blakelead/jenkins.yml

## jenkins.yml
---

kind: Namespace
apiVersion: v1
metadata:
  name: jenkins
  labels:
    name: jenkins

---

kind: ServiceAccount
apiVersion: v1
metadata:
  name: jenkins
  namespace: jenkins

---

kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: jenkins
  namespace: jenkins
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/exec"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/log"]
  verbs: ["get","list","watch"]
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]

---

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: jenkins
  namespace: jenkins
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: jenkins
subjects:
- kind: ServiceAccount
  name: jenkins

---

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: jenkins-home
  namespace: jenkins
spec:
  accessModes: ['ReadWriteOnce']
  resources:
    requests:
      storage: 5Gi

---

kind: ConfigMap
apiVersion: v1
metadata:
  name: jenkins-conf
  namespace: jenkins
data:
  jenkins.yaml: |
    jenkins:
      systemMessage: "Jenkins configuration by blakelead!\n"
      numExecutors: 0
      slaveAgentPort: 50000
      disableRememberMe: false
      securityRealm:
        local:
          allowsSignup: true
          users:
          - id: "admin"
            password: "changeme"
      authorizationStrategy:
        projectMatrix:
          grantedPermissions:
          - "Overall/Read:authenticated"
          - "Overall/Administer:admin"
      primaryView:
        list:
          name: "Release"
      views:
      - list:
          name: "Build"
          includeRegex: ".*-build"
          columns: [ "status", "jobName", "buildButton", "descriptionColumn", "gitBranchSpecifierColumn", "lastSuccess", "lastFailure", "lastDuration" ]
      - list:
          name: "Management"
          includeRegex: ".*-management"
          columns: [ "status", "jobName", "buildButton", "descriptionColumn" ]
      - list:
          name: "Release"
          includeRegex: ".*-release"
          columns: [ "status", "jobName", "buildButton", "descriptionColumn", "gitBranchSpecifierColumn", "lastSuccess", "lastFailure", "lastDuration" ]
      globalNodeProperties:
      - envVars:
          env:
          - key: "SAMPLE"
            value: "some_value"
      clouds:
      - kubernetes:
          containerCapStr: "10"
          jenkinsUrl: "http://jenkins-master.jenkins.svc.cluster.local:8080"
          maxRequestsPerHostStr: "32"
          name: "kubernetes"
          namespace: "jenkins"
          serverUrl: "https://kubernetes.default.svc.cluster.local"
    security:
      remotingCLI:
        enabled: false
    credentials:
      system:
        domainCredentials:
        - credentials:
          - basicSSHUserPrivateKey:
              id: "git-private-key"
              username: "jenkins"
              privateKeySource:
                directEntry:
                  privateKey: "rsa private key(new lines replaced by new line character)"
              scope: GLOBAL
          - azure:
              id: "azure-service-principal"
              description: "Azure Service Principal"
              azureEnvironmentName: "Azure"
              clientId: ""
              clientSecret: ""
              subscriptionId: ""
              tenant: ""
              scope: GLOBAL
    unclassified:
      location:
        adminAddress: ""
        url: ""
    jobs:
    - script: >
        pipelineJob('sample') {
          displayName('Sample Job')
          description('Job that retrieve a pipeline script from scm')
          definition {
            cpsScm {
              scm {
                git{
                  remote {
                    url('git@github.com:my-name/your-project.git')
                    credentials('git-private-key')
                  }
                  branch('origin/master')
                  extensions { }
                }
              }
              lightweight(true)
              scriptPath('Jenkinsfile')
            }
          }
        }

