Skip to content

Instantly share code, notes, and snippets.

@jefrnc

jefrnc/plan.out

Created August 23, 2023 01:06
Show Gist options
  • Save jefrnc/4cd241c8448d63c67743f49a67858a98 to your computer and use it in GitHub Desktop.
Save jefrnc/4cd241c8448d63c67743f49a67858a98 to your computer and use it in GitHub Desktop.
Download ZIP
DOTB-130/upgrade-jenkins
Raw
plan.out
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/actions-runner-controller/gh_app_id
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/actions-runner-controller/gh_client_id
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/actions-runner-controller/gh_private_key
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/actions-runner-controller/gh_webhook_secret_token
Adding repo actions-runner-controller https://actions-runner-controller.github.io/actions-runner-controller
"actions-runner-controller" has been added to your repositories
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/akhq/clientid
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/akhq/googlesecret
Adding repo akhq https://akhq.io/
"akhq" has been added to your repositories
Adding repo aws-ebs-csi-driver https://kubernetes-sigs.github.io/aws-ebs-csi-driver
"aws-ebs-csi-driver" has been added to your repositories
Adding repo eks https://aws.github.io/eks-charts
"eks" has been added to your repositories
Adding repo jetstack https://charts.jetstack.io
"jetstack" has been added to your repositories
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/dependency-track/app/token
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/dependency-track/postgresql/password
Adding repo bitnami https://charts.bitnami.com/bitnami
"bitnami" has been added to your repositories
Adding repo dependencytrack git+ssh://git@github.com/Frubana/devops_charts_dependency-track.git@?sparse=0&ref=v1.0.0
"dependencytrack" has been added to your repositories
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/fider/clientid
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/fider/googlesecret
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/fider/databaseUrl
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/fider/jwtSecret
Adding repo fider git+ssh://git@github.com/Frubana/devops_charts_fider.git@?ref=v1.0.2
"fider" has been added to your repositories
Adding repo fluent https://fluent.github.io/helm-charts
"fluent" has been added to your repositories
Adding repo github-webhook-relay-consumer git+ssh://git@github.com/Frubana/devops_charts_github-webhook-relay-consumer.git@?sparse=0&ref=v1.0.3
"github-webhook-relay-consumer" has been added to your repositories
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/jenkins/frubanadevops_dockerhub_password
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/jenkins/sonarqube-token
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/jenkins/google-auth-clientID
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/jenkins/google-auth-clientSecret
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/jenkins/solr-private-key
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/jenkins/github-token-username
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/jenkins/github-token-token
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/jenkins/github-private-key
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/jenkins/github-webhook-username
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/jenkins/github-webhook-token
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/jenkins/jenkins-api-username
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/jenkins/jenkins-api-key
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/jenkins/frubanadevops_maven_broadleaf_password
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/jenkins/slack-token
Adding repo jenkins https://charts.jenkins.io
"jenkins" has been added to your repositories
Building dependency release=jenkins-alb-addons, chart=../charts/alb-addons
Building dependency release=jenkins-addons, chart=../charts/jenkins-addons
Listing releases matching ^jenkins-alb-addons$
jenkins-alb-addons jenkins 1 2022-10-19 09:23:37.322691 -0300 -03 deployed alb-addons-1.0.0 1.0.0
Listing releases matching ^jenkins$
jenkins jenkins 133 2023-07-26 17:29:31.390983 -0300 -03 deployed jenkins-4.2.13 2.361.3
Listing releases matching ^jenkins-addons$
jenkins-addons jenkins 2 2023-07-26 17:29:17.242052 -0300 -03 deployed jenkins-addons-1.0.0 1.0.0
Comparing release=jenkins-alb-addons, chart=../charts/alb-addons
Comparing release=jenkins-addons, chart=../charts/jenkins-addons
Comparing release=jenkins, chart=jenkins/jenkins
jenkins, jenkins, ConfigMap (v1) has changed:
# Source: jenkins/templates/config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: jenkins
namespace: jenkins
labels:
"app.kubernetes.io/name": 'jenkins'
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
data:
apply_config.sh: |-
set -e
echo "disable Setup Wizard"
# Prevent Setup Wizard when JCasC is enabled
echo $JENKINS_VERSION > /var/jenkins_home/jenkins.install.UpgradeWizard.state
echo $JENKINS_VERSION > /var/jenkins_home/jenkins.install.InstallUtil.lastExecVersion
echo "remove all plugins from shared volume"
# remove all plugins from shared volume
rm -rf /var/jenkins_home/plugins/*
echo "download plugins"
# Install missing plugins
cp /var/jenkins_config/plugins.txt /var/jenkins_home;
rm -rf /usr/share/jenkins/ref/plugins/*.lock
version () { echo "$@" | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }'; }
if [ -f "/usr/share/jenkins/jenkins.war" ] && [ -n "$(command -v jenkins-plugin-cli)" 2>/dev/null ] && [ $(version $(jenkins-plugin-cli --version)) -ge $(version "2.1.1") ]; then
- jenkins-plugin-cli --verbose --war "/usr/share/jenkins/jenkins.war" --plugin-file "/var/jenkins_home/plugins.txt" --latest true;
+ jenkins-plugin-cli --verbose --war "/usr/share/jenkins/jenkins.war" --plugin-file "/var/jenkins_home/plugins.txt" --latest true --latest-specified;
else
/usr/local/bin/install-plugins.sh `echo $(cat /var/jenkins_home/plugins.txt)`;
fi
echo "copy plugins to shared volume"
# Copy plugins to shared volume
yes n | cp -i /usr/share/jenkins/ref/plugins/* /var/jenkins_plugins/;
echo "finished initialization"
plugins.txt: |-
- kubernetes:3734.v562b_b_a_627ea_c
- workflow-aggregator:590.v6a_d052e5a_a_b_5
- git:4.13.0
- configuration-as-code:1569.vb_72405b_80249
- ace-editor:1.1
+ configuration-as-code:1670.v564dc8b_982d0
+ git:5.2.0
+ kubernetes:3995.v227c16b_675ee
+ workflow-aggregator:596.v8c21c963d92d
adoptopenjdk:1.5
- ansible:1.1
- ansicolor:1.0.2
- antisamy-markup-formatter:155.v795fb_8702324
- apache-httpcomponents-client-4-api:4.5.13-138.v4e7d9a_7b_a_e61
- authentication-tokens:1.4
- bootstrap4-api:4.6.0-5
- bootstrap5-api:5.2.1-3
- bouncycastle-api:2.26
- branch-api:2.1046.v0ca_37783ecc5
- build-user-vars-plugin:1.9
- caffeine-api:2.9.3-65.v6a_47d0f4d1fe
- checks-api:1.8.0
- cloudbees-folder:6.740.ve4f4ffa_dea_54
- command-launcher:90.v669d7ccb_7c31
- conditional-buildstep:1.4.2
- config-file-provider:3.11.1
- credentials-binding:523.vd859a_4b_122e6
- credentials:1143.vb_e8b_b_ceee347
- display-url-api:2.3.6
- docker-commons:1.21
- docker-java-api:3.2.13-37.vf3411c9828b9
- docker-plugin:1.2.10
- docker-workflow:528.v7c193a_0b_e67c
- durable-task:501.ve5d4fc08b0be
- echarts-api:5.4.0-1
- email-ext:2.92
- envinject-api:1.199.v3ce31253ed13
- envinject:2.881.v37c62073ff97
- font-awesome-api:6.2.0-3
- git-client:3.13.0
- git-server:1.11
- github-api:1.303-400.v35c2d8258028
- github-branch-source:1696.v3a_7603564d04
- github:1.34.5
- h2-api:1.4.199
- handlebars:3.0.8
- jackson2-api:2.13.4.20221013-295.v8e29ea_354141
- javadoc:226.v71211feb_e7e9
- javax-activation-api:1.2.0-5
- javax-mail-api:1.6.2-8
- jaxb:2.3.7-1
- jdk-tool:63.v62d2fd4b_4793
- job-dsl:1.81
- jquery-detached:1.2.1
- jquery3-api:3.6.1-2
- jsch:0.1.55.61.va_e9ee26616e7
- junit:1156.vcf492e95a_a_b_0
- kubernetes-client-api:5.12.2-193.v26a_6078f65a_9
- kubernetes-credentials:0.9.0
- lockable-resources:2.18
- matrix-auth:3.1.5
- matrix-project:772.v494f19991984
- maven-plugin:3.20
- metrics:4.2.10-389.v93143621b_050
- momentjs:1.1.1
- parameter-separator:1.3
- parameterized-trigger:2.45
- pipeline-build-step:2.18
- pipeline-github-lib:38.v445716ea_edda_
- pipeline-github:2.8-138.d766e30bb08b
- pipeline-graph-analysis:195.v5812d95a_a_2f9
- pipeline-groovy-lib:593.va_a_fc25d520e9
- pipeline-input-step:456.vd8a_957db_5b_e9
- pipeline-maven:1205.vceea_7b_972817
- pipeline-milestone-step:101.vd572fef9d926
- pipeline-model-api:2.2118.v31fd5b_9944b_5
- pipeline-model-definition:2.2118.v31fd5b_9944b_5
- pipeline-model-extensions:2.2118.v31fd5b_9944b_5
- pipeline-rest-api:2.27
- pipeline-stage-step:296.v5f6908f017a_5
- pipeline-stage-tags-metadata:2.2118.v31fd5b_9944b_5
- pipeline-stage-view:2.27
- pipeline-utility-steps:2.13.1
- plain-credentials:139.ved2b_9cf7587b
- plugin-util-api:2.18.0
- popper-api:1.16.1-3
- popper2-api:2.11.6-2
- role-strategy:562.v44e9a_e828d0e
- run-condition:1.5
- saml:2.333.vc81e525974a_c
- scm-api:621.vda_a_b_055e58f7
- script-security:1189.vb_a_b_7c8fd5fde
- slack:629.vf00ea_cb_40d53
- snakeyaml-api:1.32-86.ve3f030a_75631
- sonar:2.14
- strict-crumb-issuer:2.1.0
- structs:324.va_f5d6774f3a_d
- timestamper:1.20
- token-macro:308.v4f2b_ed62b_b_16
- variant:59.vf075fe829ccb
- windows-slaves:1.8.1
- workflow-api:1200.v8005c684b_a_c6
- workflow-basic-steps:994.vd57e3ca_46d24
- workflow-cps-global-lib:588.v576c103a_ff86
- workflow-cps:3520.va_8fc49e2f96f
- workflow-durable-task-step:1210.va_1e5d77e122b
- workflow-job:1207.ve6191ff089f8
- workflow-multibranch:716.vc692a_e52371b_
- workflow-scm-step:400.v6b_89a_1317c9a_
- workflow-step-api:639.v6eca_cd8c04a_a_
- workflow-support:839.v35e2736cfd5c
- ws-cleanup:0.43
+ ansible:253.v4fe719ffdd8a_
+ ansicolor:1.0.3
+ antisamy-markup-formatter:162.v0e6ec0fcfcf6
+ authentication-tokens:1.53.v1c90fd9191a_b_
+ bootstrap5-api:5.3.0-1
+ branch-api:2.1122.v09cb_8ea_8a_724
+ caffeine-api:3.1.8-133.v17b_1ff2e0599
+ cloudbees-folder:6.848.ve3b_fd7839a_81
+ command-launcher:107.v773860566e2e
+ commons-text-api:1.10.0-68.v0d0b_c439292b_
+ config-file-provider:953.v0432a_802e4d2
+ credentials-binding:631.v861c06d062b_4
+ display-url-api:2.3.9
+ durable-task:523.va_a_22cf15d5e0
+ echarts-api:5.4.0-5
+ font-awesome-api:6.4.0-2
+ git-client:4.4.0
+ github:1.37.3
+ github-api:1.314-431.v78d72a_3fe4c3
+ github-branch-source:1732.v3f1889a_c475b_
+ h2-api:11.1.4.199-12.v9f4244395f7a_
+ hashicorp-vault-plugin:360.v0a_1c04cf807d
+ javadoc:243.vb_b_503b_b_45537
+ javax-mail-api:1.6.2-9
+ jdk-tool:73.vddf737284550
+ jquery3-api:3.7.0-1
+ junit:1217.v4297208a_a_b_ce
+ mailer:463.vedf8358e006b_
+ matrix-auth:3.1.10
+ matrix-project:808.v5a_b_5f56d6966
+ maven-plugin:3.23
+ metrics:4.2.18-442.v02e107157925
+ parameter-separator:87.va_1816d0b_39d1
+ pipeline-build-step:505.v5f0844d8d126
+ pipeline-groovy-lib:671.v07c339c842e8
+ pipeline-input-step:477.v339683a_8d55e
+ pipeline-maven:1322.v9ef317a_3e0a_9
+ pipeline-milestone-step:111.v449306f708b_7
+ pipeline-model-definition:2.2144.v077a_d1928a_40
+ pipeline-model-extensions:2.2144.v077a_d1928a_40
+ pipeline-stage-view:2.33
+ pipeline-utility-steps:2.16.0
+ plugin-util-api:3.3.0
+ resource-disposer:0.23
+ role-strategy:680.v3a_6a_1698b_864
+ saml:4.429.v9a_781a_61f1da_
+ script-security:1269.v639888f5e366
+ slack:684.v833089650554
+ sonar:2.15
+ ssh-credentials:308.ve4497b_ccd8f4
+ sshd:3.312.v1c601b_c83b_0e
+ strict-crumb-issuer:2.1.1
+ structs:325.vcb_307d2a_2782
+ token-macro:384.vf35b_f26814ec
+ workflow-api:1259.vb_47f14fffc8a_
+ workflow-basic-steps:1042.ve7b_140c4a_e0c
+ workflow-cps:3769.v8b_e595e4d40d
+ workflow-durable-task-step:1284.v4fcd365b_75b_e
+ workflow-job:1326.ve643e00e9220
+ workflow-multibranch:756.v891d88f2cd46
+ workflow-support:848.v5a_383b_d14921
+ ws-cleanup:0.45
jenkins, jenkins, Ingress (networking.k8s.io) has changed:
# Source: jenkins/templates/jenkins-controller-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: jenkins
labels:
"app.kubernetes.io/name": 'jenkins'
- "helm.sh/chart": "jenkins-4.2.13"
+ "helm.sh/chart": "jenkins-4.5.0"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
annotations:
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig":
{ "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/auth-idp-oidc: '{"issuer":"https://accounts.google.com","authorizationEndpoint":"https://accounts.google.com/o/oauth2/v2/auth","tokenEndpoint":"https://www.googleapis.com/oauth2/v4/token","userInfoEndpoint":"https://www.googleapis.com/oauth2/v3/userinfo","secretName":"jenkins-google-auth"}'
alb.ingress.kubernetes.io/auth-on-unauthenticated-request: authenticate
alb.ingress.kubernetes.io/auth-scope: openid
alb.ingress.kubernetes.io/auth-session-cookie: AWSELBAuthSessionCookie
alb.ingress.kubernetes.io/auth-session-timeout: "36000"
alb.ingress.kubernetes.io/auth-type: oidc
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:124378474992:certificate/cca9e69e-d43f-4b4e-bc23-6c35bc9bcfd1
alb.ingress.kubernetes.io/group.name: jenkins-controller
alb.ingress.kubernetes.io/group.order: "1"
alb.ingress.kubernetes.io/healthcheck-path: /login
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80},{"HTTPS":443}]'
alb.ingress.kubernetes.io/load-balancer-name: 695f35a-jenkins
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/ssl-redirect: "443"
alb.ingress.kubernetes.io/tags: frubana:cost:vertical=devops
alb.ingress.kubernetes.io/target-type: ip
kubernetes.io/ingress.class: alb
name: jenkins
spec:
rules:
- http:
paths:
- backend:
service:
name: ssl-redirect
port:
name: use-annotation
path: /*
pathType: ImplementationSpecific
- backend:
service:
name: jenkins
port:
number: 8080
path: /*
pathType: ImplementationSpecific
host: "jenkins.devops-services.frubana.com"
jenkins, jenkins, Secret (v1) has changed:
# Source: jenkins/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
labels:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: jenkins
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: jenkins
- helm.sh/chart: jenkins-4.2.13
+ helm.sh/chart: jenkins-4.5.0
name: jenkins
namespace: jenkins
data:
- jenkins-admin-password: '-------- # (22 bytes)'
+ jenkins-admin-password: '++++++++ # (22 bytes)'
jenkins-admin-user: 'REDACTED # (5 bytes)'
type: Opaque
jenkins, jenkins, Service (v1) has changed:
# Source: jenkins/templates/jenkins-controller-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: jenkins
namespace: jenkins
labels:
"app.kubernetes.io/name": 'jenkins'
- "helm.sh/chart": "jenkins-4.2.13"
+ "helm.sh/chart": "jenkins-4.5.0"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
spec:
ports:
- port: 8080
name: http
targetPort: 8080
selector:
"app.kubernetes.io/component": "jenkins-controller"
"app.kubernetes.io/instance": "jenkins"
type: ClusterIP
jenkins, jenkins, ServiceAccount (v1) has changed:
# Source: jenkins/templates/service-account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
namespace: jenkins
labels:
"app.kubernetes.io/name": 'jenkins'
- "helm.sh/chart": "jenkins-4.2.13"
+ "helm.sh/chart": "jenkins-4.5.0"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
jenkins, jenkins, StatefulSet (apps) has changed:
# Source: jenkins/templates/jenkins-controller-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: jenkins
namespace: jenkins
labels:
"app.kubernetes.io/name": 'jenkins'
- "helm.sh/chart": "jenkins-4.2.13"
+ "helm.sh/chart": "jenkins-4.5.0"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
spec:
serviceName: jenkins
replicas: 1
selector:
matchLabels:
"app.kubernetes.io/component": "jenkins-controller"
"app.kubernetes.io/instance": "jenkins"
template:
metadata:
labels:
"app.kubernetes.io/name": 'jenkins'
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
annotations:
- checksum/config: b6672f62a491e069d9875e02b1199e49a87849e2d149ed9fe4343b6167a29bb7
+ checksum/config: 2ccc4e7e7ff599819eec2fed24b5ebfec86ec85f959a336454ad1ee75f3bf74c
spec:
nodeSelector:
intent: cicd
tolerations:
- key: cicd
operator: Exists
securityContext:
runAsUser: 1000
fsGroup: 1000
runAsNonRoot: true
serviceAccountName: "jenkins"
initContainers:
- name: "init"
- image: "jenkins/jenkins:2.361.3-jdk11"
+ image: "jenkins/jenkins:2.401.3-jdk11"
imagePullPolicy: "Always"
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsUser: 1000
command: [ "sh", "/var/jenkins_config/apply_config.sh" ]
resources:
limits:
cpu: 2000m
memory: 4096Mi
requests:
cpu: 50m
memory: 256Mi
volumeMounts:
- mountPath: /var/jenkins_home
name: jenkins-home
- mountPath: /var/jenkins_config
name: jenkins-config
- mountPath: /usr/share/jenkins/ref/plugins
name: plugins
- mountPath: /var/jenkins_plugins
name: plugin-dir
- mountPath: /tmp
name: tmp-volume
containers:
- name: jenkins
- image: "jenkins/jenkins:2.361.3-jdk11"
+ image: "jenkins/jenkins:2.401.3-jdk11"
imagePullPolicy: "Always"
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsUser: 1000
args: [ "--httpPort=8080"]
env:
- name: SECRETS
value: /run/secrets/additional
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: JAVA_OPTS
value: >-
-Dcasc.reload.token=$(POD_NAME)
- name: JENKINS_OPTS
value: >-
--webroot=/var/jenkins_cache/war
- name: JENKINS_SLAVE_AGENT_PORT
value: "50000"
+
- name: CASC_JENKINS_CONFIG
value: /var/jenkins_home/casc_configs
ports:
- containerPort: 8080
name: http
- containerPort: 50000
name: agent-listener
startupProbe:
failureThreshold: 12
httpGet:
path: '/login'
port: http
periodSeconds: 10
timeoutSeconds: 5
livenessProbe:
failureThreshold: 5
httpGet:
path: '/login'
port: http
periodSeconds: 10
timeoutSeconds: 5
readinessProbe:
failureThreshold: 3
httpGet:
path: '/login'
port: http
periodSeconds: 10
timeoutSeconds: 5
resources:
limits:
cpu: 2000m
memory: 4096Mi
requests:
cpu: 50m
memory: 256Mi
volumeMounts:
- mountPath: /var/jenkins_home
name: jenkins-home
readOnly: false
- mountPath: /var/jenkins_config
name: jenkins-config
readOnly: true
- mountPath: /usr/share/jenkins/ref/plugins/
name: plugin-dir
readOnly: false
- name: sc-config-volume
mountPath: /var/jenkins_home/casc_configs
- name: jenkins-secrets
mountPath: /run/secrets/additional
readOnly: true
- name: jenkins-cache
mountPath: /var/jenkins_cache
- mountPath: /tmp
name: tmp-volume
- name: config-reload
- image: "kiwigrid/k8s-sidecar:1.15.0"
+ image: "kiwigrid/k8s-sidecar:1.24.4"
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: LABEL
value: "jenkins-jenkins-config"
- name: FOLDER
value: "/var/jenkins_home/casc_configs"
- name: NAMESPACE
value: 'jenkins'
- name: REQ_URL
value: "http://localhost:8080/reload-configuration-as-code/?casc-reload-token=$(POD_NAME)"
- name: REQ_METHOD
value: "POST"
- name: REQ_RETRY_CONNECT
value: "10"
resources:
{}
volumeMounts:
- name: sc-config-volume
mountPath: "/var/jenkins_home/casc_configs"
- name: jenkins-home
mountPath: /var/jenkins_home
volumes:
- name: plugins
emptyDir: {}
- name: jenkins-config
configMap:
name: jenkins
- name: plugin-dir
emptyDir: {}
- name: jenkins-secrets
projected:
sources:
- secret:
name: jenkins
items:
- key: jenkins-admin-user
path: chart-admin-username
- key: jenkins-admin-password
path: chart-admin-password
- name: jenkins-cache
emptyDir: {}
- name: jenkins-home
persistentVolumeClaim:
claimName: jenkins-controller-claim
- name: sc-config-volume
emptyDir: {}
- name: tmp-volume
emptyDir: {}
jenkins, jenkins-agent, Service (v1) has changed:
# Source: jenkins/templates/jenkins-agent-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: jenkins-agent
namespace: jenkins
labels:
"app.kubernetes.io/name": 'jenkins'
- "helm.sh/chart": "jenkins-4.2.13"
+ "helm.sh/chart": "jenkins-4.5.0"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
spec:
ports:
- port: 50000
targetPort: 50000
name: agent-listener
selector:
"app.kubernetes.io/component": "jenkins-controller"
"app.kubernetes.io/instance": "jenkins"
type: ClusterIP
jenkins, jenkins-casc-reload, Role (rbac.authorization.k8s.io) has changed:
# Source: jenkins/templates/rbac.yaml
# The sidecar container which is responsible for reloading configuration changes
# needs permissions to watch ConfigMaps
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: jenkins-casc-reload
namespace: jenkins
labels:
"app.kubernetes.io/name": 'jenkins'
- "helm.sh/chart": "jenkins-4.2.13"
+ "helm.sh/chart": "jenkins-4.5.0"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
rules:
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "watch", "list"]
jenkins, jenkins-jenkins-config-authorization-config, ConfigMap (v1) has changed:
# Source: jenkins/templates/jcasc-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: "jenkins-jenkins-config-authorization-config"
namespace: jenkins
labels:
"app.kubernetes.io/name": jenkins
- "helm.sh/chart": "jenkins-4.2.13"
+ "helm.sh/chart": "jenkins-4.5.0"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
jenkins-jenkins-config: "true"
data:
authorization-config.yaml: |-
jenkins:
+ #https://issues.jenkins.io/browse/JENKINS-71612
authorizationStrategy:
roleBased:
+ permissionTemplates:
+ - name: "Build"
+ permissions:
+ - "Job/Cancel"
+ - "Job/Build"
+ - "SCM/Tag"
+ - "Job/Workspace"
+ - "Metrics/View"
+ - "Run/Replay"
+
roles:
global:
- - name: "Administrators"
- permissions:
- - "Overall/Administer"
- assignments:
- - "admin"
- - name: 'Devops'
- assignments:
- - 'team-devops@jenkins'
- permissions:
- - "Overall/Administer"
- - name: "Anonymous"
- assignments:
- - "GROUP:anonymous"
- - name: "Authenticated"
- assignments:
- - "team-finance@jenkins"
- - "team-growth@jenkins"
- - "team-operations@jenkins"
- - "team-procurement@jenkins"
- - "team-quality@jenkins"
- - "team-data@jenkins"
- - "team-devops@jenkins"
- - "team-rnd@jenkins"
- - "team-prototype@jenkins"
- permissions:
- - "Overall/Read"
- - "Job/Read"
- - "Job/Workspace"
- - "Job/ViewStatus"
- - "View/Read"
+ - entries:
+ - group: "team-data@jenkins"
+ name: "team-data@jenkins"
+ pattern: ".*"
+ permissions:
+ - "Overall/Read"
+ - "Job/Discover"
+ - "Job/Read"
+ - "View/Read"
+ - entries:
+ - group: "team-devops@jenkins"
+ name: "team-devops@jenkins"
+ pattern: ".*"
+ permissions:
+ - "Overall/Administer"
+ - entries:
+ - group: "team-finance@jenkins"
+ name: "team-finance@jenkins"
+ pattern: ".*"
+ permissions:
+ - "Overall/Read"
+ - "Job/Discover"
+ - "Job/Read"
+ - "View/Read"
+ - entries:
+ - group: "team-growth@jenkins"
+ name: "team-growth@jenkins"
+ pattern: ".*"
+ permissions:
+ - "Overall/Read"
+ - "Job/Discover"
+ - "Job/Read"
+ - "View/Read"
+ - entries:
+ - group: "team-operations@jenkins"
+ name: "team-operations@jenkins"
+ pattern: ".*"
+ permissions:
+ - "Overall/Read"
+ - "Job/Discover"
+ - "Job/Read"
+ - "View/Read"
+ - entries:
+ - group: "team-procurement@jenkins"
+ name: "team-procurement@jenkins"
+ pattern: ".*"
+ permissions:
+ - "Overall/Read"
+ - entries:
+ - group: "team-prototype@jenkins"
+ name: "team-prototype@jenkins"
+ pattern: ".*"
+ permissions:
+ - "Overall/Read"
+ - "Job/Discover"
+ - "Job/Read"
+ - "View/Read"
+ - entries:
+ - group: "team-quality@jenkins"
+ name: "team-quality@jenkins"
+ pattern: ".*"
+ permissions:
+ - "Overall/Read"
+ - "Job/Discover"
+ - "Job/Read"
+ - "View/Read"
+ - entries:
+ - group: "team-rnd@jenkins"
+ name: "team-rnd@jenkins"
+ pattern: ".*"
+ permissions:
+ - "Overall/Read"
+ - "Job/Discover"
+ - "Job/Read"
+ - "View/Read"
items:
- - name: "PrototypeTeam"
- description: "Prototype Team"
- pattern: "^(artifact|microservice|static|sidecar|airflow)_prototype_.*$|^.*-all-verticals.*$"
- assignments:
- - "team-prototype@jenkins"
- permissions:
- - "Job/Build"
- - "Job/Cancel"
- - "Job/Discover"
- - "Job/Read"
- - "Run/Replay"
- - "SCM/Tag"
- - "Metrics/View"
- - name: "FinanceTeam"
- description: "Finance Team"
- pattern: "^(artifact|microservice|static|sidecar|airflow)_finance_.*$|^.*-all-verticals.*$"
- assignments:
- - "team-finance@jenkins"
- permissions:
- - "Job/Build"
- - "Job/Cancel"
- - "Job/Discover"
- - "Job/Read"
- - "Run/Replay"
- - "SCM/Tag"
- - "Metrics/View"
- - name: "GrowthTeam"
- description: "Growth Team"
- pattern: "^(artifact|microservice|static|sidecar|airflow)_growth-.*$|^(artifact|microservice|static|sidecar|airflow)_growth_.*$|^.*-all-verticals.*$"
- assignments:
- - "team-growth@jenkins"
- permissions:
- - "Job/Build"
- - "Job/Cancel"
- - "Job/Discover"
- - "Job/Read"
- - "Run/Replay"
- - "SCM/Tag"
- - "Metrics/View"
- - name: "OperationsTeam"
- description: "Operations Team"
- pattern: "^(artifact|microservice|static|sidecar|airflow)_ops-.*$|^(artifact|microservice|static|sidecar|airflow)_(logistics|operations|warehouse|sourcing)_.*$|^.*-all-verticals.*$"
- assignments:
- - "team-operations@jenkins"
- permissions:
- - "Job/Build"
- - "Job/Cancel"
- - "Job/Discover"
- - "Job/Read"
- - "Run/Replay"
- - "SCM/Tag"
- - "Metrics/View"
- - name: "ProcurementTeam"
- description: "Procurement Team"
- pattern: "^(artifact|microservice|static|sidecar|airflow)_procurement_.*$|^(artifact|microservice|static|sidecar|airflow)_pr-.*|^.*-all-verticals.*$"
- assignments:
- - "team-procurement@jenkins"
- permissions:
- - "Job/Build"
- - "Job/Cancel"
- - "Job/Discover"
- - "Job/Read"
- - "Run/Replay"
- - "SCM/Tag"
- - "Metrics/View"
- - name: "QATeam"
- description: "QA Team"
- pattern: "^(artifact|microservice|static|sidecar|airflow)_qa-.*$"
- assignments:
- - "team-quality@jenkins"
- permissions:
- - "Job/Build"
- - "Job/Cancel"
- - "Job/Discover"
- - "Job/Read"
- - "Run/Replay"
- - "SCM/Tag"
- - "Metrics/View"
- - name: "RndTeam"
- description: "Rnd Team"
- pattern: "^(artifact|microservice|static|sidecar|airflow)_rnd-.*$|^(artifact|microservice|static|sidecar|airflow)_rnd_.*$|^.*-all-verticals.*$"
- assignments:
- - "team-rnd@jenkins"
- permissions:
- - "Job/Build"
- - "Job/Cancel"
- - "Job/Discover"
- - "Job/Read"
- - "Run/Replay"
- - "SCM/Tag"
- - "Metrics/View"
- - name: "DataTeam"
- description: "Data Team"
- pattern: "^.*data.*$|^.*-all-verticals.*$"
- assignments:
- - "team-data@jenkins"
- permissions:
- - "Job/Build"
- - "Job/Cancel"
- - "Job/Discover"
- - "Job/Read"
- - "Run/Replay"
- - "SCM/Tag"
- - "Metrics/View"
- - name: "DevopsTeam"
- description: "Devops Team"
- pattern: "^.*devops.*$|^.*-all-verticals.*$"
- assignments:
- - "team-devops@jenkins"
- permissions:
- - "Job/Build"
- - "Job/Cancel"
- - "Job/Discover"
- - "Job/Read"
- - "Run/Replay"
- - "SCM/Tag"
- - "Metrics/View"
+ - entries:
+ - group: "team-data@jenkins"
+ name: "Data"
+ pattern: "^.*data.*$|^.*-all-verticals.*$"
+ templateName: "Build"
+ - entries:
+ - group: "team-finance@jenkins"
+ name: "Finance"
+ pattern: "^(artifact|microservice|static|sidecar|airflow)_finance_.*$|^.*-all-verticals.*$"
+ templateName: "Build"
+ - entries:
+ - group: "team-growth@jenkins"
+ name: "Growth"
+ pattern: "^(artifact|microservice|static|sidecar|airflow)_growth-.*$|^(artifact|microservice|static|sidecar|airflow)_growth_.*$|^.*-all-verticals.*$"
+ templateName: "Build"
+ - entries:
+ - group: "team-operations@jenkins"
+ name: "Operations"
+ pattern: "^(artifact|microservice|static|sidecar|airflow)_ops-.*$|^(artifact|microservice|static|sidecar|airflow)_(logistics|operations|warehouse|sourcing)_.*$|^.*-all-verticals.*$"
+ templateName: "Build"
+ - entries:
+ - group: "team-procurement@jenkins"
+ name: "Procurement"
+ pattern: "^(artifact|microservice|static|sidecar|airflow)_procurement_.*$|^(artifact|microservice|static|sidecar|airflow)_pr-.*|^.*-all-verticals.*$"
+ templateName: "Build"
+ - entries:
+ - group: "team-prototype@jenkins"
+ name: "Prototype"
+ pattern: "^(artifact|microservice|static|sidecar|airflow)_prototype_.*$|^.*-all-verticals.*$"
+ templateName: "Build"
+ - entries:
+ - group: "team-quality@jenkins"
+ name: "QA"
+ pattern: "^(artifact|microservice|static|sidecar|airflow)_qa-.*$"
+ templateName: "Build"
+ - name: "Rnd"
+ pattern: "^(artifact|microservice|static|sidecar|airflow)_rnd-.*$|^(artifact|microservice|static|sidecar|airflow)_rnd_.*$|^.*-all-verticals.*$"
+ templateName: "Build"
jenkins, jenkins-jenkins-config-jenkins-casc-unclassified, ConfigMap (v1) has changed:
# Source: jenkins/templates/jcasc-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: "jenkins-jenkins-config-jenkins-casc-unclassified"
namespace: jenkins
labels:
"app.kubernetes.io/name": jenkins
- "helm.sh/chart": "jenkins-4.2.13"
+ "helm.sh/chart": "jenkins-4.5.0"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
jenkins-jenkins-config: "true"
data:
jenkins-casc-unclassified.yaml: |-
unclassified:
slackNotifier:
teamDomain: "frubana"
tokenCredentialId: slack-token
room: "#jenkins_eks_builds"
globalLibraries:
libraries:
- defaultVersion: master
name: pipeline-libs
implicit: true
retriever:
modernSCM:
scm:
git:
remote: git@github.com:Frubana/devops_tools_jenkins_library.git
credentialsId: "github-key"
sonarGlobalConfiguration:
buildWrapperEnabled: false
installations:
- credentialsId: "sonarqube-token"
name: "sonarqube"
serverUrl: "http://sonarqube-sonarqube.sonarqube.svc.cluster.local:9000"
triggers:
skipScmCause: false
skipUpstreamCause: false
jenkins, jenkins-jenkins-config-security-config, ConfigMap (v1) has changed:
# Source: jenkins/templates/jcasc-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: "jenkins-jenkins-config-security-config"
namespace: jenkins
labels:
"app.kubernetes.io/name": jenkins
- "helm.sh/chart": "jenkins-4.2.13"
+ "helm.sh/chart": "jenkins-4.5.0"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
jenkins-jenkins-config: "true"
data:
security-config.yaml: |-
credentials:
system:
domainCredentials:
- credentials:
- basicSSHUserPrivateKey:
id: solr-key
username: git
scope: GLOBAL
description: solr-ssh-privatekey
privateKeySource:
directEntry:
privateKey: ""
- basicSSHUserPrivateKey:
id: github-key
username: git
scope: GLOBAL
description: github-key
privateKeySource:
directEntry:
privateKey: ""
- usernamePassword:
id: dockerhub
username: "***"
password: "***"
scope: GLOBAL
description: Dockerhub Frubana Account
- usernamePassword:
id: maven-broadleaf
username: "***"
password: "***"
scope: GLOBAL
description: Broadleaf Maven repo auth
- string:
description: "sonarqube-token"
id: "sonarqube-token"
scope: GLOBAL
secret: "***"
- string:
description: "Slack token"
id: "slack-token"
scope: GLOBAL
secret: "n8kSNzmmPn1Q7FQSyPGaWexh"
- usernamePassword:
id: "jenkins-api"
username: "***"
password: "***"
scope: GLOBAL
description: jenkins-api integration
- usernamePassword:
id: "github-token"
username: "***"
password: "***"
scope: GLOBAL
description: github integration
- string:
description: "github webhooks"
id: "***"
scope: GLOBAL
secret: "***"
jenkins, jenkins-jenkins-config-tools-config, ConfigMap (v1) has changed:
# Source: jenkins/templates/jcasc-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: "jenkins-jenkins-config-tools-config"
namespace: jenkins
labels:
"app.kubernetes.io/name": jenkins
- "helm.sh/chart": "jenkins-4.2.13"
+ "helm.sh/chart": "jenkins-4.5.0"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
jenkins-jenkins-config: "true"
data:
tools-config.yaml: |-
tool:
git:
installations:
- name: Default
home: /usr/bin/git
maven:
installations:
- name: "maven-3.0"
properties:
- installSource:
installers:
- maven:
id: "3.0.2"
- name: "maven-3.1"
properties:
- installSource:
installers:
- maven:
id: "3.1.1"
- name: "maven-3.8"
properties:
- installSource:
installers:
- maven:
id: "3.8.4"
jdk:
installations:
- name: jdk-8
properties:
- installSource:
installers:
- jdkInstaller:
id: "jdk-8u221-oth-JPR"
acceptLicense: true
- name: jdk-9
properties:
- installSource:
installers:
- jdkInstaller:
id: "jdk-9.0.4-oth-JPR"
acceptLicense: true
- name: jdk-10
properties:
- installSource:
installers:
- adoptOpenJdkInstaller:
id: "jdk-10.0.2+13_openj9-0.9.0"
- name: jdk-11
properties:
- installSource:
installers:
- adoptOpenJdkInstaller:
id: "jdk-11+28"
sonarRunnerInstallation:
installations:
- name: "sonarqube"
properties:
- installSource:
installers:
- sonarRunnerInstaller:
id: "4.7.0.2747"
jenkins, jenkins-jenkins-config-welcome-message, ConfigMap (v1) has changed:
# Source: jenkins/templates/jcasc-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: "jenkins-jenkins-config-welcome-message"
namespace: jenkins
labels:
"app.kubernetes.io/name": jenkins
- "helm.sh/chart": "jenkins-4.2.13"
+ "helm.sh/chart": "jenkins-4.5.0"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
jenkins-jenkins-config: "true"
data:
welcome-message.yaml: |-
jenkins:
systemMessage: Frubana Jenkins
jenkins, jenkins-jenkins-jcasc-config, ConfigMap (v1) has changed:
# Source: jenkins/templates/jcasc-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: "jenkins-jenkins-jcasc-config"
namespace: jenkins
labels:
"app.kubernetes.io/name": jenkins
- "helm.sh/chart": "jenkins-4.2.13"
+ "helm.sh/chart": "jenkins-4.5.0"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
jenkins-jenkins-config: "true"
data:
jcasc-default-config.yaml: |-
jenkins:
securityRealm:
## Auth0 Config
saml:
idpMetadataConfiguration:
period: 5
url: "https://frubana.auth0.com/samlp/metadata/v6OgFoVF3J1HgyYodz6khr5p7yInmn6A"
displayNameAttributeName: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
groupsAttributeName: "http://schemas.xmlsoap.org/claims/Group"
maximumAuthenticationLifetime: 86400
usernameAttributeName: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
emailAttributeName: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
usernameCaseConversion: "none"
binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
logoutUrl: 'https://frubana.auth0.com/v2/logout?client_id=v6OgFoVF3J1HgyYodz6khr5p7yInmn6A&returnTo=https://jenkins.devops-services.frubana.com/'
disableRememberMe: false
mode: NORMAL
numExecutors: 0
labelString: ""
projectNamingStrategy: "standard"
markupFormatter:
rawHtml:
disableSyntaxHighlighting: true
clouds:
- kubernetes:
containerCapStr: "25"
defaultsProviderTemplate: ""
connectTimeout: "5"
readTimeout: "5"
jenkinsUrl: "http://jenkins.jenkins.svc.cluster.local:8080"
jenkinsTunnel: "jenkins-agent.jenkins.svc.cluster.local:50000"
maxRequestsPerHostStr: "32"
name: "kubernetes"
namespace: "jenkins"
serverUrl: "https://kubernetes.default"
podLabels:
- key: "jenkins/jenkins-agent-default"
value: "true"
templates:
- name: "jenkins-agent-default"
namespace: "jenkins"
- id: ec9f4606e30f482c29a7bafc07b3715daf0c57a398cd8c01a0c3468315191f53
+ id: 2be431c386eb3f438fee4c6542a2711e85cab0ff82be488efa93f7c0c075a2de
containers:
- name: "jnlp"
alwaysPullImage: false
args: "^${computer.jnlpmac} ^${computer.name}"
command:
envVars:
- envVar:
key: "JENKINS_URL"
value: "http://jenkins.jenkins.svc.cluster.local:8080/"
- image: "jenkins/inbound-agent:4.11.2-4"
+ image: "jenkins/inbound-agent:3107.v665000b_51092-15"
privileged: "false"
resourceLimitCpu: 512m
resourceLimitMemory: 512Mi
resourceRequestCpu: 512m
resourceRequestMemory: 512Mi
runAsUser:
runAsGroup:
ttyEnabled: true
workingDir: /home/jenkins/agent
idleMinutes: 1
instanceCap: 2147483647
label: "jenkins-agent-default "
nodeUsageMode: "NORMAL"
podRetention: Never
showRawYaml: true
serviceAccount: "default"
slaveConnectTimeoutStr: "100"
yaml: |-
apiVersion: v1
kind: Pod
spec:
tolerations:
- key: cicd-agent
operator: Exists
nodeSelector:
intent: cicd-agent
yamlMergeStrategy: override
- name: jenkins-agent-data-rds-snapshot
label: jenkins-agent-data-rds-snapshot
inheritFrom: jenkins-agent-default
serviceAccount: jenkins-agent-data-rds-snapshot
showRawYaml: false
namespace: jenkins
nodeUsageMode: EXCLUSIVE
yaml: |-
apiVersion: v1
kind: Pod
spec:
tolerations:
- key: cicd-agent-qa
operator: Exists
nodeSelector:
intent: cicd-agent-qa
containers:
- name: jnlp
image: "jenkins/inbound-agent:4.10-3"
alwaysPullImage: true
workingDir: ""
command: ""
args: ""
- name: python310
image: "124378474992.dkr.ecr.us-east-1.amazonaws.com/python:310-git"
alwaysPullImage: true
workingDir: ""
- command: "sleep"
- args: "600"
+ command: "cat"
+ args: ""
- name: jenkins-agent-federate-dev
label: jenkins-agent-federate-dev
inheritFrom: jenkins-agent-default
serviceAccount: jenkins-agent-federate-dev
showRawYaml: false
namespace: jenkins
nodeUsageMode: EXCLUSIVE
yaml: |-
apiVersion: v1
kind: Pod
spec:
tolerations:
- key: cicd-agent-dev
operator: Exists
nodeSelector:
intent: cicd-agent-dev
containers:
- name: jnlp
image: "jenkins/inbound-agent:4.10-3"
alwaysPullImage: true
workingDir: ""
command: ""
args: ""
- name: ansible
image: "124378474992.dkr.ecr.us-east-1.amazonaws.com/ansible:2.7-frubana-2"
alwaysPullImage: true
workingDir: ""
command: "cat"
args: ""
ttyEnabled: yes
envVars:
- envVar:
key: "ANSIBLE_HOSTS_FILE"
value: "./environments/federate-dev/hosts"
- envVar:
key: "DOCKER_REGISTRY_URL"
value: "https://index.docker.io/v1/"
- envVar:
key: "DOCKER_CREDENTIAL_ID"
value: "docker-registry"
- envVar:
key: "DOCKER_HOST"
value: "tcp://localhost:2375"
- name: dind
image: "docker:20.10.12-dind"
alwaysPullImage: true
workingDir: ""
command: ""
args: ""
privileged: true
envVars:
- envVar:
key: "DOCKER_TLS_CERTDIR"
value: ""
volumes:
- emptyDirVolume:
mountPath: /var/lib/docker
memory: false
+
+ - name: jenkins-agent-federate-dev-openjdk11
+ label: jenkins-agent-federate-dev-openjdk11
+ inheritFrom: jenkins-agent-federate-dev
+ serviceAccount: jenkins-agent-federate-dev
+ yamlMergeStrategy: merge
+ namespace: jenkins
+ nodeUsageMode: EXCLUSIVE
+ containers:
+ - name: openjdk
+ image: "openjdk:11-jdk"
+ alwaysPullImage: true
+ workingDir: ""
+ command: "cat"
+ args: ""
+ ttyEnabled: true
+
+ - name: jenkins-agent-federate-dev-python
+ label: jenkins-agent-federate-dev-python
+ inheritFrom: jenkins-agent-federate-dev
+ serviceAccount: jenkins-agent-federate-dev
+ showRawYaml: false
+ namespace: jenkins
+ yamlMergeStrategy: merge
+ nodeUsageMode: EXCLUSIVE
+ containers:
+ - name: python
+ image: "python:latest"
+ alwaysPullImage: true
+ ttyEnabled: yes
+ workingDir: ""
+ command: "cat"
+ args: ""
+
+ - name: jenkins-agent-federate-dev-serverless
+ label: jenkins-agent-federate-dev-serverless
+ inheritFrom: jenkins-agent-federate-dev
+ serviceAccount: jenkins-agent-federate-dev
+ showRawYaml: false
+ namespace: jenkins
+ yamlMergeStrategy: merge
+ nodeUsageMode: EXCLUSIVE
+ containers:
+ - name: serverless
+ image: "amaysim/serverless:3.21.0"
+ alwaysPullImage: true
+ workingDir: ""
+ command: "cat"
+ args: ""
+ ttyEnabled: yes
- name: jenkins-agent-federate-prod
label: jenkins-agent-federate-prod
inheritFrom: jenkins-agent-default
serviceAccount: jenkins-agent-federate-prod
showRawYaml: false
namespace: jenkins
nodeUsageMode: EXCLUSIVE
yaml: |-
apiVersion: v1
kind: Pod
spec:
tolerations:
- key: cicd-agent-prod
operator: Exists
nodeSelector:
intent: cicd-agent-prod
containers:
- name: jnlp
image: "jenkins/inbound-agent:4.10-3"
alwaysPullImage: true
workingDir: ""
command: ""
args: ""
- name: ansible
image: "124378474992.dkr.ecr.us-east-1.amazonaws.com/ansible:2.7-frubana-2"
alwaysPullImage: true
workingDir: ""
command: "cat"
args: ""
ttyEnabled: yes
envVars:
- envVar:
key: "ANSIBLE_HOSTS_FILE"
value: "./environments/federate-prod/hosts"
- envVar:
key: "DOCKER_REGISTRY_URL"
value: "https://index.docker.io/v1/"
- envVar:
key: "DOCKER_CREDENTIAL_ID"
value: "docker-registry"
- envVar:
key: "DOCKER_HOST"
value: "tcp://localhost:2375"
- name: dind
image: "docker:20.10.12-dind"
alwaysPullImage: true
workingDir: ""
command: ""
args: ""
privileged: true
envVars:
- envVar:
key: "DOCKER_TLS_CERTDIR"
value: ""
volumes:
- emptyDirVolume:
mountPath: /var/lib/docker
memory: false
+
+ - name: jenkins-agent-federate-prod-openjdk11
+ label: jenkins-agent-federate-prod-openjdk11
+ inheritFrom: jenkins-agent-federate-prod
+ serviceAccount: jenkins-agent-federate-prod
+ yamlMergeStrategy: merge
+ namespace: jenkins
+ nodeUsageMode: EXCLUSIVE
+ containers:
+ - name: openjdk
+ image: "openjdk:11-jdk"
+ alwaysPullImage: true
+ workingDir: ""
+ command: "cat"
+ args: ""
+ ttyEnabled: true
+
+ - name: jenkins-agent-federate-prod-python
+ label: jenkins-agent-federate-prod-python
+ inheritFrom: jenkins-agent-federate-prod
+ serviceAccount: jenkins-agent-federate-prod
+ showRawYaml: false
+ namespace: jenkins
+ yamlMergeStrategy: merge
+ nodeUsageMode: EXCLUSIVE
+ containers:
+ - name: python
+ image: "python:latest"
+ alwaysPullImage: true
+ ttyEnabled: yes
+ workingDir: ""
+ command: "cat"
+ args: ""
+
+ - name: jenkins-agent-federate-prod-serverless
+ label: jenkins-agent-federate-prod-serverless
+ inheritFrom: jenkins-agent-federate-prod
+ serviceAccount: jenkins-agent-federate-prod
+ showRawYaml: false
+ namespace: jenkins
+ yamlMergeStrategy: merge
+ nodeUsageMode: EXCLUSIVE
+ containers:
+ - name: serverless
+ image: "amaysim/serverless:3.21.0"
+ alwaysPullImage: true
+ workingDir: ""
+ command: "cat"
+ args: ""
+ ttyEnabled: yes
- name: jenkins-agent-federate-qa
label: jenkins-agent-federate-qa
inheritFrom: jenkins-agent-default
serviceAccount: jenkins-agent-federate-qa
showRawYaml: false
namespace: jenkins
nodeUsageMode: EXCLUSIVE
yaml: |-
apiVersion: v1
kind: Pod
spec:
tolerations:
- key: cicd-agent-qa
operator: Exists
nodeSelector:
intent: cicd-agent-qa
containers:
- name: jnlp
image: "jenkins/inbound-agent:4.10-3"
alwaysPullImage: true
workingDir: ""
command: ""
args: ""
- name: ansible
image: "124378474992.dkr.ecr.us-east-1.amazonaws.com/ansible:2.7-frubana-2"
alwaysPullImage: true
workingDir: ""
command: "cat"
args: ""
ttyEnabled: yes
envVars:
- envVar:
key: "ANSIBLE_HOSTS_FILE"
value: "./environments/federate-qa/hosts"
- envVar:
key: "DOCKER_REGISTRY_URL"
value: "https://index.docker.io/v1/"
- envVar:
key: "DOCKER_CREDENTIAL_ID"
value: "docker-registry"
- envVar:
key: "DOCKER_HOST"
value: "tcp://localhost:2375"
- name: dind
image: "docker:20.10.12-dind"
alwaysPullImage: true
workingDir: ""
command: ""
args: ""
privileged: true
envVars:
- envVar:
key: "DOCKER_TLS_CERTDIR"
value: ""
volumes:
- emptyDirVolume:
mountPath: /var/lib/docker
memory: false
+
+ - name: jenkins-agent-federate-qa-openjdk11
+ label: jenkins-agent-federate-qa-openjdk11
+ inheritFrom: jenkins-agent-federate-qa
+ serviceAccount: jenkins-agent-federate-qa
+ yamlMergeStrategy: merge
+ namespace: jenkins
+ nodeUsageMode: EXCLUSIVE
+ containers:
+ - name: openjdk
+ image: "openjdk:11-jdk"
+ alwaysPullImage: true
+ workingDir: ""
+ command: "cat"
+ args: ""
+ ttyEnabled: yes
+
+ - name: jenkins-agent-federate-qa-python
+ label: jenkins-agent-federate-qa-python
+ inheritFrom: jenkins-agent-federate-qa
+ serviceAccount: jenkins-agent-federate-qa
+ showRawYaml: false
+ yamlMergeStrategy: merge
+ namespace: jenkins
+ nodeUsageMode: EXCLUSIVE
+ containers:
+ - name: python
+ image: "python:latest"
+ alwaysPullImage: true
+ workingDir: ""
+ command: "cat"
+ args: ""
+ ttyEnabled: yes
+
+ - name: jenkins-agent-federate-qa-serverless
+ label: jenkins-agent-federate-qa-serverless
+ inheritFrom: jenkins-agent-federate-qa
+ serviceAccount: jenkins-agent-federate-qa
+ showRawYaml: false
+ namespace: jenkins
+ yamlMergeStrategy: merge
+ nodeUsageMode: EXCLUSIVE
+ containers:
+ - name: serverless
+ image: "amaysim/serverless:3.21.0"
+ alwaysPullImage: true
+ workingDir: ""
+ command: "cat"
+ args: ""
+ ttyEnabled: yes
crumbIssuer:
standard:
excludeClientIPFromCrumb: true
security:
apiToken:
creationOfLegacyTokenEnabled: false
tokenGenerationOnCreationEnabled: false
usageStatisticsEnabled: true
gitHostKeyVerificationConfiguration:
sshHostKeyVerificationStrategy: acceptFirstConnectionStrategy
scriptApproval:
approvedSignatures:
- "method hudson.model.Run getCause java.lang.Class"
unclassified:
location:
adminAddress: devops@frubana.com
url: https://jenkins.devops-services.frubana.com
jenkins, jenkins-schedule-agents, Role (rbac.authorization.k8s.io) has changed:
# Source: jenkins/templates/rbac.yaml
# This role is used to allow Jenkins scheduling of agents via Kubernetes plugin.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: jenkins-schedule-agents
namespace: jenkins
labels:
"app.kubernetes.io/name": 'jenkins'
- "helm.sh/chart": "jenkins-4.2.13"
+ "helm.sh/chart": "jenkins-4.5.0"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
rules:
- apiGroups: [""]
resources: ["pods", "pods/exec", "pods/log", "persistentvolumeclaims", "events"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["pods", "pods/exec", "persistentvolumeclaims"]
verbs: ["create", "delete", "deletecollection", "patch", "update"]
jenkins, jenkins-schedule-agents, RoleBinding (rbac.authorization.k8s.io) has changed:
# Source: jenkins/templates/rbac.yaml
# We bind the role to the Jenkins service account. The role binding is created in the namespace
# where the agents are supposed to run.
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins-schedule-agents
namespace: jenkins
labels:
"app.kubernetes.io/name": 'jenkins'
- "helm.sh/chart": "jenkins-4.2.13"
+ "helm.sh/chart": "jenkins-4.5.0"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins-schedule-agents
subjects:
- kind: ServiceAccount
name: jenkins
namespace: jenkins
jenkins, jenkins-watch-configmaps, RoleBinding (rbac.authorization.k8s.io) has changed:
# Source: jenkins/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins-watch-configmaps
namespace: jenkins
labels:
"app.kubernetes.io/name": 'jenkins'
- "helm.sh/chart": "jenkins-4.2.13"
+ "helm.sh/chart": "jenkins-4.5.0"
"app.kubernetes.io/managed-by": "Helm"
"app.kubernetes.io/instance": "jenkins"
"app.kubernetes.io/component": "jenkins-controller"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins-casc-reload
subjects:
- kind: ServiceAccount
name: jenkins
namespace: jenkins
jenkins, jenkins-jenkins-config-views, ConfigMap (v1) has been added:
-
+ # Source: jenkins/templates/jcasc-config.yaml
+ apiVersion: v1
+ kind: ConfigMap
+ metadata:
+ name: "jenkins-jenkins-config-views"
+ namespace: jenkins
+ labels:
+ "app.kubernetes.io/name": jenkins
+ "helm.sh/chart": "jenkins-4.5.0"
+ "app.kubernetes.io/managed-by": "Helm"
+ "app.kubernetes.io/instance": "jenkins"
+ "app.kubernetes.io/component": "jenkins-controller"
+ jenkins-jenkins-config: "true"
+ data:
+ views.yaml: |-
+ jenkins:
+ views:
+ - all:
+ name: "all"
+ - list:
+ columns:
+ - "status"
+ - "weather"
+ - "jobName"
+ - "lastSuccess"
+ - "lastFailure"
+ - "lastDuration"
+ - "buildButton"
+ includeRegex: "^.*artifact.*$"
+ name: "Artifacts"
+ - list:
+ columns:
+ - "status"
+ - "weather"
+ - "jobName"
+ - "lastSuccess"
+ - "lastFailure"
+ - "lastDuration"
+ - "buildButton"
+ includeRegex: "^.*devops.*$"
+ name: "DevOps"
+ - list:
+ columns:
+ - "status"
+ - "weather"
+ - "jobName"
+ - "lastSuccess"
+ - "lastFailure"
+ - "lastDuration"
+ - "buildButton"
+ includeRegex: "^.*finance.*$"
+ name: "Finance"
+ - list:
+ columns:
+ - "status"
+ - "weather"
+ - "jobName"
+ - "lastSuccess"
+ - "lastFailure"
+ - "lastDuration"
+ - "buildButton"
+ includeRegex: "^.*growth.*$"
+ name: "Growth"
+ - list:
+ columns:
+ - "status"
+ - "weather"
+ - "jobName"
+ - "lastSuccess"
+ - "lastFailure"
+ - "lastDuration"
+ - "buildButton"
+ includeRegex: "^.*operations.*|.*warehouse.*|.*logistic.*|.*sourcing.*$"
+ name: "Operations"
+ - list:
+ columns:
+ - "status"
+ - "weather"
+ - "jobName"
+ - "lastSuccess"
+ - "lastFailure"
+ - "lastDuration"
+ - "buildButton"
+ includeRegex: "^.*procurement.*$"
+ name: "Procurement"
+ viewsTabBar: "standard"
Adding repo prometheus-community https://prometheus-community.github.io/helm-charts
"prometheus-community" has been added to your repositories
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/sonarqube/google-auth-clientID
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/sonarqube/google-auth-clientSecret
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/sonarqube/jdbcUrl
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/sonarqube/sonarqube_db_user
SSM: successfully retrieved key=/production/devops-services-prod/devops/infra/devops-services-prod-main/sonarqube/sonarqube_db_password
Adding repo sonarqube https://SonarSource.github.io/helm-chart-sonarqube
"sonarqube" has been added to your repositories
Adding repo hashicorp https://helm.releases.hashicorp.com
"hashicorp" has been added to your repositories
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment