-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Loading status checks…
refacto(chore): switch to helm
1 parent
e87a48b
commit 0572c98
Showing
66 changed files
with
8,379 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRole | ||
metadata: | ||
name: {{ include "whanos.fullname" . }} | ||
labels: | ||
{{- include "whanos.labels" . | nindent 4 }} | ||
rules: | ||
- apiGroups: ["*"] | ||
resources: ["*"] | ||
verbs: ["*"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRoleBinding | ||
metadata: | ||
name: {{ include "whanos.fullname" . }} | ||
labels: | ||
{{- include "whanos.labels" . | nindent 4 }} | ||
subjects: | ||
- kind: ServiceAccount | ||
name: {{ include "whanos.fullname" . }} | ||
namespace: {{ .Release.Namespace }} | ||
roleRef: | ||
kind: ClusterRole | ||
name: {{ include "whanos.fullname" . }} | ||
apiGroup: rbac.authorization.k8s.io |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: jenkins-casc-config | ||
data: | ||
config.yaml: | | ||
{{ .Files.Get "jenkins-config/config.yaml" | indent 10 }} | ||
--- | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: jenkins-plugins | ||
data: | ||
plugins.txt: | | ||
{{ .Files.Get "jenkins-config/plugins.txt" | indent 10 }} | ||
--- | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: jenkins-groovy-scripts | ||
data: | ||
init.groovy: | | ||
{{ .Files.Get "jenkins-config/init.groovy" | indent 8 }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: jenkins-deployment | ||
annotations: | ||
rollme: {{ randAlphaNum 5 | quote }} | ||
spec: | ||
replicas: 1 | ||
selector: | ||
matchLabels: | ||
app: jenkins | ||
template: | ||
metadata: | ||
labels: | ||
app: jenkins | ||
annotations: | ||
rollme: {{ randAlphaNum 5 | quote }} | ||
spec: | ||
securityContext: | ||
fsGroup: 412 | ||
containers: | ||
- name: jenkins-image | ||
image: {{ .Values.whanos.jenkins.image }} | ||
ports: | ||
- name: http | ||
containerPort: 8080 | ||
envFrom: | ||
- secretRef: | ||
name: jenkins-secret | ||
env: | ||
- name: DOCKER_REGISTRY | ||
value: {{ .Values.whanos.docker.registry }} | ||
- name: "JAVA_OPTS -Djenkins.install.runSetupWizard" | ||
value: "false" | ||
volumeMounts: | ||
- name: docker-sock | ||
mountPath: /var/run/docker.sock | ||
- name: jenkins-casc | ||
mountPath: /var/jenkins_home/casc_configs | ||
- name: jenkins-plugins | ||
mountPath: /usr/share/jenkins/ref/plugins.txt | ||
- name: jenkins-groovy-scripts | ||
mountPath: /var/jenkins_home/init.groovy.d | ||
restartPolicy: Always | ||
volumes: | ||
- name: jenkins-data | ||
persistentVolumeClaim: | ||
claimName: jenkins-pv-claim | ||
- name: docker-sock | ||
hostPath: | ||
path: /var/run/docker.sock | ||
- name: jenkins-casc | ||
configMap: | ||
name: jenkins-casc-config | ||
- name: jenkins-plugins | ||
configMap: | ||
name: jenkins-plugins | ||
- name: jenkins-groovy-scripts | ||
configMap: | ||
name: jenkins-groovy-scripts |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
kind: StorageClass | ||
apiVersion: storage.k8s.io/v1 | ||
metadata: | ||
name: local-storage | ||
provisioner: kubernetes.io/no-provisioner | ||
volumeBindingMode: WaitForFirstConsumer | ||
--- | ||
apiVersion: v1 | ||
kind: PersistentVolume | ||
metadata: | ||
name: jenkins-pv-volume | ||
labels: | ||
type: local | ||
spec: | ||
storageClassName: local-storage | ||
claimRef: | ||
name: jenkins-pv-claim | ||
capacity: | ||
storage: 10Gi | ||
accessModes: | ||
- ReadWriteOnce | ||
local: | ||
path: /mnt | ||
--- | ||
apiVersion: v1 | ||
kind: PersistentVolumeClaim | ||
metadata: | ||
name: jenkins-pv-claim | ||
spec: | ||
storageClassName: local-storage | ||
accessModes: | ||
- ReadWriteOnce | ||
resources: | ||
requests: | ||
storage: 3Gi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: jenkins-secret | ||
type: Opaque | ||
data: | ||
ADMIN_PASSWORD: {{ .Values.whanos.jenkins.adminpassword }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
kind: Service | ||
apiVersion: v1 | ||
metadata: | ||
name: jenkins-service | ||
spec: | ||
selector: | ||
app: jenkins | ||
type: ClusterIP | ||
ports: | ||
- name: http | ||
port: 8080 | ||
protocol: TCP | ||
targetPort: http | ||
--- | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: jenkins-lb | ||
spec: | ||
type: LoadBalancer | ||
ports: | ||
- targetPort: 8080 | ||
protocol: TCP | ||
port: {{ .Values.whanos.jenkins.port }} | ||
name: external-access | ||
selector: | ||
app: jenkins |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
name: {{ include "whanos.fullname" . }} | ||
labels: | ||
{{- include "whanos.labels" . | nindent 4 }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: registry | ||
labels: | ||
app: registry | ||
spec: | ||
replicas: 1 | ||
selector: | ||
matchLabels: | ||
app: registry | ||
template: | ||
metadata: | ||
labels: | ||
app: registry | ||
spec: | ||
containers: | ||
- name: registry | ||
image: registry:2.8.3 | ||
imagePullPolicy: IfNotPresent | ||
ports: | ||
- containerPort: 5000 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
apiVersion: v1 | ||
kind: PersistentVolumeClaim | ||
metadata: | ||
name: {{ include "whanos.fullname" . }}-registry-pvc | ||
labels: | ||
app: {{ include "whanos.name" . }} | ||
chart: {{ include "whanos.chart" . }} | ||
release: {{ .Release.Name }} | ||
heritage: {{ .Release.Service }} | ||
spec: | ||
accessModes: | ||
- ReadWriteOnce | ||
resources: | ||
requests: | ||
storage: {{ .Values.registry.storageSize }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: docker-registry | ||
labels: | ||
app: docker-registry | ||
spec: | ||
selector: | ||
app: docker-registry | ||
ports: | ||
- protocol: TCP | ||
port: 5000 | ||
targetPort: 5000 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
read this : https://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/ |
Binary file not shown.
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
# Patterns to ignore when building packages. | ||
# This supports shell glob matching, relative path matching, and | ||
# negation (prefixed with !). Only one pattern per line. | ||
.DS_Store | ||
# Common VCS dirs | ||
.git/ | ||
.gitignore | ||
.bzr/ | ||
.bzrignore | ||
.hg/ | ||
.hgignore | ||
.svn/ | ||
# Common backup files | ||
*.swp | ||
*.bak | ||
*.tmp | ||
*.orig | ||
*~ | ||
# Various IDEs | ||
.project | ||
.idea/ | ||
*.tmproj | ||
.vscode/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
dependencies: | ||
- name: jenkins | ||
repository: https://charts.jenkins.io | ||
version: 4.8.3 | ||
- name: docker-registry | ||
repository: https://helm.twun.io | ||
version: 2.2.2 | ||
digest: sha256:eaac35bb7dbe027e8bd9b16fc4857262b748e6349ef3d0fb49ddcc24abf19b15 | ||
generated: "2023-11-21T18:02:26.770875+01:00" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
apiVersion: v2 | ||
name: whanos | ||
description: A Helm chart for Kubernetes to deploy Whanos | ||
# A chart can be either an 'application' or a 'library' chart. | ||
# | ||
# Application charts are a collection of templates that can be packaged into versioned archives | ||
# to be deployed. | ||
# | ||
# Library charts provide useful utilities or functions for the chart developer. They're included as | ||
# a dependency of application charts to inject those utilities and functions into the rendering | ||
# pipeline. Library charts do not define any templates and therefore cannot be deployed. | ||
type: application | ||
|
||
# This is the chart version. This version number should be incremented each time you make changes | ||
# to the chart and its templates, including the app version. | ||
# Versions are expected to follow Semantic Versioning (https://semver.org/) | ||
version: 1.0.0 | ||
|
||
# This is the version number of the application being deployed. This version number should be | ||
# incremented each time you make changes to the application. Versions are not expected to | ||
# follow Semantic Versioning. They should reflect the version the application is using. | ||
# It is recommended to use it with quotes. | ||
appVersion: "1.16.0" | ||
|
||
dependencies: | ||
- name: jenkins | ||
version: 4.8.3 | ||
repository: https://charts.jenkins.io | ||
- name: docker-registry | ||
version: 2.2.2 | ||
repository: https://helm.twun.io |
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
annotations: | ||
artifacthub.io/category: integration-delivery | ||
artifacthub.io/images: | | ||
- name: jenkins | ||
image: jenkins/jenkins:2.426.1-jdk11 | ||
- name: k8s-sidecar | ||
image: kiwigrid/k8s-sidecar:1.24.4 | ||
- name: inbound-agent | ||
image: jenkins/inbound-agent:3107.v665000b_51092-15 | ||
- name: backup | ||
image: maorfr/kube-tasks:0.2.0 | ||
artifacthub.io/license: Apache-2.0 | ||
artifacthub.io/links: | | ||
- name: Chart Source | ||
url: https://github.com/jenkinsci/helm-charts/tree/main/charts/jenkins | ||
- name: Jenkins | ||
url: https://www.jenkins.io/ | ||
- name: support | ||
url: https://github.com/jenkinsci/helm-charts/issues | ||
apiVersion: v2 | ||
appVersion: 2.426.1 | ||
description: Jenkins - Build great things at any scale! The leading open source automation | ||
server, Jenkins provides over 1800 plugins to support building, deploying and automating | ||
any project. | ||
home: https://jenkins.io/ | ||
icon: https://get.jenkins.io/art/jenkins-logo/logo.svg | ||
keywords: | ||
- jenkins | ||
- ci | ||
- devops | ||
maintainers: | ||
- email: maor.friedman@redhat.com | ||
name: maorfr | ||
- email: mail@torstenwalter.de | ||
name: torstenwalter | ||
- email: garridomota@gmail.com | ||
name: mogaal | ||
- email: wmcdona89@gmail.com | ||
name: wmcdona89 | ||
- email: timjacomb1@gmail.com | ||
name: timja | ||
name: jenkins | ||
sources: | ||
- https://github.com/jenkinsci/jenkins | ||
- https://github.com/jenkinsci/docker-inbound-agent | ||
- https://github.com/maorfr/kube-tasks | ||
- https://github.com/jenkinsci/configuration-as-code-plugin | ||
version: 4.8.3 |
Large diffs are not rendered by default.
Oops, something went wrong.
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
{{- $prefix := .Values.controller.jenkinsUriPrefix | default "" -}} | ||
{{- $url := "" -}} | ||
1. Get your '{{ .Values.controller.adminUser }}' user password by running: | ||
kubectl exec --namespace {{ template "jenkins.namespace" . }} -it svc/{{ template "jenkins.fullname" . }} -c jenkins -- /bin/cat /run/secrets/additional/chart-admin-password && echo | ||
{{- if .Values.controller.ingress.hostName -}} | ||
{{- if .Values.controller.ingress.tls -}} | ||
{{- $url = print "https://" .Values.controller.ingress.hostName $prefix -}} | ||
{{- else -}} | ||
{{- $url = print "http://" .Values.controller.ingress.hostName $prefix -}} | ||
{{- end }} | ||
2. Visit {{ $url }} | ||
{{- else }} | ||
2. Get the Jenkins URL to visit by running these commands in the same shell: | ||
{{- if contains "NodePort" .Values.controller.serviceType }} | ||
export NODE_PORT=$(kubectl get --namespace {{ template "jenkins.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "jenkins.fullname" . }}) | ||
export NODE_IP=$(kubectl get nodes --namespace {{ template "jenkins.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") | ||
{{- if .Values.controller.httpsKeyStore.enable -}} | ||
{{- $url = print "https://$NODE_IP:$NODE_PORT" $prefix -}} | ||
{{- else -}} | ||
{{- $url = print "http://$NODE_IP:$NODE_PORT" $prefix -}} | ||
{{- end }} | ||
echo {{ $url }} | ||
|
||
{{- else if contains "LoadBalancer" .Values.controller.serviceType }} | ||
NOTE: It may take a few minutes for the LoadBalancer IP to be available. | ||
You can watch the status of by running 'kubectl get svc --namespace {{ template "jenkins.namespace" . }} -w {{ template "jenkins.fullname" . }}' | ||
export SERVICE_IP=$(kubectl get svc --namespace {{ template "jenkins.namespace" . }} {{ template "jenkins.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") | ||
{{- if .Values.controller.httpsKeyStore.enable -}} | ||
{{- $url = print "https://$SERVICE_IP:" .Values.controller.servicePort $prefix -}} | ||
{{- else -}} | ||
{{- $url = print "http://$SERVICE_IP:" .Values.controller.servicePort $prefix -}} | ||
{{- end }} | ||
echo {{ $url }} | ||
|
||
{{- else if contains "ClusterIP" .Values.controller.serviceType -}} | ||
{{- if .Values.controller.httpsKeyStore.enable -}} | ||
{{- $url = print "https://127.0.0.1:" .Values.controller.servicePort $prefix -}} | ||
{{- else -}} | ||
{{- $url = print "http://127.0.0.1:" .Values.controller.servicePort $prefix -}} | ||
{{- end }} | ||
echo {{ $url }} | ||
kubectl --namespace {{ template "jenkins.namespace" . }} port-forward svc/{{template "jenkins.fullname" . }} {{ .Values.controller.servicePort }}:{{ .Values.controller.servicePort }} | ||
{{- end }} | ||
{{- end }} | ||
|
||
3. Login with the password from step 1 and the username: {{ .Values.controller.adminUser }} | ||
4. Configure security realm and authorization strategy | ||
5. Use Jenkins Configuration as Code by specifying configScripts in your values.yaml file, see documentation: {{ $url }}/configuration-as-code and examples: https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos | ||
|
||
For more information on running Jenkins on Kubernetes, visit: | ||
https://cloud.google.com/solutions/jenkins-on-container-engine | ||
|
||
For more information about Jenkins Configuration as Code, visit: | ||
https://jenkins.io/projects/jcasc/ | ||
|
||
{{ if (eq .Values.controller.image "jenkins/jenkins") }} | ||
NOTE: Consider using a custom image with pre-installed plugins | ||
{{- else if .Values.controller.installPlugins }} | ||
NOTE: Consider disabling `installPlugins` if your image already contains plugins. | ||
{{- end }} | ||
|
||
{{- if .Values.persistence.enabled }} | ||
{{- else }} | ||
################################################################################# | ||
###### WARNING: Persistence is disabled!!! You will lose your data when ##### | ||
###### the Jenkins pod is terminated. ##### | ||
################################################################################# | ||
{{- end }} |
Large diffs are not rendered by default.
Oops, something went wrong.
18 changes: 18 additions & 0 deletions
18
helm/whanos/charts/jenkins/templates/config-init-scripts.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
{{- if .Values.controller.initScripts -}} | ||
|
||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: {{ template "jenkins.fullname" . }}-init-scripts | ||
namespace: {{ template "jenkins.namespace" . }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
data: | ||
{{- range $key, $val := .Values.controller.initScripts }} | ||
init{{ $key }}.groovy: |- | ||
{{ tpl $val $ | indent 4 }} | ||
{{- end }} | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
{{- $jenkinsHome := .Values.controller.jenkinsHome -}} | ||
|
||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: {{ template "jenkins.fullname" . }} | ||
namespace: {{ template "jenkins.namespace" . }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
data: | ||
apply_config.sh: |- | ||
set -e | ||
{{- if .Values.controller.initializeOnce }} | ||
if [ -f {{ .Values.controller.jenkinsHome }}/initialization-completed ]; then | ||
echo "controller was previously initialized, refusing to re-initialize" | ||
exit 0 | ||
fi | ||
{{- end }} | ||
echo "disable Setup Wizard" | ||
# Prevent Setup Wizard when JCasC is enabled | ||
echo $JENKINS_VERSION > {{ .Values.controller.jenkinsHome }}/jenkins.install.UpgradeWizard.state | ||
echo $JENKINS_VERSION > {{ .Values.controller.jenkinsHome }}/jenkins.install.InstallUtil.lastExecVersion | ||
{{- if .Values.controller.overwritePlugins }} | ||
echo "remove all plugins from shared volume" | ||
# remove all plugins from shared volume | ||
rm -rf {{ .Values.controller.jenkinsHome }}/plugins/* | ||
{{- end }} | ||
{{- if .Values.controller.installPlugins }} | ||
echo "download plugins" | ||
# Install missing plugins | ||
cp /var/jenkins_config/plugins.txt {{ .Values.controller.jenkinsHome }}; | ||
rm -rf {{ .Values.controller.jenkinsRef }}/plugins/*.lock | ||
version () { echo "$@" | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }'; } | ||
if [ -f "{{ .Values.controller.jenkinsWar }}" ] && [ -n "$(command -v jenkins-plugin-cli)" 2>/dev/null ] && [ $(version $(jenkins-plugin-cli --version)) -ge $(version "2.1.1") ]; then | ||
jenkins-plugin-cli --verbose --war "{{ .Values.controller.jenkinsWar }}" --plugin-file "{{ .Values.controller.jenkinsHome }}/plugins.txt" --latest {{ .Values.controller.installLatestPlugins }}{{- if .Values.controller.installLatestSpecifiedPlugins }} --latest-specified{{- end }}; | ||
else | ||
/usr/local/bin/install-plugins.sh `echo $(cat {{ .Values.controller.jenkinsHome }}/plugins.txt)`; | ||
fi | ||
echo "copy plugins to shared volume" | ||
# Copy plugins to shared volume | ||
yes n | cp -i {{ .Values.controller.jenkinsRef }}/plugins/* /var/jenkins_plugins/; | ||
{{- end }} | ||
{{- if not .Values.controller.sidecars.configAutoReload.enabled }} | ||
echo "copy configuration as code files" | ||
mkdir -p {{ .Values.controller.jenkinsHome }}/casc_configs; | ||
rm -rf {{ .Values.controller.jenkinsHome }}/casc_configs/* | ||
{{- if or .Values.controller.JCasC.defaultConfig .Values.controller.JCasC.configScripts }} | ||
cp -v /var/jenkins_config/*.yaml {{ .Values.controller.jenkinsHome }}/casc_configs | ||
{{- end }} | ||
{{- end }} | ||
echo "finished initialization" | ||
{{- if .Values.controller.initializeOnce }} | ||
touch {{ .Values.controller.jenkinsHome }}/initialization-completed | ||
{{- end }} | ||
{{- if not .Values.controller.sidecars.configAutoReload.enabled }} | ||
# Only add config to this script if we aren't auto-reloading otherwise the pod will restart upon each config change: | ||
{{- if .Values.controller.JCasC.defaultConfig }} | ||
jcasc-default-config.yaml: |- | ||
{{- include "jenkins.casc.defaults" . |nindent 4}} | ||
{{- end }} | ||
{{- range $key, $val := .Values.controller.JCasC.configScripts }} | ||
{{ $key }}.yaml: |- | ||
{{ tpl $val $| indent 4 }} | ||
{{- end }} | ||
{{- end }} | ||
plugins.txt: |- | ||
