beppe/environment-ff-stage-euw1-gkecluster-primary-dev
1
0
Fork 0
mirror of https://github.com/bvanroll/environment-ff-stage-euw1-gkecluster-primary-dev.git synced 2025-08-28 19:42:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

initial config based of jenkins-x/jenkins-x-boot-config with ref v1.0.82

Browse Source
This commit is contained in:
jenkins-x-bot
2020-04-15 12:37:41 +02:00
commit 9434645ce5
106 changed files with 2971 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.gitignore vendored Executable file
View File

@@ -0,0 +1,8 @@
secrets.yaml
mysecrets.yaml
charts/
requirements.lock
.DS_Store
.idea
env/cluster/
env/parameters.schema.json

7
.pre-commit-config.yaml Normal file
View File

@@ -0,0 +1,7 @@
repos:
- repo: git@github.com:Yelp/detect-secrets
rev: v0.12.4
hooks:
- id: detect-secrets
args: ['--baseline', '.secrets.baseline']
exclude: .*/tests/.*

89
.secrets.baseline Normal file
View File

@@ -0,0 +1,89 @@
{
"exclude": {
"files": null,
"lines": null
},
"generated_at": "2019-09-11T09:31:17Z",
"plugins_used": [
{
"name": "AWSKeyDetector"
},
{
"name": "ArtifactoryDetector"
},
{
"base64_limit": 4.5,
"name": "Base64HighEntropyString"
},
{
"name": "BasicAuthDetector"
},
{
"hex_limit": 3,
"name": "HexHighEntropyString"
},
{
"name": "KeywordDetector"
},
{
"name": "PrivateKeyDetector"
},
{
"name": "SlackDetector"
},
{
"name": "StripeDetector"
}
],
"results": {
"bdd/bdd.sh": [
{
"hashed_secret": "8ed71d19964ae8169396605379dc4f65ff292fe2",
"is_secret": false,
"line_number": 40,
"type": "Secret Keyword"
}
],
"env/jenkins-x-platform/values.tmpl.yaml": [
{
"hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5",
"is_secret": false,
"line_number": 20,
"type": "Secret Keyword"
}
],
"env/jxboot-resources/values.tmpl.yaml": [
{
"hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5",
"is_secret": false,
"line_number": 143,
"type": "Secret Keyword"
}
],
"env/tekton/values.tmpl.yaml": [
{
"hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5",
"is_secret": false,
"line_number": 21,
"type": "Secret Keyword"
}
],
"kubeProviders/iks/README.md": [
{
"hashed_secret": "aa5c16139fb7160196bad6d4a1ae97b677ff0d81",
"is_secret": false,
"line_number": 198,
"type": "Secret Keyword"
}
],
"systems/external-dns/values.tmpl.yaml": [
{
"hashed_secret": "8aa3771c4ae26feb2df06246de60d7620aad7bb7",
"is_secret": false,
"line_number": 7,
"type": "Secret Keyword"
}
]
},
"version": "0.12.4"
}

20
Makefile Normal file
View File

@@ -0,0 +1,20 @@
GO := GO111MODULE=off go
install-fmt-deps:
$(GO) get github.com/abayer/fmt-yml-for-k8s
fmt: install-fmt-deps
${GOPATH}/bin/fmt-yml-for-k8s --file jenkins-x.yml --output-dir .
verify-fmt: install-fmt-deps fmt
$(eval CHANGED = $(shell git ls-files --modified --exclude-standard))
@if [ "$(CHANGED)" == "" ]; \
then \
echo "jenkins-x.yml properly formatted"; \
else \
echo "jenkins-x.yml is not properly formatted"; \
echo "$(CHANGED)"; \
git diff; \
exit 1; \
fi

26
OWNERS Normal file
View File

@@ -0,0 +1,26 @@
approvers:
- rawlingsj
- jstrachan
- ccojocar
- garethjevans
- pmuir
- wbrefvem
- warrenbailey
- cagiti
- abayer
- dgozalo
- daveconde
- hferentschik
reviewers:
- rawlingsj
- jstrachan
- ccojocar
- garethjevans
- pmuir
- wbrefvem
- warrenbailey
- cagiti
- abayer
- dgozalo
- daveconde
- hferentschik

96
README.md Normal file
View File

@@ -0,0 +1,96 @@
## Jenkins X Boot Configuration
This repository contains the source code for [Jenkins X Boot configuration](https://jenkins-x.io/docs/getting-started/setup/boot/) so that you can setup, upgrade or configure your Jenkins X installation via GitOps.
## How to install...
### Creating a kubernetes cluster
* either use Terraform to spin up a GKE cluster with a `jx` namespace and any necessary cloud resources (e.g. on GCP we need a Kaniko Service Account and Secret)
* create an empty GKE cluster by hand e.g. via `jx create cluster gke --skip-installation` or using the [GCP Console](https://console.cloud.google.com/)
### Run the new Jenkins X Bootstrap Pipeline
Create a fork of this git repository on github. We suggest renaming it to match the pattern `environment-<cluster name>-dev`. To rename your repository go to the repository settings in github.
Clone your newly forked git repository:
```
git clone https://github.com/<org>/environment-<cluster name>-dev && cd environment-<cluster name>-dev
```
> It's important that you cd into your newly checked out git repo, otherwise `jx boot` will use the upstream Jenkins X boot
configuration.
Now, in the checkout, run:
```
jx boot
```
If you are not in a clone of a boot git repository then `jx boot` will clone this repository and `cd` into the clone.
The bootstrap process runs the Jenkins X Pipeline in interpret mode as there's nothing running in your Kubernetes cluster yet and so there's no server side tekton controller until after we bootstrap.
The bootstrap process will also ask you for various important `parameters` which are used to populate a bunch of `Secrets` stored in either Vault or the local file system (well away from your git clone).
The pipeline will then setup the ingress controller, then cert manager, then install the actual development environment.
Apart from the secrets populated to Vault / local file system everything else is stored inside this git repository as Apps and helm charts.
### How it works
We have improved the support for value + secret composition via this [issue](https://github.com/jenkins-x/jx/issues/4328).
### Parameters file
We define a [env/parameters.yaml](https://github.com/jenkins-x/jenkins-x-boot-config/blob/master/env/parameters.yaml) file which defines all the parameters either checked in or loaded from Vault or a local file system secrets location.
#### Injecting secrets into the parameters
If you look at the current [env/parameters.yaml](https://github.com/jenkins-x/jenkins-x-boot-config/blob/master/env/parameters.yaml) file you will see some values inlined and others use URIs of the form `local:my-cluster-folder/nameofSecret/key`. This currently supports 2 schemes:
* `vault:` to load from a path + key from Vault
* `local:` to load from a key in a YAML file at `~/.jx/localSecrets/$path.yml`
This means we can populate all the Parameters we need on startup then refer to them from `values.yaml` to populate the tree of values to then inject those into Vault.
#### Populating the `parameters.yaml` file
We can then use the new step to populate the `parameters.yaml` file via this command in the `env` folder:
```
jx step create values --name parameters
```
This uses the [parameters.schema.json](https://github.com/jenkins-x/jenkins-x-boot-config/blob/master/env/parameters.schema.json) file which powers the UI.
So if you wanted to perform your own install from this git repo, just fork it, remove `env/parameters.yaml` and run the bootstrap command!
### Improvements to values.yaml
#### Support a tree of values.yaml files
Rather than a huge huge deeply nested values.yaml file we can have a tree of files for each App only include the App specific configuration in each folder. e.g.
```
env/
values.yaml # top level configuration
prow/
values.yaml # prow specific config
tekton/
vales.yaml # tekton specific config
```
#### values.yaml templates
When using `jx step helm apply` we now allow `values.yaml` files to use go/helm templates just like `templates/foo.yaml` files support inside helm charts so that we can generate value/secret strings which can use templating to compose things from smaller secret values. e.g. creating a maven `settings.xml` file or docker `config.json` which includes many user/passwords for different registries.
We can then check in the `values.yaml` file which does all of this composition and reference the actual secret values via URLs (or template functions) to access vault or local vault files
To do this we use expressions like: `{{ .Parameter.pipelineUser.token }}` somewhere in the `values.yaml` values file. So this is like injecting values into the helm templates; but it happens up front to help generate the `values.yaml` files.

89
bdd/bdd.sh Executable file
View File

@@ -0,0 +1,89 @@
#!/usr/bin/env bash
set -euo pipefail
set -x
if [ $# -ne 2 ]; then
echo "Please provide the source and destination paths for configuration"
exit -1
fi
SRC_PATH=$1
DST_PATH=$2
export GH_USERNAME="jenkins-x-bot-test"
export GH_EMAIL="jenkins-x@googlegroups.com"
export GH_OWNER="jenkins-x-bot-test"
# fix broken `BUILD_NUMBER` env var
export BUILD_NUMBER="$BUILD_ID"
JX_HOME="/tmp/jxhome"
KUBECONFIG="/tmp/jxhome/config"
# lets avoid the git/credentials causing confusion during the test
export XDG_CONFIG_HOME=$JX_HOME
mkdir -p $JX_HOME/git
jx --version
# replace the credentials file with a single user entry
echo "https://$GH_USERNAME:$GH_ACCESS_TOKEN@github.com" > $JX_HOME/git/credentials
# setup GCP service account
gcloud auth activate-service-account --key-file $GKE_SA
# setup git
git config --global --add user.name JenkinsXBot
git config --global --add user.email jenkins-x@googlegroups.com
echo "running the BDD tests with JX_HOME = $JX_HOME"
# setup jx boot parameters
export JX_VALUE_ADMINUSER_PASSWORD="$JENKINS_PASSWORD"
export JX_VALUE_PIPELINEUSER_USERNAME="$GH_USERNAME"
export JX_VALUE_PIPELINEUSER_EMAIL="$GH_EMAIL"
export JX_VALUE_PIPELINEUSER_TOKEN="$GH_ACCESS_TOKEN"
export JX_VALUE_PROW_HMACTOKEN="$GH_ACCESS_TOKEN"
# TODO temporary hack until the batch mode in jx is fixed...
export JX_BATCH_MODE="true"
# prepare the BDD configuration
mkdir -p $DST_PATH
cp -r `ls -A | grep -v "${DST_PATH}"` $DST_PATH
cp $SRC_PATH/jx-requirements.yml $DST_PATH
cp $SRC_PATH/parameters.yaml $DST_PATH/env
cd $DST_PATH
# Rotate the domain to avoid cert-manager API rate limit
if [[ "${DOMAIN_ROTATION}" == "true" ]]; then
SHARD=$(date +"%l" | xargs)
DOMAIN="${DOMAIN_PREFIX}${SHARD}${DOMAIN_SUFFIX}"
if [[ -z "${DOMAIN}" ]]; then
echo "Domain rotation enabled. Please set DOMAIN_PREFIX and DOMAIN_SUFFIX environment variables"
exit -1
fi
echo "Using domain: ${DOMAIN}"
sed -i "/^ *ingress:/,/^ *[^:]*:/s/domain: .*/domain: ${DOMAIN}/" jx-requirements.yml
fi
echo "Using jx-requirements.yml"
cat jx-requirements.yml
# TODO hack until we fix boot to do this too!
helm init --client-only
helm repo add jenkins-x https://storage.googleapis.com/chartmuseum.jenkins-x.io
jx step bdd \
--use-revision \
--versions-repo https://github.com/jenkins-x/jenkins-x-versions.git \
--config $SRC_PATH/cluster.yaml \
--gopath /tmp \
--git-provider=github \
--git-username $GH_USERNAME \
--git-owner $GH_OWNER \
--git-api-token $GH_ACCESS_TOKEN \
--default-admin-password $JENKINS_PASSWORD \
--no-delete-app \
--no-delete-repo \
--tests install \
--tests test-create-spring

