beppe/environment-ff-stage-euw1-gkecluster-primary-dev
1
0
Fork 0
mirror of https://github.com/bvanroll/environment-ff-stage-euw1-gkecluster-primary-dev.git synced 2025-08-29 12:02:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

initial config based of jenkins-x/jenkins-x-boot-config with ref v1.0.82

Browse Source
This commit is contained in:
jenkins-x-bot
2020-04-15 12:37:41 +02:00
commit 9434645ce5
106 changed files with 2971 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
kubeProviders/README.md Normal file
View File

@@ -0,0 +1,4 @@
## Provider Specific Configurations
To try maximise reuse of Jenkins X Boot configurations across cloud providers we try to put all the cloud specific configurations in this directory.

1
kubeProviders/aks/README.md Normal file
View File

@@ -0,0 +1 @@
# Jenkins X Boot configuration for Azure Container Engine

12
kubeProviders/aks/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,12 @@
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
jenkins-x-platform:
PipelineSecrets:
# lets enable ACR docker builds
DockerConfig: |-
{
"credsStore": "acr-linux"
}
docker-registry:
enabled: false

1
kubeProviders/alibaba/README.md Normal file
View File

@@ -0,0 +1 @@
# Jenkins X Boot configuration for Alibaba Container Service

17
kubeProviders/alibaba/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,17 @@
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
chartmuseum:
persistence:
size: 20Gi
jenkins:
Persistence:
Size: 20Gi
monocular:
mongodb:
persistence:
size: 20Gi
nexus:
persistence:
size: 20Gi
tekton:
pvc:
size: 20Gi

1
kubeProviders/aws/README.md Normal file
View File

@@ -0,0 +1 @@
# Jenkins X Boot configuration for generic Kubernetes

12
kubeProviders/aws/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,12 @@
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
jenkins-x-platform:
PipelineSecrets:
# lets enable ECR docker builds
DockerConfig: |-
{
"credsStore": "ecr-login"
}
docker-registry:
enabled: false

1
kubeProviders/eks/README.md Normal file
View File

@@ -0,0 +1 @@
# Jenkins X Boot configuration for EKS

53
kubeProviders/eks/templates/irsa.tmpl.yaml Normal file
View File

@@ -0,0 +1,53 @@
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: {{ .Requirements.cluster.clusterName }}
region: {{ .Requirements.cluster.region }}
iam:
withOIDC: true
serviceAccounts:
{{- if .IAM.TektonBotPolicy }}
- metadata:
name: tekton-bot
namespace: jx
labels: {aws-usage: "jenkins-x"}
attachPolicyARNs:
- {{.IAM.TektonBotPolicy | quote}}
{{- end }}
{{- if .IAM.ExternalDNSPolicy }}
- metadata:
name: exdns-external-dns
namespace: jx
labels: {aws-usage: "jenkins-x"}
attachPolicyARNs:
- {{.IAM.ExternalDNSPolicy | quote}}
{{- end }}
{{- if .IAM.CertManagerPolicy }}
- metadata:
name: cm-cert-manager
namespace: cert-manager
labels: {aws-usage: "jenkins-x"}
attachPolicyARNs:
- {{.IAM.CertManagerPolicy | quote}}
- metadata:
name: cm-cainjector
namespace: cert-manager
labels: {aws-usage: "jenkins-x"}
attachPolicyARNs:
- {{.IAM.CertManagerPolicy | quote}}
{{- end }}
- metadata:
name: jenkins-x-controllerbuild
namespace: jx
labels: {aws-usage: "jenkins-x"}
attachPolicyARNs:
- "arn:aws:iam::aws:policy/AmazonS3FullAccess"
- metadata:
name: jxui
namespace: jx
labels: {aws-usage: "jenkins-x"}
attachPolicyARNs:
- "arn:aws:iam::aws:policy/AmazonS3FullAccess"