---

kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: jenkins-master
  namespace: jenkins
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: jenkins-master
    spec:
      serviceAccountName: jenkins
      securityContext:
        fsGroup: 1000
      containers:
      - name: jenkins-master
        image: jenkins/jenkins:lts
        command: ['sh', '-c']
        args:
          - >
            /usr/local/bin/install-plugins.sh
            ansicolor
            antisamy-markup-formatter
            azure-credentials
            blueocean
            build-timeout
            cloudbees-folder
            configuration-as-code
            configuration-as-code-support
            dashboard-view
            email-ext
            extensible-choice-parameter
            gatling
            generic-webhook-trigger
            git-parameter
            greenballs
            job-dsl
            kubernetes
            mailer
            monitoring
            ldap
            locale
            role-strategy
            ssh-agent
            ssh-slaves
            timestamper
            uno-choice
            view-job-filters
            workflow-aggregator
            ws-cleanup &&
            /sbin/tini -- /usr/local/bin/jenkins.sh
        ports:
        - name: ui
          containerPort: 8080
        - name: discovery
          containerPort: 50000
        env:
        - name: JAVA_OPTS
          value: '-Xmx1400m -Djenkins.install.runSetupWizard=false'
        - name: CASC_JENKINS_CONFIG
          value: '/var/jenkins_home/casc_config/jenkins.yaml'
        resources:
          limits:
            cpu: 500m
            memory: 1500Mi
          requests:
            cpu: 500m
            memory: 1500Mi
        volumeMounts:
        - name: jenkins-home
          mountPath: '/var/jenkins_home'
        - name: jenkins-conf
          mountPath: '/var/jenkins_home/casc_config/jenkins.yaml'
          subPath: 'jenkins.yaml'
          readOnly: true
      volumes:
      - name: jenkins-home
        persistentVolumeClaim:
          claimName: jenkins-home
      - name: jenkins-conf
        configMap:
          name: jenkins-conf

---

kind: Service
apiVersion: v1
metadata:
  name: jenkins-master
  namespace: jenkins
spec:
  selector:
    app: jenkins-master
  ports:
    - name: ui
      protocol: TCP
      port: 8080
      targetPort: 8080
    - name: discovery
      protocol: TCP
      port: 50000
      targetPort: 50000

---

kind: Ingress
apiVersion: extensions/v1beta1
metadata:
  name: jenkins-ingress
  namespace: jenkins
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
  - host: ''
    http:
      paths:
      - path: /
        backend:
          serviceName: jenkins-master
          servicePort: 8080
	---

	kind: Namespace
	apiVersion: v1
	metadata:
	name: jenkins
	labels:
	name: jenkins

	---

	kind: ServiceAccount
	apiVersion: v1
	metadata:
	name: jenkins
	namespace: jenkins

	---

	kind: Role
	apiVersion: rbac.authorization.k8s.io/v1beta1
	metadata:
	name: jenkins
	namespace: jenkins
	rules:
	- apiGroups: [""]
	resources: ["pods"]
	verbs: ["create","delete","get","list","patch","update","watch"]
	- apiGroups: [""]
	resources: ["pods/exec"]
	verbs: ["create","delete","get","list","patch","update","watch"]
	- apiGroups: [""]
	resources: ["pods/log"]
	verbs: ["get","list","watch"]
	- apiGroups: [""]
	resources: ["secrets"]
	verbs: ["get"]

	---

	kind: RoleBinding
	apiVersion: rbac.authorization.k8s.io/v1beta1
	metadata:
	name: jenkins
	namespace: jenkins
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: Role
	name: jenkins
	subjects:
	- kind: ServiceAccount
	name: jenkins

	---

	kind: PersistentVolumeClaim
	apiVersion: v1
	metadata:
	name: jenkins-home
	namespace: jenkins
	spec:
	accessModes: ['ReadWriteOnce']
	resources:
	requests:
	storage: 5Gi

	---

	kind: ConfigMap
	apiVersion: v1
	metadata:
	name: jenkins-conf
	namespace: jenkins
	data:
	jenkins.yaml: \|
	jenkins:
	systemMessage: "Jenkins configuration by blakelead!\n"
	numExecutors: 0
	slaveAgentPort: 50000
	disableRememberMe: false
	securityRealm:
	local:
	allowsSignup: true
	users:
	- id: "admin"
	password: "changeme"
	authorizationStrategy:
	projectMatrix:
	grantedPermissions:
	- "Overall/Read:authenticated"
	- "Overall/Administer:admin"
	primaryView:
	list:
	name: "Release"
	views:
	- list:
	name: "Build"
	includeRegex: ".*-build"
	columns: [ "status", "jobName", "buildButton", "descriptionColumn", "gitBranchSpecifierColumn", "lastSuccess", "lastFailure", "lastDuration" ]
	- list:
	name: "Management"
	includeRegex: ".*-management"
	columns: [ "status", "jobName", "buildButton", "descriptionColumn" ]
	- list:
	name: "Release"
	includeRegex: ".*-release"
	columns: [ "status", "jobName", "buildButton", "descriptionColumn", "gitBranchSpecifierColumn", "lastSuccess", "lastFailure", "lastDuration" ]
	globalNodeProperties:
	- envVars:
	env:
	- key: "SAMPLE"
	value: "some_value"
	clouds:
	- kubernetes:
	containerCapStr: "10"
	jenkinsUrl: "http://jenkins-master.jenkins.svc.cluster.local:8080"
	maxRequestsPerHostStr: "32"
	name: "kubernetes"
	namespace: "jenkins"
	serverUrl: "https://kubernetes.default.svc.cluster.local"
	security:
	remotingCLI:
	enabled: false
	credentials:
	system:
	domainCredentials:
	- credentials:
	- basicSSHUserPrivateKey:
	id: "git-private-key"
	username: "jenkins"
	privateKeySource:
	directEntry:
	privateKey: "rsa private key(new lines replaced by new line character)"
	scope: GLOBAL
	- azure:
	id: "azure-service-principal"
	description: "Azure Service Principal"
	azureEnvironmentName: "Azure"
	clientId: ""
	clientSecret: ""
	subscriptionId: ""
	tenant: ""
	scope: GLOBAL
	unclassified:
	location:
	adminAddress: ""
	url: ""
	jobs:
	- script: >
	pipelineJob('sample') {
	displayName('Sample Job')
	description('Job that retrieve a pipeline script from scm')
	definition {
	cpsScm {
	scm {
	git{
	remote {
	url('git@github.com:my-name/your-project.git')
	credentials('git-private-key')
	}
	branch('origin/master')
	extensions { }
	}
	}
	lightweight(true)
	scriptPath('Jenkinsfile')
	}
	}
	}

	---

	kind: Deployment
	apiVersion: extensions/v1beta1
	metadata:
	name: jenkins-master
	namespace: jenkins
	spec:
	replicas: 1
	template:
	metadata:
	labels:
	app: jenkins-master
	spec:
	serviceAccountName: jenkins
	securityContext:
	fsGroup: 1000
	containers:
	- name: jenkins-master
	image: jenkins/jenkins:lts
	command: ['sh', '-c']
	args:
	- >
	/usr/local/bin/install-plugins.sh
	ansicolor
	antisamy-markup-formatter
	azure-credentials
	blueocean
	build-timeout
	cloudbees-folder
	configuration-as-code
	configuration-as-code-support
	dashboard-view
	email-ext
	extensible-choice-parameter
	gatling
	generic-webhook-trigger
	git-parameter
	greenballs
	job-dsl
	kubernetes
	mailer
	monitoring
	ldap
	locale
	role-strategy
	ssh-agent
	ssh-slaves
	timestamper
	uno-choice
	view-job-filters
	workflow-aggregator
	ws-cleanup &&
	/sbin/tini -- /usr/local/bin/jenkins.sh
	ports:
	- name: ui
	containerPort: 8080
	- name: discovery
	containerPort: 50000
	env:
	- name: JAVA_OPTS
	value: '-Xmx1400m -Djenkins.install.runSetupWizard=false'
	- name: CASC_JENKINS_CONFIG
	value: '/var/jenkins_home/casc_config/jenkins.yaml'
	resources:
	limits:
	cpu: 500m
	memory: 1500Mi
	requests:
	cpu: 500m
	memory: 1500Mi
	volumeMounts:
	- name: jenkins-home
	mountPath: '/var/jenkins_home'
	- name: jenkins-conf
	mountPath: '/var/jenkins_home/casc_config/jenkins.yaml'
	subPath: 'jenkins.yaml'
	readOnly: true
	volumes:
	- name: jenkins-home
	persistentVolumeClaim:
	claimName: jenkins-home
	- name: jenkins-conf
	configMap:
	name: jenkins-conf

	---

	kind: Service
	apiVersion: v1
	metadata:
	name: jenkins-master
	namespace: jenkins
	spec:
	selector:
	app: jenkins-master
	ports:
	- name: ui
	protocol: TCP
	port: 8080
	targetPort: 8080
	- name: discovery
	protocol: TCP
	port: 50000
	targetPort: 50000

	---

	kind: Ingress
	apiVersion: extensions/v1beta1
	metadata:
	name: jenkins-ingress
	namespace: jenkins
	annotations:
	kubernetes.io/ingress.class: traefik
	spec:
	rules:
	- host: ''
	http:
	paths:
	- path: /
	backend:
	serviceName: jenkins-master
	servicePort: 8080