# Molgenis Jenkins Helm Chart Jenkins master and slave cluster utilizing the Jenkins Kubernetes plugin. Wraps [the kuberenetes jenkins chart](https://github.com/kubernetes/charts/tree/master/stable/jenkins), see documentation there! ## Chart Details This chart will do the following: * 1 x Jenkins Master with port 8080 exposed on an external ClusterIP * All using Kubernetes Deployments ## Installing the Chart Usually, you'll be deploying this to the molgenis cluster. In the [Rancher Catalog](https://rancher.molgenis.org:7443/g/catalog), add the latest version of this repository. In the [molgenis cluster management page](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/apps), choose the catalog, pick the molgenis-jenkins app from the catalog and deploy it. ## Configuration When deploying, you can paste values into the Rancher Answers to override the defaults in this chart. Array values can be added as {value, value, value}. ``` jenkins.Master.HostName=jenkins.molgenis.org jenkins.Master.AdminPassword=pa$$word jenkins.Persistence.Enabled=false jenkins.Master.InstallPlugins={kubernetes:1.8.4, workflow-aggregator:2.5, workflow-job:2.21, credentials-binding:1.16, git:3.9.1, blueocean:1.6.2, github-oauth:0.29} jenkins.Master.Security.UseGitHub=false ## if UseGitHub=true jenkins.Master.Security.GitHub.ClientID=id jenkins.Master.Security.GitHub.ClientSecret=S3cr3t ## end UseGitHub=true PipelineSecrets.Env.PGPPassphrase=literal:S3cr3t ``` You can use [all configuration values of the jenkins subchart](https://github.com/kubernetes/charts/tree/master/stable/jenkins). > Because we use jenkins as a sub-chart, you should prefix all value keys with `jenkins`! ### GitHub Authentication delegation You need to setup a MOLGENIS - Jenkins GitHub OAuth App. You can do this by accessing this url: [add new OAuth app](https://github.com/settings/applications/new). ### Additional configuration There is one additional group of configuration items specific for this chart, so not prefixed with `jenkins`: * PipelineSecrets When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins and mounted in the jenkins build pods. The secrets, like the rest of the deployment, is namespaced so multiple instances can run beside each other with their own secrets. You can override the values at deploy time but otherwise also configure them [in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl. * Vault New vault token to be used by the pods to retrieve their tokens from the vault. | Parameter | Description | Default | | ----------------------------------|--------------------------------------------|-----------------------------------------------| | `PipelineSecrets.Vault.Replace` | Replace the molgenis-pipeline-vault secret |`true` | | `PipelineSecrets.Vault.Token` | Token to log into the hashicorp vault |`xxxx` | | `PipelineSecrets.Vault.Addr` | Address of the vault |`https:vault-operator.vault-operator.svc:8200` | | `PipelineSecrets.Vault.skipVerify`| Skip verification of the https connection |`1` | * Env Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables in the slave pods. | Parameter | Description | Default | | -------------------------------------- | ----------------------------------------- | --------------- | | `PipelineSecrets.Env.Replace` | Replace molgenis-pipeline-env secret | `true` | | `PipelineSecrets.Env.PGPPassphrase` | passphrase for the pgp signing key | `literal:xxxx` | | `PipelineSecrets.Env.CodecovToken` | token for codecov.io | `xxxx` | | `PipelineSecrets.Env.GitHubToken` | token for GH molgenis-jenkins user | `xxxx` | | `PipelineSecrets.Env.NexusPassword` | token for molgenis-jenkins user in NEXUS | `xxxx` | | `PipelineSecrets.Env.DockerHubPassword`| token for molgenis user in hub.docker.com | `xxxx` | | `PipelineSecrets.Env.SonarToken` | token for sonarcloud.io | `xxxx` | | `PipelineSecrets.Env.NpmToken` | token for npmjs.org | `xxxx` | | `PipelineSecrets.Env.SauceAccessKey` | token for saucelabs.com | `xxxx` | * File Environment variables stored in molgenis-pipeline-file secret, to be mounted as files in the `/root/.m2` directory of the slave pods. > The settings.xml file references the | Parameter | Description | Default | | -------------------------------------- | ------------------------------------- | ------------------------------------------------------------------------------- | | `PipelineSecrets.File.Replace` | Replace molgenis-pipeline-file secret | `true` | | `PipelineSecrets.File.PGPPrivateKeyAsc`| pgp signing key in ascii form | `-----BEGIN PGP PRIVATE KEY BLOCK-----xxxxx-----END PGP PRIVATE KEY BLOCK-----` | | `PipelineSecrets.File.MavenSettingsXML`| Maven settings.xml file | `[...]` (see actual [values.yaml](values.yaml)) | ## Command line use Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```bash $ helm install --name jenkins -f values.yaml molgenis-jenkins ``` > **Tip**: You can use the default [values.yaml](values.yaml)