Skip to content

Latest commit

 

History

History
278 lines (208 loc) · 10.1 KB

README.md

File metadata and controls

278 lines (208 loc) · 10.1 KB

Terraform Module: terraform-helm-jenkins

CodeQL IaC Terraform Validate TFLint Trivy Scan

A reusable Terraform module to deploy a Jenkins server using the official Jenkins Helm chart.

Module Diagram 
graph TD
    subgraph "Terraform Jenkins Helm Module"
        
        subgraph "Providers"
            A[Kubernetes Provider]
            B[Helm Provider]
        end

        subgraph "Inputs"
            C1["name<br/><small>(string)</small>"]
            C2["repository<br/><small>(string)</small>"]
            C3["chart<br/><small>(string)</small>"]
            C4["version<br/><small>(string)</small>"]
            C5["namespace<br/><small>(string)</small>"]
            C6["values<br/><small>(list(string))</small>"]
            C7["create_namespace<br/><small>(bool)</small>"]
            C8["timeout<br/><small>(number)</small>"]
            C9["atomic<br/><small>(bool)</small>"]
            C10["wait<br/><small>(bool)</small>"]
            C11["kubeconfig_path<br/><small>(string)</small>"]
        end

        subgraph "Resources"
            D[helm_release.jenkins]
        end

        subgraph "Outputs"
            E["name<br/><small>(string)</small>"]
            F["namespace<br/><small>(string)</small>"]
            G["status<br/><small>(string)</small>"]
            H["chart<br/><small>(string)</small>"]
            I["version<br/><small>(string)</small>"]
        end

        subgraph "Configuration Files"
            J[values-jenkins.yaml]
        end

    end

    %% Connections
    C1 --> D
    C2 --> D
    C3 --> D
    C4 --> D
    C5 --> D
    C6 --> J
    J --> D
    C7 --> D
    C8 --> D
    C9 --> D
    C10 --> D
    C11 --> A
    A --> D
    B --> D
    D --> E
    D --> F
    D --> G
    D --> H
    D --> I
Loading

CICD Implementations

Below is an example of a CICD Implementation using BitBucket to call the module and Codefresh to deploy Terraform

Image

Features

  • Secure Credential Injection: Safely manage Jenkins admin credentials using Terraform's sensitive variables.
  • Flexible Configuration: Allow users to pass custom values.yaml files or inline configurations.
  • Support for Multiple Environments: Easily manage different configurations for development, staging, and production.
  • Helm Integration: Leverage Helm's powerful chart management capabilities for Jenkins deployments.

Notes

For further nodes, please read NOTES

WARNINGS:

  • Default Secure Values: This module has a default values settings for passing the default password and username for Jenkins securely via Terraform so you can specify data sources.
  • The file() Function: Reads the contents of values-jenkins-dev.yaml and passes it to the module.
  • Merging Values: The module’s internal values-jenkins.tpl.yaml is merged with values-jenkins-dev.yaml. If there are overlapping configurations, values-jenkins-dev.yaml can override the module defaults.
  • jenkins_admin_user: This variable must be set when invoking this terraform module either via a data source or via Environment Variables.
  • jenkins_admin_password: This variable must be set when invoking this terraform module either via a data source or via Environment Variables.

Environment Variables Examples

Using terraform.tfvars

Create a terraform.tfvars file in your environment directory to provide values.

# environments/dev/terraform.tfvars
jenkins_admin_user     = "devadmin"
jenkins_admin_password = "SuperSecurePassword!@#"
  • Security Note: Ensure that terraform.tfvars is excluded from version control by adding it to your .gitignore.

gitignore file

# environments/dev/.gitignore
terraform.tfvars

Using Environment Variables

Terraform automatically picks up variables prefixed with TF_VAR_. You can set them in your shell session.

export TF_VAR_jenkins_admin_user="devadmin"
export TF_VAR_jenkins_admin_password="SuperSecurePassword!@#"
  • Security Note: Be cautious as environment variables can be exposed through process listings or shell histories. Prefer using environment variables in secure, ephemeral sessions.

Using a Separate Variables File

Alternatively, use a separate variables file and pass it explicitly during Terraform commands.

terraform apply -var-file="secure-variables.tfvars"
secure-variables.tfvars:

Or

jenkins_admin_user     = "devadmin"
jenkins_admin_password = "SuperSecurePassword!@#"
  • Security Note: Like terraform.tfvars, exclude this file from version control.

Usage

Below are some usages that you can use to implement the module to deploy Jenkins onto Kubernetes Environments

Basic Usage

module "jenkins" {
  source = "git::https://github.com/Richard-Barrett/terraform-helm-jenkins.git?ref=0.1.0"

  name             = "jenkins"
  repository       = "https://charts.jenkins.io"
  chart            = "jenkins"
  version          = "3.10.1" # Specify the desired chart version
  namespace        = "jenkins"
  create_namespace = true

  values = [
    file("${path.module}/values/jenkins-vaules.yaml")
  ]

  timeout = 600
  atomic  = true
  wait    = true
}

Advanced Usage

# environments/dev/main.tf

provider "kubernetes" {
  config_path = "~/.kube/config"
}

provider "helm" {
  kubernetes {
    config_path = "~/.kube/config"
  }
}

module "jenkins" {
  source = "../../modules/terraform-jenkins" # Path to the module

  name             = "jenkins-dev"
  repository       = "https://charts.jenkins.io"
  chart            = "jenkins"
  version          = "3.10.1"
  namespace        = "jenkins-dev"
  create_namespace = true

  # ... other variables

  values = [
    templatefile("${path.module}/values/values-jenkins-dev.tpl.yaml", {
      admin_user     = data.vault_generic_secret.jenkins_dev.data["adminUser"]
      admin_password = data.vault_generic_secret.jenkins_dev.data["adminPassword"]
    }),
    file("${path.module}/values/values-jenkins-extra.yaml")
  ]

  # ... other variables
}

in the above you can pass the values for the admin_user and the admin_password.

Terraform Documentation

Requirements

Name Version
terraform >= 1.0.0
helm >= 2.0.0
kubernetes >= 2.0.0

Providers

Name Version
helm >= 2.0.0

Modules

No modules.

Resources

Name Type
helm_release.jenkins resource

Inputs

Name Description Type Default Required
atomic If set, the installation process deletes the release on failure. bool true no
chart The name of the Helm chart to deploy. string "jenkins" no
create_namespace Whether to create the namespace if it does not exist. bool true no
jenkins_admin_password The admin password for Jenkins. string n/a yes
jenkins_admin_user The admin username for Jenkins. string "devadmin" no
kubeconfig_path Path to the Kubernetes configuration file. string "~/.kube/config" no
name The name of the Helm release. string "jenkins" no
namespace The Kubernetes namespace to deploy the Helm release into. string "jenkins" no
repository The Helm chart repository URL. string "https://charts.jenkins.io" no
timeout The maximum time to wait for any individual Kubernetes operation. number 600 no
values A list of values to be passed to the Helm chart. list(string) [] no
version The version of the Helm chart to deploy. string "3.10.1" no
wait If set, will wait until all resources are in a ready state before marking the release as successful. bool true no

Outputs

Name Description
chart The chart that was deployed.
name The name of the Helm release.
namespace The namespace the Helm release is deployed into.
status The status of the Helm release.
version The version of the Helm chart that was deployed.