mirror of
https://github.com/bvanroll/environment-ff-stage-euw1-gkecluster-primary-dev.git
synced 2025-08-29 12:02:41 +00:00
initial config based of jenkins-x/jenkins-x-boot-config with ref v1.0.82
This commit is contained in:
4
kubeProviders/README.md
Normal file
4
kubeProviders/README.md
Normal file
@@ -0,0 +1,4 @@
|
||||
## Provider Specific Configurations
|
||||
|
||||
To try maximise reuse of Jenkins X Boot configurations across cloud providers we try to put all the cloud specific configurations in this directory.
|
||||
|
1
kubeProviders/aks/README.md
Normal file
1
kubeProviders/aks/README.md
Normal file
@@ -0,0 +1 @@
|
||||
# Jenkins X Boot configuration for Azure Container Engine
|
12
kubeProviders/aks/values.tmpl.yaml
Normal file
12
kubeProviders/aks/values.tmpl.yaml
Normal file
@@ -0,0 +1,12 @@
|
||||
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
|
||||
jenkins-x-platform:
|
||||
PipelineSecrets:
|
||||
|
||||
# lets enable ACR docker builds
|
||||
DockerConfig: |-
|
||||
{
|
||||
"credsStore": "acr-linux"
|
||||
}
|
||||
|
||||
docker-registry:
|
||||
enabled: false
|
1
kubeProviders/alibaba/README.md
Normal file
1
kubeProviders/alibaba/README.md
Normal file
@@ -0,0 +1 @@
|
||||
# Jenkins X Boot configuration for Alibaba Container Service
|
17
kubeProviders/alibaba/values.tmpl.yaml
Normal file
17
kubeProviders/alibaba/values.tmpl.yaml
Normal file
@@ -0,0 +1,17 @@
|
||||
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
|
||||
chartmuseum:
|
||||
persistence:
|
||||
size: 20Gi
|
||||
jenkins:
|
||||
Persistence:
|
||||
Size: 20Gi
|
||||
monocular:
|
||||
mongodb:
|
||||
persistence:
|
||||
size: 20Gi
|
||||
nexus:
|
||||
persistence:
|
||||
size: 20Gi
|
||||
tekton:
|
||||
pvc:
|
||||
size: 20Gi
|
1
kubeProviders/aws/README.md
Normal file
1
kubeProviders/aws/README.md
Normal file
@@ -0,0 +1 @@
|
||||
# Jenkins X Boot configuration for generic Kubernetes
|
12
kubeProviders/aws/values.tmpl.yaml
Normal file
12
kubeProviders/aws/values.tmpl.yaml
Normal file
@@ -0,0 +1,12 @@
|
||||
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
|
||||
jenkins-x-platform:
|
||||
PipelineSecrets:
|
||||
|
||||
# lets enable ECR docker builds
|
||||
DockerConfig: |-
|
||||
{
|
||||
"credsStore": "ecr-login"
|
||||
}
|
||||
|
||||
docker-registry:
|
||||
enabled: false
|
1
kubeProviders/eks/README.md
Normal file
1
kubeProviders/eks/README.md
Normal file
@@ -0,0 +1 @@
|
||||
# Jenkins X Boot configuration for EKS
|
53
kubeProviders/eks/templates/irsa.tmpl.yaml
Normal file
53
kubeProviders/eks/templates/irsa.tmpl.yaml
Normal file
@@ -0,0 +1,53 @@
|
||||
apiVersion: eksctl.io/v1alpha5
|
||||
kind: ClusterConfig
|
||||
|
||||
metadata:
|
||||
name: {{ .Requirements.cluster.clusterName }}
|
||||
region: {{ .Requirements.cluster.region }}
|
||||
|
||||
iam:
|
||||
withOIDC: true
|
||||
serviceAccounts:
|
||||
{{- if .IAM.TektonBotPolicy }}
|
||||
- metadata:
|
||||
name: tekton-bot
|
||||
namespace: jx
|
||||
labels: {aws-usage: "jenkins-x"}
|
||||
attachPolicyARNs:
|
||||
- {{.IAM.TektonBotPolicy | quote}}
|
||||
{{- end }}
|
||||
{{- if .IAM.ExternalDNSPolicy }}
|
||||
- metadata:
|
||||
name: exdns-external-dns
|
||||
namespace: jx
|
||||
labels: {aws-usage: "jenkins-x"}
|
||||
attachPolicyARNs:
|
||||
- {{.IAM.ExternalDNSPolicy | quote}}
|
||||
{{- end }}
|
||||
{{- if .IAM.CertManagerPolicy }}
|
||||
- metadata:
|
||||
name: cm-cert-manager
|
||||
namespace: cert-manager
|
||||
labels: {aws-usage: "jenkins-x"}
|
||||
attachPolicyARNs:
|
||||
- {{.IAM.CertManagerPolicy | quote}}
|
||||
- metadata:
|
||||
