P129679/molgenis-ops-docker-helm
1
0
Fork 0
Code Releases Activity

Import kubernetes stable/jenkins helm chart to v0.2.x

Browse Source
This commit is contained in:
Fleur Kelpin
2018-06-26 14:35:43 +02:00
parent fdaa17eee6
commit 787cbbb479
19 changed files with 1199 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
jenkins/v0.2.x/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,45 @@
1. Get your '{{ .Values.Master.AdminUser }}' user password by running:
printf $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "jenkins.fullname" . }} -o jsonpath="{.data.jenkins-admin-password}" | base64 --decode);echo
{{- if .Values.Master.HostName }}
2. Visit http://{{ .Values.Master.HostName }}
{{- else }}
2. Get the Jenkins URL to visit by running these commands in the same shell:
{{- if contains "NodePort" .Values.Master.ServiceType }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "jenkins.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT/login
{{- else if contains "LoadBalancer" .Values.Master.ServiceType }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "jenkins.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "jenkins.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
echo http://$SERVICE_IP:{{ .Values.Master.ServicePort }}/login
{{- else if contains "ClusterIP" .Values.Master.ServiceType }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "component={{ template "jenkins.fullname" . }}-master" -o jsonpath="{.items[0].metadata.name}")
echo http://127.0.0.1:{{ .Values.Master.ServicePort }}
kubectl port-forward $POD_NAME {{ .Values.Master.ServicePort }}:{{ .Values.Master.ServicePort }}
{{- end }}
{{- end }}
3. Login with the password from step 1 and the username: {{ .Values.Master.AdminUser }}
For more information on running Jenkins on Kubernetes, visit:
https://cloud.google.com/solutions/jenkins-on-container-engine
{{- if .Values.Persistence.Enabled }}
{{- else }}
#################################################################################
###### WARNING: Persistence is disabled!!! You will lose your data when #####
###### the Jenkins pod is terminated. #####
#################################################################################
{{- end }}
{{- if .Values.rbac.install }}
Configure the Kubernetes plugin in Jenkins to use the following Service Account name {{ template "jenkins.fullname" . }} using the following steps:
Create a Jenkins credential of type Kubernetes service account with service account name {{ template "jenkins.fullname" . }}
Under configure Jenkins -- Update the credentials config in the cloud section to use the service account credential you created in the step above.
{{- end }}

34
jenkins/v0.2.x/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,34 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "jenkins.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "jenkins.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "jenkins.kubernetes-version" -}}
{{- range .Values.Master.InstallPlugins -}}
{{ if hasPrefix "kubernetes:" . }}
{{- $split := splitList ":" . }}
{{- printf "%s" (index $split 1 ) -}}
{{- end -}}
{{- end -}}
{{- end -}}

208
jenkins/v0.2.x/templates/config.yaml Normal file
View File

@@ -0,0 +1,208 @@
{{- if not .Values.Master.CustomConfigMap }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "jenkins.fullname" . }}
data:
config.xml: |-
<?xml version='1.0' encoding='UTF-8'?>
<hudson>
<disabledAdministrativeMonitors/>
<version>{{ .Values.Master.ImageTag }}</version>
<numExecutors>0</numExecutors>
<mode>NORMAL</mode>
<useSecurity>{{ .Values.Master.UseSecurity }}</useSecurity>
<authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
<denyAnonymousReadAccess>true</denyAnonymousReadAccess>
</authorizationStrategy>
<securityRealm class="hudson.security.LegacySecurityRealm"/>
<disableRememberMe>false</disableRememberMe>
<projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
<workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULLNAME}</workspaceDir>
<buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
<markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
<jdks/>
<viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
<myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
<clouds>
<org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud plugin="kubernetes@{{ template "jenkins.kubernetes-version" . }}">
<name>kubernetes</name>
<templates>
{{- if .Values.Agent.Enabled }}
<org.csanchez.jenkins.plugins.kubernetes.PodTemplate>
<inheritFrom></inheritFrom>
<name>default</name>
<instanceCap>2147483647</instanceCap>
<idleMinutes>0</idleMinutes>
<label>{{ .Release.Name }}-{{ .Values.Agent.Component }}</label>
<nodeSelector>
{{- $local := dict "first" true }}
{{- range $key, $value := .Values.Agent.NodeSelector }}
{{- if not $local.first }},{{- end }}
{{- $key }}={{ $value }}
{{- $_ := set $local "first" false }}
{{- end }}</nodeSelector>
<nodeUsageMode>NORMAL</nodeUsageMode>
<volumes>
{{- range $index, $volume := .Values.Agent.volumes }}
<org.csanchez.jenkins.plugins.kubernetes.volumes.{{ $volume.type }}Volume>
{{- range $key, $value := $volume }}{{- if not (eq $key "type") }}
<{{ $key }}>{{ $value }}</{{ $key }}>
{{- end }}{{- end }}
</org.csanchez.jenkins.plugins.kubernetes.volumes.{{ $volume.type }}Volume>
{{- end }}
</volumes>
<containers>
<org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
<name>jnlp</name>
<image>{{ .Values.Agent.Image }}:{{ .Values.Agent.ImageTag }}</image>
{{- if .Values.Agent.Privileged }}
<privileged>true</privileged>
{{- else }}
<privileged>false</privileged>
{{- end }}
<alwaysPullImage>{{ .Values.Agent.AlwaysPullImage }}</alwaysPullImage>
<workingDir>/home/jenkins</workingDir>
<command></command>
<args>${computer.jnlpmac} ${computer.name}</args>
<ttyEnabled>false</ttyEnabled>
<resourceRequestCpu>{{.Values.Agent.Cpu}}</resourceRequestCpu>
<resourceRequestMemory>{{.Values.Agent.Memory}}</resourceRequestMemory>
<resourceLimitCpu>{{.Values.Agent.Cpu}}</resourceLimitCpu>
<resourceLimitMemory>{{.Values.Agent.Memory}}</resourceLimitMemory>
<envVars>
<org.csanchez.jenkins.plugins.kubernetes.ContainerEnvVar>
<key>JENKINS_URL</key>
<value>http://{{ template "jenkins.fullname" . }}:{{.Values.Master.ServicePort}}{{ default "" .Values.Master.JenkinsUriPrefix }}</value>
</org.csanchez.jenkins.plugins.kubernetes.ContainerEnvVar>
</envVars>
</org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
</containers>
<envVars/>
<annotations/>
{{- if .Values.Agent.ImagePullSecret }}
<imagePullSecrets>
<org.csanchez.jenkins.plugins.kubernetes.PodImagePullSecret>
<name>{{ .Values.Agent.ImagePullSecret }}</name>
</org.csanchez.jenkins.plugins.kubernetes.PodImagePullSecret>
</imagePullSecrets>
{{- else }}
<imagePullSecrets/>
{{- end }}
<nodeProperties/>
</org.csanchez.jenkins.plugins.kubernetes.PodTemplate>
{{- end -}}
</templates>
<serverUrl>https://kubernetes.default</serverUrl>
<skipTlsVerify>false</skipTlsVerify>
<namespace>{{ .Release.Namespace }}</namespace>
<jenkinsUrl>http://{{ template "jenkins.fullname" . }}:{{.Values.Master.ServicePort}}{{ default "" .Values.Master.JenkinsUriPrefix }}</jenkinsUrl>
<jenkinsTunnel>{{ template "jenkins.fullname" . }}-agent:50000</jenkinsTunnel>
<containerCap>10</containerCap>
<retentionTimeout>5</retentionTimeout>
<connectTimeout>0</connectTimeout>
<readTimeout>0</readTimeout>
</org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud>
</clouds>
<quietPeriod>5</quietPeriod>
<scmCheckoutRetryCount>0</scmCheckoutRetryCount>
<views>
<hudson.model.AllView>
<owner class="hudson" reference="../../.."/>
<name>All</name>
<filterExecutors>false</filterExecutors>
<filterQueue>false</filterQueue>
<properties class="hudson.model.View$PropertyList"/>
</hudson.model.AllView>
</views>
<primaryView>All</primaryView>
<slaveAgentPort>50000</slaveAgentPort>
<disabledAgentProtocols>
{{- range .Values.Master.DisabledAgentProtocols }}
<string>{{ . }}</string>
{{- end }}
</disabledAgentProtocols>
<label></label>
{{- if .Values.Master.CSRF.DefaultCrumbIssuer.Enabled }}
<crumbIssuer class="hudson.security.csrf.DefaultCrumbIssuer">
{{- if .Values.Master.CSRF.DefaultCrumbIssuer.ProxyCompatability }}
<excludeClientIPFromCrumb>true</excludeClientIPFromCrumb>
{{- end }}
</crumbIssuer>
{{- end }}
<nodeProperties/>
<globalNodeProperties/>
<noUsageStatistics>true</noUsageStatistics>
</hudson>
{{- if .Values.Master.ScriptApproval }}
scriptapproval.xml: |-
<?xml version='1.0' encoding='UTF-8'?>
<scriptApproval plugin="script-security@1.27">
<approvedScriptHashes/>
<approvedSignatures>
{{- range $key, $val := .Values.Master.ScriptApproval }}
<string>{{ $val }}</string>
{{- end }}
</approvedSignatures>
<aclApprovedSignatures/>
<approvedClasspathEntries/>
<pendingScripts/>
<pendingSignatures/>
<pendingClasspathEntries/>
</scriptApproval>
{{- end }}
jenkins.CLI.xml: |-
<?xml version='1.1' encoding='UTF-8'?>
<jenkins.CLI>
{{- if .Values.Master.CLI }}
<enabled>true</enabled>
{{- else }}
<enabled>false</enabled>
{{- end }}
</jenkins.CLI>
apply_config.sh: |-
mkdir -p /usr/share/jenkins/ref/secrets/;
echo "false" > /usr/share/jenkins/ref/secrets/slave-to-master-security-kill-switch;
cp -n /var/jenkins_config/config.xml /var/jenkins_home;
cp -n /var/jenkins_config/jenkins.CLI.xml /var/jenkins_home;
{{- if .Values.Master.InstallPlugins }}
# Install missing plugins
cp /var/jenkins_config/plugins.txt /var/jenkins_home;
rm -rf /usr/share/jenkins/ref/plugins/*.lock
/usr/local/bin/install-plugins.sh `echo $(cat /var/jenkins_home/plugins.txt)`;
# Copy plugins to shared volume
cp -n /usr/share/jenkins/ref/plugins/* /var/jenkins_plugins;
{{- end }}
{{- if .Values.Master.ScriptApproval }}
cp -n /var/jenkins_config/scriptapproval.xml /var/jenkins_home/scriptApproval.xml;
{{- end }}
{{- if .Values.Master.InitScripts }}
mkdir -p /var/jenkins_home/init.groovy.d/;
cp -n /var/jenkins_config/*.groovy /var/jenkins_home/init.groovy.d/
{{- end }}
{{- if .Values.Master.CredentialsXmlSecret }}
cp -n /var/jenkins_credentials/credentials.xml /var/jenkins_home;
{{- end }}
{{- if .Values.Master.SecretsFilesSecret }}
cp -n /var/jenkins_secrets/* /usr/share/jenkins/ref/secrets;
{{- end }}
{{- if .Values.Master.Jobs }}
for job in $(ls /var/jenkins_jobs); do
mkdir -p /var/jenkins_home/jobs/$job
cp -n /var/jenkins_jobs/$job /var/jenkins_home/jobs/$job/config.xml
done
{{- end }}
{{- range $key, $val := .Values.Master.InitScripts }}
init{{ $key }}.groovy: |-
{{ $val | indent 4 }}
{{- end }}
plugins.txt: |-
{{- if .Values.Master.InstallPlugins }}
{{- range $index, $val := .Values.Master.InstallPlugins }}
{{ $val | indent 4 }}
{{- end }}
{{- end }}
{{ else }}
{{ include "override_config_map" . }}
{{- end -}}

28
jenkins/v0.2.x/templates/home-pvc.yaml Normal file
View File

@@ -0,0 +1,28 @@
{{- if and .Values.Persistence.Enabled (not .Values.Persistence.ExistingClaim) -}}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
{{- if .Values.Persistence.Annotations }}
annotations:
{{ toYaml .Values.Persistence.Annotations | indent 4 }}
{{- end }}
name: {{ template "jenkins.fullname" . }}
labels:
app: {{ template "jenkins.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
accessModes:
- {{ .Values.Persistence.AccessMode | quote }}
resources:
requests:
storage: {{ .Values.Persistence.Size | quote }}
{{- if .Values.Persistence.StorageClass }}
{{- if (eq "-" .Values.Persistence.StorageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.Persistence.StorageClass }}"
{{- end }}
{{- end }}
{{- end }}

20
jenkins/v0.2.x/templates/jenkins-agent-svc.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "jenkins.fullname" . }}-agent
labels:
app: {{ template "jenkins.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
component: "{{ .Release.Name }}-{{ .Values.Master.Component }}"
{{- if .Values.Master.SlaveListenerServiceAnnotations }}
annotations:
{{ toYaml .Values.Master.SlaveListenerServiceAnnotations | indent 4 }}
{{- end }}
spec:
ports:
- port: {{ .Values.Master.SlaveListenerPort }}
targetPort: {{ .Values.Master.SlaveListenerPort }}
name: slavelistener
selector:
component: "{{ .Release.Name }}-{{ .Values.Master.Component }}"
type: {{ .Values.Master.SlaveListenerServiceType }}

222
jenkins/v0.2.x/templates/jenkins-master-deployment.yaml Normal file
View File

@@ -0,0 +1,222 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: {{ template "jenkins.fullname" . }}
labels:
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
component: "{{ .Release.Name }}-{{ .Values.Master.Name }}"
spec:
replicas: 1
strategy:
type: RollingUpdate
selector:
matchLabels:
component: "{{ .Release.Name }}-{{ .Values.Master.Component }}"
template:
metadata:
labels:
app: {{ template "jenkins.fullname" . }}
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
component: "{{ .Release.Name }}-{{ .Values.Master.Component }}"
annotations:
checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
spec:
{{- if .Values.Master.NodeSelector }}
nodeSelector:
{{ toYaml .Values.Master.NodeSelector | indent 8 }}
{{- end }}
{{- if .Values.Master.Tolerations }}
tolerations:
{{ toYaml .Values.Master.Tolerations | indent 8 }}
{{- end }}
{{- if .Values.Master.Affinity }}
affinity:
{{ toYaml .Values.Master.Affinity | indent 8 }}
{{- end }}
securityContext:
runAsUser: {{ default 0 .Values.Master.RunAsUser }}
{{- if and (.Values.Master.RunAsUser) (.Values.Master.FsGroup) }}
{{- if not (eq .Values.Master.RunAsUser 0.0) }}
fsGroup: {{ .Values.Master.FsGroup }}
{{- end }}
{{- end }}
serviceAccountName: {{ if .Values.rbac.install }}{{ template "jenkins.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }}
initContainers:
- name: "copy-default-config"
image: "{{ .Values.Master.Image }}:{{ .Values.Master.ImageTag }}"
imagePullPolicy: "{{ .Values.Master.ImagePullPolicy }}"
command: [ "sh", "/var/jenkins_config/apply_config.sh" ]
{{- if .Values.Master.InitContainerEnv }}
env:
{{ toYaml .Values.Master.InitContainerEnv | indent 12 }}
{{- end }}
volumeMounts:
-
mountPath: /var/jenkins_home
name: jenkins-home
-
mountPath: /var/jenkins_config
name: jenkins-config
{{- if .Values.Master.CredentialsXmlSecret }}
-
mountPath: /var/jenkins_credentials
name: jenkins-credentials
readOnly: true
{{- end }}
{{- if .Values.Master.SecretsFilesSecret }}
-
mountPath: /var/jenkins_secrets
name: jenkins-secrets
readOnly: true
{{- end }}
{{- if .Values.Master.Jobs }}
-
mountPath: /var/jenkins_jobs
name: jenkins-jobs
readOnly: true
{{- end }}
{{- if .Values.Master.InstallPlugins }}
-
mountPath: /var/jenkins_plugins
name: plugin-dir
{{- end }}
-
mountPath: /usr/share/jenkins/ref/secrets/
name: secrets-dir
containers:
- name: {{ template "jenkins.fullname" . }}
image: "{{ .Values.Master.Image }}:{{ .Values.Master.ImageTag }}"
imagePullPolicy: "{{ .Values.Master.ImagePullPolicy }}"
{{- if .Values.Master.UseSecurity }}
args: [ "--argumentsRealm.passwd.$(ADMIN_USER)=$(ADMIN_PASSWORD)", "--argumentsRealm.roles.$(ADMIN_USER)=admin"]
{{- end }}
env:
- name: JAVA_OPTS
value: "{{ default "" .Values.Master.JavaOpts}}"
- name: JENKINS_OPTS
value: "{{ if .Values.Master.JenkinsUriPrefix }}--prefix={{ .Values.Master.JenkinsUriPrefix }} {{ end }}{{ default "" .Values.Master.JenkinsOpts}}"
{{- if .Values.Master.UseSecurity }}
- name: ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "jenkins.fullname" . }}
key: jenkins-admin-password
- name: ADMIN_USER
valueFrom:
secretKeyRef:
name: {{ template "jenkins.fullname" . }}
key: jenkins-admin-user
{{- end }}
{{- if .Values.Master.ContainerEnv }}
{{ toYaml .Values.Master.ContainerEnv | indent 12 }}
{{- end }}
ports:
- containerPort: {{ .Values.Master.ContainerPort }}
name: http
- containerPort: {{ .Values.Master.SlaveListenerPort }}
name: slavelistener
{{- if .Values.Master.JMXPort }}
- containerPort: {{ .Values.Master.JMXPort }}
name: jmx
{{- end }}
{{- if .Values.Master.HealthProbes }}
livenessProbe:
httpGet:
path: /login
port: http
initialDelaySeconds: {{ .Values.Master.HealthProbesLivenessTimeout }}
timeoutSeconds: 5
failureThreshold: {{ .Values.Master.HealthProbeLivenessFailureThreshold }}
readinessProbe:
httpGet:
path: /login
port: http
initialDelaySeconds: {{ .Values.Master.HealthProbesReadinessTimeout }}
{{- end }}
resources:
requests:
cpu: "{{ .Values.Master.Cpu }}"
memory: "{{ .Values.Master.Memory }}"
volumeMounts:
{{- if .Values.Persistence.mounts }}
{{ toYaml .Values.Persistence.mounts | indent 12 }}
{{- end }}
-
mountPath: /var/jenkins_home
name: jenkins-home
readOnly: false
-
mountPath: /var/jenkins_config
name: jenkins-config
readOnly: true
{{- if .Values.Master.CredentialsXmlSecret }}
-
mountPath: /var/jenkins_credentials
name: jenkins-credentials
readOnly: true
{{- end }}
{{- if .Values.Master.SecretsFilesSecret }}
-
mountPath: /var/jenkins_secrets
name: jenkins-secrets
readOnly: true
{{- end }}
{{- if .Values.Master.Jobs }}
-
mountPath: /var/jenkins_jobs
name: jenkins-jobs
readOnly: true
{{- end }}
{{- if .Values.Master.InstallPlugins }}
-
mountPath: /usr/share/jenkins/ref/plugins/
name: plugin-dir
readOnly: false
{{- end }}
-
mountPath: /usr/share/jenkins/ref/secrets/
name: secrets-dir
readOnly: false
volumes:
{{- if .Values.Persistence.volumes }}
{{ toYaml .Values.Persistence.volumes | indent 6 }}
{{- end }}
- name: jenkins-config
configMap:
name: {{ template "jenkins.fullname" . }}
{{- if .Values.Master.CredentialsXmlSecret }}
- name: jenkins-credentials
secret:
secretName: {{ .Values.Master.CredentialsXmlSecret }}
{{- end }}
{{- if .Values.Master.SecretsFilesSecret }}
- name: jenkins-secrets
secret:
secretName: {{ .Values.Master.SecretsFilesSecret }}
{{- end }}
{{- if .Values.Master.Jobs }}
- name: jenkins-jobs
configMap:
name: {{ template "jenkins.fullname" . }}-jobs
{{- end }}
{{- if .Values.Master.InstallPlugins }}
- name: plugin-dir
emptyDir: {}
{{- end }}
- name: secrets-dir
emptyDir: {}
- name: jenkins-home
{{- if .Values.Persistence.Enabled }}
persistentVolumeClaim:
claimName: {{ .Values.Persistence.ExistingClaim | default (include "jenkins.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end -}}
{{- if .Values.Master.ImagePullSecret }}
imagePullSecrets:
- name: {{ .Values.Master.ImagePullSecret }}
{{- end -}}

22
jenkins/v0.2.x/templates/jenkins-master-ingress.yaml Normal file
View File

@@ -0,0 +1,22 @@
{{- if .Values.Master.HostName }}
apiVersion: {{ .Values.Master.Ingress.ApiVersion }}
kind: Ingress
metadata:
{{- if .Values.Master.Ingress.Annotations }}
annotations:
{{ toYaml .Values.Master.Ingress.Annotations | indent 4 }}
{{- end }}
name: {{ template "jenkins.fullname" . }}
spec:
rules:
- host: {{ .Values.Master.HostName | quote }}
http:
paths:
- backend:
serviceName: {{ template "jenkins.fullname" . }}
servicePort: {{ .Values.Master.ServicePort }}
{{- if .Values.Master.Ingress.TLS }}
tls:
{{ toYaml .Values.Master.Ingress.TLS | indent 4 }}
{{- end -}}
{{- end }}

33
jenkins/v0.2.x/templates/jenkins-master-networkpolicy.yaml Normal file
View File

@@ -0,0 +1,33 @@
{{- if .Values.NetworkPolicy.Enabled }}
kind: NetworkPolicy
apiVersion: {{ .Values.NetworkPolicy.ApiVersion }}
metadata:
name: "{{ .Release.Name }}-{{ .Values.Master.Component }}"
spec:
podSelector:
matchLabels:
component: "{{ .Release.Name }}-{{ .Values.Master.Component }}"
ingress:
# Allow web access to the UI
- ports:
- port: {{ .Values.Master.ContainerPort }}
# Allow inbound connections from slave
- from:
- podSelector:
matchLabels:
"jenkins/{{ .Release.Name }}-{{ .Values.Agent.Component }}": "true"
ports:
- port: {{ .Values.Master.SlaveListenerPort }}
{{- if .Values.Agent.Enabled }}
---
kind: NetworkPolicy
apiVersion: {{ .Values.NetworkPolicy.ApiVersion }}
metadata:
name: "{{ .Release.Name }}-{{ .Values.Agent.Component }}"
spec:
podSelector:
matchLabels:
# DefaultDeny
"jenkins/{{ .Release.Name }}-{{ .Values.Agent.Component }}": "true"
{{- end }}
{{- end }}

31
jenkins/v0.2.x/templates/jenkins-master-svc.yaml Normal file
View File

@@ -0,0 +1,31 @@
apiVersion: v1
kind: Service
metadata:
name: {{template "jenkins.fullname" . }}
labels:
app: {{ template "jenkins.fullname" . }}
heritage: {{.Release.Service | quote }}
release: {{.Release.Name | quote }}
chart: "{{.Chart.Name}}-{{.Chart.Version}}"
component: "{{.Release.Name}}-{{.Values.Master.Component}}"
{{- if .Values.Master.ServiceAnnotations }}
annotations:
{{ toYaml .Values.Master.ServiceAnnotations | indent 4 }}
{{- end }}
spec:
ports:
- port: {{.Values.Master.ServicePort}}
name: http
targetPort: {{.Values.Master.ContainerPort}}
{{if (and (eq .Values.Master.ServiceType "NodePort") (not (empty .Values.Master.NodePort)))}}
nodePort: {{.Values.Master.NodePort}}
{{end}}
selector:
component: "{{.Release.Name}}-{{.Values.Master.Component}}"
type: {{.Values.Master.ServiceType}}
{{if eq .Values.Master.ServiceType "LoadBalancer"}}
loadBalancerSourceRanges: {{.Values.Master.LoadBalancerSourceRanges}}
{{if .Values.Master.LoadBalancerIP}}
loadBalancerIP: {{.Values.Master.LoadBalancerIP}}
{{end}}
{{end}}

45
jenkins/v0.2.x/templates/jenkins-test.yaml Normal file
View File

@@ -0,0 +1,45 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ .Release.Name }}-ui-test-{{ randAlphaNum 5 | lower }}"
annotations:
"helm.sh/hook": test-success
spec:
{{- if .Values.Master.NodeSelector }}
nodeSelector:
{{ toYaml .Values.Master.NodeSelector | indent 4 }}
{{- end }}
{{- if .Values.Master.Tolerations }}
tolerations:
{{ toYaml .Values.Master.Tolerations | indent 4 }}
{{- end }}
initContainers:
- name: "test-framework"
image: "dduportal/bats:0.4.0"
command:
- "bash"
- "-c"
- |
set -ex
# copy bats to tools dir
cp -R /usr/local/libexec/ /tools/bats/
volumeMounts:
- mountPath: /tools
name: tools
containers:
- name: {{ .Release.Name }}-ui-test
image: {{ .Values.Master.Image }}:{{ .Values.Master.ImageTag }}
command: ["/tools/bats/bats", "-t", "/tests/run.sh"]
volumeMounts:
- mountPath: /tests
name: tests
readOnly: true
- mountPath: /tools
name: tools
volumes:
- name: tests
configMap:
name: {{ template "jenkins.fullname" . }}-tests
- name: tools
emptyDir: {}
restartPolicy: Never

8
jenkins/v0.2.x/templates/jobs.yaml Normal file
View File

@@ -0,0 +1,8 @@
{{- if .Values.Master.Jobs }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "jenkins.fullname" . }}-jobs
data:
{{ .Values.Master.Jobs | indent 2 }}
{{- end -}}

20
jenkins/v0.2.x/templates/rbac.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{ if .Values.rbac.install }}
{{- $serviceName := include "jenkins.fullname" . -}}
apiVersion: rbac.authorization.k8s.io/{{ required "A valid .Values.rbac.apiVersion entry required!" .Values.rbac.apiVersion }}
kind: ClusterRoleBinding
metadata:
name: {{ $serviceName }}-role-binding
labels:
app: {{ $serviceName }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ .Values.rbac.roleRef }}
subjects:
- kind: ServiceAccount
name: {{ $serviceName }}
namespace: {{ .Release.Namespace }}
{{ end }}

19
jenkins/v0.2.x/templates/secret.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- if .Values.Master.UseSecurity }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "jenkins.fullname" . }}
labels:
app: {{ template "jenkins.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
data:
{{ if .Values.Master.AdminPassword }}
jenkins-admin-password: {{ .Values.Master.AdminPassword | b64enc | quote }}
{{ else }}
jenkins-admin-password: {{ randAlphaNum 10 | b64enc | quote }}
{{ end }}
jenkins-admin-user: {{ .Values.Master.AdminUser | b64enc | quote }}
{{- end }}

12
jenkins/v0.2.x/templates/service-account.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{ if .Values.rbac.install }}
{{- $serviceName := include "jenkins.fullname" . -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ $serviceName }}
labels:
app: {{ $serviceName }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{ end }}

9
jenkins/v0.2.x/templates/test-config.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "jenkins.fullname" . }}-tests
data:
run.sh: |-
@test "Testing Jenkins UI is accessible" {
curl --retry 48 --retry-delay 10 {{ template "jenkins.fullname" . }}:{{ .Values.Master.ServicePort }}{{ default "" .Values.Master.JenkinsUriPrefix }}/login
}