-
Notifications
You must be signed in to change notification settings - Fork 1
/
jenkins-cloudci-prod-persistent-template.yaml
275 lines (274 loc) · 8.01 KB
/
jenkins-cloudci-prod-persistent-template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
---
kind: Template
apiVersion: v1
labels:
app: jenkins-cloudci-prod-persistent
template: jenkins-cloudci-prod-persistent-template
metadata:
name: jenkins-cloudci-prod-persistent
annotations:
openshift.io/display-name: Jenkins CloudCI (Persistent)
openshift.io/documentation-url: https://github.com/jenkinsci/docker/blob/master/README.md
openshift.io/provider-display-name: Jenkins.io
openshift.io/support-url: https://github.com/jenkinsci/docker
tags: jenkins, ocp4
objects:
# IMAGES FOR JENKINS MASTER
- kind: ImageStream
apiVersion: v1
metadata:
labels:
app: ${JENKINS_APP_NAME}
name: ${JENKINS_SERVICE_NAME}
# Jenkins build
- kind: BuildConfig
apiVersion: v1
metadata:
labels:
app: ${JENKINS_APP_NAME}
name: ${JENKINS_SERVICE_NAME}
spec:
output:
to:
kind: ImageStreamTag
name: "${JENKINS_SERVICE_NAME}:latest"
resources: {}
source:
contextDir: ${CONTEXTDIR}
git:
uri: ${REPO_URL}
ref: ${REPO_REF}
type: Git
strategy:
type: Docker
dockerStrategy:
noCache: true
forcePull: true
env:
- name: GIT_SSL_NO_VERIFY
value: "true"
triggers:
- type: ConfigChange
successfulBuildsHistoryLimit: 2
failedBuildsHistoryLimit: 2
# Route for Jenkins web service
- kind: Route
apiVersion: v1
metadata:
name: ${JENKINS_SERVICE_NAME}
annotations:
template.openshift.io/expose-uri: http://{.spec.host}{.spec.path}
spec:
tls:
termination: edge
insecureEdgeTerminationPolicy: Redirect
to:
kind: Service
name: ${JENKINS_SERVICE_NAME}
# 100G PVC
- kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: "${JENKINS_SERVICE_NAME}"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "${VOLUME_CAPACITY}"
# Jenkins master deployment
- kind: DeploymentConfig
apiVersion: v1
metadata:
name: ${JENKINS_SERVICE_NAME}
spec:
replicas: 1
selector:
name: ${JENKINS_SERVICE_NAME}
strategy:
type: Recreate
template:
metadata:
labels:
name: ${JENKINS_SERVICE_NAME}
spec:
containers:
- name: ${JENKINS_SERVICE_NAME}
image: ${JENKINS_IMAGE_STREAM_TAG}
imagePullPolicy: IfNotPresent
readinessProbe:
httpGet:
path: /login
port: 8080
initialDelaySeconds: 3
timeoutSeconds: 240
livenessProbe:
failureThreshold: 2
httpGet:
path: /login
port: 8080
initialDelaySeconds: 420
periodSeconds: 360
timeoutSeconds: 240
resources:
limits:
memory: "8Gi"
cpu: "4000m"
requests:
memory: "4Gi"
cpu: "2000m"
securityContext:
capabilities: {}
privileged: false
terminationMessagePath: /dev/termination-log
volumeMounts:
- mountPath: /var/jenkins_home
name: ${JENKINS_SERVICE_NAME}-data
- name: umb-secrets
mountPath: /run/secrets/umb-secrets
readOnly: true
env:
- name: KUBERNETES_MASTER
value: https://kubernetes.default:443
- name: KUBERNETES_TRUST_CERTIFICATES
value: "true"
- name: JENKINS_SERVICE_NAME
value: "${JENKINS_SERVICE_NAME}"
- name: JNLP_SERVICE_NAME
value: "${JNLP_SERVICE_NAME}"
- name: PLUGINS_FORCE_UPGRADE
value: "true"
- name: TRY_UPGRADE_IF_NO_MARKER
value: "true"
- name: CASC_JENKINS_CONFIG
value: ${JENKINS_CASC_CONFIG}
- name: JENKINS_JAVA_OVERRIDES
value: >-
-Duser.timezone=Asia/Shanghai
- name: JAVA_GC_OPTS
value: >-
-XX:+UseParallelGC -XX:MaxPermSize=100m -XX:MinHeapFreeRatio=20
-XX:MaxHeapFreeRatio=40 -XX:GCTimeRatio=4
-XX:AdaptiveSizePolicyWeight=90 -XX:MaxMetaspaceSize=500m
--illegal-access=permit
- name: JENKINS_SLAVE_AGENT_PORT
value: "30032"
# fix fatal: unable to look up current user in the passwd file: no such user
# https://jackiechen.blog/2017/08/29/fatal-unable-to-look-up-current-user-in-the-passwd-file-no-such-user/
- name: GIT_COMMITTER_NAME
value: "cloudci"
- name: GIT_COMMITTER_EMAIL
value: "[email protected]"
dnsPolicy: ClusterFirst
restartPolicy: Always
serviceAccountName: ${JENKINS_SERVICE_NAME}
volumes:
- name: "${JENKINS_SERVICE_NAME}-data"
persistentVolumeClaim:
claimName: "${JENKINS_SERVICE_NAME}"
- name: umb-secrets
secret:
defaultMode: 420
secretName: umb-secrets
triggers:
- type: "ConfigChange"
- type: "ImageChange"
imageChangeParams:
automatic: true
containerNames:
- ${JENKINS_SERVICE_NAME}
from:
kind: "ImageStreamTag"
name: ${JENKINS_IMAGE_STREAM_TAG}
# service account for Jenkins master
- kind: ServiceAccount
apiVersion: v1
metadata:
name: "${JENKINS_SERVICE_NAME}"
annotations:
serviceaccounts.openshift.io/oauth-redirectreference.jenkins: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"${JENKINS_SERVICE_NAME}"}}'
- kind: RoleBinding
apiVersion: v1
metadata:
name: "${JENKINS_SERVICE_NAME}_edit"
groupNames:
subjects:
- kind: ServiceAccount
name: "${JENKINS_SERVICE_NAME}"
roleRef:
name: edit
# TCP port mapping 8080-80, 50000-30030
- kind: Service
apiVersion: v1
metadata:
name: "${JNLP_SERVICE_NAME}"
spec:
ports:
- name: agent
protocol: TCP
port: 30032
nodePort: 30032
selector:
name: "${JENKINS_SERVICE_NAME}"
type: NodePort
sessionAffinity: None
- kind: Service
apiVersion: v1
metadata:
name: "${JENKINS_SERVICE_NAME}"
annotations:
service.alpha.openshift.io/dependencies: '[{"name": "${JNLP_SERVICE_NAME}",
"namespace": "", "kind": "Service"}]'
service.openshift.io/infrastructure: 'true'
creationTimestamp:
spec:
ports:
- name: web
protocol: TCP
port: 80
targetPort: 8080
nodePort: 0
selector:
name: "${JENKINS_SERVICE_NAME}"
type: ClusterIP
sessionAffinity: None
# global parameters
parameters:
- description: Git repository with Dockerfile and master entrypoint.
displayName: Repository URL
name: REPO_URL
value: https://github.com/virt-s1/jenkins-cloudci.git
required: true
- description: The sub-directory inside the repository.
displayName: Context Directory
name: CONTEXTDIR
value: jenkins-prod
- description: The git ref or tag to use for customization.
displayName: Git Reference
name: REPO_REF
value: master
- name: JENKINS_APP_NAME
displayName: Jenkins APP Name
description: The name of the Jenkins application.
value: jenkins-cloudci-prod
- name: JENKINS_SERVICE_NAME
displayName: Jenkins Service Name
description: The name of the OpenShift Service exposed for the Jenkins container.
value: jenkins-cloudci-prod
- name: JNLP_SERVICE_NAME
displayName: Jenkins JNLP Service Name
description: The name of the service used for master/slave communication.
value: jenkins-cloudci-prod-jnlp
- name: JENKINS_IMAGE_STREAM_TAG
displayName: Jenkins ImageStreamTag
description: Name of the ImageStreamTag to be used for the Jenkins image.
value: jenkins-cloudci-prod:latest
- name: VOLUME_CAPACITY
displayName: Volume Capacity
description: Volume space available for data, e.g. 512Mi, 2Gi.
value: 100Gi
required: true
- name: JENKINS_CASC_CONFIG
displayName: Jenkins CASC configuration file
description: A CASC configuration file in Jenkins master
value: https://raw.githubusercontent.com/virt-s1/jenkins-cloudci/master/jenkins-prod/jcasc.yaml