Created
February 27, 2019 20:29
-
-
Save blakelead/6695d24b342dea1f22c825385eeb00b0 to your computer and use it in GitHub Desktop.
Kubernetes file for complete Jenkins namespace
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
kind: Namespace | |
apiVersion: v1 | |
metadata: | |
name: jenkins | |
labels: | |
name: jenkins | |
--- | |
kind: ServiceAccount | |
apiVersion: v1 | |
metadata: | |
name: jenkins | |
namespace: jenkins | |
--- | |
kind: Role | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
metadata: | |
name: jenkins | |
namespace: jenkins | |
rules: | |
- apiGroups: [""] | |
resources: ["pods"] | |
verbs: ["create","delete","get","list","patch","update","watch"] | |
- apiGroups: [""] | |
resources: ["pods/exec"] | |
verbs: ["create","delete","get","list","patch","update","watch"] | |
- apiGroups: [""] | |
resources: ["pods/log"] | |
verbs: ["get","list","watch"] | |
- apiGroups: [""] | |
resources: ["secrets"] | |
verbs: ["get"] | |
--- | |
kind: RoleBinding | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
metadata: | |
name: jenkins | |
namespace: jenkins | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: Role | |
name: jenkins | |
subjects: | |
- kind: ServiceAccount | |
name: jenkins | |
--- | |
kind: PersistentVolumeClaim | |
apiVersion: v1 | |
metadata: | |
name: jenkins-home | |
namespace: jenkins | |
spec: | |
accessModes: ['ReadWriteOnce'] | |
resources: | |
requests: | |
storage: 5Gi | |
--- | |
kind: ConfigMap | |
apiVersion: v1 | |
metadata: | |
name: jenkins-conf | |
namespace: jenkins | |
data: | |
jenkins.yaml: | | |
jenkins: | |
systemMessage: "Jenkins configuration by blakelead!\n" | |
numExecutors: 0 | |
slaveAgentPort: 50000 | |
disableRememberMe: false | |
securityRealm: | |
local: | |
allowsSignup: true | |
users: | |
- id: "admin" | |
password: "changeme" | |
authorizationStrategy: | |
projectMatrix: | |
grantedPermissions: | |
- "Overall/Read:authenticated" | |
- "Overall/Administer:admin" | |
primaryView: | |
list: | |
name: "Release" | |
views: | |
- list: | |
name: "Build" | |
includeRegex: ".*-build" | |
columns: [ "status", "jobName", "buildButton", "descriptionColumn", "gitBranchSpecifierColumn", "lastSuccess", "lastFailure", "lastDuration" ] | |
- list: | |
name: "Management" | |
includeRegex: ".*-management" | |
columns: [ "status", "jobName", "buildButton", "descriptionColumn" ] | |
- list: | |
name: "Release" | |
includeRegex: ".*-release" | |
columns: [ "status", "jobName", "buildButton", "descriptionColumn", "gitBranchSpecifierColumn", "lastSuccess", "lastFailure", "lastDuration" ] | |
globalNodeProperties: | |
- envVars: | |
env: | |
- key: "SAMPLE" | |
value: "some_value" | |
clouds: | |
- kubernetes: | |
containerCapStr: "10" | |
jenkinsUrl: "http://jenkins-master.jenkins.svc.cluster.local:8080" | |
maxRequestsPerHostStr: "32" | |
name: "kubernetes" | |
namespace: "jenkins" | |
serverUrl: "https://kubernetes.default.svc.cluster.local" | |
security: | |
remotingCLI: | |
enabled: false | |
credentials: | |
system: | |
domainCredentials: | |
- credentials: | |
- basicSSHUserPrivateKey: | |
id: "git-private-key" | |
username: "jenkins" | |
privateKeySource: | |
directEntry: | |
privateKey: "rsa private key(new lines replaced by new line character)" | |
scope: GLOBAL | |
- azure: | |
id: "azure-service-principal" | |
description: "Azure Service Principal" | |
azureEnvironmentName: "Azure" | |
clientId: "" | |
clientSecret: "" | |
subscriptionId: "" | |
tenant: "" | |
scope: GLOBAL | |
unclassified: | |
location: | |
adminAddress: "" | |
url: "" | |
jobs: | |
- script: > | |
pipelineJob('sample') { | |
displayName('Sample Job') | |
description('Job that retrieve a pipeline script from scm') | |
definition { | |
cpsScm { | |
scm { | |
git{ | |
remote { | |
url('git@github.com:my-name/your-project.git') | |
credentials('git-private-key') | |
} | |
branch('origin/master') | |
extensions { } | |
} | |
} | |
lightweight(true) | |
scriptPath('Jenkinsfile') | |
} | |
} | |
} | |
--- | |
kind: Deployment | |
apiVersion: extensions/v1beta1 | |
metadata: | |
name: jenkins-master | |
namespace: jenkins | |
spec: | |
replicas: 1 | |
template: | |
metadata: | |
labels: | |
app: jenkins-master | |
spec: | |
serviceAccountName: jenkins | |
securityContext: | |
fsGroup: 1000 | |
containers: | |
- name: jenkins-master | |
image: jenkins/jenkins:lts | |
command: ['sh', '-c'] | |
args: | |
- > | |
/usr/local/bin/install-plugins.sh | |
ansicolor | |
antisamy-markup-formatter | |
azure-credentials | |
blueocean | |
build-timeout | |
cloudbees-folder | |
configuration-as-code | |
configuration-as-code-support | |
dashboard-view | |
email-ext | |
extensible-choice-parameter | |
gatling | |
generic-webhook-trigger | |
git-parameter | |
greenballs | |
job-dsl | |
kubernetes | |
mailer | |
monitoring | |
ldap | |
locale | |
role-strategy | |
ssh-agent | |
ssh-slaves | |
timestamper | |
uno-choice | |
view-job-filters | |
workflow-aggregator | |
ws-cleanup && | |
/sbin/tini -- /usr/local/bin/jenkins.sh | |
ports: | |
- name: ui | |
containerPort: 8080 | |
- name: discovery | |
containerPort: 50000 | |
env: | |
- name: JAVA_OPTS | |
value: '-Xmx1400m -Djenkins.install.runSetupWizard=false' | |
- name: CASC_JENKINS_CONFIG | |
value: '/var/jenkins_home/casc_config/jenkins.yaml' | |
resources: | |
limits: | |
cpu: 500m | |
memory: 1500Mi | |
requests: | |
cpu: 500m | |
memory: 1500Mi | |
volumeMounts: | |
- name: jenkins-home | |
mountPath: '/var/jenkins_home' | |
- name: jenkins-conf | |
mountPath: '/var/jenkins_home/casc_config/jenkins.yaml' | |
subPath: 'jenkins.yaml' | |
readOnly: true | |
volumes: | |
- name: jenkins-home | |
persistentVolumeClaim: | |
claimName: jenkins-home | |
- name: jenkins-conf | |
configMap: | |
name: jenkins-conf | |
--- | |
kind: Service | |
apiVersion: v1 | |
metadata: | |
name: jenkins-master | |
namespace: jenkins | |
spec: | |
selector: | |
app: jenkins-master | |
ports: | |
- name: ui | |
protocol: TCP | |
port: 8080 | |
targetPort: 8080 | |
- name: discovery | |
protocol: TCP | |
port: 50000 | |
targetPort: 50000 | |
--- | |
kind: Ingress | |
apiVersion: extensions/v1beta1 | |
metadata: | |
name: jenkins-ingress | |
namespace: jenkins | |
annotations: | |
kubernetes.io/ingress.class: traefik | |
spec: | |
rules: | |
- host: '' | |
http: | |
paths: | |
- path: / | |
backend: | |
serviceName: jenkins-master | |
servicePort: 8080 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment