From 0b40d75cdd5f6ece91326683a717ae5db207dc43 Mon Sep 17 00:00:00 2001 From: Junaid Ali Date: Thu, 6 Sep 2018 23:46:00 +0100 Subject: [PATCH] Adding Jenkins to Clover stack Ref: https://github.com/helm/charts/tree/master/stable/jenkins/templates PatchSet-3: deploy.sh script to automate deployment of Jenkins on k8s PatchSet-4: Updated commit message PatchSet-5: Updated Jenkins agent service type to 'LoadBalancer' PatchSet-6: Addressed comments PatchSet-7: Updated Jenkins slave name to 'clover-jenkins-slave' JIRA: CLOVER-97 Change-Id: I0d41893bc0df902c1f577e2e97cfee3f2910e82d Signed-off-by: Junaid Ali --- samples/services/jenkins/deploy.sh | 39 ++++++ samples/services/jenkins/resources/configmap.yaml | 140 +++++++++++++++++++++ samples/services/jenkins/resources/deployment.yaml | 119 ++++++++++++++++++ samples/services/jenkins/resources/namespace.yaml | 4 + samples/services/jenkins/resources/pvc.yaml | 17 +++ samples/services/jenkins/resources/rbac.yaml | 19 +++ samples/services/jenkins/resources/secrets.yaml | 12 ++ samples/services/jenkins/resources/svc-agent.yaml | 18 +++ samples/services/jenkins/resources/svc.yaml | 18 +++ 9 files changed, 386 insertions(+) create mode 100755 samples/services/jenkins/deploy.sh create mode 100644 samples/services/jenkins/resources/configmap.yaml create mode 100644 samples/services/jenkins/resources/deployment.yaml create mode 100644 samples/services/jenkins/resources/namespace.yaml create mode 100644 samples/services/jenkins/resources/pvc.yaml create mode 100644 samples/services/jenkins/resources/rbac.yaml create mode 100644 samples/services/jenkins/resources/secrets.yaml create mode 100644 samples/services/jenkins/resources/svc-agent.yaml create mode 100644 samples/services/jenkins/resources/svc.yaml diff --git a/samples/services/jenkins/deploy.sh b/samples/services/jenkins/deploy.sh new file mode 100755 index 0000000..cb67b1a --- /dev/null +++ b/samples/services/jenkins/deploy.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +# Copyright (c) Authors of Clover +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 + +set -ex + +NAMESPACE='clover-cd' +SOURCE_DIR=$(cd $(dirname ${BASH_SOURCE[0]})/;pwd) + +update_templates() +{ + pushd "${SOURCE_DIR}"/resources + for template in *.yaml + do + sed -i "s/__NAMESPACE__/${NAMESPACE}/g" "${template}" + done + popd +} + +deploy() +{ + pushd ${SOURCE_DIR}/resources + kubectl apply -f namespace.yaml + kubectl apply -f pvc.yaml + kubectl apply -f configmap.yaml + kubectl apply -f secrets.yaml + kubectl apply -f svc.yaml + kubectl apply -f svc-agent.yaml + kubectl apply -f deployment.yaml + popd +} + +update_templates +deploy diff --git a/samples/services/jenkins/resources/configmap.yaml b/samples/services/jenkins/resources/configmap.yaml new file mode 100644 index 0000000..aae19f3 --- /dev/null +++ b/samples/services/jenkins/resources/configmap.yaml @@ -0,0 +1,140 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: clover-jenkins + labels: + app: jenkins + project: clover + namespace: __NAMESPACE__ +data: + apply_config.sh: |- + mkdir -p /usr/share/jenkins/ref/secrets/; + echo "false" > /usr/share/jenkins/ref/secrets/slave-to-master-security-kill-switch; + cp -n /var/jenkins_config/config.xml /var/jenkins_home; + cp -n /var/jenkins_config/jenkins.CLI.xml /var/jenkins_home; + cp -n /var/jenkins_config/jenkins.model.JenkinsLocationConfiguration.xml /var/jenkins_home; + # Install missing plugins + cp /var/jenkins_config/plugins.txt /var/jenkins_home; + rm -rf /usr/share/jenkins/ref/plugins/*.lock + /usr/local/bin/install-plugins.sh `echo $(cat /var/jenkins_home/plugins.txt)`; + # Copy plugins to shared volume + cp -n /usr/share/jenkins/ref/plugins/* /var/jenkins_plugins; + config.xml: |- + + + + lts + 0 + NORMAL + true + + true + + + false + + ${JENKINS_HOME}/workspace/${ITEM_FULLNAME} + ${ITEM_ROOTDIR}/builds + + + + + + + kubernetes + + + + clover-jenkins-slave + 2147483647 + 0 + + + NORMAL + + + + + jnlp + jenkins/jnlp-slave:3.10-1 + false + false + /home/jenkins + + ${computer.jnlpmac} ${computer.name} + false + # Resources configuration is a little hacky. This was to prevent breaking + # changes, and should be cleanned up in the future once everybody had + # enough time to migrate. + 200m + 256Mi + 200m + 256Mi + + + JENKINS_URL + http://clover-jenkins.__NAMESPACE__:8080 + + + + + + + + + + + https://kubernetes.default + false + __NAMESPACE__ + http://clover-jenkins.__NAMESPACE__:8080 + clover-jenkins-agent.__NAMESPACE__:50000 + 10 + 5 + 0 + 0 + + + + 5 + 0 + + + + All + false + false + + + + All + 50000 + + JNLP-connect + JNLP2-connect + + + + true + + + + true + + jenkins.CLI.xml: |- + + + false + + jenkins.model.JenkinsLocationConfiguration.xml: |- + + + + http://clover-jenkins.__NAMESPACE__:8080 + + plugins.txt: |- + kubernetes:1.12.4 + workflow-job:2.24 + workflow-aggregator:2.5 + credentials-binding:1.16 + git:3.9.1 diff --git a/samples/services/jenkins/resources/deployment.yaml b/samples/services/jenkins/resources/deployment.yaml new file mode 100644 index 0000000..b926faf --- /dev/null +++ b/samples/services/jenkins/resources/deployment.yaml @@ -0,0 +1,119 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: clover-jenkins + labels: + app: jenkins + project: clover + namespace: __NAMESPACE__ +spec: + replicas: 1 + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + selector: + matchLabels: + app: jenkins + project: clover + template: + metadata: + labels: + app: jenkins + project: clover + spec: + securityContext: + runAsUser: 0 + initContainers: + - name: copy-default-config + image: jenkins/jenkins:lts + imagePullPolicy: Always + command: + - sh + - /var/jenkins_config/apply_config.sh + resources: + limits: + cpu: "2" + memory: 2Gi + requests: + cpu: 50m + memory: 256Mi + volumeMounts: + - mountPath: /var/jenkins_home + name: jenkins-home + - mountPath: /var/jenkins_config + name: jenkins-config + - mountPath: /var/jenkins_plugins + name: plugin-dir + - mountPath: /usr/share/jenkins/ref/secrets/ + name: secrets-dir + containers: + - name: jenkins + image: jenkins/jenkins:lts + imagePullPolicy: Always + args: + - --argumentsRealm.passwd.$(ADMIN_USER)=$(ADMIN_PASSWORD) + - --argumentsRealm.roles.$(ADMIN_USER)=admin + env: + - name: JAVA_TOOL_OPTIONS + - name: JENKINS_OPTS + - name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: clover-jenkins + key: jenkins-admin-password + - name: ADMIN_USER + valueFrom: + secretKeyRef: + name: clover-jenkins + key: jenkins-admin-user + ports: + - containerPort: 8080 + name: http + - containerPort: 50000 + name: slavelistener + livenessProbe: + httpGet: + path: /login + port: http + initialDelaySeconds: 90 + timeoutSeconds: 5 + failureThreshold: 12 + readinessProbe: + httpGet: + path: /login + port: http + initialDelaySeconds: 60 + # Resources configuration is a little hacky. This was to prevent breaking + # changes, and should be cleanned up in the future once everybody had + # enough time to migrate. + resources: + limits: + cpu: "2" + memory: 2Gi + requests: + cpu: 50m + memory: 256Mi + volumeMounts: + - mountPath: /var/jenkins_home + name: jenkins-home + - mountPath: /var/jenkins_config + name: jenkins-config + readOnly: true + - mountPath: /usr/share/jenkins/ref/plugins/ + name: plugin-dir + - mountPath: /usr/share/jenkins/ref/secrets/ + name: secrets-dir + volumes: + - name: jenkins-config + configMap: + defaultMode: 420 + name: clover-jenkins + - name: plugin-dir + emptyDir: {} + - name: secrets-dir + emptyDir: {} + - name: jenkins-home + persistentVolumeClaim: + claimName: clover-jenkins diff --git a/samples/services/jenkins/resources/namespace.yaml b/samples/services/jenkins/resources/namespace.yaml new file mode 100644 index 0000000..dfe4144 --- /dev/null +++ b/samples/services/jenkins/resources/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: __NAMESPACE__ diff --git a/samples/services/jenkins/resources/pvc.yaml b/samples/services/jenkins/resources/pvc.yaml new file mode 100644 index 0000000..b9913af --- /dev/null +++ b/samples/services/jenkins/resources/pvc.yaml @@ -0,0 +1,17 @@ +# Dependencies: +# A storage class named 'standard' should exist +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: clover-jenkins + labels: + app: clover-jenkins + project: clover + namespace: __NAMESPACE__ +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 80Gi + storageClassName: standard diff --git a/samples/services/jenkins/resources/rbac.yaml b/samples/services/jenkins/resources/rbac.yaml new file mode 100644 index 0000000..e6ffee4 --- /dev/null +++ b/samples/services/jenkins/resources/rbac.yaml @@ -0,0 +1,19 @@ +# Dependencies: +# A cluster role named 'cluster-admin' with +# admin privileges. Any cluster role with custom +# permissions can also be used +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: clover-jenkins + labels: + app: jenkins + project: clover + namespace: __NAMESPACE__ +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: default diff --git a/samples/services/jenkins/resources/secrets.yaml b/samples/services/jenkins/resources/secrets.yaml new file mode 100644 index 0000000..ab35c0a --- /dev/null +++ b/samples/services/jenkins/resources/secrets.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + jenkins-admin-password: amVOa2luNU9QTkZWX0NMMFZlNA== + jenkins-admin-user: YWRtaW4= +kind: Secret +metadata: + labels: + app: jenkins + project: clover + name: clover-jenkins + namespace: __NAMESPACE__ +type: Opaque diff --git a/samples/services/jenkins/resources/svc-agent.yaml b/samples/services/jenkins/resources/svc-agent.yaml new file mode 100644 index 0000000..19464ea --- /dev/null +++ b/samples/services/jenkins/resources/svc-agent.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: clover-jenkins-agent + labels: + app: jenkins + project: clover + namespace: __NAMESPACE__ +spec: + ports: + - name: slavelistener + port: 50000 + protocol: TCP + targetPort: 50000 + selector: + app: jenkins + project: clover + type: LoadBalancer diff --git a/samples/services/jenkins/resources/svc.yaml b/samples/services/jenkins/resources/svc.yaml new file mode 100644 index 0000000..84e17b2 --- /dev/null +++ b/samples/services/jenkins/resources/svc.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: clover-jenkins + labels: + app: jenkins + project: clover + namespace: __NAMESPACE__ +spec: + ports: + - name: http + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + app: jenkins + project: clover + type: LoadBalancer -- 2.16.6