From 00347251f1ddf8e80276e27ef02dc6fee8764205 Mon Sep 17 00:00:00 2001 From: xiangxinyong Date: Fri, 28 Feb 2020 11:08:37 +0800 Subject: [PATCH] add jenkins ci --- ci/Makefile | 4 + ci/NOTES.md | 19 + ci/dockerfile/centos-jnlp/Dockerfile | 52 + ci/dockerfile/centos-jnlp/jenkins-agent | 117 ++ ci/dockerfile/jenkins-slave/Dockerfile | 51 + ci/dockerfile/jenkins-slave/NOTES.md | 2 + ci/dockerfile/jnlp-slave/Dockerfile | 35 + ci/dockerfile/jnlp-slave/NOTES.md | 2 + ci/dockerfile/jnlp-slave/jenkins-agent | 117 ++ ci/dockerfile/opensuse-jnlp/Dockerfile | 57 + ci/dockerfile/opensuse-jnlp/jenkins-agent | 117 ++ ci/dockerfile/ubuntu-jnlp/Dockerfile | 54 + ci/dockerfile/ubuntu-jnlp/jenkins-agent | 117 ++ ci/generate-jenkins.sh | 25 + ci/jenkins/.helmignore | 22 + ci/jenkins/CHANGELOG.md | 1266 +++++++++++++++++ ci/jenkins/Chart.yaml | 25 + ci/jenkins/OWNERS | 12 + ci/jenkins/README.md | 513 +++++++ ci/jenkins/ci/casc-values.yaml | 10 + ci/jenkins/ci/default-values.yaml | 1 + ci/jenkins/hw_override.yaml | 111 ++ ci/jenkins/templates/NOTES.txt | 60 + ci/jenkins/templates/_helpers.tpl | 201 +++ ci/jenkins/templates/config.yaml | 450 ++++++ ci/jenkins/templates/deprecation.yaml | 356 +++++ ci/jenkins/templates/home-pvc.yaml | 31 + ci/jenkins/templates/jcasc-config.yaml | 39 + ci/jenkins/templates/jenkins-agent-svc.yaml | 27 + .../templates/jenkins-backup-cronjob.yaml | 87 ++ ci/jenkins/templates/jenkins-backup-rbac.yaml | 52 + .../jenkins-master-alerting-rules.yaml | 20 + .../jenkins-master-backendconfig.yaml | 22 + .../templates/jenkins-master-deployment.yaml | 384 +++++ .../templates/jenkins-master-ingress.yaml | 37 + .../jenkins-master-networkpolicy.yaml | 48 + .../templates/jenkins-master-route.yaml | 32 + .../jenkins-master-servicemonitor.yaml | 37 + ci/jenkins/templates/jenkins-master-svc.yaml | 42 + ci/jenkins/templates/jobs.yaml | 15 + ci/jenkins/templates/rbac.yaml | 90 ++ ci/jenkins/templates/secret.yaml | 28 + .../templates/service-account-agent.yaml | 17 + ci/jenkins/templates/service-account.yaml | 17 + ci/jenkins/templates/tests/jenkins-test.yaml | 52 + ci/jenkins/templates/tests/test-config.yaml | 12 + ci/jenkins/values.yaml | 522 +++++++ ci/slave-scripts/authorized_keys | 1 + ci/slave-scripts/setup.sh | 13 + ci/slave-scripts/ubuntu.sh | 31 + ci/tools/pr.groovy | 51 + 51 files changed, 5503 insertions(+) create mode 100644 ci/Makefile create mode 100644 ci/NOTES.md create mode 100644 ci/dockerfile/centos-jnlp/Dockerfile create mode 100644 ci/dockerfile/centos-jnlp/jenkins-agent create mode 100644 ci/dockerfile/jenkins-slave/Dockerfile create mode 100644 ci/dockerfile/jenkins-slave/NOTES.md create mode 100644 ci/dockerfile/jnlp-slave/Dockerfile create mode 100644 ci/dockerfile/jnlp-slave/NOTES.md create mode 100644 ci/dockerfile/jnlp-slave/jenkins-agent create mode 100644 ci/dockerfile/opensuse-jnlp/Dockerfile create mode 100644 ci/dockerfile/opensuse-jnlp/jenkins-agent create mode 100644 ci/dockerfile/ubuntu-jnlp/Dockerfile create mode 100644 ci/dockerfile/ubuntu-jnlp/jenkins-agent create mode 100644 ci/generate-jenkins.sh create mode 100644 ci/jenkins/.helmignore create mode 100644 ci/jenkins/CHANGELOG.md create mode 100644 ci/jenkins/Chart.yaml create mode 100644 ci/jenkins/OWNERS create mode 100644 ci/jenkins/README.md create mode 100644 ci/jenkins/ci/casc-values.yaml create mode 100644 ci/jenkins/ci/default-values.yaml create mode 100644 ci/jenkins/hw_override.yaml create mode 100644 ci/jenkins/templates/NOTES.txt create mode 100644 ci/jenkins/templates/_helpers.tpl create mode 100644 ci/jenkins/templates/config.yaml create mode 100644 ci/jenkins/templates/deprecation.yaml create mode 100644 ci/jenkins/templates/home-pvc.yaml create mode 100644 ci/jenkins/templates/jcasc-config.yaml create mode 100644 ci/jenkins/templates/jenkins-agent-svc.yaml create mode 100644 ci/jenkins/templates/jenkins-backup-cronjob.yaml create mode 100644 ci/jenkins/templates/jenkins-backup-rbac.yaml create mode 100644 ci/jenkins/templates/jenkins-master-alerting-rules.yaml create mode 100644 ci/jenkins/templates/jenkins-master-backendconfig.yaml create mode 100644 ci/jenkins/templates/jenkins-master-deployment.yaml create mode 100644 ci/jenkins/templates/jenkins-master-ingress.yaml create mode 100644 ci/jenkins/templates/jenkins-master-networkpolicy.yaml create mode 100644 ci/jenkins/templates/jenkins-master-route.yaml create mode 100644 ci/jenkins/templates/jenkins-master-servicemonitor.yaml create mode 100644 ci/jenkins/templates/jenkins-master-svc.yaml create mode 100644 ci/jenkins/templates/jobs.yaml create mode 100644 ci/jenkins/templates/rbac.yaml create mode 100644 ci/jenkins/templates/secret.yaml create mode 100644 ci/jenkins/templates/service-account-agent.yaml create mode 100644 ci/jenkins/templates/service-account.yaml create mode 100644 ci/jenkins/templates/tests/jenkins-test.yaml create mode 100644 ci/jenkins/templates/tests/test-config.yaml create mode 100644 ci/jenkins/values.yaml create mode 100644 ci/slave-scripts/authorized_keys create mode 100644 ci/slave-scripts/setup.sh create mode 100644 ci/slave-scripts/ubuntu.sh create mode 100644 ci/tools/pr.groovy diff --git a/ci/Makefile b/ci/Makefile new file mode 100644 index 00000000..8ea75e24 --- /dev/null +++ b/ci/Makefile @@ -0,0 +1,4 @@ +.EXPORT_ALL_VARIABLES: + +generate-jenkins: + ./generate-jenkins.sh \ No newline at end of file diff --git a/ci/NOTES.md b/ci/NOTES.md new file mode 100644 index 00000000..9240e01d --- /dev/null +++ b/ci/NOTES.md @@ -0,0 +1,19 @@ +# Notice +This base yamls in this folder are initially based on +the [jenkins chart](https://github.com/helm/charts/tree/master/stable/jenkins) +commit: 322baa4a944f63443f7fd83ac4838dc8ce756aa0 + +# Configuration +The whole configuration for jenkins cluster is located in `jenkins/values.yaml`, also there is a file name `hw_override.yaml` which used to override the partial default values, +we need ensure the options in `hw_override.yaml` are correct before we submit the +resources into kubernetes cluster. + + +# Command to generate the final yaml +```$xslt +helm template ./jenkins --namespace jenkins-system -f jenkins/values.yaml -f jenkins/hw_override.yaml --name opengauss +``` + +# Node Notes +jenkins slave's working dir will be put at the path of `/jenkins_agent_dir` therefore it's required to make the folder ready +before assign any pods into that nodes. diff --git a/ci/dockerfile/centos-jnlp/Dockerfile b/ci/dockerfile/centos-jnlp/Dockerfile new file mode 100644 index 00000000..a6f0b4e6 --- /dev/null +++ b/ci/dockerfile/centos-jnlp/Dockerfile @@ -0,0 +1,52 @@ +FROM centos:7 +MAINTAINER tommylike + +# Install jdk8 and bunch of build tools +USER root +ENV USER root + +RUN yum install -y java-1.8.0-openjdk java-1.8.0-openjdk-devel \ + wget curl git subversion + +# Setup java path +ENV JAVA_HOME /etc/alternatives/jre +ENV PATH $PATH:$JAVA_HOME/bin + +# Install jenkins slave +ARG VERSION=3.35 +ARG user=jenkins +ARG group=jenkins +ARG uid=1000 +ARG gid=1000 + +RUN groupadd -g ${gid} ${group} +RUN useradd -c "Jenkins user" -d /home/${user} -u ${uid} -g ${gid} -m ${user} + +ARG AGENT_WORKDIR=/home/${user}/agent + +RUN mkdir -p /usr/share/jenkins/ \ + && cd /usr/share/jenkins/ \ + && wget -O agent.jar https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${VERSION}/remoting-${VERSION}.jar \ + && chmod 755 /usr/share/jenkins \ + && chmod 644 /usr/share/jenkins/agent.jar \ + && ln -sf /usr/share/jenkins/agent.jar /usr/share/jenkins/slave.jar + + +# Install jnlp +COPY jenkins-agent /usr/local/bin/jenkins-agent +RUN chmod +x /usr/local/bin/jenkins-agent &&\ + ln -s /usr/local/bin/jenkins-agent /usr/local/bin/jenkins-slave + + +# Setting up env +USER ${user} +ENV AGENT_WORKDIR=${AGENT_WORKDIR} +RUN mkdir /home/${user}/.jenkins && mkdir -p ${AGENT_WORKDIR} + +VOLUME /home/${user}/.jenkins +VOLUME ${AGENT_WORKDIR} +WORKDIR /home/${user} + +ENTRYPOINT ["jenkins-agent"] + + diff --git a/ci/dockerfile/centos-jnlp/jenkins-agent b/ci/dockerfile/centos-jnlp/jenkins-agent new file mode 100644 index 00000000..24501f19 --- /dev/null +++ b/ci/dockerfile/centos-jnlp/jenkins-agent @@ -0,0 +1,117 @@ +#!/usr/bin/env sh + +# The MIT License +# +# Copyright (c) 2015-2019, CloudBees, Inc. +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. + +# Usage jenkins-agent.sh [options] -url http://jenkins [SECRET] [AGENT_NAME] +# Optional environment variables : +# * JENKINS_TUNNEL : HOST:PORT for a tunnel to route TCP traffic to jenkins host, when jenkins can't be directly accessed over network +# * JENKINS_URL : alternate jenkins URL +# * JENKINS_SECRET : agent secret, if not set as an argument +# * JENKINS_AGENT_NAME : agent name, if not set as an argument +# * JENKINS_AGENT_WORKDIR : agent work directory, if not set by optional parameter -workDir +# * JENKINS_DIRECT_CONNECTION: Connect directly to this TCP agent port, skipping the HTTP(S) connection parameter download. +# Value: ":" +# * JENKINS_INSTANCE_IDENTITY: The base64 encoded InstanceIdentity byte array of the Jenkins master. When this is set, +# the agent skips connecting to an HTTP(S) port for connection info. +# * JENKINS_PROTOCOLS: Specify the remoting protocols to attempt when instanceIdentity is provided. + +if [ $# -eq 1 ]; then + + # if `docker run` only has one arguments, we assume user is running alternate command like `bash` to inspect the image + exec "$@" + +else + + # if -tunnel is not provided, try env vars + case "$@" in + *"-tunnel "*) ;; + *) + if [ ! -z "$JENKINS_TUNNEL" ]; then + TUNNEL="-tunnel $JENKINS_TUNNEL" + fi ;; + esac + + # if -workDir is not provided, try env vars + if [ ! -z "$JENKINS_AGENT_WORKDIR" ]; then + case "$@" in + *"-workDir"*) echo "Warning: Work directory is defined twice in command-line arguments and the environment variable" ;; + *) + WORKDIR="-workDir $JENKINS_AGENT_WORKDIR" ;; + esac + fi + + if [ -n "$JENKINS_URL" ]; then + URL="-url $JENKINS_URL" + fi + + if [ -n "$JENKINS_NAME" ]; then + JENKINS_AGENT_NAME="$JENKINS_NAME" + fi + + if [ -z "$JNLP_PROTOCOL_OPTS" ]; then + echo "Warning: JnlpProtocol3 is disabled by default, use JNLP_PROTOCOL_OPTS to alter the behavior" + JNLP_PROTOCOL_OPTS="-Dorg.jenkinsci.remoting.engine.JnlpProtocol3.disabled=true" + fi + + if [ -n "$JENKINS_PROTOCOLS" ]; then + PROTOCOLS="-protocols $JENKINS_PROTOCOLS" + fi + + if [ -n "$JENKINS_DIRECT_CONNECTION" ]; then + DIRECT="-direct $JENKINS_DIRECT_CONNECTION" + fi + + if [ -n "$JENKINS_INSTANCE_IDENTITY" ]; then + INSTANCE_IDENTITY="-instanceIdentity $JENKINS_INSTANCE_IDENTITY" + fi + + # if java home is defined, use it + JAVA_BIN="java" + if [ "$JAVA_HOME" ]; then + JAVA_BIN="$JAVA_HOME/bin/java" + fi + + # if both required options are defined, do not pass the parameters + OPT_JENKINS_SECRET="" + if [ -n "$JENKINS_SECRET" ]; then + case "$@" in + *"${JENKINS_SECRET}"*) echo "Warning: SECRET is defined twice in command-line arguments and the environment variable" ;; + *) + OPT_JENKINS_SECRET="${JENKINS_SECRET}" ;; + esac + fi + + OPT_JENKINS_AGENT_NAME="" + if [ -n "$JENKINS_AGENT_NAME" ]; then + case "$@" in + *"${JENKINS_AGENT_NAME}"*) echo "Warning: AGENT_NAME is defined twice in command-line arguments and the environment variable" ;; + *) + OPT_JENKINS_AGENT_NAME="${JENKINS_AGENT_NAME}" ;; + esac + fi + + #TODO: Handle the case when the command-line and Environment variable contain different values. + #It is fine it blows up for now since it should lead to an error anyway. + + exec $JAVA_BIN $JAVA_OPTS $JNLP_PROTOCOL_OPTS -cp /usr/share/jenkins/agent.jar hudson.remoting.jnlp.Main -headless $TUNNEL $URL $WORKDIR $DIRECT $PROTOCOLS $INSTANCE_IDENTITY $OPT_JENKINS_SECRET $OPT_JENKINS_AGENT_NAME "$@" +fi \ No newline at end of file diff --git a/ci/dockerfile/jenkins-slave/Dockerfile b/ci/dockerfile/jenkins-slave/Dockerfile new file mode 100644 index 00000000..4e7e6cae --- /dev/null +++ b/ci/dockerfile/jenkins-slave/Dockerfile @@ -0,0 +1,51 @@ +# The MIT License +# +# Copyright (c) 2015-2019, CloudBees, Inc. and other Jenkins contributors +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. + +FROM openjdk:8-jdk +MAINTAINER Oleg Nenashev + +ARG VERSION=3.35 +ARG user=jenkins +ARG group=jenkins +ARG uid=1000 +ARG gid=1000 + +RUN groupadd -g ${gid} ${group} +RUN useradd -c "Jenkins user" -d /home/${user} -u ${uid} -g ${gid} -m ${user} +LABEL Description="This is a base image, which provides the Jenkins agent executable (agent.jar)" Vendor="Jenkins project" Version="${VERSION}" + +ARG AGENT_WORKDIR=/home/${user}/agent + +RUN echo 'deb http://deb.debian.org/debian stretch-backports main' > /etc/apt/sources.list.d/stretch-backports.list +RUN apt-get update && apt-get install -t stretch-backports git-lfs +RUN curl --create-dirs -fsSLo /usr/share/jenkins/agent.jar https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${VERSION}/remoting-${VERSION}.jar \ + && chmod 755 /usr/share/jenkins \ + && chmod 644 /usr/share/jenkins/agent.jar \ + && ln -sf /usr/share/jenkins/agent.jar /usr/share/jenkins/slave.jar + +USER ${user} +ENV AGENT_WORKDIR=${AGENT_WORKDIR} +RUN mkdir /home/${user}/.jenkins && mkdir -p ${AGENT_WORKDIR} + +VOLUME /home/${user}/.jenkins +VOLUME ${AGENT_WORKDIR} +WORKDIR /home/${user} \ No newline at end of file diff --git a/ci/dockerfile/jenkins-slave/NOTES.md b/ci/dockerfile/jenkins-slave/NOTES.md new file mode 100644 index 00000000..734709e2 --- /dev/null +++ b/ci/dockerfile/jenkins-slave/NOTES.md @@ -0,0 +1,2 @@ +#Source github +https://github.com/jenkinsci/docker-slave \ No newline at end of file diff --git a/ci/dockerfile/jnlp-slave/Dockerfile b/ci/dockerfile/jnlp-slave/Dockerfile new file mode 100644 index 00000000..f92fc712 --- /dev/null +++ b/ci/dockerfile/jnlp-slave/Dockerfile @@ -0,0 +1,35 @@ +# The MIT License +# +# Copyright (c) 2015-2017, CloudBees, Inc. +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. + +FROM jenkins/slave:3.35-3 +MAINTAINER Oleg Nenashev +LABEL Description="This is a base image, which allows connecting Jenkins agents via JNLP protocols" Vendor="Jenkins project" Version="3.35-2" + +ARG user=jenkins + +USER root +COPY jenkins-agent /usr/local/bin/jenkins-agent +RUN chmod +x /usr/local/bin/jenkins-agent &&\ + ln -s /usr/local/bin/jenkins-agent /usr/local/bin/jenkins-slave +USER ${user} + +ENTRYPOINT ["jenkins-agent"] \ No newline at end of file diff --git a/ci/dockerfile/jnlp-slave/NOTES.md b/ci/dockerfile/jnlp-slave/NOTES.md new file mode 100644 index 00000000..6caeac72 --- /dev/null +++ b/ci/dockerfile/jnlp-slave/NOTES.md @@ -0,0 +1,2 @@ +#Source github +https://github.com/jenkinsci/docker-jnlp-slave \ No newline at end of file diff --git a/ci/dockerfile/jnlp-slave/jenkins-agent b/ci/dockerfile/jnlp-slave/jenkins-agent new file mode 100644 index 00000000..24501f19 --- /dev/null +++ b/ci/dockerfile/jnlp-slave/jenkins-agent @@ -0,0 +1,117 @@ +#!/usr/bin/env sh + +# The MIT License +# +# Copyright (c) 2015-2019, CloudBees, Inc. +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. + +# Usage jenkins-agent.sh [options] -url http://jenkins [SECRET] [AGENT_NAME] +# Optional environment variables : +# * JENKINS_TUNNEL : HOST:PORT for a tunnel to route TCP traffic to jenkins host, when jenkins can't be directly accessed over network +# * JENKINS_URL : alternate jenkins URL +# * JENKINS_SECRET : agent secret, if not set as an argument +# * JENKINS_AGENT_NAME : agent name, if not set as an argument +# * JENKINS_AGENT_WORKDIR : agent work directory, if not set by optional parameter -workDir +# * JENKINS_DIRECT_CONNECTION: Connect directly to this TCP agent port, skipping the HTTP(S) connection parameter download. +# Value: ":" +# * JENKINS_INSTANCE_IDENTITY: The base64 encoded InstanceIdentity byte array of the Jenkins master. When this is set, +# the agent skips connecting to an HTTP(S) port for connection info. +# * JENKINS_PROTOCOLS: Specify the remoting protocols to attempt when instanceIdentity is provided. + +if [ $# -eq 1 ]; then + + # if `docker run` only has one arguments, we assume user is running alternate command like `bash` to inspect the image + exec "$@" + +else + + # if -tunnel is not provided, try env vars + case "$@" in + *"-tunnel "*) ;; + *) + if [ ! -z "$JENKINS_TUNNEL" ]; then + TUNNEL="-tunnel $JENKINS_TUNNEL" + fi ;; + esac + + # if -workDir is not provided, try env vars + if [ ! -z "$JENKINS_AGENT_WORKDIR" ]; then + case "$@" in + *"-workDir"*) echo "Warning: Work directory is defined twice in command-line arguments and the environment variable" ;; + *) + WORKDIR="-workDir $JENKINS_AGENT_WORKDIR" ;; + esac + fi + + if [ -n "$JENKINS_URL" ]; then + URL="-url $JENKINS_URL" + fi + + if [ -n "$JENKINS_NAME" ]; then + JENKINS_AGENT_NAME="$JENKINS_NAME" + fi + + if [ -z "$JNLP_PROTOCOL_OPTS" ]; then + echo "Warning: JnlpProtocol3 is disabled by default, use JNLP_PROTOCOL_OPTS to alter the behavior" + JNLP_PROTOCOL_OPTS="-Dorg.jenkinsci.remoting.engine.JnlpProtocol3.disabled=true" + fi + + if [ -n "$JENKINS_PROTOCOLS" ]; then + PROTOCOLS="-protocols $JENKINS_PROTOCOLS" + fi + + if [ -n "$JENKINS_DIRECT_CONNECTION" ]; then + DIRECT="-direct $JENKINS_DIRECT_CONNECTION" + fi + + if [ -n "$JENKINS_INSTANCE_IDENTITY" ]; then + INSTANCE_IDENTITY="-instanceIdentity $JENKINS_INSTANCE_IDENTITY" + fi + + # if java home is defined, use it + JAVA_BIN="java" + if [ "$JAVA_HOME" ]; then + JAVA_BIN="$JAVA_HOME/bin/java" + fi + + # if both required options are defined, do not pass the parameters + OPT_JENKINS_SECRET="" + if [ -n "$JENKINS_SECRET" ]; then + case "$@" in + *"${JENKINS_SECRET}"*) echo "Warning: SECRET is defined twice in command-line arguments and the environment variable" ;; + *) + OPT_JENKINS_SECRET="${JENKINS_SECRET}" ;; + esac + fi + + OPT_JENKINS_AGENT_NAME="" + if [ -n "$JENKINS_AGENT_NAME" ]; then + case "$@" in + *"${JENKINS_AGENT_NAME}"*) echo "Warning: AGENT_NAME is defined twice in command-line arguments and the environment variable" ;; + *) + OPT_JENKINS_AGENT_NAME="${JENKINS_AGENT_NAME}" ;; + esac + fi + + #TODO: Handle the case when the command-line and Environment variable contain different values. + #It is fine it blows up for now since it should lead to an error anyway. + + exec $JAVA_BIN $JAVA_OPTS $JNLP_PROTOCOL_OPTS -cp /usr/share/jenkins/agent.jar hudson.remoting.jnlp.Main -headless $TUNNEL $URL $WORKDIR $DIRECT $PROTOCOLS $INSTANCE_IDENTITY $OPT_JENKINS_SECRET $OPT_JENKINS_AGENT_NAME "$@" +fi \ No newline at end of file diff --git a/ci/dockerfile/opensuse-jnlp/Dockerfile b/ci/dockerfile/opensuse-jnlp/Dockerfile new file mode 100644 index 00000000..c781b022 --- /dev/null +++ b/ci/dockerfile/opensuse-jnlp/Dockerfile @@ -0,0 +1,57 @@ +FROM opensuse/leap:15.1 +MAINTAINER tommylike + +# Install jdk8 and bunch of build tools +USER root +ENV USER root + +RUN zypper up -y \ + && zypper in -y wget \ + && zypper in -y curl \ + && zypper in -y git \ + && zypper in -y subversion + +RUN wget -O jre-8u221-linux-x64.rpm -c --content-disposition "https://javadl.oracle.com/webapps/download/AutoDL?BundleId=239847_230deb18db3e4014bb8e3e8324f81b43" \ + && rpm -ivh jre-8u221-linux-x64.rpm \ + && rm jre-8u221-linux-x64.rpm + +# Setup java path +ENV JAVA_HOME /usr/java/default +ENV PATH $PATH:$JAVA_HOME/bin + +# Install jenkins slave +ARG VERSION=3.35 +ARG user=jenkins +ARG group=jenkins +ARG uid=1000 +ARG gid=1000 + +RUN groupadd -g ${gid} ${group} +RUN useradd -c "Jenkins user" -d /home/${user} -u ${uid} -g ${gid} -m ${user} + +ARG AGENT_WORKDIR=/home/${user}/agent + +RUN mkdir -p /usr/share/jenkins/ \ + && cd /usr/share/jenkins/ \ + && wget -O agent.jar https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${VERSION}/remoting-${VERSION}.jar \ + && chmod 755 /usr/share/jenkins \ + && chmod 644 /usr/share/jenkins/agent.jar \ + && ln -sf /usr/share/jenkins/agent.jar /usr/share/jenkins/slave.jar + + +# Install jnlp +COPY jenkins-agent /usr/local/bin/jenkins-agent +RUN chmod +x /usr/local/bin/jenkins-agent &&\ + ln -s /usr/local/bin/jenkins-agent /usr/local/bin/jenkins-slave + + +# Setting up env +USER ${user} +ENV AGENT_WORKDIR=${AGENT_WORKDIR} +RUN mkdir /home/${user}/.jenkins && mkdir -p ${AGENT_WORKDIR} + +VOLUME /home/${user}/.jenkins +VOLUME ${AGENT_WORKDIR} +WORKDIR /home/${user} + +ENTRYPOINT ["jenkins-agent"] diff --git a/ci/dockerfile/opensuse-jnlp/jenkins-agent b/ci/dockerfile/opensuse-jnlp/jenkins-agent new file mode 100644 index 00000000..24501f19 --- /dev/null +++ b/ci/dockerfile/opensuse-jnlp/jenkins-agent @@ -0,0 +1,117 @@ +#!