newrain001
/
k8s-app
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
715 KiB
 
 
 
 
Tag: Branch: Tree: 0e62e5a738
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0e62e5a738'
${ noResults }
k8s-app/jenkins/jenkins.yml

583 lines
18 KiB
Raw Blame History

---
# Source: jenkins/templates/service-account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
namespace: default
labels:
"app.kubernetes.io/name": 'jenkins'
"helm.sh/chart": "jenkins-5.5.8"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
---
# Source: jenkins/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: jenkins
namespace: default
labels:
"app.kubernetes.io/name": 'jenkins'
"helm.sh/chart": "jenkins-5.5.8"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
type: Opaque
data:
jenkins-admin-password: "SUwyYzdKTEFqVUpPMTZRRXp5SldMYg=="
jenkins-admin-user: "YWRtaW4="
---
# Source: jenkins/templates/config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: jenkins
namespace: default
labels:
"app.kubernetes.io/name": 'jenkins'
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
data:
apply_config.sh: |-
set -e
echo "disable Setup Wizard"
# Prevent Setup Wizard when JCasC is enabled
echo $JENKINS_VERSION > /var/jenkins_home/jenkins.install.UpgradeWizard.state
echo $JENKINS_VERSION > /var/jenkins_home/jenkins.install.InstallUtil.lastExecVersion
echo "download plugins"
# Install missing plugins
cp /var/jenkins_config/plugins.txt /var/jenkins_home;
rm -rf /usr/share/jenkins/ref/plugins/*.lock
version () { echo "$@" | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }'; }
if [ -f "/usr/share/jenkins/jenkins.war" ] && [ -n "$(command -v jenkins-plugin-cli)" 2>/dev/null ] && [ $(version $(jenkins-plugin-cli --version)) -ge $(version "2.1.1") ]; then
jenkins-plugin-cli --verbose --war "/usr/share/jenkins/jenkins.war" --plugin-file "/var/jenkins_home/plugins.txt" --latest true;
else
/usr/local/bin/install-plugins.sh `echo $(cat /var/jenkins_home/plugins.txt)`;
fi
echo "copy plugins to shared volume"
# Copy plugins to shared volume
yes n | cp -i /usr/share/jenkins/ref/plugins/* /var/jenkins_plugins/;
echo "finished initialization"
plugins.txt: |-
kubernetes:4285.v50ed5f624918
workflow-aggregator:600.vb_57cdd26fdd7
git:5.3.0
configuration-as-code:1836.vccda_4a_122a_a_e
---
# Source: jenkins/templates/jcasc-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: "jenkins-jenkins-jcasc-config"
namespace: default
labels:
"app.kubernetes.io/name": jenkins
"helm.sh/chart": "jenkins-5.5.8"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
jenkins-jenkins-config: "true"
data:
jcasc-default-config.yaml: |-
jenkins:
authorizationStrategy:
loggedInUsersCanDoAnything:
allowAnonymousRead: false
securityRealm:
local:
allowsSignup: false
enableCaptcha: false
users:
- id: "${chart-admin-username}"
name: "Jenkins Admin"
password: "${chart-admin-password}"
disableRememberMe: false
mode: NORMAL
numExecutors: 0
labelString: ""
projectNamingStrategy: "standard"
markupFormatter:
plainText
clouds:
- kubernetes:
containerCapStr: "10"
defaultsProviderTemplate: ""
connectTimeout: "5"
readTimeout: "15"
jenkinsUrl: "http://jenkins.default.svc.cluster.local:8080"
jenkinsTunnel: "jenkins-agent.default.svc.cluster.local:50000"
skipTlsVerify: false
usageRestricted: false
maxRequestsPerHostStr: "32"
retentionTimeout: "5"
waitForPodSec: "600"
name: "kubernetes"
namespace: "default"
restrictedPssSecurityContext: false
serverUrl: "https://kubernetes.default"
credentialsId: ""
podLabels:
- key: "jenkins/jenkins-jenkins-agent"
value: "true"
templates:
- name: "default"
namespace: "default"
id: 8314dfa444f232ecf345f75c14013fa4f399429ecdcb1e392744d515228c1cfa
containers:
- name: "jnlp"
alwaysPullImage: false
args: "^${computer.jnlpmac} ^${computer.name}"
envVars:
- envVar:
key: "JENKINS_URL"
value: "http://jenkins.default.svc.cluster.local:8080/"
image: "registry.cn-hangzhou.aliyuncs.com/newrain857/inbound-agent:3261.v9c670a_4748a_9-1"
privileged: "false"
resourceLimitCpu: 512m
resourceLimitMemory: 512Mi
resourceRequestCpu: 512m
resourceRequestMemory: 512Mi
ttyEnabled: false
workingDir: /home/jenkins/agent
idleMinutes: 0
instanceCap: 2147483647
label: "jenkins-jenkins-agent "
nodeUsageMode: "NORMAL"
podRetention: Never
showRawYaml: true
serviceAccount: "default"
slaveConnectTimeoutStr: "100"
yamlMergeStrategy: override
inheritYamlMergeStrategy: false
crumbIssuer:
standard:
excludeClientIPFromCrumb: true
security:
apiToken:
creationOfLegacyTokenEnabled: false
tokenGenerationOnCreationEnabled: false
usageStatisticsEnabled: true
unclassified:
location:
url: http://jenkins:8080
---
# Source: jenkins/templates/home-pvc.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: jenkins
namespace: default
labels:
"app.kubernetes.io/name": 'jenkins'
"helm.sh/chart": "jenkins-5.5.8"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "8Gi"
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: jenkins-cache
namespace: default
labels:
"app.kubernetes.io/name": 'jenkins'
"helm.sh/chart": "jenkins-5.5.8"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "8Gi"
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: jenkins-tmp
namespace: default
labels:
"app.kubernetes.io/name": 'jenkins'
"helm.sh/chart": "jenkins-5.5.8"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "3Gi"
---
# Source: jenkins/templates/rbac.yaml
# This role is used to allow Jenkins scheduling of agents via Kubernetes plugin.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: jenkins-schedule-agents
namespace: default
labels:
"app.kubernetes.io/name": 'jenkins'
"helm.sh/chart": "jenkins-5.5.8"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
rules:
- apiGroups: [""]
resources: ["pods", "pods/exec", "pods/log", "persistentvolumeclaims", "events"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["pods", "pods/exec", "persistentvolumeclaims"]
verbs: ["create", "delete", "deletecollection", "patch", "update"]
---
# Source: jenkins/templates/rbac.yaml
# The sidecar container which is responsible for reloading configuration changes
# needs permissions to watch ConfigMaps
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: jenkins-casc-reload
namespace: default
labels:
"app.kubernetes.io/name": 'jenkins'
"helm.sh/chart": "jenkins-5.5.8"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
rules:
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "watch", "list"]
---
# Source: jenkins/templates/rbac.yaml
# We bind the role to the Jenkins service account. The role binding is created in the namespace
# where the agents are supposed to run.
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins-schedule-agents
namespace: default
labels:
"app.kubernetes.io/name": 'jenkins'
"helm.sh/chart": "jenkins-5.5.8"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins-schedule-agents
subjects:
- kind: ServiceAccount
name: jenkins
namespace: default
---
# Source: jenkins/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins-watch-configmaps
namespace: default
labels:
"app.kubernetes.io/name": 'jenkins'
"helm.sh/chart": "jenkins-5.5.8"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins-casc-reload
subjects:
- kind: ServiceAccount
name: jenkins
namespace: default
---
# Source: jenkins/templates/jenkins-agent-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: jenkins-agent
namespace: default
labels:
"app.kubernetes.io/name": 'jenkins'
"helm.sh/chart": "jenkins-5.5.8"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
spec:
ports:
- port: 50000
targetPort: 50000
name: agent-listener
selector:
"app.kubernetes.io/component": "jenkins-controller"
"app.kubernetes.io/instance": "jenkins"
type: ClusterIP
---
# Source: jenkins/templates/jenkins-controller-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: jenkins
namespace: default
labels:
"app.kubernetes.io/name": 'jenkins'
"helm.sh/chart": "jenkins-5.5.8"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
spec:
ports:
- port: 8080
name: http
targetPort: 8080
selector:
"app.kubernetes.io/component": "jenkins-controller"
"app.kubernetes.io/instance": "jenkins"
type: ClusterIP
---
# Source: jenkins/templates/jenkins-controller-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: jenkins
namespace: default
labels:
"app.kubernetes.io/name": 'jenkins'
"helm.sh/chart": "jenkins-5.5.8"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
spec:
serviceName: jenkins
replicas: 1
selector:
matchLabels:
"app.kubernetes.io/component": "jenkins-controller"
"app.kubernetes.io/instance": "jenkins"
template:
metadata:
labels:
"app.kubernetes.io/name": 'jenkins'
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
annotations:
checksum/config: 3a3286781194b90bc13d5d3ddd8a95f1fee4cd0da9b327167b798a030c73a3fa
spec:
securityContext:
runAsUser: 1000
fsGroup: 1000
runAsNonRoot: true
serviceAccountName: "jenkins"
initContainers:
- name: config-reload-init
image: "registry.cn-hangzhou.aliyuncs.com/newrain857/k8s-sidecar:1.27.5"
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: LABEL
value: "jenkins-jenkins-config"
- name: FOLDER
value: "/var/jenkins_home/casc_configs"
- name: NAMESPACE
value: 'default'
- name: METHOD
value: "LIST"
resources:
{}
volumeMounts:
- name: sc-config-volume
mountPath: "/var/jenkins_home/casc_configs"
- name: jenkins-home
mountPath: /var/jenkins_home
- name: "init"
image: "registry.cn-hangzhou.aliyuncs.com/newrain857/jenkins:2.462.1-jdk17"
imagePullPolicy: "IfNotPresent"
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsUser: 1000
command: [ "sh", "/var/jenkins_config/apply_config.sh" ]
resources:
limits:
cpu: 2000m
memory: 4096Mi
requests:
cpu: 50m
memory: 256Mi
volumeMounts:
- mountPath: /var/jenkins_home
name: jenkins-home
- mountPath: /var/jenkins_config
name: jenkins-config
- mountPath: /usr/share/jenkins/ref/plugins
name: plugins
- mountPath: /var/jenkins_plugins
name: plugin-dir
- mountPath: /tmp
name: tmp-volume
containers:
- name: jenkins
image: "registry.cn-hangzhou.aliyuncs.com/newrain857/jenkins:2.462.1-jdk17"
imagePullPolicy: "IfNotPresent"
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsUser: 1000
args: [ "--httpPort=8080"]
env:
- name: SECRETS
value: /run/secrets/additional
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: JAVA_OPTS
value: >-
-Dcasc.reload.token=$(POD_NAME)
- name: JENKINS_OPTS
value: >-
--webroot=/var/jenkins_cache/war
- name: JENKINS_SLAVE_AGENT_PORT
value: "50000"
- name: CASC_JENKINS_CONFIG
value: /var/jenkins_home/casc_configs
ports:
- containerPort: 8080
name: http
- containerPort: 50000
name: agent-listener
startupProbe:
failureThreshold: 12
httpGet:
path: '/login'
port: http
periodSeconds: 10
timeoutSeconds: 5
livenessProbe:
failureThreshold: 5
httpGet:
path: '/login'
port: http
periodSeconds: 10
timeoutSeconds: 5
readinessProbe:
failureThreshold: 3
httpGet:
path: '/login'
port: http
periodSeconds: 10
timeoutSeconds: 5
resources:
limits:
cpu: 2000m
memory: 4096Mi
requests:
cpu: 50m
memory: 256Mi
volumeMounts:
- mountPath: /var/jenkins_home
name: jenkins-home
readOnly: false
- mountPath: /var/jenkins_config
name: jenkins-config
readOnly: true
- mountPath: /usr/share/jenkins/ref/plugins/
name: plugin-dir
readOnly: false
- name: sc-config-volume
mountPath: /var/jenkins_home/casc_configs
- name: jenkins-secrets
mountPath: /run/secrets/additional
readOnly: true
- name: jenkins-cache
mountPath: /var/jenkins_cache
- mountPath: /tmp
name: tmp-volume
- name: config-reload
image: "registry.cn-hangzhou.aliyuncs.com/newrain857/k8s-sidecar:1.27.5"
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: LABEL
value: "jenkins-jenkins-config"
- name: FOLDER
value: "/var/jenkins_home/casc_configs"
- name: NAMESPACE
value: 'default'
- name: REQ_URL
value: "http://localhost:8080/reload-configuration-as-code/?casc-reload-token=$(POD_NAME)"
- name: REQ_METHOD
value: "POST"
- name: REQ_RETRY_CONNECT
value: "10"
resources:
{}
volumeMounts:
- name: sc-config-volume
mountPath: "/var/jenkins_home/casc_configs"
- name: jenkins-home
mountPath: /var/jenkins_home
volumes:
- name: plugins
emptyDir: {}
- name: jenkins-config
configMap:
name: jenkins
- name: plugin-dir
hostPath:
path: /mnt/nfs-data/plugins
- name: jenkins-secrets
projected:
sources:
- secret:
name: jenkins
items:
- key: jenkins-admin-user
path: chart-admin-username
- key: jenkins-admin-password
path: chart-admin-password
- name: jenkins-cache
persistentVolumeClaim:
claimName: jenkins-cache
- name: jenkins-home
persistentVolumeClaim:
claimName: jenkins
- name: sc-config-volume
emptyDir: {}
- name: tmp-volume
persistentVolumeClaim:
claimName: jenkins-tmp