Adding Jenkins to Clover stack

  Ref: https://github.com/helm/charts/tree/master/stable/jenkins/templates

  PatchSet-3: deploy.sh script to automate deployment
              of Jenkins on k8s
  PatchSet-4: Updated commit message
  PatchSet-5: Updated Jenkins agent service type to 'LoadBalancer'
  PatchSet-6: Addressed comments
  PatchSet-7: Updated Jenkins slave name to 'clover-jenkins-slave'

  JIRA: CLOVER-97

Change-Id: I0d41893bc0df902c1f577e2e97cfee3f2910e82d
Signed-off-by: Junaid Ali <junaidali.yahya@gmail.com>

diff --git a/samples/services/jenkins/deploy.sh b/samples/services/jenkins/deploy.sh
new file mode 100755 (executable)
index 0000000..cb67b1a
--- /dev/null
+++ b/samples/services/jenkins/deploy.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+# Copyright (c) Authors of Clover
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+
+set -ex
+
+NAMESPACE='clover-cd'
+SOURCE_DIR=$(cd $(dirname ${BASH_SOURCE[0]})/;pwd)
+
+update_templates()
+{
+  pushd "${SOURCE_DIR}"/resources
+  for template in *.yaml
+  do
+    sed -i "s/__NAMESPACE__/${NAMESPACE}/g" "${template}"
+  done
+  popd
+}
+
+deploy()
+{
+  pushd ${SOURCE_DIR}/resources
+  kubectl apply -f namespace.yaml
+  kubectl apply -f pvc.yaml
+  kubectl apply -f configmap.yaml
+  kubectl apply -f secrets.yaml
+  kubectl apply -f svc.yaml
+  kubectl apply -f svc-agent.yaml
+  kubectl apply -f deployment.yaml
+  popd
+}
+
+update_templates
+deploy

diff --git a/samples/services/jenkins/resources/configmap.yaml b/samples/services/jenkins/resources/configmap.yaml
new file mode 100644 (file)
index 0000000..aae19f3
--- /dev/null
+++ b/samples/services/jenkins/resources/configmap.yaml
@@ -0,0 +1,140 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: clover-jenkins
+  labels:
+    app: jenkins
+    project: clover
+  namespace: __NAMESPACE__
+data:
+  apply_config.sh: |-
+    mkdir -p /usr/share/jenkins/ref/secrets/;
+    echo "false" > /usr/share/jenkins/ref/secrets/slave-to-master-security-kill-switch;
+    cp -n /var/jenkins_config/config.xml /var/jenkins_home;
+    cp -n /var/jenkins_config/jenkins.CLI.xml /var/jenkins_home;
+    cp -n /var/jenkins_config/jenkins.model.JenkinsLocationConfiguration.xml /var/jenkins_home;
+    # Install missing plugins
+    cp /var/jenkins_config/plugins.txt /var/jenkins_home;
+    rm -rf /usr/share/jenkins/ref/plugins/*.lock
+    /usr/local/bin/install-plugins.sh `echo $(cat /var/jenkins_home/plugins.txt)`;
+    # Copy plugins to shared volume
+    cp -n /usr/share/jenkins/ref/plugins/* /var/jenkins_plugins;
+  config.xml: |-
+    <?xml version='1.0' encoding='UTF-8'?>
+    <hudson>
+      <disabledAdministrativeMonitors/>
+      <version>lts</version>
+      <numExecutors>0</numExecutors>
+      <mode>NORMAL</mode>
+      <useSecurity>true</useSecurity>
+      <authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
+        <denyAnonymousReadAccess>true</denyAnonymousReadAccess>
+      </authorizationStrategy>
+      <securityRealm class="hudson.security.LegacySecurityRealm"/>
+      <disableRememberMe>false</disableRememberMe>
+      <projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
+      <workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULLNAME}</workspaceDir>
+      <buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
+      <markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
+      <jdks/>
+      <viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
+      <myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
+      <clouds>
+        <org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud plugin="kubernetes@1.12.4">
+          <name>kubernetes</name>
+          <templates>
+            <org.csanchez.jenkins.plugins.kubernetes.PodTemplate>
+              <inheritFrom></inheritFrom>
+              <name>clover-jenkins-slave</name>
+              <instanceCap>2147483647</instanceCap>
+              <idleMinutes>0</idleMinutes>
+              <label>clover-jenkins-slave</label>
+              <nodeSelector></nodeSelector>
+                <nodeUsageMode>NORMAL</nodeUsageMode>
+              <volumes>
+              </volumes>
+              <containers>
+                <org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
+                  <name>jnlp</name>
+                  <image>jenkins/jnlp-slave:3.10-1</image>
+                  <privileged>false</privileged>
+                  <alwaysPullImage>false</alwaysPullImage>
+                  <workingDir>/home/jenkins</workingDir>
+                  <command></command>
+                  <args>${computer.jnlpmac} ${computer.name}</args>
+                  <ttyEnabled>false</ttyEnabled>
+                  # Resources configuration is a little hacky. This was to prevent breaking
+                  # changes, and should be cleanned up in the future once everybody had
+                  # enough time to migrate.
+                  <resourceRequestCpu>200m</resourceRequestCpu>
+                  <resourceRequestMemory>256Mi</resourceRequestMemory>
+                  <resourceLimitCpu>200m</resourceLimitCpu>
+                  <resourceLimitMemory>256Mi</resourceLimitMemory>
+                  <envVars>
+                    <org.csanchez.jenkins.plugins.kubernetes.ContainerEnvVar>
+                      <key>JENKINS_URL</key>
+                      <value>http://clover-jenkins.__NAMESPACE__:8080</value>
+                    </org.csanchez.jenkins.plugins.kubernetes.ContainerEnvVar>
+                  </envVars>
+                </org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
+              </containers>
+              <envVars/>
+              <annotations/>
+              <imagePullSecrets/>
+              <nodeProperties/>
+              <podRetention class="org.csanchez.jenkins.plugins.kubernetes.pod.retention.Default"/>
+            </org.csanchez.jenkins.plugins.kubernetes.PodTemplate></templates>
+          <serverUrl>https://kubernetes.default</serverUrl>
+          <skipTlsVerify>false</skipTlsVerify>
+          <namespace>__NAMESPACE__</namespace>
+          <jenkinsUrl>http://clover-jenkins.__NAMESPACE__:8080</jenkinsUrl>
+          <jenkinsTunnel>clover-jenkins-agent.__NAMESPACE__:50000</jenkinsTunnel>
+          <containerCap>10</containerCap>
+          <retentionTimeout>5</retentionTimeout>
+          <connectTimeout>0</connectTimeout>
+          <readTimeout>0</readTimeout>
+          <podRetention class="org.csanchez.jenkins.plugins.kubernetes.pod.retention.Never"/>
+        </org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud>
+      </clouds>
+      <quietPeriod>5</quietPeriod>
+      <scmCheckoutRetryCount>0</scmCheckoutRetryCount>
+      <views>
+        <hudson.model.AllView>
+          <owner class="hudson" reference="../../.."/>
+          <name>All</name>
+          <filterExecutors>false</filterExecutors>
+          <filterQueue>false</filterQueue>
+          <properties class="hudson.model.View$PropertyList"/>
+        </hudson.model.AllView>
+      </views>
+      <primaryView>All</primaryView>
+      <slaveAgentPort>50000</slaveAgentPort>
+      <disabledAgentProtocols>
+        <string>JNLP-connect</string>
+        <string>JNLP2-connect</string>
+      </disabledAgentProtocols>
+      <label></label>
+      <crumbIssuer class="hudson.security.csrf.DefaultCrumbIssuer">
+        <excludeClientIPFromCrumb>true</excludeClientIPFromCrumb>
+      </crumbIssuer>
+      <nodeProperties/>
+      <globalNodeProperties/>
+      <noUsageStatistics>true</noUsageStatistics>
+    </hudson>
+  jenkins.CLI.xml: |-
+    <?xml version='1.1' encoding='UTF-8'?>
+    <jenkins.CLI>
+      <enabled>false</enabled>
+    </jenkins.CLI>
+  jenkins.model.JenkinsLocationConfiguration.xml: |-
+    <?xml version='1.1' encoding='UTF-8'?>
+    <jenkins.model.JenkinsLocationConfiguration>
+      <adminAddress></adminAddress>
+      <jenkinsUrl>http://clover-jenkins.__NAMESPACE__:8080</jenkinsUrl>
+    </jenkins.model.JenkinsLocationConfiguration>
+  plugins.txt: |-
+    kubernetes:1.12.4
+    workflow-job:2.24
+    workflow-aggregator:2.5
+    credentials-binding:1.16
+    git:3.9.1

diff --git a/samples/services/jenkins/resources/deployment.yaml b/samples/services/jenkins/resources/deployment.yaml
new file mode 100644 (file)
index 0000000..b926faf
--- /dev/null
+++ b/samples/services/jenkins/resources/deployment.yaml
@@ -0,0 +1,119 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: clover-jenkins
+  labels:
+    app: jenkins
+    project: clover
+  namespace: __NAMESPACE__
+spec:
+  replicas: 1
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 1
+  selector:
+    matchLabels:
+      app: jenkins
+      project: clover
+  template:
+    metadata:
+      labels:
+        app: jenkins
+        project: clover
+    spec:
+      securityContext:
+        runAsUser: 0
+      initContainers:
+        - name: copy-default-config
+          image: jenkins/jenkins:lts
+          imagePullPolicy: Always
+          command:
+          - sh
+          - /var/jenkins_config/apply_config.sh
+          resources:
+            limits:
+              cpu: "2"
+              memory: 2Gi
+            requests:
+              cpu: 50m
+              memory: 256Mi
+          volumeMounts:
+            - mountPath: /var/jenkins_home
+              name: jenkins-home
+            - mountPath: /var/jenkins_config
+              name: jenkins-config
+            - mountPath: /var/jenkins_plugins
+              name: plugin-dir
+            - mountPath: /usr/share/jenkins/ref/secrets/
+              name: secrets-dir
+      containers:
+        - name: jenkins
+          image: jenkins/jenkins:lts
+          imagePullPolicy: Always
+          args:
+          - --argumentsRealm.passwd.$(ADMIN_USER)=$(ADMIN_PASSWORD)
+          - --argumentsRealm.roles.$(ADMIN_USER)=admin
+          env:
+            - name: JAVA_TOOL_OPTIONS
+            - name: JENKINS_OPTS
+            - name: ADMIN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: clover-jenkins
+                  key: jenkins-admin-password
+            - name: ADMIN_USER
+              valueFrom:
+                secretKeyRef:
+                  name: clover-jenkins
+                  key: jenkins-admin-user
+          ports:
+            - containerPort: 8080
+              name: http
+            - containerPort: 50000
+              name: slavelistener
+          livenessProbe:
+            httpGet:
+              path: /login
+              port: http
+            initialDelaySeconds: 90
+            timeoutSeconds: 5
+            failureThreshold: 12
+          readinessProbe:
+            httpGet:
+              path: /login
+              port: http
+            initialDelaySeconds: 60
+          # Resources configuration is a little hacky. This was to prevent breaking
+          # changes, and should be cleanned up in the future once everybody had
+          # enough time to migrate.
+          resources:
+            limits:
+              cpu: "2"
+              memory: 2Gi
+            requests:
+              cpu: 50m
+              memory: 256Mi
+          volumeMounts:
+            - mountPath: /var/jenkins_home
+              name: jenkins-home
+            - mountPath: /var/jenkins_config
+              name: jenkins-config
+              readOnly: true
+            - mountPath: /usr/share/jenkins/ref/plugins/
+              name: plugin-dir
+            - mountPath: /usr/share/jenkins/ref/secrets/
+              name: secrets-dir
+      volumes:
+      - name: jenkins-config
+        configMap:
+          defaultMode: 420
+          name: clover-jenkins
+      - name: plugin-dir
+        emptyDir: {}
+      - name: secrets-dir
+        emptyDir: {}
+      - name: jenkins-home
+        persistentVolumeClaim:
+          claimName: clover-jenkins

diff --git a/samples/services/jenkins/resources/namespace.yaml b/samples/services/jenkins/resources/namespace.yaml
new file mode 100644 (file)
index 0000000..dfe4144
--- /dev/null
+++ b/samples/services/jenkins/resources/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: __NAMESPACE__

diff --git a/samples/services/jenkins/resources/pvc.yaml b/samples/services/jenkins/resources/pvc.yaml
new file mode 100644 (file)
index 0000000..b9913af
--- /dev/null
+++ b/samples/services/jenkins/resources/pvc.yaml
@@ -0,0 +1,17 @@
+# Dependencies:
+# A storage class named 'standard' should exist
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: clover-jenkins
+  labels:
+    app: clover-jenkins
+    project: clover
+  namespace: __NAMESPACE__
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 80Gi
+  storageClassName: standard

diff --git a/samples/services/jenkins/resources/rbac.yaml b/samples/services/jenkins/resources/rbac.yaml
new file mode 100644 (file)
index 0000000..e6ffee4
--- /dev/null
+++ b/samples/services/jenkins/resources/rbac.yaml
@@ -0,0 +1,19 @@
+# Dependencies:
+# A cluster role named 'cluster-admin' with
+# admin privileges. Any cluster role with custom
+# permissions can also be used
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: clover-jenkins
+  labels:
+    app: jenkins
+    project: clover
+  namespace: __NAMESPACE__
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: default

diff --git a/samples/services/jenkins/resources/secrets.yaml b/samples/services/jenkins/resources/secrets.yaml
new file mode 100644 (file)
index 0000000..ab35c0a
--- /dev/null
+++ b/samples/services/jenkins/resources/secrets.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+data:
+  jenkins-admin-password: amVOa2luNU9QTkZWX0NMMFZlNA==
+  jenkins-admin-user: YWRtaW4=
+kind: Secret
+metadata:
+  labels:
+    app: jenkins
+    project: clover
+  name: clover-jenkins
+  namespace: __NAMESPACE__
+type: Opaque

diff --git a/samples/services/jenkins/resources/svc-agent.yaml b/samples/services/jenkins/resources/svc-agent.yaml
new file mode 100644 (file)
index 0000000..19464ea
--- /dev/null
+++ b/samples/services/jenkins/resources/svc-agent.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: clover-jenkins-agent
+  labels:
+    app: jenkins
+    project: clover
+  namespace: __NAMESPACE__
+spec:
+  ports:
+  - name: slavelistener
+    port: 50000
+    protocol: TCP
+    targetPort: 50000
+  selector:
+    app: jenkins
+    project: clover
+  type: LoadBalancer

diff --git a/samples/services/jenkins/resources/svc.yaml b/samples/services/jenkins/resources/svc.yaml
new file mode 100644 (file)
index 0000000..84e17b2
--- /dev/null
+++ b/samples/services/jenkins/resources/svc.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: clover-jenkins
+  labels:
+    app: jenkins
+    project: clover
+  namespace: __NAMESPACE__
+spec:
+  ports:
+  - name: http
+    port: 8080
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    app: jenkins
+    project: clover
+  type: LoadBalancer