/usr/bin/env sh + +# The MIT License +# +# Copyright (c) 2015-2019, CloudBees, Inc. +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. + +# Usage jenkins-agent.sh [options] -url http://jenkins [SECRET] [AGENT_NAME] +# Optional environment variables : +# * JENKINS_TUNNEL : HOST:PORT for a tunnel to route TCP traffic to jenkins host, when jenkins can't be directly accessed over network +# * JENKINS_URL : alternate jenkins URL +# * JENKINS_SECRET : agent secret, if not set as an argument +# * JENKINS_AGENT_NAME : agent name, if not set as an argument +# * JENKINS_AGENT_WORKDIR : agent work directory, if not set by optional parameter -workDir +# * JENKINS_DIRECT_CONNECTION: Connect directly to this TCP agent port, skipping the HTTP(S) connection parameter download. +# Value: ":" +# * JENKINS_INSTANCE_IDENTITY: The base64 encoded InstanceIdentity byte array of the Jenkins master. When this is set, +# the agent skips connecting to an HTTP(S) port for connection info. +# * JENKINS_PROTOCOLS: Specify the remoting protocols to attempt when instanceIdentity is provided. + +if [ $# -eq 1 ]; then + + # if `docker run` only has one arguments, we assume user is running alternate command like `bash` to inspect the image + exec "$@" + +else + + # if -tunnel is not provided, try env vars + case "$@" in + *"-tunnel "*) ;; + *) + if [ ! -z "$JENKINS_TUNNEL" ]; then + TUNNEL="-tunnel $JENKINS_TUNNEL" + fi ;; + esac + + # if -workDir is not provided, try env vars + if [ ! -z "$JENKINS_AGENT_WORKDIR" ]; then + case "$@" in + *"-workDir"*) echo "Warning: Work directory is defined twice in command-line arguments and the environment variable" ;; + *) + WORKDIR="-workDir $JENKINS_AGENT_WORKDIR" ;; + esac + fi + + if [ -n "$JENKINS_URL" ]; then + URL="-url $JENKINS_URL" + fi + + if [ -n "$JENKINS_NAME" ]; then + JENKINS_AGENT_NAME="$JENKINS_NAME" + fi + + if [ -z "$JNLP_PROTOCOL_OPTS" ]; then + echo "Warning: JnlpProtocol3 is disabled by default, use JNLP_PROTOCOL_OPTS to alter the behavior" + JNLP_PROTOCOL_OPTS="-Dorg.jenkinsci.remoting.engine.JnlpProtocol3.disabled=true" + fi + + if [ -n "$JENKINS_PROTOCOLS" ]; then + PROTOCOLS="-protocols $JENKINS_PROTOCOLS" + fi + + if [ -n "$JENKINS_DIRECT_CONNECTION" ]; then + DIRECT="-direct $JENKINS_DIRECT_CONNECTION" + fi + + if [ -n "$JENKINS_INSTANCE_IDENTITY" ]; then + INSTANCE_IDENTITY="-instanceIdentity $JENKINS_INSTANCE_IDENTITY" + fi + + # if java home is defined, use it + JAVA_BIN="java" + if [ "$JAVA_HOME" ]; then + JAVA_BIN="$JAVA_HOME/bin/java" + fi + + # if both required options are defined, do not pass the parameters + OPT_JENKINS_SECRET="" + if [ -n "$JENKINS_SECRET" ]; then + case "$@" in + *"${JENKINS_SECRET}"*) echo "Warning: SECRET is defined twice in command-line arguments and the environment variable" ;; + *) + OPT_JENKINS_SECRET="${JENKINS_SECRET}" ;; + esac + fi + + OPT_JENKINS_AGENT_NAME="" + if [ -n "$JENKINS_AGENT_NAME" ]; then + case "$@" in + *"${JENKINS_AGENT_NAME}"*) echo "Warning: AGENT_NAME is defined twice in command-line arguments and the environment variable" ;; + *) + OPT_JENKINS_AGENT_NAME="${JENKINS_AGENT_NAME}" ;; + esac + fi + + #TODO: Handle the case when the command-line and Environment variable contain different values. + #It is fine it blows up for now since it should lead to an error anyway. + + exec $JAVA_BIN $JAVA_OPTS $JNLP_PROTOCOL_OPTS -cp /usr/share/jenkins/agent.jar hudson.remoting.jnlp.Main -headless $TUNNEL $URL $WORKDIR $DIRECT $PROTOCOLS $INSTANCE_IDENTITY $OPT_JENKINS_SECRET $OPT_JENKINS_AGENT_NAME "$@" +fi \ No newline at end of file diff --git a/ci/dockerfile/ubuntu-jnlp/Dockerfile b/ci/dockerfile/ubuntu-jnlp/Dockerfile new file mode 100644 index 00000000..72dc7f7e --- /dev/null +++ b/ci/dockerfile/ubuntu-jnlp/Dockerfile @@ -0,0 +1,54 @@ +FROM ubuntu:xenial +MAINTAINER tommylike + +# Install jdk8 and bunch of build tools +USER root +ENV USER root + +RUN apt update \ + && apt install -y wget \ + && apt install -y curl \ + && apt install -y git \ + && apt install -y subversion \ + && apt install -y default-jre + +# Setup java path +ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64/jre +ENV PATH $PATH:$JAVA_HOME/bin + +# Install jenkins slave +ARG VERSION=3.35 +ARG user=jenkins +ARG group=jenkins +ARG uid=1000 +ARG gid=1000 + +RUN groupadd -g ${gid} ${group} +RUN useradd -c "Jenkins user" -d /home/${user} -u ${uid} -g ${gid} -m ${user} + +ARG AGENT_WORKDIR=/home/${user}/agent + +RUN mkdir -p /usr/share/jenkins/ \ + && cd /usr/share/jenkins/ \ + && wget -O agent.jar https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${VERSION}/remoting-${VERSION}.jar \ + && chmod 755 /usr/share/jenkins \ + && chmod 644 /usr/share/jenkins/agent.jar \ + && ln -sf /usr/share/jenkins/agent.jar /usr/share/jenkins/slave.jar + + +# Install jnlp +COPY jenkins-agent /usr/local/bin/jenkins-agent +RUN chmod +x /usr/local/bin/jenkins-agent &&\ + ln -s /usr/local/bin/jenkins-agent /usr/local/bin/jenkins-slave + + +# Setting up env +USER ${user} +ENV AGENT_WORKDIR=${AGENT_WORKDIR} +RUN mkdir /home/${user}/.jenkins && mkdir -p ${AGENT_WORKDIR} + +VOLUME /home/${user}/.jenkins +VOLUME ${AGENT_WORKDIR} +WORKDIR /home/${user} + +ENTRYPOINT ["jenkins-agent"] diff --git a/ci/dockerfile/ubuntu-jnlp/jenkins-agent b/ci/dockerfile/ubuntu-jnlp/jenkins-agent new file mode 100644 index 00000000..24501f19 --- /dev/null +++ b/ci/dockerfile/ubuntu-jnlp/jenkins-agent @@ -0,0 +1,117 @@ +#!/usr/bin/env sh + +# The MIT License +# +# Copyright (c) 2015-2019, CloudBees, Inc. +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. + +# Usage jenkins-agent.sh [options] -url http://jenkins [SECRET] [AGENT_NAME] +# Optional environment variables : +# * JENKINS_TUNNEL : HOST:PORT for a tunnel to route TCP traffic to jenkins host, when jenkins can't be directly accessed over network +# * JENKINS_URL : alternate jenkins URL +# * JENKINS_SECRET : agent secret, if not set as an argument +# * JENKINS_AGENT_NAME : agent name, if not set as an argument +# * JENKINS_AGENT_WORKDIR : agent work directory, if not set by optional parameter -workDir +# * JENKINS_DIRECT_CONNECTION: Connect directly to this TCP agent port, skipping the HTTP(S) connection parameter download. +# Value: ":" +# * JENKINS_INSTANCE_IDENTITY: The base64 encoded InstanceIdentity byte array of the Jenkins master. When this is set, +# the agent skips connecting to an HTTP(S) port for connection info. +# * JENKINS_PROTOCOLS: Specify the remoting protocols to attempt when instanceIdentity is provided. + +if [ $# -eq 1 ]; then + + # if `docker run` only has one arguments, we assume user is running alternate command like `bash` to inspect the image + exec "$@" + +else + + # if -tunnel is not provided, try env vars + case "$@" in + *"-tunnel "*) ;; + *) + if [ ! -z "$JENKINS_TUNNEL" ]; then + TUNNEL="-tunnel $JENKINS_TUNNEL" + fi ;; + esac + + # if -workDir is not provided, try env vars + if [ ! -z "$JENKINS_AGENT_WORKDIR" ]; then + case "$@" in + *"-workDir"*) echo "Warning: Work directory is defined twice in command-line arguments and the environment variable" ;; + *) + WORKDIR="-workDir $JENKINS_AGENT_WORKDIR" ;; + esac + fi + + if [ -n "$JENKINS_URL" ]; then + URL="-url $JENKINS_URL" + fi + + if [ -n "$JENKINS_NAME" ]; then + JENKINS_AGENT_NAME="$JENKINS_NAME" + fi + + if [ -z "$JNLP_PROTOCOL_OPTS" ]; then + echo "Warning: JnlpProtocol3 is disabled by default, use JNLP_PROTOCOL_OPTS to alter the behavior" + JNLP_PROTOCOL_OPTS="-Dorg.jenkinsci.remoting.engine.JnlpProtocol3.disabled=true" + fi + + if [ -n "$JENKINS_PROTOCOLS" ]; then + PROTOCOLS="-protocols $JENKINS_PROTOCOLS" + fi + + if [ -n "$JENKINS_DIRECT_CONNECTION" ]; then + DIRECT="-direct $JENKINS_DIRECT_CONNECTION" + fi + + if [ -n "$JENKINS_INSTANCE_IDENTITY" ]; then + INSTANCE_IDENTITY="-instanceIdentity $JENKINS_INSTANCE_IDENTITY" + fi + + # if java home is defined, use it + JAVA_BIN="java" + if [ "$JAVA_HOME" ]; then + JAVA_BIN="$JAVA_HOME/bin/java" + fi + + # if both required options are defined, do not pass the parameters + OPT_JENKINS_SECRET="" + if [ -n "$JENKINS_SECRET" ]; then + case "$@" in + *"${JENKINS_SECRET}"*) echo "Warning: SECRET is defined twice in command-line arguments and the environment variable" ;; + *) + OPT_JENKINS_SECRET="${JENKINS_SECRET}" ;; + esac + fi + + OPT_JENKINS_AGENT_NAME="" + if [ -n "$JENKINS_AGENT_NAME" ]; then + case "$@" in + *"${JENKINS_AGENT_NAME}"*) echo "Warning: AGENT_NAME is defined twice in command-line arguments and the environment variable" ;; + *) + OPT_JENKINS_AGENT_NAME="${JENKINS_AGENT_NAME}" ;; + esac + fi + + #TODO: Handle the case when the command-line and Environment variable contain different values. + #It is fine it blows up for now since it should lead to an error anyway. + + exec $JAVA_BIN $JAVA_OPTS $JNLP_PROTOCOL_OPTS -cp /usr/share/jenkins/agent.jar hudson.remoting.jnlp.Main -headless $TUNNEL $URL $WORKDIR $DIRECT $PROTOCOLS $INSTANCE_IDENTITY $OPT_JENKINS_SECRET $OPT_JENKINS_AGENT_NAME "$@" +fi \ No newline at end of file diff --git a/ci/generate-jenkins.sh b/ci/generate-jenkins.sh new file mode 100644 index 00000000..3be4a83c --- /dev/null +++ b/ci/generate-jenkins.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash + +export CURRENT_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) + +function install-helm { + echo "checking helm" + if hash helm 2>/dev/null; then + echo "found helm on local" + else + echo "Install helm via script" + HELM_TEMP_DIR=`mktemp -d` + curl https://raw.githubusercontent.com/helm/helm/master/scripts/get > ${HELM_TEMP_DIR}/get_helm.sh + #TODO: There are some issue with helm's latest version, remove '--version' when it get fixed. + chmod 700 ${HELM_TEMP_DIR}/get_helm.sh && ${HELM_TEMP_DIR}/get_helm.sh --version v2.13.0 + fi +} + + +install-helm + +echo "generating jenkins yaml..." +helm template ${CURRENT_DIR}/jenkins -f ${CURRENT_DIR}/jenkins/values.yaml -f ${CURRENT_DIR}/jenkins/hw_override.yaml --name opengauss > jenkins.yaml +echo "jenkins yaml generated with filename 'jenkins.yaml'." + + diff --git a/ci/jenkins/.helmignore b/ci/jenkins/.helmignore new file mode 100644 index 00000000..b4af6c20 --- /dev/null +++ b/ci/jenkins/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +ci/ diff --git a/ci/jenkins/CHANGELOG.md b/ci/jenkins/CHANGELOG.md new file mode 100644 index 00000000..d5813762 --- /dev/null +++ b/ci/jenkins/CHANGELOG.md @@ -0,0 +1,1266 @@ +# Change Log + +This file documents all notable changes to Jenkins Helm Chart. The release +numbering uses [semantic versioning](http://semver.org). + + +NOTE: The change log until version 1.5.7 is auto generated based on git commits. Those include a reference to the git commit to be able to get more details. + +## 1.7.4 + +Comments out JCasC example of jenkins.systemMessage so that it can be used by end users. Previously, an attempt to set systemMessage causes Jenkins to startup, citing duplicate JCasC settings for systemMessage [issue #13333](https://github.com/helm/charts/issues/13333) + +## 1.7.2 + +Update kubernetes-plugin to version 1.18.2 which fixes frequently encountered [JENKINS-59000](https://issues.jenkins-ci.org/plugins/servlet/mobile#issue/JENKINS-59000) + +## 1.7.1 + +Update the default requirements for jenkins-slave to 512Mi which fixes frequently encountered [issue #3723](https://github.com/helm/charts/issues/3723) + +## 1.7.0 + +[Jenkins Configuration as Code Plugin](https://github.com/jenkinsci/configuration-as-code-plugin) default configuration can now be enabled via `master.JCasC.defaultConfig`. + +JCasC default configuration includes: + - Jenkins url + - Admin email `master.jenkinsAdminEmail` + - crumbIssuer + - disableRememberMe: false + - mode: NORMAL + - numExecutors: {{ .Values.master.numExecutors }} + - projectNamingStrategy: "standard" + - kubernetes plugin + - containerCapStr via `agent.containerCap` + - jenkinsTunnel + - jenkinsUrl + - maxRequestsPerHostStr: "32" + - name: "kubernetes" + - namespace + - serverUrl: "https://kubernetes.default" + - template + - containers + - alwaysPullImage: `agent.alwaysPullImage` + - args + - command + - envVars + - image: `agent.image:agent.imageTag` + - name: `.agent.sideContainerName` + - privileged: `.agent.privileged` + - resourceLimitCpu: `agent.resources.limits.cpu` + - resourceLimitMemory: `agent.resources.limits.memory` + - resourceRequestCpu: `agent.resources.requests.cpu` + - resourceRequestMemory: `agent.resources.requests.memory` + - ttyEnabled: `agent.TTYEnabled` + - workingDir: "/home/jenkins" + - idleMinutes: `agent.idleMinutes` + - instanceCap: 2147483647 + - imagePullSecrets: + - name: `.agent.imagePullSecretName` + - label + - name + - nodeUsageMode: "NORMAL" + - podRetention: `agent.podRetention` + - serviceAccount + - showRawYaml: true + - slaveConnectTimeoutStr: "100" + - yaml: `agent.yamlTemplate` + - yamlMergeStrategy: "override" + - security: + - apiToken: + - creationOfLegacyTokenEnabled: false + - tokenGenerationOnCreationEnabled: false + - usageStatisticsEnabled: true + +Example `values.yaml` which enables JCasC, it's default config and configAutoReload: + +``` +master: + JCasC: + enabled: true + defaultConfig: true + sidecars: + configAutoReload: + enabled: true +``` + +add master.JCasC.defaultConfig and configure location + +- JCasC configuration is stored in template `jenkins.casc.defaults` + so that it can be used in `config.yaml` and `jcasc-config.yaml` + depending on if configAutoReload is enabled or not + +- Jenkins Location (URL) is configured to provide a startin point + for the config + +## 1.6.1 + +Print error message when `master.sidecars.configAutoReload.enabled` is `true`, but the admin user can't be found to configure the SSH key. + +## 1.6.0 + +Add support for Google Cloud Storage for backup CronJob (migrating from nuvo/kube-tasks to maorfr/kube-tasks) + +## 1.5.9 + +Fixed a warning when sidecar resources are provided through a parent chart or override values + +## 1.5.8 + +Fixed an issue when master.enableXmlConfig is set to false: Always mount jenkins-secrets volume if secretsFilesSecret is set (#16512) + +## 1.5.7 + +added initial changelog (#16324) +commit: cee2ebf98 + +## 1.5.6 + +enable xml config misspelling (#16477) +commit: a125b99f9 + +## 1.5.5 + +Jenkins master label (#16469) +commit: 4802d14c9 + +## 1.5.4 + +add option enableXmlConfig (#16346) +commit: 387d97a4c + +## 1.5.3 + +extracted "jenkins.url" into template (#16347) +commit: f2fdf5332 + +## 1.5.2 + +Fix backups when deployment has custom name (#16279) +commit: 16b89bfff + +## 1.5.1 + +Ability to set custom namespace for ServiceMonitor (#16145) +commit: 18ee6cf01 + +## 1.5.0 + +update Jenkins plugins to fix security issue (#16069) +commit: 603cf2d2b + +## 1.4.3 + +Use fixed container name (#16068) +commit: b3e4b4a49 + +## 1.4.2 + +Provide default job value (#15963) +commit: c462e2017 + +## 1.4.1 + +Add Jenkins backendconfig values (#15471) +commit: 7cc9b54c7 + +## 1.4.0 + +Change the value name for docker image tags - standartise to helm preferred value name - tag; this also allows auto-deployments using weaveworks flux (#15565) +commit: 5c3d920e7 + +## 1.3.6 + +jenkins deployment port should be target port (#15503) +commit: 83909ebe3 + +## 1.3.5 + +Add support for namespace specification (#15202) +commit: e773201a6 + +## 1.3.4 + +Adding sub-path option for scraping (#14833) +commit: e04021154 + +## 1.3.3 + +Add existingSecret to Jenkins backup AWS credentials (#13392) +commit: d9374f57d + +## 1.3.2 + +Fix JCasC version (#14992) +commit: 26a6d2b99 + +## 1.3.1 + +Update affinity for a backup cronjob (#14886) +commit: c21ed8331 + +## 1.3.0 + +only install casc support plugin when needed (#14862) +commit: a56fc0540 + +## 1.2.2 + +DNS Zone customization (#14775) +commit: da2910073 + +## 1.2.1 + +only render comment if configAutoReload is enabled (#14754) +commit: e07ead283 + +## 1.2.0 + +update plugins to latest version (#14744) +commit: 84336558e + +## 1.1.24 + +add example for EmptyDir volume (#14499) +commit: cafb60209 + +## 1.1.23 + +check if installPlugins is set before using it (#14168) +commit: 1218f0359 + +## 1.1.22 + +Support servicemonitor and alerting rules (#14124) +commit: e15a27f48 + +## 1.1.21 + +Fix: healthProbe timeouts mapping to initial delay (#13875) +commit: 825b32ece + +## 1.1.20 + +Properly handle overwrite config for additional configs (#13915) +commit: 18ce9b558 + +## 1.1.18 + +update maintainer (#13897) +commit: 223002b27 + +## 1.1.17 + +add apiVersion (#13795) +commit: cd1e5c35a + +## 1.1.16 + +allow changing of the target port to support TLS termination sidecar (#13576) +commit: a34d3bbcc + +## 1.1.15 + +fix wrong pod selector in jenkins-backup (#13542) +commit: b5df4fd7e + +## 1.1.14 + +allow templating of customInitContainers (#13536) +commit: d1e1421f4 + +## 1.1.13 + +fix #13467 (wrong deprecation message) (#13511) +commit: fbe28fa1c + +## 1.1.12 + +Correct customInitContainers Name example. (#13405) +commit: 6c6e40405 + +## 1.1.11 + +fix master.runAsUser, master.fsGroup examples (#13389) +commit: 2d7e5bf72 + +## 1.1.10 + +Ability to specify raw yaml template (#13319) +commit: 77aaa9a5f + +## 1.1.9 + +correct NOTES.txt - use master.ingress.hostname (#13318) +commit: b08ef6280 + +## 1.1.8 + +explain how to upgrade major versions (#13273) +commit: e7617a97e + +## 1.1.7 + +Add support for idleMinutes and serviceAccount (#13263) +commit: 4595ee033 + +## 1.1.6 + +Use same JENKINS_URL no matter if slaves use different namespace (#12564) +commit: 94c90339f + +## 1.1.5 + +fix deprecation checks (#13224) +commit: c7d2f8105 + +## 1.1.4 + +Fix issue introduced in #13136 (#13232) +commit: 0dbcded2e + +## 1.1.3 + +fix chart errors (#13197) +commit: 692a1e3da + +## 1.1.2 + +correct selector for jenkins pod (#13200) +commit: 4537e7fda + +## 1.1.1 + +Fix rendering of customInitContainers and lifecycle for Jenkins helm chart (#13189) +commit: e8f6b0ada + +## 1.1.0 + +Add support for openshift route in jenkins (#12973) +commit: 48c58a430 + +## 1.0.0 + +helm chart best practices (#13136) +commit: b02ae3f48 + +### Breaking changes: + +- values have been renamed to follow helm chart best practices for naming conventions so + that all variables start with a lowercase letter and words are separated with camelcase + https://helm.sh/docs/chart_best_practices/#naming-conventions +- all resources are now using recommended standard labels + https://helm.sh/docs/chart_best_practices/#standard-labels + +As a result of the label changes also the selectors of the deployment have been updated. +Those are immutable so trying an updated will cause an error like: + +``` +Error: Deployment.apps "jenkins" is invalid: spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"app.kubernetes.io/component":"jenkins-master", "app.kubernetes.io/instance":"jenkins"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable +``` + +In order to upgrade, delete the Jenkins Deployment before upgrading: + +``` +kubectl delete deploy jenkins +``` + +## 0.40.0 + +Allow to override jenkins location protocol (#12257) +commit: 18a830626 + +## 0.39.0 + +Add possibility to add custom init-container and lifecycle for master-container (#13062) +commit: 14d043593 + +## 0.38.0 + +Support `priorityClassName` on Master Deployment (#13069) +commit: e896c62bc + +## 0.37.3 + +Add support for service account annotations in jenkins (#12969) +commit: b22774e2f + +## 0.37.2 + +fix: add hostName to ingress in values.yaml (#12946) +commit: 041045e9b + +## 0.37.1 + +Update to match actual defaults in value.yaml (#12904) +commit: 73b6d37eb + +## 0.37.0 + +Support multiple Jenkins instances in same namespace (#12748) +commit: 32ff2f343 + +## 0.36.5 + +Fix wrong comment in values.yaml (#12761) +commit: 9db8ced23 + +## 0.36.4 + +Re-add value for Ingress API Version (#12753) +commit: ecb7791b5 + +## 0.36.3 + +allow templating of volumes (#12734) +commit: adbda2ca6 + +## 0.36.2 + +Fix self-introduced whitespace bug (#12528) +commit: eec1678eb + +## 0.36.1 + +Add flag to overwrite jobs definition from values.yaml (#12427) +commit: fd349b2fc + +## 0.36.0 + +Replace OwnSshKey with AdminSshKey (#12140) (#12466) +commit: 80a8c9eb6 + +## 0.35.2 + +add note for breaking changes (#12203) +commit: e779c5a54 + +## 0.35.1 + +Allow Jenkins to run with READONLYROOTFS psp (#12338) +commit: 7c419e191 + +## 0.35.0 + +Jenkins OverwriteConfig setting also overwrites init scripts (#9468) +commit: 501335b76 + +## 0.34.1 + +Fix typo on hostname variable (#12156) +commit: 3d337d8dd + +## 0.34.0 + +Allow ingress without host rule (#11960) +commit: ddc966d1e + +## 0.33.2 + +Improve documentation - clarify that rbac is needed for autoreload (#11739) +commit: 9d75a5c34 + +## 0.33.1 + +use object for rollingUpdate (#11909) +commit: cb9cf21e8 + +## 0.33.0 + +Add hostAliases (#11701) +commit: 0b89e1094 + +## 0.32.10 + +Fix slave jnlp port always being reset when container is restarted (#11685) +commit: d7d51797b + +## 0.32.9 + +add ingress Hostname an ApiVersion to docs (#11576) +commit: 4d3e77137 + +## 0.32.8 + +Support custom master pod labels in deployment (#9714) (#11511) +commit: 9de96faa0 + +## 0.32.7 + +Fix markdown syntax in README (#11496) +commit: a32221a95 + +## 0.32.6 + +Added custom labels on jenkins ingress (#11466) +commit: c875d2b9b + +## 0.32.5 + +fix typo in default jenkins agent image fixes #11356 (#11463) +commit: 30adb9a91 + +## 0.32.4 + +fix incorrect Deployment when using sidecars (#11413) +commit: 362b4cef8 + +## 0.32.3 + +[]: #10131 (#11411) +commit: 49cb72055 + +## 0.32.2 + +Option to expose the slave listener port as host port (#11187) +commit: 2f85a9663 + +## 0.32.1 + +Updating Jenkins deployment fails appears rollingUpdate needs to be (#11166) +commit: 07fc9dbde + +## 0.32.0 + +Merge Sidecard configs (#11339) +commit: 3696090b9 + +## 0.31.0 + +Add option to overwrite plugins (#11231) +commit: 0e9aa00a5 + +## 0.30.0 + +Added slave Pod env vars (#8743) +commit: 1499f6608 + +## 0.29.3 + +revert indentation to previous working version (#11293) +commit: 61662f17a + +## 0.29.2 + +allow running sidecar containers for Jenkins master (#10950) +commit: 9084ce54a + +## 0.29.1 + +Indent lines related to EnableRawHtmlMarkupFormatter (#11252) +commit: 20b310c08 + +## 0.29.0 + +Jenkins Configuration as Code (#9057) +commit: c3e8c0b17 + +## 0.28.11 + +Allow to enable OWASP Markup Formatter Plugin (#10851) +commit: 9486e5ddf + +## 0.28.10 + +Fixes #1341 -- update Jenkins chart documentation (#10290) +commit: 411c81cd0 + +## 0.28.9 + +Quoted JavaOpts values (#10671) +commit: 926a843a8 + +## 0.28.8 + +Support custom labels in deployment (#9714) (#10533) +commit: 3e00b47fa + +## 0.28.7 + +separate test resources (#10597) +commit: 7b7ae2d11 + +## 0.28.6 + +allow customizing livenessProbe periodSeconds (#10534) +commit: 3c94d250d + +## 0.28.5 + +Add role kind option (#8498) +commit: e791ad124 + +## 0.28.4 + +workaround for busybox's cp (Closes: #10471) (#10497) +commit: 0d51a4187 + +## 0.28.3 + +fix parsing java options (#10140) +commit: 9448d0293 + +## 0.28.2 + +Fix job definitions in standard values.yaml (#10184) +commit: 6b6355ae7 + +## 0.28.1 + +add numExecutors as a variable in values file (#10236) +commit: d5ea2050f + +## 0.28.0 + +various (#10223) +commit: e17d2a65d + +## 0.27.0 + +add backup cronjob (#10095) +commit: 863ead8db + +## 0.26.2 + +add namespace flag for port-forwarding in jenkins notes (#10399) +commit: 846b589a9 + +## 0.26.1 + +* fixes #10267 when executed with helm template - otherwise produces an invalid template. (#10403) +commit: 266f9d839 + +## 0.26.0 + +Add subPath for jenkins-home mount (#9671) +commit: a9c76ac9b + +## 0.25.1 + +update readme to indicate the correct image that is used by default (#9915) +commit: 6aba9631c + +## 0.25.0 + +Add ability to manually set Jenkins URL (#7405) +commit: a0178fcb4 + +## 0.24.0 + +Make AuthorizationStrategy configurable (#9567) +commit: 06545b226 + +## 0.23.0 + +Update Jenkins public chart (#9296) +commit: 4e5f5918b + +## 0.22.0 + +allow to override jobs (#9004) +commit: dca9f9ab9 + +## 0.21.0 + +Simple implementation of the option to define the ingress path to the jenkins service (#8101) +commit: 013159609 + +## 0.20.2 + +Cosmetic change to remove necessity of changing "appVersion" for every new LTS release (#8866) +commit: f52af042a + +## 0.20.1 + +Added ExtraPorts to open in the master pod (#7759) +commit: 78858a2fb + +## 0.19.1 + +Fix component label in NOTES.txt ... (#8300) +commit: c5494dbfe + +## 0.19.0 + +Kubernetes 1.9 support as well as automatic apiVersion detection (#7988) +commit: 6853ad364 + +## 0.18.1 + +Respect SlaveListenerPort value in config.xml (#7220) +commit: 0a5ddac35 + +## 0.18.0 + +Allow replacement of Jenkins config with configMap. (#7450) +commit: c766da3de + +## 0.17.0 + +Add option to allow host networking (#7530) +commit: dc2eeff32 + +## 0.16.25 + +add custom jenkins labels to the build agent (#7167) +commit: 3ecde5dbf + +## 0.16.24 + +Move kubernetes and job plugins to latest versions (#7438) +commit: 019e39456 + +## 0.16.23 + +Add different Deployment Strategies based on persistence (#6132) +commit: e0a20b0b9 + +## 0.16.22 + +avoid lint errors when adding Values.Ingress.Annotations (#7425) +commit: 99eacc854 + +## 0.16.21 + +bump appVersion to reflect new jenkins lts release version 2.121.3 (#7217) +commit: 296df165d + +## 0.16.20 + +Configure kubernetes plugin for including namespace value (#7164) +commit: c0dc6cc48 + +## 0.16.19 + +make pod retention policy setting configurable (#6962) +commit: e614c1033 + +## 0.16.18 + +Update plugins version (#6988) +commit: bf8180018 + +## 0.16.17 + +Add Master.AdminPassword in README (#6987) +commit: 13e754ad7 + +## 0.16.16 + +Added jenkins location configuration (#6573) +commit: 79de7026c + +## 0.16.15 + +use generic env var, not oracle specific env var (#6116) +commit: 6084ab4a4 + +## 0.16.14 + +Allow to specify resource requests and limits on initContainers (#6723) +commit: 942a33b1a + +## 0.16.13 + +Added support for NodePort service type for jenkens agent svc (#6571) +commit: 89a213c2b + +## 0.16.12 + +Added ability to configure multiple LoadBalancerSourceRanges (#6243) +commit: 01604ddbc + +## 0.16.11 + +Removing ContainerPort configuration as at the moment it does not work when you change this setting (#6411) +commit: e1c0468bd + +## 0.16.9 + +Fix jobs parsing for configmap by adding toYaml to jobs.yaml template (#3747) +commit: b2542a123 + +## 0.16.8 + +add jenkinsuriprefix in healthprobes (#5737) +commit: 435d7a7b9 + +## 0.16.7 + +Added the ability to switch from ClusterRoleBinding to RoleBinding. (#6190) +commit: dde03ede0 + +## 0.16.6 + +Make jenkins master pod security context optional (#6122) +commit: 63653fd59 + +## 0.16.5 + +Rework resources requests and limits (#6077) (#6077) +commit: e738f99d0 + +## 0.16.4 + +Add jenkins master pod annotations (#6313) +commit: 5e7325721 + +## 0.16.3 + +Split Jenkins readiness and liveness probe periods (#5704) +commit: fc6100c38 + +## 0.16.1 + +fix typo in jenkins README (#5228) +commit: 3cd3f4b8b + +## 0.16.0 + +Inherit existing plugins from Jenkins image (#5409) +commit: fd93bff82 + +## 0.15.1 + +Allow NetworkPolicy.ApiVersion and Master.Ingress.ApiVersion to Differ (#5103) +commit: 78ee4ba15 + +## 0.15.0 + +Secure Defaults (#5026) +commit: 0fe90b520 + +## 0.14.6 + +Wait for up to 2 minutes before failing liveness check (#5161) +commit: 2cd3fc481 + +## 0.14.5 + +correct ImageTag setting (#4371) +commit: 8ea04174d + +## 0.14.4 + +Update jenkins/README.md (#4559) +commit: d4e6352dd + +## 0.14.3 + +Bump appVersion (#4177) +commit: 605d3d441 + +## 0.14.2 + +Master.InitContainerEnv: Init Container Env Vars (#3495) +commit: c64abe27d + +## 0.14.1 + +Allow more configuration of Jenkins agent service (#4028) +commit: fc82f39b2 + +## 0.14.0 + +Add affinity settings (#3839) +commit: 64e82fa6a + +## 0.13.5 + +bump test timeouts (#3886) +commit: cd05dd99c + +## 0.13.4 + +Add OWNERS to jenkins chart (#3881) +commit: 1c106b9c8 + +## 0.13.3 + +Add fullnameOverride support (#3705) +commit: ec8080839 + +## 0.13.2 + +Update README.md (#3638) +commit: f6d274c37 + +## 0.13.1 + +Lower initial healthcheck delay (#3463) +commit: 9b99db67c + +## 0.13.0 + +Provision credentials.xml, secrets files and jobs (#3316) +commit: d305c5961 + +## 0.12.1 + +fix the default value for nodeUsageMode. (#3299) +commit: b68d19516 + +## 0.12.0 + +Recreate pods when CustomConfigMap is true and there are changes to the ConfigMap (which is how the vanilla chart works) (#3181) +commit: 86d29f804 + +## 0.11.1 + +Optionally adds liveness and readiness probes to jenkins (#3245) +commit: 8b9aa73ee + +## 0.11.0 + +Feature/run jenkins as non root user (#2899) +commit: 8918f4175 + +## 0.10.3 + +template the version to keep them synced (#3084) +commit: 35e7fa49a + +## 0.10.2 + +Update Chart.yaml +commit: e3e617a0b + +## 0.10.1 + +Merge branch 'master' into jenkins-test-timeout +commit: 9a230a6b1 + +## 0.8.1 + +Double retry count for Jenkins test +commit: 129c8e824 + +## 0.10.1 + +Jenkins: Update README | Master.ServiceAnnotations (#2757) +commit: 6571810bc + +## 0.10.0 + +Update Jenkins images and plugins (#2496) +commit: 2e2622682 + +## 0.9.4 + +Updating to remove the `.lock` directory as well (#2747) +commit: 6e676808f + +## 0.9.3 + +Use variable for service port when testing (#2666) +commit: d044f99be + +## 0.9.2 + +Review jenkins networkpolicy docs (#2618) +commit: 49911e458 + +## 0.9.2 + +Add image pull secrets to jenkins templates (#1389) +commit: 4dfae21fd + +## 0.9.1 + +Added persistent volume claim annotations (#2619) +commit: ac9e5306e + +## 0.9.1 + +Fix failing CI lint (#2758) +commit: 26f709f0e + +## 0.9.0 + +#1785 namespace defined templates with chart name (#2140) +commit: 408ae0b3f + +## 0.8.9 + +added useSecurity and adminUser to params (#1903) +commit: 39d2a03cd + +## 0.8.9 + +Use storageClassName for jenkins. (#1997) +commit: 802f6449b + +## 0.8.8 + +Remove old plugin locks before installing plugins (#1746) +commit: 6cd7b8ff4 + +## 0.8.8 + +promote initContainrs to podspec (#1740) +commit: fecc804fc + +## 0.8.7 + +add optional LoadBalancerIP option. (#1568) +commit: d39f11408 + +## 0.8.6 + +Fix bad key in values.yaml (#1633) +commit: dc27e5af3 + +## 0.8.5 + +Update Jenkins to support node selectors for agents. (#1532) +commit: 4af5810ff + +## 0.8.4 + +Add support for supplying JENKINS_OPTS and/or uri prefix (#1405) +commit: 6a331901a + +## 0.8.3 + +Add serviceAccountName to deployment (#1477) +commit: 0dc349b44 + +## 0.8.2 + +Remove path from ingress specification to allow other paths (#1599) +commit: e727f6b32 + +## 0.8.2 + +Update git plugin to 3.4.0 for CVE-2017-1000084 (#1505) +commit: 03482f995 + +## 0.8.1 + +Use consistent whitespace in template placeholders (#1437) +commit: 912f50c71 + +## 0.8.1 + +add configurable service annotations #1234 (#1244) +commit: 286861ca8 + +## 0.8.0 + +Jenkins v0.8.0 (#1385) +commit: 0009a2393 + +## 0.7.4 + +Use imageTag as version in config map (#1333) +commit: e8bb6ebb4 + +## 0.7.3 + +Add NetworkPolicy to Jenkins (#1228) +commit: 572b36c6d + +## 0.7.2 + +- Workflow plugin pin (#1178) +commit: ac3a0c7bc + +## 0.7.1 + +copy over plugins.txt in case of update (#1222) +commit: 75b5b1174 + +## 0.7.0 + +add jmx option (#964) +commit: 6ae8d1945 + +## 0.6.4 + +update jenkins to latest LTS 2.46.3 (#1182) +commit: ad90b4c27 + +## 0.6.3 + +Update chart maints to gh u/n (#1107) +commit: f357b77ed + +## 0.6.2 + +Add Agent.Privileged option (#957) +commit: 2cf4aced2 + +## 0.6.1 + +Upgrade jenkins to 2.46.2 (#971) +commit: 41bd742b4 + +## 0.6.0 + +Smoke test for Jenkins Chart (#944) +commit: 110441054 + +## 0.5.1 + +removed extra space from hardcoded password (#925) +commit: 85a9b9123 + +## 0.5.0 + +move config to init-container allowing use of upstream containers (#921) +commit: 1803c3d33 + +## 0.4.1 + +add ability to toggle jnlp-agent podTemplate generation (#918) +commit: accd53203 + +## 0.4.0 + +Jenkins add script approval (#916) +commit: c1746656e + +## 0.3.1 + +Update Jenkins to Latest LTS fixes #731 (#733) +commit: e9a3aed8b + +## 0.3.0 + +Added option to add Jenkins init scripts (#617) +commit: b889623d0 + +## 0.2.0 + +Add existing PVC (#716) +commit: 05271f145 + +## 0.1.15 + +use Master.ServicePort in config.xml (#769) +commit: f351f4b16 + +## 0.1.14 + +Added option to disable security on master node (#403) +commit: 3a6113d18 + +## 0.1.13 + +Added: extra mount points support for jenkins master (#474) +commit: fab0f7eb1 + +## 0.1.12 + +fix storageclass config typo (#548) +commit: 6fc0ff242 + +## 0.1.10 + +Changed default value of Kubernetes Cloud name to match one in kubernetes plugin (#404) +commit: 68351304a + +## 0.1.10 + +Add support for overriding the Jenkins ConfigMap (#524) +commit: f97ca53b1 + +## 0.1.9 + +Added jenkins-master ingress support (#402) +commit: d76a09588 + +## 0.1.8 + +Change description (#553) +commit: 91f5c24e1 + +## 0.1.8 + +Removed default Persistence.StorageClass: generic (#530) +commit: c87494c10 + +## 0.1.8 + +Update to the recommended pvc patterns. (#448) +commit: a7fc595aa + +## 0.1.8 + +Remove helm.sh/created annotations (#505) +commit: f380da2fb + +## 0.1.7 + +add support for explicit NodePort on jenkins chart (#342) +commit: f63c188da + +## 0.1.7 + +Add configurable loadBalancerSourceRanges for jenkins chart (#360) +commit: 44007c50e + +## 0.1.7 + +Update Jenkins version to current LTS (2.19.4) and Kubernetes Plugin to 0.10 (#341) +commit: 6c8678167 + +## 0.1.6 + +Add imagePullPolicy to init container (#295) +commit: 103ee1952 + +## 0.1.5 + +bump chart version with PVC metadata label additions +commit: 4aa9cf5b1 + +## 0.1.4 + +removed `*` from `jenkins/templates/NOTES.txt` +commit: 76212230b + +## 0.1.4 + +apply standard metadata labels to PVC's +commit: 58b730836 + +## 0.1.4 + +specify namespace in `kubectl get svc` commands in NOTES.txt +commit: 7d3287e81 + +## 0.1.4 + +Update Jenkins version to current LTS (#194) +commit: 2c0404049 + +## 0.1.1 + +escape fixed +commit: 2026e1d15 + +## 0.1.1 + +.status.loadBalancer.ingress[0].ip is empty in AWS +commit: 1810e37f4 + +## 0.1.1 + +.status.loadBalancer.ingress[0].ip is empty in AWS +commit: 3cbd3ced6 + +## 0.1.1 + +Remove 'Getting Started:' from various NOTES.txt. (#181) +commit: 2f63fd524 + +## 0.1.1 + +docs(*): update READMEs to reference chart repos (#119) +commit: c7d1bff05 + +## 0.1.0 + +Move first batch of PVC charts to stable +commit: d745f4879 diff --git a/ci/jenkins/Chart.yaml b/ci/jenkins/Chart.yaml new file mode 100644 index 00000000..77716d64 --- /dev/null +++ b/ci/jenkins/Chart.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +name: jenkins +home: https://jenkins.io/ +version: 1.7.4 +appVersion: lts +description: Open source continuous integration server. It supports multiple SCM tools + including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based + projects as well as arbitrary scripts. +sources: +- https://github.com/jenkinsci/jenkins +- https://github.com/jenkinsci/docker-jnlp-slave +- https://github.com/maorfr/kube-tasks +- https://github.com/jenkinsci/configuration-as-code-plugin +maintainers: +- name: lachie83 + email: lachlan.evenson@microsoft.com +- name: viglesiasce + email: viglesias@google.com +- name: maorfr + email: maor.friedman@redhat.com +- name: torstenwalter + email: mail@torstenwalter.de +- name: mogaal + email: garridomota@gmail.com +icon: https://wiki.jenkins-ci.org/download/attachments/2916393/logo.png diff --git a/ci/jenkins/OWNERS b/ci/jenkins/OWNERS new file mode 100644 index 00000000..5e744808 --- /dev/null +++ b/ci/jenkins/OWNERS @@ -0,0 +1,12 @@ +approvers: +- lachie83 +- viglesiasce +- maorfr +- torstenwalter +- mogaal +reviewers: +- lachie83 +- viglesiasce +- maorfr +- torstenwalter +- mogaal diff --git a/ci/jenkins/README.md b/ci/jenkins/README.md new file mode 100644 index 00000000..d9f54e43 --- /dev/null +++ b/ci/jenkins/README.md @@ -0,0 +1,513 @@ +# Jenkins Helm Chart + +Jenkins master and agent cluster utilizing the Jenkins Kubernetes plugin + +* https://wiki.jenkins-ci.org/display/JENKINS/Kubernetes+Plugin + +Inspired by the awesome work of Carlos Sanchez + +## Chart Details + +This chart will do the following: + +* 1 x Jenkins Master with port 8080 exposed on an external LoadBalancer +* All using Kubernetes Deployments + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install --name my-release stable/jenkins +``` + +## Upgrading an existing Release to a new major version + +A major chart version change (like v0.40.0 -> v1.0.0) indicates that there is an incompatible breaking change needing manual actions. + + +### 1.0.0 + +Breaking changes: + +- values have been renamed to follow helm chart best practices for naming conventions so + that all variables start with a lowercase letter and words are separated with camelcase + https://helm.sh/docs/chart_best_practices/#naming-conventions +- all resources are now using recommended standard labels + https://helm.sh/docs/chart_best_practices/#standard-labels + +As a result of the label changes also the selectors of the deployment have been updated. +Those are immutable so trying an updated will cause an error like: + +``` +Error: Deployment.apps "jenkins" is invalid: spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"app.kubernetes.io/component":"jenkins-master", "app.kubernetes.io/instance":"jenkins"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable +``` + +In order to upgrade, delete the Jenkins Deployment before upgrading: + +``` +kubectl delete deploy jenkins +``` + + +## Configuration + +The following tables list the configurable parameters of the Jenkins chart and their default values. + +### Jenkins Master + +| Parameter | Description | Default | +| --------------------------------- | ------------------------------------ | ----------------------------------------- | +| `checkDeprecation` | Checks for deprecated values used | `true` | +| `clusterZone` | Override the cluster name for FQDN resolving | `cluster.local` | +| `nameOverride` | Override the resource name prefix | `jenkins` | +| `fullnameOverride` | Override the full resource names | `jenkins-{release-name}` (or `jenkins` if release-name is `jenkins`) | +| `namespaceOverride` | Override the deployment namespace | Not set (`Release.Namespace`) | +| `master.componentName` | Jenkins master name | `jenkins-master` | +| `master.image` | Master image name | `jenkins/jenkins` | +| `master.tag` | Master image tag | `lts` | +| `master.imagePullPolicy` | Master image pull policy | `Always` | +| `master.imagePullSecret` | Master image pull secret | Not set | +| `master.numExecutors` | Set Number of executors | 0 | +| `master.customJenkinsLabels` | Append Jenkins labels to the master | `{}` | +| `master.useSecurity` | Use basic security | `true` | +| `master.securityRealm` | Custom Security Realm | Not set | +| `master.authorizationStrategy` | Jenkins XML job config for AuthorizationStrategy | Not set | +| `master.deploymentLabels` | Custom Deployment labels | Not set | +| `master.serviceLabels` | Custom Service labels | Not set | +| `master.podLabels` | Custom Pod labels | Not set | +| `master.adminUser` | Admin username (and password) created as a secret if useSecurity is true | `admin` | +| `master.adminPassword` | Admin password (and user) created as a secret if useSecurity is true | Random value | +| `master.jenkinsAdminEmail` | Email address for the administrator of the Jenkins instance | Not set | +| `master.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 50m, memory: 256Mi}, limits: {cpu: 2000m, memory: 4096Mi}}`| +| `master.initContainerEnv` | Environment variables for Init Container | Not set | +| `master.containerEnv` | Environment variables for Jenkins Container | Not set | +| `master.usePodSecurityContext` | Enable pod security context (must be `true` if `runAsUser` or `fsGroup` are set) | `true` | +| `master.runAsUser` | uid that jenkins runs with | `0` | +| `master.fsGroup` | uid that will be used for persistent volume | `0` | +| `master.hostAliases` | Aliases for IPs in `/etc/hosts` | `[]` | +| `master.serviceAnnotations` | Service annotations | `{}` | +| `master.serviceType` | k8s service type | `LoadBalancer` | +| `master.servicePort` | k8s service port | `8080` | +| `master.targetPort` | k8s target port | `8080` | +| `master.nodePort` | k8s node port | Not set | +| `master.healthProbes` | Enable k8s liveness and readiness probes | `true` | +| `master.healthProbesLivenessTimeout` | Set the timeout for the liveness probe | `5` | +| `master.healthProbesReadinessTimeout` | Set the timeout for the readiness probe | `5` | +| `master.healthProbeLivenessPeriodSeconds` | Set how often (in seconds) to perform the liveness probe | `10` | +| `master.healthProbeReadinessPeriodSeconds` | Set how often (in seconds) to perform the readiness probe | `10` | +| `master.healthProbeLivenessFailureThreshold` | Set the failure threshold for the liveness probe | `5` | +| `master.healthProbeReadinessFailureThreshold` | Set the failure threshold for the readiness probe | `3` | +| `master.healthProbeLivenessInitialDelay` | Set the initial delay for the liveness probe | `90` | +| `master.healthProbeReadinessInitialDelay` | Set the initial delay for the readiness probe | `60` | +| `master.slaveListenerPort` | Listening port for agents | `50000` | +| `master.slaveHostPort` | Host port to listen for agents | Not set | +| `master.slaveKubernetesNamespace` | Namespace in which the Kubernetes agents should be launched | Not set | +| `master.disabledAgentProtocols` | Disabled agent protocols | `JNLP-connect JNLP2-connect` | +| `master.csrf.defaultCrumbIssuer.enabled` | Enable the default CSRF Crumb issuer | `true` | +| `master.csrf.defaultCrumbIssuer.proxyCompatability` | Enable proxy compatibility | `true` | +| `master.cli` | Enable CLI over remoting | `false` | +| `master.loadBalancerSourceRanges` | Allowed inbound IP addresses | `0.0.0.0/0` | +| `master.loadBalancerIP` | Optional fixed external IP | Not set | +| `master.jmxPort` | Open a port, for JMX stats | Not set | +| `master.extraPorts` | Open extra ports, for other uses | Not set | +| `master.overwriteConfig` | Replace init scripts and config w/ ConfigMap on boot | `false` | +| `master.ingress.enabled` | Enables ingress | `false` | +| `master.ingress.apiVersion` | Ingress API version | `extensions/v1beta1` | +| `master.ingress.hostName` | Ingress host name | Not set | +| `master.ingress.annotations` | Ingress annotations | `{}` | +| `master.ingress.labels` | Ingress labels | `{}` | +| `master.ingress.path` | Ingress path | Not set | +| `master.ingress.tls` | Ingress TLS configuration | `[]` | +| `master.backendconfig.enabled` | Enables backendconfig | `false` | +| `master.backendconfig.apiVersion` | backendconfig API version | `extensions/v1beta1` | +| `master.backendconfig.name` | backendconfig name | Not set | +| `master.backendconfig.annotations` | backendconfig annotations | `{}` | +| `master.backendconfig.labels` | backendconfig labels | `{}` | +| `master.backendconfig.spec` | backendconfig spec | `{}` | +| `master.route.enabled` | Enables openshift route | `false` | +| `master.route.annotations` | Route annotations | `{}` | +| `master.route.labels` | Route labels | `{}` | +| `master.route.path` | Route path | Not set | +| `master.jenkinsUrlProtocol` | Set protocol for JenkinsLocationConfiguration.xml | Set to `https` if `Master.ingress.tls`, `http` otherwise | +| `master.JCasC.enabled` | Wheter Jenkins Configuration as Code is enabled or not | `false` | +| `master.JCasC.defaultConfig` | Enables default Jenkins configuration via configuration as code plugin | `false` | +| `master.JCasC.configScripts` | List of Jenkins Config as Code scripts | | +| `master.enableXmlConfig` | enables configuration done via XML files | `false` | +| `master.sidecars.configAutoReload` | Jenkins Config as Code auto-reload settings | | +| `master.sidecars.configAutoReload.enabled` | Jenkins Config as Code auto-reload settings (Attention: rbac needs to be enabled otherwise the sidecar can't read the config map) | `false` | +| `master.sidecars.configAutoReload.image` | Image which triggers the reload | `shadwell/k8s-sidecar:0.0.2` | +| `master.sidecars.others` | Configures additional sidecar container(s) for Jenkins master | `{}` | +| `master.initScripts` | List of Jenkins init scripts | Not set | +| `master.credentialsXmlSecret` | Kubernetes secret that contains a 'credentials.xml' file | Not set | +| `master.secretsFilesSecret` | Kubernetes secret that contains 'secrets' files | Not set | +| `master.jobs` | Jenkins XML job configs | `{}` | +| `master.overwriteJobs` | Replace jobs w/ ConfigMap on boot | `false` | +| `master.installPlugins` | List of Jenkins plugins to install. If you don't want to install plugins set it to `[]` | `kubernetes:1.18.2 workflow-aggregator:2.6 credentials-binding:1.19 git:3.11.0 workflow-job:2.33` | +| `master.overwritePlugins` | Overwrite installed plugins on start.| `false` | +| `master.enableRawHtmlMarkupFormatter` | Enable HTML parsing using (see below) | false | +| `master.scriptApproval` | List of groovy functions to approve | Not set | +| `master.nodeSelector` | Node labels for pod assignment | `{}` | +| `master.affinity` | Affinity settings | `{}` | +| `master.tolerations` | Toleration labels for pod assignment | `[]` | +| `master.podAnnotations` | Annotations for master pod | `{}` | +| `master.customConfigMap` | Deprecated: Use a custom ConfigMap | `false` | +| `master.additionalConfig` | Deprecated: Add additional config files | `{}` | +| `master.jenkinsUriPrefix` | Root Uri Jenkins will be served on | Not set | +| `master.customInitContainers` | Custom init-container specification in raw-yaml format | Not set | +| `master.lifecycle` | Lifecycle specification for master-container | Not set | +| `master.prometheus.enabled` | Enables prometheus service monitor | `false` | +| `master.prometheus.serviceMonitorAdditionalLabels` | Additional labels to add to the service monitor object | `{}` | +| `master.prometheus.serviceMonitorNamespace` | Custom namespace for serviceMonitor | Not set (same ns where is Jenkins being deployed) | +| `master.prometheus.scrapeInterval` | How often prometheus should scrape metrics | `60s` | +| `master.prometheus.scrapeEndpoint` | The endpoint prometheus should get metrics from | `/prometheus` | +| `master.prometheus.alertingrules` | Array of prometheus alerting rules | `[]` | +| `master.prometheus.alertingRulesAdditionalLabels` | Additional labels to add to the prometheus rule object | `{}` | +| `master.priorityClassName` | The name of a `priorityClass` to apply to the master pod | Not set | +| `master.testEnabled` | Can be used to disable rendering test resources when using helm template | `true` | +| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources. | `false` | +| `networkPolicy.apiVersion` | NetworkPolicy ApiVersion | `networking.k8s.io/v1` | +| `rbac.create` | Whether RBAC resources are created | `true` | +| `serviceAccount.name` | name of the ServiceAccount to be used by access-controlled resources | autogenerated | +| `serviceAccount.create` | Configures if a ServiceAccount with this name should be created | `true` | +| `serviceAccount.annotations` | Configures annotation for the ServiceAccount | `{}` | +| `serviceAccountAgent.name` | name of the agent ServiceAccount to be used by access-controlled resources | autogenerated | +| `serviceAccountAgent.create` | Configures if an agent ServiceAccount with this name should be created | `false` | +| `serviceAccountAgent.annotations` | Configures annotation for the agent ServiceAccount | `{}` | + + +Some third-party systems, e.g. GitHub, use HTML-formatted data in their payload sent to a Jenkins webhooks, e.g. URL of a pull-request being built. To display such data as processed HTML instead of raw text set `master.enableRawHtmlMarkupFormatter` to true. This option requires installation of OWASP Markup Formatter Plugin (antisamy-markup-formatter). The plugin is **not** installed by default, please update `master.installPlugins`. + +### Jenkins Agent + +| Parameter | Description | Default | +| -------------------------- | ----------------------------------------------- | ---------------------- | +| `agent.alwaysPullImage` | Always pull agent container image before build | `false` | +| `agent.customJenkinsLabels`| Append Jenkins labels to the agent | `{}` | +| `agent.enabled` | Enable Kubernetes plugin jnlp-agent podTemplate | `true` | +| `agent.image` | Agent image name | `jenkins/jnlp-slave` | +| `agent.imagePullSecret` | Agent image pull secret | Not set | +| `agent.tag` | Agent image tag | `3.27-1` | +| `agent.privileged` | Agent privileged container | `false` | +| `agent.