Merge branch 'master' of P129679/molgenis-ops-docker-helm into master

2018-06-28 15:25:12 +02:00 · 2018-06-28 15:25:12 +02:00 · 20e72c9f5c
parent 25b592e6fe 012b58ea67
commit 20e72c9f5c
5 changed files with 121 additions and 11 deletions
--- a/molgenis-jenkins/Chart.yaml
+++ b/molgenis-jenkins/Chart.yaml
@ -1,6 +1,6 @@
 name: molgenis-jenkins
 home: https://jenkins.io/
-version: 0.2.1
+version: 0.2.2
 appVersion: 2.107
 description: Molgenis installation for the jenkins chart.
 sources:
--- a/molgenis-jenkins/templates/config.tpl
+++ b/molgenis-jenkins/templates/config.tpl
@ -140,7 +140,32 @@ data:
                  <resourceLimitMemory>{{.Values.Pod.Memory}}</resourceLimitMemory>
                </org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
              </containers>
-              <envVars/>
+              <envVars>
+                <org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                  <key>PGP_PASSPHRASE</key>
+                  <secretName>molgenis-pipeline-env-secret</secretName>
+                  <secretKey>pgpPassphrase</secretKey>
+                </org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                <org.csanchez.jenkins.plugins.kubernetes.model.KeyValueEnvVar>
+                  <key>PGP_SECRETKEY</key>
+                  <value>keyfile:/root/.m2/key.asc</value>
+                </org.csanchez.jenkins.plugins.kubernetes.model.KeyValueEnvVar>
+                <org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                  <key>SONAR_TOKEN</key>
+                  <secretName>molgenis-pipeline-env-secret</secretName>
+                  <secretKey>sonarToken</secretKey>
+                </org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                <org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                  <key>CODECOV_TOKEN</key>
+                  <secretName>molgenis-pipeline-env-secret</secretName>
+                  <secretKey>codecovToken</secretKey>
+                </org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                <org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                  <key>GITHUB_TOKEN</key>
+                  <secretName>molgenis-pipeline-env-secret</secretName>
+                  <secretKey>githubToken</secretKey>
+                </org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+              </envVars>
              <annotations/>
 {{- if .Values.Pod.ImagePullSecret }}
              <imagePullSecrets>
--- a/molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml
@ -0,0 +1,17 @@
+{{- if .Values.PipelineSecrets.Env.Replace }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: molgenis-pipeline-env-secret
+  labels:
+    app: {{ template "jenkins.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+type: Opaque
+data:
+  pgpPassphrase: {{ .Values.PipelineSecrets.Env.PGPPassphrase | b64enc | quote }}
+  codecovToken: {{ .Values.PipelineSecrets.Env.CodecovToken | b64enc | quote }}
+  githubToken: {{ .Values.PipelineSecrets.Env.GithubToken | b64enc | quote }}
+  sonarToken: {{ .Values.PipelineSecrets.Env.SonarToken | b64enc | quote }}
+{{- end }}
--- a/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml
@ -0,0 +1,15 @@
+{{- if .Values.PipelineSecrets.File.Replace }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: molgenis-pipeline-file-secret
+  labels:
+    app: {{ template "jenkins.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+type: Opaque
+data:
+  key.asc: {{ .Values.PipelineSecrets.File.PGPPrivateKeyAsc | b64enc | quote }}
+  settings.xml: {{ .Values.PipelineSecrets.File.MavenSettingsXML | b64enc | quote }}
+{{- end }}
--- a/molgenis-jenkins/values.yaml
+++ b/molgenis-jenkins/values.yaml
@ -70,7 +70,7 @@ jenkins:
    CustomConfigMap: true
  rbac:
    install: true
-  # A second agent to configure a second pod template
+  # A second pod template for maven builds
  Pod:
    Enabled: true
    Image: "webhost12.service.rug.nl/molgenis/molgenis-maven"
@ -78,10 +78,10 @@ jenkins:
  # ImagePullSecret: jenkins
    Label: "molgenis-maven"
    Privileged: false
-    Cpu: "200m"
-    Memory: "256Mi"
+    Cpu: ""
+    Memory: ""
    # You may want to change this to true while testing a new image
-    AlwaysPullImage: true
+    AlwaysPullImage: false
    Command: "/bin/sh -c"
    Args: "cat"
    TTY: true
@ -90,12 +90,65 @@ jenkins:
    # Configure the attributes as they appear in the corresponding Java class for that type
    # https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes
    volumes:
-      - type: "HostPath"
-        mountPath: "/var/run/docker.sock"
+      - type: HostPath
        hostPath: "/var/run/docker.sock"
-    # - type: Secret
-    #   secretName: mysecret
-    #   mountPath: /var/myapp/mysecret
+        mountPath: "/var/run/docker.sock"
+      - type: Secret
+        secretName: molgenis-pipeline-file-secret
+        mountPath: "/root/.m2"
    NodeSelector: {}
    # Key Value selectors. Ex:
    # jenkins-agent: v1
+PipelineSecrets:
+  Env:
+    # Set to false to keep existing secret
+    Replace: true
+    # Passphrase for the pgp private key file, prefixed with literal:
+    PGPPassphrase: literal:xxxx
+    # Token for codecov.io service
+    CodecovToken: xxxx
+    # Token for github bot account
+    GithubToken: xxxx
+    # Token for sonarcloud.io
+    SonarToken: xxxx
+  File:
+    # Set to false to keep existing secret
+    Replace: true
+    # PGP Private key in ascii format used to sign artifacts
+    PGPPrivateKeyAsc: |-
+      -----BEGIN PGP PRIVATE KEY BLOCK-----
+      xxxxx
+      -----END PGP PRIVATE KEY BLOCK-----
+    # maven.settings file
+    MavenSettingsXML: |-
+      <settings>
+        <localRepository>${user.home}/.mvnrepository</localRepository>
+        <interactiveMode>false</interactiveMode>
+        <mirrors>
+          <mirror>
+            <id>nexus</id>
+            <mirrorOf>external:*</mirrorOf>
+            <url>https://registry.molgenis.org/repository/maven-central/</url>
+          </mirror>
+        </mirrors>
+        <servers>
+          <!-- for snapshot builds of the master -->
+          <server>
+            <id>sonatype-nexus-staging</id>
+            <username>molgenis</username>
+            <password>xxxx</password>
+          </server>
+          <server>
+            <id>local-nexus</id>
+            <url>https://registry.molgenis.org/repository/maven-snapshots/</url>
+            <username>admin</username>
+            <password>xxxxx</password>
+          </server>
+          <!-- for docker images-->
+          <server>
+            <id>registry.molgenis.org</id>
+            <username>admin</username>
+            <password>xxxx</password>
+          </server>
+        </servers>
+      </settings>