1
0
molgenis-ops-docker-helm/molgenis-jenkins/README.md

107 lines
6.0 KiB
Markdown
Raw Normal View History

# Molgenis Jenkins Helm Chart
2018-06-29 09:53:48 +02:00
Jenkins master and slave cluster utilizing the Jenkins Kubernetes plugin.
Wraps [the kuberenetes jenkins chart](https://github.com/kubernetes/charts/tree/master/stable/jenkins), see documentation there!
## Chart Details
This chart will do the following:
* 1 x Jenkins Master with port 8080 exposed on an external ClusterIP
* All using Kubernetes Deployments
## Installing the Chart
2018-06-29 09:53:48 +02:00
Usually, you'll be deploying this to the molgenis cluster.
In the [Rancher Catalog](https://rancher.molgenis.org:7443/g/catalog), add the latest version of this repository.
In the [molgenis cluster management page](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/apps), choose the
catalog, pick the molgenis-jenkins app from the catalog and deploy it.
## Configuration
2018-06-29 09:53:48 +02:00
When deploying, you can paste values into the Rancher Answers to override the defaults in this chart.
Array values can be added as {value, value, value}.
```
2018-06-29 09:53:48 +02:00
jenkins.Master.HostName=jenkins.molgenis.org
jenkins.Master.AdminPassword=pa$$word
jenkins.Persistence.Enabled=false
jenkins.Master.InstallPlugins={kubernetes:1.8.4, workflow-aggregator:2.5, workflow-job:2.21, credentials-binding:1.16, git:3.9.1, blueocean:1.6.2, github-oauth:0.29}
jenkins.Master.Security.UseGitHub=false
## if UseGitHub=true
jenkins.Master.Security.GitHub.ClientID=id
jenkins.Master.Security.GitHub.ClientSecret=S3cr3t
## end UseGitHub=true
2018-06-29 09:53:48 +02:00
PipelineSecrets.Env.PGPPassphrase=literal:S3cr3t
```
2018-06-29 09:53:48 +02:00
You can use [all configuration values of the jenkins subchart](https://github.com/kubernetes/charts/tree/master/stable/jenkins).
> Because we use jenkins as a sub-chart, you should prefix all value keys with `jenkins`!
### GitHub Authentication delegation
You need to setup a MOLGENIS - Jenkins GitHub OAuth App. You can do this by accessing this url: [add new OAuth app](https://github.com/settings/applications/new).
### Additional configuration
2018-06-29 09:53:48 +02:00
There is one additional group of configuration items specific for this chart, so not prefixed with `jenkins`:
* PipelineSecrets
When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins and mounted in the jenkins
build pods. The secrets, like the rest of the deployment, is namespaced so multiple instances can run beside
each other with their own secrets.
You can override the values at deploy time but otherwise also configure them
[in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
2018-08-18 23:40:57 +02:00
* Vault
New vault token to be used by the pods to retrieve their tokens from the vault.
2018-08-19 23:09:56 +02:00
| Parameter | Description | Default |
| ---------------------------------- | ------------------------------------------ | ---------------------------------------------- |
| `PipelineSecrets.Vault.Replace` | Replace the molgenis-pipeline-vault secret | `true` |
| `PipelineSecrets.Vault.Token` | Token to log into the hashicorp vault | `xxxx` |
| `PipelineSecrets.Vault.Addr` | Address of the vault | `https:vault-operator.vault-operator.svc:8200` |
| `PipelineSecrets.Vault.SkipVerify` | Skip verification of the https connection | `1` |
2018-08-18 23:40:57 +02:00
* Env
Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables
in the slave pods.
2018-08-19 23:09:56 +02:00
| Parameter | Description | Default |
| --------------------------------------- | ----------------------------------------- | --------------- |
| `PipelineSecrets.Env.Replace` | Replace molgenis-pipeline-env secret | `true` |
| `PipelineSecrets.Env.PGPPassphrase` | passphrase for the pgp signing key | `literal:xxxx` |
| `PipelineSecrets.Env.CodecovToken` | token for codecov.io | `xxxx` |
| `PipelineSecrets.Env.GitHubToken` | token for GH molgenis-jenkins user | `xxxx` |
| `PipelineSecrets.Env.NexusPassword` | token for molgenis-jenkins user in NEXUS | `xxxx` |
| `PipelineSecrets.Env.DockerHubPassword` | token for molgenis user in hub.docker.com | `xxxx` |
| `PipelineSecrets.Env.SonarToken` | token for sonarcloud.io | `xxxx` |
| `PipelineSecrets.Env.NpmToken` | token for npmjs.org | `xxxx` |
| `PipelineSecrets.Env.SauceAccessKey` | token for saucelabs.com | `xxxx` |
* File
Environment variables stored in molgenis-pipeline-file secret, to be mounted as files
in the `/root/.m2` directory of the slave pods.
> The settings.xml file references the
| Parameter | Description | Default |
| -------------------------------------- | ------------------------------------- | ------------------------------------------------------------------------------- |
| `PipelineSecrets.File.Replace` | Replace molgenis-pipeline-file secret | `true` |
| `PipelineSecrets.File.PGPPrivateKeyAsc`| pgp signing key in ascii form | `-----BEGIN PGP PRIVATE KEY BLOCK-----xxxxx-----END PGP PRIVATE KEY BLOCK-----` |
| `PipelineSecrets.File.MavenSettingsXML`| Maven settings.xml file | `<settings>[...]</settings>` (see actual [values.yaml](values.yaml)) |
2018-06-29 09:53:48 +02:00
## Command line use
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
2018-06-29 09:53:48 +02:00
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart.
For example,
```bash
2018-06-29 09:53:48 +02:00
$ helm install --name jenkins -f values.yaml molgenis-jenkins
```
2018-06-29 09:53:48 +02:00
> **Tip**: You can use the default [values.yaml](values.yaml)