Skip to content

Instantly share code, notes, and snippets.

@axdotl
Last active December 29, 2023 23:10
Show Gist options
  • Save axdotl/32dc00c3f971c9c4ad082ebda9eef485 to your computer and use it in GitHub Desktop.
Save axdotl/32dc00c3f971c9c4ad082ebda9eef485 to your computer and use it in GitHub Desktop.
Helm example values for stable/jenkins v1.1.17
master:
useSecurity: true
adminUser: "admin"
fsGroup: 1000
runAsUser: 1000
serviceType: ClusterIP
installPlugins:
- artifactory:3.2.2
- basic-branch-build-strategies:1.3.1
- bitbucket-build-status-notifier:1.4.1
- bitbucket:1.1.8
- checkstyle:4.0.0
- cloudbees-bitbucket-branch-source:2.4.4
- config-file-provider:3.6
- credentials-binding:1.18
- credentials:2.1.18
- configuration-as-code-support:1.15
- configuration-as-code:1.15
- crowd2:2.0.2
- docker-commons:1.15
- email-ext:2.66
- findbugs:5.0.0
- git:3.10.0
- jacoco:3.0.4
- jdk-tool:1.2
- jenkins-jira-issue-updater:1.18
- jira-steps:1.4.5
- jira:3.0.7
- job-dsl:1.74
- junit:1.27
- kubernetes:1.15.4
- matrix-auth:2.4.2
- pipeline-build-step:2.9
- pipeline-github-lib:1.0
- pipeline-graph-analysis:1.9
- pipeline-input-step:2.10
- pipeline-maven:3.6.12
- pipeline-milestone-step:1.3.1
- pipeline-model-api:1.3.8
- pipeline-model-declarative-agent:1.1.1
- pipeline-model-definition:1.3.8
- pipeline-model-extensions:1.3.8
- pipeline-rest-api:2.11
- pipeline-stage-step:2.3
- pipeline-stage-tags-metadata:1.3.8
- pipeline-stage-view:2.11
- pipeline-utility-steps:2.3.0
- role-strategy:2.10
- rocketchatnotifier:1.4.3
- sonar:2.8.1
- ssh-agent:1.17
- tasks:4.53
- workflow-cps-global-lib:2.13
- workflow-aggregator:2.6
- workflow-job:2.32
- ws-cleanup:0.37
scriptApproval:
- "method org.jenkinsci.plugins.workflow.support.steps.build.RunWrapper getRawBuild"
- "method hudson.model.Run getCause java.lang.Class"
JCasC:
enabled: true
configScripts:
welcome-message: |
jenkins:
systemMessage: This Jenkins is 100% configured and managed 'as code'.
security-config: |
jenkins:
securityRealm:
crowd:
url: "https://crowd.example.com/crowd"
applicationName: "jenkins"
password: "thePassword"
group: "sre-team"
credentials:
system:
domainCredentials:
- credentials:
- fileSystemServiceAccountCredential:
id: jenkins
scope: GLOBAL
description: "Service account that allows the kubernetes plugin creation of agent pods."
- usernamePassword:
id: jenkins-crowd
username: jenkins
password: thePassword
scope: GLOBAL
description: jenkins-crowd
- basicSSHUserPrivateKey:
id: jenkins-ssh-key
username: jenkins
scope: GLOBAL
description: jenkins-ssh-key
privateKeySource:
directEntry:
privateKey: |-
-----BEGIN OPENSSH PRIVATE KEY-----
-----END OPENSSH PRIVATE KEY-----
authorization-config: |
jenkins:
authorizationStrategy:
roleBased:
roles:
global:
- assignments:
- sre-team
description: Jenkins administrators
name: admin
permissions:
- Overall/Administer
- assignments:
- authenticated
description: Read-only users
name: readonly
permissions:
- Overall/Read
- Job/Read
- Job/Build
other-infra: |
unclassified:
# bitbucketendpointconfiguration to make bitbucket available inside jenkins
bitbucketendpointconfiguration:
# endpoints to be configured
endpoints:
- bitbucketserverendpoint:
displayName: bitbucket
serverUrl: https://bitbucket.example.com
credentialsId: jenkins-crowd
# artifactorybuilder plugin config, to access artifactory
artifactorybuilder:
# useCredentialsPlugin for the artifactory authentication
useCredentialsPlugin: true
# artifactoryServers to be made available
artifactoryServers:
- serverId: artifactory-repo
artifactoryUrl: https://repo.example.com/artifactory
deployerCredentialsConfig:
credentialsId: 'jenkins-crowd'
resolverCredentialsConfig:
credentialsId: 'jenkins-crowd'
tools-config: |
tool:
maven:
installations:
- name: "maven-3"
properties:
- installSource:
installers:
- maven:
id: "3.5.4"
jdk:
installations:
- name: jdk-8
properties:
- installSource:
installers:
- jdkInstaller:
id: "jdk-8u212-oth-JPR"
acceptLicense: true
unclassified:
# globalConfigFiles to be available in jenkins, f.e. settings.xml
globalConfigFiles:
# configs to be made available
configs:
- globalMavenSettings:
id: "global-settings.xml"
name: "global-settings.xml"
comment: "Global Maven Settings"
isReplaceAll: true
serverCredentialMappings:
- serverId: "sonatype-nexus"
credentialsId: "sonatype-nexus"
content: |
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<interactiveMode>false</interactiveMode>
<pluginGroups>
<pluginGroup>org.sonarsource.scanner.maven</pluginGroup>
</pluginGroups>
<servers>
</servers>
<mirrors>
<mirror>
<id>UK</id>
<name>UK Central</name>
<url>http://uk.maven.org/maven2</url>
<mirrorOf>central</mirrorOf>
</mirror>
</mirrors>
</settings>
shared-libs: |
unclassified:
globalLibraries:
libraries:
- name: "some-shared-lib"
retriever:
modernSCM:
scm:
git:
remote: "ssh://git@github.com/axdotl/some-shared-lib.git"
credentialsId: "jenkins-ssh-key"
jobs-config: |
jobs:
- script: >
organizationFolder('BitBucket Project') {
displayName('MyBitbucket Project')
organizations {
bitbucket {
repoOwner('BitBucketProjectKey')
credentialsId('jenkins-crowd')
traits {
sourceRegexFilter {
regex('jenkins-.*')
}
}
}
}
configure { node ->
// node represents <jenkins.branch.OrganizationFolder>
def traits = node / navigators / 'com.cloudbees.jenkins.plugins.bitbucket.BitbucketSCMNavigator' / traits
traits << 'com.cloudbees.jenkins.plugins.bitbucket.BranchDiscoveryTrait' {
strategyId('3') // detect all branches
}
traits << 'com.cloudbees.jenkins.plugins.bitbucket.SSHCheckoutTrait' {
credentialsId('jenkins-ssh-key')
}
}
}
sidecars:
configAutoReload:
# If enabled: true, Jenkins Configuration as Code will be reloaded on-the-fly without a reboot. If false or not-specified,
# jcasc changes will cause a reboot and will only be applied at the subsequent start-up. Auto-reload uses the Jenkins CLI
# over SSH to reapply config when changes to the configScripts are detected. The admin user (or account you specify in
# master.adminUser) will have a random SSH private key (RSA 4096) assigned unless you specify adminSshKey. This will be saved to a k8s secret.
enabled: false
ingress:
enabled: true
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
ingress.kubernetes.io/force-ssl-redirect: "true"
hostName: jenkins.example.com
tls:
- secretName: jenkins-tls
hosts:
- jenkins.example.com
rbac:
create: true
serviceAccount:
create: true
name: jenkins
serviceAccountAgent:
create: true
name: jenkins-agent
agent:
enabled: true
image: "jenkins/jnlp-slave"
imageTag: "3.27-1-alpine"
nodeSelector:
type: slave
resources:
requests:
cpu: "200m"
memory: "256Mi"
limits:
cpu: "1000m"
memory: "4096Mi"
# Controls how slave pods are retained after the Jenkins build completes
# Possible values: Always, Never, OnFailure
podRetention: "Never"
podName: "jenkins-slave"
# Allows the Pod to remain active for reuse until the configured number of
# minutes has passed since the last step was executed on it.
idleMinutes: 5
# Max number of spawned agent
containerCap: 10
# Raw yaml template for the Pod. For example this allows usage of toleration for agent pods.
yamlTemplate: |-
apiVersion: v1
kind: Pod
spec:
tolerations:
- key: "jenkins"
operator: "Equal"
value: "false"
persistence:
enabled: true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment