Merge branch 'master' of https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm
This commit is contained in:
Fleur Kelpin
commit
88ab5374d5
|
|
@ -25,15 +25,25 @@ Array values can be added as {value, value, value}.
|
||||||
jenkins.Master.HostName=jenkins.molgenis.org
|
jenkins.Master.HostName=jenkins.molgenis.org
|
||||||
jenkins.Master.AdminPassword=pa$$word
|
jenkins.Master.AdminPassword=pa$$word
|
||||||
jenkins.Persistence.Enabled=false
|
jenkins.Persistence.Enabled=false
|
||||||
jenkins.Master.InstallPlugins={kubernetes:1.8.4, workflow-aggregator:2.5, workflow-job:2.21, credentials-binding:1.16, git:3.9.1}
|
jenkins.Master.InstallPlugins={kubernetes:1.8.4, workflow-aggregator:2.5, workflow-job:2.21, credentials-binding:1.16, git:3.9.1, blueocean:1.6.2, github-oauth:0.29}
|
||||||
|
jenkins.Master.Security.UseGitHub=false
|
||||||
|
## if UseGitHub=true
|
||||||
|
jenkins.Master.Security.GitHub.ClientID=id
|
||||||
|
jenkins.Master.Security.GitHub.ClientSecret=S3cr3t
|
||||||
|
## end UseGitHub=true
|
||||||
PipelineSecrets.Env.PGPPassphrase=literal:S3cr3t
|
PipelineSecrets.Env.PGPPassphrase=literal:S3cr3t
|
||||||
```
|
```
|
||||||
|
|
||||||
You can use [all configuration values of the jenkins subchart](https://github.com/kubernetes/charts/tree/master/stable/jenkins).
|
You can use [all configuration values of the jenkins subchart](https://github.com/kubernetes/charts/tree/master/stable/jenkins).
|
||||||
> Because we use jenkins as a sub-chart, you should prefix all value keys with `jenkins`!
|
> Because we use jenkins as a sub-chart, you should prefix all value keys with `jenkins`!
|
||||||
|
|
||||||
|
### GitHub Authentication delegation
|
||||||
|
You need to setup a MOLGENIS - Jenkins GitHub OAuth App. You can do this by accessing this url: [add new OAuth app](https://github.com/settings/applications/new).
|
||||||
|
|
||||||
|
### Additional configuration
|
||||||
There is one additional group of configuration items specific for this chart, so not prefixed with `jenkins`:
|
There is one additional group of configuration items specific for this chart, so not prefixed with `jenkins`:
|
||||||
## PipelineSecrets
|
|
||||||
|
* PipelineSecrets
|
||||||
|
|
||||||
When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins and mounted in the jenkins
|
When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins and mounted in the jenkins
|
||||||
build pods. The secrets, like the rest of the deployment, is namespaced so multiple instances can run beside
|
build pods. The secrets, like the rest of the deployment, is namespaced so multiple instances can run beside
|
||||||
|
|
@ -42,19 +52,22 @@ each other with their own secrets.
|
||||||
You can override the values at deploy time but otherwise also configure them
|
You can override the values at deploy time but otherwise also configure them
|
||||||
[in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
|
[in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
|
||||||
|
|
||||||
### Env
|
* Env
|
||||||
|
|
||||||
Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables
|
Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables
|
||||||
in the slave pods.
|
in the slave pods.
|
||||||
|
|
||||||
| Parameter | Description | Default |
|
| Parameter | Description | Default |
|
||||||
| ---------------------------------- | ------------------------------------ | --------------- |
|
| -------------------------------------- | ----------------------------------------- | --------------- |
|
||||||
| `PipelineSecrets.Env.Replace` | Replace molgenis-pipeline-env secret | `true` |
|
| `PipelineSecrets.Env.Replace` | Replace molgenis-pipeline-env secret | `true` |
|
||||||
| `PipelineSecrets.Env.PGPPassphrase` | passphrase for the pgp signing key | `literal:xxxx` |
|
| `PipelineSecrets.Env.PGPPassphrase` | passphrase for the pgp signing key | `literal:xxxx` |
|
||||||
| `PipelineSecrets.Env.CodecovToken` | token for codecov.io | `xxxx` |
|
| `PipelineSecrets.Env.CodecovToken` | token for codecov.io | `xxxx` |
|
||||||
| `PipelineSecrets.Env.GitHubToken` | token for GH molgenis-jenkins user | `xxxx` |
|
| `PipelineSecrets.Env.GitHubToken` | token for GH molgenis-jenkins user | `xxxx` |
|
||||||
|
| `PipelineSecrets.Env.NexusPassword` | token for molgenis-jenkins user in NEXUS | `xxxx` |
|
||||||
|
| `PipelineSecrets.Env.DockerHubPassword`| token for molgenis user in hub.docker.com | `xxxx` |
|
||||||
| `PipelineSecrets.Env.SonarToken` | token for sonarcloud.io | `xxxx` | |
|
| `PipelineSecrets.Env.SonarToken` | token for sonarcloud.io | `xxxx` | |
|
||||||
|
|
||||||
### File
|
* File
|
||||||
|
|
||||||
Environment variables stored in molgenis-pipeline-file secret, to be mounted as files
|
Environment variables stored in molgenis-pipeline-file secret, to be mounted as files
|
||||||
in the `/root/.m2` directory of the slave pods.
