3.7.x

Login Credentials

Jenkins Login Credentials

CloudOps for Kubernetes deploys a Jenkins server. Details about how to login, and how to manage login and authorization are below.

Options to manage Jenkins users

CloudOps for Kubernetes supports two Jenkins authentication modes, controlled by TF_VAR_jenkins_security_realm in your docker-compose.override.yml:

  • local (default) — By default, Jenkins manages users and passwords directly. Information about this default option is described further down on this page.
  • saml — You can optionally configure Jenkins to use your organization's Single SIgn-On (SSO) SAML 2.0 Identity Provider (IdP). See Jenkins SAML SSO for setup instructions.

The rest of this page applies to the default local authentication mode.

Jenkins Administrator user

The default username and password for the Jenkins administrator are as follows:

  • User: admin
  • Password: El4stic123

Change the Jenkins Administrator user

The Jenkins administration username and password can be controlled by variables in your docker-compose.override.yml file.

  1. Variable TF_VAR_jenkins_admin_username can be used to modify the administration user's username.
  2. Variable TF_VAR_jenkins_admin_password can be used to modify the administration user's password.

Follow the below procedure to update either the username or password:

  1. Identify a maintenance window during which no Jenkins jobs will be running to apply the change. The Jenkins server pod will be restarted when the change is applied, causing any running jobs to fail.
  2. Obtain the most recent copy of the docker-compose.override.yml file for your CloudOps for Kubernetes cluster.
  3. Modify one or both of the TF_VAR_jenkins_admin_username and TF_VAR_jenkins_admin_password variables. If the desired variable does not exist in your copy of docker-compose.override.yml, then you can add it. The values need to be specified in plain-text.
  4. (Optional) Set variable TF_VAR_rebuild_nodegroups to false to avoid unnecessary work.
  5. Follow the procedure described in Updating Cluster Configuration to apply the change.

Jenkins Non-Administrator users

In CloudOps for Kubernetes release 3.5.x or higher, additional Jenkins users with different levels of non-administrator privileges are automatically created.

Use the The non-administrator account for day-to-day use and restrict who has access to administration autherity. The non-administrator accounts cannot reconfigure Jenkins.

Default User NameDefault PasswordDescription
poweruserPoweruser123Power User can view, run, and configure all jobs, and can read all build output
developerDeveloper123Developer User can view and run all jobs, and can read all build output
viewerViewer123Viewer User can view all jobs, and can read all build output

Change the Jenkins Non-Administrator Users

The usernames and passwords for Jenkins non-administrator users can be controlled by variables in your docker-compose.override.yml file.

Username VariablePassword Variable
TF_VAR_jenkins_poweruser_usernameTF_VAR_jenkins_poweruser_password
TF_VAR_jenkins_developer_usernameTF_VAR_jenkins_developer_password
TF_VAR_jenkins_viewer_usernameTF_VAR_jenkins_viewer_password

Follow the below procedure to update either the username or password:

  1. Identify a maintenance window during which no Jenkins jobs will be running to apply the change. The Jenkins server pod will be restarted when the change is applied, causing any running jobs to fail.
  2. Obtain the most recent copy of the docker-compose.override.yml file for your CloudOps for Kubernetes cluster.
  3. Modify one or both of the Username and Password variables found in the table above. If the desired variable does not exist in your copy of docker-compose.override.yml, then you can add it. The values need to be specified in plain-text.
  4. (Optional) Set variable TF_VAR_rebuild_nodegroups to false to avoid unnecessary work.
  5. Follow the procedure described in Updating Cluster Configuration to apply the change.

Jenkins Authorization configuration

In CloudOps for Kubernetes release 3.6.0 or higher, the Jenkins authorization strategy configuration is sourced from an external file. This makes it easier to switch or customize authorization without modifying the out-of-the-box configuration files.

The authorization configuration file is selected by setting variable TF_VAR_jenkins_authorization_configuration_file in your docker-compose.override.yml file.

The following authorization configuration files are available out of the box:

  • default-role-based-authorization.yaml: the default configuration. This is equivalent to the previously provided matrix-based approach.
  • default-matrix-authorization.yaml: the legacy matrix-based authorization strategy that was provided in release 3.5.x.
  • saml-role-based-authorization.yaml: a role-based configuration for use with SAML SSO. Maps the IdP groups jenkins-administrators, jenkins-powerusers, jenkins-developers, and jenkins-viewers to the corresponding Jenkins roles. See Jenkins SAML SSO for details.

Change the Jenkins Authorization configuration

Follow the below procedure to update the authorization configuration:

  1. Identify a maintenance window during which no Jenkins jobs will be running to apply the change. The Jenkins server pod will be restarted when the change is applied, causing any running jobs to fail.
  2. Obtain the most recent copy of the docker-compose.override.yml file for your CloudOps for Kubernetes cluster.
  3. Set variable TF_VAR_jenkins_authorization_configuration_file to the authorization configuration file you want to use. If the variable does not exist in your copy of docker-compose.override.yml, then you can add it.
  4. (Optional) Set variable TF_VAR_rebuild_nodegroups to false to avoid unnecessary work.
  5. Follow the procedure described in Updating Cluster Configuration to apply the change.

Use a Custom Authorization configuration

You can create and use a custom authorization configuration file without modifying the out-of-the-box authorization files.

  1. Create a custom authorization configuration file suitable for Jenkins authorization strategy configuration-as-code. You can use bootstrap/terraform/config/jenkins-authorization-config/default-role-based-authorization.yaml as a template.
  2. Save the file under bootstrap/terraform/config/jenkins-authorization-config/ in your CloudOps for Kubernetes project.
  3. Set variable TF_VAR_jenkins_authorization_configuration_file to your custom file name (for example, custom-authorization.yaml) in your docker-compose.override.yml file.
  4. Follow the procedure described in Updating Cluster Configuration to apply the change.

Nexus Credentials

Nexus is the Maven artifact repository manager used in CloudOps for Kubernetes. The Nexus credentials are given below, and are as set in Sonatype’s official Nexus 2 Docker image:

  • User: admin
  • Password: admin123
Last updated on 5/21/2026
Post BootstrapJenkins SAML SSO