According to the Chef support, the preferred way of doing this is to create a new User and use it to interact with the Chef Server from the CI node:
A User is more properly termed "Any user of the Chef Server API that is not a node running the chef-client program"
If you would like to avoid the above problem of having to assign Admin rights to a client, you can create a new User that will be used for doing uploads from the build server. All Users are allowed to upload cookbooks without needing to be members of the Admins group.
So, to sum things up:
- Create a new User in the Opscode Admin
- Make the user's key (
.pem
) available on the CI node. - Ensure that the user from (1) is used in all knife commands (see
--user
and--key
Knife options), e.g.knife upload cookbook <name> --user ci_user --key .chef/ci_user.pem