|
in the `/root/.m2` directory of the slave pods.
|
||||||
|
|
@ -66,7 +79,6 @@ in the `/root/.m2` directory of the slave pods.
|
||||||
| `PipelineSecrets.File.PGPPrivateKeyAsc`| pgp signing key in ascii form | `-----BEGIN PGP PRIVATE KEY BLOCK-----xxxxx-----END PGP PRIVATE KEY BLOCK-----` |
|
| `PipelineSecrets.File.PGPPrivateKeyAsc`| pgp signing key in ascii form | `-----BEGIN PGP PRIVATE KEY BLOCK-----xxxxx-----END PGP PRIVATE KEY BLOCK-----` |
|
||||||
| `PipelineSecrets.File.MavenSettingsXML`| Maven settings.xml file | `<settings>[...]</settings>` (see actual [values.yaml](values.yaml)) |
|
| `PipelineSecrets.File.MavenSettingsXML`| Maven settings.xml file | `<settings>[...]</settings>` (see actual [values.yaml](values.yaml)) |
|
||||||
|
|
||||||
|
|
||||||
## Command line use
|
## Command line use
|
||||||
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
|
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,17 @@ data:
|
||||||
<authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
|
<authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
|
||||||
<denyAnonymousReadAccess>true</denyAnonymousReadAccess>
|
<denyAnonymousReadAccess>true</denyAnonymousReadAccess>
|
||||||
</authorizationStrategy>
|
</authorizationStrategy>
|
||||||
|
{{- if .Values.jenkins.Master.Security.UseGitHub }}
|
||||||
|
<securityRealm class="org.jenkinsci.plugins.GithubSecurityRealm">
|
||||||
|
<githubWebUri>https://github.com</githubWebUri>
|
||||||
|
<githubApiUri>https://api.github.com</githubApiUri>
|
||||||
|
<clientID>{{ .Values.jenkins.Master.Security.Github.ClientID }}</clientID>
|
||||||
|
<clientSecret>{{ .Values.jenkins.Master.Security.Github.ClientSecret }}</clientSecret>
|
||||||
|
<oauthScopes>read:org,user:email</oauthScopes>
|
||||||
|
</securityRealm>
|
||||||
|
{{- else }}
|
||||||
<securityRealm class="hudson.security.LegacySecurityRealm"/>
|
<securityRealm class="hudson.security.LegacySecurityRealm"/>
|
||||||
|
{{- end }}
|
||||||
<disableRememberMe>false</disableRememberMe>
|
<disableRememberMe>false</disableRememberMe>
|
||||||
<projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
|
<projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
|
||||||
<workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULLNAME}</workspaceDir>
|
<workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULLNAME}</workspaceDir>
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,16 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
# this is the jenkins id.
|
||||||
|
name: "molgenis-jenkins-dockerhub-secret"
|
||||||
|
labels:
|
||||||
|
# so we know what type it is.
|
||||||
|
"jenkins.io/credentials-type": "usernamePassword"
|
||||||
|
annotations: {
|
||||||
|
# description - can not be a label as spaces are not allowed
|
||||||
|
"jenkins.io/credentials-description" : "user to authenticate against Docker Hub (hub.docker.com)"
|
||||||
|
}
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
username: {{ "molgenisci" | b64enc | quote }}
|
||||||
|
password: {{ .Values.PipelineSecrets.Env.DockerHubPassword | b64enc | quote }}
|
||||||
|
|
@ -10,7 +10,13 @@ jenkins:
|
||||||
- git:3.9.1
|
- git:3.9.1
|
||||||
- github-branch-source:2.3.6
|
- github-branch-source:2.3.6
|
||||||
- kubernetes-credentials-provider:0.9
|
- kubernetes-credentials-provider:0.9
|
||||||
- blueocean:1.6.1
|
- blueocean:1.6.2
|
||||||
|
- github-oauth:0.29
|
||||||
|
Security:
|
||||||
|
UseGitHub: false
|
||||||
|
GitHub:
|
||||||
|
ClientID: ""
|
||||||
|
ClienSecret: ""
|
||||||
Jobs: |-
|
Jobs: |-
|
||||||
molgenis: |-
|
molgenis: |-
|
||||||
<?xml version='1.1' encoding='UTF-8'?>
|
<?xml version='1.1' encoding='UTF-8'?>
|
||||||
|
|
@ -269,6 +275,8 @@ PipelineSecrets:
|
||||||
SonarToken: xxxx
|
SonarToken: xxxx
|
||||||
# Password Local NEXUS
|
# Password Local NEXUS
|
||||||
NexusPassword: xxxx
|
NexusPassword: xxxx
|
||||||
|
# Password hub.docker.com
|
||||||
|
DockerHubPassword: xxxx
|
||||||
File:
|
File:
|
||||||
# Set to false to keep existing secret
|
# Set to false to keep existing secret
|
||||||
Replace: true
|
Replace: true
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue