github.com/shashidharatd/test-infra@v0.0.0-20171006011030-71304e1ca560/jenkins/credentials.md (about)

     1  In order to configure a service please do the following:
     2  
     3  ## Acquire the service account credentials
     4  
     5  1. Navigate to the [service accounts] for the project that owns the service
     6     account (kubernetes-jenkins)
     7    - Go to Google cloud console
     8    - Open the burger on top left
     9    - Select the `IAM & Admin` item
    10    - Select `Service accounts` on the left sidebar
    11  2. Create the service account if it does not already exist.
    12    - Give it a name: `kubekins`
    13    - Note the service account id: `kubekins@kubernetes-jenkins.iam.gserviceaccount.com`
    14    - Check the box to create/furnish a new key
    15    - Select the `json` type
    16  3. Download the private key for this account
    17    - Should already have happened if you just created the account
    18    - Otherwise click the burger on the right
    19    - Select the `create key` item
    20    - Select the `json` type
    21    - Note the location of this file on your computer
    22  
    23  ## Add the credentials to jenkins
    24  
    25  1. Navigate to the global credentials in jenkins at `/credential-store/domain/_/`
    26    - Go to jenkins
    27    - `log in`
    28    - Select `Credentials` on the left sidebar
    29    - Select `Global credentials (unrestricted)`
    30  2. Upload the credentials
    31    - Click `Add credentials` on the left sidebar
    32    - Select `Secret file` in the `Kind` dropdown list.
    33    - Set the `scope` to include `Global` and/or `all child items`
    34    - Set the file to the private key you downloaded previously.
    35    - Set the description to something that will help you find this later.
    36    - Click the `Advanced` button to show the `ID` field
    37    - Set the `ID` to something and note this for later.
    38  3. Note the `ID` of these credentials
    39    - This is the value you selected in the previous step.
    40    - Alternatively click the secret file with the matching description
    41    - Click `Update` on the left sidebar.
    42    - Click `Advanced` to show the `ID`.
    43    - Remember the `ID` value for these credentials.
    44  
    45  ## Add the credentials to the job configuration
    46  
    47  1. Add the credentials to a wrapper via the `credentials-binding` plugin.
    48    - Open the [credentials.yaml] file
    49    - Add/find a wrapper with a credentials-binding wrapper.
    50    - Add a new file item to this wrapper where:
    51      - `credential-id` is the `ID` of the credential from the previous step.
    52      - `variable` is the environment variable containing the path of to this
    53        file.
    54      -  Example:
    55      ```
    56      wrapper:
    57        name: foo-wrapper  # Remember this
    58        wrappers:
    59        - credentials-binding:
    60          - file:
    61              credential-id: 'my-id'  # This is what you selected previously
    62              value: 'MY_VARIABLE'  # We are using GOOGLE_APPLICATION_CREDENTIALS
    63      ```
    64  2. Add the wrapper to a job
    65    - Find the `job`/`project`/`job-template` of interest ([example job])
    66    - Ensure the item of interest includes the wrapper defined in the previous
    67      step:
    68      - Example:
    69      ```
    70      job:
    71        name: 'hello'
    72        wrappers:
    73          - foo-wrapper  # this is from above
    74      ```
    75  
    76  
    77  [credentials.yaml]: https://github.com/kubernetes/test-infra/blob/master/jenkins/job-configs/kubernetes-jenkins/credentials.yaml
    78  [example job]: https://github.com/kubernetes/test-infra/blob/master/jenkins/job-configs/kubernetes-jenkins/kubernetes-e2e-gce.yaml#L40
    79  [service accounts]: https://console.developers.google.com/iam-admin/serviceaccounts/project