
+            name: registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9:v4.17.0
+          importPolicy:
+            scheduled: true
+          referencePolicy:
+            type: Local
+
+  - apiVersion: image.openshift.io/v1
+    kind: ImageStream
+    metadata:
+      name: jenkins
+    spec:
+      tags:
+        - name: latest
+          from:
+            kind: DockerImage
+            name: registry.redhat.io/ocp-tools-4/jenkins-rhel9:v4.17.0
+          importPolicy:
+            scheduled: true
+          referencePolicy:
+            type: Local

manifests/jenkins-s2i.yaml

@@ -12,36 +12,33 @@ parameters:
   - description: Git branch/tag reference for Jenkins S2I
     name: JENKINS_S2I_REF
     value: main
-  - description: Source imagestream
-    name: JENKINS_S2I_SRC_IMAGESTREAM_NAME
-    value: jenkins:scheduled-upgrade-redeploy
-  - description: Namespace of source imagestream
-    name: JENKINS_S2I_SRC_IMAGESTREAM_NAMESPACE
-    value: openshift
+  - description: Name of the ImageStreamTag to be used for the Jenkins image.
+    name: JENKINS_IMAGE_STREAM_TAG
+    value: latest
 
 # Here's what the flow looks like when no cert is required:
 #
 # ┌──────────────────────────────────────────────┐   ┌─────────────┐   ┌─────────────┐
 # │ imagestream                                  │   │ buildconfig │   │ imagestream │
-# │ openshift/jenkins:scheduled-upgrade-redeploy ├──►│ jenkins-s2i ├──►│ jenkins:2   │
+# │ jenkins:latest                               ├──►│ jenkins-s2i ├──►│ jenkins:2   │
 # └──────────────────────────────────────────────┘   └─────────────┘   └─────────────┘
 #
 # ┌────────────────────────────────────────────────┐
 # │ imagestream                                    │
-# │ openshift/jenkins-agent-base:scheduled-upgrade │
+# │ jenkins-agent-base:latest                      │
 # └────────────────────────────────────────────────┘
 #
 # And with cert required (see `jenkins-with-cert.yaml`):
 #
-# ┌──────────────────────────────────────────────┐   ┌───────────────────┐   ┌────────────────┐   ┌─────────────┐   ┌─────────────┐
-# │ imagestream                                  │   │ buildconfig       │   │ imagestream    │   │ buildconfig │   │ imagestream │
-# │ openshift/jenkins:scheduled-upgrade-redeploy ├──►│ jenkins-with-cert ├──►│ jenkins:latest ├──►│ jenkins-s2i ├──►│ jenkins:2   │
-# └──────────────────────────────────────────────┘   └───────────────────┘   └────────────────┘   └─────────────┘   └─────────────┘
+# ┌──────────────────────────────────────────────┐   ┌───────────────────┐   ┌──────────────────┐   ┌─────────────┐   ┌─────────────┐
+# │ imagestream                                  │   │ buildconfig       │   │ imagestream      │   │ buildconfig │   │ imagestream │
+# │ jenkins:latest                               ├──►│ jenkins-with-cert ├──►│ jenkins:upstream ├──►│ jenkins-s2i ├──►│ jenkins:2   │
+# └──────────────────────────────────────────────┘   └───────────────────┘   └──────────────────┘   └─────────────┘   └─────────────┘
 #
-# ┌────────────────────────────────────────────────┐   ┌──────────────────────────────┐   ┌───────────────────────────┐
-# │ imagestream                                    │   │ buildconfig                  │   │ imagestream               │
-# │ openshift/jenkins-agent-base:scheduled-upgrade ├──►│ jenkins-agent-base-with-cert ├──►│ jenkins-agent-base:latest │
-# └────────────────────────────────────────────────┘   └──────────────────────────────┘   └───────────────────────────┘
+# ┌────────────────────────────────────────────────┐   ┌──────────────────────────────┐   ┌─────────────────────────────┐
+# │ imagestream                                    │   │ buildconfig                  │   │ imagestream                 │
+# │ jenkins-agent-base:scheduled-upgrade           ├──►│ jenkins-agent-base-with-cert ├──►│ jenkins-agent-base:upstream │
+# └────────────────────────────────────────────────┘   └──────────────────────────────┘   └─────────────────────────────┘
 
 objects:
 
