apiVersion: extensions/v1beta1 kind: Deployment metadata: name: {{ template "jenkins.fullname" . }} labels: heritage: {{ .Release.Service | quote }} release: {{ .Release.Name | quote }} chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" component: "{{ .Release.Name }}-{{ .Values.Master.Name }}" spec: replicas: 1 strategy: type: RollingUpdate selector: matchLabels: component: "{{ .Release.Name }}-{{ .Values.Master.Component }}" template: metadata: labels: app: {{ template "jenkins.fullname" . }} heritage: {{ .Release.Service | quote }} release: {{ .Release.Name | quote }} chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" component: "{{ .Release.Name }}-{{ .Values.Master.Component }}" annotations: checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} spec: {{- if .Values.Master.NodeSelector }} nodeSelector: {{ toYaml .Values.Master.NodeSelector | indent 8 }} {{- end }} {{- if .Values.Master.Tolerations }} tolerations: {{ toYaml .Values.Master.Tolerations | indent 8 }} {{- end }} {{- if .Values.Master.Affinity }} affinity: {{ toYaml .Values.Master.Affinity | indent 8 }} {{- end }} securityContext: runAsUser: {{ default 0 .Values.Master.RunAsUser }} {{- if and (.Values.Master.RunAsUser) (.Values.Master.FsGroup) }} {{- if not (eq .Values.Master.RunAsUser 0.0) }} fsGroup: {{ .Values.Master.FsGroup }} {{- end }} {{- end }} serviceAccountName: {{ if .Values.rbac.install }}{{ template "jenkins.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} initContainers: - name: "copy-default-config" image: "{{ .Values.Master.Image }}:{{ .Values.Master.ImageTag }}" imagePullPolicy: "{{ .Values.Master.ImagePullPolicy }}" command: [ "sh", "/var/jenkins_config/apply_config.sh" ] {{- if .Values.Master.InitContainerEnv }} env: {{ toYaml .Values.Master.InitContainerEnv | indent 12 }} {{- end }} volumeMounts: - mountPath: /var/jenkins_home name: jenkins-home - mountPath: /var/jenkins_config name: jenkins-config {{- if .Values.Master.CredentialsXmlSecret }} - mountPath: /var/jenkins_credentials name: jenkins-credentials readOnly: true {{- end }} {{- if .Values.Master.SecretsFilesSecret }} - mountPath: /var/jenkins_secrets name: jenkins-secrets readOnly: true {{- end }} {{- if .Values.Master.Jobs }} - mountPath: /var/jenkins_jobs name: jenkins-jobs readOnly: true {{- end }} {{- if .Values.Master.InstallPlugins }} - mountPath: /var/jenkins_plugins name: plugin-dir {{- end }} - mountPath: /usr/share/jenkins/ref/secrets/ name: secrets-dir containers: - name: {{ template "jenkins.fullname" . }} image: "{{ .Values.Master.Image }}:{{ .Values.Master.ImageTag }}" imagePullPolicy: "{{ .Values.Master.ImagePullPolicy }}" {{- if .Values.Master.UseSecurity }} args: [ "--argumentsRealm.passwd.$(ADMIN_USER)=$(ADMIN_PASSWORD)", "--argumentsRealm.roles.$(ADMIN_USER)=admin"] {{- end }} env: - name: JAVA_OPTS value: "{{ default "" .Values.Master.JavaOpts}}" - name: JENKINS_OPTS value: "{{ if .Values.Master.JenkinsUriPrefix }}--prefix={{ .Values.Master.JenkinsUriPrefix }} {{ end }}{{ default "" .Values.Master.JenkinsOpts}}" {{- if .Values.Master.UseSecurity }} - name: ADMIN_PASSWORD valueFrom: secretKeyRef: name: {{ template "jenkins.fullname" . }} key: jenkins-admin-password - name: ADMIN_USER valueFrom: secretKeyRef: name: {{ template "jenkins.fullname" . }} key: jenkins-admin-user {{- end }} {{- if .Values.Master.ContainerEnv }} {{ toYaml .Values.Master.ContainerEnv | indent 12 }} {{- end }} ports: - containerPort: {{ .Values.Master.ContainerPort }} name: http - containerPort: {{ .Values.Master.SlaveListenerPort }} name: slavelistener {{- if .Values.Master.JMXPort }} - containerPort: {{ .Values.Master.JMXPort }} name: jmx {{- end }} {{- if .Values.Master.HealthProbes }} livenessProbe: httpGet: path: /login port: http initialDelaySeconds: {{ .Values.Master.HealthProbesLivenessTimeout }} timeoutSeconds: 5 failureThreshold: {{ .Values.Master.HealthProbeLivenessFailureThreshold }} readinessProbe: httpGet: path: /login port: http initialDelaySeconds: {{ .Values.Master.HealthProbesReadinessTimeout }} {{- end }} resources: requests: cpu: "{{ .Values.Master.Cpu }}" memory: "{{ .Values.Master.Memory }}" volumeMounts: {{- if .Values.Persistence.mounts }} {{ toYaml .Values.Persistence.mounts | indent 12 }} {{- end }} - mountPath: /var/jenkins_home name: jenkins-home readOnly: false - mountPath: /var/jenkins_config name: jenkins-config readOnly: true {{- if .Values.Master.CredentialsXmlSecret }} - mountPath: /var/jenkins_credentials name: jenkins-credentials readOnly: true {{- end }} {{- if .Values.Master.SecretsFilesSecret }} - mountPath: /var/jenkins_secrets name: jenkins-secrets readOnly: true {{- end }} {{- if .Values.Master.Jobs }} - mountPath: /var/jenkins_jobs name: jenkins-jobs readOnly: true {{- end }} {{- if .Values.Master.InstallPlugins }} - mountPath: /usr/share/jenkins/ref/plugins/ name: plugin-dir readOnly: false {{- end }} - mountPath: /usr/share/jenkins/ref/secrets/ name: secrets-dir readOnly: false volumes: {{- if .Values.Persistence.volumes }} {{ toYaml .Values.Persistence.volumes | indent 6 }} {{- end }} - name: jenkins-config configMap: name: {{ template "jenkins.fullname" . }} {{- if .Values.Master.CredentialsXmlSecret }} - name: jenkins-credentials secret: secretName: {{ .Values.Master.CredentialsXmlSecret }} {{- end }} {{- if .Values.Master.SecretsFilesSecret }} - name: jenkins-secrets secret: secretName: {{ .Values.Master.SecretsFilesSecret }} {{- end }} {{- if .Values.Master.Jobs }} - name: jenkins-jobs configMap: name: {{ template "jenkins.fullname" . }}-jobs {{- end }} {{- if .Values.Master.InstallPlugins }} - name: plugin-dir emptyDir: {} {{- end }} - name: secrets-dir emptyDir: {} - name: jenkins-home {{- if .Values.Persistence.Enabled }} persistentVolumeClaim: claimName: {{ .Values.Persistence.ExistingClaim | default (include "jenkins.fullname" .) }} {{- else }} emptyDir: {} {{- end -}} {{- if .Values.Master.ImagePullSecret }} imagePullSecrets: - name: {{ .Values.Master.ImagePullSecret }} {{- end -}}