name: cm-cainjector
|
||||
namespace: cert-manager
|
||||
labels: {aws-usage: "jenkins-x"}
|
||||
attachPolicyARNs:
|
||||
- {{.IAM.CertManagerPolicy | quote}}
|
||||
{{- end }}
|
||||
- metadata:
|
||||
name: jenkins-x-controllerbuild
|
||||
namespace: jx
|
||||
labels: {aws-usage: "jenkins-x"}
|
||||
attachPolicyARNs:
|
||||
- "arn:aws:iam::aws:policy/AmazonS3FullAccess"
|
||||
- metadata:
|
||||
name: jxui
|
||||
namespace: jx
|
||||
labels: {aws-usage: "jenkins-x"}
|
||||
attachPolicyARNs:
|
||||
- "arn:aws:iam::aws:policy/AmazonS3FullAccess"
|
||||
|
81
kubeProviders/eks/templates/jenkinsx-policies.yml
Normal file
81
kubeProviders/eks/templates/jenkinsx-policies.yml
Normal file
@@ -0,0 +1,81 @@
|
||||
Description: 'Template to generate the necessary IAM Policies for Jenkins-X EKS support '
|
||||
Resources:
|
||||
CFNJenkinsXPolicies:
|
||||
Type: AWS::IAM::ManagedPolicy
|
||||
Properties:
|
||||
ManagedPolicyName: !Join [ "-", [ CFNTektonBotPolicy, Ref: PoliciesSuffixParameter] ]
|
||||
PolicyDocument:
|
||||
Version: '2012-10-17'
|
||||
Statement:
|
||||
- Effect: Allow
|
||||
Action:
|
||||
- cloudformation:ListStacks
|
||||
- cloudformation:DescribeStacks
|
||||
- cloudformation:CreateStack
|
||||
- cloudformation:DeleteStack
|
||||
- eks:*
|
||||
- s3:*
|
||||
- iam:DetachRolePolicy
|
||||
- iam:GetPolicy
|
||||
- iam:CreatePolicy
|
||||
- iam:DeleteRole
|
||||
- iam:GetOpenIDConnectProvider
|
||||
Resource: "*"
|
||||
CFNExternalDNSPolicies:
|
||||
Type: AWS::IAM::ManagedPolicy
|
||||
Properties:
|
||||
ManagedPolicyName: !Join [ "-", [ CFNExternalDNSPolicy, Ref: PoliciesSuffixParameter] ]
|
||||
PolicyDocument:
|
||||
Version: '2012-10-17'
|
||||
Statement:
|
||||
- Effect: Allow
|
||||
Action:
|
||||
- route53:ChangeResourceRecordSets
|
||||
Resource: "arn:aws:route53:::hostedzone/*"
|
||||
- Effect: Allow
|
||||
Action:
|
||||
- route53:ListHostedZones
|
||||
- route53:ListResourceRecordSets
|
||||
Resource: "*"
|
||||
CFNCertManagerPolicies:
|
||||
Type: AWS::IAM::ManagedPolicy
|
||||
Properties:
|
||||
ManagedPolicyName: !Join [ "-", [ CFNCertManagerPolicy, Ref: PoliciesSuffixParameter] ]
|
||||
PolicyDocument:
|
||||
Version: '2012-10-17'
|
||||
Statement:
|
||||
- Effect: Allow
|
||||
Action:
|
||||
- route53:GetChange
|
||||
Resource: "arn:aws:route53:::change/*"
|
||||
- Effect: Allow
|
||||
Action:
|
||||
- route53:ChangeResourceRecordSets
|
||||
Resource: "arn:aws:route53:::hostedzone/*"
|
||||
- Effect: Allow
|
||||
Action:
|
||||
- route53:ListHostedZonesByName
|
||||
Resource: "*"
|
||||
Parameters:
|
||||
PoliciesSuffixParameter:
|
||||
Type: String
|
||||
Description: A suffix so we can create different policies on each execution
|
||||
Outputs:
|
||||
CFNTektonBotPolicy:
|
||||
Value:
|
||||
Ref: CFNJenkinsXPolicies
|
||||
Description: The ARN of the created policy
|
||||
Export:
|
||||
Name: !Join [ "-", [ TektonBotPolicy, Ref: PoliciesSuffixParameter] ]
|
||||
CFNExternalDNSPolicy:
|
||||
Value:
|
||||
Ref: CFNExternalDNSPolicies
|
||||
Description: The ARN of the created policy
|
||||
Export:
|
||||
Name: !Join [ "-", [ ExternalDNSPolicy, Ref: PoliciesSuffixParameter] ]
|
||||
CFNCertManagerPolicy:
|
||||
Value:
|
||||
Ref: CFNCertManagerPolicies
|
||||
Description: The ARN of the created policy
|
||||
Export:
|
||||
Name: !Join [ "-", [ CertManagerPolicy, Ref: PoliciesSuffixParameter] ]
|
133
kubeProviders/eks/templates/vault_cf_tmpl.yml
Normal file
133
kubeProviders/eks/templates/vault_cf_tmpl.yml
Normal file
@@ -0,0 +1,133 @@
|
||||
Resources:
|
||||
AWSDynamoDBTable:
|
||||
Properties:
|
||||
AttributeDefinitions:
|
||||
- AttributeName: Path
|
||||
AttributeType: S
|
||||
- AttributeName: Key
|
||||
AttributeType: S
|
||||
KeySchema:
|
||||
- AttributeName: Path
|
||||
KeyType: HASH
|
||||
- AttributeName: Key
|
||||
KeyType: RANGE
|
||||
ProvisionedThroughput:
|
||||
ReadCapacityUnits: 2
|
||||
WriteCapacityUnits: 2
|
||||
TableName: !Join [ "_", [ Ref: DynamoDBTableName, Ref: ResourcesSuffixParameter ] ]
|
||||
Tags:
|
||||
- Key: Name
|
||||
Value: vault-dynamo-db-table
|
||||
Type: AWS::DynamoDB::Table
|
||||
AWSKMSKey:
|
||||
Properties:
|
||||
Description: KMS Key for bank vault unseal
|
||||
KeyPolicy:
|
||||
Statement:
|
||||
- Action: kms:*
|
||||
Effect: Allow
|
||||
Principal:
|
||||
AWS:
|
||||
- Fn::Sub: arn:aws:iam::${AWS::AccountId}:root
|
||||
- Fn::Sub: arn:aws:iam::${AWS::AccountId}:user/${IAMUser}
|
||||
Resource: "*"
|
||||
Sid: Enable IAM User Permissions
|
||||
Version: '2012-10-17'
|
||||
Type: AWS::KMS::Key
|
||||
AWSS3Bucket:
|
||||
Properties:
|
||||
AccessControl: Private
|
||||
BucketName: !Join [ "-", [ Ref: S3BucketName, Ref: ResourcesSuffixParameter ] ]
|
||||
VersioningConfiguration:
|
||||
Status: Suspended
|
||||
Type: AWS::S3::Bucket
|
||||
AWSIAMPolicy:
|
||||
DependsOn:
|
||||
- AWSDynamoDBTable
|
||||
- AWSS3Bucket
|
||||
- AWSKMSKey
|
||||
Properties:
|
||||
PolicyDocument:
|
||||
Statement:
|
||||
- Action:
|
||||
- dynamodb:DescribeLimits
|
||||
- dynamodb:DescribeTimeToLive
|
||||
- dynamodb:ListTagsOfResource
|
||||
- dynamodb:DescribeReservedCapacityOfferings
|
||||
- dynamodb:DescribeReservedCapacity
|
||||
- dynamodb:ListTables
|
||||
- dynamodb:BatchGetItem
|
||||
- dynamodb:BatchWriteItem
|
||||
- dynamodb:CreateTable
|
||||
- dynamodb:DeleteItem
|
||||
- dynamodb:GetItem
|
||||
- dynamodb:GetRecords
|
||||
- dynamodb:PutItem
|
||||
- dynamodb:Query
|
||||
- dynamodb:UpdateItem
|
||||
- dynamodb:Scan
|
||||
- dynamodb:DescribeTable
|
||||
Effect: Allow
|
||||
Resource:
|
||||
Fn::Sub: "${AWSDynamoDBTable.Arn}"
|
||||
Sid: DynamoDB
|
||||
- Action:
|
||||
- s3:PutObject
|
||||
- s3:GetObject
|
||||
Effect: Allow
|
||||
Resource:
|
||||
Fn::Sub: "${AWSS3Bucket.Arn}/*"
|
||||
Sid: S3
|
||||
- Action:
|
||||
- s3:ListBucket
|
||||
Effect: Allow
|
||||
Resource:
|
||||
Fn::Sub: "${AWSS3Bucket.Arn}"
|
||||
Sid: S3List
|
||||
- Action:
|
||||
- kms:Encrypt
|
||||
- kms:Decrypt
|
||||
Effect: Allow
|
||||
Resource:
|
||||
Fn::Sub: "${AWSKMSKey.Arn}"
|
||||
Sid: KMS
|
||||
Version: '2012-10-17'
|
||||
ManagedPolicyName: !Sub
|
||||
- "vault_${AWS::StackName}-${AWS::Region}-${Suffix}"
|
||||
- { Suffix: !Ref ResourcesSuffixParameter }
|
||||
Users:
|
||||
- !Ref IAMUser
|
||||
Type: AWS::IAM::ManagedPolicy
|
||||
Parameters:
|
||||
ResourcesSuffixParameter:
|
||||
Type: String
|
||||
Description: A suffix so we can create different resources on each execution
|
||||
S3BucketName:
|
||||
Type: String
|
||||
Description: The name of the S3 bucket to use for Vault
|
||||
DynamoDBTableName:
|
||||
Type: String
|
||||
Description: The name of the DynamoDB table to use for VAult
|
||||
IAMUser:
|
||||
Type: String
|
||||
Description: The name of the IAM user to use for Vault
|
||||
Outputs:
|
||||
AWSS3Bucket:
|
||||
Value:
|
||||
Ref: AWSS3Bucket
|
||||
Description: The ARN of the created bucket
|
||||
Export:
|
||||
Name: !Sub "${AWS::StackName}-AWSS3Bucket"
|
||||
AWSKMSKey:
|
||||
Value:
|
||||
Ref: AWSKMSKey
|
||||
Description: The ARN of the created KMS Key
|
||||
Export:
|
||||
Name: !Sub "${AWS::StackName}-AWSKMSKey"
|
||||
AWSDynamoDBTable:
|
||||
Value:
|
||||
Ref: AWSDynamoDBTable
|
||||
Description: The ARN of the created DynamoDB table
|
||||
Export:
|
||||
Name: !Sub "${AWS::StackName}-AWSDynamoDBTable"
|
||||
|
18
kubeProviders/eks/values.tmpl.yaml
Normal file
18
kubeProviders/eks/values.tmpl.yaml
Normal file
@@ -0,0 +1,18 @@
|
||||
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
|
||||
jenkins-x-platform:
|
||||
PipelineSecrets:
|
||||
|
||||
# lets enable ECR docker builds
|
||||
DockerConfig: |-
|
||||
{
|
||||
{{- if .Requirements.cluster.registry }}
|
||||
"credHelpers": {
|
||||
"{{ .Requirements.cluster.registry }}": "ecr-login"
|
||||
}
|
||||
{{- else }}
|
||||
"credsStore": "ecr-login"
|
||||
{{- end }}
|
||||
}
|
||||
|
||||
docker-registry:
|
||||
enabled: false
|
1
kubeProviders/gke/README.md
Normal file
1
kubeProviders/gke/README.md
Normal file
@@ -0,0 +1 @@
|
||||
# Jenkins X Boot configuration for Google Container Engine
|
24
kubeProviders/gke/values.tmpl.yaml
Normal file
24
kubeProviders/gke/values.tmpl.yaml
Normal file
@@ -0,0 +1,24 @@
|
||||
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
|
||||
|
||||
jenkins-x-platform:
|
||||
PipelineSecrets:
|
||||
|
||||
# lets enable GCR docker builds
|
||||
DockerConfig: |-
|
||||
{
|
||||
"credHelpers": {
|
||||
"gcr.io": "gcr",
|
||||
"us.gcr.io": "gcr",
|
||||
"eu.gcr.io": "gcr",
|
||||
"asia.gcr.io": "gcr",
|
||||
"staging-k8s.gcr.io": "gcr"
|
||||
}
|
||||
}
|
||||
|
||||
docker-registry:
|
||||
{{- if eq .Requirements.webhook "jenkins" }}
|
||||
enabled: true
|
||||
{{- else }}
|
||||
enabled: false
|
||||
{{- end }}
|
||||
|
1
kubeProviders/icp/README.md
Normal file
1
kubeProviders/icp/README.md
Normal file
@@ -0,0 +1 @@
|
||||
# Jenkins X Boot configuration for IBM Cloud Private
|
24
kubeProviders/icp/values.tmpl.yaml
Normal file
24
kubeProviders/icp/values.tmpl.yaml
Normal file
@@ -0,0 +1,24 @@
|
||||
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
|
||||
monocular:
|
||||
mongodb:
|
||||
persistence:
|
||||
enabled: false
|
||||
|
||||
# We'll be using the IBM Cloud Private registry
|
||||
docker-registry:
|
||||
enabled: false
|
||||
|
||||
jenkins:
|
||||
Servers:
|
||||
# global node properties
|
||||
Global:
|
||||
EnvVars:
|
||||
# Override this if your cluster name is not mycluster.icp (the default for IBM Cloud Private) with --docker-registry
|
||||
DOCKER_REGISTRY: mycluster.icp:8500/jx
|
||||
Master:
|
||||
ServiceAnnotations:
|
||||
fabric8.io/ingress.annotations: "kubernetes.io/ingress.class: nginx\nnginx.ingress.kubernetes.io/proxy-body-size: 500m\nkubernetes.io/tls-acme: true\ncertmanager.k8s.io/cluster-issuer: icp-ca-issuer"
|
||||
Readiness:
|
||||
InitialDelaySeconds: 10
|
||||
Liveness:
|
||||
InitialDelaySeconds: 10
|
226
kubeProviders/iks/README.md
Normal file
226
kubeProviders/iks/README.md
Normal file
@@ -0,0 +1,226 @@
|
||||
# Jenkins X Boot configuration for IBM Cloud
|
||||
|
||||
CAUTION: Current `iks` clusters need `kaniko` if you want to use them for building Docker images in the course of your CI pipeline (which is an essential step to get your applications into your JX k8s cluster). This is not yet implemented, cf. https://github.com/jenkins-x/jx/issues/3971.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
* Make yourself familiar with the general Jenkins-X (JX) setup: https://jenkins-x.io/documentation/
|
||||
* You need a GitHub account: https://github.com (Checkout the appendix of this document, if you would like to use IBM Cloud Git instead)
|
||||
* Before setting up (JX) on IBM cloud with Kubernetes (IKS) you need an IBM account.