{{- if .Values.controller.installPlugins }} | ||
{{- range $installPlugin := .Values.controller.installPlugins }} | ||
{{- $installPlugin | nindent 4 }} | ||
{{- end }} | ||
{{- range $addlPlugin := .Values.controller.additionalPlugins }} | ||
{{- /* duplicate plugin check */}} | ||
{{- range $installPlugin := $.Values.controller.installPlugins }} | ||
{{- if eq (splitList ":" $addlPlugin | first) (splitList ":" $installPlugin | first) }} | ||
{{- $message := print "[PLUGIN CONFLICT] controller.additionalPlugins contains '" $addlPlugin "'" }} | ||
{{- $message := print $message " but controller.installPlugins already contains '" $installPlugin "'." }} | ||
{{- $message := print $message " Override controller.installPlugins to use '" $addlPlugin "' plugin." }} | ||
{{- fail $message }} | ||
{{- end }} | ||
{{- end }} | ||
{{- $addlPlugin | nindent 4 }} | ||
{{- end }} | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,115 @@ | ||
{{- if .Values.checkDeprecation }} | ||
{{- if .Values.master }} | ||
{{ fail "`master` does no longer exist. It has been renamed to `controller`" }} | ||
{{- end }} | ||
|
||
{{- if .Values.controller.imageTag }} | ||
{{ fail "`controller.imageTag` does no longer exist. Please use `controller.tag` instead" }} | ||
{{- end }} | ||
|
||
{{- if .Values.controller.slaveListenerPort }} | ||
{{ fail "`controller.slaveListenerPort` does no longer exist. It has been renamed to `controller.agentListenerPort`" }} | ||
{{- end }} | ||
|
||
{{- if .Values.controller.slaveHostPort }} | ||
{{ fail "`controller.slaveHostPort` does no longer exist. It has been renamed to `controller.agentListenerHostPort`" }} | ||
{{- end }} | ||
|
||
{{- if .Values.controller.slaveKubernetesNamespace }} | ||
{{ fail "`controller.slaveKubernetesNamespace` does no longer exist. It has been renamed to `agent.namespace`" }} | ||
{{- end }} | ||
|
||
{{- if .Values.controller.slaveDefaultsProviderTemplate }} | ||
{{ fail "`controller.slaveDefaultsProviderTemplate` does no longer exist. It has been renamed to `agent.defaultsProviderTemplate`" }} | ||
{{- end }} | ||
|
||
{{- if .Values.controller.useSecurity }} | ||
{{ fail "`controller.useSecurity` does no longer exist. It has been renamed to `controller.adminSecret`" }} | ||
{{- end }} | ||
|
||
{{- if .Values.controller.slaveJenkinsUrl }} | ||
{{ fail "`controller.slaveJenkinsUrl` does no longer exist. It has been renamed to `agent.jenkinsUrl`" }} | ||
{{- end }} | ||
|
||
{{- if .Values.controller.slaveJenkinsTunnel }} | ||
{{ fail "`controller.slaveJenkinsTunnel` does no longer exist. It has been renamed to `agent.jenkinsTunnel`" }} | ||
{{- end }} | ||
|
||
{{- if .Values.controller.slaveConnectTimeout }} | ||
{{ fail "`controller.slaveConnectTimeout` does no longer exist. It has been renamed to `agent.kubernetesConnectTimeout`" }} | ||
{{- end }} | ||
|
||
{{- if .Values.controller.slaveReadTimeout }} | ||
{{ fail "`controller.slaveReadTimeout` does no longer exist. It has been renamed to `agent.kubernetesReadTimeout`" }} | ||
{{- end }} | ||
|
||
{{- if .Values.controller.slaveListenerServiceType }} | ||
{{ fail "`controller.slaveListenerServiceType` does no longer exist. It has been renamed to `controller.agentListenerServiceType`" }} | ||
{{- end }} | ||
|
||
{{- if .Values.controller.slaveListenerLoadBalancerIP }} | ||
{{ fail "`controller.slaveListenerLoadBalancerIP` does no longer exist. It has been renamed to `controller.agentListenerLoadBalancerIP`" }} | ||
{{- end }} | ||
|
||
{{- if .Values.controller.slaveListenerServiceAnnotations }} | ||
{{ fail "`controller.slaveListenerServiceAnnotations` does no longer exist. It has been renamed to `controller.agentListenerServiceAnnotations`" }} | ||
{{- end }} | ||
|
||
{{- if .Values.agent.slaveConnectTimeout }} | ||
{{ fail "`agent.slaveConnectTimeout` does no longer exist. It has been renamed to `agent.connectTimeout`" }} | ||
{{- end }} | ||
|
||
{{- if .Values.NetworkPolicy }} | ||
|
||
{{- if .Values.NetworkPolicy.Enabled }} | ||
{{ fail "`NetworkPolicy.Enabled` does no longer exist. It has been renamed to `networkPolicy.enabled`" }} | ||
{{- end }} | ||
|
||
{{- if .Values.NetworkPolicy.ApiVersion }} | ||
{{ fail "`NetworkPolicy.ApiVersion` does no longer exist. It has been renamed to `networkPolicy.apiVersion`" }} | ||
{{- end }} | ||
|
||
{{ fail "NetworkPolicy.* values have been renamed, please check the documentation" }} | ||
{{- end }} | ||
|
||
|
||
{{- if .Values.rbac.install }} | ||
{{ fail "`rbac.install` does no longer exist. It has been renamed to `rbac.create` and is enabled by default!" }} | ||
{{- end }} | ||
|
||
{{- if .Values.rbac.serviceAccountName }} | ||
{{ fail "`rbac.serviceAccountName` does no longer exist. It has been renamed to `serviceAccount.name`" }} | ||
{{- end }} | ||
|
||
{{- if .Values.rbac.serviceAccountAnnotations }} | ||
{{ fail "`rbac.serviceAccountAnnotations` does no longer exist. It has been renamed to `serviceAccount.annotations`" }} | ||
{{- end }} | ||
|
||
{{- if .Values.rbac.roleRef }} | ||
{{ fail "`rbac.roleRef` does no longer exist. RBAC roles are now generated, please check the documentation" }} | ||
{{- end }} | ||
|
||
{{- if .Values.rbac.roleKind }} | ||
{{ fail "`rbac.roleKind` does no longer exist. RBAC roles are now generated, please check the documentation" }} | ||
{{- end }} | ||
|
||
{{- if .Values.rbac.roleBindingKind }} | ||
{{ fail "`rbac.roleBindingKind` does no longer exist. RBAC roles are now generated, please check the documentation" }} | ||
{{- end }} | ||
|
||
{{- if .Values.controller.JCasC.pluginVersion }} | ||
{{ fail "controller.JCasC.pluginVersion has been deprecated, please use controller.installPlugins instead" }} | ||
{{- end }} | ||
|
||
{{- if .Values.controller.deploymentLabels }} | ||
{{ fail "`controller.deploymentLabels` does no longer exist. It has been renamed to `controller.statefulSetLabels`" }} | ||
{{- end }} | ||
|
||
{{- if .Values.controller.deploymentAnnotations }} | ||
{{ fail "`controller.deploymentAnnotations` does no longer exist. It has been renamed to `controller.statefulSetAnnotations`" }} | ||
{{- end }} | ||
|
||
{{- if .Values.controller.rollingUpdate }} | ||
{{ fail "`controller.rollingUpdate` does no longer exist. It is no longer relevant, since a StatefulSet is used for the Jenkins controller" }} | ||
{{- end }} | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
{{- if not (contains "jenkins-home" (quote .Values.persistence.volumes)) }} | ||
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} | ||
kind: PersistentVolumeClaim | ||
apiVersion: v1 | ||
metadata: | ||
{{- if .Values.persistence.annotations }} | ||
annotations: | ||
{{ toYaml .Values.persistence.annotations | indent 4 }} | ||
{{- end }} | ||
name: {{ template "jenkins.fullname" . }} | ||
namespace: {{ template "jenkins.namespace" . }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
{{- if .Values.persistence.labels }} | ||
{{ toYaml .Values.persistence.labels | indent 4 }} | ||
{{- end }} | ||
spec: | ||
{{- if .Values.persistence.dataSource }} | ||
dataSource: | ||
{{ toYaml .Values.persistence.dataSource | indent 4 }} | ||
{{- end }} | ||
accessModes: | ||
- {{ .Values.persistence.accessMode | quote }} | ||
resources: | ||
requests: | ||
storage: {{ .Values.persistence.size | quote }} | ||
{{- if .Values.persistence.storageClass }} | ||
{{- if (eq "-" .Values.persistence.storageClass) }} | ||
storageClassName: "" | ||
{{- else }} | ||
storageClassName: "{{ .Values.persistence.storageClass }}" | ||
{{- end }} | ||
{{- end }} | ||
{{- end }} | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
{{- $root := . }} | ||
{{- if .Values.controller.sidecars.configAutoReload.enabled }} | ||
{{- range $key, $val := .Values.controller.JCasC.configScripts }} | ||
{{- if $val }} | ||
--- | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: {{ template "jenkins.casc.configName" (list (printf "config-%s" $key) $ )}} | ||
namespace: {{ template "jenkins.namespace" $root }} | ||
labels: | ||
"app.kubernetes.io/name": {{ template "jenkins.name" $root}} | ||
{{- if $root.Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ $root.Chart.Name }}-{{ $root.Chart.Version }}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ $.Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ $.Release.Name }}" | ||
"app.kubernetes.io/component": "{{ $.Values.controller.componentName }}" | ||
{{ template "jenkins.fullname" $root }}-jenkins-config: "true" | ||
data: | ||
{{ $key }}.yaml: |- | ||
{{ tpl $val $| indent 4 }} | ||
{{- end }} | ||
{{- end }} | ||
{{- if .Values.controller.JCasC.defaultConfig }} | ||
--- | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: {{ template "jenkins.casc.configName" (list "jcasc-config" $ )}} | ||
namespace: {{ template "jenkins.namespace" $root }} | ||
labels: | ||
"app.kubernetes.io/name": {{ template "jenkins.name" $root}} | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ $root.Chart.Name }}-{{ $root.Chart.Version }}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ $.Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ $.Release.Name }}" | ||
"app.kubernetes.io/component": "{{ $.Values.controller.componentName }}" | ||
{{ template "jenkins.fullname" $root }}-jenkins-config: "true" | ||
data: | ||
jcasc-default-config.yaml: |- | ||
{{- include "jenkins.casc.defaults" . |nindent 4 }} | ||
{{- end}} | ||
{{- end }} |
43 changes: 43 additions & 0 deletions
43
helm/whanos/charts/jenkins/templates/jenkins-agent-svc.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
{{- if .Values.controller.agentListenerEnabled }} | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: {{ template "jenkins.fullname" . }}-agent | ||
namespace: {{ template "jenkins.namespace" . }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
{{- if .Values.controller.agentListenerServiceAnnotations }} | ||
annotations: | ||
{{- toYaml .Values.controller.agentListenerServiceAnnotations | nindent 4 }} | ||
{{- end }} | ||
spec: | ||
{{- if .Values.controller.agentListenerExternalTrafficPolicy }} | ||
externalTrafficPolicy: {{.Values.controller.agentListenerExternalTrafficPolicy}} | ||
{{- end }} | ||
ports: | ||
- port: {{ .Values.controller.agentListenerPort }} | ||
targetPort: {{ .Values.controller.agentListenerPort }} | ||
{{- if (and (eq .Values.controller.agentListenerServiceType "NodePort") (not (empty .Values.controller.agentListenerNodePort))) }} | ||
nodePort: {{ .Values.controller.agentListenerNodePort }} | ||
{{- end }} | ||
name: agent-listener | ||
selector: | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
type: {{ .Values.controller.agentListenerServiceType }} | ||
{{if eq .Values.controller.agentListenerServiceType "LoadBalancer"}} | ||
{{- if .Values.controller.agentListenerLoadBalancerSourceRanges }} | ||
loadBalancerSourceRanges: | ||
{{ toYaml .Values.controller.agentListenerLoadBalancerSourceRanges | indent 4 }} | ||
{{- end }} | ||
{{- end }} | ||
{{- if and (eq .Values.controller.agentListenerServiceType "LoadBalancer") (.Values.controller.agentListenerLoadBalancerIP) }} | ||
loadBalancerIP: {{ .Values.controller.agentListenerLoadBalancerIP }} | ||
{{- end }} | ||
{{- end }} |
16 changes: 16 additions & 0 deletions
16
helm/whanos/charts/jenkins/templates/jenkins-aws-security-group-policies.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
{{- if .Values.awsSecurityGroupPolicies.enabled -}} | ||
{{- range .Values.awsSecurityGroupPolicies.policies -}} | ||
apiVersion: vpcresources.k8s.aws/v1beta1 | ||
kind: SecurityGroupPolicy | ||
metadata: | ||
name: {{ .name }} | ||
namespace: {{ template "jenkins.namespace" $ }} | ||
spec: | ||
podSelector: | ||
{{- toYaml .podSelector | nindent 6}} | ||
securityGroups: | ||
groupIds: | ||
{{- toYaml .securityGroupIds | nindent 6}} | ||
--- | ||
{{- end -}} | ||
{{- end -}} |
168 changes: 168 additions & 0 deletions
168
helm/whanos/charts/jenkins/templates/jenkins-backup-cronjob.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,168 @@ | ||
{{- if .Values.backup.enabled }} | ||
apiVersion: {{ .Values.cronJob.apiVersion }} | ||
kind: CronJob | ||
metadata: | ||
name: {{ template "jenkins.fullname" . }}-backup | ||
namespace: {{ template "jenkins.namespace" . }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.backup.componentName }}" | ||
spec: | ||
schedule: {{ .Values.backup.schedule | quote }} | ||
concurrencyPolicy: Forbid | ||
startingDeadlineSeconds: 120 | ||
jobTemplate: | ||
spec: | ||
{{- if .Values.backup.activeDeadlineSeconds }} | ||
activeDeadlineSeconds: {{ .Values.backup.activeDeadlineSeconds }} | ||
{{- end }} | ||
template: | ||
metadata: | ||
{{- if .Values.backup.labels }} | ||
labels: | ||
{{- toYaml .Values.backup.labels | trim | nindent 12 }} | ||
{{- end }} | ||
{{- if .Values.backup.annotations }} | ||
annotations: | ||
{{- toYaml .Values.backup.annotations | trim | nindent 12 }} | ||
{{- end }} | ||
spec: | ||
restartPolicy: OnFailure | ||
serviceAccountName: {{ include "backup.serviceAccountBackupName" . }} | ||
{{- if .Values.backup.usePodSecurityContext }} | ||
securityContext: | ||
{{- if hasKey .Values.backup "podSecurityContextOverride" }} | ||
{{- tpl (toYaml .Values.backup.podSecurityContextOverride | nindent 12) . }} | ||
{{- else }} | ||
runAsUser: {{ default 0 .Values.backup.runAsUser }} | ||
{{- if and (.Values.backup.runAsUser) (.Values.backup.fsGroup) }} | ||
{{- if not (eq (int .Values.backup.runAsUser) 0) }} | ||
fsGroup: {{ .Values.backup.fsGroup }} | ||
{{- end }} | ||
{{- end }} | ||
{{- if .Values.backup.securityContextCapabilities }} | ||
capabilities: | ||
{{- toYaml .Values.backup.securityContextCapabilities | nindent 12 }} | ||
{{- end }} | ||
{{- end }} | ||
{{- end }} | ||
containers: | ||
- name: jenkins-backup | ||
image: "{{ .Values.backup.image.repository }}:{{ .Values.backup.image.tag }}" | ||
command: ["kube-tasks"] | ||
args: | ||
- simple-backup | ||
- -n | ||
- {{ template "jenkins.namespace" . }} | ||
- -l | ||
- app.kubernetes.io/instance={{ .Release.Name }} | ||
- --container | ||
- jenkins | ||
- --path | ||
{{- if .Values.backup.onlyJobs }} | ||
- {{ .Values.controller.jenkinsHome }}/jobs | ||
{{- else}} | ||
- {{ .Values.controller.jenkinsHome }} | ||
{{- end}} | ||
- --dst | ||
- {{ .Values.backup.destination }} | ||
{{- with .Values.backup.extraArgs }} | ||
{{- toYaml . | nindent 12 }} | ||
{{- end }} | ||
env: | ||
{{- with .Values.backup.env }} | ||
{{- toYaml . | trim | nindent 12 }} | ||
{{- end }} | ||
{{- if .Values.backup.existingSecret }} | ||
{{- range $key,$value := .Values.backup.existingSecret }} | ||
{{- if $value.awsaccesskey }} | ||
- name: AWS_ACCESS_KEY_ID | ||
valueFrom: | ||
secretKeyRef: | ||
name: {{ $key }} | ||
key: {{ $value.awsaccesskey | quote }} | ||
{{- end }} | ||
{{- if $value.awssecretkey }} | ||
- name: AWS_SECRET_ACCESS_KEY | ||
valueFrom: | ||
secretKeyRef: | ||
name: {{ $key }} | ||
key: {{ $value.awssecretkey | quote}} | ||
{{- end }} | ||
{{- if $value.azstorageaccount }} | ||
- name: AZURE_STORAGE_ACCOUNT | ||
valueFrom: | ||
secretKeyRef: | ||
name: {{ $key }} | ||
key: {{ $value.azstorageaccount | quote}} | ||
{{- end }} | ||
{{- if $value.azstoragekey }} | ||
- name: AZURE_STORAGE_ACCESS_KEY | ||
valueFrom: | ||
secretKeyRef: | ||
name: {{ $key }} | ||
key: {{ $value.azstoragekey | quote}} | ||
{{- end }} | ||
{{- if $value.gcpcredentials }} | ||
- name: GOOGLE_APPLICATION_CREDENTIALS | ||
value: "/var/run/secrets/{{ $key }}/{{ $value.gcpcredentials }}" | ||
{{- end }} | ||
{{- end }} | ||
{{- end }} | ||
{{- with .Values.backup.resources }} | ||
resources: | ||
{{- toYaml . | trim | nindent 14 }} | ||
{{- end }} | ||
volumeMounts: | ||
{{- if .Values.backup.existingSecret }} | ||
{{- range $key,$value := .Values.backup.existingSecret }} | ||
{{- if $value.gcpcredentials }} | ||
- mountPath: /var/run/secrets/{{ $key }} | ||
name: {{ $key }} | ||
{{- end }} | ||
{{- end }} | ||
{{- end }} | ||
volumes: | ||
{{- if .Values.backup.existingSecret }} | ||
{{- range $key,$value := .Values.backup.existingSecret }} | ||
{{- if $value.gcpcredentials }} | ||
- name: {{ $key }} | ||
secret: | ||
secretName: {{ $key }} | ||
{{- end }} | ||
{{- end }} | ||
{{- end }} | ||
affinity: | ||
podAffinity: | ||
preferredDuringSchedulingIgnoredDuringExecution: | ||
- weight: 100 | ||
podAffinityTerm: | ||
topologyKey: "kubernetes.io/hostname" | ||
labelSelector: | ||
matchExpressions: | ||
- key: app | ||
operator: In | ||
values: | ||
- {{ template "jenkins.fullname" . }} | ||
- key: release | ||
operator: In | ||
values: | ||
- {{ .Release.Name }} | ||
{{- with .Values.controller.tolerations }} | ||
tolerations: | ||
{{- toYaml . | nindent 10 }} | ||
{{- end }} | ||
{{- with .Values.controller.nodeSelector }} | ||
nodeSelector: | ||
{{- toYaml . | nindent 12 }} | ||
{{- end }} | ||
{{- if .Values.backup.imagePullSecretName }} | ||
imagePullSecrets: | ||
- name: {{ .Values.backup.imagePullSecretName }} | ||
{{- end -}} | ||
{{- end }} |
64 changes: 64 additions & 0 deletions
64
helm/whanos/charts/jenkins/templates/jenkins-backup-rbac.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
{{- if .Values.backup.enabled }} | ||
{{- if .Values.backup.serviceAccount.create }} | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
name: {{ include "backup.serviceAccountBackupName" . }} | ||
namespace: {{ template "jenkins.namespace" . }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
{{- if .Values.backup.serviceAccount.annotations }} | ||
annotations: | ||
{{- toYaml .Values.backup.serviceAccount.annotations | nindent 4 }} | ||
{{- end }} | ||
{{- end }} | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: Role | ||
metadata: | ||
name: {{ template "jenkins.fullname" . }}-backup | ||
namespace: {{ template "jenkins.namespace" . }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
rules: | ||
- apiGroups: [""] | ||
resources: ["pods", "pods/log"] | ||
verbs: ["get", "list"] | ||
- apiGroups: [""] | ||
resources: ["pods/exec"] | ||
verbs: ["create"] | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: RoleBinding | ||
metadata: | ||
name: {{ template "jenkins.fullname" . }}-backup | ||
namespace: {{ template "jenkins.namespace" . }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: Role | ||
name: {{ template "jenkins.fullname" . }}-backup | ||
subjects: | ||
- kind: ServiceAccount | ||
name: {{ include "backup.serviceAccountBackupName" . }} | ||
namespace: {{ template "jenkins.namespace" . }} | ||
{{- end }} |
26 changes: 26 additions & 0 deletions
26
helm/whanos/charts/jenkins/templates/jenkins-controller-alerting-rules.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
{{- if and .Values.controller.prometheus.enabled .Values.controller.prometheus.alertingrules }} | ||
--- | ||
apiVersion: monitoring.coreos.com/v1 | ||
kind: PrometheusRule | ||
metadata: | ||
name: {{ template "jenkins.fullname" . }} | ||
{{- if .Values.controller.prometheus.prometheusRuleNamespace }} | ||
namespace: {{ .Values.controller.prometheus.prometheusRuleNamespace }} | ||
{{- else }} | ||
namespace: {{ template "jenkins.namespace" . }} | ||
{{- end }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
{{- range $key, $val := .Values.controller.prometheus.alertingRulesAdditionalLabels }} | ||
{{ $key }}: {{ $val | quote }} | ||
{{- end}} | ||
spec: | ||
groups: | ||
{{ toYaml .Values.controller.prometheus.alertingrules | indent 2 }} | ||
{{- end }} |
24 changes: 24 additions & 0 deletions
24
helm/whanos/charts/jenkins/templates/jenkins-controller-backendconfig.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
{{- if .Values.controller.backendconfig.enabled }} | ||
apiVersion: {{ .Values.controller.backendconfig.apiVersion }} | ||
kind: BackendConfig | ||
metadata: | ||
name: {{ .Values.controller.backendconfig.name }} | ||
namespace: {{ template "jenkins.namespace" . }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
{{- if .Values.controller.backendconfig.labels }} | ||
{{ toYaml .Values.controller.backendconfig.labels | indent 4 }} | ||
{{- end }} | ||
{{- if .Values.controller.backendconfig.annotations }} | ||
annotations: | ||
{{ toYaml .Values.controller.backendconfig.annotations | indent 4 }} | ||
{{- end }} | ||
spec: | ||
{{ toYaml .Values.controller.backendconfig.spec | indent 2 }} | ||
{{- end }} |
77 changes: 77 additions & 0 deletions
77
helm/whanos/charts/jenkins/templates/jenkins-controller-ingress.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} | ||
{{- if .Values.controller.ingress.enabled }} | ||
{{- if semverCompare ">=1.19-0" $kubeTargetVersion -}} | ||
apiVersion: networking.k8s.io/v1 | ||
{{- else if semverCompare ">=1.14-0" $kubeTargetVersion -}} | ||
apiVersion: networking.k8s.io/v1beta1 | ||
{{- else -}} | ||
apiVersion: {{ .Values.controller.ingress.apiVersion }} | ||
{{- end }} | ||
kind: Ingress | ||
metadata: | ||
namespace: {{ template "jenkins.namespace" . }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
{{- if .Values.controller.ingress.labels }} | ||
{{ toYaml .Values.controller.ingress.labels | indent 4 }} | ||
{{- end }} | ||
{{- if .Values.controller.ingress.annotations }} | ||
annotations: | ||
{{ toYaml .Values.controller.ingress.annotations | indent 4 }} | ||
{{- end }} | ||
name: {{ template "jenkins.fullname" . }} | ||
spec: | ||
{{- if .Values.controller.ingress.ingressClassName }} | ||
ingressClassName: {{ .Values.controller.ingress.ingressClassName | quote }} | ||
{{- end }} | ||
rules: | ||
- http: | ||
paths: | ||
{{- if empty (.Values.controller.ingress.paths) }} | ||
- backend: | ||
{{- if semverCompare ">=1.19-0" $kubeTargetVersion }} | ||
service: | ||
name: {{ template "jenkins.fullname" . }} | ||
port: | ||
number: {{ .Values.controller.servicePort }} | ||
pathType: ImplementationSpecific | ||
{{- else }} | ||
serviceName: {{ template "jenkins.fullname" . }} | ||
servicePort: {{ .Values.controller.servicePort }} | ||
{{- end }} | ||
{{- if .Values.controller.ingress.path }} | ||
path: {{ .Values.controller.ingress.path }} | ||
{{- end -}} | ||
{{- else }} | ||
{{ tpl (toYaml .Values.controller.ingress.paths | indent 6) . }} | ||
{{- end -}} | ||
{{- if .Values.controller.ingress.hostName }} | ||
host: {{ tpl .Values.controller.ingress.hostName . | quote }} | ||
{{- end }} | ||
{{- if .Values.controller.ingress.resourceRootUrl }} | ||
- http: | ||
paths: | ||
- backend: | ||
{{- if semverCompare ">=1.19-0" $kubeTargetVersion }} | ||
service: | ||
name: {{ template "jenkins.fullname" . }} | ||
port: | ||
number: {{ .Values.controller.servicePort }} | ||
pathType: ImplementationSpecific | ||
{{- else }} | ||
serviceName: {{ template "jenkins.fullname" . }} | ||
servicePort: {{ .Values.controller.servicePort }} | ||
{{- end }} | ||
host: {{ tpl .Values.controller.ingress.resourceRootUrl . | quote }} | ||
{{- end }} | ||
{{- if .Values.controller.ingress.tls }} | ||
tls: | ||
{{ tpl (toYaml .Values.controller.ingress.tls ) . | indent 4 }} | ||
{{- end -}} | ||
{{- end }} |
76 changes: 76 additions & 0 deletions
76
helm/whanos/charts/jenkins/templates/jenkins-controller-networkpolicy.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
{{- if .Values.networkPolicy.enabled }} | ||
kind: NetworkPolicy | ||
apiVersion: {{ .Values.networkPolicy.apiVersion }} | ||
metadata: | ||
name: "{{ .Release.Name }}-{{ .Values.controller.componentName }}" | ||
namespace: {{ template "jenkins.namespace" . }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
spec: | ||
podSelector: | ||
matchLabels: | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
ingress: | ||
# Allow web access to the UI | ||
- ports: | ||
- port: {{ .Values.controller.targetPort }} | ||
{{- if .Values.controller.agentListenerEnabled }} | ||
# Allow inbound connections from agents | ||
- from: | ||
{{- if .Values.networkPolicy.internalAgents.allowed }} | ||
- podSelector: | ||
matchLabels: | ||
"jenkins/{{ .Release.Name }}-{{ .Values.agent.componentName }}": "true" | ||
{{- range $k,$v:= .Values.networkPolicy.internalAgents.podLabels }} | ||
{{ $k }}: {{ $v }} | ||
{{- end }} | ||
{{- if .Values.networkPolicy.internalAgents.namespaceLabels }} | ||
namespaceSelector: | ||
matchLabels: | ||
{{- range $k,$v:= .Values.networkPolicy.internalAgents.namespaceLabels }} | ||
{{ $k }}: {{ $v }} | ||
{{- end }} | ||
{{- end }} | ||
{{- end }} | ||
{{- if .Values.networkPolicy.externalAgents }} | ||
- ipBlock: | ||
cidr: {{ required "ipCIDR is required if you wish to allow external agents to connect to Jenkins Controller." .Values.networkPolicy.externalAgents.ipCIDR }} | ||
{{- if .Values.networkPolicy.externalAgents.except }} | ||
except: | ||
{{- range .Values.networkPolicy.externalAgents.except }} | ||
- {{ . }} | ||
{{- end }} | ||
{{- end }} | ||
{{- end }} | ||
ports: | ||
- port: {{ .Values.controller.agentListenerPort }} | ||
{{- end }} | ||
{{- if .Values.agent.enabled }} | ||
--- | ||
kind: NetworkPolicy | ||
apiVersion: {{ .Values.networkPolicy.apiVersion }} | ||
metadata: | ||
name: "{{ .Release.Name }}-{{ .Values.agent.componentName }}" | ||
namespace: {{ template "jenkins.namespace" . }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
spec: | ||
podSelector: | ||
matchLabels: | ||
# DefaultDeny | ||
"jenkins/{{ .Release.Name }}-{{ .Values.agent.componentName }}": "true" | ||
{{- end }} | ||
{{- end }} |
34 changes: 34 additions & 0 deletions
34
helm/whanos/charts/jenkins/templates/jenkins-controller-pdb.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
{{- if .Values.controller.podDisruptionBudget.enabled }} | ||
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} | ||
{{- if semverCompare ">=1.21-0" $kubeTargetVersion -}} | ||
apiVersion: policy/v1 | ||
{{- else if semverCompare ">=1.5-0" $kubeTargetVersion -}} | ||
apiVersion: policy/v1beta1 | ||
{{- else -}} | ||
apiVersion: {{ .Values.controller.podDisruptionBudget.apiVersion }} | ||
{{- end }} | ||
kind: PodDisruptionBudget | ||
metadata: | ||
name: {{ template "jenkins.fullname" . }}-pdb | ||
namespace: {{ template "jenkins.namespace" . }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
{{- if .Values.controller.podDisruptionBudget.labels -}} | ||
{{ toYaml .Values.controller.podDisruptionBudget.labels | nindent 4 }} | ||
{{- end }} | ||
{{- if .Values.controller.podDisruptionBudget.annotations }} | ||
annotations: {{ toYaml .Values.controller.podDisruptionBudget.annotations | nindent 4 }} | ||
{{- end }} | ||
spec: | ||
maxUnavailable: {{ .Values.controller.podDisruptionBudget.maxUnavailable }} | ||
selector: | ||
matchLabels: | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- end }} |
30 changes: 30 additions & 0 deletions
30
helm/whanos/charts/jenkins/templates/jenkins-controller-podmonitor.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
{{- if .Values.controller.googlePodMonitor.enabled }} | ||
apiVersion: monitoring.googleapis.com/v1 | ||
kind: PodMonitoring | ||
|
||
metadata: | ||
name: {{ template "jenkins.fullname" . }} | ||
{{- if .Values.controller.googlePodMonitor.serviceMonitorNamespace }} | ||
namespace: {{ .Values.controller.googlePodMonitor.serviceMonitorNamespace }} | ||
{{- else }} | ||
namespace: {{ template "jenkins.namespace" . }} | ||
{{- end }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
|
||
spec: | ||
endpoints: | ||
- interval: {{ .Values.controller.googlePodMonitor.scrapeInterval }} | ||
port: http | ||
path: {{ .Values.controller.jenkinsUriPrefix }}{{ .Values.controller.googlePodMonitor.scrapeEndpoint }} | ||
selector: | ||
matchLabels: | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
{{- end }} |
34 changes: 34 additions & 0 deletions
34
helm/whanos/charts/jenkins/templates/jenkins-controller-route.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
{{- if .Values.controller.route.enabled }} | ||
apiVersion: route.openshift.io/v1 | ||
kind: Route | ||
metadata: | ||
namespace: {{ template "jenkins.namespace" . }} | ||
labels: | ||
app: {{ template "jenkins.fullname" . }} | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
release: "{{ .Release.Name }}" | ||
heritage: "{{ .Release.Service }}" | ||
component: "{{ .Release.Name }}-{{ .Values.controller.componentName }}" | ||
{{- if .Values.controller.route.labels }} | ||
{{ toYaml .Values.controller.route.labels | indent 4 }} | ||
{{- end }} | ||
{{- if .Values.controller.route.annotations }} | ||
annotations: | ||
{{ toYaml .Values.controller.route.annotations | indent 4 }} | ||
{{- end }} | ||
name: {{ template "jenkins.fullname" . }} | ||
spec: | ||
host: {{ .Values.controller.route.path }} | ||
port: | ||
targetPort: http | ||
tls: | ||
insecureEdgeTerminationPolicy: Redirect | ||
termination: edge | ||
to: | ||
kind: Service | ||
name: {{ template "jenkins.fullname" . }} | ||
weight: 100 | ||
wildcardPolicy: None | ||
{{- end }} |
56 changes: 56 additions & 0 deletions
56
helm/whanos/charts/jenkins/templates/jenkins-controller-secondary-ingress.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
{{- if .Values.controller.secondaryingress.enabled }} | ||
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} | ||
{{- $serviceName := include "jenkins.fullname" . -}} | ||
{{- $servicePort := .Values.controller.servicePort -}} | ||
{{- if semverCompare ">=1.19-0" $kubeTargetVersion -}} | ||
apiVersion: networking.k8s.io/v1 | ||
{{- else if semverCompare ">=1.14-0" $kubeTargetVersion -}} | ||
apiVersion: networking.k8s.io/v1beta1 | ||
{{- else -}} | ||
apiVersion: {{ .Values.controller.secondaryingress.apiVersion }} | ||
{{- end }} | ||
kind: Ingress | ||
metadata: | ||
namespace: {{ template "jenkins.namespace" . }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
{{- if .Values.controller.secondaryingress.labels -}} | ||
{{ toYaml .Values.controller.secondaryingress.labels | nindent 4 }} | ||
{{- end }} | ||
{{- if .Values.controller.secondaryingress.annotations }} | ||
annotations: {{ toYaml .Values.controller.secondaryingress.annotations | nindent 4 }} | ||
{{- end }} | ||
name: {{ template "jenkins.fullname" . }}-secondary | ||
spec: | ||
{{- if .Values.controller.secondaryingress.ingressClassName }} | ||
ingressClassName: {{ .Values.controller.secondaryingress.ingressClassName | quote }} | ||
{{- end }} | ||
rules: | ||
- host: {{ .Values.controller.secondaryingress.hostName }} | ||
http: | ||
paths: | ||
{{- range .Values.controller.secondaryingress.paths }} | ||
- path: {{ . | quote }} | ||
backend: | ||
{{ if semverCompare ">=1.19-0" $kubeTargetVersion }} | ||
service: | ||
name: {{ $serviceName }} | ||
port: | ||
number: {{ $servicePort }} | ||
pathType: ImplementationSpecific | ||
{{ else }} | ||
serviceName: {{ $serviceName }} | ||
servicePort: {{ $servicePort }} | ||
{{ end }} | ||
{{- end}} | ||
{{- if .Values.controller.secondaryingress.tls }} | ||
tls: | ||
{{ toYaml .Values.controller.secondaryingress.tls | indent 4 }} | ||
{{- end -}} | ||
{{- end }} |
45 changes: 45 additions & 0 deletions
45
helm/whanos/charts/jenkins/templates/jenkins-controller-servicemonitor.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
{{- if and .Values.controller.prometheus.enabled }} | ||
apiVersion: monitoring.coreos.com/v1 | ||
kind: ServiceMonitor | ||
|
||
metadata: | ||
name: {{ template "jenkins.fullname" . }} | ||
{{- if .Values.controller.prometheus.serviceMonitorNamespace }} | ||
namespace: {{ .Values.controller.prometheus.serviceMonitorNamespace }} | ||
{{- else }} | ||
namespace: {{ template "jenkins.namespace" . }} | ||
{{- end }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
{{- range $key, $val := .Values.controller.prometheus.serviceMonitorAdditionalLabels }} | ||
{{ $key }}: {{ $val | quote }} | ||
{{- end}} | ||
|
||
spec: | ||
endpoints: | ||
- interval: {{ .Values.controller.prometheus.scrapeInterval }} | ||
port: http | ||
path: {{ .Values.controller.jenkinsUriPrefix }}{{ .Values.controller.prometheus.scrapeEndpoint }} | ||
{{- with .Values.controller.prometheus.relabelings }} | ||
relabelings: | ||
{{- toYaml . | nindent 6 }} | ||
{{- end }} | ||
{{- with .Values.controller.prometheus.metricRelabelings }} | ||
metricRelabelings: | ||
{{- toYaml . | nindent 6 }} | ||
{{- end }} | ||
jobLabel: {{ template "jenkins.fullname" . }} | ||
namespaceSelector: | ||
matchNames: | ||
- "{{ template "jenkins.namespace" $ }}" | ||
selector: | ||
matchLabels: | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
{{- end }} |
413 changes: 413 additions & 0 deletions
413
helm/whanos/charts/jenkins/templates/jenkins-controller-statefulset.yaml
Large diffs are not rendered by default.
Oops, something went wrong.
