fix (jenkins) Fix skip verify value in vault secret

Merge branch 'fix-views' of https://git.webhosting.rug.nl/p281392/molgenis-ops-docker-helm into deploy-test
fix (jenkins): Move maven's user.home dir to /home/jenkins so that it gets shared between containers in the molgenis pod
2018-08-19 23:05:53 +02:00 · 2018-08-19 22:40:09 +02:00 · 2018-08-19 13:46:18 +02:00 · 2018-08-18 23:47:57 +02:00 · 2018-08-18 23:40:57 +02:00 · 2018-08-18 23:18:10 +02:00
4 changed files with 75 additions and 15 deletions
--- a/molgenis-jenkins/README.md
+++ b/molgenis-jenkins/README.md
@ -52,6 +52,17 @@ There is one additional group of configuration items specific for this chart, so
   You can override the values at deploy time but otherwise also configure them 
   [in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
 *  Vault
   New vault token to be used by the pods to retrieve their tokens from the vault.
   | Parameter                         | Description                                | Default                                       |
   | ----------------------------------|--------------------------------------------|-----------------------------------------------|
   | `PipelineSecrets.Vault.Replace`   | Replace the molgenis-pipeline-vault secret |`true`                                         |
   | `PipelineSecrets.Vault.Token`     | Token to log into the hashicorp vault      |`xxxx`                                         |
   | `PipelineSecrets.Vault.Addr`      | Address of the vault                       |`https:vault-operator.vault-operator.svc:8200` |
   | `PipelineSecrets.Vault.skipVerify`| Skip verification of the https connection  |`1`                                            |
 *  Env
   Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables
--- a/molgenis-jenkins/templates/config.tpl
+++ b/molgenis-jenkins/templates/config.tpl
@ -32,9 +32,6 @@ data:
      <buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
      <markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
      <jdks/>
      <primaryView>dev</primaryView>
      <viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
      <myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
      <clouds>
        <org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud plugin="kubernetes@{{ template "jenkins.kubernetes-version" . }}">
          <name>kubernetes</name>
@ -155,8 +152,6 @@ data:
          <readTimeout>0</readTimeout>
        </org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud>
      </clouds>
      <quietPeriod>5</quietPeriod>
      <scmCheckoutRetryCount>0</scmCheckoutRetryCount>
      <views>
        <hudson.model.AllView>
          <owner class="hudson" reference="../../.."/>
@ -194,6 +189,8 @@ data:
 {{- end }}
      </views>
      <primaryView>{{ .Values.Master.DefaultView }}</primaryView>
      <quietPeriod>5</quietPeriod>
      <scmCheckoutRetryCount>0</scmCheckoutRetryCount>
      <slaveAgentPort>50000</slaveAgentPort>
      <disabledAgentProtocols>
 {{- range .Values.Master.DisabledAgentProtocols }}
--- a/molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml
@ -0,0 +1,16 @@
 {{- if .Values.PipelineSecrets.Vault.Replace }}
 apiVersion: v1
 kind: Secret
 metadata:
  name: molgenis-pipeline-vault-secret
  labels:
    app: {{ template "jenkins.fullname" . }}
    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
    release: "{{ .Release.Name }}"
    heritage: "{{ .Release.Service }}"
 type: Opaque
 data:
  token: {{ .Values.PipelineSecrets.Vault.Token | b64enc | quote }}
  addr: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }}
  skipVerify: {{ .Values.PipelineSecrets.Vault.SkipVerify | b64enc | quote }}
 {{- end }}
--- a/molgenis-jenkins/values.yaml
+++ b/molgenis-jenkins/values.yaml
@ -3,17 +3,16 @@ jenkins:
    HostName: jenkins.molgenis.org
    ServiceType: ClusterIP
    InstallPlugins:
-      - kubernetes:1.12.0
+      - kubernetes:1.12.3
      - workflow-aggregator:2.5
-      - workflow-job:2.21
+      - workflow-job:2.24
      - credentials-binding:1.16
      - git:3.9.1
      - github-branch-source:2.3.6
      - kubernetes-credentials-provider:0.9
-      - blueocean:1.6.2
+      - blueocean:1.8.2
      - github-oauth:0.29
      - gogs-webhook:1.0.14
      - sauce-ondemand:1.176
    Security:
      UseGitHub: false
      GitHub:
@ -368,15 +367,12 @@ jenkins:
    install: true
  Pods:
    molgenis:
-      Label: molgenis
+      Label: molgenisv2
-      NodeUsageMode: NORMAL
+      NodeUsageMode: EXCLUSIVE
      volumes:
        - type: HostPath
          hostPath: "/var/run/docker.sock"
          mountPath: "/var/run/docker.sock"
        - type: Secret
          secretName: molgenis-pipeline-file-secret
          mountPath: "/root/.m2"
      Containers:
        maven:
          Image: "registry.webhosting.rug.nl/molgenis/maven"
@ -389,11 +385,46 @@ jenkins:
            requests:
              cpu: "1"
              memory: "4Gi"
          EnvVars:
            - type: KeyValue
              key: MAVEN_OPTS
              value: "-Duser.home=/home/jenkins"
            - type: KeyValue
              key: MAVEN_CONFIG
              value: "/home/jenkins/.m2"
        alpine:
          Image: "spotify/alpine"
          Command: cat
          WorkingDir: /home/jenkins
          TTY: true
        vault:
          Image: "vault"
          Command: cat
          WorkingDir: /home/jenkins
          TTY: true
          EnvVars:
            - type: Secret
              key: VAULT_TOKEN
              secretName: molgenis-pipeline-vault-secret
              secretKey: token
            - type: Secret
              key: VAULT_SKIP_VERIFY
              secretName: molgenis-pipeline-vault-secret
              secretKey: skipVerify
            - type: Secret
              key: VAULT_ADDR
              secretName: molgenis-pipeline-vault-secret
              secretKey: addr
      NodeSelector: {}
    molgenis-legacy:
      InheritFrom: molgenis
      Label: molgenis
      NodeUsageMode: NORMAL
      volumes:
        - type: Secret
          secretName: molgenis-pipeline-file-secret
          mountPath: "/home/jenkins/.m2"
      Containers:
      EnvVars:
        - type: Secret
          key: PGP_PASSPHRASE
@ -401,7 +432,7 @@ jenkins:
          secretKey: pgpPassphrase
        - type: KeyValue
          key: PGP_SECRETKEY
-          value: "keyfile:/root/.m2/key.asc"
+          value: "keyfile:/home.jenkins/.m2/key.asc"
        - type: KeyValue
          key: npm_config_registry
          value: "http://nexus.molgenis-nexus:8081/repository/npm-central/"
@ -509,6 +540,11 @@ jenkins:
              memory: "512Mi"
      NodeSelector: {}
 PipelineSecrets:
  Vault:
    Replace: true
    Token: xxxx
    Addr: "https://vault-operator.vault-operator.svc:8200"
    SkipVerify: 1
  Env:
    # Set to false to keep existing secret
    Replace: true
Author	SHA1	Message	Date
Fleur Kelpin	f8de505ed6	fix (jenkins) Fix skip verify value in vault secret	2018-08-19 23:05:53 +02:00
Fleur Kelpin	af00229be0	Merge branch 'fix-views' of https://git.webhosting.rug.nl/p281392/molgenis-ops-docker-helm into deploy-test	2018-08-19 22:40:09 +02:00
Fleur Kelpin	e088ad8942	fix (jenkins): Move maven's user.home dir to /home/jenkins so that it gets shared between containers in the molgenis pod	2018-08-19 13:46:18 +02:00
Fleur Kelpin	2fae637eee	feat (jenkins): Create new molgenis pod with vault container and without the secrets. The new pod has label molgenisv2, the legacy one is still labeled molgenis so existing scripts will keep working.	2018-08-18 23:47:57 +02:00
Fleur Kelpin	3a720a8a85	feat (jenkins): Add vault secret	2018-08-18 23:40:57 +02:00
sido	d5ed6e979b	updated views	2018-08-18 23:18:10 +02:00
sido	2d84fb08a8	updated views	2018-08-18 23:12:54 +02:00
sido	44044b59aa	updated views	2018-08-18 23:12:02 +02:00
sido	acbd380a0c	updated plugins	2018-08-18 22:36:05 +02:00
sido	e54f958add	fix views by reorder the views	2018-08-18 22:16:13 +02:00