|
||||
You can apply for a free trial for one year here: https://www.ibm.com/partners/start/cloud-container-service/
|
||||
|
||||
NOTE: A _free_ IBM cloud account does not include all necessary permissions and resources to run k8s and JX.
|
||||
|
||||
## Initial cloud setup
|
||||
|
||||
### Automatic initial setup
|
||||
|
||||
Run the following shell script, it should setup the local cloud tools (`ibmcloud`) on your machine.
|
||||
|
||||
# An IKS 1.10 cluster must be used, 1.11 was broken with jenkins-x at the time of writing
|
||||
curl -sL https://ibm.biz/idt-installer | bash
|
||||
|
||||
### Manual initial setup
|
||||
|
||||
If the automatic setup fails, you may perform a manual setup, as described here: https://console.bluemix.net/docs/cli/index.html#overview
|
||||
|
||||
And install some additional plugins
|
||||
|
||||
ibmcloud plugin install container-service
|
||||
ibmcloud plugin install container-registry
|
||||
|
||||
and some tools used by JX
|
||||
|
||||
* install latest helm -> https://docs.helm.sh/using_helm/#installing-helm
|
||||
* install kubectl 1.10 -> https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl-binary-using-curl
|
||||
* install jx -> https://jenkins-x.io/getting-started/install/
|
||||
|
||||
Then login to the IBM cloud
|
||||
|
||||
ibmcloud login -a https://api.us-east.bluemix.net (--sso / --apikey as appropriate)
|
||||
|
||||
## Create/Install k8s/JX
|
||||
|
||||
NOTE: Check out the open issues section at the end of the document (before the Appendix section) for some known limitations!
|
||||
|
||||
### Create IKS cluster and JX automatically
|
||||
|
||||
One of the large strengths of JX is, that it can even set up a k8s cluster automatically during the install process.
|
||||
|
||||
Just call:
|
||||
|
||||
```bash
|
||||
jx create cluster iks \
|
||||
-n jx-wdc04 \
|
||||
-r us-east \
|
||||
-z wdc04 \
|
||||
-m b2c.4x16 \
|
||||
--workers=3 \
|
||||
--kube-version=1.11.9 \
|
||||
\
|
||||
--namespace='jx'
|
||||
```
|
||||
|
||||
and answer some remaining questions, e.g., for your Git/GitHub user.
|
||||
|
||||
NOTE: If you run into problems or want to customize parts of the setup, follow the instructions in the next section.
|
||||
|
||||
### Set up IKS and JX manually
|
||||
|
||||
#### Set up IKS cluster manually
|
||||
|
||||
* Find a region: `ibmcloud ks regions`
|
||||
* Set the region (eg. us-east, cf. [issue 2984](https://github.com/jenkins-x/jx/issues/2984)): `ibmcloud ks region-set us-east`
|
||||
* Find a zone (eg. wdc07): `ibmcloud ks zones`
|
||||
* Find machine types (should use `b2c.4x16 minimum`): `ibmcloud ks machine-types --zone wdc07`
|
||||
* Find the k8s 1.11.x version: `ibmcloud ks kube-versions`
|
||||
* Find the Public and private vlans (if none exist, they will be created): `ibmcloud ks vlans --zone wdc07`
|
||||
* Create VLANs, if vlans exist in the zone, they will need to be specified here otherwise they will be created.
|
||||
* If you want to use let's encrypt, make sure to specify a cluster name so that `docker-registry.jx.<clustername>.<regionname>.containers.appdomain.cloud` is less than 64 characters (will be checked automatically during install), eg., `docker-registry.jx.jx-wdc07.us-east.container.appdomain.cloud < 64 chars` (Smallest possible is best).
