P129679/molgenis-ops-docker-helm
1
0
Fork 0
Code Releases Activity

Compare commits

base: P129679:feat/helm-in-jenkins
Branches Tags
P129679:master P129679:fix/links P129679:chore/pipeline P129679:revert/nodeSelector P129679:chore/nodeSelector P129679:chore/jenkins-gitsource P129679:fix/75 P129679:chore/upgrade-jenkins P129679:feature/molgenis-it P129679:feat/helm-in-jenkins P129679:doc/helm-role P129679:feature/helm-role P129679:feature/s3 P129679:chore/remove-secrets P129679:feature/vault P129679:deploy-test
..
compare: P129679:feature/molgenis-it
Branches Tags
P129679:fix/links P129679:master P129679:chore/pipeline P129679:revert/nodeSelector P129679:chore/nodeSelector P129679:chore/jenkins-gitsource P129679:fix/75 P129679:chore/upgrade-jenkins P129679:feature/molgenis-it P129679:feat/helm-in-jenkins P129679:doc/helm-role P129679:feature/helm-role P129679:feature/s3 P129679:chore/remove-secrets P129679:feature/vault P129679:deploy-test

4 Commits
feat/helm- ... feature/mo

Author SHA1 Message Date
Fleur Kelpin
a74507cafb chore(molgenis-jenkins): Add molgenis-it pod template 2018-09-25 13:00:34 +02:00
Sido Haakma
4c2f9bc035 Merge branch 'feat/helm-in-jenkins' of P129679/molgenis-ops-docker-helm into master 2018-09-24 14:11:44 +02:00
Sido Haakma
63a08f2264 Merge branch 'doc/helm-role' of P129679/molgenis-ops-docker-helm into master 2018-09-24 13:09:54 +02:00
Fleur Kelpin
9dedfc1690 doc: How to configure helm role 2018-09-21 15:17:14 +02:00
4 changed files with 100 additions and 0 deletions
Expand all files Collapse all files

6
molgenis-jenkins/resources/README.md Normal file
View File

@ -0,0 +1,6 @@
To be able to run helm inside a jenkins pod, you'll need to
* create a role in the namespace where tiller is installed
* bind that role to the user that jenkins pods run as
This directory contains yaml for these resources.
See also https://github.com/helm/helm/blob/master/docs/rbac.md

13
molgenis-jenkins/resources/jenkins-default-tiller-user-rolebinding.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: tiller-jenkins-binding
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: tiller-user
subjects:
- kind: ServiceAccount
name: default
namespace: molgenis-jenkins

18
molgenis-jenkins/resources/tiller-user-role.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: tiller-user
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- pods/portforward
verbs:
- create
- apiGroups:
- ""
resources:
- pods
verbs:
- list

63
molgenis-jenkins/values.yaml
View File

@ -453,6 +453,69 @@ jenkins:
secretName: molgenis-pipeline-vault-secret
secretKey: addr
NodeSelector: {}
molgenis-it:
InheritFrom: molgenis
Label: molgenis-it
NodeUsageMode: EXCLUSIVE
Containers:
elasticsearch:
Image: docker.elastic.co/elasticsearch/elasticsearch
ImageTag: 5.5.3
resources:
requests:
cpu: "100m"
memory: "1Gi"
limits:
cpu: "1"
memory: "1500Mi"
EnvVars:
- type: KeyValue
key: ES_JAVA_OPTS
value: "-Xms512m -Xmx512m"
- type: KeyValue
key: cluster.name
value: molgenis
- type: KeyValue
key: bootstrap.memory_lock
value: "true"
- type: KeyValue
key: xpack.security.enabled
value: "false"
- type: KeyValue
key: discovery.type
value: single-node
postgres:
Image: postgres
ImageTag: 9.6-alpine
resources:
requests:
cpu: "100m"
memory: "250Mi"
limits:
cpu: "1"
memory: "250Mi"
EnvVars:
- type: KeyValue
key: POSTGRES_USER
value: molgenis
- type: KeyValue
key: POSTGRES_PASSWORD
value: molgenis
- type: KeyValue
key: POSTGRES_DB
value: molgenis
opencpu:
Image: molgenis/opencpu
AlwaysPullImage: true
resources:
requests:
cpu: "100m"
memory: "256Mi"
limits:
cpu: "1"
memory: "512Mi"
NodeSelector: {}
#secret contains configuration for the kubernetes secrets that jenkins can access
secret:
# vault configures the vault secret