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 512m, memory: 512Mi}, limits: {cpu: 512m, memory: 512Mi}}`| +| `agent.volumes` | Additional volumes | `nil` | +| `agent.envVars` | Environment variables for the agent Pod | Not set | +| `agent.command` | Executed command when side container starts | Not set | +| `agent.args` | Arguments passed to executed command | Not set | +| `agent.sideContainerName` | Side container name in agent | jnlp | +| `agent.TTYEnabled` | Allocate pseudo tty to the side container | false | +| `agent.containerCap` | Maximum number of agent | 10 | +| `agent.podName` | Agent Pod base name | Not set | +| `agent.idleMinutes` | Allows the Pod to remain active for reuse | 0 | +| `agent.yamlTemplate` | The raw yaml of a Pod API Object to merge into the agent spec | Not set | + + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm install --name my-release -f values.yaml stable/jenkins +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Mounting volumes into your Agent pods + +Your Jenkins Agents will run as pods, and it's possible to inject volumes where needed: + +```yaml +agent: + volumes: + - type: Secret + secretName: jenkins-mysecrets + mountPath: /var/run/secrets/jenkins-mysecrets +``` + +The supported volume types are: `ConfigMap`, `EmptyDir`, `HostPath`, `Nfs`, `Pod`, `Secret`. Each type supports a different set of configurable attributes, defined by [the corresponding Java class](https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes). + +## NetworkPolicy + +To make use of the NetworkPolicy resources created by default, +install [a networking plugin that implements the Kubernetes +NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin). + +For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting +the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: + + kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" + +Install helm chart with network policy enabled: + + $ helm install stable/jenkins --set networkPolicy.enabled=true + +## Adding customized securityRealm + +`master.securityRealm` in values can be used to support custom security realm instead of default `LegacySecurityRealm`. For example, you can add a security realm to authenticate via keycloak. + +```yaml +securityRealm: |- + + testId + testsecret + https:testurl + https:testAuthUrl + email + openid email + +``` + +## Adding additional configs + +`master.additionalConfig` can be used to add additional config files in `config.yaml`. For example, it can be used to add additional config files for keycloak authentication. + +```yaml +additionalConfig: + testConfig.txt: |- + - name: testName + clientKey: testKey + clientURL: testUrl +``` + +## Adding customized labels + +`master.serviceLabels` can be used to add custom labels in `jenkins-master-svc.yaml`. For example, + +```yaml +ServiceLabels: + expose: true +``` + +## Persistence + +The Jenkins image stores persistence under `/var/jenkins_home` path of the container. A dynamically managed Persistent Volume +Claim is used to keep the data across deployments, by default. This is known to work in GCE, AWS, and minikube. Alternatively, +a previously configured Persistent Volume Claim can be used. + +It is possible to mount several volumes using `persistence.volumes` and `persistence.mounts` parameters. + +### Persistence Values + +| Parameter | Description | Default | +| --------------------------- | ------------------------------- | --------------- | +| `persistence.enabled` | Enable the use of a Jenkins PVC | `true` | +| `persistence.existingClaim` | Provide the name of a PVC | `nil` | +| `persistence.annotations` | Annotations for the PVC | `{}` | +| `persistence.accessMode` | The PVC access mode | `ReadWriteOnce` | +| `persistence.size` | The size of the PVC | `8Gi` | +| `persistence.subPath` | SubPath for jenkins-home mount | `nil` | +| `persistence.volumes` | Additional volumes | `nil` | +| `persistence.mounts` | Additional mounts | `nil` | + +#### Existing PersistentVolumeClaim + +1. Create the PersistentVolume +2. Create the PersistentVolumeClaim +3. Install the chart + +```bash +$ helm install --name my-release --set persistence.existingClaim=PVC_NAME stable/jenkins +``` + +## Configuration as Code +Jenkins Configuration as Code is now a standard component in the Jenkins project. Add a key under configScripts for each configuration area, where each corresponds to a plugin or section of the UI. The keys (prior to | character) are just labels, and can be any value. They are only used to give the section a meaningful name. The only restriction is they must conform to RFC 1123 definition of a DNS label, so may only contain lowercase letters, numbers, and hyphens. Each key will become the name of a configuration yaml file on the master in /var/jenkins_home/casc_configs (by default) and will be processed by the Configuration as Code Plugin during Jenkins startup. The lines after each | become the content of the configuration yaml file. The first line after this is a JCasC root element, eg jenkins, credentials, etc. Best reference is the Documentation link here: https:///configuration-as-code. The example below creates ldap settings: + +```yaml +configScripts: + ldap-settings: | + jenkins: + securityRealm: + ldap: + configurations: + configurations: + - server: ldap.acme.com + rootDN: dc=acme,dc=uk + managerPasswordSecret: ${LDAP_PASSWORD} + - groupMembershipStrategy: + fromUserRecord: + attributeName: "memberOf" +``` + +Further JCasC examples can be found [here.](https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos) +### Config as Code with and without auto-reload +Config as Code changes (to master.JCasC.configScripts) can either force a new pod to be created and only be applied at next startup, or can be auto-reloaded on-the-fly. If you choose `master.sidecars.autoConfigReload.enabled: true`, a second, auxiliary container will be installed into the Jenkins master pod, known as a "sidecar". This watches for changes to configScripts, copies the content onto the Jenkins file-system and issues a CLI command via SSH to reload configuration. The admin user (or account you specify in master.adminUser) will have a random SSH private key (RSA 4096) assigned unless you specify a key in `master.adminSshKey`. This will be saved to a k8s secret. You can monitor this sidecar's logs using command `kubectl logs -c jenkins-sc-config -f` +If you want to enable auto-reload then you also need to configure rbac as the container which triggers the reload needs to watch the config maps. + +```yaml +master: + JCasC: + enabled: true + sidecars: + configAutoReload: + enabled: true +rbac: + install: true +``` + +### Auto-reload with non-Jenkins identities +When enabling LDAP or another non-Jenkins identity source, the built-in admin account will no longer exist. Since the admin account is used by the sidecar to reload config, in order to use auto-reload, you must change the .master.adminUser to a valid username on your LDAP (or other) server. If you use the matrix-auth plugin, this user must also be granted Overall\Administer rights in Jenkins. Failure to do this will cause the sidecar container to fail to authenticate via SSH and enter a restart loop. You can enable LDAP using the example above and add a Config as Code block for matrix security that includes: +```yaml +configScripts: + matrix-auth: | + jenkins: + authorizationStrategy: + projectMatrix: + grantedPermissions: + - "Overall/Administer:" +``` +You can instead grant this permission via the UI. When this is done, you can set `master.sidecars.configAutoReload.enabled: true` and upon the next Helm upgrade, auto-reload will be successfully enabled. + +## RBAC + +RBAC is enabled by default if you want to disable it you will need to do the following: + +* `helm install stable/jenkins --set rbac.create=false` + +## Backup + +Adds a backup CronJob for jenkins, along with required RBAC resources. + +### Backup Values + +| Parameter | Description | Default | +| -------------------------------------- | ------------------------------------------------------ | --------------------------------- | +| `backup.enabled` | Enable the use of a backup CronJob | `false` | +| `backup.schedule` | Schedule to run jobs | `0 2 * * *` | +| `backup.annotations` | Backup pod annotations | iam.amazonaws.com/role: `jenkins` | +| `backup.image.repo` | Backup image repository | `maorfr/kube-tasks` | +| `backup.image.tag` | Backup image tag | `0.2.0` | +| `backup.extraArgs` | Additional arguments for kube-tasks | `[]` | +| `backup.existingSecret` | Environment variables to add to the cronjob container | {} | +| `backup.existingSecret.*` | Specify the secret name containing the AWS credentials | `jenkinsaws` | +| `backup.existingSecret.*.awsaccesskey` | `secretKeyRef.key` used for `AWS_ACCESS_KEY_ID` | `jenkins_aws_access_key` | +| `backup.existingSecret.*.awssecretkey` | `secretKeyRef.key` used for `AWS_SECRET_ACCESS_KEY` | `jenkins_aws_secret_key` | +| `backup.env` | Backup environment variables | AWS_REGION: `us-east-1` | +| `backup.resources` | Backup CPU/Memory resource requests/limits | Memory: `1Gi`, CPU: `1` | +| `backup.destination` | Destination to store backup artifacts | `s3://jenkins-data/backup` | + +### Restore from backup + +To restore a backup, you can use the `kube-tasks` underlying tool called [skbn](https://github.com/maorfr/skbn), which copies files from cloud storage to Kubernetes. +The best way to do it would be using a `Job` to copy files from the desired backup tag to the Jenkins pod. +See the [skbn in-cluster example](https://github.com/maorfr/skbn/tree/master/examples/in-cluster) for more details. + + +## Run Jenkins as non root user + +The default settings of this helm chart let Jenkins run as root user with uid `0`. +Due to security reasons you may want to run Jenkins as a non root user. +Fortunately the default jenkins docker image `jenkins/jenkins` contains a user `jenkins` with uid `1000` that can be used for this purpose. + +Simply use the following settings to run Jenkins as `jenkins` user with uid `1000`. + +```yaml +master: + runAsUser: 1000 + fsGroup: 1000 +``` + +## Providing jobs xml + +Jobs can be created (and overwritten) by providing jenkins config xml within the `values.yaml` file. +The keys of the map will become a directory within the jobs directory. +The values of the map will become the `config.xml` file in the respective directory. + +Below is an example of a `values.yaml` file and the directory structure created: + +#### values.yaml +```yaml +master: + jobs: + test-job: |- + + + false + + + false + false + false + false + + false + + + + + test-job-2: |- + + + false + + + false + false + false + false + + false + + + +``` + +#### Directory structure of jobs directory +``` +. +├── _test-job-1 +| └── config.xml +├── _test-job-2 +| └── config.xml +``` + +Docs taken from https://github.com/jenkinsci/docker/blob/master/Dockerfile: +_Jenkins is run with user `jenkins`, uid = 1000. If you bind mount a volume from the host or a data container,ensure you use the same uid_ + +## Running behind a forward proxy + +The master pod uses an Init Container to install plugins etc. If you are behind a corporate proxy it may be useful to set `master.initContainerEnv` to add environment variables such as `http_proxy`, so that these can be downloaded. + +Additionally, you may want to add env vars for the Jenkins container, and the JVM (`master.javaOpts`). + +```yaml +master: + initContainerEnv: + - name: http_proxy + value: "http://192.168.64.1:3128" + - name: https_proxy + value: "http://192.168.64.1:3128" + - name: no_proxy + value: "" + containerEnv: + - name: http_proxy + value: "http://192.168.64.1:3128" + - name: https_proxy + value: "http://192.168.64.1:3128" + javaOpts: >- + -Dhttp.proxyHost=192.168.64.1 + -Dhttp.proxyPort=3128 + -Dhttps.proxyHost=192.168.64.1 + -Dhttps.proxyPort=3128 +``` + +## Custom ConfigMap + +The following configuration method is deprecated and will be removed in an upcoming version of this chart. +We recommend you use Jenkins Configuration as Code to configure instead. +When creating a new parent chart with this chart as a dependency, the `customConfigMap` parameter can be used to override the default config.xml provided. +It also allows for providing additional xml configuration files that will be copied into `/var/jenkins_home`. In the parent chart's values.yaml, +set the `jenkins.master.customConfigMap` value to true like so + +```yaml +jenkins: + master: + customConfigMap: true +``` + +and provide the file `templates/config.tpl` in your parent chart for your use case. You can start by copying the contents of `config.yaml` from this chart into your parent charts `templates/config.tpl` as a basis for customization. Finally, you'll need to wrap the contents of `templates/config.tpl` like so: + +```yaml +{{- define "override_config_map" }} + +{{ end }} +``` diff --git a/ci/jenkins/ci/casc-values.yaml b/ci/jenkins/ci/casc-values.yaml new file mode 100644 index 00000000..24c2cf94 --- /dev/null +++ b/ci/jenkins/ci/casc-values.yaml @@ -0,0 +1,10 @@ +master: + JCasC: + enabled: true + sidecars: + configAutoReload: + enabled: true + healthProbeLivenessInitialDelay: 10 + healthProbeReadinessInitialDelay: 10 +persistence: + enabled: false diff --git a/ci/jenkins/ci/default-values.yaml b/ci/jenkins/ci/default-values.yaml new file mode 100644 index 00000000..e12ad545 --- /dev/null +++ b/ci/jenkins/ci/default-values.yaml @@ -0,0 +1 @@ +# this file is empty to check if defaults within values.yaml work as expected diff --git a/ci/jenkins/hw_override.yaml b/ci/jenkins/hw_override.yaml new file mode 100644 index 00000000..ca18c7e3 --- /dev/null +++ b/ci/jenkins/hw_override.yaml @@ -0,0 +1,111 @@ +# This yaml file used to override the default values in values.yaml +# which are used to deploy a production jenkins cluster in huawei cloud. +master: + # default admin name + adminUser: admin + # default admin password + adminPassword: AdminPassword + # test pod will be created to test the readness of master web UI if enabled. + testEnabled: false + # used to specify the Elb ID which used for master service + huaweielbID: e1bb61d2-6101-419f-97d8-c76b1020a0c1 + # used to specify the service type of master service + serviceType: LoadBalancer + # EIP for node load balancer + loadBalancerIP: 114.116.250.98 + # used to specify the service port for master web UI + servicePort: 80 + # used to specify the service node port for master web UI + nodePort: 8000 + # master image node and tag + image: "swr.cn-south-1.myhuaweicloud.com/freesky-edward/jenkins" + tag: "lts" + # request resource for master pod + resources: + requests: + cpu: "8000m" + memory: "8192Mi" + limits: + cpu: "8000m" + memory: "16384Mi" + # installed plugins + installPlugins: + - kubernetes:1.18.2 + - workflow-job:2.33 + - workflow-aggregator:2.6 + - credentials-binding:1.19 + - git:3.11.0 + - gitee:1.1.3 + - ssh-slaves:1.31.0 + +agent: + # Whether enable agents + enabled: true + # request resource for agent pod + resources: + requests: + cpu: "8000m" + memory: "16384Mi" + limits: + cpu: "8000m" + memory: "16384Mi" + # node selector when creating new agent, it can be used to schedule agent to some kinds of the nodes + nodeSelector: {} + # Max number of spawned agent + containerCap: 10 + + #Configure option for cloud 1 provider + cloud1: + name: kubernetes-x86-cluster + podName: k8s-x86 + # used to select correct node in k8s + nodeSelector: {} + image: "swr.cn-south-1.myhuaweicloud.com/freesky-edward/jnlp-slave" + tag: "3.27-1" + # Resource request for cloud 1 agents. + resources: + requests: + cpu: "2000m" + memory: "4096Mi" + #Used in job to specify which kind of agent to use for example arm or x86 + componentName: "jenkins-slave-x86" + envVars: + - name: JENKINS_AGENT_WORKDIR + value: /home/jenkins/agent-working-dir + volumes: + - type: HostPath + mountPath: /home/jenkins/agent-working-dir + hostPath: /jenkins_agent_dir + #Configure option for cloud 2 provider + cloud2: + name: kubernetes-arm-cluster + podName: k8s-arm + # used to select correct node in k8s + nodeSelector: {} + image: "swr.cn-south-1.myhuaweicloud.com/freesky-edward/jnlp-slave" + tag: "3.27-1" + # Resource request for cloud 2 agents. + resources: + requests: + cpu: "2000m" + memory: "4096Mi" + #Used in job to specify which kind of agent to use for example arm or x86 + componentName: "jenkins-slave-arm" + envVars: + - name: JENKINS_AGENT_WORKDIR + value: /home/jenkins/agent-working-dir + volumes: + - type: HostPath + mountPath: /home/jenkins/agent-working-dir + hostPath: /jenkins_agent_dir + +persistence: + # Whether to enable persistent volume + enabled: true + # used to specify the PVC for jenkins master + size: 100Gi + # used to specify the PVC SC for jenkins master + storageClass: ssd + accessMode: ReadWriteMany + + diff --git a/ci/jenkins/templates/NOTES.txt b/ci/jenkins/templates/NOTES.txt new file mode 100644 index 00000000..c4e54f6f --- /dev/null +++ b/ci/jenkins/templates/NOTES.txt @@ -0,0 +1,60 @@ +1. Get your '{{ .Values.master.adminUser }}' user password by running: + printf $(kubectl get secret --namespace {{ template "jenkins.namespace" . }} {{ template "jenkins.fullname" . }} -o jsonpath="{.data.jenkins-admin-password}" | base64 --decode);echo + +{{- if .Values.master.ingress.hostName }} + +2. Visit http://{{ .Values.master.ingress.hostName }} +{{- else }} +2. Get the Jenkins URL to visit by running these commands in the same shell: +{{- if contains "NodePort" .Values.master.serviceType }} + export NODE_PORT=$(kubectl get --namespace {{ template "jenkins.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "jenkins.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ template "jenkins.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT/login + +{{- else if contains "LoadBalancer" .Values.master.serviceType }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc --namespace {{ template "jenkins.namespace" . }} -w {{ template "jenkins.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ template "jenkins.namespace" . }} {{ template "jenkins.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + echo http://$SERVICE_IP:{{ .Values.master.servicePort }}/login + +{{- else if contains "ClusterIP" .Values.master.serviceType }} + export POD_NAME=$(kubectl get pods --namespace {{ template "jenkins.namespace" . }} -l "app.kubernetes.io/component={{ .Values.master.componentName }}" -l "app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo http://127.0.0.1:{{ .Values.master.servicePort }} + kubectl --namespace {{ template "jenkins.namespace" . }} port-forward $POD_NAME {{ .Values.master.servicePort }}:{{ .Values.master.servicePort }} + +{{- end }} +{{- end }} + +3. Login with the password from step 1 and the username: {{ .Values.master.adminUser }} +{{ if .Values.master.JCasC.enabled }} +4. Use Jenkins Configuration as Code by specifying configScripts in your values.yaml file, see documentation: http://{{ .Values.master.ingress.hostName }}/configuration-as-code and examples: https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos +{{- end }} + +For more information on running Jenkins on Kubernetes, visit: +https://cloud.google.com/solutions/jenkins-on-container-engine +{{- if .Values.master.JCasC.enabled }} +For more information about Jenkins Configuration as Code, visit: +https://jenkins.io/projects/jcasc/ +{{- end }} + +{{- if .Values.persistence.enabled }} +{{- else }} +################################################################################# +###### WARNING: Persistence is disabled!!! You will lose your data when ##### +###### the Jenkins pod is terminated. ##### +################################################################################# +{{- end }} + +{{- if .Values.master.imageTag }} +################################################################################# +###### WARNING: `master.imageTag` will be obsoleted soon!!! ##### +###### It has been renamed to `master.tag`. ##### +################################################################################# +{{- end }} + +{{- if .Values.agent.imageTag }} +################################################################################# +###### WARNING: `agent.imageTag` will be obsoleted soon!!! ##### +###### It has been renamed to `agent.tag`. ##### +################################################################################# +{{- end }} diff --git a/ci/jenkins/templates/_helpers.tpl b/ci/jenkins/templates/_helpers.tpl new file mode 100644 index 00000000..9c9aab1d --- /dev/null +++ b/ci/jenkins/templates/_helpers.tpl @@ -0,0 +1,201 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "jenkins.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts. +*/}} +{{- define "jenkins.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "jenkins.master.slaveKubernetesNamespace" -}} + {{- if .Values.master.slaveKubernetesNamespace -}} + {{- .Values.master.slaveKubernetesNamespace -}} + {{- else -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} + {{- end -}} +{{- end -}} + + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "jenkins.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Returns the Jenkins URL +*/}} +{{- define "jenkins.url" -}} +{{- if .Values.master.jenkinsUrl }} + {{- .Values.master.jenkinsUrl }} +{{- else }} + {{- if .Values.master.ingress.hostName }} + {{- if .Values.master.ingress.tls }} + {{- default "https" .Values.master.jenkinsUrlProtocol }}://{{ .Values.master.ingress.hostName }}{{ default "" .Values.master.jenkinsUriPrefix }} + {{- else }} + {{- default "http" .Values.master.jenkinsUrlProtocol }}://{{ .Values.master.ingress.hostName }}{{ default "" .Values.master.jenkinsUriPrefix }} + {{- end }} + {{- else }} + {{- default "http" .Values.master.jenkinsUrlProtocol }}://{{ template "jenkins.fullname" . }}:{{.Values.master.servicePort}}{{ default "" .Values.master.jenkinsUriPrefix }} + {{- end}} +{{- end}} +{{- end -}} + +{{/* +Returns configuration as code default config +*/}} +{{- define "jenkins.casc.defaults" -}} +jenkins: + disableRememberMe: false + mode: NORMAL + numExecutors: {{ .Values.master.numExecutors }} + projectNamingStrategy: "standard" + markupFormatter: + {{- if .Values.master.enableRawHtmlMarkupFormatter }} + rawHtml: + disableSyntaxHighlighting: true + {{- else }} + "plainText" + {{- end }} + clouds: + - kubernetes: + containerCapStr: "{{ .Values.agent.containerCap }}" + {{- if .Values.master.slaveKubernetesNamespace }} + jenkinsTunnel: "{{ template "jenkins.fullname" . }}-agent.{{ template "jenkins.namespace" . }}:{{ .Values.master.slaveListenerPort }}" + jenkinsUrl: "http://{{ template "jenkins.fullname" . }}.{{ template "jenkins.namespace" . }}:{{.Values.master.servicePort}}{{ default "" .Values.master.jenkinsUriPrefix }}" + {{- else }} + jenkinsTunnel: "{{ template "jenkins.fullname" . }}-agent:{{ .Values.master.slaveListenerPort }}" + jenkinsUrl: "http://{{ template "jenkins.fullname" . }}:{{.Values.master.servicePort}}{{ default "" .Values.master.jenkinsUriPrefix }}" + {{- end }} + maxRequestsPerHostStr: "32" + name: "kubernetes" + namespace: "{{ template "jenkins.master.slaveKubernetesNamespace" . }}" + serverUrl: "https://kubernetes.default" + {{- if .Values.agent.enabled }} + templates: + - containers: + - alwaysPullImage: {{ .Values.agent.alwaysPullImage }} + {{- if .Values.agent.args }} + args: "{{ .Values.agent.args }}" + {{- else }} + args: "^${computer.jnlpmac} ^${computer.name}" + {{- end }} + command: {{ .Values.agent.command }} + envVars: + - containerEnvVar: + key: "JENKINS_URL" + value: "http://{{ template "jenkins.fullname" . }}.{{ template "jenkins.namespace" . }}.svc.{{.Values.clusterZone}}:{{.Values.master.servicePort}}{{ default "" .Values.master.jenkinsUriPrefix }}" + {{- if .Values.agent.imageTag }} + image: "{{ .Values.agent.image }}:{{ .Values.agent.imageTag }}" + {{- else }} + image: "{{ .Values.agent.image }}:{{ .Values.agent.tag }}" + {{- end }} + name: "{{ .Values.agent.sideContainerName }}" + privileged: "{{- if .Values.agent.privileged }}true{{- else }}false{{- end }}" + resourceLimitCpu: {{.Values.agent.resources.limits.cpu}} + resourceLimitMemory: {{.Values.agent.resources.limits.memory}} + resourceRequestCpu: {{.Values.agent.resources.requests.cpu}} + resourceRequestMemory: {{.Values.agent.resources.requests.memory}} + ttyEnabled: {{ .Values.agent.TTYEnabled }} + workingDir: "/home/jenkins" + idleMinutes: {{ .Values.agent.idleMinutes }} + instanceCap: 2147483647 + {{- if .Values.agent.imagePullSecretName }} + imagePullSecrets: + - name: {{ .Values.agent.imagePullSecretName }} + {{- end }} + label: "{{ .Release.Name }}-{{ .Values.agent.componentName }} {{ .Values.agent.customJenkinsLabels | join " " }}" + name: "{{ .Values.agent.podName }}" + nodeUsageMode: "NORMAL" + podRetention: {{ .Values.agent.podRetention }} + showRawYaml: true + serviceAccount: "{{ include "jenkins.serviceAccountAgentName" . }}" + slaveConnectTimeoutStr: "100" + yaml: |- + {{ tpl .Values.agent.yamlTemplate . | nindent 10 | trim }} + yamlMergeStrategy: "override" + {{- end }} + {{- if .Values.master.csrf.defaultCrumbIssuer.enabled }} + crumbIssuer: + standard: + excludeClientIPFromCrumb: {{ if .Values.master.csrf.defaultCrumbIssuer.proxyCompatability }}true{{ else }}false{{- end }} + {{- end }} +security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true +unclassified: + location: + adminAddress: {{ default "" .Values.master.jenkinsAdminEmail }} + url: {{ template "jenkins.url" . }} +{{- end -}} + +{{- define "jenkins.kubernetes-version" -}} + {{- if .Values.master.installPlugins -}} + {{- range .Values.master.installPlugins -}} + {{ if hasPrefix "kubernetes:" . }} + {{- $split := splitList ":" . }} + {{- printf "%s" (index $split 1 ) -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Generate private key for jenkins CLI +*/}} +{{- define "jenkins.gen-key" -}} +{{- if not .Values.master.adminSshKey -}} +{{- $key := genPrivateKey "rsa" -}} +jenkins-admin-private-key: {{ $key | b64enc | quote }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "jenkins.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "jenkins.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account for Jenkins agents to use +*/}} +{{- define "jenkins.serviceAccountAgentName" -}} +{{- if .Values.serviceAccountAgent.create -}} + {{ default (printf "%s-%s" (include "jenkins.fullname" .) "agent") .Values.serviceAccountAgent.name }} +{{- else -}} + {{ default "default" .Values.serviceAccountAgent.name }} +{{- end -}} +{{- end -}} diff --git a/ci/jenkins/templates/config.yaml b/ci/jenkins/templates/config.yaml new file mode 100644 index 00000000..db3a40f1 --- /dev/null +++ b/ci/jenkins/templates/config.yaml @@ -0,0 +1,450 @@ +{{- if not .Values.master.customConfigMap }} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "jenkins.fullname" . }} + namespace: {{ template "jenkins.namespace" . }} + labels: + "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' + "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ .Release.Service }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" +data: +{{- if .Values.master.enableXmlConfig }} + config.xml: |- + + + +{{- if .Values.master.imageTag }} + {{ .Values.master.imageTag }} +{{- else }} + {{ .Values.master.tag }} +{{- end }} + {{ .Values.master.numExecutors }} + NORMAL + {{ .Values.master.useSecurity }} +{{ .Values.master.authorizationStrategy | indent 6 }} +{{ .Values.master.securityRealm | indent 6 }} + false + + ${JENKINS_HOME}/workspace/${ITEM_FULLNAME} + ${ITEM_ROOTDIR}/builds +{{- if .Values.master.enableRawHtmlMarkupFormatter }} + + true + +{{- else }} + +{{- end }} + + + + + + {{ .Values.agent.cloud1.name }} + +{{- if .Values.agent.enabled }} + + + {{ .Values.agent.cloud1.podName }} + 2147483647 + {{ .Values.agent.idleMinutes }} + + {{ include "jenkins.serviceAccountAgentName" . }} + + {{- $local := dict "first" true }} + {{- range $key, $value := .Values.agent.cloud1.nodeSelector }} + {{- if not $local.first }},{{- end }} + {{- $key }}={{ $value }} + {{- $_ := set $local "first" false }} + {{- end }} + EXCLUSIVE + +{{- range $index, $volume := .Values.agent.cloud1.volumes }} + +{{- range $key, $value := $volume }}{{- if not (eq $key "type") }} + <{{ $key }}>{{ $value }} +{{- end }}{{- end }} + +{{- end }} + + + + {{ .Values.agent.sideContainerName }} +{{- if .Values.agent.imageTag }} + {{ .Values.agent.cloud1.image }}:{{ .Values.agent.cloud1.imageTag }} +{{- else }} + {{ .Values.agent.cloud1.image }}:{{ .Values.agent.cloud1.tag }} +{{- end }} +{{- if .Values.agent.privileged }} + true +{{- else }} + false +{{- end }} + {{ .Values.agent.alwaysPullImage }} + /home/jenkins + {{ .Values.agent.command }} +{{- if .Values.agent.args }} + {{ .Values.agent.args }} +{{- else }} + ${computer.jnlpmac} ${computer.name} +{{- end }} + {{ .Values.agent.TTYEnabled }} + # Resources configuration is a little hacky. This was to prevent breaking + # changes, and should be cleanned up in the future once everybody had + # enough time to migrate. + {{.Values.agent.cloud1.resources.requests.cpu}} + {{.Values.agent.cloud1.resources.requests.memory}} + + + JENKINS_URL + http://{{ template "jenkins.fullname" . }}.{{ template "jenkins.namespace" . }}.svc.{{.Values.clusterZone}}:{{.Values.master.servicePort}}{{ default "" .Values.master.jenkinsUriPrefix }} + + + + + +{{- range $index, $var := .Values.agent.cloud1.envVars }} + + {{ $var.name }} + {{ $var.value }} + +{{- end }} + + +{{- if .Values.agent.imagePullSecretName }} + + + {{ .Values.agent.imagePullSecretName }} + + +{{- else }} + +{{- end }} + +{{- if .Values.agent.yamlTemplate }} + {{ tpl .Values.agent.yamlTemplate . | html | indent 4 | trim }} +{{- end }} + + +{{- end -}} + + https://kubernetes.default + false + {{ template "jenkins.master.slaveKubernetesNamespace" . }} +{{- if .Values.master.slaveKubernetesNamespace }} + http://{{ template "jenkins.fullname" . }}.{{ template "jenkins.namespace" . }}:{{.Values.master.servicePort}}{{ default "" .Values.master.jenkinsUriPrefix }} + {{ template "jenkins.fullname" . }}-agent.{{ template "jenkins.namespace" . }}:{{ .Values.master.slaveListenerPort }} +{{- else }} + http://{{ template "jenkins.fullname" . }}:{{.Values.master.servicePort}}{{ default "" .Values.master.jenkinsUriPrefix }} + {{ template "jenkins.fullname" . }}-agent:{{ .Values.master.slaveListenerPort }} +{{- end }} + {{ .Values.agent.containerCap }} + 5 + 0 + 0 + + + + {{ .Values.agent.cloud2.name }} + +{{- if .Values.agent.enabled }} + + + {{ .Values.agent.cloud2.podName }} + 2147483647 + {{ .Values.agent.idleMinutes }} + + {{ include "jenkins.serviceAccountAgentName" . }} + + {{- $local := dict "first" true }} + {{- range $key, $value := .Values.agent.cloud2.nodeSelector }} + {{- if not $local.first }},{{- end }} + {{- $key }}={{ $value }} + {{- $_ := set $local "first" false }} + {{- end }} + EXCLUSIVE + +{{- range $index, $volume := .Values.agent.cloud2.volumes }} + +{{- range $key, $value := $volume }}{{- if not (eq $key "type") }} + <{{ $key }}>{{ $value }} +{{- end }}{{- end }} + +{{- end }} + + + + {{ .Values.agent.sideContainerName }} +{{- if .Values.agent.imageTag }} + {{ .Values.agent.cloud2.image }}:{{ .Values.agent.cloud2.imageTag }} +{{- else }} + {{ .Values.agent.cloud2.image }}:{{ .Values.agent.cloud2.tag }} +{{- end }} +{{- if .Values.agent.privileged }} + true +{{- else }} + false +{{- end }} + {{ .Values.agent.alwaysPullImage }} + /home/jenkins + {{ .Values.agent.command }} +{{- if .Values.agent.args }} + {{ .Values.agent.args }} +{{- else }} + ${computer.jnlpmac} ${computer.name} +{{- end }} + {{ .Values.agent.TTYEnabled }} + # Resources configuration is a little hacky. This was to prevent breaking + # changes, and should be cleanned up in the future once everybody had + # enough time to migrate. + {{.Values.agent.cloud2.resources.requests.cpu}} + {{.Values.agent.cloud2.resources.requests.memory}} + + + JENKINS_URL + http://{{ template "jenkins.fullname" . }}.{{ template "jenkins.namespace" . }}.svc.{{.Values.clusterZone}}:{{.Values.master.servicePort}}{{ default "" .Values.master.jenkinsUriPrefix }} + + + + + +{{- range $index, $var := .Values.agent.cloud2.envVars }} + + {{ $var.name }} + {{ $var.value }} + +{{- end }} + + +{{- if .Values.agent.imagePullSecretName }} + + + {{ .Values.agent.imagePullSecretName }} + + +{{- else }} + +{{- end }} + +{{- if .Values.agent.yamlTemplate }} + {{ tpl .Values.agent.yamlTemplate . | html | indent 4 | trim }} +{{- end }} + + +{{- end -}} + + https://kubernetes.default + false + {{ template "jenkins.master.slaveKubernetesNamespace" . }} +{{- if .Values.master.slaveKubernetesNamespace }} + http://{{ template "jenkins.fullname" . }}.{{ template "jenkins.namespace" . }}:{{.Values.master.servicePort}}{{ default "" .Values.master.jenkinsUriPrefix }} + {{ template "jenkins.fullname" . }}-agent.{{ template "jenkins.namespace" . }}:{{ .Values.master.slaveListenerPort }} +{{- else }} + http://{{ template "jenkins.fullname" . }}:{{.Values.master.servicePort}}{{ default "" .Values.master.jenkinsUriPrefix }} + {{ template "jenkins.fullname" . }}-agent:{{ .Values.master.slaveListenerPort }} +{{- end }} + {{ .Values.agent.containerCap }} + 5 + 0 + 0 + + + + 5 + 0 + + + + All + false + false + + + + All + {{ .Values.master.slaveListenerPort }} + +{{- range .Values.master.disabledAgentProtocols }} + {{ . }} +{{- end }} + + +{{- if .Values.master.csrf.defaultCrumbIssuer.enabled }} + +{{- if .Values.master.csrf.defaultCrumbIssuer.proxyCompatability }} + true +{{- end }} + +{{- end }} + + + true + +{{- if .Values.master.scriptApproval }} + scriptapproval.xml: |- + + + + +{{- range $key, $val := .Values.master.scriptApproval }} + {{ $val }} +{{- end }} + + + + + + + +{{- end }} + jenkins.model.JenkinsLocationConfiguration.xml: |- + + + {{ default "" .Values.master.jenkinsAdminEmail }} + {{ template "jenkins.url" . }} + + jenkins.CLI.xml: |- + + +{{- if .Values.master.cli }} + true +{{- else }} + false +{{- end }} + +{{- end }} + apply_config.sh: |- + mkdir -p /usr/share/jenkins/ref/secrets/; +{{- if .Values.master.enableXmlConfig }} + echo "false" > /usr/share/jenkins/ref/secrets/slave-to-master-security-kill-switch; +{{- if .Values.master.overwriteConfig }} + cp /var/jenkins_config/config.xml /var/jenkins_home; + cp /var/jenkins_config/jenkins.CLI.xml /var/jenkins_home; + cp /var/jenkins_config/jenkins.model.JenkinsLocationConfiguration.xml /var/jenkins_home; + {{- if .Values.master.additionalConfig }} + {{- range $key, $val := .Values.master.additionalConfig }} + cp /var/jenkins_config/{{- $key }} /var/jenkins_home; + {{- end }} + {{- end }} +{{- else }} + yes n | cp -i /var/jenkins_config/config.xml /var/jenkins_home; + yes n | cp -i /var/jenkins_config/jenkins.CLI.xml /var/jenkins_home; + yes n | cp -i /var/jenkins_config/jenkins.model.JenkinsLocationConfiguration.xml /var/jenkins_home; + {{- if .Values.master.additionalConfig }} + {{- range $key, $val := .Values.master.additionalConfig }} + yes n | cp -i /var/jenkins_config/{{- $key }} /var/jenkins_home; + {{- end }} + {{- end }} +{{- end }} +{{- end }} +{{- if .Values.master.overwritePlugins }} + # remove all plugins from shared volume + rm -rf /var/jenkins_home/plugins/* +{{- end }} +{{- if .Values.master.installPlugins }} + # Install missing plugins + cp /var/jenkins_config/plugins.txt /var/jenkins_home; + rm -rf /usr/share/jenkins/ref/plugins/*.lock + /usr/local/bin/install-plugins.sh `echo $(cat /var/jenkins_home/plugins.txt)`; + # Copy plugins to shared volume + yes n | cp -i /usr/share/jenkins/ref/plugins/* /var/jenkins_plugins/; +{{- end }} +{{- if .Values.master.scriptApproval }} + yes n | cp -i /var/jenkins_config/scriptapproval.xml /var/jenkins_home/scriptApproval.xml; +{{- end }} +{{- if and (.Values.master.JCasC.enabled) (.Values.master.sidecars.configAutoReload.enabled) }} + {{- if not .Values.master.initScripts }} + mkdir -p /var/jenkins_home/init.groovy.d/; + yes n | cp -i /var/jenkins_config/*.groovy /var/jenkins_home/init.groovy.d/; + {{- end }} +{{- end }} +{{- if .Values.master.initScripts }} + mkdir -p /var/jenkins_home/init.groovy.d/; + {{- if .Values.master.overwriteConfig }} + rm -f /var/jenkins_home/init.groovy.d/*.groovy + {{- end }} + yes n | cp -i /var/jenkins_config/*.groovy /var/jenkins_home/init.groovy.d/; +{{- end }} +{{- if .Values.master.JCasC.enabled }} + {{- if .Values.master.sidecars.configAutoReload.enabled }} + bash -c 'ssh-keygen -y -f <(echo "${ADMIN_PRIVATE_KEY}") > /var/jenkins_home/key.pub' + {{- else }} + mkdir -p /var/jenkins_home/casc_configs; + rm -rf /var/jenkins_home/casc_configs/* + cp -v /var/jenkins_config/*.yaml /var/jenkins_home/casc_configs + {{- end }} +{{- end }} +{{- if .Values.master.enableXmlConfig }} +{{- if .Values.master.credentialsXmlSecret }} + yes n | cp -i /var/jenkins_credentials/credentials.xml /var/jenkins_home; +{{- end }} +{{- if .Values.master.jobs }} + for job in $(ls /var/jenkins_jobs); do + mkdir -p /var/jenkins_home/jobs/$job + yes {{ if not .Values.master.overwriteJobs }}n{{ end }} | cp -i /var/jenkins_jobs/$job /var/jenkins_home/jobs/$job/config.xml + done +{{- end }} +{{- end }} +{{- if .Values.master.secretsFilesSecret }} + yes n | cp -i /var/jenkins_secrets/* /usr/share/jenkins/ref/secrets/; +{{- end }} +{{- range $key, $val := .Values.master.initScripts }} + init{{ $key }}.groovy: |- +{{ $val | indent 4 }} +{{- end }} +{{- if .Values.master.JCasC.enabled }} + {{- if .Values.master.sidecars.configAutoReload.enabled }} + init-add-ssh-key-to-admin.groovy: |- + import jenkins.security.* + import hudson.model.User + import jenkins.model.Jenkins + User user = User.get("{{ .Values.master.adminUser | default "admin" }}", false) + if (user == null) { + System.err.println("ERROR: user '{{ .Values.master.adminUser | default "admin" }}' not found! Can't configure SSH key which is needed to reload JCasC config!") + } else { + String sshKeyString = new File('/var/jenkins_home/key.pub').text + keys_param = new org.jenkinsci.main.modules.cli.auth.ssh.UserPropertyImpl(sshKeyString) + user.addProperty(keys_param) + def inst = Jenkins.getInstance() + def sshDesc = inst.getDescriptor("org.jenkinsci.main.modules.sshd.SSHD") + sshDesc.setPort({{ .Values.master.sidecars.configAutoReload.sshTcpPort | default 1044 }}) + sshDesc.getActualPort() + sshDesc.save() + } + {{- else }} +# Only add config to this script if we aren't auto-reloading otherwise the pod will restart upon each config change: +{{- if .Values.master.JCasC.defaultConfig }} + jcasc-default-config.yaml: |- + {{- include "jenkins.casc.defaults" . |nindent 4}} +{{- end }} +{{- range $key, $val := .Values.master.JCasC.configScripts }} + {{ $key }}.yaml: |- +{{ tpl $val $| indent 4 }} +{{- end }} +{{- end }} +{{- end }} + plugins.txt: |- +{{- if .Values.master.installPlugins }} +{{- range $index, $val := .Values.master.installPlugins }} +{{ $val | indent 4 }} +{{- end }} +{{- if .Values.master.JCasC.enabled }} + {{- if not (contains "configuration-as-code" (quote .Values.master.installPlugins)) }} + configuration-as-code:{{ .Values.master.JCasC.pluginVersion }} + {{- end }} + {{- if semverCompare "<=1.19" (printf "%v" .Values.master.JCasC.pluginVersion) }} + {{- if not (contains "configuration-as-code-support" (quote .Values.master.installPlugins)) }} + configuration-as-code-support:{{ .Values.master.JCasC.supportPluginVersion }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} +{{ else }} +{{ include "override_config_map" . }} +{{- end -}} +{{- if .Values.master.additionalConfig }} +{{- toYaml .Values.master.additionalConfig | indent 2 }} +{{- end }} diff --git a/ci/jenkins/templates/deprecation.yaml b/ci/jenkins/templates/deprecation.yaml new file mode 100644 index 00000000..adc9201f --- /dev/null +++ b/ci/jenkins/templates/deprecation.yaml @@ -0,0 +1,356 @@ +{{- if .Values.checkDeprecation }} + {{- if .Values.Master }} + + {{- if .Values.Master.Name }} + {{ fail "`Master.Name` does no longer exist. It has been renamed to `master.componentName`" }} + {{- end }} + + {{- if .Values.Master.Image }} + {{ fail "`Master.Image` does no longer exist. It has been renamed to `master.image`" }} + {{- end }} + + {{- if .Values.Master.ImageTag }} + {{ fail "`Master.ImageTag` does no longer exist. It has been renamed to `master.tag`" }} + {{- end }} + + {{- if .Values.Master.ImagePullPolicy }} + {{ fail "`Master.ImagePullPolicy` does no longer exist. It has been renamed to `master.imagePullPolicy`" }} + {{- end }} + + {{- if .Values.Master.ImagePullSecret }} + {{ fail "`Master.ImagePullPolicy` does no longer exist. It has been renamed to `master.imagePullSecretName`" }} + {{- end }} + + {{- if .Values.Master.Component }} + {{ fail "`Master.Component` does no longer exist. It has been renamed to `master.componentName`" }} + {{- end }} + + {{- if .Values.Master.NumExecutors }} + {{ fail "`Master.NumExecutors` does no longer exist. It has been renamed to `master.numExecutors`" }} + {{- end }} + + {{- if .Values.Master.UseSecurity }} + {{ fail "`Master.UseSecurity` does no longer exist. It has been renamed to `master.useSecurity`" }} + {{- end }} + + {{- if .Values.Master.SecurityRealm }} + {{ fail "`Master.SecurityRealm` does no longer exist. It has been renamed to `master.securityRealm`" }} + {{- end }} + + {{- if .Values.Master.AuthorizationStrategy }} + {{ fail "`Master.AuthorizationStrategy` does no longer exist. It has been renamed to `master.authorizationStrategy`" }} + {{- end }} + + {{- if .Values.Master.DeploymentLabels }} + {{ fail "`Master.DeploymentLabels` does no longer exist. It has been renamed to `master.deploymentLabels`" }} + {{- end }} + + {{- if .Values.Master.ServiceLabels }} + {{ fail "`Master.ServiceLabels` does no longer exist. It has been renamed to `master.serviceLabels`" }} + {{- end }} + + {{- if .Values.Master.PodLabels }} + {{ fail "`Master.PodLabels` does no longer exist. It has been renamed to `master.podLabels`" }} + {{- end }} + + {{- if .Values.Master.AdminUser }} + {{ fail "`Master.AdminUser` does no longer exist. It has been renamed to `master.adminUser`" }} + {{- end }} + + {{- if .Values.Master.AdminPassword }} + {{ fail "`Master.AdminPassword` does no longer exist. It has been renamed to `master.adminPassword`" }} + {{- end }} + + {{- if .Values.Master.AdminSshKey }} + {{ fail "`Master.AdminSshKey` does no longer exist. It has been renamed to `master.adminSshKey`" }} + {{- end }} + + {{- if .Values.Master.JenkinsAdminEmail }} + {{ fail "`Master.JenkinsAdminEmail` does no longer exist. It has been renamed to `master.jenkinsAdminEmail`" }} + {{- end }} + + {{- if .Values.Master.JenkinsAdminEmail }} + {{ fail "`Master.JenkinsAdminEmail` does no longer exist. It has been renamed to `master.jenkinsAdminEmail`" }} + {{- end }} + + {{- if .Values.Master.InitContainerEnv }} + {{ fail "`Master.InitContainerEnv` does no longer exist. It has been renamed to `master.initContainerEnv`" }} + {{- end }} + + {{- if .Values.Master.ContainerEnv }} + {{ fail "`Master.ContainerEnv` does no longer exist. It has been renamed to `master.containerEnv`" }} + {{- end }} + + {{- if .Values.Master.UsePodSecurityContext }} + {{ fail "`Master.UsePodSecurityContext` does no longer exist. It has been renamed to `master.usePodSecurityContext`" }} + {{- end }} + + {{- if .Values.Master.RunAsUser }} + {{ fail "`Master.RunAsUser` does no longer exist. It has been renamed to `master.runAsUser`" }} + {{- end }} + + {{- if .Values.Master.FsGroup }} + {{ fail "`Master.FsGroup` does no longer exist. It has been renamed to `master.fsGroup`" }} + {{- end }} + + {{- if .Values.Master.HostAliases }} + {{ fail "`Master.HostAliases` does no longer exist. It has been renamed to `master.hostAliases`" }} + {{- end }} + + {{- if .Values.Master.ServiceAnnotations }} + {{ fail "`Master.ServiceAnnotations` does no longer exist. It has been renamed to `master.serviceAnnotations`" }} + {{- end }} + + {{- if .Values.Master.ServiceType }} + {{ fail "`Master.ServiceType` does no longer exist. It has been renamed to `master.serviceType`" }} + {{- end }} + + {{- if .Values.Master.ServicePort }} + {{ fail "`Master.ServicePort` does no longer exist. It has been renamed to `master.servicePort`" }} + {{- end }} + + {{- if .Values.Master.NodePort }} + {{ fail "`Master.NodePort` does no longer exist. It has been renamed to `master.nodePort`" }} + {{- end }} + + {{- if .Values.Master.HealthProbes }} + {{ fail "`Master.HealthProbes` does no longer exist. It has been renamed to `master.healthProbes`" }} + {{- end }} + + {{- if .Values.Master.HealthProbesLivenessTimeout }} + {{ fail "`Master.HealthProbesLivenessTimeout` does no longer exist. It has been renamed to `master.healthProbesLivenessTimeout`" }} + {{- end }} + + {{- if .Values.Master.HealthProbesReadinessTimeout }} + {{ fail "`Master.HealthProbesReadinessTimeout` does no longer exist. It has been renamed to `master.healthProbesReadinessTimeout`" }} + {{- end }} + + {{- if .Values.Master.HealthProbeReadinessPeriodSeconds }} + {{ fail "`Master.HealthProbeReadinessPeriodSeconds` does no longer exist. It has been renamed to `master.healthProbeReadinessPeriodSeconds`" }} + {{- end }} + + {{- if .Values.Master.HealthProbeLivenessFailureThreshold }} + {{ fail "`Master.HealthProbeLivenessFailureThreshold` does no longer exist. It has been renamed to `master.healthProbeLivenessFailureThreshold`" }} + {{- end }} + + {{- if .Values.Master.ServiceAnnotations }} + {{ fail "`Master.ServiceAnnotations` does no longer exist. It has been renamed to `master.serviceAnnotations`" }} + {{- end }} + + {{- if .Values.Master.SlaveListenerPort }} + {{ fail "`Master.SlaveListenerPort` does no longer exist. It has been renamed to `master.slaveListenerPort`" }} + {{- end }} + + {{- if .Values.Master.SlaveHostPort }} + {{ fail "`Master.SlaveHostPort` does no longer exist. It has been renamed to `master.slaveHostPort`" }} + {{- end }} + + {{- if .Values.Master.DisabledAgentProtocols }} + {{ fail "`Master.DisabledAgentProtocols` does no longer exist. It has been renamed to `master.disabledAgentProtocols`" }} + {{- end }} + + {{- if .Values.Master.CSRF }} + {{- if .Values.Master.CSRF.DefaultCrumbIssuer.Enabled }} + {{ fail "`Master.CSRF.DefaultCrumbIssuer.Enabled` does no longer exist. It has been renamed to `master.csrf.defaultCrumbIssuer.enabled`" }} + {{- end }} + + {{- if .Values.Master.CSRF.DefaultCrumbIssuer.ProxyCompatability }} + {{ fail "`Master.CSRF.DefaultCrumbIssuer.ProxyCompatability` does no longer exist. It has been renamed to `master.csrf.defaultCrumbIssuer.proxyCompatability`" }} + {{- end }} + {{- end }} + + {{- if .Values.Master.CLI }} + {{ fail "`Master.CLI` does no longer exist. It has been renamed to `master.cli`" }} + {{- end }} + + {{- if .Values.Master.LoadBalancerSourceRanges }} + {{ fail "`Master.LoadBalancerSourceRanges` does no longer exist. It has been renamed to `master.loadBalancerSourceRanges`" }} + {{- end }} + + {{- if .Values.Master.LoadBalancerIP }} + {{ fail "`Master.LoadBalancerIP` does no longer exist. It has been renamed to `master.loadBalancerIP`" }} + {{- end }} + + {{- if .Values.Master.JMXPort }} + {{ fail "`Master.JMXPort` does no longer exist. It has been renamed to `master.jmxPort`" }} + {{- end }} + + {{- if .Values.Master.ExtraPorts }} + {{ fail "`Master.ExtraPorts` does no longer exist. It has been renamed to `master.extraPorts`" }} + {{- end }} + + {{- if .Values.Master.OverwriteConfig }} + {{ fail "`Master.OverwriteConfig` does no longer exist. It has been renamed to `master.overwriteConfig`" }} + {{- end }} + + {{- if .Values.JCasC }} + {{- if .Values.JCasC.ConfigScripts }} + {{ fail "`Master.JCasC.ConfigScripts` does no longer exist. It has been renamed to `master.JCasC.configScripts`" }} + {{- end }} + {{- end }} + + {{- if .Values.Master.Sidecars }} + {{- if .Values.Master.Sidecars.configAutoReload }} + {{ fail "`Master.Sidecars.configAutoReload` does no longer exist. It has been renamed to `master.sidecars.configAutoReload`" }} + {{- end }} + {{- end }} + + {{- if .Values.Master.InitScripts }} + {{ fail "`Master.InitScripts` does no longer exist. It has been renamed to `master.initScripts`" }} + {{- end }} + + {{- if .Values.Master.CredentialsXmlSecret }} + {{ fail "`Master.CredentialsXmlSecret` does no longer exist. It has been renamed to `master.credentialsXmlSecret`" }} + {{- end }} + + {{- if .Values.Master.SecretsFilesSecret }} + {{ fail "`Master.SecretsFilesSecret` does no longer exist. It has been renamed to `master.secretsFilesSecret`" }} + {{- end }} + + {{- if .Values.Master.CredentialsXmlSecret }} + {{ fail "`Master.CredentialsXmlSecret` does no longer exist. It has been renamed to `master.credentialsXmlSecret`" }} + {{- end }} + + {{- if .Values.Master.Jobs }} + {{ fail "`Master.Jobs` does no longer exist. It has been renamed to `master.jobs`" }} + {{- end }} + + {{- if .Values.Master.InstallPlugins }} + {{ fail "`Master.InstallPlugins` does no longer exist. It has been renamed to `master.installPlugins`" }} + {{- end }} + + {{- if .Values.Master.OverwritePlugins }} + {{ fail "`Master.OverwritePlugins` does no longer exist. It has been renamed to `master.overwritePlugins`" }} + {{- end }} + + {{- if .Values.Master.EnableRawHtmlMarkupFormatter }} + {{ fail "`Master.EnableRawHtmlMarkupFormatter` does no longer exist. It has been renamed to `master.enableRawHtmlMarkupFormatter`" }} + {{- end }} + + {{- if .Values.Master.ScriptApproval }} + {{ fail "`Master.ScriptApproval` does no longer exist. It has been renamed to `master.scriptApproval`" }} + {{- end }} + + {{- if .Values.Master.NodeSelector }} + {{ fail "`Master.NodeSelector` does no longer exist. It has been renamed to `master.nodeSelector`" }} + {{- end }} + + {{- if .Values.Master.Affinity }} + {{ fail "`Master.Affinity` does no longer exist. It has been renamed to `master.affinity`" }} + {{- end }} + + {{- if .Values.Master.PodAnnotations }} + {{ fail "`Master.PodAnnotations` does no longer exist. It has been renamed to `master.podAnnotations`" }} + {{- end }} + + {{- if .Values.Master.CustomConfigMap }} + {{ fail "`Master.CustomConfigMap` does no longer exist. It has been renamed to `master.customConfigMap`" }} + {{- end }} + + {{- if .Values.Master.JenkinsUriPrefix }} + {{ fail "`Master.JenkinsUriPrefix` does no longer exist. It has been renamed to `master.jenkinsUriPrefix`" }} + {{- end }} + + {{- if .Values.Master.PriorityClassName }} + {{ fail "`Master.PriorityClassName` does no longer exist. It has been renamed to `master.priorityClassName`" }} + {{- end }} + + {{ fail "Master.* values have been renamed, please check the documentation" }} + {{- end }} + + + {{- if .Values.NetworkPolicy }} + + {{- if .Values.NetworkPolicy.Enabled }} + {{ fail "`NetworkPolicy.Enabled` does no longer exist. It has been renamed to `networkPolicy.enabled`" }} + {{- end }} + + {{- if .Values.NetworkPolicy.ApiVersion }} + {{ fail "`NetworkPolicy.ApiVersion` does no longer exist. It has been renamed to `networkPolicy.apiVersion`" }} + {{- end }} + + {{ fail "NetworkPolicy.* values have been renamed, please check the documentation" }} + {{- end }} + + + {{- if .Values.rbac.install }} + {{ fail "`rbac.install` does no longer exist. It has been renamed to `rbac.create` and is enabled by default!" }} + {{- end }} + + {{- if .Values.rbac.serviceAccountName }} + {{ fail "`rbac.serviceAccountName` does no longer exist. It has been renamed to `serviceAccount.name`" }} + {{- end }} + + {{- if .Values.rbac.serviceAccountAnnotations }} + {{ fail "`rbac.serviceAccountAnnotations` does no longer exist. It has been renamed to `serviceAccount.annotations`" }} + {{- end }} + + {{- if .Values.rbac.roleRef }} + {{ fail "`rbac.roleRef` does no longer exist. RBAC roles are now generated, please check the documentation" }} + {{- end }} + + {{- if .Values.rbac.roleKind }} + {{ fail "`rbac.roleKind` does no longer exist. RBAC roles are now generated, please check the documentation" }} + {{- end }} + + {{- if .Values.rbac.roleBindingKind }} + {{ fail "`rbac.roleBindingKind` does no longer exist. RBAC roles are now generated, please check the documentation" }} + {{- end }} + + + {{- if .Values.Agent }} + {{- if .Values.Agent.AlwaysPullImage }} + {{ fail "`Agent.AlwaysPullImage` does no longer exist. It has been renamed to `agent.alwaysPullImage`" }} + {{- end }} + + {{- if .Values.Agent.CustomJenkinsLabels }} + {{ fail "`Agent.CustomJenkinsLabels` does no longer exist. It has been renamed to `agent.customJenkinsLabels`" }} + {{- end }} + + {{- if .Values.Agent.Enabled }} + {{ fail "`Agent.Enabled` does no longer exist. It has been renamed to `agent.enabled`" }} + {{- end }} + + {{- if .Values.Agent.Image }} + {{ fail "`Agent.Image` does no longer exist. It has been renamed to `agent.image`" }} + {{- end }} + + {{- if .Values.Agent.ImagePullSecret }} + {{ fail "`Agent.ImagePullSecret` does no longer exist. It has been renamed to `agent.imagePullSecret`" }} + {{- end }} + + {{- if .Values.Agent.ImageTag }} + {{ fail "`Agent.ImageTag` does no longer exist. It has been renamed to `agent.imageTag`" }} + {{- end }} + + {{- if .Values.Agent.Privileged }} + {{ fail "`Agent.Privileged` does no longer exist. It has been renamed to `agent.privileged`" }} + {{- end }} + + {{- if .Values.Agent.Command }} + {{ fail "`Agent.Command` does no longer exist. It has been renamed to `agent.command`" }} + {{- end }} + + {{- if .Values.Agent.Args }} + {{ fail "`Agent.Args` does no longer exist. It has been renamed to `agent.args`" }} + {{- end }} + + {{- if .Values.Agent.SideContainerName }} + {{ fail "`Agent.SideContainerName` does no longer exist. It has been renamed to `agent.sideContainerName`" }} + {{- end }} + + {{- if .Values.Agent.ContainerCap }} + {{ fail "`Agent.ContainerCap` does no longer exist. It has been renamed to `agent.containerCap`" }} + {{- end }} + + {{- if .Values.Agent.PodName }} + {{ fail "`Agent.PodName` does no longer exist. It has been renamed to `agent.podName`" }} + {{- end }} + + {{ fail "Agent.* values have been renamed, please check the documentation" }} + {{- end }} + + {{- if .Values.Persistence }} + {{ fail "Persistence.* values have been renamed, please check the documentation" }} + {{- end }} +{{- end }} diff --git a/ci/jenkins/templates/home-pvc.yaml b/ci/jenkins/templates/home-pvc.yaml new file mode 100644 index 00000000..50794fe2 --- /dev/null +++ b/ci/jenkins/templates/home-pvc.yaml @@ -0,0 +1,31 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} + name: {{ template "jenkins.fullname" . }} + namespace: {{ template "jenkins.namespace" . }} + labels: + "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' + "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ .Release.Service }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" +spec: + volumeMode: Filesystem + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end }} diff --git a/ci/jenkins/templates/jcasc-config.yaml b/ci/jenkins/templates/jcasc-config.yaml new file mode 100644 index 00000000..ac51e14b --- /dev/null +++ b/ci/jenkins/templates/jcasc-config.yaml @@ -0,0 +1,39 @@ +{{- $root := . }} +{{- if and (.Values.master.JCasC.enabled) (.Values.master.sidecars.configAutoReload.enabled) }} +{{- range $key, $val := .Values.master.JCasC.configScripts }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "jenkins.fullname" $root }}-jenkins-config-{{ $key }} + namespace: {{ template "jenkins.namespace" $root }} + labels: + "app.kubernetes.io/name": {{ template "jenkins.name" $root}} + "helm.sh/chart": {{ $.Chart.Name }}-{{ $.Chart.Version }} + "app.kubernetes.io/managed-by": "{{ $.Release.Service }}" + "app.kubernetes.io/instance": "{{ $.Release.Name }}" + "app.kubernetes.io/component": "{{ $.Values.master.componentName }}" + {{ template "jenkins.fullname" $root }}-jenkins-config: "true" +data: + {{ $key }}.yaml: |- +{{ tpl $val $| indent 4 }} +{{- end }} +{{- if .Values.master.JCasC.defaultConfig }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "jenkins.fullname" $root }}-jenkins-jcasc-config + namespace: {{ template "jenkins.namespace" $root }} + labels: + "app.kubernetes.io/name": {{ template "jenkins.name" $root}} + "helm.sh/chart": {{ $.Chart.Name }}-{{ $.Chart.Version }} + "app.kubernetes.io/managed-by": "{{ $.Release.Service }}" + "app.kubernetes.io/instance": "{{ $.Release.Name }}" + "app.kubernetes.io/component": "{{ $.Values.master.componentName }}" + {{ template "jenkins.fullname" $root }}-jenkins-config: "true" +data: + jcasc-default-config.yaml: |- + {{- include "jenkins.casc.defaults" . |nindent 4 }} +{{- end}} +{{- end }} diff --git a/ci/jenkins/templates/jenkins-agent-svc.yaml b/ci/jenkins/templates/jenkins-agent-svc.yaml new file mode 100644 index 00000000..4db3d07f --- /dev/null +++ b/ci/jenkins/templates/jenkins-agent-svc.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "jenkins.fullname" . }}-agent + namespace: {{ template "jenkins.namespace" . }} + labels: + "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' + "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ .Release.Service }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" +{{- if .Values.master.slaveListenerServiceAnnotations }} + annotations: +{{ toYaml .Values.master.slaveListenerServiceAnnotations | indent 4 }} +{{- end }} +spec: + ports: + - port: {{ .Values.master.slaveListenerPort }} + targetPort: {{ .Values.master.slaveListenerPort }} + {{ if (and (eq .Values.master.slaveListenerServiceType "NodePort") (not (empty .Values.master.slaveListenerPort))) }} + nodePort: {{.Values.master.slaveListenerPort}} + {{end}} + name: slavelistener + selector: + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + type: {{ .Values.master.slaveListenerServiceType }} diff --git a/ci/jenkins/templates/jenkins-backup-cronjob.yaml b/ci/jenkins/templates/jenkins-backup-cronjob.yaml new file mode 100644 index 00000000..150e9daa --- /dev/null +++ b/ci/jenkins/templates/jenkins-backup-cronjob.yaml @@ -0,0 +1,87 @@ +{{- if .Values.backup.enabled }} +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: {{ template "jenkins.fullname" . }}-backup + namespace: {{ template "jenkins.namespace" . }} + labels: + "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' + "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ .Release.Service }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + "app.kubernetes.io/component": "{{ .Values.backup.componentName }}" +spec: + schedule: {{ .Values.backup.schedule | quote }} + concurrencyPolicy: Forbid + startingDeadlineSeconds: 120 + jobTemplate: + spec: + template: + metadata: + annotations: + {{ toYaml .Values.backup.annotations }} + spec: + restartPolicy: OnFailure + serviceAccountName: {{ template "jenkins.fullname" . }}-backup + containers: + - name: jenkins-backup + image: "{{ .Values.backup.image.repository }}:{{ .Values.backup.image.tag }}" + command: ["kube-tasks"] + args: + - simple-backup + - -n + - {{ template "jenkins.namespace" . }} + - -l + - app.kubernetes.io/instance={{ .Release.Name }} + - --container + - jenkins + - --path + - /var/jenkins_home + - --dst + - {{ .Values.backup.destination }} + {{- with .Values.backup.extraArgs }} +{{ toYaml . | indent 12 }} + {{- end }} + {{- with .Values.backup.env }} + env: +{{ toYaml . | indent 12 }} + {{- end }} + {{- if .Values.backup.existingSecret }} + {{- range $key,$value := .Values.backup.existingSecret }} + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: {{ $key }} + key: {{ $value.awsaccesskey | quote }} + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ $key }} + key: {{ $value.awssecretkey | quote}} + {{- end }} + {{- end }} + {{- with .Values.backup.resources }} + resources: +{{ toYaml . | indent 14 }} + {{- end }} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: "kubernetes.io/hostname" + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - {{ template "jenkins.fullname" . }} + - key: release + operator: In + values: + - {{ .Release.Name }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 10 }} + {{- end }} +{{- end }} diff --git a/ci/jenkins/templates/jenkins-backup-rbac.yaml b/ci/jenkins/templates/jenkins-backup-rbac.yaml new file mode 100644 index 00000000..3d39040a --- /dev/null +++ b/ci/jenkins/templates/jenkins-backup-rbac.yaml @@ -0,0 +1,52 @@ +{{- if .Values.backup.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "jenkins.fullname" . }}-backup + namespace: {{ template "jenkins.namespace" . }} + labels: + "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' + "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ .Release.Service }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "jenkins.fullname" . }}-backup + namespace: {{ template "jenkins.namespace" . }} + labels: + "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' + "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ .Release.Service }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" +rules: +- apiGroups: [""] + resources: ["pods", "pods/log"] + verbs: ["get", "list"] +- apiGroups: [""] + resources: ["pods/exec"] + verbs: ["create"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "jenkins.fullname" . }}-backup + namespace: {{ template "jenkins.namespace" . }} + labels: + "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' + "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ .Release.Service }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "jenkins.fullname" . }}-backup +subjects: +- kind: ServiceAccount + name: {{ template "jenkins.fullname" . }}-backup + namespace: {{ template "jenkins.namespace" . }} +{{- end }} diff --git a/ci/jenkins/templates/jenkins-master-alerting-rules.yaml b/ci/jenkins/templates/jenkins-master-alerting-rules.yaml new file mode 100644 index 00000000..e8896636 --- /dev/null +++ b/ci/jenkins/templates/jenkins-master-alerting-rules.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.master.prometheus.enabled .Values.master.prometheus.alertingrules }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "jenkins.fullname" . }} + namespace: {{ template "jenkins.namespace" . }} + labels: + "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' + "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ .Release.Service }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" + {{- range $key, $val := .Values.master.prometheus.alertingRulesAdditionalLabels }} + {{ $key }}: {{ $val | quote }} + {{- end}} +spec: + groups: +{{ toYaml .Values.master.prometheus.alertingrules | indent 2 }} +{{- end }} diff --git a/ci/jenkins/templates/jenkins-master-backendconfig.yaml b/ci/jenkins/templates/jenkins-master-backendconfig.yaml new file mode 100644 index 00000000..2eec9843 --- /dev/null +++ b/ci/jenkins/templates/jenkins-master-backendconfig.yaml @@ -0,0 +1,22 @@ +{{- if .Values.master.backendconfig.enabled }} +apiVersion: {{ .Values.master.backendconfig.apiVersion }} +kind: BackendConfig +metadata: + name: {{ .Values.master.backendconfig.name }} + namespace: {{ template "jenkins.namespace" . }} + labels: + "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' + "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ .Release.Service }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" +{{- if .Values.master.backendconfig.labels }} +{{ toYaml .Values.master.backendconfig.labels | indent 4 }} +{{- end }} +{{- if .Values.master.backendconfig.annotations }} + annotations: +{{ toYaml .Values.master.backendconfig.annotations | indent 4 }} +{{- end }} +spec: +{{ toYaml .Values.master.backendconfig.spec | indent 2 }} +{{- end }} diff --git a/ci/jenkins/templates/jenkins-master-deployment.yaml b/ci/jenkins/templates/jenkins-master-deployment.yaml new file mode 100644 index 00000000..45060de6 --- /dev/null +++ b/ci/jenkins/templates/jenkins-master-deployment.yaml @@ -0,0 +1,384 @@ +{{- if .Capabilities.APIVersions.Has "apps/v1" }} +apiVersion: apps/v1 +{{- else }} +apiVersion: apps/v1beta1 +{{- end }} +kind: Deployment +metadata: + name: {{ template "jenkins.fullname" . }} + namespace: {{ template "jenkins.namespace" . }} + labels: + "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' + "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ .Release.Service }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" + {{- range $key, $val := .Values.master.deploymentLabels }} + {{ $key }}: {{ $val | quote }} + {{- end}} +spec: + replicas: 1 + strategy: + type: {{ if .Values.persistence.enabled }}Recreate{{ else }}RollingUpdate + rollingUpdate: +{{ toYaml .Values.master.rollingUpdate | indent 6 }} + {{- end }} + selector: + matchLabels: + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + template: + metadata: + labels: + "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' + "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ .Release.Service }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" + {{- range $key, $val := .Values.master.podLabels }} + {{ $key }}: {{ $val | quote }} + {{- end}} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} + {{- if .Values.master.podAnnotations }} +{{ toYaml .Values.master.podAnnotations | indent 8 }} + {{- end }} + spec: + {{- if .Values.master.nodeSelector }} + nodeSelector: +{{ toYaml .Values.master.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.master.tolerations }} + tolerations: +{{ toYaml .Values.master.tolerations | indent 8 }} + {{- end }} + {{- if .Values.master.affinity }} + affinity: +{{ toYaml .Values.master.affinity | indent 8 }} + {{- end }} + {{- if and (.Capabilities.APIVersions.Has "scheduling.k8s.io/v1beta1") (.Values.master.priorityClassName) }} + priorityClassName: {{ .Values.master.priorityClassName }} + {{- end }} +{{- if .Values.master.usePodSecurityContext }} + securityContext: + runAsUser: {{ default 0 .Values.master.runAsUser }} +{{- if and (.Values.master.runAsUser) (.Values.master.fsGroup) }} +{{- if not (eq .Values.master.runAsUser 0.0) }} + fsGroup: {{ .Values.master.fsGroup }} +{{- end }} +{{- end }} +{{- end }} + serviceAccountName: "{{ template "jenkins.serviceAccountName" . }}" +{{- if .Values.master.hostNetworking }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet +{{- end }} + {{- if .Values.master.hostAliases }} + hostAliases: + {{- toYaml .Values.master.hostAliases | nindent 8 }} + {{- end }} + initContainers: +{{- if .Values.master.customInitContainers }} +{{ tpl (toYaml .Values.master.customInitContainers) . | indent 8 }} +{{- end }} + - name: "copy-default-config" +{{- if .Values.master.imageTag }} + image: "{{ .Values.master.image }}:{{ .Values.master.imageTag }}" +{{- else }} + image: "{{ .Values.master.image }}:{{ .Values.master.tag }}" +{{- end }} + imagePullPolicy: "{{ .Values.master.imagePullPolicy }}" + command: [ "sh", "/var/jenkins_config/apply_config.sh" ] + env: + {{- if .Values.master.useSecurity }} + - name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "jenkins.fullname" . }} + key: jenkins-admin-password + - name: ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ template "jenkins.fullname" . }} + key: jenkins-admin-user + {{- if or (.Values.master.adminSshKey) (.Values.master.sidecars.configAutoReload.enabled) }} + {{- if .Values.master.JCasC.enabled }} + - name: ADMIN_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: {{ template "jenkins.fullname" . }} + key: {{ "jenkins-admin-private-key" | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.master.initContainerEnv }} +{{ toYaml .Values.master.initContainerEnv | indent 12 }} + {{- end }} + resources: +{{ toYaml .Values.master.resources | indent 12 }} + volumeMounts: + - mountPath: /tmp + name: tmp + - mountPath: /var/jenkins_home + name: jenkins-home + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + - mountPath: /var/jenkins_config + name: jenkins-config + {{- if .Values.master.enableXmlConfig }} + {{- if .Values.master.credentialsXmlSecret }} + - mountPath: /var/jenkins_credentials + name: jenkins-credentials + readOnly: true + {{- end }} + {{- if .Values.master.jobs }} + - mountPath: /var/jenkins_jobs + name: jenkins-jobs + readOnly: true + {{- end }} + - mountPath: /usr/share/jenkins/ref/secrets/ + name: secrets-dir + {{- end }} + {{- if .Values.master.secretsFilesSecret }} + - mountPath: /var/jenkins_secrets + name: jenkins-secrets + readOnly: true + {{- end }} + {{- if .Values.master.installPlugins }} + - mountPath: /usr/share/jenkins/ref/plugins + name: plugins + - mountPath: /var/jenkins_plugins + name: plugin-dir + {{- end }} + containers: + - name: jenkins +{{- if .Values.master.imageTag }} + image: "{{ .Values.master.image }}:{{ .Values.master.imageTag }}" +{{- else }} + image: "{{ .Values.master.image }}:{{ .Values.master.tag }}" +{{- end }} + imagePullPolicy: "{{ .Values.master.imagePullPolicy }}" + {{- if .Values.master.useSecurity }} + args: [ "--argumentsRealm.passwd.$(ADMIN_USER)=$(ADMIN_PASSWORD)", "--argumentsRealm.roles.$(ADMIN_USER)=admin"] + {{- end }} + {{- if .Values.master.lifecycle }} + lifecycle: +{{ toYaml .Values.master.lifecycle | indent 12 }} + {{- end }} + env: + - name: JAVA_OPTS + value: {{ default "" .Values.master.javaOpts | quote }} + - name: JENKINS_OPTS + value: "{{ if .Values.master.jenkinsUriPrefix }}--prefix={{ .Values.master.jenkinsUriPrefix }} {{ end }}{{ default "" .Values.master.jenkinsOpts}}" + - name: JENKINS_SLAVE_AGENT_PORT + value: "{{ .Values.master.slaveListenerPort }}" + {{- if .Values.master.useSecurity }} + - name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "jenkins.fullname" . }} + key: jenkins-admin-password + - name: ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ template "jenkins.fullname" . }} + key: jenkins-admin-user + {{- if or (.Values.master.adminSshKey) (.Values.master.sidecars.configAutoReload.enabled) }} + {{- if .Values.master.JCasC.enabled }} + - name: ADMIN_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: {{ template "jenkins.fullname" . }} + key: {{ "jenkins-admin-private-key" | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.master.containerEnv }} +{{ toYaml .Values.master.containerEnv | indent 12 }} + {{- end }} + {{- if .Values.master.JCasC.enabled }} + - name: CASC_JENKINS_CONFIG + value: {{ .Values.master.sidecars.configAutoReload.folder | default "/var/jenkins_home/casc_configs" | quote }} + {{- end }} + ports: + - containerPort: 8080 + name: http + - containerPort: {{ .Values.master.slaveListenerPort }} + name: slavelistener + {{- if .Values.master.slaveHostPort }} + hostPort: {{ .Values.master.slaveHostPort }} + {{- end }} + {{- if .Values.master.jmxPort }} + - containerPort: {{ .Values.master.jmxPort }} + name: jmx + {{- end }} +{{- range $index, $port := .Values.master.extraPorts }} + - containerPort: {{ $port.port }} + name: {{ $port.name }} +{{- end }} +{{- if .Values.master.healthProbes }} + livenessProbe: + httpGet: + path: "{{ default "" .Values.master.jenkinsUriPrefix }}/login" + port: http + initialDelaySeconds: {{ .Values.master.healthProbeLivenessInitialDelay }} + periodSeconds: {{ .Values.master.healthProbeLivenessPeriodSeconds }} + timeoutSeconds: {{ .Values.master.healthProbesLivenessTimeout }} + failureThreshold: {{ .Values.master.healthProbeLivenessFailureThreshold }} + readinessProbe: + httpGet: + path: "{{ default "" .Values.master.jenkinsUriPrefix }}/login" + port: http + initialDelaySeconds: {{ .Values.master.healthProbeReadinessInitialDelay }} + periodSeconds: {{ .Values.master.healthProbeReadinessPeriodSeconds }} + timeoutSeconds: {{ .Values.master.healthProbesReadinessTimeout }} + failureThreshold: {{ .Values.master.healthProbeReadinessFailureThreshold }} +{{- end }} + + resources: +{{ toYaml .Values.master.resources | indent 12 }} + volumeMounts: +{{- if .Values.persistence.mounts }} +{{ toYaml .Values.persistence.mounts | indent 12 }} +{{- end }} + - mountPath: /tmp + name: tmp + - mountPath: /var/jenkins_home + name: jenkins-home + readOnly: false + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + - mountPath: /var/jenkins_config + name: jenkins-config + readOnly: true + {{- if .Values.master.enableXmlConfig }} + {{- if .Values.master.credentialsXmlSecret }} + - mountPath: /var/jenkins_credentials + name: jenkins-credentials + readOnly: true + {{- end }} + {{- if .Values.master.jobs }} + - mountPath: /var/jenkins_jobs + name: jenkins-jobs + readOnly: true + {{- end }} + - mountPath: /usr/share/jenkins/ref/secrets/ + name: secrets-dir + readOnly: false + {{- end }} + {{- if or .Values.master.secretsFilesSecret }} + - mountPath: /var/jenkins_secrets + name: jenkins-secrets + readOnly: true + {{- end }} + {{- if .Values.master.installPlugins }} + - mountPath: /usr/share/jenkins/ref/plugins/ + name: plugin-dir + readOnly: false + {{- end }} + {{- if and (.Values.master.JCasC.enabled) (.Values.master.sidecars.configAutoReload.enabled) }} + - name: sc-config-volume + mountPath: {{ .Values.master.sidecars.configAutoReload.folder | default "/var/jenkins_home/casc_configs" | quote }} + {{- end }} + +{{- if and (.Values.master.JCasC.enabled) (.Values.master.sidecars.configAutoReload.enabled) }} + - name: {{ template "jenkins.name" . }}-sc-config + image: "{{ .Values.master.sidecars.configAutoReload.image }}" + imagePullPolicy: {{ .Values.master.sidecars.configAutoReload.imagePullPolicy }} + env: + - name: JENKINSRELOADCONFIG + value: "true" + - name: LABEL + value: "{{ template "jenkins.fullname" . }}-jenkins-config" + - name: FOLDER + value: "{{ .Values.master.sidecars.configAutoReload.folder }}" + - name: NAMESPACE + value: "{{ .Values.master.sidecars.configAutoReload.searchNamespace }}" + - name: SSH_PORT + value: "{{ .Values.master.sidecars.configAutoReload.sshTcpPort }}" + - name: JENKINS_PORT + value: "{{ .Values.master.targetPort }}" + {{- if .Values.master.useSecurity }} + - name: ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ template "jenkins.fullname" . }} + key: jenkins-admin-user + {{- if or (.Values.master.adminSshKey) (.Values.master.sidecars.configAutoReload.enabled) }} + {{- if .Values.master.JCasC.enabled }} + - name: ADMIN_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: {{ template "jenkins.fullname" . }} + key: {{ "jenkins-admin-private-key" | quote }} + {{- end }} + {{- end }} + {{- end }} + resources: +{{ toYaml .Values.master.sidecars.configAutoReload.resources | indent 12 }} + volumeMounts: + - name: sc-config-volume + mountPath: {{ .Values.master.sidecars.configAutoReload.folder | quote }} + - name: jenkins-home + mountPath: /var/jenkins_home + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} +{{- end}} + + +{{- if .Values.master.sidecars.other}} +{{ tpl (toYaml .Values.master.sidecars.other | indent 8) .}} +{{- end }} + + volumes: +{{- if .Values.persistence.volumes }} +{{ tpl (toYaml .Values.persistence.volumes | indent 6) . }} +{{- end }} + - name: plugins + emptyDir: {} + - name: tmp + emptyDir: {} + - name: jenkins-config + configMap: + name: {{ template "jenkins.fullname" . }} + {{- if .Values.master.enableXmlConfig }} + {{- if .Values.master.credentialsXmlSecret }} + - name: jenkins-credentials + secret: + secretName: {{ .Values.master.credentialsXmlSecret }} + {{- end }} + {{- if .Values.master.jobs }} + - name: jenkins-jobs + configMap: + name: {{ template "jenkins.fullname" . }}-jobs + {{- end }} + - name: secrets-dir + emptyDir: {} + {{- end }} + {{- if .Values.master.secretsFilesSecret }} + - name: jenkins-secrets + secret: + secretName: {{ .Values.master.secretsFilesSecret }} + {{- end }} + {{- if .Values.master.installPlugins }} + - name: plugin-dir + emptyDir: {} + {{- end }} + - name: jenkins-home + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "jenkins.fullname" .) }} + {{- else }} + emptyDir: {} + {{- end -}} + {{- if .Values.master.JCasC.enabled }} + - name: sc-config-volume + emptyDir: {} + {{- end }} +{{- if .Values.master.imagePullSecretName }} + imagePullSecrets: + - name: {{ .Values.master.imagePullSecretName }} +{{- end -}} diff --git a/ci/jenkins/templates/jenkins-master-ingress.yaml b/ci/jenkins/templates/jenkins-master-ingress.yaml new file mode 100644 index 00000000..a0d728ac --- /dev/null +++ b/ci/jenkins/templates/jenkins-master-ingress.yaml @@ -0,0 +1,37 @@ +{{- if .Values.master.ingress.enabled }} +apiVersion: {{ .Values.master.ingress.apiVersion }} +kind: Ingress +metadata: + namespace: {{ template "jenkins.namespace" . }} + labels: + "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' + "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ .Release.Service }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" +{{- if .Values.master.ingress.labels }} +{{ toYaml .Values.master.ingress.labels | indent 4 }} +{{- end }} +{{- if .Values.master.ingress.annotations }} + annotations: +{{ toYaml .Values.master.ingress.annotations | indent 4 }} +{{- end }} + name: {{ template "jenkins.fullname" . }} +spec: + rules: + - http: + paths: + - backend: + serviceName: {{ template "jenkins.fullname" . }} + servicePort: {{ .Values.master.servicePort }} +{{- if .Values.master.ingress.path }} + path: {{ .Values.master.ingress.path }} +{{- end -}} +{{- if .Values.master.ingress.hostName }} + host: {{ .Values.master.ingress.hostName | quote }} +{{- end }} +{{- if .Values.master.ingress.tls }} + tls: +{{ toYaml .Values.master.ingress.tls | indent 4 }} +{{- end -}} +{{- end }} diff --git a/ci/jenkins/templates/jenkins-master-networkpolicy.yaml b/ci/jenkins/templates/jenkins-master-networkpolicy.yaml new file mode 100644 index 00000000..452b328f --- /dev/null +++ b/ci/jenkins/templates/jenkins-master-networkpolicy.yaml @@ -0,0 +1,48 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ .Values.networkPolicy.apiVersion }} +metadata: + name: "{{ .Release.Name }}-{{ .Values.master.componentName }}" + namespace: {{ template "jenkins.namespace" . }} + labels: + "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' + "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ .Release.Service }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" +spec: + podSelector: + matchLabels: + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + ingress: + # Allow web access to the UI + - ports: + - port: {{ .Values.master.targetPort }} + # Allow inbound connections from slave + - from: + - podSelector: + matchLabels: + "jenkins/{{ .Release.Name }}-{{ .Values.agent.componentName }}": "true" + ports: + - port: {{ .Values.master.slaveListenerPort }} +{{- if .Values.agent.enabled }} +--- +kind: NetworkPolicy +apiVersion: {{ .Values.networkPolicy.apiVersion }} +metadata: + name: "{{ .Release.Name }}-{{ .Values.agent.componentName }}" + namespace: {{ template "jenkins.namespace" . }} + labels: + "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' + "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ .Release.Service }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" +spec: + podSelector: + matchLabels: + # DefaultDeny + "jenkins/{{ .Release.Name }}-{{ .Values.agent.componentName }}": "true" +{{- end }} +{{- end }} diff --git a/ci/jenkins/templates/jenkins-master-route.yaml b/ci/jenkins/templates/jenkins-master-route.yaml new file mode 100644 index 00000000..bff40ac1 --- /dev/null +++ b/ci/jenkins/templates/jenkins-master-route.yaml @@ -0,0 +1,32 @@ +{{- if .Values.master.route.enabled }} +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: {{ template "jenkins.namespace" . }} + labels: + app: {{ template "jenkins.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + component: "{{ .Release.Name }}-{{ .Values.master.componentName }}" +{{- if .Values.master.route.labels }} +{{ toYaml .Values.master.route.labels | indent 4 }} +{{- end }} +{{- if .Values.master.route.annotations }} + annotations: +{{ toYaml .Values.master.route.annotations | indent 4 }} +{{- end }} + name: {{ template "jenkins.fullname" . }} +spec: + host: {{ .Values.master.route.path }} + port: + targetPort: http + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + to: + kind: Service + name: {{ template "jenkins.fullname" . }} + weight: 100 + wildcardPolicy: None +{{- end }} diff --git a/ci/jenkins/templates/jenkins-master-servicemonitor.yaml b/ci/jenkins/templates/jenkins-master-servicemonitor.yaml new file mode 100644 index 00000000..ac2809ac --- /dev/null +++ b/ci/jenkins/templates/jenkins-master-servicemonitor.yaml @@ -0,0 +1,37 @@ +{{- if and .Values.master.prometheus.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor + +metadata: + name: {{ template "jenkins.fullname" . }} +{{- if .Values.master.prometheus.serviceMonitorNamespace }} + namespace: {{ .Values.master.prometheus.serviceMonitorNamespace }} +{{- else }} + namespace: {{ template "jenkins.namespace" . }} +{{- end }} + labels: + "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' + "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ .Release.Service }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" + {{- range $key, $val := .Values.master.prometheus.serviceMonitorAdditionalLabels }} + {{ $key }}: {{ $val | quote }} + {{- end}} + +spec: + endpoints: + - interval: {{ .Values.master.prometheus.scrapeInterval }} + port: http + path: {{ .Values.master.jenkinsUriPrefix }}{{ .Values.master.prometheus.scrapeEndpoint }} + jobLabel: {{ template "jenkins.fullname" . }} + namespaceSelector: + matchNames: + - "{{ template "jenkins.namespace" $ }}" + selector: + matchLabels: + "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' + "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" +{{- end }} diff --git a/ci/jenkins/templates/jenkins-master-svc.yaml b/ci/jenkins/templates/jenkins-master-svc.yaml new file mode 100644 index 00000000..996ef74a --- /dev/null +++ b/ci/jenkins/templates/jenkins-master-svc.yaml @@ -0,0 +1,42 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{template "jenkins.fullname" . }} + namespace: {{ template "jenkins.namespace" . }} + labels: + "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' + "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ .Release.Service }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" + {{- if .Values.master.serviceLabels }} +{{ toYaml .Values.master.serviceLabels | indent 4 }} + {{- end }} +{{- if .Values.master.serviceAnnotations }} + annotations: +{{ toYaml .Values.master.serviceAnnotations | indent 4 }} +{{- end }} + "kubernetes.io/elb.class": union + "kubernetes.io/elb.id": "{{ .Values.master.huaweielbID }}" + "kubernetes.io/elb.lb-algorithm": ROUND_ROBIN +spec: + ports: + - port: {{.Values.master.servicePort}} + name: http + targetPort: {{ .Values.master.targetPort }} + {{if (and (eq .Values.master.serviceType "NodePort") (not (empty .Values.master.nodePort)))}} + nodePort: {{.Values.master.nodePort}} + {{end}} + selector: + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + type: {{.Values.master.serviceType}} + {{if eq .Values.master.serviceType "LoadBalancer"}} +{{- if .Values.master.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.master.loadBalancerSourceRanges | indent 4 }} +{{- end }} + {{if .Values.master.loadBalancerIP}} + loadBalancerIP: {{.Values.master.loadBalancerIP}} + {{end}} + {{end}} diff --git a/ci/jenkins/templates/jobs.yaml b/ci/jenkins/templates/jobs.yaml new file mode 100644 index 00000000..e424c65b --- /dev/null +++ b/ci/jenkins/templates/jobs.yaml @@ -0,0 +1,15 @@ +{{- if .Values.master.jobs }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "jenkins.fullname" . }}-jobs + namespace: {{ template "jenkins.namespace" . }} + labels: + "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' + "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ .Release.Service }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" +data: +{{ toYaml .Values.master.jobs | indent 2 }} +{{- end -}} diff --git a/ci/jenkins/templates/rbac.yaml b/ci/jenkins/templates/rbac.yaml new file mode 100644 index 00000000..cd85b35f --- /dev/null +++ b/ci/jenkins/templates/rbac.yaml @@ -0,0 +1,90 @@ +{{ if .Values.rbac.create }} +{{- $serviceName := include "jenkins.fullname" . -}} + +# This role is used to allow Jenkins scheduling of agents via Kubernetes plugin. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ $serviceName }}-schedule-agents + namespace: {{ template "jenkins.master.slaveKubernetesNamespace" . }} + labels: + "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' + "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ .Release.Service }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" +rules: +- apiGroups: [""] + resources: ["pods", "pods/exec", "pods/log"] + verbs: ["*"] + +--- + +# We bind the role to the Jenkins service account. The role binding is created in the namespace +# where the agents are supposed to run. +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ $serviceName }}-schedule-agents + namespace: {{ template "jenkins.master.slaveKubernetesNamespace" . }} + labels: + "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' + "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ .Release.Service }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ $serviceName }}-schedule-agents +subjects: +- kind: ServiceAccount + name: {{ template "jenkins.serviceAccountName" .}} + namespace: {{ template "jenkins.namespace" . }} + +--- + +{{- if .Values.master.sidecars.configAutoReload.enabled }} +# The sidecar container which is responsible for reloading configuration changes +# needs permissions to watch ConfigMaps +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "jenkins.fullname" . }}-casc-reload + namespace: {{ template "jenkins.namespace" . }} + labels: + "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' + "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ .Release.Service }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" +rules: +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "watch", "list"] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ $serviceName }}-watch-configmaps + namespace: {{ template "jenkins.namespace" . }} + labels: + "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' + "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ .Release.Service }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "jenkins.fullname" . }}-casc-reload +subjects: +- kind: ServiceAccount + name: {{ template "jenkins.serviceAccountName" . }} + namespace: {{ template "jenkins.namespace" . }} + +{{- end}} + +{{ end }} diff --git a/ci/jenkins/templates/secret.yaml b/ci/jenkins/templates/secret.yaml new file mode 100644 index 00000000..6a218a73 --- /dev/null +++ b/ci/jenkins/templates/secret.yaml @@ -0,0 +1,28 @@ +{{- if .Values.master.useSecurity -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "jenkins.fullname" . }} + namespace: {{ template "jenkins.namespace" . }} + labels: + "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' + "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ .Release.Service }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" +type: Opaque +data: + {{ if .Values.master.adminPassword -}} + jenkins-admin-password: {{ .Values.master.adminPassword | b64enc | quote }} + {{ else -}} + jenkins-admin-password: {{ randAlphaNum 10 | b64enc | quote }} + {{ end -}} + {{ if and (.Values.master.JCasC.enabled) (.Values.master.sidecars.configAutoReload.enabled) -}} + {{ if not .Values.master.adminSshKey -}} + {{ ( include "jenkins.gen-key" . ) }} + {{ else -}} + jenkins-admin-private-key: {{ .Values.master.adminSshKey | b64enc | quote }} + {{ end -}} + {{ end -}} + jenkins-admin-user: {{ .Values.master.adminUser | b64enc | quote }} +{{- end }} diff --git a/ci/jenkins/templates/service-account-agent.yaml b/ci/jenkins/templates/service-account-agent.yaml new file mode 100644 index 00000000..fa448066 --- /dev/null +++ b/ci/jenkins/templates/service-account-agent.yaml @@ -0,0 +1,17 @@ +{{ if .Values.serviceAccountAgent.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "jenkins.serviceAccountAgentName" . }} + namespace: {{ template "jenkins.master.slaveKubernetesNamespace" . }} +{{- if .Values.serviceAccountAgent.annotations }} + annotations: +{{ toYaml .Values.serviceAccountAgent.annotations | indent 4 }} +{{ end }} + labels: + "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' + "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ .Release.Service }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" +{{ end }} diff --git a/ci/jenkins/templates/service-account.yaml b/ci/jenkins/templates/service-account.yaml new file mode 100644 index 00000000..32fad83a --- /dev/null +++ b/ci/jenkins/templates/service-account.yaml @@ -0,0 +1,17 @@ +{{ if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "jenkins.serviceAccountName" . }} + namespace: {{ template "jenkins.namespace" . }} +{{- if .Values.serviceAccount.annotations }} + annotations: +{{ toYaml .Values.serviceAccount.annotations | indent 4 }} +{{ end }} + labels: + "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' + "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ .Release.Service }}" + "app.kubernetes.io/instance": "{{ .Release.Name }}" + "app.kubernetes.io/component": "{{ .Values.master.componentName }}" +{{ end }} diff --git a/ci/jenkins/templates/tests/jenkins-test.yaml b/ci/jenkins/templates/tests/jenkins-test.yaml new file mode 100644 index 00000000..edf884bb --- /dev/null +++ b/ci/jenkins/templates/tests/jenkins-test.yaml @@ -0,0 +1,52 @@ +{{- if .Values.master.testEnabled }} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ .Release.Name }}-ui-test-{{ randAlphaNum 5 | lower }}" + namespace: {{ template "jenkins.namespace" . }} + annotations: + "helm.sh/hook": test-success +spec: + {{- if .Values.master.nodeSelector }} + nodeSelector: +{{ toYaml .Values.master.nodeSelector | indent 4 }} + {{- end }} + {{- if .Values.master.tolerations }} + tolerations: +{{ toYaml .Values.master.tolerations | indent 4 }} + {{- end }} + initContainers: + - name: "test-framework" + image: "dduportal/bats:0.4.0" + command: + - "bash" + - "-c" + - | + set -ex + # copy bats to tools dir + cp -R /usr/local/libexec/ /tools/bats/ + volumeMounts: + - mountPath: /tools + name: tools + containers: + - name: {{ .Release.Name }}-ui-test +{{- if .Values.master.imageTag }} + image: {{ .Values.master.image }}:{{ .Values.master.imageTag }} +{{- else }} + image: {{ .Values.master.image }}:{{ .Values.master.tag }} +{{- end }} + command: ["/tools/bats/bats", "-t", "/tests/run.sh"] + volumeMounts: + - mountPath: /tests + name: tests + readOnly: true + - mountPath: /tools + name: tools + volumes: + - name: tests + configMap: + name: {{ template "jenkins.fullname" . }}-tests + - name: tools + emptyDir: {} + restartPolicy: Never +{{- end }} diff --git a/ci/jenkins/templates/tests/test-config.yaml b/ci/jenkins/templates/tests/test-config.yaml new file mode 100644 index 00000000..509de7de --- /dev/null +++ b/ci/jenkins/templates/tests/test-config.yaml @@ -0,0 +1,12 @@ +{{- if .Values.master.testEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "jenkins.fullname" . }}-tests + namespace: {{ template "jenkins.namespace" . }} +data: + run.sh: |- + @test "Testing Jenkins UI is accessible" { + curl --retry 48 --retry-delay 10 {{ template "jenkins.fullname" . }}:{{ .Values.master.servicePort }}{{ default "" .Values.master.jenkinsUriPrefix }}/login + } +{{- end }} diff --git a/ci/jenkins/values.yaml b/ci/jenkins/values.yaml new file mode 100644 index 00000000..847343f4 --- /dev/null +++ b/ci/jenkins/values.yaml @@ -0,0 +1,522 @@ +# Default values for jenkins. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +## Overrides for generated resource names +# See templates/_helpers.tpl +# nameOverride: +# fullnameOverride: +# namespaceOverride: + +# For FQDN resolving of the master service. Change this value to match your existing configuration. +# ref: https://github.com/kubernetes/dns/blob/master/docs/specification.md +clusterZone: "cluster.local" + +master: + # Used for label app.kubernetes.io/component + componentName: "jenkins-master" + image: "jenkins/jenkins" + tag: "lts" + imagePullPolicy: "Always" + imagePullSecretName: + # Optionally configure lifetime for master-container + lifecycle: + # postStart: + # exec: + # command: + # - "uname" + # - "-a" + numExecutors: 0 + customJenkinsLabels: [] + # configAutoReload requires UseSecurity is set to true: + useSecurity: true + + # enables configuration done directly via XML files + # People who want to configure Jenkins via https://github.com/jenkinsci/configuration-as-code-plugin only can set it to false + enableXmlConfig: true + # Allows to configure different SecurityRealm using Jenkins XML + securityRealm: |- + + # Allows to configure different AuthorizationStrategy using Jenkins XML + authorizationStrategy: |- + + true + + hostNetworking: false + # When enabling LDAP or another non-Jenkins identity source, the built-in admin account will no longer exist. + # Since the AdminUser is used by configAutoReload, in order to use configAutoReload you must change the + # .master.adminUser to a valid username on your LDAP (or other) server. This user does not need + # to have administrator rights in Jenkins (the default Overall:Read is sufficient) nor will it be granted any + # additional rights. Failure to do this will cause the sidecar container to fail to authenticate via SSH and enter + # a restart loop. Likewise if you disable the non-Jenkins identity store and instead use the Jenkins internal one, + # you should revert master.adminUser to your preferred admin user: + adminUser: "admin" + # adminPassword: + # adminSshKey: + # If CasC auto-reload is enabled, an SSH (RSA) keypair is needed. Can either provide your own, or leave unconfigured to allow a random key to be auto-generated. + # If you supply your own, it is recommended that the values file that contains your key not be committed to source control in an unencrypted format + rollingUpdate: {} + # Ignored if Persistence is enabled + # maxSurge: 1 + # maxUnavailable: 25% + resources: + requests: + cpu: "50m" + memory: "256Mi" + limits: + cpu: "2000m" + memory: "4096Mi" + # Environment variables that get added to the init container (useful for e.g. http_proxy) + # initContainerEnv: + # - name: http_proxy + # value: "http://192.168.64.1:3128" + # containerEnv: + # - name: http_proxy + # value: "http://192.168.64.1:3128" + # Set min/max heap here if needed with: + # javaOpts: "-Xms512m -Xmx512m" + # jenkinsOpts: "" + # jenkinsUrl: "" + # If you set this prefix and use ingress controller then you might want to set the ingress path below + # jenkinsUriPrefix: "/jenkins" + # Enable pod security context (must be `true` if runAsUser or fsGroup are set) + usePodSecurityContext: true + # Set runAsUser to 1000 to let Jenkins run as non-root user 'jenkins' which exists in 'jenkins/jenkins' docker image. + # When setting runAsUser to a different value than 0 also set fsGroup to the same value: + # runAsUser: + # fsGroup: + servicePort: 8080 + targetPort: 8080 + # For minikube, set this to NodePort, elsewhere use LoadBalancer + # Use ClusterIP if your setup includes ingress controller + serviceType: LoadBalancer + # Jenkins master service annotations + serviceAnnotations: {} + # Jenkins master custom labels + deploymentLabels: {} + # foo: bar + # bar: foo + # Jenkins master service labels + serviceLabels: {} + # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https + # Put labels on Jenkins master pod + podLabels: {} + # Used to create Ingress record (should used with ServiceType: ClusterIP) + # nodePort: + # -Dcom.sun.management.jmxremote.port=4000 + # -Dcom.sun.management.jmxremote.authenticate=false + # -Dcom.sun.management.jmxremote.ssl=false + # jmxPort: 4000 + # Optionally configure other ports to expose in the master container + extraPorts: + # - name: BuildInfoProxy + # port: 9000 + + # List of plugins to be install during Jenkins master start + installPlugins: + - kubernetes:1.18.2 + - workflow-job:2.33 + - workflow-aggregator:2.6 + - credentials-binding:1.19 + - git:3.11.0 + + # Enable to always override the installed plugins with the values of 'master.installPlugins' on upgrade or redeployment. + # overwritePlugins: true + # Enable HTML parsing using OWASP Markup Formatter Plugin (antisamy-markup-formatter), useful with ghprb plugin. + # The plugin is not installed by default, please update master.installPlugins. + enableRawHtmlMarkupFormatter: false + # Used to approve a list of groovy functions in pipelines used the script-security plugin. Can be viewed under /scriptApproval + scriptApproval: + # - "method groovy.json.JsonSlurperClassic parseText java.lang.String" + # - "new groovy.json.JsonSlurperClassic" + # List of groovy init scripts to be executed during Jenkins master start + initScripts: + # - | + # print 'adding global pipeline libraries, register properties, bootstrap jobs...' + # Kubernetes secret that contains a 'credentials.xml' for Jenkins + # credentialsXmlSecret: jenkins-credentials + # Kubernetes secret that contains files to be put in the Jenkins 'secrets' directory, + # useful to manage encryption keys used for credentials.xml for instance (such as + # master.key and hudson.util.Secret) + # secretsFilesSecret: jenkins-secrets + # Jenkins XML job configs to provision + jobs: {} + # test: |- + # <> + + # Below is the implementation of Jenkins Configuration as Code. Add a key under configScripts for each configuration area, + # where each corresponds to a plugin or section of the UI. Each key (prior to | character) is just a label, and can be any value. + # Keys are only used to give the section a meaningful name. The only restriction is they may only contain RFC 1123 \ DNS label + # characters: lowercase letters, numbers, and hyphens. The keys become the name of a configuration yaml file on the master in + # /var/jenkins_home/casc_configs (by default) and will be processed by the Configuration as Code Plugin. The lines after each | + # become the content of the configuration yaml file. The first line after this is a JCasC root element, eg jenkins, credentials, + # etc. Best reference is https:///configuration-as-code/reference. The example below creates a welcome message: + JCasC: + enabled: false + defaultConfig: false + pluginVersion: "1.27" + # it's only used when plugin version is <=1.18 for later version the + # configuration as code support plugin is no longer needed + supportPluginVersion: "1.18" + configScripts: + # welcome-message: | + # jenkins: + # systemMessage: Welcome to our CI\CD server. This Jenkins is configured and managed 'as code'. + + # Optionally specify additional init-containers + customInitContainers: [] + # - name: custom-init + # image: "alpine:3.7" + # imagePullPolicy: Always + # command: [ "uname", "-a" ] + + sidecars: + configAutoReload: + # If enabled: true, Jenkins Configuration as Code will be reloaded on-the-fly without a reboot. If false or not-specified, + # jcasc changes will cause a reboot and will only be applied at the subsequent start-up. Auto-reload uses the Jenkins CLI + # over SSH to reapply config when changes to the configScripts are detected. The admin user (or account you specify in + # master.adminUser) will have a random SSH private key (RSA 4096) assigned unless you specify adminSshKey. This will be saved to a k8s secret. + enabled: false + image: shadwell/k8s-sidecar:0.0.2 + imagePullPolicy: IfNotPresent + resources: {} + # limits: + # cpu: 100m + # memory: 100Mi + # requests: + # cpu: 50m + # memory: 50Mi + # SSH port value can be set to any unused TCP port. The default, 1044, is a non-standard SSH port that has been chosen at random. + # Is only used to reload jcasc config from the sidecar container running in the Jenkins master pod. + # This TCP port will not be open in the pod (unless you specifically configure this), so Jenkins will not be + # accessible via SSH from outside of the pod. Note if you use non-root pod privileges (runAsUser & fsGroup), + # this must be > 1024: + sshTcpPort: 1044 + # folder in the pod that should hold the collected dashboards: + folder: "/var/jenkins_home/casc_configs" + # If specified, the sidecar will search for JCasC config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces: + # searchNamespace: + + # Allows you to inject additional/other sidecars + other: + ## The example below runs the client for https://smee.io as sidecar container next to Jenkins, + ## that allows to trigger build behind a secure firewall. + ## https://jenkins.io/blog/2019/01/07/webhook-firewalls/#triggering-builds-with-webhooks-behind-a-secure-firewall + ## + ## Note: To use it you should go to https://smee.io/new and update the url to the generete one. + # - name: smee + # image: docker.io/twalter/smee-client:1.0.2 + # args: ["--port", "{{ .Values.master.servicePort }}", "--path", "/github-webhook/", "--url", "https://smee.io/new"] + # resources: + # limits: + # cpu: 50m + # memory: 128Mi + # requests: + # cpu: 10m + # memory: 32Mi + # Node labels and tolerations for pod assignment + # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + nodeSelector: {} + tolerations: [] + # Leverage a priorityClass to ensure your pods survive resource shortages + # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + # priorityClass: system-cluster-critical + podAnnotations: {} + + # The below two configuration-related values are deprecated and replaced by Jenkins Configuration as Code (see above + # JCasC key). They will be deleted in an upcoming version. + customConfigMap: false + # By default, the configMap is only used to set the initial config the first time + # that the chart is installed. Setting `overwriteConfig` to `true` will overwrite + # the jenkins config with the contents of the configMap every time the pod starts. + # This will also overwrite all init scripts + overwriteConfig: false + + # By default, the Jobs Map is only used to set the initial jobs the first time + # that the chart is installed. Setting `overwriteJobs` to `true` will overwrite + # the jenkins jobs configuration with the contents of Jobs every time the pod starts. + overwriteJobs: false + + ingress: + enabled: false + # For Kubernetes v1.14+, use 'networking.k8s.io/v1beta1' + apiVersion: "extensions/v1beta1" + labels: {} + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # Set this path to jenkinsUriPrefix above or use annotations to rewrite path + # path: "/jenkins" + # configures the hostname e.g. jenkins.example.com + hostName: + tls: + # - secretName: jenkins.cluster.local + # hosts: + # - jenkins.cluster.local + + # If you're running on GKE and need to configure a backendconfig + # to finish ingress setup, use the following values. + # Docs: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig + backendconfig: + enabled: false + apiVersion: "extensions/v1beta1" + name: + labels: {} + annotations: {} + spec: {} + + # Openshift route + route: + enabled: false + labels: {} + annotations: {} + # path: "/jenkins" + + additionalConfig: {} + + # master.hostAliases allows for adding entries to Pod /etc/hosts: + # https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + hostAliases: [] + # - ip: 192.168.50.50 + # hostnames: + # - something.local + # - ip: 10.0.50.50 + # hostnames: + # - other.local + + # Expose Prometheus metrics + prometheus: + # If enabled, add the prometheus plugin to the list of plugins to install + # https://plugins.jenkins.io/prometheus + enabled: false + # Additional labels to add to the ServiceMonitor object + serviceMonitorAdditionalLabels: {} + # Set a custom namespace where to deploy ServiceMonitor resource + # serviceMonitorNamespace: monitoring + scrapeInterval: 60s + # This is the default endpoint used by the prometheus plugin + scrapeEndpoint: /prometheus + # Additional labels to add to the PrometheusRule object + alertingRulesAdditionalLabels: {} + # An array of prometheus alerting rules + # See here: https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/ + # The `groups` root object is added by default, simply add the rule entries + alertingrules: [] + + # Can be used to disable rendering master test resources when using helm template + testEnabled: true + +agent: + enabled: true + image: "jenkins/jnlp-slave" + tag: "3.27-1" + customJenkinsLabels: [] + # name of the secret to be used for image pulling + imagePullSecretName: + componentName: "jenkins-slave" + privileged: false + resources: + requests: + cpu: "512m" + memory: "512Mi" + limits: + cpu: "512m" + memory: "512Mi" + # You may want to change this to true while testing a new image + alwaysPullImage: false + # Controls how agent pods are retained after the Jenkins build completes + # Possible values: Always, Never, OnFailure + podRetention: "Never" + # You can define the volumes that you want to mount for this container + # Allowed types are: ConfigMap, EmptyDir, HostPath, Nfs, Pod, Secret + # Configure the attributes as they appear in the corresponding Java class for that type + # https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes + # Pod-wide ennvironment, these vars are visible to any container in the agent pod + envVars: + # - name: PATH + # value: /usr/local/bin + volumes: + # - type: Secret + # secretName: mysecret + # mountPath: /var/myapp/mysecret + # - type: EmptyDir + # mountPath: "/var/lib/containers" + # memory: false + nodeSelector: {} + # Key Value selectors. Ex: + # jenkins-agent: v1 + + # Executed command when side container gets started + command: + args: + # Side container name + sideContainerName: "jnlp" + # Doesn't allocate pseudo TTY by default + TTYEnabled: false + # Max number of spawned agent + containerCap: 10 + # Pod name + podName: "default" + # Allows the Pod to remain active for reuse until the configured number of + # minutes has passed since the last step was executed on it. + idleMinutes: 0 + # Raw yaml template for the Pod. For example this allows usage of toleration for agent pods. + # https://github.com/jenkinsci/kubernetes-plugin#using-yaml-to-define-pod-templates + # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + yamlTemplate: "" + # yamlTemplate: |- + # apiVersion: v1 + # kind: Pod + # spec: + # tolerations: + # - key: "key" + # operator: "Equal" + # value: "value" + +persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + existingClaim: + ## jenkins data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: + annotations: {} + accessMode: "ReadWriteOnce" + size: "8Gi" + volumes: + # - name: nothing + # emptyDir: {} + mounts: + # - mountPath: /var/nothing + # name: nothing + # readOnly: true + +networkPolicy: + # Enable creation of NetworkPolicy resources. + enabled: false + # For Kubernetes v1.4, v1.5 and v1.6, use 'extensions/v1beta1' + # For Kubernetes v1.7, use 'networking.k8s.io/v1' + apiVersion: networking.k8s.io/v1 + +## Install Default RBAC roles and bindings +rbac: + create: true + +serviceAccount: + create: true + # The name of the service account is autogenerated by default + name: + annotations: {} + +serviceAccountAgent: + # Specifies whether a ServiceAccount should be created + create: false + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + annotations: {} + +## Backup cronjob configuration +## Ref: https://github.com/maorfr/kube-tasks +backup: + # Backup must use RBAC + # So by enabling backup you are enabling RBAC specific for backup + enabled: false + # Used for label app.kubernetes.io/component + componentName: "backup" + # Schedule to run jobs. Must be in cron time format + # Ref: https://crontab.guru/ + schedule: "0 2 * * *" + annotations: + # Example for authorization to AWS S3 using kube2iam + # Can also be done using environment variables + iam.amazonaws.com/role: "jenkins" + image: + repository: "maorfr/kube-tasks" + tag: "0.2.0" + # Additional arguments for kube-tasks + # Ref: https://github.com/maorfr/kube-tasks#simple-backup + extraArgs: [] + # Add existingSecret for AWS credentials + existingSecret: {} + ## Example for using an existing secret + # jenkinsaws: + ## Use this key for AWS access key ID + # awsaccesskey: jenkins_aws_access_key + ## Use this key for AWS secret access key + # awssecretkey: jenkins_aws_secret_key + # Add additional environment variables + env: + # Example environment variable required for AWS credentials chain + - name: "AWS_REGION" + value: "us-east-1" + resources: + requests: + memory: 1Gi + cpu: 1 + limits: + memory: 1Gi + cpu: 1 + # Destination to store the backup artifacts + # Supported cloud storage services: AWS S3, Minio S3, Azure Blob Storage, Google Cloud Storage + # Additional support can added. Visit this repository for details + # Ref: https://github.com/maorfr/skbn + destination: "s3://jenkins-data/backup" +checkDeprecation: true diff --git a/ci/slave-scripts/authorized_keys b/ci/slave-scripts/authorized_keys new file mode 100644 index 00000000..c73f8492 --- /dev/null +++ b/ci/slave-scripts/authorized_keys @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbJoHskFbcEYm2qbBWPbc0FJyMOum3w4/9/NfJ50FPreGBe6icadNfm08/pYVB9W7do/g262bt/PC96fJWpuPdFIB2TX7rxlBiI+DYXNZdwuaLBjTTTPWJSKK3d97noYg5HXPI1JqTb7LDQLiushU/pZA8hYlwyUNsPsBo/Vs7WIbC1xf153AHdjOE4Q0G0Ab56oFdy9g9g8avdUDuLojWgfJJqobQM5r5V7vJBNk9jnPD8mOikV/pjl09mmmxgNfVDuu9/I+9ySLOZ4zvZU6Y7uCy8gtKgGUfWtnWlcfuUdeLfK3+Gfd9NBGx8tZu0t5VHM6h+VXgUCoRmVRPjgtAbM3ERioZsXdzN+Qv87e6CY4tTlOkeToXIrzb8TLK5S2y7ERfKIaugeIxlsUG0aAz2+F5t3xweqdqhpU2vupjQEJ8FyYvVzKj4IE63hfUeVuNQmIg1bpsw0oAPm+nQwOWr/e49aBp1NoR6F9HVE/TjhZuDCaejmEN7VMHPmGVcUXG8RqgYzXFfkuWlwpT4YT0J+u+lYuLa3ozM/dNckk92mbg+mD3ccAoPwZlWjVp+BFfKQBKpRfUNncwaU0Y6UtxA7co80KdzrkA6xse2/r7ApUmj6mP12z7L6nj8+mv500F7dHkxmrQQnmpG6ovY+XqZTZFYOlHHUrbjXJEsoSPkw== jenkins_master \ No newline at end of file diff --git a/ci/slave-scripts/setup.sh b/ci/slave-scripts/setup.sh new file mode 100644 index 00000000..ca0a772c --- /dev/null +++ b/ci/slave-scripts/setup.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash + +# Usage: ./setup.sh +# NOTE: sshpass is required +script_name=$1 +ip_address=$2 +disk_name=$3 +frontend_name=$4 +backend_name=$5 +password=$6 +sshpass -p "${password}" scp ./authorized_keys root@${ip_address}:~/.ssh/ +sshpass -p "${password}" scp ./${script_name} root@${ip_address}:~/ +sshpass -p "${password}" ssh root@${ip_address} "chmod +x ~/${script_name} && ~/${script_name} ${disk_name} ${frontend_name} ${backend_name}" diff --git a/ci/slave-scripts/ubuntu.sh b/ci/slave-scripts/ubuntu.sh new file mode 100644 index 00000000..e7f2c23f --- /dev/null +++ b/ci/slave-scripts/ubuntu.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash + +disk_name=$1 + +if [[ ! -e ${disk_name} ]]; then + echo "disk ${disk_name} not existed" + exit 1 +fi + +if [[ ! -e ~/.ssh/authorized_keys ]]; then + echo "public key file for jenkins master not exists" + exit 1 +fi + +# install required tools +sudo apt install -y default-jre +sudo apt install -y git + +# prepare disk +if [[ ! -d /jenkins_home ]]; then + mkfs.ext4 ${disk_name} + mkdir /jenkins_home + mount ${disk_name} /jenkins_home +fi + +grep -q /etc/fstab -e "${disk_name}" +if [[ $? != 0 ]]; then + echo "${disk_name} /jenkins_home ext4 defaults 0 0" >> /etc/fstab +fi + +chmod 600 ~/.ssh/authorized_keys diff --git a/ci/tools/pr.groovy b/ci/tools/pr.groovy new file mode 100644 index 00000000..521e4f8c --- /dev/null +++ b/ci/tools/pr.groovy @@ -0,0 +1,51 @@ +def jobsString = "task-check-binary-file,task-check-code-style,task-check-patchname,opengauss-rpm-build" +ArrayList jobsList = jobsString.split('\\,') + +def parallelJobs2Run = [:] +def parallelJobResults = [:] +jobsList.each { job -> + echo "Going to parallel for job ${job}" + parallelJobs2Run["${job}"] = { -> + echo "Calling job ${job}" + jobResults=build job: "${job}", + parameters: [ + string(name: 'giteeTargetRepoName', value: env.giteeTargetRepoName), + string(name: 'giteePullRequestIid', value: env.giteePullRequestIid), + string(name: 'giteeBranch', value: env.giteeBranch) + ], + propagate: false, + wait: true + + parallelJobResults["${job}"] = jobResults + } +}; + +parallel parallelJobs2Run +parallelJobResults.each { name, result -> + echo "Details for job ${name}" + echo "RESULT: ${result.result}" + echo "URL: ${result.absoluteUrl}" + echo "NUMBER: ${result.number}" +} + +giteeComments = "| Check Name | Build Result | Build Details |\n| --- | --- | --- |\n" + +def JobSuccess = true +parallelJobResults.each {name, result -> + echo result.result + if (result.result == "SUCCESS") { + resultIcon = ":white_check_mark: " + } else { + JobSuccess = false + resultIcon = ":x:" + } + giteeComments += "| ${name} | ${resultIcon}**${result.result}** | [#${result.number}](${result.absoluteUrl}/console) |\n" +} + +addGiteeMRComment(giteeComments) + +if (JobSuccess) { + currentBuild.result = 'SUCCESS' + } else { + currentBuild.result = 'FAILURE' +} -- Gitee