|
||||
* Set up the cluster (some parameters depend on your settings before or what resource types are available in the chosen region, zone etc.):
|
||||
|
||||
```bash
|
||||
ibmcloud ks cluster-create \
|
||||
--name jx-wdc07 \
|
||||
--kube-version 1.11.9 \
|
||||
--zone wdc07 \
|
||||
--machine-type b2c.4x16 \
|
||||
--workers 3 \
|
||||
--private-vlan 2323675 \
|
||||
--public-vlan 2323691
|
||||
```
|
||||
|
||||
* Check until state is "normal" (takes about 25 minutes): `ibmcloud ks cluster-get --cluster jx-wdc07`
|
||||
* Import cluster parameters to your shell environment: `eval $(ibmcloud ks cluster-config --export --cluster jx-wdc07)`
|
||||
|
||||
#### Setup Helm / Tiller
|
||||
|
||||
CAUTION: This gives Tiller all privileges, do not use it for production environments!
|
||||
|
||||
```bash
|
||||
kubectl create serviceaccount --namespace kube-system tiller
|
||||
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
|
||||
# kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
|
||||
helm init --service-account tiller --upgrade
|
||||
```
|
||||
|
||||
#### Setup block storage drivers (Optional)
|
||||
|
||||
* Install block storage drives with helm
|
||||
|
||||
```bash
|
||||
# helm init # Unless you already have initialized helm in the setup step before?
|
||||
helm repo add ibm https://registry.bluemix.net/helm/ibm
|
||||
helm repo update
|
||||
helm install ibm/ibmcloud-block-storage-plugin --name ibmcloud-block-storage-plugin
|
||||
```
|
||||
|
||||
* Make block default
|
||||
|
||||
```bash
|
||||
kubectl patch storageclass ibmc-file-bronze -p \
|
||||
'{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"false"}}}'
|
||||
```
|
||||
|
||||
* Alternatively (if included in your plan) you can also choose `ibmc-block-silver` or `ibmc-block-gold` for better IOPS
|
||||
|
||||
```bash
|
||||
kubectl patch storageclass ibmc-block-silver -p \
|
||||
'{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
|
||||
```
|
||||
|
||||
#### Setup https (Recommended)
|
||||
|
||||
WARNING: This does not work and needs further testing/investigation!
|
||||
|
||||
Note: There is also a jenkins- addon, may work but never tested with IBM Cloud
|
||||
|
||||
```bash
|
||||
# Optional/Sometime necessary? kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.6.1/deploy/manifests/00-crds.yaml
|
||||
helm install \
|
||||
--namespace=kube-system \
|
||||
--name=cert-manager stable/cert-manager \
|
||||
--set=ingressShim.defaultIssuerKind=ClusterIssuer \
|
||||
--set=ingressShim.defaultIssuerName=letsencrypt-staging \
|
||||
--version v0.5.2
|
||||
cat << EOF| kubectl create -n kube-system -f -
|
||||
apiVersion: certmanager.k8s.io/v1alpha1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: letsencrypt-staging
|
||||
spec:
|
||||
acme:
|
||||
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
email: YOUREEMAIL@ca.ibm.com
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-staging
|
||||
http01: {}
|
||||
EOF
|
||||
```
|
||||
|
||||
#### Install JX manually
|
||||
|
||||
* Have your GitHub account at hand,
|
||||
* Have your cluster subdomain for the domain flag (example provided) at hand,
|
||||
* answer Y to create ingress when asked,
|
||||
|
||||
```bash
|
||||
jx install cluster --provider=iks \
|
||||
--domain='jx-wdc07.us-east.containers.appdomain.cloud' \
|
||||
[ --default-admin-password=<password> ]
|
||||
```
|
||||
|
||||
* wait until done. can check status by doing `kubectl get deployments,services,pvc,pv,ingress -n jx` in another terminal
|
||||
* Upgrade ingress if you have installed https: `jx upgrade ingress`
|
||||
* Make sure you can push and pull images into the account: `ibmcloud cr token-add --non-expiring --readwrite --description "Jenkins-X Token"`
|
||||
|
||||
## Open issues
|
||||
|
||||
There are some open issues at the time of this writing (2019-02-05), some of which may limit your usage of IKS.
|
||||
|
||||
NOTE: This is only a snapshot, check out their state or if others exist meanwhile: https://github.com/jenkins-x/jx/issues?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+label%3Aarea%2FIKS+
|
||||
|
||||
| *Limitation* | *GitHub Issue* | *WIP* |
|
||||
| ------------------------------------------------------------------------- |:----------------------------------------------------:|:-----:|
|
||||
| Currently it is only possible to create a cluster in the region *us-east* | [#2984](https://github.com/jenkins-x/jx/issues/2984) | - |
|
||||
| JX environments are not created automatically | [#2985](https://github.com/jenkins-x/jx/issues/2985) | - |
|
||||
| Cluster registry is not automatically created | [#2997](https://github.com/jenkins-x/jx/issues/2997) | - |
|
||||
| `batch-mode`, `verbose`-Flag etc. not possible | [#2996](https://github.com/jenkins-x/jx/issues/2996) | - |
|
||||
| IKS needs `kaniko` to perform builds | [#3971](https://github.com/jenkins-x/jx/issues/3971) | - |
|
||||
----
|
||||
|
||||
## Appendix
|
||||
|
||||
These setups are usually not necessary.
