Merge branch 'master' of https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm
This commit is contained in:
commit
88ab5374d5
|
@ -25,47 +25,59 @@ Array values can be added as {value, value, value}.
|
|||
jenkins.Master.HostName=jenkins.molgenis.org
|
||||
jenkins.Master.AdminPassword=pa$$word
|
||||
jenkins.Persistence.Enabled=false
|
||||
jenkins.Master.InstallPlugins={kubernetes:1.8.4, workflow-aggregator:2.5, workflow-job:2.21, credentials-binding:1.16, git:3.9.1}
|
||||
jenkins.Master.InstallPlugins={kubernetes:1.8.4, workflow-aggregator:2.5, workflow-job:2.21, credentials-binding:1.16, git:3.9.1, blueocean:1.6.2, github-oauth:0.29}
|
||||
jenkins.Master.Security.UseGitHub=false
|
||||
## if UseGitHub=true
|
||||
jenkins.Master.Security.GitHub.ClientID=id
|
||||
jenkins.Master.Security.GitHub.ClientSecret=S3cr3t
|
||||
## end UseGitHub=true
|
||||
PipelineSecrets.Env.PGPPassphrase=literal:S3cr3t
|
||||
```
|
||||
|
||||
You can use [all configuration values of the jenkins subchart](https://github.com/kubernetes/charts/tree/master/stable/jenkins).
|
||||
> Because we use jenkins as a sub-chart, you should prefix all value keys with `jenkins`!
|
||||
|
||||
### GitHub Authentication delegation
|
||||
You need to setup a MOLGENIS - Jenkins GitHub OAuth App. You can do this by accessing this url: [add new OAuth app](https://github.com/settings/applications/new).
|
||||
|
||||
### Additional configuration
|
||||
There is one additional group of configuration items specific for this chart, so not prefixed with `jenkins`:
|
||||
## PipelineSecrets
|
||||
|
||||
When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins and mounted in the jenkins
|
||||
build pods. The secrets, like the rest of the deployment, is namespaced so multiple instances can run beside
|
||||
each other with their own secrets.
|
||||
* PipelineSecrets
|
||||
|
||||
You can override the values at deploy time but otherwise also configure them
|
||||
[in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
|
||||
When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins and mounted in the jenkins
|
||||
build pods. The secrets, like the rest of the deployment, is namespaced so multiple instances can run beside
|
||||
each other with their own secrets.
|
||||
|
||||
### Env
|
||||
Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables
|
||||
in the slave pods.
|
||||
You can override the values at deploy time but otherwise also configure them
|
||||
[in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
|
||||
|
||||
| Parameter | Description | Default |
|
||||
| ---------------------------------- | ------------------------------------ | --------------- |
|
||||
| `PipelineSecrets.Env.Replace` | Replace molgenis-pipeline-env secret | `true` |
|
||||
| `PipelineSecrets.Env.PGPPassphrase`| passphrase for the pgp signing key | `literal:xxxx` |
|
||||
| `PipelineSecrets.Env.CodecovToken` | token for codecov.io | `xxxx` |
|
||||
| `PipelineSecrets.Env.GitHubToken` | token for GH molgenis-jenkins user | `xxxx` |
|
||||
| `PipelineSecrets.Env.SonarToken` | token for sonarcloud.io | `xxxx` | |
|
||||
* Env
|
||||
|
||||
Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables
|
||||
in the slave pods.
|
||||
|
||||
### File
|
||||
| Parameter | Description | Default |
|
||||
| -------------------------------------- | ----------------------------------------- | --------------- |
|
||||
| `PipelineSecrets.Env.Replace` | Replace molgenis-pipeline-env secret | `true` |
|
||||
| `PipelineSecrets.Env.PGPPassphrase` | passphrase for the pgp signing key | `literal:xxxx` |
|
||||
| `PipelineSecrets.Env.CodecovToken` | token for codecov.io | `xxxx` |
|
||||
| `PipelineSecrets.Env.GitHubToken` | token for GH molgenis-jenkins user | `xxxx` |
|
||||
| `PipelineSecrets.Env.NexusPassword` | token for molgenis-jenkins user in NEXUS | `xxxx` |
|
||||
| `PipelineSecrets.Env.DockerHubPassword`| token for molgenis user in hub.docker.com | `xxxx` |
|
||||
| `PipelineSecrets.Env.SonarToken` | token for sonarcloud.io | `xxxx` | |
|
||||
|
||||
Environment variables stored in molgenis-pipeline-file secret, to be mounted as files
|
||||
in the `/root/.m2` directory of the slave pods.
|
||||
> The settings.xml file references the
|
||||
* File
|
||||
|
||||
| Parameter | Description | Default |
|
||||
| -------------------------------------- | ------------------------------------- | ------------------------------------------------------------------------------- |
|
||||
| `PipelineSecrets.File.Replace` | Replace molgenis-pipeline-file secret | `true` |
|
||||
| `PipelineSecrets.File.PGPPrivateKeyAsc`| pgp signing key in ascii form | `-----BEGIN PGP PRIVATE KEY BLOCK-----xxxxx-----END PGP PRIVATE KEY BLOCK-----` |
|
||||
| `PipelineSecrets.File.MavenSettingsXML`| Maven settings.xml file | `<settings>[...]</settings>` (see actual [values.yaml](values.yaml)) |
|
||||
Environment variables stored in molgenis-pipeline-file secret, to be mounted as files
|
||||
in the `/root/.m2` directory of the slave pods.
|
||||
> The settings.xml file references the
|
||||
|
||||
| Parameter | Description | Default |
|
||||
| -------------------------------------- | ------------------------------------- | ------------------------------------------------------------------------------- |
|
||||
| `PipelineSecrets.File.Replace` | Replace molgenis-pipeline-file secret | `true` |
|
||||
| `PipelineSecrets.File.PGPPrivateKeyAsc`| pgp signing key in ascii form | `-----BEGIN PGP PRIVATE KEY BLOCK-----xxxxx-----END PGP PRIVATE KEY BLOCK-----` |
|
||||
| `PipelineSecrets.File.MavenSettingsXML`| Maven settings.xml file | `<settings>[...]</settings>` (see actual [values.yaml](values.yaml)) |
|
||||
|
||||
## Command line use
|
||||
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
|
||||
|
|
|
@ -15,7 +15,17 @@ data:
|
|||
<authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
|
||||
<denyAnonymousReadAccess>true</denyAnonymousReadAccess>
|
||||
</authorizationStrategy>
|
||||
{{- if .Values.jenkins.Master.Security.UseGitHub }}
|
||||
<securityRealm class="org.jenkinsci.plugins.GithubSecurityRealm">
|
||||
<githubWebUri>https://github.com</githubWebUri>
|
||||
<githubApiUri>https://api.github.com</githubApiUri>
|
||||
<clientID>{{ .Values.jenkins.Master.Security.Github.ClientID }}</clientID>
|
||||
<clientSecret>{{ .Values.jenkins.Master.Security.Github.ClientSecret }}</clientSecret>
|
||||
<oauthScopes>read:org,user:email</oauthScopes>
|
||||
</securityRealm>
|
||||
{{- else }}
|
||||
<securityRealm class="hudson.security.LegacySecurityRealm"/>
|
||||
{{- end }}
|
||||
<disableRememberMe>false</disableRememberMe>
|
||||
<projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
|
||||
<workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULLNAME}</workspaceDir>
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
# this is the jenkins id.
|
||||
name: "molgenis-jenkins-dockerhub-secret"
|
||||
labels:
|
||||
# so we know what type it is.
|
||||
"jenkins.io/credentials-type": "usernamePassword"
|
||||
annotations: {
|
||||
# description - can not be a label as spaces are not allowed
|
||||
"jenkins.io/credentials-description" : "user to authenticate against Docker Hub (hub.docker.com)"
|
||||
}
|
||||
type: Opaque
|
||||
data:
|
||||
username: {{ "molgenisci" | b64enc | quote }}
|
||||
password: {{ .Values.PipelineSecrets.Env.DockerHubPassword | b64enc | quote }}
|
|
@ -10,7 +10,13 @@ jenkins:
|
|||
- git:3.9.1
|
||||
- github-branch-source:2.3.6
|
||||
- kubernetes-credentials-provider:0.9
|
||||
- blueocean:1.6.1
|
||||
- blueocean:1.6.2
|
||||
- github-oauth:0.29
|
||||
Security:
|
||||
UseGitHub: false
|
||||
GitHub:
|
||||
ClientID: ""
|
||||
ClienSecret: ""
|
||||
Jobs: |-
|
||||
molgenis: |-
|
||||
<?xml version='1.1' encoding='UTF-8'?>
|
||||
|
@ -269,6 +275,8 @@ PipelineSecrets:
|
|||
SonarToken: xxxx
|
||||
# Password Local NEXUS
|
||||
NexusPassword: xxxx
|
||||
# Password hub.docker.com
|
||||
DockerHubPassword: xxxx
|
||||
File:
|
||||
# Set to false to keep existing secret
|
||||
Replace: true
|
||||
|
|
Loading…
Reference in New Issue