81
kubeProviders/eks/templates/jenkinsx-policies.yml Normal file
View File

@@ -0,0 +1,81 @@
Description: 'Template to generate the necessary IAM Policies for Jenkins-X EKS support '
Resources:
CFNJenkinsXPolicies:
Type: AWS::IAM::ManagedPolicy
Properties:
ManagedPolicyName: !Join [ "-", [ CFNTektonBotPolicy, Ref: PoliciesSuffixParameter] ]
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- cloudformation:ListStacks
- cloudformation:DescribeStacks
- cloudformation:CreateStack
- cloudformation:DeleteStack
- eks:*
- s3:*
- iam:DetachRolePolicy
- iam:GetPolicy
- iam:CreatePolicy
- iam:DeleteRole
- iam:GetOpenIDConnectProvider
Resource: "*"
CFNExternalDNSPolicies:
Type: AWS::IAM::ManagedPolicy
Properties:
ManagedPolicyName: !Join [ "-", [ CFNExternalDNSPolicy, Ref: PoliciesSuffixParameter] ]
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- route53:ChangeResourceRecordSets
Resource: "arn:aws:route53:::hostedzone/*"
- Effect: Allow
Action:
- route53:ListHostedZones
- route53:ListResourceRecordSets
Resource: "*"
CFNCertManagerPolicies:
Type: AWS::IAM::ManagedPolicy
Properties:
ManagedPolicyName: !Join [ "-", [ CFNCertManagerPolicy, Ref: PoliciesSuffixParameter] ]
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- route53:GetChange
Resource: "arn:aws:route53:::change/*"
- Effect: Allow
Action:
- route53:ChangeResourceRecordSets
Resource: "arn:aws:route53:::hostedzone/*"
- Effect: Allow
Action:
- route53:ListHostedZonesByName
Resource: "*"
Parameters:
PoliciesSuffixParameter:
Type: String
Description: A suffix so we can create different policies on each execution
Outputs:
CFNTektonBotPolicy:
Value:
Ref: CFNJenkinsXPolicies
Description: The ARN of the created policy
Export:
Name: !Join [ "-", [ TektonBotPolicy, Ref: PoliciesSuffixParameter] ]
CFNExternalDNSPolicy:
Value:
Ref: CFNExternalDNSPolicies
Description: The ARN of the created policy
Export:
Name: !Join [ "-", [ ExternalDNSPolicy, Ref: PoliciesSuffixParameter] ]
CFNCertManagerPolicy:
Value:
Ref: CFNCertManagerPolicies
Description: The ARN of the created policy
Export:
Name: !Join [ "-", [ CertManagerPolicy, Ref: PoliciesSuffixParameter] ]

133
kubeProviders/eks/templates/vault_cf_tmpl.yml Normal file
View File

@@ -0,0 +1,133 @@
Resources:
AWSDynamoDBTable:
Properties:
AttributeDefinitions:
- AttributeName: Path
AttributeType: S
- AttributeName: Key
AttributeType: S
KeySchema:
- AttributeName: Path
KeyType: HASH
- AttributeName: Key
KeyType: RANGE
ProvisionedThroughput:
ReadCapacityUnits: 2
WriteCapacityUnits: 2
TableName: !Join [ "_", [ Ref: DynamoDBTableName, Ref: ResourcesSuffixParameter ] ]
Tags:
- Key: Name
Value: vault-dynamo-db-table
Type: AWS::DynamoDB::Table
AWSKMSKey:
Properties:
Description: KMS Key for bank vault unseal
KeyPolicy:
Statement:
- Action: kms:*
Effect: Allow
Principal:
AWS:
- Fn::Sub: arn:aws:iam::${AWS::AccountId}:root
- Fn::Sub: arn:aws:iam::${AWS::AccountId}:user/${IAMUser}
Resource: "*"
Sid: Enable IAM User Permissions
Version: '2012-10-17'
Type: AWS::KMS::Key
AWSS3Bucket:
Properties:
AccessControl: Private
BucketName: !Join [ "-", [ Ref: S3BucketName, Ref: ResourcesSuffixParameter ] ]
VersioningConfiguration:
Status: Suspended
Type: AWS::S3::Bucket
AWSIAMPolicy:
DependsOn:
- AWSDynamoDBTable
- AWSS3Bucket
- AWSKMSKey
Properties:
PolicyDocument:
Statement:
- Action:
- dynamodb:DescribeLimits
- dynamodb:DescribeTimeToLive
- dynamodb:ListTagsOfResource
- dynamodb:DescribeReservedCapacityOfferings
- dynamodb:DescribeReservedCapacity
- dynamodb:ListTables
- dynamodb:BatchGetItem
- dynamodb:BatchWriteItem
- dynamodb:CreateTable
- dynamodb:DeleteItem
- dynamodb:GetItem
- dynamodb:GetRecords
- dynamodb:PutItem
- dynamodb:Query
- dynamodb:UpdateItem
- dynamodb:Scan
- dynamodb:DescribeTable
Effect: Allow
Resource:
Fn::Sub: "${AWSDynamoDBTable.Arn}"
Sid: DynamoDB
- Action:
- s3:PutObject
- s3:GetObject
Effect: Allow
Resource:
Fn::Sub: "${AWSS3Bucket.Arn}/*"
Sid: S3
- Action:
- s3:ListBucket
Effect: Allow
Resource:
Fn::Sub: "${AWSS3Bucket.Arn}"
Sid: S3List
- Action:
- kms:Encrypt
- kms:Decrypt
Effect: Allow
Resource:
Fn::Sub: "${AWSKMSKey.Arn}"
Sid: KMS
Version: '2012-10-17'
ManagedPolicyName: !Sub
- "vault_${AWS::StackName}-${AWS::Region}-${Suffix}"
- { Suffix: !Ref ResourcesSuffixParameter }
Users:
- !Ref IAMUser
Type: AWS::IAM::ManagedPolicy
Parameters:
ResourcesSuffixParameter:
Type: String
Description: A suffix so we can create different resources on each execution
S3BucketName:
Type: String
Description: The name of the S3 bucket to use for Vault
DynamoDBTableName:
Type: String
Description: The name of the DynamoDB table to use for VAult
IAMUser:
Type: String
Description: The name of the IAM user to use for Vault
Outputs:
AWSS3Bucket:
Value:
Ref: AWSS3Bucket
Description: The ARN of the created bucket
Export:
Name: !Sub "${AWS::StackName}-AWSS3Bucket"
AWSKMSKey:
Value:
Ref: AWSKMSKey
Description: The ARN of the created KMS Key
Export:
Name: !Sub "${AWS::StackName}-AWSKMSKey"
AWSDynamoDBTable:
Value:
Ref: AWSDynamoDBTable
Description: The ARN of the created DynamoDB table
Export:
Name: !Sub "${AWS::StackName}-AWSDynamoDBTable"

18
kubeProviders/eks/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,18 @@
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
jenkins-x-platform:
PipelineSecrets:
# lets enable ECR docker builds
DockerConfig: |-
{
{{- if .Requirements.cluster.registry }}
"credHelpers": {
"{{ .Requirements.cluster.registry }}": "ecr-login"
}
{{- else }}
"credsStore": "ecr-login"
{{- end }}
}
docker-registry:
enabled: false

1
kubeProviders/gke/README.md Normal file
View File

@@ -0,0 +1 @@
# Jenkins X Boot configuration for Google Container Engine

24
kubeProviders/gke/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,24 @@
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
jenkins-x-platform:
PipelineSecrets:
# lets enable GCR docker builds
DockerConfig: |-
{
"credHelpers": {
"gcr.io": "gcr",
"us.gcr.io": "gcr",
"eu.gcr.io": "gcr",
"asia.gcr.io": "gcr",
"staging-k8s.gcr.io": "gcr"
}
}
docker-registry:
{{- if eq .Requirements.webhook "jenkins" }}
enabled: true
{{- else }}
enabled: false
{{- end }}

1
kubeProviders/icp/README.md Normal file
View File

@@ -0,0 +1 @@
# Jenkins X Boot configuration for IBM Cloud Private

24
kubeProviders/icp/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,24 @@
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
monocular:
mongodb:
persistence:
enabled: false
# We'll be using the IBM Cloud Private registry
docker-registry:
enabled: false
jenkins:
Servers:
# global node properties
Global:
EnvVars:
# Override this if your cluster name is not mycluster.icp (the default for IBM Cloud Private) with --docker-registry
DOCKER_REGISTRY: mycluster.icp:8500/jx
Master:
ServiceAnnotations:
fabric8.io/ingress.annotations: "kubernetes.io/ingress.class: nginx\nnginx.ingress.kubernetes.io/proxy-body-size: 500m\nkubernetes.io/tls-acme: true\ncertmanager.k8s.io/cluster-issuer: icp-ca-issuer"
Readiness:
InitialDelaySeconds: 10
Liveness:
InitialDelaySeconds: 10

226
kubeProviders/iks/README.md Normal file
View File

@@ -0,0 +1,226 @@
# Jenkins X Boot configuration for IBM Cloud
CAUTION: Current `iks` clusters need `kaniko` if you want to use them for building Docker images in the course of your CI pipeline (which is an essential step to get your applications into your JX k8s cluster). This is not yet implemented, cf. https://github.com/jenkins-x/jx/issues/3971.
## Prerequisites
* Make yourself familiar with the general Jenkins-X (JX) setup: https://jenkins-x.io/documentation/
* You need a GitHub account: https://github.com (Checkout the appendix of this document, if you would like to use IBM Cloud Git instead)
* Before setting up (JX) on IBM cloud with Kubernetes (IKS) you need an IBM account.
You can apply for a free trial for one year here: https://www.ibm.com/partners/start/cloud-container-service/
NOTE: A _free_ IBM cloud account does not include all necessary permissions and resources to run k8s and JX.
## Initial cloud setup
### Automatic initial setup
Run the following shell script, it should setup the local cloud tools (`ibmcloud`) on your machine.
# An IKS 1.10 cluster must be used, 1.11 was broken with jenkins-x at the time of writing
curl -sL https://ibm.biz/idt-installer | bash
### Manual initial setup
If the automatic setup fails, you may perform a manual setup, as described here: https://console.bluemix.net/docs/cli/index.html#overview
And install some additional plugins
ibmcloud plugin install container-service
ibmcloud plugin install container-registry
and some tools used by JX
* install latest helm -> https://docs.helm.sh/using_helm/#installing-helm
* install kubectl 1.10 -> https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl-binary-using-curl
* install jx -> https://jenkins-x.io/getting-started/install/
Then login to the IBM cloud
ibmcloud login -a https://api.us-east.bluemix.net (--sso / --apikey as appropriate)
## Create/Install k8s/JX
NOTE: Check out the open issues section at the end of the document (before the Appendix section) for some known limitations!
### Create IKS cluster and JX automatically
One of the large strengths of JX is, that it can even set up a k8s cluster automatically during the install process.
Just call:
```bash
jx create cluster iks \
-n jx-wdc04 \
-r us-east \
-z wdc04 \
-m b2c.4x16 \
--workers=3 \
--kube-version=1.11.9 \
\
--namespace='jx'
```
and answer some remaining questions, e.g., for your Git/GitHub user.
NOTE: If you run into problems or want to customize parts of the setup, follow the instructions in the next section.
### Set up IKS and JX manually
#### Set up IKS cluster manually
* Find a region: `ibmcloud ks regions`
* Set the region (eg. us-east, cf. [issue 2984](https://github.com/jenkins-x/jx/issues/2984)): `ibmcloud ks region-set us-east`
* Find a zone (eg. wdc07): `ibmcloud ks zones`
* Find machine types (should use `b2c.4x16 minimum`): `ibmcloud ks machine-types --zone wdc07`
* Find the k8s 1.11.x version: `ibmcloud ks kube-versions`
* Find the Public and private vlans (if none exist, they will be created): `ibmcloud ks vlans --zone wdc07`
* Create VLANs, if vlans exist in the zone, they will need to be specified here otherwise they will be created.
* If you want to use let's encrypt, make sure to specify a cluster name so that `docker-registry.jx.<clustername>.<regionname>.containers.appdomain.cloud` is less than 64 characters (will be checked automatically during install), eg., `docker-registry.jx.jx-wdc07.us-east.container.appdomain.cloud < 64 chars` (Smallest possible is best).
* Set up the cluster (some parameters depend on your settings before or what resource types are available in the chosen region, zone etc.):
```bash
ibmcloud ks cluster-create \
--name jx-wdc07 \
--kube-version 1.11.9 \
--zone wdc07 \
--machine-type b2c.4x16 \
--workers 3 \
--private-vlan 2323675 \
--public-vlan 2323691
```
* Check until state is "normal" (takes about 25 minutes): `ibmcloud ks cluster-get --cluster jx-wdc07`
* Import cluster parameters to your shell environment: `eval $(ibmcloud ks cluster-config --export --cluster jx-wdc07)`
#### Setup Helm / Tiller
CAUTION: This gives Tiller all privileges, do not use it for production environments!
```bash
kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
# kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
helm init --service-account tiller --upgrade
```
#### Setup block storage drivers (Optional)
* Install block storage drives with helm
```bash
# helm init # Unless you already have initialized helm in the setup step before?
helm repo add ibm https://registry.bluemix.net/helm/ibm
helm repo update
helm install ibm/ibmcloud-block-storage-plugin --name ibmcloud-block-storage-plugin
```
* Make block default
```bash
kubectl patch storageclass ibmc-file-bronze -p \
'{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"false"}}}'
```
* Alternatively (if included in your plan) you can also choose `ibmc-block-silver` or `ibmc-block-gold` for better IOPS
```bash
kubectl patch storageclass ibmc-block-silver -p \
'{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
```
#### Setup https (Recommended)
WARNING: This does not work and needs further testing/investigation!
Note: There is also a jenkins- addon, may work but never tested with IBM Cloud
```bash
# Optional/Sometime necessary? kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.6.1/deploy/manifests/00-crds.yaml
helm install \
--namespace=kube-system \
--name=cert-manager stable/cert-manager \
--set=ingressShim.defaultIssuerKind=ClusterIssuer \
--set=ingressShim.defaultIssuerName=letsencrypt-staging \
--version v0.5.2
cat << EOF| kubectl create -n kube-system -f -
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: YOUREEMAIL@ca.ibm.com
privateKeySecretRef:
name: letsencrypt-staging
http01: {}
EOF
```
#### Install JX manually
* Have your GitHub account at hand,
* Have your cluster subdomain for the domain flag (example provided) at hand,
* answer Y to create ingress when asked,
```bash
jx install cluster --provider=iks \
--domain='jx-wdc07.us-east.containers.appdomain.cloud' \
[ --default-admin-password=<password> ]
```
* wait until done. can check status by doing `kubectl get deployments,services,pvc,pv,ingress -n jx` in another terminal
* Upgrade ingress if you have installed https: `jx upgrade ingress`
* Make sure you can push and pull images into the account: `ibmcloud cr token-add --non-expiring --readwrite --description "Jenkins-X Token"`
## Open issues
There are some open issues at the time of this writing (2019-02-05), some of which may limit your usage of IKS.
NOTE: This is only a snapshot, check out their state or if others exist meanwhile: https://github.com/jenkins-x/jx/issues?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+label%3Aarea%2FIKS+
| *Limitation* | *GitHub Issue* | *WIP* |
| ------------------------------------------------------------------------- |:----------------------------------------------------:|:-----:|
| Currently it is only possible to create a cluster in the region *us-east* | [#2984](https://github.com/jenkins-x/jx/issues/2984) | - |
| JX environments are not created automatically | [#2985](https://github.com/jenkins-x/jx/issues/2985) | - |
| Cluster registry is not automatically created | [#2997](https://github.com/jenkins-x/jx/issues/2997) | - |
| `batch-mode`, `verbose`-Flag etc. not possible | [#2996](https://github.com/jenkins-x/jx/issues/2996) | - |
| IKS needs `kaniko` to perform builds | [#3971](https://github.com/jenkins-x/jx/issues/3971) | - |
----
## Appendix
These setups are usually not necessary.
### Create Docker secret
* `kubectl --namespace default create secret docker-registry registrysecret --docker-server=registry.<region>.bluemix.net --docker-username=token --docker-password=<token_value> --docker-email=<email>`
* Copy the "Token"
echo -n token:<Token here> | base64 -w0
* Copy the base64 value and create a file called `config.json` with this contents:
```{
"auths": {
"registry.ng.bluemix.net": {
"auth": "<base64 encoded token>"
}
}
}
```
* Replace the existing Docker secret
kubectl delete secret jenkins-docker-cfg -n jx
kubectl create secret generic jenkins-docker-cfg --from-file=./config.json -n jx
* At this point the jenkins server needs to restarted to pick up the new docker creds: `kubectl -njx delete pods` -lapp=jenkins
### Use IBM Git
If you want to use git.ng.bluemix.net (gitlab), create a personal access token there
jx create git server gitlab https://git.ng.bluemix.net -n gitlab
jx create git token -n gitlab -t <gitlab token> <gitlab username>

21
kubeProviders/iks/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,21 @@
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
jenkins:
Servers:
Global:
EnvVars:
DOCKER_REGISTRY: "registry.ng.bluemix.net"
# Smaller cluster configurations require more time
Master:
Readiness:
InitialDelaySeconds: 600
Liveness:
InitialDelaySeconds: 660
docker-registry:
enabled: false
jenkins-x-platform:
# lets disable creating the jenkins-x-docker-cfg secret
# we can manage that by hand for now
.PipelineSecrets:
DockerConfig: ""

1
kubeProviders/kubernetes/README.md Normal file
View File

@@ -0,0 +1 @@
# Jenkins X Boot configuration for generic Kubernetes

1
kubeProviders/kubernetes/values.tmpl.yaml Normal file
View File

@@ -0,0 +1 @@
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml

5
kubeProviders/minikube/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,5 @@
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
exposecontroller:
exposecontroller:
HTTP: "true"
TLSACME: "false"

64
kubeProviders/minishift/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,64 @@
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
exposecontroller:
exposecontroller:
HTTP: "true"
TLSACME: "false"
# disable monocular until the routing is fixed
monocular:
enabled: false
docker-registry:
enabled: false
jenkins:
Master:
Image: "davidconde/jenkinsx-openshift"
ImageTag: "0.0.1"
ServiceAccountAnnotations: |
serviceaccounts.openshift.io/oauth-redirectreference.jenkins: >-
{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"jenkins"}}
AuthorizationStrategyClass: "hudson.security.GlobalMatrixAuthorizationStrategy"
AuthorizationStrategyAttributes:
- name: "permission"
value: "hudson.model.Computer.Configure:admin"
- name: "permission"
value: "hudson.model.Computer.Delete:admin"
- name: "permission"
value: "hudson.model.Hudson.Administer:admin"
- name: "permission"
value: "hudson.model.Hudson.Read:admin"
- name: "permission"
value: "hudson.model.Item.Build:admin"
- name: "permission"
value: "hudson.model.Item.Configure:admin"
- name: "permission"
value: "hudson.model.Item.Create:admin"
- name: "permission"
value: "hudson.model.Item.Delete:admin"
- name: "permission"
value: "hudson.model.Item.Read:admin"
- name: "permission"
value: "hudson.model.Item.Workspace:admin"
- name: "permission"
value: "hudson.model.Run.Delete:admin"
- name: "permission"
value: "hudson.model.Run.Update:admin"
- name: "permission"
value: "hudson.model.View.Configure:admin"
- name: "permission"
value: "hudson.model.View.Create:admin"
- name: "permission"
value: "hudson.model.View.Delete:admin"
- name: "permission"
value: "hudson.scm.SCM.Tag:admin"
SecurityRealmClass: "hudson.security.HudsonPrivateSecurityRealm"
SecurityRealmAttributes:
- name: "disableSignup"
value: "true"
- name: "enableCaptcha"
value: "false"
Global:
EnvVars:
DOCKER_REGISTRY: "docker-registry.default.svc:5000"

1
kubeProviders/oke/README.md Normal file
View File

@@ -0,0 +1 @@
# Jenkins X Boot configuration for Oracle Cloud Infrastructure Container Engine for Kubernetes

14
kubeProviders/oke/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,14 @@
chartmuseum:
persistence:
Size: 50Gi
jenkins:
Persistence:
Size: 50Gi
monocular:
mongodb:
persistence:
size: 50Gi
jenkins:
Agent:
KubernetesServerURL: "https://kubernetes.default.svc"

63
kubeProviders/openshift/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,63 @@
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
exposecontroller:
exposecontroller:
HTTP: "true"
TLSACME: "false"
# disable monocular until the routing is fixed
monocular:
enabled: false
docker-registry:
enabled: false
jenkins:
Master:
Image: "davidconde/jenkinsx-openshift"
ImageTag: "0.0.1"
ServiceAccountAnnotations: |
serviceaccounts.openshift.io/oauth-redirectreference.jenkins: >-
{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"jenkins"}}
AuthorizationStrategyClass: "hudson.security.GlobalMatrixAuthorizationStrategy"
AuthorizationStrategyAttributes:
- name: "permission"
value: "hudson.model.Computer.Configure:admin"
- name: "permission"
value: "hudson.model.Computer.Delete:admin"
- name: "permission"
value: "hudson.model.Hudson.Administer:admin"
- name: "permission"
value: "hudson.model.Hudson.Read:admin"
- name: "permission"
value: "hudson.model.Item.Build:admin"
- name: "permission"
value: "hudson.model.Item.Configure:admin"
- name: "permission"
value: "hudson.model.Item.Create:admin"
- name: "permission"
value: "hudson.model.Item.Delete:admin"
- name: "permission"
value: "hudson.model.Item.Read:admin"
- name: "permission"
value: "hudson.model.Item.Workspace:admin"
- name: "permission"
value: "hudson.model.Run.Delete:admin"
- name: "permission"
value: "hudson.model.Run.Update:admin"
- name: "permission"
value: "hudson.model.View.Configure:admin"
- name: "permission"
value: "hudson.model.View.Create:admin"
- name: "permission"
value: "hudson.model.View.Delete:admin"
- name: "permission"
value: "hudson.scm.SCM.Tag:admin"
SecurityRealmClass: "hudson.security.HudsonPrivateSecurityRealm"
SecurityRealmAttributes:
- name: "disableSignup"
value: "true"
- name: "enableCaptcha"
value: "false"
Global:
EnvVars:
DOCKER_REGISTRY: "docker-registry.default.svc:5000"

1
kubeProviders/pks/README.md Normal file
View File

@@ -0,0 +1 @@
# Jenkins X Boot configuration for PKS

24
kubeProviders/pks/values.tmpl.yaml Normal file
View File

@@ -0,0 +1,24 @@
# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/jenkins-x-platform/values.yaml
jenkins:
Agent:
# for PKS there is a different docker host path
DockerHostPath: "/var/vcap/sys/run/docker/docker.sock"
DockerMountPath: "/var/run/docker.sock"
jenkins-x-platform:
PipelineSecrets:
{{- if eq .Parameters.enableDocker true }}
DockerConfig: |-
{
"auths":{
{{ .Parameters.docker.url | quote }}:
{
"auth": {{ printf "%s:%s" .Parameters.docker.username .Parameters.docker.password | b64enc | quote}},
"email": {{ .Parameters.docker.email | quote}}
}
}
}
{{- else}}
DockerConfig: ""
{{- end}}