1
bdd/boot-local/README.md Normal file
View File

@@ -0,0 +1 @@
## BDD test using JX Boot with Local secrets

18
bdd/boot-local/cluster.yaml Normal file
View File

@@ -0,0 +1,18 @@
clusters:
- name: boot-local
args:
- create
- cluster
- gke
- --project-id=jenkins-x-bdd3
- -m=n1-standard-2
- --min-num-nodes=3
- --max-num-nodes=5
- -z=europe-west1-c
- --skip-login
- --skip-installation
commands:
- command: jx
args:
- boot
- -b

39
bdd/boot-local/jx-requirements.yml Normal file
View File

@@ -0,0 +1,39 @@
cluster:
clusterName: bdd-boot-local
environmentGitOwner: jenkins-x-bot-test
project: jenkins-x-bdd3
provider: gke
zone: europe-west1-c
environments:
- key: dev
owner: ""
repository: ""
- key: staging
owner: ""
repository: ""
- key: production
owner: ""
repository: ""
ingress:
domain: ""
externalDNS: false
tls:
email: ""
enabled: false
production: false
kaniko: true
secretStorage: local
storage:
logs:
enabled: false
url: ""
reports:
enabled: false
url: ""
repository:
enabled: false
url: ""
versionStream:
ref: "master"
url: https://github.com/jenkins-x/jenkins-x-versions.git
webhook: prow

10
bdd/boot-local/parameters.yaml Normal file
View File

@@ -0,0 +1,10 @@
adminUser:
username: admin
enableDocker: false
gitProvider: github
gpg: {}
pipelineUser:
github:
host: github.com
username: jenkins-x-bot-test
email: jenkins-x@googlegroups.com

1
bdd/boot-vault/README.md Normal file
View File

@@ -0,0 +1 @@
## BDD test using JX Boot with Vault secrets

18
bdd/boot-vault/cluster.yaml Normal file
View File

@@ -0,0 +1,18 @@
clusters:
- name: boot-vault
args:
- create
- cluster
- gke
- --project-id=jenkins-x-bdd3
- -m=n1-standard-2
- --min-num-nodes=3
- --max-num-nodes=5
- -z=europe-west1-c
- --skip-login
- --skip-installation
commands:
- command: jx
args:
- boot
- -b

42
bdd/boot-vault/jx-requirements.yml Normal file
View File

@@ -0,0 +1,42 @@
cluster:
clusterName: bdd-boot-vault
environmentGitOwner: jenkins-x-bot-test
project: jenkins-x-bdd3
provider: gke
zone: europe-west1-c
environments:
- key: dev
owner: ""
repository: ""
- key: staging
owner: ""
repository: ""
- key: production
owner: ""
repository: ""
ingress:
domain: ""
externalDNS: false
tls:
email: ""
enabled: false
production: false
kaniko: true
secretStorage: vault
repository: nexus
storage:
logs:
enabled: false
url: ""
reports:
enabled: false
url: ""
repository:
enabled: false
url: ""
versionStream:
ref: "master"
url: https://github.com/jenkins-x/jenkins-x-versions.git
vault:
disableURLDiscovery: true
webhook: prow

10
bdd/boot-vault/parameters.yaml Normal file
View File

@@ -0,0 +1,10 @@
adminUser:
username: admin
enableDocker: false
gitProvider: github
gpg: {}
pipelineUser:
github:
host: github.com
username: jenkins-x-bot-test
email: jenkins-x@googlegroups.com

6
clearcluster.sh Executable file
View File

@@ -0,0 +1,6 @@
#!/usr/bin/env bash
echo "removing the cluster specific files"
rm -f env/parameters.yaml
rm -f env/cluster/values.yaml
rm -rf ~/.jx/localSecrets

7
env/Chart.yaml vendored Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
description: GitOps Environment for this Environment
icon: https://www.cloudbees.com/sites/default/files/Jenkins_8.png
maintainers:
- name: Team
name: env
version: "1"

13
env/Makefile vendored Normal file
View File

@@ -0,0 +1,13 @@
init:
helm init --client-only
helm repo add jenkins-x https://storage.googleapis.com/chartmuseum.jenkins-x.io
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add stable https://kubernetes-charts.storage.googleapis.com
build: clean init
jx step helm build --boot --provider-values-dir=../kubeProviders
helm lint .
clean:
rm -rf charts
rm -rf requirements.lock

15
env/bucketrepo/values.tmpl.yaml vendored Normal file
View File

@@ -0,0 +1,15 @@
{{- if and (hasKey .Requirements "repository") (eq .Requirements.repository "bucketrepo") }}
enabled: true
{{- else }}
enabled: false
{{- end }}
config:
storage:
{{- if .Requirements.storage.repository.url }}
enabled: true
{{- end }}
bucketUrl: "{{ .Requirements.storage.repository.url }}"
auth:
username: "{{ .Parameters.adminUser.username }}"
password: "{{ .Parameters.adminUser.password }}"

6
env/chartmuseum/values.tmpl.yaml vendored Normal file
View File

@@ -0,0 +1,6 @@
{{- if and (hasKey .Requirements "repository") (eq .Requirements.repository "bucketrepo") }}
enabled: false
{{- else }}
enabled: true
{{- end }}

1
env/controllerbuild/values.yaml vendored Normal file
View File

@@ -0,0 +1 @@
enabled: true

1
env/controllerteam/values.yaml vendored Normal file
View File

@@ -0,0 +1 @@
enabled: false

1
env/controllerworkflow/values.yaml vendored Normal file
View File

@@ -0,0 +1 @@
enabled: false

2
env/docker-registry/README.MD vendored Normal file
View File

@@ -0,0 +1,2 @@
# docker-registry

5
env/docker-registry/values.tmpl.yaml vendored Normal file
View File

@@ -0,0 +1,5 @@
{{- if eq .Requirements.webhook "jenkins" }}
enabled: true
{{- else }}
enabled: false
{{- end }}

7
env/jenkins-x-platform/README.MD vendored Normal file
View File

@@ -0,0 +1,7 @@
# jenkins-x-platform
|App Metadata||
|---|---|
| **Version** | 0.0.3877 |
| **Description** | Jenkins X next gen cloud CI / CD platform for Kubernetes |
| **Chart Repository** | http://chartmuseum.jenkins-x.io |

12
env/jenkins-x-platform/templates/jenkins-x-platform-app.yaml vendored Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: jenkins.io/v1
kind: App
metadata:
annotations:
jenkins.io/chart-description: Jenkins X next gen cloud CI / CD platform for Kubernetes
jenkins.io/chart-repository: http://chartmuseum.jenkins-x.io
creationTimestamp: null
labels:
jenkins.io/app-name: jenkins-x-platform
jenkins.io/app-version: 0.0.3877
name: jenkins-x-platform
spec: {}

197
env/jenkins-x-platform/values.tmpl.yaml vendored Normal file
View File

@@ -0,0 +1,197 @@
{{- if hasKey .Requirements.cluster "registry" }}
dockerRegistry: "{{ .Requirements.cluster.registry }}"
{{- end }}
expose:
enabled: false
JXBasicAuth: "{{ .Parameters.adminUser.username }}:{SHA}{{ .Parameters.adminUser.password | hashPassword }}"
cleanup:
enabled: false
chartmuseum:
{{- if and (hasKey .Requirements "repository") (eq .Requirements.repository "bucketrepo") }}
enabled: false
{{- else }}
env:
secret:
BASIC_AUTH_USER: "{{ .Parameters.adminUser.username }}"
BASIC_AUTH_PASS: "{{ .Parameters.adminUser.password }}"
{{- end }}
nexus:
defaultAdminPassword: "{{ .Parameters.adminUser.password }}"
{{- if hasKey .Requirements "repository"}}
{{- if or (eq .Requirements.repository "nexus") (eq .Requirements.repository "") }}
enabled: true
{{- else }}
enabled: false
{{- end }}
{{- else }}
enabled: false
{{- end }}
jenkins:
Master:
AdminPassword: "{{ .Parameters.adminUser.password }}"
PipelineSecrets:
GitCreds: https://{{ .Parameters.pipelineUser.username }}:{{ .Parameters.pipelineUser.token }}@{{ trimPrefix "https://" .Requirements.cluster.gitServer | default "https://github.com" | }}
GithubToken: "{{ .Parameters.pipelineUser.token }}"
MavenSettingsXML: |-
<settings>
<localRepository>/home/jenkins/.mvnrepository</localRepository>
<!--This sends everything else to /public -->
{{- if and (hasKey .Requirements "repository") (eq .Requirements.repository "bucketrepo") }}
<mirrors>
<mirror>
<id>bucketrepo</id>
<name>bucketrepo mirror</name>
<mirrorOf>*</mirrorOf>
<url>http://bucketrepo/bucketrepo/</url>
</mirror>
</mirrors>
{{- else if and (hasKey .Requirements "repository") (eq .Requirements.repository "none") }}
<mirrors>
<mirror>
<id>central</id>
<name>US Central</name>
<url>https://repo.maven.apache.org/maven2</url>
<mirrorOf>central</mirrorOf>
</mirror>
<mirror>
<id>UK</id>
<name>UK Central</name>
<url>https://uk.maven.org/maven2</url>
<mirrorOf>central</mirrorOf>
</mirror>
</mirrors>
{{- else }}
<mirrors>
<mirror>
<id>nexus</id>
<name>nexus mirror</name>
<mirrorOf>external:*</mirrorOf>
<url>http://nexus/repository/maven-group/</url>
</mirror>
</mirrors>
{{- end }}
<!-- lets disable the download progress indicator that fills up logs -->
<interactiveMode>false</interactiveMode>
<servers>
<server>
<id>local-nexus</id>
<username>{{ .Parameters.adminUser.username }}</username>
<password>{{ .Parameters.adminUser.password }}</password>
</server>
<server>
<id>nexus</id>
<username>{{ .Parameters.adminUser.username }}</username>
<password>{{ .Parameters.adminUser.password }}</password>
</server>
<server>
<id>docker.io</id>
</server>
</servers>
<profiles>
<profile>
<id>nexus</id>
<properties>
{{- if and (hasKey .Requirements "repository") (eq .Requirements.repository "bucketrepo") }}
<altDeploymentRepository>local-nexus::default::http://bucketrepo/bucketrepo/deploy/maven-snapshots/</altDeploymentRepository>
<altReleaseDeploymentRepository>local-nexus::default::http://bucketrepo/bucketrepo/deploy/maven-releases/</altReleaseDeploymentRepository>
<altSnapshotDeploymentRepository>local-nexus::default::http://bucketrepo/bucketrepo/deploy/maven-snapshots/</altSnapshotDeploymentRepository>
{{- else if and (hasKey .Requirements "repository") (eq .Requirements.repository "none") }}
{{- else }}
<altDeploymentRepository>local-nexus::default::http://nexus/repository/maven-snapshots/</altDeploymentRepository>
<altReleaseDeploymentRepository>local-nexus::default::http://nexus/repository/maven-releases/</altReleaseDeploymentRepository>
<altSnapshotDeploymentRepository>local-nexus::default::http://nexus/repository/maven-snapshots/</altSnapshotDeploymentRepository>
{{- end }}
</properties>
<repositories>
<repository>
<id>central</id>
<url>http://central</url>
<releases><enabled>true</enabled></releases>
<snapshots><enabled>true</enabled></snapshots>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>central</id>
<url>http://central</url>
<releases><enabled>true</enabled></releases>
<snapshots><enabled>true</enabled></snapshots>
</pluginRepository>
</pluginRepositories>
</profile>
<profile>
<id>repo.jenkins-ci.org</id>
<properties>
<altDeploymentRepository>repo.jenkins-ci.org::default::https://repo.jenkins-ci.org/releases/</altDeploymentRepository>
<altReleaseDeploymentRepository>repo.jenkins-ci.org::default::https://repo.jenkins-ci.org/releases/</altReleaseDeploymentRepository>
<altSnapshotDeploymentRepository>repo.jenkins-ci.org::default::https://repo.jenkins-ci.org/snapshots/</altSnapshotDeploymentRepository>
</properties>
</profile>
<profile>
<id>maven.jenkins-ci.org</id>
<properties>
<altDeploymentRepository>maven.jenkins-ci.org::default::https://maven.jenkins-ci.org/releases/</altDeploymentRepository>
<altReleaseDeploymentRepository>maven.jenkins-ci.org::default::https://maven.jenkins-ci.org/releases/</altReleaseDeploymentRepository>
<altSnapshotDeploymentRepository>maven.jenkins-ci.org::default::https://maven.jenkins-ci.org/snapshots/</altSnapshotDeploymentRepository>
</properties>
</profile>
<profile>
<id>release</id>
<properties>
<gpg.executable>gpg</gpg.executable>
<!-- TODO use: .Parameters.gpg.passphrase when it is always populated -->
<gpg.passphrase></gpg.passphrase>
</properties>
</profile>
</profiles>
<activeProfiles>
<activeProfile>nexus</activeProfile>
</activeProfiles>
</settings>
SSHConfig: |-
Host github.com
User git
IdentityFile /root/.ssh-git/ssh-key
StrictHostKeyChecking no
{{- if eq .Requirements.webhook "lighthouse" }}
controllerbuild:
enabled: true
args:
- "controller"
- "build"
- "--git-reporting"
- "--batch-mode"
- "--git-credentials"
- "--verbose"
{{- end }}
gcactivities:
args:
- "gc"
- "activities"
- "--batch-mode"
- "--pr-history-limit=30"
cronjob:
enabled: true
schedule: "0/30 * * * *"
gcpods:
cronjob:
enabled: true
schedule: "0/30 * * * *"

5
env/jenkins/values.tmpl.yaml vendored Normal file
View File

@@ -0,0 +1,5 @@
{{- if eq .Requirements.webhook "jenkins" }}
enabled: true
{{- else }}
enabled: false
{{- end }}

6
env/jxboot-resources/README.MD vendored Normal file
View File

@@ -0,0 +1,6 @@
# jxboot-resources
|App Metadata||
|---|---|
| **Version** | 0.0.1 |
| **Chart Repository** | http://chartmuseum.jenkins-x.io |

216
env/jxboot-resources/values.tmpl.yaml vendored Normal file
View File

@@ -0,0 +1,216 @@
cluster:
domain: {{ .Requirements.ingress.domain }}
{{- if hasKey .Requirements.ingress "exposer" }}
exposer: {{ .Requirements.ingress.exposer }}
{{- else if eq .Requirements.cluster.provider "openshift" }}
exposer: Route
{{- else if eq .Requirements.cluster.provider "minishift" }}
exposer: Route
{{- else }}
exposer: Ingress
{{- end }}
namespace: {{ .Requirements.cluster.namespace | default "jx" }}
namespaceSubDomain: {{ .Requirements.ingress.namespaceSubDomain | default ".jx." }}
{{- if hasKey .Requirements.cluster "project" }}
projectID: {{ .Requirements.cluster.project }}
{{- else }}
projectID: ""
{{- end }}
{{- if hasKey .Requirements.cluster "zone" }}
zone: {{ .Requirements.cluster.zone }}
{{- else }}
zone: ""
{{- end }}
name: ""
{{- if hasKey .Requirements.cluster "provider" }}
provider: {{ .Requirements.cluster.provider }}
{{- end }}
serverUrl: ""
{{- if .Requirements.ingress.tls.enabled }}
tls: true
{{- else }}
tls: false
{{- end }}
gitops:
versionStreamUrl: {{ .Requirements.versionStream.url }}
versionStreamRef: {{ .Requirements.versionStream.ref }}
gitKind: {{ .Requirements.cluster.gitKind | default "github" }}
gitName: {{ .Requirements.cluster.gitName | default "github" }}
{{- if hasKey .Requirements.cluster "gitPublic" }}
gitPublic: {{ .Requirements.cluster.gitPublic }}
{{- end }}
server: {{ .Requirements.cluster.gitServer | default "https://github.com" }}
owner: {{ .Requirements.cluster.environmentGitOwner }}
webhook: {{ .Requirements.webhook | default "prow" | quote }}
{{- if eq .Requirements.cluster.gitKind "bitbucketserver" }}
gitUrlPathPrefix: "/scm"
{{- else }}
gitUrlPathPrefix: ""
{{- end }}
dev:
server: ""
{{- if .Requirements.gitops }}
repo: "{{ .Environments.dev.repository }}"
owner: "{{ .Environments.dev.owner }}"
envOrganisation: "{{ .Requirements.cluster.environmentGitOwner }}"
{{- else }}
repo: ""
owner: ""
envOrganisation: ""
{{- end }}
{{- if eq .Requirements.cluster.provider "gke" }}
dockerRegistryOrg: "{{ .Requirements.cluster.project }}"
{{- else }}
dockerRegistryOrg: ""
{{- end }}
staging:
repo: "{{ .Environments.staging.repository }}"
owner: "{{ .Environments.staging.owner | default .Requirements.cluster.environmentGitOwner }}"
server: ""
namespace: {{ .Requirements.cluster.namespace | default "jx" }}-staging
{{- if hasKey .Environments.staging "remoteCluster" }}
remote: {{ .Environments.staging.remoteCluster | default "false" }}
{{- end }}
production:
repo: "{{ .Environments.production.repository }}"
owner: "{{ .Environments.production.owner | default .Requirements.cluster.environmentGitOwner }}"
server: ""
namespace: {{ .Requirements.cluster.namespace | default "jx" }}-production
{{- if hasKey .Environments.production "remoteCluster" }}
remote: {{ .Environments.production.remoteCluster | default "false" }}
{{- end }}
storage:
logs:
url: "{{ .Requirements.storage.logs.url }}"
reports:
url: "{{ .Requirements.storage.reports.url }}"
repository:
url: "{{ .Requirements.storage.repository.url }}"
expose:
enabled: false
cleanup:
enabled: false
controllerbuild:
enabled: true
controllerteam:
enabled: false
controllerworkflow:
enabled: false
jenkins:
enabled: false
jenkins-x-platform:
chartmuseum:
enabled: true
env:
open:
AUTH_ANONYMOUS_GET: true
DISABLE_API: false
# STORAGE: google
# STORAGE_GOOGLE_BUCKET: chartmuseum.jenkins-x.io
# STORAGE_GOOGLE_PREFIX: charts
# gcp:
# secret:
# enabled: true
# key: gcs-chartmuseum.key.json
# name: gcs-jenkinsx-chartmuseum
image:
tag: v0.7.1
controllerbuild:
enabled: true
jenkins:
Agent:
PodTemplates:
Go:
Containers:
Go:
Image: jenkinsxio/builder-go:latest
Maven:
Containers:
Maven:
Image: jenkinsxio/builder-maven:latest
volumes:
- mountPath: /root/.m2/
secretName: jenkins-maven-settings
type: Secret
- mountPath: /home/jenkins/.docker
secretName: jenkins-docker-cfg
type: Secret
Nodejs:
Containers:
Nodejs:
Image: jenkinsxio/builder-nodejs:latest
monocular:
api:
livenessProbe:
initialDelaySeconds: 1000
nexus:
persistence:
size: 100Gi
postinstalljob:
enabled: "true"
tekton:
webhook:
enabled: false
JenkinsXGitHub:
username: "{{ .Parameters.pipelineUser.username }}"
email: "{{ .Parameters.pipelineUser.email }}"
password: "{{ .Parameters.pipelineUser.token }}"
{{- if .Requirements.ingress.tls }}
certmanager:
production: "{{ .Requirements.ingress.tls.production }}"
{{- if .Requirements.ingress.tls.enabled }}
email: "{{ .Requirements.ingress.tls.email }}"
{{- else }}
enabled: false
{{- end }}
{{- end }}
lighthouse:
{{- if eq .Requirements.webhook "lighthouse" }}
enabled: true
{{- else }}
enabled: false
{{- end }}
nexus:
{{- if eq .Requirements.repository "nexus" }}
enabled: true
{{- else }}
enabled: false
{{- end }}
prow:
{{- if eq .Requirements.webhook "prow" }}
enabled: true
{{- else }}
enabled: false
{{- end }}
vault:
{{- if eq .Requirements.secretStorage "vault" }}
enabled: true
{{- else }}
enabled: false
{{- end }}
{{- if .Requirements.autoUpdate }}
autoUpdate:
schedule: {{ .Requirements.autoUpdate.schedule | quote }}
enabled: {{ .Requirements.autoUpdate.enabled }}
{{- end }}
versions:
builders: {{ versionStream "docker" "gcr.io/jenkinsxio/builder-go" }}

6
env/lighthouse/README.MD vendored Normal file
View File

@@ -0,0 +1,6 @@
# lighthouse
|App Metadata||
|---|---|
| **Version** | 0.0.39 |
| **Chart Repository** | http://chartmuseum.jenkins-x.io |