|
||||
|
||||
### Create Docker secret
|
||||
|
||||
* `kubectl --namespace default create secret docker-registry registrysecret --docker-server=registry.<region>.bluemix.net --docker-username=token --docker-password=<token_value> --docker-email=<email>`
|
||||
* Copy the "Token"
|
||||
|
||||
echo -n token:<Token here> | base64 -w0
|
||||
|
||||
* Copy the base64 value and create a file called `config.json` with this contents:
|
||||
|
||||
```{
|
||||
"auths": {
|
||||
"registry.ng.bluemix.net": {
|
||||
"auth": "<base64 encoded token>"
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
* Replace the existing Docker secret
|
||||
|
||||
kubectl delete secret jenkins-docker-cfg -n jx
|
||||
kubectl create secret generic jenkins-docker-cfg --from-file=./config.json -n jx
|
||||
|
||||
* At this point the jenkins server needs to restarted to pick up the new docker creds: `kubectl -njx delete pods` -lapp=jenkins
|
||||
|
||||
### Use IBM Git
|
||||
|
||||
If you want to use git.ng.bluemix.net (gitlab), create a personal access token there
|
||||
|
||||
jx create git server gitlab https://git.ng.bluemix.net -n gitlab
|
||||
jx create git token -n gitlab -t <gitlab token> <gitlab username>
|
21
kubeProviders/iks/values.tmpl.yaml
Normal file
21
kubeProviders/iks/values.tmpl.yaml
Normal file
@@ -0,0 +1,21 @@
|
||||
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
|
||||
jenkins:
|
||||
Servers:
|
||||
Global:
|
||||
EnvVars:
|
||||
DOCKER_REGISTRY: "registry.ng.bluemix.net"
|
||||
# Smaller cluster configurations require more time
|
||||
Master:
|
||||
Readiness:
|
||||
InitialDelaySeconds: 600
|
||||
Liveness:
|
||||
InitialDelaySeconds: 660
|
||||
|
||||
docker-registry:
|
||||
enabled: false
|
||||
|
||||
jenkins-x-platform:
|
||||
# lets disable creating the jenkins-x-docker-cfg secret
|
||||
# we can manage that by hand for now
|
||||
.PipelineSecrets:
|
||||
DockerConfig: ""
|
1
kubeProviders/kubernetes/README.md
Normal file
1
kubeProviders/kubernetes/README.md
Normal file
@@ -0,0 +1 @@
|
||||
# Jenkins X Boot configuration for generic Kubernetes
|
1
kubeProviders/kubernetes/values.tmpl.yaml
Normal file
1
kubeProviders/kubernetes/values.tmpl.yaml
Normal file
@@ -0,0 +1 @@
|
||||
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
|
5
kubeProviders/minikube/values.tmpl.yaml
Normal file
5
kubeProviders/minikube/values.tmpl.yaml
Normal file
@@ -0,0 +1,5 @@
|
||||
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
|
||||
exposecontroller:
|
||||
exposecontroller:
|
||||
HTTP: "true"
|
||||
TLSACME: "false"
|
64
kubeProviders/minishift/values.tmpl.yaml
Normal file
64
kubeProviders/minishift/values.tmpl.yaml
Normal file
@@ -0,0 +1,64 @@
|
||||
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
|
||||
exposecontroller:
|
||||
exposecontroller:
|
||||
HTTP: "true"
|
||||
TLSACME: "false"
|
||||
|
||||
# disable monocular until the routing is fixed
|
||||
monocular:
|
||||
enabled: false
|
||||
|
||||
|
||||
docker-registry:
|
||||
enabled: false
|
||||
|
||||
jenkins:
|
||||
Master:
|
||||
Image: "davidconde/jenkinsx-openshift"
|
||||
ImageTag: "0.0.1"
|
||||
ServiceAccountAnnotations: |
|
||||
serviceaccounts.openshift.io/oauth-redirectreference.jenkins: >-
|
||||
{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"jenkins"}}
|
||||
AuthorizationStrategyClass: "hudson.security.GlobalMatrixAuthorizationStrategy"
|
||||
AuthorizationStrategyAttributes:
|
||||
- name: "permission"
|
||||
value: "hudson.model.Computer.Configure:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.Computer.Delete:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.Hudson.Administer:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.Hudson.Read:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.Item.Build:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.Item.Configure:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.Item.Create:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.Item.Delete:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.Item.Read:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.Item.Workspace:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.Run.Delete:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.Run.Update:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.View.Configure:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.View.Create:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.View.Delete:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.scm.SCM.Tag:admin"
|
||||
SecurityRealmClass: "hudson.security.HudsonPrivateSecurityRealm"
|
||||
SecurityRealmAttributes:
|
||||
- name: "disableSignup"
|
||||
value: "true"
|
||||
- name: "enableCaptcha"
|
||||
value: "false"
|
||||
Global:
|
||||
EnvVars:
|
||||
DOCKER_REGISTRY: "docker-registry.default.svc:5000"
|
1
kubeProviders/oke/README.md
Normal file
1
kubeProviders/oke/README.md
Normal file
@@ -0,0 +1 @@
|
||||
# Jenkins X Boot configuration for Oracle Cloud Infrastructure Container Engine for Kubernetes
|
14
kubeProviders/oke/values.tmpl.yaml
Normal file
14
kubeProviders/oke/values.tmpl.yaml
Normal file
@@ -0,0 +1,14 @@
|
||||
chartmuseum:
|
||||
persistence:
|
||||
Size: 50Gi
|
||||
jenkins:
|
||||
Persistence:
|
||||
Size: 50Gi
|
||||
monocular:
|
||||
mongodb:
|
||||
persistence:
|
||||
size: 50Gi
|
||||
|
||||
jenkins:
|
||||
Agent:
|
||||
KubernetesServerURL: "https://kubernetes.default.svc"
|
63
kubeProviders/openshift/values.tmpl.yaml
Normal file
63
kubeProviders/openshift/values.tmpl.yaml
Normal file
@@ -0,0 +1,63 @@
|
||||
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
|
||||
exposecontroller:
|
||||
exposecontroller:
|
||||
HTTP: "true"
|
||||
TLSACME: "false"
|
||||
|
||||
# disable monocular until the routing is fixed
|
||||
monocular:
|
||||
enabled: false
|
||||
|
||||
docker-registry:
|
||||
enabled: false
|
||||
|
||||
jenkins:
|
||||
Master:
|
||||
Image: "davidconde/jenkinsx-openshift"
|
||||
ImageTag: "0.0.1"
|
||||
ServiceAccountAnnotations: |
|
||||
serviceaccounts.openshift.io/oauth-redirectreference.jenkins: >-
|
||||
{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"jenkins"}}
|
||||
AuthorizationStrategyClass: "hudson.security.GlobalMatrixAuthorizationStrategy"
|
||||
AuthorizationStrategyAttributes:
|
||||
- name: "permission"
|
||||
value: "hudson.model.Computer.Configure:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.Computer.Delete:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.Hudson.Administer:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.Hudson.Read:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.Item.Build:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.Item.Configure:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.Item.Create:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.Item.Delete:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.Item.Read:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.Item.Workspace:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.Run.Delete:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.Run.Update:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.View.Configure:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.View.Create:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.model.View.Delete:admin"
|
||||
- name: "permission"
|
||||
value: "hudson.scm.SCM.Tag:admin"
|
||||
SecurityRealmClass: "hudson.security.HudsonPrivateSecurityRealm"
|
||||
SecurityRealmAttributes:
|
||||
- name: "disableSignup"
|
||||
value: "true"
|
||||
- name: "enableCaptcha"
|
||||
value: "false"
|
||||
Global:
|
||||
EnvVars:
|
||||
DOCKER_REGISTRY: "docker-registry.default.svc:5000"
|
1
kubeProviders/pks/README.md
Normal file
1
kubeProviders/pks/README.md
Normal file
@@ -0,0 +1 @@
|
||||
# Jenkins X Boot configuration for PKS
|
24
kubeProviders/pks/values.tmpl.yaml
Normal file
24
kubeProviders/pks/values.tmpl.yaml
Normal file
@@ -0,0 +1,24 @@
|
||||
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
|
||||
|
||||
jenkins:
|
||||
Agent:
|
||||
# for PKS there is a different docker host path
|
||||
DockerHostPath: "/var/vcap/sys/run/docker/docker.sock"
|
||||
DockerMountPath: "/var/run/docker.sock"
|
||||
|
||||
jenkins-x-platform:
|
||||
PipelineSecrets:
|
||||
{{- if eq .Parameters.enableDocker true }}
|
||||
DockerConfig: |-
|
||||
{
|
||||
"auths":{
|
||||
{{ .Parameters.docker.url | quote }}:
|
||||
{
|
||||
"auth": {{ printf "%s:%s" .Parameters.docker.username .Parameters.docker.password | b64enc | quote}},
|
||||
"email": {{ .Parameters.docker.email | quote}}
|
||||
}
|
||||
}
|
||||
}
|
||||
{{- else}}
|
||||
DockerConfig: ""
|
||||
{{- end}}
|
Reference in New Issue
Block a user