Encryption should used wherever possible (and plausible).
The demo shows us how we can use SOPS to tick most of the boxes.
- checkout this gist
- run
./setup.sh
- follow the instructions
Encryption should used wherever possible (and plausible).
The demo shows us how we can use SOPS to tick most of the boxes.
./setup.sh
/* | |
Inspiration taken from the github page below. | |
Changes made: | |
- allowing the configuration to be taken from a file | |
- this will allow the script to be used in a docker/k8s environment | |
with the configuration in a mounted secret. | |
*/ | |
/* | |
Copyright (c) 2015-2018 Sam Gleske - https://github.com/samrocketman/jenkins-bootstrap-shared |
I hereby claim:
To claim this, I am signing this object:
// SecurityRealm | |
import jenkins.model.Jenkins | |
import hudson.security.SecurityRealm | |
import org.jenkinsci.plugins.googlelogin.GoogleOAuth2SecurityRealm | |
clientID = null | |
clientSecret = null | |
securityRealm = null | |
// secret sanity check |
{"component":"jenkins-operator","file":"prow/cmd/jenkins-operator/main.go:279","func":"main.gather","level":"debug","metrics-duration":"718.562µs","msg":"Metrics synced","time":"2019-09-11T15:20:07Z"} | |
{"client":"jenkins","component":"jenkins-operator","file":"prow/jenkins/jenkins.go:675","func":"k8s.io/test-infra/prow/jenkins.(*Client).GetEnqueuedBuilds","level":"debug","msg":"GetEnqueuedBuilds","time":"2019-09-11T15:20:07Z"} | |
{"client":"jenkins","component":"jenkins-operator","file":"prow/jenkins/jenkins.go:715","func":"k8s.io/test-infra/prow/jenkins.(*Client).GetBuilds","level":"debug","msg":"GetBuilds(myproj/view/change-requests/job/PR-1798)","time":"2019-09-11T15:20:07Z"} | |
{"client":"jenkins","component":"jenkins-operator","file":"prow/jenkins/jenkins.go:715","func":"k8s.io/test-infra/prow/jenkins.(*Client).GetBuilds","level":"debug","msg":"GetBuilds(myproj/view/change-requests/job/PR-1801)","time":"2019-09-11T15:20:07Z"} | |
{"client":"jenkins","component":"jenkins-operator","file":"prow/jenkins/jenkins.go:715 |
{"component":"jenkins-operator","duration":"467.19302ms","file":"prow/cmd/jenkins-operator/main.go:227","func":"main.main","level":"info","msg":"Synced","time":"2019-09-10T16:00:07Z"} | |
{"component":"jenkins-operator","duration":"480.632256ms","file":"prow/cmd/jenkins-operator/main.go:227","func":"main.main","level":"info","msg":"Synced","time":"2019-09-10T16:00:37Z"} | |
{"component":"jenkins-operator","duration":"541.922802ms","file":"prow/cmd/jenkins-operator/main.go:227","func":"main.main","level":"info","msg":"Synced","time":"2019-09-10T16:01:07Z"} | |
{"component":"jenkins-operator","duration":"443.892985ms","file":"prow/cmd/jenkins-operator/main.go:227","func":"main.main","level":"info","msg":"Synced","time":"2019-09-10T16:01:37Z"} | |
{"component":"jenkins-operator","duration":"483.265286ms","file":"prow/cmd/jenkins-operator/main.go:227","func":"main.main","level":"info","msg":"Synced","time":"2019-09-10T16:02:07Z"} | |
{"component":"jenkins-operator","duration":"371.763669ms","file":"prow/cmd/jenkins-operator/main.go: |
#!/usr/bin/env bash | |
# Script to get a list of plugins from a Jenkins server | |
set -euo pipefail | |
# set the necessary vars | |
JENKINS_URL=${JENKINS_URL:-http://localhost:8080} | |
JENKINS_USER=${JENKINS_USER:-admin} | |
JENKINS_TOKEN=${JENKINS_TOKEN} # eg. abcd1234abcd1234abcd1234 |
add_custom_nexus_repos() { | |
local dir=$1 | |
local volumeNames subPaths repoFiles patchItemString= patchFile separator='' | |
echo "Getting nexus deployment volume names..." | |
volumeNames=$(kubectl get deployment jenkins-x-nexus -o 'jsonpath={ .spec.template.spec.volumes[*].name}') | |
echo "Getting nexus deployment volumeMount subPaths..." | |
subPaths=$(kubectl get deployment jenkins-x-nexus -o 'jsonpath={ .spec.template.spec.containers[0].volumeMounts[*].subPath}') | |
repoFiles=$(cat "${dir}/nexus-repos/nexus-custom-repo-files.yaml" | docker run -i --rm evns/yq -j -r '.data' | docker run -i --rm imega/jq -r 'keys[]' | xargs) |
def updateGroup(def name, def members) { | |
if (!repository.getRepositoryManager().exists(name)) { | |
repository.createMavenGroup(name, members) | |
} | |
def mgConfig = repository.getRepositoryManager().get(name).configuration.copy() | |
mgConfig.attributes['group']['memberNames'] = members | |
repository.repositoryManager.update(mgConfig) | |
} | |
updateGroup('maven-group',['maven-public', 'maven-central', 'maven-releases', 'spring-milestone', 'spring-release', 'jitpack', 'jenkins-release', 'maven-jenkinsci', 'jenkins-public', 'plugins-gradle', 'my-protected-repo']) | |
updateGroup('maven-group-snapshots',['maven-snapshots', 'apache-org-snapshots', 'spring-io-libs-snapshot', 'oss-sonatype-snapshots']) |
kind: ConfigMap | |
apiVersion: v1 | |
metadata: | |
name: nexus-custom-repo-files | |
namespace: jx | |
labels: | |
app: nexus-custom-repo-files | |
data: | |
redshift-maven-repository.json: | | |
{ |