33
env/lighthouse/values.tmpl.yaml vendored Normal file
View File

@@ -0,0 +1,33 @@
{{- if eq .Requirements.webhook "lighthouse" }}
enabled: true
{{- else }}
enabled: false
{{- end }}
hmacToken: "{{ .Parameters.prow.hmacToken }}"
git:
kind: {{ .Requirements.cluster.gitKind | default "github" }}
name: {{ .Requirements.cluster.gitName | default "github" }}
server: {{ .Requirements.cluster.gitServer | default "https://github.com" }}
service:
name: hook
replicaCount: 2
image:
repository: gcr.io/jenkinsxio/lighthouse
vault:
{{- if eq .Requirements.secretStorage "vault" }}
enabled: true
{{- else }}
enabled: false
{{- end }}
clusterName: {{ .Requirements.cluster.clusterName }}
user: "{{ .Parameters.pipelineUser.username }}"
oauthToken: "{{ .Parameters.pipelineUser.token }}"

5
env/nexus/values.tmpl.yaml vendored Normal file
View File

@@ -0,0 +1,5 @@
{{- if or (eq .Requirements.repository "nexus") (eq .Requirements.repository "") }}
enabled: true
{{- else }}
enabled: false
{{- end }}

155
env/parameters.tmpl.schema.json vendored Normal file
View File

@@ -0,0 +1,155 @@
{
"$id": "https:/jenkins-x.io/tests/descriptionAndTitle.schema.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"description": "install values.yaml",
"type": "object",
"properties": {
"adminUser": {
"type": "object",
"required": [
"username",
"password"
],
"properties": {
"username": {
"type": "string",
"title": "Jenkins X Admin Username",
"description": "The Admin Username will be used by all services installed by Jenkins X",
"default": "admin"
},
"password": {
"type": "string",
"format": "password",
"title": "Jenkins X Admin Password",
"description": "The Admin Password will be used by all services installed by Jenkins X"
}
}
},
"pipelineUser": {
"type": "object",
"required": [
"username",
"email",
"token"
],
"properties": {
"username": {
"type": "string",
"title": "Pipeline bot Git username",
"description": "The Git user that will perform git operations inside a pipeline. It should be a user within the Git organisation/owner where environment repositories will live. This is normally a bot."
},
"email": {
"type": "string",
"title": "Pipeline bot Git email address",
"description": "The email address of the Git user that will perform git operations inside a pipeline."
},
{{- if eq .GitKind "github" }}
"token": {
"type": "string",
"format": "token",
"title": "Pipeline bot Git token",
"description": "A token for the Git user that will perform git operations inside a pipeline. This includes environment repository creation, and so this token should have full repository permissions. To create a token go to {{ .GitServer }}/settings/tokens/new?scopes=repo,read:user,read:org,user:email,write:repo_hook,delete_repo then enter a name, click Generate token, and copy and paste the token into this prompt.",
"minLength": 40,
"maxLength": 40,
"pattern": "^[0-9a-f]{40}$"
}
{{- else if eq .GitKind "bitbucketserver" }}
"token": {
"type": "string",
"format": "token",
"title": "Pipeline bot Git token",
"description": "A token for the Git user that will perform git operations inside a pipeline. This includes environment repository creation, and so this token should have full repository permissions. To create a token go to {{ .GitServer }}/plugins/servlet/access-tokens/manage then enter a name, click Generate token, and copy and paste the token into this prompt.",
"minLength": 8,
"maxLength": 50
}
{{- else if eq .GitKind "gitlab" }}
"token": {
"type": "string",
"format": "token",
"title": "Pipeline bot Git token",
"description": "A token for the Git user that will perform git operations inside a pipeline. This includes environment repository creation, and so this token should have full repository permissions. To create a token go to {{ .GitServer }}/profile/personal_access_tokens then enter a name, click Generate token, and copy and paste the token into this prompt.",
"minLength": 8,
"maxLength": 50
}
{{- else }}
"token": {
"type": "string",
"format": "token",
"title": "Pipeline bot Git token",
"description": "A token for the Git user that will perform git operations inside a pipeline. This includes environment repository creation, and so this token should have full repository permissions. To create a token go to {{ .GitServer }}/settings/tokens/new?scopes=repo,read:user,read:org,user:email,write:repo_hook,delete_repo then enter a name, click Generate token, and copy and paste the token into this prompt.",
"minLength": 8,
"maxLength": 50
}
{{- end }}
}
},
"prow": {
"type": "object",
"properties": {
"hmacToken": {
"type": "string",
"format": "token",
"title": "HMAC token, used to validate incoming webhooks. Press enter to use the generated token",
"description": "The HMAC token is used by the Git Provider to create a hash signature for each webhook, and by Jenkins X to validate that the signature is from a trusted source. It's normally best to have Jenkins X generate a token for you if you don't already have one. You'll need to save it and use it with all the webhooks configured in your git provider for Jenkins X. For more detail see: https://en.wikipedia.org/wiki/HMAC",
"default": "<generated:hmac>"
}
}
},
"enableDocker": {
"type": "boolean",
"title": "Do you want to configure an external Docker Registry?",
"description": "By default Jenkins X will use the docker registry from the cloud provider. If you want to configure an external docker registry such as Docker Hub or your own existing public docker registry enter Y"
}
},
"allOf": [
{
"if": {
"properties": {
"enableDocker": {
"const": true,
"type": "boolean"
}
}
},
"then": {
"properties": {
"docker": {
"type": "object",
"required": [
"url",
"username",
"password",
"email"
],
"properties": {
"url": {
"type": "string",
"title": "Docker Registry Url",
"default": "https://index.docker.io/v1/",
"description": "The URL of the external docker registry",
"format": "uri"
},
"username": {
"type": "string",
"title": "Docker Registry username",
"description": "The username used to access the external docker registry"
},
"password": {
"type": "string",
"format": "password",
"title": "Docker Registry password",
"description": "The password used to access the external docker registry"
},
"email": {
"type": "string",
"title": "Docker Registry email",
"description": "The email used to configure the external docker registry"
}
}
}
}
}
}
]
}

6
env/prow/README.MD vendored Normal file
View File

@@ -0,0 +1,6 @@
# prow
|App Metadata||
|---|---|
| **Version** | 0.0.465 |
| **Chart Repository** | http://chartmuseum.jenkins-x.io |

37
env/prow/values.tmpl.yaml vendored Normal file
View File

@@ -0,0 +1,37 @@
{{- if eq .Requirements.webhook "prow" }}
enabled: true
{{- else }}
enabled: false
{{- end }}
hmacToken: "{{ .Parameters.prow.hmacToken }}"
oauthToken: "{{ .Parameters.pipelineUser.token }}"
user: "{{ .Parameters.pipelineUser.username }}"
buildnum:
enabled: false
pipelinerunner:
enabled: "true"
args:
- controller
- pipelinerunner
tillerNamespace: ""
sinker:
enabled: false
replicaCount: 0
build:
enabled: false
plank:
enabled: false
vault:
{{- if eq .Requirements.secretStorage "vault" }}
enabled: true
{{- else }}
enabled: false
{{- end }}
clusterName: {{ .Requirements.cluster.clusterName }}

23
env/requirements.yaml vendored Normal file
View File

@@ -0,0 +1,23 @@
dependencies:
- name: jxboot-resources
repository: http://chartmuseum.jenkins-x.io
- alias: tekton
name: tekton
repository: http://chartmuseum.jenkins-x.io
- alias: prow
condition: prow.enabled
name: prow
repository: http://chartmuseum.jenkins-x.io
- alias: lighthouse
condition: lighthouse.enabled
name: lighthouse
repository: http://chartmuseum.jenkins-x.io
- alias: bucketrepo
condition: bucketrepo.enabled
name: bucketrepo
repository: http://chartmuseum.jenkins-x.io
- name: jenkins-x-platform
repository: http://chartmuseum.jenkins-x.io
#- condition: chartmuseum.enabled
# name: chartmuseum
# repository: http://chartmuseum.jenkins-x.io

6
env/tekton/README.MD vendored Normal file
View File

@@ -0,0 +1,6 @@
# tekton
|App Metadata||
|---|---|
| **Version** | 0.0.32 |
| **Chart Repository** | http://chartmuseum.jenkins-x.io |

24
env/tekton/values.tmpl.yaml vendored Normal file
View File

@@ -0,0 +1,24 @@
{{- if eq .Requirements.webhook "prow" }}
enabled: true
{{- else if eq .Requirements.webhook "lighthouse" }}
enabled: true
{{- else }}
enabled: false
{{- end }}
webhook:
enabled: false
auth:
git:
username: "{{ .Parameters.pipelineUser.username }}"
password: "{{ .Parameters.pipelineUser.token }}"
url: {{ .Requirements.cluster.gitServer | default "https://github.com" }}
{{- if hasKey .Parameters "docker" }}
docker:
username: "{{ .Parameters.docker.username }}"
password: "{{ .Parameters.docker.password }}"
url: "{{ .Parameters.docker.url }}"
{{- end }}
tillerNamespace: ""

1
env/templates/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
# dummy

13
env/values.tmpl.yaml vendored Normal file
View File

@@ -0,0 +1,13 @@
tekton:
{{- if eq .Requirements.webhook "prow" }}
enabled: true
{{- else if eq .Requirements.webhook "lighthouse" }}
enabled: true
{{- else }}
enabled: false
{{- end }}
# Use cert-manager 0.11 CRDs/APIs with Dex
dex:
certs:
newApi: true

53
jenkins-x-bdd-local.yml Normal file
View File

@@ -0,0 +1,53 @@
buildPack: none
pipelineConfig:
pipelines:
pullRequest:
pipeline:
options:
containerOptions:
resources:
limits:
cpu: 4
memory: 6144Mi
requests:
cpu: 1
memory: 2048Mi
environment:
- name: GOPROXY
value: http://jenkins-x-athens-proxy:80
- name: GKE_SA
value: /secrets/bdd/sa.json
- name: DOMAIN_ROTATION
value: "false"
- name: GH_ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: jenkins-x-bot-test-github
key: password
- name: JENKINS_PASSWORD
valueFrom:
secretKeyRef:
name: test-jenkins-user
key: password
agent:
image: gcr.io/jenkinsxio/builder-go-maven
stages:
- name: ci
options:
volumes:
- name: sa
secret:
secretName: bdd-secret
items:
- key: bdd-credentials.json
path: bdd/sa.json
containerOptions:
volumeMounts:
- mountPath: /secrets
name: sa
steps:
- name: verify-fmt
command: make verify-fmt
- name: run-bdd
command: bdd/bdd.sh
args: ['bdd/boot-local', 'bdd-config']

52
jenkins-x-bdd-vault.yml Normal file
View File

@@ -0,0 +1,52 @@
pipelineConfig:
pipelines:
pullRequest:
pipeline:
options:
containerOptions:
resources:
limits:
cpu: 4
memory: 6144Mi
requests:
cpu: 1
memory: 2048Mi
environment:
- name: GOPROXY
value: http://jenkins-x-athens-proxy:80
- name: GKE_SA
value: /secrets/bdd/sa.json
- name: DOMAIN_ROTATION
value: "false"
- name: GH_ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: jenkins-x-bot-test-github
key: password
- name: JENKINS_PASSWORD
valueFrom:
secretKeyRef:
name: test-jenkins-user
key: password
agent:
image: gcr.io/jenkinsxio/builder-go-maven
stages:
- name: ci
options:
volumes:
- name: sa
secret:
secretName: bdd-secret
items:
- key: bdd-credentials.json
path: bdd/sa.json
containerOptions:
volumeMounts:
- mountPath: /secrets
name: sa
steps:
- name: verify-fmt
command: make verify-fmt
- name: run-bdd
command: bdd/bdd.sh
args: ['bdd/boot-vault', 'bdd-config']

20
jenkins-x-release.yml Normal file
View File

@@ -0,0 +1,20 @@
buildPack: none
pipelineConfig:
pipelines:
release:
pipeline:
agent:
image: gcr.io/jenkinsxio/builder-jx
stages:
- name: release
steps:
- name: changelog
command: jx
args:
- step
- changelog
- --verbose
- --version
- ${VERSION}
- --rev
- ${PULL_BASE_SHA}

278
jenkins-x.yml Normal file
View File

@@ -0,0 +1,278 @@
buildPack: none
pipelineConfig:
pipelines:
pullRequest:
pipeline:
agent:
image: gcr.io/jenkinsxio/builder-go
stages:
- name: pr-checks
options:
containerOptions:
volumeMounts:
- mountPath: /builder/home/.jx/localSecrets/currentCluster
name: local-secrets
readOnly: true
volumes:
- name: local-secrets
secret:
optional: true
secretName: local-param-secrets
steps:
- args:
- step
- verify
- values
- --values-file=parameters.yaml
- --schema-file=parameters.tmpl.schema.json
command: jx
dir: /workspace/source/env
name: verify-parameters
- args:
- build
command: make
dir: /workspace/source/env
name: lint-env-helm
release:
pipeline:
agent:
image: gcr.io/jenkinsxio/builder-go
environment:
- name: DEPLOY_NAMESPACE
value: jx
stages:
- name: release
options:
containerOptions:
volumeMounts:
- mountPath: /builder/home/.jx/localSecrets/currentCluster
name: local-secrets
readOnly: true
volumes:
- name: local-secrets
secret:
optional: true
secretName: local-param-secrets
steps:
- args:
- step
- git
- validate
command: jx
dir: /workspace/source/env
name: validate-git
- args:
- step
- verify
- preinstall
- --provider-values-dir="kubeProviders"
command: jx
dir: /workspace/source
name: verify-preinstall
- args:
- upgrade
- crd
command: jx
name: install-jx-crds
- args:
- step
- helm
- apply
- --boot
- --remote
- --no-vault
- --name
- velero
command: jx
dir: /workspace/source/systems/velero
env:
- name: DEPLOY_NAMESPACE
value: velero
name: install-velero
- args:
- step
- helm
- apply
- --boot
- --remote
- --no-vault
- --name
- velero-backups
command: jx
dir: /workspace/source/systems/velero-backups
env:
- name: DEPLOY_NAMESPACE
value: velero
name: install-velero-backups
- args:
- step
- helm
- apply
- --boot
- --remote
- --no-vault
- --name
- jxing
command: jx
dir: /workspace/source/systems/jxing
env:
- name: DEPLOY_NAMESPACE
value: kube-system
name: install-nginx-controller
- args:
- step
- create
- install
- values
- -b
command: jx
dir: /workspace/source/env
name: create-install-values
- args:
- step
- helm
- apply
- --boot
- --remote
- --no-vault
- --name
- exdns
command: jx
dir: /workspace/source/systems/external-dns
name: install-external-dns
- args:
- apply
- --wait
- --validate=false
- -f
- https://raw.githubusercontent.com/jetstack/cert-manager/release-0.11/deploy/manifests/00-crds.yaml
command: kubectl
dir: /workspace/source
env:
- name: DEPLOY_NAMESPACE
value: cert-manager
name: install-cert-manager-crds
- args:
- step
- helm
- apply
- --boot
- --remote
- --no-vault
- --name
- cm
command: jx
dir: /workspace/source/systems/cm
env:
- name: DEPLOY_NAMESPACE
value: cert-manager
name: install-cert-manager
- args:
- step
- helm
- apply
- --boot
- --remote
- --no-vault
- --name
- acme
command: jx
dir: /workspace/source/systems/acme
name: install-acme-issuer-and-certificate
- args:
- step
- boot
- vault
- --provider-values-dir
- ../../kubeProviders
command: jx
dir: /workspace/source/systems/vault
name: install-vault
- args:
- step
- create
- values
- --name
- parameters
command: jx
dir: /workspace/source/env
name: create-helm-values
- args:
- step
- create
- templated
- --parameters-file=../../env/parameters.yaml
- --requirements-dir=../../
- --template-file=jx-auth-configmap.tmpl.yaml
- --config-file=templates/jx-auth-configmap.yaml
command: jx
dir: /workspace/source/systems/jx-auth
name: create-jx-auth-config
- args:
- step
- helm
- apply
- --boot
- --remote
- --no-vault
- --name
- jx-auth
command: jx
dir: /workspace/source/systems/jx-auth
name: install-jx-auth-config
- args:
- step
- helm
- apply
- --boot
- --remote
- --name
- jenkins-x
- --provider-values-dir
- ../kubeProviders
command: jx
dir: /workspace/source/env
name: install-jenkins-x
- args:
- step
- verify
- env
command: jx
dir: /workspace/source
name: verify-jenkins-x-environment
- args:
- step
- helm
- apply
- --boot
- --name
- repos
command: jx
dir: /workspace/source/repositories
name: install-repositories
- args:
- step
- scheduler
- config
- apply
- --direct=true
command: jx
dir: /workspace/source/prowConfig
name: install-pipelines
- args:
- update
- webhooks
- --verbose
- --warn-on-fail
command: jx
dir: /workspace/source/repositories
name: update-webhooks
- args:
- step
- verify
- install
- --pod-wait-time
- 30m
command: jx
dir: /workspace/source/env
name: verify-installation

35
jx-requirements.yml Normal file
View File

@@ -0,0 +1,35 @@
cluster:
clusterName: ""
environmentGitOwner: ""
environmentGitPublic: false
project: ""
provider: gke
zone: ""
gitops: true
environments:
- key: dev
- key: staging
- key: production
ingress:
domain: ""
externalDNS: false
tls:
email: ""
enabled: false
production: false
kaniko: true
secretStorage: local
storage:
logs:
enabled: false
url: ""
reports:
enabled: false
url: ""
repository:
enabled: false
url: ""
versionStream:
ref: "master"
url: https://github.com/jenkins-x/jenkins-x-versions.git
webhook: prow

4
kubeProviders/README.md Normal file
View File

@@ -0,0 +1,4 @@
## Provider Specific Configurations
To try maximise reuse of Jenkins X Boot configurations across cloud providers we try to put all the cloud specific configurations in this directory.

1
kubeProviders/aks/README.md Normal file
View File

@@ -0,0 +1 @@
# Jenkins X Boot configuration for Azure Container Engine

12
kubeProviders/aks/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,12 @@
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
jenkins-x-platform:
PipelineSecrets:
# lets enable ACR docker builds
DockerConfig: |-
{
"credsStore": "acr-linux"
}
docker-registry:
enabled: false

1
kubeProviders/alibaba/README.md Normal file
View File

@@ -0,0 +1 @@
# Jenkins X Boot configuration for Alibaba Container Service

17
kubeProviders/alibaba/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,17 @@
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
chartmuseum:
persistence:
size: 20Gi
jenkins:
Persistence:
Size: 20Gi
monocular:
mongodb:
persistence:
size: 20Gi
nexus:
persistence:
size: 20Gi
tekton:
pvc:
size: 20Gi

1
kubeProviders/aws/README.md Normal file
View File

@@ -0,0 +1 @@
# Jenkins X Boot configuration for generic Kubernetes

12
kubeProviders/aws/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,12 @@
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
jenkins-x-platform:
PipelineSecrets:
# lets enable ECR docker builds
DockerConfig: |-
{
"credsStore": "ecr-login"
}
docker-registry:
enabled: false

1
kubeProviders/eks/README.md Normal file
View File

@@ -0,0 +1 @@
# Jenkins X Boot configuration for EKS

53
kubeProviders/eks/templates/irsa.tmpl.yaml Normal file
View File

@@ -0,0 +1,53 @@
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: {{ .Requirements.cluster.clusterName }}
region: {{ .Requirements.cluster.region }}
iam:
withOIDC: true
serviceAccounts:
{{- if .IAM.TektonBotPolicy }}
- metadata:
name: tekton-bot
namespace: jx
labels: {aws-usage: "jenkins-x"}
attachPolicyARNs:
- {{.IAM.TektonBotPolicy | quote}}
{{- end }}
{{- if .IAM.ExternalDNSPolicy }}
- metadata:
name: exdns-external-dns
namespace: jx
labels: {aws-usage: "jenkins-x"}
attachPolicyARNs:
- {{.IAM.ExternalDNSPolicy | quote}}
{{- end }}
{{- if .IAM.CertManagerPolicy }}
- metadata:
name: cm-cert-manager
namespace: cert-manager
labels: {aws-usage: "jenkins-x"}
attachPolicyARNs:
- {{.IAM.CertManagerPolicy | quote}}
- metadata:
name: cm-cainjector
namespace: cert-manager
labels: {aws-usage: "jenkins-x"}
attachPolicyARNs:
- {{.IAM.CertManagerPolicy | quote}}
{{- end }}
- metadata:
name: jenkins-x-controllerbuild
namespace: jx
labels: {aws-usage: "jenkins-x"}
attachPolicyARNs:
- "arn:aws:iam::aws:policy/AmazonS3FullAccess"
- metadata:
name: jxui
namespace: jx
labels: {aws-usage: "jenkins-x"}
attachPolicyARNs:
- "arn:aws:iam::aws:policy/AmazonS3FullAccess"

81
kubeProviders/eks/templates/jenkinsx-policies.yml Normal file
View File

@@ -0,0 +1,81 @@
Description: 'Template to generate the necessary IAM Policies for Jenkins-X EKS support '
Resources:
CFNJenkinsXPolicies:
Type: AWS::IAM::ManagedPolicy
Properties:
ManagedPolicyName: !Join [ "-", [ CFNTektonBotPolicy, Ref: PoliciesSuffixParameter] ]
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- cloudformation:ListStacks
- cloudformation:DescribeStacks
- cloudformation:CreateStack
- cloudformation:DeleteStack
- eks:*
- s3:*
- iam:DetachRolePolicy
- iam:GetPolicy
- iam:CreatePolicy
- iam:DeleteRole
- iam:GetOpenIDConnectProvider
Resource: "*"
CFNExternalDNSPolicies:
Type: AWS::IAM::ManagedPolicy
Properties:
ManagedPolicyName: !Join [ "-", [ CFNExternalDNSPolicy, Ref: PoliciesSuffixParameter] ]
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- route53:ChangeResourceRecordSets
Resource: "arn:aws:route53:::hostedzone/*"
- Effect: Allow
Action:
- route53:ListHostedZones
- route53:ListResourceRecordSets
Resource: "*"
CFNCertManagerPolicies:
Type: AWS::IAM::ManagedPolicy
Properties:
ManagedPolicyName: !Join [ "-", [ CFNCertManagerPolicy, Ref: PoliciesSuffixParameter] ]
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- route53:GetChange
Resource: "arn:aws:route53:::change/*"
- Effect: Allow
Action:
- route53:ChangeResourceRecordSets
Resource: "arn:aws:route53:::hostedzone/*"
- Effect: Allow
Action:
- route53:ListHostedZonesByName
Resource: "*"
Parameters:
PoliciesSuffixParameter:
Type: String
Description: A suffix so we can create different policies on each execution
Outputs:
CFNTektonBotPolicy:
Value:
Ref: CFNJenkinsXPolicies
Description: The ARN of the created policy
Export:
Name: !Join [ "-", [ TektonBotPolicy, Ref: PoliciesSuffixParameter] ]
CFNExternalDNSPolicy:
Value:
Ref: CFNExternalDNSPolicies
Description: The ARN of the created policy
Export:
Name: !Join [ "-", [ ExternalDNSPolicy, Ref: PoliciesSuffixParameter] ]
CFNCertManagerPolicy:
Value:
Ref: CFNCertManagerPolicies
Description: The ARN of the created policy
Export:
Name: !Join [ "-", [ CertManagerPolicy, Ref: PoliciesSuffixParameter] ]

133
kubeProviders/eks/templates/vault_cf_tmpl.yml Normal file
View File

@@ -0,0 +1,133 @@
Resources:
AWSDynamoDBTable:
Properties:
AttributeDefinitions:
- AttributeName: Path
AttributeType: S
- AttributeName: Key
AttributeType: S
KeySchema:
- AttributeName: Path
KeyType: HASH
- AttributeName: Key
KeyType: RANGE
ProvisionedThroughput:
ReadCapacityUnits: 2
WriteCapacityUnits: 2
TableName: !Join [ "_", [ Ref: DynamoDBTableName, Ref: ResourcesSuffixParameter ] ]
Tags:
- Key: Name
Value: vault-dynamo-db-table
Type: AWS::DynamoDB::Table
AWSKMSKey:
Properties:
Description: KMS Key for bank vault unseal
KeyPolicy:
Statement:
- Action: kms:*
Effect: Allow
Principal:
AWS:
- Fn::Sub: arn:aws:iam::${AWS::AccountId}:root
- Fn::Sub: arn:aws:iam::${AWS::AccountId}:user/${IAMUser}
Resource: "*"
Sid: Enable IAM User Permissions
Version: '2012-10-17'
Type: AWS::KMS::Key
AWSS3Bucket:
Properties:
AccessControl: Private
BucketName: !Join [ "-", [ Ref: S3BucketName, Ref: ResourcesSuffixParameter ] ]
VersioningConfiguration:
Status: Suspended
Type: AWS::S3::Bucket
AWSIAMPolicy:
DependsOn:
- AWSDynamoDBTable
- AWSS3Bucket
- AWSKMSKey
Properties:
PolicyDocument:
Statement:
- Action:
- dynamodb:DescribeLimits
- dynamodb:DescribeTimeToLive
- dynamodb:ListTagsOfResource
- dynamodb:DescribeReservedCapacityOfferings
- dynamodb:DescribeReservedCapacity
- dynamodb:ListTables
- dynamodb:BatchGetItem
- dynamodb:BatchWriteItem
- dynamodb:CreateTable
- dynamodb:DeleteItem
- dynamodb:GetItem
- dynamodb:GetRecords
- dynamodb:PutItem
- dynamodb:Query
- dynamodb:UpdateItem
- dynamodb:Scan
- dynamodb:DescribeTable
Effect: Allow
Resource:
Fn::Sub: "${AWSDynamoDBTable.Arn}"
Sid: DynamoDB
- Action:
- s3:PutObject
- s3:GetObject
Effect: Allow
Resource:
Fn::Sub: "${AWSS3Bucket.Arn}/*"
Sid: S3
- Action:
- s3:ListBucket
Effect: Allow
Resource:
Fn::Sub: "${AWSS3Bucket.Arn}"
Sid: S3List
- Action:
- kms:Encrypt
- kms:Decrypt
Effect: Allow
Resource:
Fn::Sub: "${AWSKMSKey.Arn}"
Sid: KMS
Version: '2012-10-17'
ManagedPolicyName: !Sub
- "vault_${AWS::StackName}-${AWS::Region}-${Suffix}"
- { Suffix: !Ref ResourcesSuffixParameter }
Users:
- !Ref IAMUser
Type: AWS::IAM::ManagedPolicy
Parameters:
ResourcesSuffixParameter:
Type: String
Description: A suffix so we can create different resources on each execution
S3BucketName:
Type: String
Description: The name of the S3 bucket to use for Vault
DynamoDBTableName:
Type: String
Description: The name of the DynamoDB table to use for VAult
IAMUser:
Type: String
Description: The name of the IAM user to use for Vault
Outputs:
AWSS3Bucket:
Value:
Ref: AWSS3Bucket
Description: The ARN of the created bucket
Export:
Name: !Sub "${AWS::StackName}-AWSS3Bucket"
AWSKMSKey:
Value:
Ref: AWSKMSKey
Description: The ARN of the created KMS Key
Export:
Name: !Sub "${AWS::StackName}-AWSKMSKey"
AWSDynamoDBTable:
Value:
Ref: AWSDynamoDBTable
Description: The ARN of the created DynamoDB table
Export:
Name: !Sub "${AWS::StackName}-AWSDynamoDBTable"

18
kubeProviders/eks/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,18 @@
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
jenkins-x-platform:
PipelineSecrets:
# lets enable ECR docker builds
DockerConfig: |-
{
{{- if .Requirements.cluster.registry }}
"credHelpers": {
"{{ .Requirements.cluster.registry }}": "ecr-login"
}
{{- else }}
"credsStore": "ecr-login"
{{- end }}
}
docker-registry:
enabled: false

1
kubeProviders/gke/README.md Normal file
View File

@@ -0,0 +1 @@
# Jenkins X Boot configuration for Google Container Engine

24
kubeProviders/gke/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,24 @@
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
jenkins-x-platform:
PipelineSecrets:
# lets enable GCR docker builds
DockerConfig: |-
{
"credHelpers": {
"gcr.io": "gcr",
"us.gcr.io": "gcr",
"eu.gcr.io": "gcr",
"asia.gcr.io": "gcr",
"staging-k8s.gcr.io": "gcr"
}
}
docker-registry:
{{- if eq .Requirements.webhook "jenkins" }}
enabled: true
{{- else }}
enabled: false
{{- end }}

1
kubeProviders/icp/README.md Normal file
View File

@@ -0,0 +1 @@
# Jenkins X Boot configuration for IBM Cloud Private

24
kubeProviders/icp/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,24 @@
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
monocular:
mongodb:
persistence:
enabled: false
# We'll be using the IBM Cloud Private registry
docker-registry:
enabled: false
jenkins:
Servers:
# global node properties
Global:
EnvVars:
# Override this if your cluster name is not mycluster.icp (the default for IBM Cloud Private) with --docker-registry
DOCKER_REGISTRY: mycluster.icp:8500/jx
Master:
ServiceAnnotations:
fabric8.io/ingress.annotations: "kubernetes.io/ingress.class: nginx\nnginx.ingress.kubernetes.io/proxy-body-size: 500m\nkubernetes.io/tls-acme: true\ncertmanager.k8s.io/cluster-issuer: icp-ca-issuer"
Readiness:
InitialDelaySeconds: 10
Liveness:
InitialDelaySeconds: 10

226
kubeProviders/iks/README.md Normal file
View File

@@ -0,0 +1,226 @@
# Jenkins X Boot configuration for IBM Cloud
CAUTION: Current `iks` clusters need `kaniko` if you want to use them for building Docker images in the course of your CI pipeline (which is an essential step to get your applications into your JX k8s cluster). This is not yet implemented, cf. https://github.com/jenkins-x/jx/issues/3971.
## Prerequisites
* Make yourself familiar with the general Jenkins-X (JX) setup: https://jenkins-x.io/documentation/
* You need a GitHub account: https://github.com (Checkout the appendix of this document, if you would like to use IBM Cloud Git instead)
* Before setting up (JX) on IBM cloud with Kubernetes (IKS) you need an IBM account.
You can apply for a free trial for one year here: https://www.ibm.com/partners/start/cloud-container-service/
NOTE: A _free_ IBM cloud account does not include all necessary permissions and resources to run k8s and JX.
## Initial cloud setup
### Automatic initial setup
Run the following shell script, it should setup the local cloud tools (`ibmcloud`) on your machine.
# An IKS 1.10 cluster must be used, 1.11 was broken with jenkins-x at the time of writing
curl -sL https://ibm.biz/idt-installer | bash
### Manual initial setup
If the automatic setup fails, you may perform a manual setup, as described here: https://console.bluemix.net/docs/cli/index.html#overview
And install some additional plugins
ibmcloud plugin install container-service
ibmcloud plugin install container-registry
and some tools used by JX
* install latest helm -> https://docs.helm.sh/using_helm/#installing-helm
* install kubectl 1.10 -> https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl-binary-using-curl
* install jx -> https://jenkins-x.io/getting-started/install/
Then login to the IBM cloud
ibmcloud login -a https://api.us-east.bluemix.net (--sso / --apikey as appropriate)
## Create/Install k8s/JX
NOTE: Check out the open issues section at the end of the document (before the Appendix section) for some known limitations!
### Create IKS cluster and JX automatically
One of the large strengths of JX is, that it can even set up a k8s cluster automatically during the install process.
Just call:
```bash
jx create cluster iks \
-n jx-wdc04 \
-r us-east \
-z wdc04 \
-m b2c.4x16 \
--workers=3 \
--kube-version=1.11.9 \
\
--namespace='jx'
```
and answer some remaining questions, e.g., for your Git/GitHub user.
NOTE: If you run into problems or want to customize parts of the setup, follow the instructions in the next section.
### Set up IKS and JX manually
#### Set up IKS cluster manually
* Find a region: `ibmcloud ks regions`
* Set the region (eg. us-east, cf. [issue 2984](https://github.com/jenkins-x/jx/issues/2984)): `ibmcloud ks region-set us-east`
* Find a zone (eg. wdc07): `ibmcloud ks zones`
* Find machine types (should use `b2c.4x16 minimum`): `ibmcloud ks machine-types --zone wdc07`
* Find the k8s 1.11.x version: `ibmcloud ks kube-versions`
* Find the Public and private vlans (if none exist, they will be created): `ibmcloud ks vlans --zone wdc07`
* Create VLANs, if vlans exist in the zone, they will need to be specified here otherwise they will be created.
* If you want to use let's encrypt, make sure to specify a cluster name so that `docker-registry.jx.<clustername>.<regionname>.containers.appdomain.cloud` is less than 64 characters (will be checked automatically during install), eg., `docker-registry.jx.jx-wdc07.us-east.container.appdomain.cloud < 64 chars` (Smallest possible is best).
* Set up the cluster (some parameters depend on your settings before or what resource types are available in the chosen region, zone etc.):
```bash
ibmcloud ks cluster-create \
--name jx-wdc07 \
--kube-version 1.11.9 \
--zone wdc07 \
--machine-type b2c.4x16 \
--workers 3 \
--private-vlan 2323675 \
--public-vlan 2323691
```
* Check until state is "normal" (takes about 25 minutes): `ibmcloud ks cluster-get --cluster jx-wdc07`
* Import cluster parameters to your shell environment: `eval $(ibmcloud ks cluster-config --export --cluster jx-wdc07)`
#### Setup Helm / Tiller
CAUTION: This gives Tiller all privileges, do not use it for production environments!
```bash
kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
# kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
helm init --service-account tiller --upgrade
```
#### Setup block storage drivers (Optional)
* Install block storage drives with helm
```bash
# helm init # Unless you already have initialized helm in the setup step before?
helm repo add ibm https://registry.bluemix.net/helm/ibm
helm repo update
helm install ibm/ibmcloud-block-storage-plugin --name ibmcloud-block-storage-plugin
```
* Make block default
```bash
kubectl patch storageclass ibmc-file-bronze -p \
'{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"false"}}}'
```
* Alternatively (if included in your plan) you can also choose `ibmc-block-silver` or `ibmc-block-gold` for better IOPS
```bash
kubectl patch storageclass ibmc-block-silver -p \
'{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
```
#### Setup https (Recommended)
WARNING: This does not work and needs further testing/investigation!
Note: There is also a jenkins- addon, may work but never tested with IBM Cloud
```bash
# Optional/Sometime necessary? kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.6.1/deploy/manifests/00-crds.yaml
helm install \
--namespace=kube-system \
--name=cert-manager stable/cert-manager \
--set=ingressShim.defaultIssuerKind=ClusterIssuer \
--set=ingressShim.defaultIssuerName=letsencrypt-staging \
--version v0.5.2
cat << EOF| kubectl create -n kube-system -f -
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: YOUREEMAIL@ca.ibm.com
privateKeySecretRef:
name: letsencrypt-staging
http01: {}
EOF
```
#### Install JX manually
* Have your GitHub account at hand,
* Have your cluster subdomain for the domain flag (example provided) at hand,
* answer Y to create ingress when asked,
```bash
jx install cluster --provider=iks \
--domain='jx-wdc07.us-east.containers.appdomain.cloud' \
[ --default-admin-password=<password> ]
```
* wait until done. can check status by doing `kubectl get deployments,services,pvc,pv,ingress -n jx` in another terminal
* Upgrade ingress if you have installed https: `jx upgrade ingress`
* Make sure you can push and pull images into the account: `ibmcloud cr token-add --non-expiring --readwrite --description "Jenkins-X Token"`
## Open issues
There are some open issues at the time of this writing (2019-02-05), some of which may limit your usage of IKS.
NOTE: This is only a snapshot, check out their state or if others exist meanwhile: https://github.com/jenkins-x/jx/issues?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+label%3Aarea%2FIKS+
| *Limitation* | *GitHub Issue* | *WIP* |
| ------------------------------------------------------------------------- |:----------------------------------------------------:|:-----:|
| Currently it is only possible to create a cluster in the region *us-east* | [#2984](https://github.com/jenkins-x/jx/issues/2984) | - |
| JX environments are not created automatically | [#2985](https://github.com/jenkins-x/jx/issues/2985) | - |
| Cluster registry is not automatically created | [#2997](https://github.com/jenkins-x/jx/issues/2997) | - |
| `batch-mode`, `verbose`-Flag etc. not possible | [#2996](https://github.com/jenkins-x/jx/issues/2996) | - |
| IKS needs `kaniko` to perform builds | [#3971](https://github.com/jenkins-x/jx/issues/3971) | - |
----
## Appendix
These setups are usually not necessary.
### Create Docker secret
* `kubectl --namespace default create secret docker-registry registrysecret --docker-server=registry.<region>.bluemix.net --docker-username=token --docker-password=<token_value> --docker-email=<email>`
* Copy the "Token"
echo -n token:<Token here> | base64 -w0
* Copy the base64 value and create a file called `config.json` with this contents:
```{
"auths": {
"registry.ng.bluemix.net": {
"auth": "<base64 encoded token>"
}
}
}
```
* Replace the existing Docker secret
kubectl delete secret jenkins-docker-cfg -n jx
kubectl create secret generic jenkins-docker-cfg --from-file=./config.json -n jx
* At this point the jenkins server needs to restarted to pick up the new docker creds: `kubectl -njx delete pods` -lapp=jenkins
### Use IBM Git
If you want to use git.ng.bluemix.net (gitlab), create a personal access token there
jx create git server gitlab https://git.ng.bluemix.net -n gitlab
jx create git token -n gitlab -t <gitlab token> <gitlab username>

21
kubeProviders/iks/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,21 @@
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
jenkins:
Servers:
Global:
EnvVars:
DOCKER_REGISTRY: "registry.ng.bluemix.net"
# Smaller cluster configurations require more time
Master:
Readiness:
InitialDelaySeconds: 600
Liveness:
InitialDelaySeconds: 660
docker-registry:
enabled: false
jenkins-x-platform:
# lets disable creating the jenkins-x-docker-cfg secret
# we can manage that by hand for now
.PipelineSecrets:
DockerConfig: ""

1
kubeProviders/kubernetes/README.md Normal file
View File

@@ -0,0 +1 @@
# Jenkins X Boot configuration for generic Kubernetes

1
kubeProviders/kubernetes/values.tmpl.yaml Normal file
View File

@@ -0,0 +1 @@
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml

5
kubeProviders/minikube/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,5 @@
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
exposecontroller:
exposecontroller:
HTTP: "true"
TLSACME: "false"

64
kubeProviders/minishift/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,64 @@
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
exposecontroller:
exposecontroller:
HTTP: "true"
TLSACME: "false"
# disable monocular until the routing is fixed
monocular:
enabled: false
docker-registry:
enabled: false
jenkins:
Master:
Image: "davidconde/jenkinsx-openshift"
ImageTag: "0.0.1"
ServiceAccountAnnotations: |
serviceaccounts.openshift.io/oauth-redirectreference.jenkins: >-
{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"jenkins"}}
AuthorizationStrategyClass: "hudson.security.GlobalMatrixAuthorizationStrategy"
AuthorizationStrategyAttributes:
- name: "permission"
value: "hudson.model.Computer.Configure:admin"
- name: "permission"
value: "hudson.model.Computer.Delete:admin"
- name: "permission"
value: "hudson.model.Hudson.Administer:admin"
- name: "permission"
value: "hudson.model.Hudson.Read:admin"
- name: "permission"
value: "hudson.model.Item.Build:admin"
- name: "permission"
value: "hudson.model.Item.Configure:admin"
- name: "permission"
value: "hudson.model.Item.Create:admin"
- name: "permission"
value: "hudson.model.Item.Delete:admin"
- name: "permission"
value: "hudson.model.Item.Read:admin"
- name: "permission"
value: "hudson.model.Item.Workspace:admin"
- name: "permission"
value: "hudson.model.Run.Delete:admin"
- name: "permission"
value: "hudson.model.Run.Update:admin"
- name: "permission"
value: "hudson.model.View.Configure:admin"
- name: "permission"
value: "hudson.model.View.Create:admin"
- name: "permission"
value: "hudson.model.View.Delete:admin"
- name: "permission"
value: "hudson.scm.SCM.Tag:admin"
SecurityRealmClass: "hudson.security.HudsonPrivateSecurityRealm"
SecurityRealmAttributes:
- name: "disableSignup"
value: "true"
- name: "enableCaptcha"
value: "false"
Global:
EnvVars:
DOCKER_REGISTRY: "docker-registry.default.svc:5000"

1
kubeProviders/oke/README.md Normal file
View File

@@ -0,0 +1 @@
# Jenkins X Boot configuration for Oracle Cloud Infrastructure Container Engine for Kubernetes

14
kubeProviders/oke/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,14 @@
chartmuseum:
persistence:
Size: 50Gi
jenkins:
Persistence:
Size: 50Gi
monocular:
mongodb:
persistence:
size: 50Gi
jenkins:
Agent:
KubernetesServerURL: "https://kubernetes.default.svc"

63
kubeProviders/openshift/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,63 @@
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
exposecontroller:
exposecontroller:
HTTP: "true"
TLSACME: "false"
# disable monocular until the routing is fixed
monocular:
enabled: false
docker-registry:
enabled: false
jenkins:
Master:
Image: "davidconde/jenkinsx-openshift"
ImageTag: "0.0.1"
ServiceAccountAnnotations: |
serviceaccounts.openshift.io/oauth-redirectreference.jenkins: >-
{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"jenkins"}}
AuthorizationStrategyClass: "hudson.security.GlobalMatrixAuthorizationStrategy"
AuthorizationStrategyAttributes:
- name: "permission"
value: "hudson.model.Computer.Configure:admin"
- name: "permission"
value: "hudson.model.Computer.Delete:admin"
- name: "permission"
value: "hudson.model.Hudson.Administer:admin"
- name: "permission"
value: "hudson.model.Hudson.Read:admin"
- name: "permission"
value: "hudson.model.Item.Build:admin"
- name: "permission"
value: "hudson.model.Item.Configure:admin"
- name: "permission"
value: "hudson.model.Item.Create:admin"
- name: "permission"
value: "hudson.model.Item.Delete:admin"
- name: "permission"
value: "hudson.model.Item.Read:admin"
- name: "permission"
value: "hudson.model.Item.Workspace:admin"
- name: "permission"
value: "hudson.model.Run.Delete:admin"
- name: "permission"
value: "hudson.model.Run.Update:admin"
- name: "permission"
value: "hudson.model.View.Configure:admin"
- name: "permission"
value: "hudson.model.View.Create:admin"
- name: "permission"
value: "hudson.model.View.Delete:admin"
- name: "permission"
value: "hudson.scm.SCM.Tag:admin"
SecurityRealmClass: "hudson.security.HudsonPrivateSecurityRealm"
SecurityRealmAttributes:
- name: "disableSignup"
value: "true"
- name: "enableCaptcha"
value: "false"
Global:
EnvVars:
DOCKER_REGISTRY: "docker-registry.default.svc:5000"

1
kubeProviders/pks/README.md Normal file
View File

@@ -0,0 +1 @@
# Jenkins X Boot configuration for PKS

24
kubeProviders/pks/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,24 @@
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
jenkins:
Agent:
# for PKS there is a different docker host path
DockerHostPath: "/var/vcap/sys/run/docker/docker.sock"
DockerMountPath: "/var/run/docker.sock"
jenkins-x-platform:
PipelineSecrets:
{{- if eq .Parameters.enableDocker true }}
DockerConfig: |-
{
"auths":{
{{ .Parameters.docker.url | quote }}:
{
"auth": {{ printf "%s:%s" .Parameters.docker.username .Parameters.docker.password | b64enc | quote}},
"email": {{ .Parameters.docker.email | quote}}
}
}
}
{{- else}}
DockerConfig: ""
{{- end}}

1
prowConfig/README.md Normal file
View File

@@ -0,0 +1 @@
The Prow `ConfigMap` resources called `config` and `plugins` are generated here in case you wish to store them in git

6
repositories/Chart.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v1
description: Source Repositories Chart
maintainers:
- name: Team
name: repositories
version: "1"

10
repositories/templates/default-group.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: jenkins.io/v1
kind: SourceRepositoryGroup
metadata:
name: default-group
spec:
scheduler:
apiVersion: jenkins.io/v1
kind: Scheduler
name: default-scheduler
repositories: []

7
systems/acme/Chart.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
appVersion: 1.0.82
description: ACME Chart
maintainers:
- name: Team
name: acme
version: 1.0.82

17
systems/acme/templates/cert-manager-prod-certificate.yaml Normal file
View File

@@ -0,0 +1,17 @@
{{- if .Values.certmanager.enabled }}
{{- if eq .Values.certmanager.production "true" }}
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: "tls-{{ .Values.cluster.domain | replace "." "-" }}-p"
labels:
jenkins.io/letsencrypt-service: production
spec:
secretName: "tls-{{ .Values.cluster.domain | replace "." "-" }}-p"
issuerRef:
name: letsencrypt-prod
commonName: "*.{{ .Values.cluster.domain }}"
dnsNames:
- "*.{{ .Values.cluster.domain }}"
{{- end }}
{{- end }}

35
systems/acme/templates/cert-manager-prod-issuer.yaml Normal file
View File

@@ -0,0 +1,35 @@
{{- if .Values.certmanager.enabled }}
{{- if eq .Values.certmanager.production "true" }}
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: "{{ .Values.certmanager.email }}"
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- selector:
dnsNames:
- "*.{{ .Values.cluster.domain }}"
- "{{ .Values.cluster.domain }}"
# ACME DNS-01 provider configurations
dns01:
{{- if eq .Values.cluster.provider "gke" }}
clouddns:
# The project in which to update the DNS zone
project: "{{ .Values.cluster.projectID }}"
# A secretKeyRef to a google cloud json service account
serviceAccountSecretRef:
name: external-dns-gcp-sa
key: credentials.json
{{- end }}
{{- if eq .Values.cluster.provider "eks" }}
route53:
region: {{ .Values.cluster.region }}
{{- end }}
{{- end }}
{{- end }}

17
systems/acme/templates/cert-manager-staging-certificate.yaml Normal file
View File

@@ -0,0 +1,17 @@
{{- if .Values.certmanager.enabled }}
{{- if eq .Values.certmanager.production "false" }}
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: "tls-{{ .Values.cluster.domain | replace "." "-" }}-s"
labels:
jenkins.io/letsencrypt-service: staging
spec:
secretName: "tls-{{ .Values.cluster.domain | replace "." "-" }}-s"
issuerRef:
name: letsencrypt-staging
commonName: "*.{{ .Values.cluster.domain }}"
dnsNames:
- "*.{{ .Values.cluster.domain }}"
{{- end }}
{{- end }}

35
systems/acme/templates/cert-manager-staging-issuer.yaml Normal file
View File

@@ -0,0 +1,35 @@
{{- if .Values.certmanager.enabled }}
{{- if eq .Values.certmanager.production "false" }}
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
name: letsencrypt-staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: "{{ .Values.certmanager.email }}"
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-staging
solvers:
- selector:
dnsNames:
- "*.{{ .Values.cluster.domain }}"
- "{{ .Values.cluster.domain }}"
# ACME DNS-01 provider configurations
dns01:
{{- if eq .Values.cluster.provider "gke" }}
clouddns:
# The project in which to update the DNS zone
project: "{{ .Values.cluster.projectID }}"
# A secretKeyRef to a google cloud json service account
serviceAccountSecretRef:
name: external-dns-gcp-sa
key: credentials.json
{{- end }}
{{- if eq .Values.cluster.provider "eks" }}
route53:
region: {{ .Values.cluster.region }}
{{- end }}
{{- end }}
{{- end }}

20
systems/acme/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,20 @@
cluster:
domain: {{ .Requirements.ingress.domain }}
provider: {{ .Requirements.cluster.provider }}
{{- if hasKey .Requirements.cluster "project" }}
projectID: {{ .Requirements.cluster.project }}
{{- else }}
projectID: ""
{{- end }}
{{- if hasKey .Requirements.cluster "region" }}
region: {{ .Requirements.cluster.region }}
{{- else }}
region: ""
{{- end }}
{{- if .Requirements.ingress.tls }}
certmanager:
production: "{{ .Requirements.ingress.tls.production }}"
email: "{{ .Requirements.ingress.tls.email }}"
enabled: {{ .Requirements.ingress.tls.enabled }}
{{- end }}

6
systems/cm/Chart.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v1
description: Cert Manager Chart
maintainers:
- name: Team
name: cm
version: "1"

5
systems/cm/requirements.yaml Normal file
View File

@@ -0,0 +1,5 @@
dependencies:
- alias: cert-manager
condition: cert-manager.enabled
name: cert-manager
repository: https://charts.jetstack.io

16
systems/cm/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,16 @@
cert-manager:
enabled: {{ .Requirements.ingress.tls.enabled }}
{{- if eq .Requirements.cluster.provider "eks" }}
extraArgs:
- --issuer-ambient-credentials
securityContext:
enabled: true
fsGroup: 1001
{{- end }}
rbac:
create: true
webhook:
enabled: false
webhook:
enabled: false

6
systems/external-dns/Chart.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v1
description: External-DNS Chart
maintainers:
- name: Team
name: external-dns
version: "1"

4
systems/external-dns/requirements.yaml Normal file
View File

@@ -0,0 +1,4 @@
dependencies:
- condition: external-dns.enabled
name: external-dns
repository: https://charts.bitnami.com/bitnami

27
systems/external-dns/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,27 @@
external-dns:
enabled: {{ .Requirements.ingress.externalDNS }}
sources:
- ingress
{{- if eq .Requirements.cluster.provider "eks"}}
provider: aws
aws:
region: {{ .Requirements.cluster.region}}
securityContext:
fsGroup: 65534
{{- else if eq .Requirements.cluster.provider "gke"}}
provider: google
google:
serviceAccountSecret: external-dns-gcp-sa
{{- if hasKey .Requirements.cluster "project" }}
project: "{{ .Requirements.cluster.project }}"
{{ end }}
{{- end}}
rbac:
create: true
domainFilters:
{{- range .Requirements.environments }}
{{- if .ingress.domain }}
- "{{ .ingress.domain }}"
{{- end }}
{{- end }}

6
systems/jx-auth/Chart.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v1
description: Jx Auth Chart
maintainers:
- name: Team
name: jx-auth
version: "1"

24
systems/jx-auth/jx-auth-configmap.tmpl.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- if eq .Requirements.secretStorage "vault" }}
apiVersion: v1
kind: ConfigMap
metadata:
name: jx-auth-config
labels:
jenkins.io/created-by: jx
jenkins.io/config-type: auth
data:
gitAuth.yaml: |
currentserver: "{{ .Requirements.cluster.gitServer }}"
defaultusername: "{{ .Parameters.pipelineUser.username }}"
pipelineserver: "{{ .Requirements.cluster.gitServer }}"
pipelineusername: "{{ .Parameters.pipelineUser.username }}"
servers:
- currentuser: "{{ .Parameters.pipelineUser.username }}"
kind: "{{ .Requirements.cluster.gitKind }}"
name: "{{ .Requirements.cluster.gitName }}"
url: "{{ .Requirements.cluster.gitServer }}"
users:
- apitoken: "{{ .Parameters.pipelineUser.token }}"
bearertoken: ""
username: "{{ .Parameters.pipelineUser.username }}"
{{- end }}

1
systems/jx-auth/templates/jx-auth-configmap.yaml Normal file
View File

@@ -0,0 +1 @@
# This jx auth configmap will be generated from template

7
systems/jxing/Chart.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
description: Ingress Chart
icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v1.5.5/deployments/helm-chart/chart-icon.png
maintainers:
- name: Team
name: jxing
version: "1"

4
systems/jxing/requirements.yaml Normal file
View File

@@ -0,0 +1,4 @@
dependencies:
- alias: nginx-ingress
name: nginx-ingress
repository: https://kubernetes-charts.storage.googleapis.com

16
systems/jxing/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,16 @@
nginx-ingress:
controller:
replicaCount: 3
extraArgs:
publish-service: kube-system/jxing-nginx-ingress-controller
service:
omitClusterIP: true
{{- if eq .Requirements.cluster.provider "eks" }}
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: nlb
{{- end }}
defaultBackend:
service:
omitClusterIP: true
rbac:
create: true

6
systems/vault/Chart.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v1
description: Vault Chart
maintainers:
- name: Team
name: vault
version: "1"

4
systems/vault/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,4 @@
vault:
service:
annotations:
fabric8.io/exposeUrl: vault{{ .Requirements.ingress.namespaceSubDomain | default ".jx." }}{{ .Requirements.ingress.domain }}

25
systems/vault/vault-ing.tmpl.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
helm.sh/hook: pre-install,pre-upgrade
name: {{ .Requirements.vault.name }}
spec:
rules:
- host: vault{{ .Requirements.ingress.namespaceSubDomain | default ".jx." }}{{ .Requirements.ingress.domain }}
http:
paths:
- backend:
serviceName: {{ .Requirements.vault.name }}
servicePort: 8200
{{- if .Requirements.ingress.tls.enabled }}
tls:
- hosts:
- vault{{ .Requirements.ingress.namespaceSubDomain | default ".jx." }}{{ .Requirements.ingress.domain }}
{{- if .Requirements.ingress.tls.production }}
secretName: "tls-{{ .Requirements.ingress.domain | replace "." "-" }}-p"
{{- else }}
secretName: "tls-{{ .Requirements.ingress.domain | replace "." "-" }}-s"
{{- end }}
{{- end }}

6
systems/velero-backups/Chart.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v1
description: Velero Backup Chart
maintainers:
- name: Team
name: velero-backups
version: "1"

6
systems/velero-backups/README.MD Normal file
View File

@@ -0,0 +1,6 @@
# velero
|App Metadata||
|---|---|
| **Version** | 1.1.0 |
| **Chart Repository** | https://kubernetes-charts.storage.googleapis.com |

Some files were not shown because too many files have changed in this diff Show More