56 changes: 56 additions & 0 deletions
56
helm/whanos/charts/jenkins/templates/jenkins-controller-svc.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: {{template "jenkins.fullname" . }} | ||
namespace: {{ template "jenkins.namespace" . }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
{{- if .Values.controller.serviceLabels }} | ||
{{ toYaml .Values.controller.serviceLabels | indent 4 }} | ||
{{- end }} | ||
{{- if .Values.controller.serviceAnnotations }} | ||
annotations: | ||
{{ toYaml .Values.controller.serviceAnnotations | indent 4 }} | ||
{{- end }} | ||
spec: | ||
{{- if .Values.controller.serviceExternalTrafficPolicy }} | ||
externalTrafficPolicy: {{.Values.controller.serviceExternalTrafficPolicy}} | ||
{{- end }} | ||
{{- if (and (eq .Values.controller.serviceType "ClusterIP") (not (empty .Values.controller.clusterIP))) }} | ||
clusterIP: {{.Values.controller.clusterIP}} | ||
{{- end }} | ||
ports: | ||
- port: {{.Values.controller.servicePort}} | ||
name: http | ||
targetPort: {{ .Values.controller.targetPort }} | ||
{{- if (and (eq .Values.controller.serviceType "NodePort") (not (empty .Values.controller.nodePort))) }} | ||
nodePort: {{.Values.controller.nodePort}} | ||
{{- end }} | ||
{{- range $index, $port := .Values.controller.extraPorts }} | ||
- port: {{ $port.port }} | ||
name: {{ $port.name }} | ||
{{- if $port.targetPort }} | ||
targetPort: {{ $port.targetPort }} | ||
{{- else }} | ||
targetPort: {{ $port.port }} | ||
{{- end -}} | ||
{{- end }} | ||
selector: | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
type: {{.Values.controller.serviceType}} | ||
{{if eq .Values.controller.serviceType "LoadBalancer"}} | ||
{{- if .Values.controller.loadBalancerSourceRanges }} | ||
loadBalancerSourceRanges: | ||
{{ toYaml .Values.controller.loadBalancerSourceRanges | indent 4 }} | ||
{{- end }} | ||
{{if .Values.controller.loadBalancerIP}} | ||
loadBalancerIP: {{.Values.controller.loadBalancerIP}} | ||
{{end}} | ||
{{end}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,149 @@ | ||
{{ if .Values.rbac.create }} | ||
{{- $serviceName := include "jenkins.fullname" . -}} | ||
|
||
# This role is used to allow Jenkins scheduling of agents via Kubernetes plugin. | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: Role | ||
metadata: | ||
name: {{ $serviceName }}-schedule-agents | ||
namespace: {{ template "jenkins.agent.namespace" . }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
rules: | ||
- apiGroups: [""] | ||
resources: ["pods", "pods/exec", "pods/log", "persistentvolumeclaims", "events"] | ||
verbs: ["get", "list", "watch"] | ||
- apiGroups: [""] | ||
resources: ["pods", "pods/exec", "persistentvolumeclaims"] | ||
verbs: ["create", "delete", "deletecollection", "patch", "update"] | ||
|
||
--- | ||
|
||
# We bind the role to the Jenkins service account. The role binding is created in the namespace | ||
# where the agents are supposed to run. | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: RoleBinding | ||
metadata: | ||
name: {{ $serviceName }}-schedule-agents | ||
namespace: {{ template "jenkins.agent.namespace" . }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: Role | ||
name: {{ $serviceName }}-schedule-agents | ||
subjects: | ||
- kind: ServiceAccount | ||
name: {{ template "jenkins.serviceAccountName" .}} | ||
namespace: {{ template "jenkins.namespace" . }} | ||
|
||
--- | ||
|
||
{{- if .Values.rbac.readSecrets }} | ||
# This is needed if you want to use https://jenkinsci.github.io/kubernetes-credentials-provider-plugin/ | ||
# as it needs permissions to get/watch/list Secrets | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: Role | ||
metadata: | ||
name: {{ template "jenkins.fullname" . }}-read-secrets | ||
namespace: {{ template "jenkins.namespace" . }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
rules: | ||
- apiGroups: [""] | ||
resources: ["secrets"] | ||
verbs: ["get", "watch", "list"] | ||
|
||
--- | ||
|
||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: RoleBinding | ||
metadata: | ||
name: {{ $serviceName }}-read-secrets | ||
namespace: {{ template "jenkins.namespace" . }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: Role | ||
name: {{ template "jenkins.fullname" . }}-read-secrets | ||
subjects: | ||
- kind: ServiceAccount | ||
name: {{ template "jenkins.serviceAccountName" . }} | ||
namespace: {{ template "jenkins.namespace" . }} | ||
|
||
--- | ||
{{- end}} | ||
|
||
{{- if .Values.controller.sidecars.configAutoReload.enabled }} | ||
# The sidecar container which is responsible for reloading configuration changes | ||
# needs permissions to watch ConfigMaps | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: Role | ||
metadata: | ||
name: {{ template "jenkins.fullname" . }}-casc-reload | ||
namespace: {{ template "jenkins.namespace" . }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
rules: | ||
- apiGroups: [""] | ||
resources: ["configmaps"] | ||
verbs: ["get", "watch", "list"] | ||
|
||
--- | ||
|
||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: RoleBinding | ||
metadata: | ||
name: {{ $serviceName }}-watch-configmaps | ||
namespace: {{ template "jenkins.namespace" . }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: Role | ||
name: {{ template "jenkins.fullname" . }}-casc-reload | ||
subjects: | ||
- kind: ServiceAccount | ||
name: {{ template "jenkins.serviceAccountName" . }} | ||
namespace: {{ template "jenkins.namespace" . }} | ||
|
||
{{- end}} | ||
|
||
{{ end }} |
21 changes: 21 additions & 0 deletions
21
helm/whanos/charts/jenkins/templates/secret-additional.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
{{- if .Values.controller.additionalSecrets -}} | ||
--- | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: {{ template "jenkins.fullname" . }}-additional-secrets | ||
namespace: {{ template "jenkins.namespace" . }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
type: Opaque | ||
data: | ||
{{- range .Values.controller.additionalSecrets }} | ||
{{ .name }}: {{ .value | b64enc }} | ||
{{- end }} | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
{{- if .Values.controller.secretClaims -}} | ||
{{- $r := .Release -}} | ||
{{- $v := .Values -}} | ||
{{- $chart := printf "%s-%s" .Chart.Name .Chart.Version -}} | ||
{{- $namespace := include "jenkins.namespace" . -}} | ||
{{- $serviceName := include "jenkins.fullname" . -}} | ||
{{ range .Values.controller.secretClaims }} | ||
--- | ||
kind: SecretClaim | ||
apiVersion: vaultproject.io/v1 | ||
metadata: | ||
name: {{ $serviceName }}-{{ .name | default .path | lower }} | ||
namespace: {{ $namespace }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ $serviceName }}' | ||
{{- if $v.renderHelmLabels }} | ||
"helm.sh/chart": "{{ $chart }}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ $r.Service }}" | ||
"app.kubernetes.io/instance": "{{ $r.Name }}" | ||
"app.kubernetes.io/component": "{{ $v.controller.componentName }}" | ||
spec: | ||
type: {{ .type | default "Opaque" }} | ||
path: {{ .path }} | ||
{{- if .renew }} | ||
renew: {{ .renew }} | ||
{{- end }} | ||
{{- end }} | ||
{{- end }} |
20 changes: 20 additions & 0 deletions
20
helm/whanos/charts/jenkins/templates/secret-https-jks.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
{{- if and .Values.controller.httpsKeyStore.enable ( not .Values.controller.httpsKeyStore.jenkinsHttpsJksSecretName ) (not .Values.controller.httpsKeyStore.disableSecretMount) -}} | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: {{ template "jenkins.fullname" . }}-https-jks | ||
namespace: {{ template "jenkins.namespace" . }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
type: Opaque | ||
data: | ||
jenkins-jks-file: | | ||
{{ .Values.controller.httpsKeyStore.jenkinsKeyStoreBase64Encoded | indent 4 }} | ||
https-jks-password: {{ .Values.controller.httpsKeyStore.password | b64enc }} | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
{{- if and (not .Values.controller.admin.existingSecret) (.Values.controller.adminSecret) -}} | ||
|
||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: {{ template "jenkins.fullname" . }} | ||
namespace: {{ template "jenkins.namespace" . }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
type: Opaque | ||
data: | ||
jenkins-admin-password: {{ template "jenkins.password" . }} | ||
jenkins-admin-user: {{ .Values.controller.adminUser | b64enc | quote }} | ||
{{- end }} |
26 changes: 26 additions & 0 deletions
26
helm/whanos/charts/jenkins/templates/service-account-agent.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
{{ if .Values.serviceAccountAgent.create }} | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
name: {{ include "jenkins.serviceAccountAgentName" . }} | ||
namespace: {{ template "jenkins.agent.namespace" . }} | ||
{{- if .Values.serviceAccountAgent.annotations }} | ||
annotations: | ||
{{ tpl (toYaml .Values.serviceAccountAgent.annotations) . | indent 4 }} | ||
{{- end }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
{{- if .Values.serviceAccountAgent.extraLabels }} | ||
{{ tpl (toYaml .Values.serviceAccountAgent.extraLabels) . | indent 4 }} | ||
{{- end }} | ||
{{- if .Values.serviceAccountAgent.imagePullSecretName }} | ||
imagePullSecrets: | ||
- name: {{ .Values.serviceAccountAgent.imagePullSecretName }} | ||
{{- end -}} | ||
{{ end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
{{ if .Values.serviceAccount.create }} | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
name: {{ include "jenkins.serviceAccountName" . }} | ||
namespace: {{ template "jenkins.namespace" . }} | ||
{{- if .Values.serviceAccount.annotations }} | ||
annotations: | ||
{{ tpl (toYaml .Values.serviceAccount.annotations) . | indent 4 }} | ||
{{- end }} | ||
labels: | ||
"app.kubernetes.io/name": '{{ template "jenkins.name" .}}' | ||
{{- if .Values.renderHelmLabels }} | ||
"helm.sh/chart": "{{ template "jenkins.label" .}}" | ||
{{- end }} | ||
"app.kubernetes.io/managed-by": "{{ .Release.Service }}" | ||
"app.kubernetes.io/instance": "{{ .Release.Name }}" | ||
"app.kubernetes.io/component": "{{ .Values.controller.componentName }}" | ||
{{- if .Values.serviceAccount.extraLabels }} | ||
{{ tpl (toYaml .Values.serviceAccount.extraLabels) . | indent 4 }} | ||
{{- end }} | ||
{{- if .Values.serviceAccount.imagePullSecretName }} | ||
imagePullSecrets: | ||
- name: {{ .Values.serviceAccount.imagePullSecretName }} | ||
{{- end -}} | ||
{{ end }} |
49 changes: 49 additions & 0 deletions
49
helm/whanos/charts/jenkins/templates/tests/jenkins-test.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
{{- if .Values.controller.testEnabled }} | ||
apiVersion: v1 | ||
kind: Pod | ||
metadata: | ||
name: "{{ .Release.Name }}-ui-test-{{ randAlphaNum 5 | lower }}" | ||
namespace: {{ template "jenkins.namespace" . }} | ||
annotations: | ||
"helm.sh/hook": test-success | ||
spec: | ||
{{- if .Values.controller.nodeSelector }} | ||
nodeSelector: | ||
{{ toYaml .Values.controller.nodeSelector | indent 4 }} | ||
{{- end }} | ||
{{- if .Values.controller.tolerations }} | ||
tolerations: | ||
{{ toYaml .Values.controller.tolerations | indent 4 }} | ||
{{- end }} | ||
initContainers: | ||
- name: "test-framework" | ||
image: {{ .Values.helmtest.bats.image }}:{{ .Values.helmtest.bats.tag }} | ||
command: | ||
- "bash" | ||
- "-c" | ||
args: | ||
- | | ||
# copy bats to tools dir | ||
set -ex | ||
cp -R /opt/bats /tools/bats/ | ||
volumeMounts: | ||
- mountPath: /tools | ||
name: tools | ||
containers: | ||
- name: {{ .Release.Name }}-ui-test | ||
image: "{{ .Values.controller.image }}:{{- include "controller.tag" . -}}" | ||
command: ["/tools/bats/bin/bats", "-t", "/tests/run.sh"] | ||
volumeMounts: | ||
- mountPath: /tests | ||
name: tests | ||
readOnly: true | ||
- mountPath: /tools | ||
name: tools | ||
volumes: | ||
- name: tests | ||
configMap: | ||
name: {{ template "jenkins.fullname" . }}-tests | ||
- name: tools | ||
emptyDir: {} | ||
restartPolicy: Never | ||
{{- end }} |
14 changes: 14 additions & 0 deletions
14
helm/whanos/charts/jenkins/templates/tests/test-config.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
{{- if .Values.controller.testEnabled }} | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: {{ template "jenkins.fullname" . }}-tests | ||
namespace: {{ template "jenkins.namespace" . }} | ||
annotations: | ||
"helm.sh/hook": test | ||
data: | ||
run.sh: |- | ||
@test "Testing Jenkins UI is accessible" { | ||
curl --retry 48 --retry-delay 10 {{ template "jenkins.fullname" . }}:{{ .Values.controller.servicePort }}{{ default "" .Values.controller.jenkinsUriPrefix }}/login | ||
} | ||
{{- end }} |
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
{{/* | ||
Expand the name of the chart. | ||
*/}} | ||
{{- define "whanos.name" -}} | ||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} | ||
{{- end }} | ||
|
||
{{/* | ||
Create a default fully qualified app name. | ||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). | ||
If release name contains chart name it will be used as a full name. | ||
*/}} | ||
{{- define "whanos.fullname" -}} | ||
{{- if .Values.fullnameOverride }} | ||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} | ||
{{- else }} | ||
{{- $name := default .Chart.Name .Values.nameOverride }} | ||
{{- if contains $name .Release.Name }} | ||
{{- .Release.Name | trunc 63 | trimSuffix "-" }} | ||
{{- else }} | ||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} | ||
{{- end }} | ||
{{- end }} | ||
{{- end }} | ||
|
||
{{/* | ||
Create chart name and version as used by the chart label. | ||
*/}} | ||
{{- define "whanos.chart" -}} | ||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} | ||
{{- end }} | ||
|
||
{{/* | ||
Common labels | ||
*/}} | ||
{{- define "whanos.labels" -}} | ||
helm.sh/chart: {{ include "whanos.chart" . }} | ||
{{ include "whanos.selectorLabels" . }} | ||
{{- if .Chart.AppVersion }} | ||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} | ||
{{- end }} | ||
app.kubernetes.io/managed-by: {{ .Release.Service }} | ||
{{- end }} | ||
|
||
{{/* | ||
Selector labels | ||
*/}} | ||
{{- define "whanos.selectorLabels" -}} | ||
app.kubernetes.io/name: {{ include "whanos.name" . }} | ||
app.kubernetes.io/instance: {{ .Release.Name }} | ||
{{- end }} | ||
|
||
{{/* | ||
Create the name of the service account to use | ||
*/}} | ||
{{- define "whanos.serviceAccountName" -}} | ||
{{- if .Values.serviceAccount.create }} | ||
{{- default (include "whanos.fullname" .) .Values.serviceAccount.name }} | ||
{{- else }} | ||
{{- default "default" .Values.serviceAccount.name }} | ||
{{- end }} | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
apiVersion: v1 | ||
kind: Namespace | ||
metadata: | ||
name: jenkins |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
--- | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
name: jenkins | ||
namespace: jenkins | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRole | ||
metadata: | ||
annotations: | ||
rbac.authorization.kubernetes.io/autoupdate: "true" | ||
"helm.sh/hook": pre-install | ||
"helm.sh/hook-weight": "-8" | ||
"helm.sh/hook-delete-policy": hook-succeeded | ||
labels: | ||
kubernetes.io/bootstrapping: rbac-defaults | ||
name: jenkins | ||
rules: | ||
- apiGroups: | ||
- '*' | ||
resources: | ||
- statefulsets | ||
- services | ||
- replicationcontrollers | ||
- replicasets | ||
- podtemplates | ||
- podsecuritypolicies | ||
- pods | ||
- pods/log | ||
- pods/exec | ||
- podpreset | ||
- poddisruptionbudget | ||
- persistentvolumes | ||
- persistentvolumeclaims | ||
- jobs | ||
- endpoints | ||
- deployments | ||
- deployments/scale | ||
- daemonsets | ||
- cronjobs | ||
- configmaps | ||
- namespaces | ||
- events | ||
- secrets | ||
verbs: | ||
- create | ||
- get | ||
- watch | ||
- delete | ||
- list | ||
- patch | ||
- update | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- nodes | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- update | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRoleBinding | ||
metadata: | ||
annotations: | ||
rbac.authorization.kubernetes.io/autoupdate: "true" | ||
"helm.sh/hook": pre-install | ||
"helm.sh/hook-weight": "-7" | ||
"helm.sh/hook-delete-policy": hook-succeeded | ||
labels: | ||
kubernetes.io/bootstrapping: rbac-defaults | ||
name: jenkins | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: ClusterRole | ||
name: jenkins | ||
subjects: | ||
- apiGroup: rbac.authorization.k8s.io | ||
kind: Group | ||
name: system:serviceaccounts:jenkins |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
apiVersion: v1 | ||
kind: PersistentVolume | ||
metadata: | ||
name: jenkins-pv | ||
namespace: jenkins | ||
annotations: | ||
"helm.sh/hook": pre-install | ||
"helm.sh/hook-weight": "-10" | ||
"helm.sh/hook-delete-policy": hook-succeeded | ||
spec: | ||
storageClassName: jenkins-pv | ||
accessModes: | ||
- ReadWriteOnce | ||
capacity: | ||
storage: 8Gi | ||
persistentVolumeReclaimPolicy: Retain | ||
hostPath: | ||
path: /data/jenkins-volume/ | ||
|
||
--- | ||
apiVersion: storage.k8s.io/v1 | ||
kind: StorageClass | ||
metadata: | ||
name: jenkins-pv | ||
annotations: | ||
"helm.sh/hook": pre-install | ||
"helm.sh/hook-weight": "-9" | ||
"helm.sh/hook-delete-policy": hook-succeeded | ||
provisioner: kubernetes.io/no-provisioner | ||
volumeBindingMode: WaitForFirstConsumer |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,130 @@ | ||
jenkins: | ||
controller: | ||
# When enabling LDAP or another non-Jenkins identity source, the built-in admin account will no longer exist. | ||
# If you disable the non-Jenkins identity store and instead use the Jenkins internal one, | ||
# you should revert controller.adminUser to your preferred admin user: | ||
adminUser: "admin" | ||
adminPassword: "admin" | ||
servicePort: 32000 # The port the service listens on (32000 for NodePort, 8080 for LoadBalancer and ClusterIP) | ||
# For minikube, set this to NodePort, elsewhere use LoadBalancer | ||
# Use ClusterIP if your setup includes ingress controller | ||
serviceType: NodePort | ||
|
||
installPlugins: | ||
- kubernetes:4029.v5712230ccb_f8 | ||
- workflow-aggregator:596.v8c21c963d92d | ||
- git:5.2.0 | ||
- configuration-as-code:1670.v564dc8b_982d0 | ||
|
||
# List of plugins to install in addition to those listed in controller.installPlugins | ||
additionalPlugins: | ||
- role-strategy:689.v731678c3e0eb_ | ||
- job-dsl:1.87 | ||
- parameterized-trigger:2.46 | ||
- github:1.37.3.1 | ||
- ws-cleanup:0.45 | ||
|
||
JCasC: | ||
defaultConfig: true | ||
configScripts: | ||
welcome-message: | | ||
jenkins: | ||
systemMessage: Welcome to our CI\CD server. This Jenkins is Whanos-powered instance!. | ||
security-dsl: | | ||
security: | ||
globalJobDslSecurityConfiguration: | ||
useScriptSecurity: false | ||
job-config: | | ||
jobs: | ||
- script: | | ||
import java.io.File | ||
// Utility function to clone the repository and return the directory path | ||
def cloneRepoAndGetImagesDir() { | ||
def workspace = new File('/tmp/whanos_repo') | ||
def cloneCommand = "git clone https://github.com/Tux-Inc/Whanos.git /tmp/whanos_repo" | ||
// Execute the git clone command | ||
def process = cloneCommand.execute() | ||
process.waitFor() | ||
// Check for errors in cloning | ||
if (process.exitValue() != 0) { | ||
println "Error cloning repository: " + process.err.text | ||
return null | ||
} | ||
// Return the directory path of the cloned repository | ||
return new File(workspace, "images") | ||
} | ||
def imagesDir = cloneRepoAndGetImagesDir() | ||
def languages = [] | ||
if (imagesDir.exists() && imagesDir.isDirectory()) { | ||
def directories = imagesDir.listFiles().findAll { it.isDirectory() } | ||
languages = directories.collect { it.name } | ||
println "Available languages: " + languages | ||
} else { | ||
println "Images directory not found or is not a directory, no languages available" | ||
} | ||
folder("Whanos base images") { | ||
description("Whanos base images folder") | ||
} | ||
folder("Projects") { | ||
description("Projects folder") | ||
} | ||
languages.each { language -> | ||
println "Creating job for language: " + language | ||
freeStyleJob("Whanos base images/whanos-$language") { | ||
steps { | ||
shell("docker build $imagesDir/$language -t whanos-$language -f $imagesDir/$language/Dockerfile.base") | ||
} | ||
} | ||
} | ||
freeStyleJob("link-project") { | ||
parameters { | ||
stringParam("GITHUB_NAME", null, "GitHub repository owner/repo_name (e.g.: 'EpitechIT31000/chocolatine')") | ||
stringParam("DISPLAY_NAME", null, "Display name for the job") | ||
} | ||
steps { | ||
dsl { | ||
text(''' | ||
freeStyleJob("Projects/$DISPLAY_NAME") { | ||
wrappers { | ||
preBuildCleanup() | ||
} | ||
scm { | ||
github("$GITHUB_NAME") | ||
} | ||
triggers { | ||
githubPush() | ||
} | ||
steps { | ||
shell("echo 'TODO: BUILD IMAGE'") | ||
} | ||
} | ||
''') | ||
} | ||
} | ||
} | ||
agent: | ||
additionalContainers: | ||
- sideContainerName: dind | ||
image: docker | ||
tag: dind | ||
command: dockerd-entrypoint.sh | ||
args: "" | ||
privileged: true | ||
resources: | ||
requests: | ||
cpu: 500m | ||
memory: 1Gi | ||
limits: | ||
cpu: 1 | ||
memory: 2Gi |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters