feat: Add prometheus integration to jenkins

defenseunicorns · Jul 11, 2024 · 04b3db1 · 04b3db1
1 parent 857c3c8
commit 04b3db1
Show file tree

Hide file tree

Showing 4 changed files with 59 additions and 2 deletions.
diff --git a/chart/templates/uds-package.yaml b/chart/templates/uds-package.yaml
@@ -11,6 +11,15 @@ spec:
       redirectUris:
         - "https://jenkins.{{ .Values.domain }}/securityRealm/finishLogin"
   {{- end }}
+
+  monitor:
+    - selector:
+        app.kubernetes.io/name: jenkins
+      targetPort: 8080
+      portName: http
+      path: /prometheus/
+      description: Metrics
+
   network:
     expose:
       - service: jenkins
@@ -22,18 +31,39 @@ spec:
     allow:
       - direction: Ingress
         remoteGenerated: IntraNamespace
+
       - direction: Egress
         remoteGenerated: IntraNamespace
+
       - direction: Egress
         podLabels:
           app.kubernetes.io/name: jenkins
         port: 443
         description: "Jenkins-plugins & SSO"
+
       - direction: Egress
         podLabels:
           jenkins/label: jenkins-jenkins-agent
         port: 443
         description: "Jenkins-jobs phone home"
+
       - direction: Egress
-        # todo: this is over permissive, need to scope it down
+        podLabels:
+          app.kubernetes.io/name: jenkins
         remoteGenerated: KubeAPI
+
+      # Custom rules for unanticipated scenarios
+      {{- range .Values.customNetworkPolicies }}
+      - direction: {{ .direction }}
+        selector:
+          {{ .selector | toYaml | nindent 10 }}
+        {{- if not .remoteGenerated }}
+        remoteNamespace: {{ .remoteNamespace }}
+        remoteSelector:
+          {{ .remoteSelector | toYaml | nindent 10 }}
+        port: {{ .port }}
+        {{- else }}
+        remoteGenerated: {{ .remoteGenerated }}
+        {{- end }}
+        description: {{ .description }}
+      {{- end }}
diff --git a/chart/values.yaml b/chart/values.yaml
@@ -1,3 +1,21 @@
 domain: "###ZARF_VAR_DOMAIN###"
+
 sso:
   enabled: true
+
+# customNetworkPolicies:
+#    # Notice no `remoteGenerated` field here on custom internal rule
+#   - direction: Ingress
+#     selector:
+#       app: jenkins
+#     remoteNamespace: jenkins
+#     remoteSelector:
+#       app: jenkins
+#     port: 8180
+#     description: "Ingress from Jenkins"
+#   # No `remoteNamespace`, `remoteSelector`, or `port` fields on rule to `remoteGenerated`
+#   - direction: Egress
+#     selector:
+#       app: webservice
+#     remoteGenerated: Anywhere
+#     description: "Egress from Mattermost"
diff --git a/tasks.yaml b/tasks.yaml
@@ -15,12 +15,19 @@ tasks:
       - task: setup:k3d-test-cluster
       - task: deploy:test-bundle
 
+  - name: default-full
+    description: Create K3D Cluster with UDS-Core + Jenkins
+    actions:
+      - task: create-test-bundle
+      - task: setup:k3d-full-cluster
+      - task: deploy:test-bundle
+
   - name: create-package
     description: Create UDS Jenkins Package
     actions:
       - task: create:package
         with:
-          options: "--skip-sbom"
+          options: "--skip-sbom --flavor registry1"
 
   - name: create-test-bundle
     description: Create a local UDS Jenkins bundle

diff --git a/values/common.yaml b/values/common.yaml
@@ -21,6 +21,8 @@ controller:
     - git:5.2.2
     - configuration-as-code:1810.v9b_c30a_249a_4c
     - oic-auth:4.269.va_7526f34f306
+    - prometheus:773.v3b_62d8178eec
+    - cloudbees-disk-usage-simple:203.v3f46a_7462b_1a_
   overwritePlugins: true
   JCasC:
     defaultConfig: true