@@ -70,8 +67,7 @@ objects:
         sourceStrategy:
           from:
             kind: ImageStreamTag
-            name: ${JENKINS_S2I_SRC_IMAGESTREAM_NAME}
-            namespace: ${JENKINS_S2I_SRC_IMAGESTREAM_NAMESPACE}
+            name: jenkins:${JENKINS_IMAGE_STREAM_TAG}
           env:
             - name: JENKINS_UC_DOWNLOAD
               value: 'https://archives.jenkins.io'
@@ -82,10 +78,3 @@ objects:
           name: jenkins:2
       successfulBuildsHistoryLimit: 2
       failedBuildsHistoryLimit: 2
-
-  ### JENKINS AGENT ###
-
-  - apiVersion: v1
-    kind: ImageStream
-    metadata:
-      name: jenkins-agent-base

manifests/jenkins-with-cert.yaml

@@ -32,13 +32,12 @@ objects:
         dockerStrategy:
           from:
             kind: ImageStreamTag
-            name: jenkins:scheduled-upgrade-redeploy
-            namespace: openshift
+            name: jenkins:latest
           forcePull: true
       output:
         to:
           kind: ImageStreamTag
-          name: jenkins:latest
+          name: jenkins:upstream
       successfulBuildsHistoryLimit: 2
       failedBuildsHistoryLimit: 2
       triggers:
@@ -63,13 +62,12 @@ objects:
         dockerStrategy:
           from:
             kind: ImageStreamTag
-            name: jenkins-agent-base:scheduled-upgrade
-            namespace: openshift
+            name: jenkins-agent-base:latest
           forcePull: true
       output:
         to:
           kind: ImageStreamTag
-          name: jenkins-agent-base:latest
+          name: jenkins-agent-base:upstream
       successfulBuildsHistoryLimit: 2
       failedBuildsHistoryLimit: 2
       triggers:

manifests/jenkins.yaml

@@ -100,7 +100,7 @@ objects:
               -Dfile.encoding=UTF-8
               -Dorg.jenkinsci.plugins.durabletask.BourneShellScript.HEARTBEAT_CHECK_INTERVAL=900
               -Dorg.jenkinsci.plugins.durabletask.BourneShellScript.LAUNCH_DIAGNOSTICS=true
-              -Dorg.csanchez.jenkins.plugins.kubernetes.pipeline.PodTemplateStepExecution.defaultImage=image-registry.openshift-image-registry.svc:5000/${AGENT_NAMESPACE}/jenkins-agent-base:latest
+              -Dorg.csanchez.jenkins.plugins.kubernetes.pipeline.PodTemplateStepExecution.defaultImage=image-registry.openshift-image-registry.svc:5000/${NAMESPACE}/jenkins-agent-base:${JENKINS_IMAGE_STREAM_TAG}
               -Dorg.csanchez.jenkins.plugins.kubernetes.pipeline.PodTemplateStepExecution.defaultContainer.defaultCpuRequest=1
               -Dorg.csanchez.jenkins.plugins.kubernetes.pipeline.PodTemplateStepExecution.defaultContainer.defaultMemoryRequest=512Mi
               -Dorg.csanchez.jenkins.plugins.kubernetes.pipeline.PodTemplateStepExecution.defaultContainer.defaultCpuLimit=1
@@ -172,7 +172,7 @@ objects:
         - jenkins
         from:
           kind: ImageStreamTag
-          name: ${JENKINS_IMAGE_STREAM_TAG}
+          name: jenkins:2
           namespace: ${NAMESPACE}
         lastTriggeredImage: ""
       type: ImageChange
@@ -255,12 +255,8 @@ parameters:
 - description: The OpenShift Namespace where the Jenkins ImageStream resides.
   displayName: Jenkins ImageStream Namespace
   name: NAMESPACE
-  value: openshift
+  value: fedora-coreos-pipeline
 # DELTA: add separate agent namespace parameter
-- description: The OpenShift Namespace where the Jenkins Agent ImageStream resides.
-  displayName: Jenkins Agent ImageStream Namespace
-  name: AGENT_NAMESPACE
-  value: openshift
 - description: Whether to perform memory intensive, possibly slow, synchronization
     with the Jenkins Update Center on start.  If true, the Jenkins core update monitor
     and site warnings monitor are disabled.
@@ -270,7 +266,7 @@ parameters:
 - description: Name of the ImageStreamTag to be used for the Jenkins image.
   displayName: Jenkins ImageStreamTag
   name: JENKINS_IMAGE_STREAM_TAG
-  value: jenkins:2
+  value: upstream
 - description: When a fatal error occurs, an error log is created with information
     and the state obtained at the time of the fatal error.
   displayName: Fatal Error Log File