[jenkins] Add jenkins helm chart based on openshift templates (#247)

charts/redhat/redhat/jenkins/0.0.1/src/Chart.yaml

@@ -0,0 +1,9 @@
+apiVersion: v2
+name: jenkins
+description: A Helm chart for Openshift Jenkins
+
+type: application
+
+version: 0.0.1
+
+appVersion: "1.16.0"

charts/redhat/redhat/jenkins/0.0.1/src/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "openshift-jenkins.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "openshift-jenkins.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "openshift-jenkins.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "openshift-jenkins.labels" -}}
+helm.sh/chart: {{ include "openshift-jenkins.chart" . }}
+{{ include "openshift-jenkins.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "openshift-jenkins.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "openshift-jenkins.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "openshift-jenkins.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "openshift-jenkins.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

charts/redhat/redhat/jenkins/0.0.1/src/templates/configmap-trusted-ca-bundle.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    config.openshift.io/inject-trusted-cabundle: "true"
+    {{- include "openshift-jenkins.labels" . | nindent 4 }}
+  name: {{ include "openshift-jenkins.fullname" . }}-trusted-ca-bundle

charts/redhat/redhat/jenkins/0.0.1/src/templates/deploymentconfig.yaml

@@ -0,0 +1,111 @@
+apiVersion: apps.openshift.io/v1
+kind: DeploymentConfig
+metadata:
+  labels:
+    {{- include "openshift-jenkins.labels" . | nindent 4 }}
+  name: {{ include "openshift-jenkins.fullname" . }}
+spec:
+  replicas: 1
+  selector:
+    {{ include "openshift-jenkins.selectorLabels" . | nindent 4}}
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "openshift-jenkins.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+      - env:
+        - name: OPENSHIFT_ENABLE_OAUTH
+          value: "true"
+        - name: OPENSHIFT_ENABLE_REDIRECT_PROMPT
+          value: "true"
+        - name: DISABLE_ADMINISTRATIVE_MONITORS
+          value: "false"
+        - name: KUBERNETES_MASTER
+          value: https://kubernetes.default:443
+        - name: KUBERNETES_TRUST_CERTIFICATES
+          value: "true"
+        - name: JENKINS_SERVICE_NAME
+          value: {{ include "openshift-jenkins.fullname" . }}
+        - name: JNLP_SERVICE_NAME
+          value: {{ include "openshift-jenkins.fullname" . }}-jnlp
+        - name: ENABLE_FATAL_ERROR_LOG_FILE
+          value: "false"
+        - name: JENKINS_UC_INSECURE
+          value: "false"
+        - name: CASC_JENKINS_CONFIG
+          value: /var/lib/jenkins/proxy.yaml
+        image: ""
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          failureThreshold: 2
+          httpGet:
+            path: /login
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 420
+          periodSeconds: 360
+          successThreshold: 1
+          timeoutSeconds: 240
+        name: jenkins
+        readinessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /login
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 3
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 240
+        resources:
+          limits:
+            memory: 1Gi
+        securityContext:
+          capabilities: {}
+          privileged: false
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - mountPath: /var/lib/jenkins
+          name: jenkins-data
+        - mountPath: /etc/pki/ca-trust/source/anchors
+          name: jenkins-trusted-ca-bundle
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      serviceAccount: jenkins
+      serviceAccountName: jenkins
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: jenkins-data
+        {{- if .Values.persistence.enabled }}
+        persistentVolumeClaim:
+          claimName: {{ include "openshift-jenkins.fullname" . }}
+        {{- else }}
+        emptyDir: {}
+        {{- end }}
+      - configMap:
+          defaultMode: 420
+          name: {{ include "openshift-jenkins.fullname" . }}-trusted-ca-bundle
+          optional: true
+        name: jenkins-trusted-ca-bundle
+  triggers:
+  - imageChangeParams:
+      automatic: true
+      containerNames:
+      - jenkins
+      from:
+        kind: ImageStreamTag
+        name: jenkins:2
+        namespace: openshift
+      lastTriggeredImage: ""
+    type: ImageChange
+  - type: ConfigChange

charts/redhat/redhat/jenkins/0.0.1/src/templates/persistentvolumeclaim.yaml

@@ -0,0 +1,17 @@
+{{- if .Values.persistence.enabled -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ include "openshift-jenkins.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "openshift-jenkins.labels" . | nindent 4 }}
+spec:
+  accessModes:
+  {{- range .Values.persistence.accessModes }}
+    - {{ . | quote }}
+  {{- end }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size | quote }}
+{{- end -}}

charts/redhat/redhat/jenkins/0.0.1/src/templates/rolebinding.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    {{- include "openshift-jenkins.selectorLabels" . | nindent 4 }}
+  name: {{ include "openshift-jenkins.fullname" . }}_edit
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: edit
+subjects:
+- kind: ServiceAccount
+  name: {{ include "openshift-jenkins.serviceAccountName" . }}

charts/redhat/redhat/jenkins/0.0.1/src/templates/route.yaml

@@ -0,0 +1,15 @@
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  annotations:
+    haproxy.router.openshift.io/timeout: 4m
+  labels:
+    {{- include "openshift-jenkins.labels" . | nindent 4 }}
+  name: {{ include "openshift-jenkins.fullname" . }}
+spec:
+  tls:
+    insecureEdgeTerminationPolicy: Redirect
+    termination: edge
+  to:
+    kind: Service
+    name: {{ include "openshift-jenkins.fullname" . }}

charts/redhat/redhat/jenkins/0.0.1/src/templates/service-jnlp.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "openshift-jenkins.fullname" . }}-jnlp
+  labels:
+    {{- include "openshift-jenkins.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.servicejnlp.type }}
+  ports:
+    - port: {{ .Values.servicejnlp.port }}
+      targetPort: {{ .Values.servicejnlp.targetPort }}
+      protocol: TCP
+      name: {{ .Values.servicejnlp.name }}
+  selector:
+    {{- include "openshift-jenkins.selectorLabels" . | nindent 4 }}

charts/redhat/redhat/jenkins/0.0.1/src/templates/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "openshift-jenkins.fullname" . }}
+  labels:
+    {{- include "openshift-jenkins.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: {{ .Values.service.targetPort }}
+      protocol: TCP
+      name: {{ .Values.service.name }}
+  selector:
+    {{- include "openshift-jenkins.selectorLabels" . | nindent 4 }}

charts/redhat/redhat/jenkins/0.0.1/src/templates/serviceaccount.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "openshift-jenkins.serviceAccountName" . }}
+  labels:
+    {{- include "openshift-jenkins.labels" . | nindent 4 }}
+  annotations:
+    serviceaccounts.openshift.io/oauth-redirectreference.jenkins: "{\"kind\":\"OAuthRedirectReference\",\"apiVersion\":\"v1\",\"reference\":{\"kind\":\"Route\",\"name\":\"{{ include "openshift-jenkins.fullname" . }}\"}}"

charts/redhat/redhat/jenkins/0.0.1/src/templates/tests/test-connection.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "openshift-jenkins.fullname" . }}-test-connection"
+  labels:
+    {{- include "openshift-jenkins.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "openshift-jenkins.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never

charts/redhat/redhat/jenkins/0.0.1/src/values.yaml

@@ -0,0 +1,62 @@
+# Default values for openshift-jenkins.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  repository: nginx
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: ""
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  name: "jenkins"
+
+service:
+  type: ClusterIP
+  port: 80
+  targetPort: 8080
+  name: web
+
+servicejnlp:
+  type: ClusterIP
+  port: 50000
+  targetPort: 50000
+  name: agent
+
+persistence:
+  ## @param persistence.enabled Enable persistence using Persistent Volume Claims
+  enabled: false
+  ## @param persistence.storageClass Persistent Volume storage class
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
+  ##
+  storageClass:
+  ## @param persistence.annotations Additional custom annotations for the PVC
+  ##
+  annotations: {}
+  ## @param persistence.accessModes [array] Persistent Volume access modes
+  ##
+  accessModes:
+    - ReadWriteOnce
+  ## @param persistence.size Persistent Volume size
+  ##
+  size: 8Gi
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi