Skip to content

Instantly share code, notes, and snippets.

@blakelead

blakelead/jenkins.yml

Created February 27, 2019 20:29
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save blakelead/6695d24b342dea1f22c825385eeb00b0 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save blakelead/6695d24b342dea1f22c825385eeb00b0 to your computer and use it in GitHub Desktop.
Download ZIP
Kubernetes file for complete Jenkins namespace
Raw
jenkins.yml
---
kind: Namespace
apiVersion: v1
metadata:
name: jenkins
labels:
name: jenkins
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: jenkins
namespace: jenkins
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: jenkins
namespace: jenkins
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: jenkins
namespace: jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: jenkins-home
namespace: jenkins
spec:
accessModes: ['ReadWriteOnce']
resources:
requests:
storage: 5Gi
---
kind: ConfigMap
apiVersion: v1
metadata:
name: jenkins-conf
namespace: jenkins
data:
jenkins.yaml: |
jenkins:
systemMessage: "Jenkins configuration by blakelead!\n"
numExecutors: 0
slaveAgentPort: 50000
disableRememberMe: false
securityRealm:
local:
allowsSignup: true
users:
- id: "admin"
password: "changeme"
authorizationStrategy:
projectMatrix:
grantedPermissions:
- "Overall/Read:authenticated"
- "Overall/Administer:admin"
primaryView:
list:
name: "Release"
views:
- list:
name: "Build"
includeRegex: ".*-build"
columns: [ "status", "jobName", "buildButton", "descriptionColumn", "gitBranchSpecifierColumn", "lastSuccess", "lastFailure", "lastDuration" ]
- list:
name: "Management"
includeRegex: ".*-management"
columns: [ "status", "jobName", "buildButton", "descriptionColumn" ]
- list:
name: "Release"
includeRegex: ".*-release"
columns: [ "status", "jobName", "buildButton", "descriptionColumn", "gitBranchSpecifierColumn", "lastSuccess", "lastFailure", "lastDuration" ]
globalNodeProperties:
- envVars:
env:
- key: "SAMPLE"
value: "some_value"
clouds:
- kubernetes:
containerCapStr: "10"
jenkinsUrl: "http://jenkins-master.jenkins.svc.cluster.local:8080"
maxRequestsPerHostStr: "32"
name: "kubernetes"
namespace: "jenkins"
serverUrl: "https://kubernetes.default.svc.cluster.local"
security:
remotingCLI:
enabled: false
credentials:
system:
domainCredentials:
- credentials:
- basicSSHUserPrivateKey:
id: "git-private-key"
username: "jenkins"
privateKeySource:
directEntry:
privateKey: "rsa private key(new lines replaced by new line character)"
scope: GLOBAL
- azure:
id: "azure-service-principal"
description: "Azure Service Principal"
azureEnvironmentName: "Azure"
clientId: ""
clientSecret: ""
subscriptionId: ""
tenant: ""
scope: GLOBAL
unclassified:
location:
adminAddress: ""
url: ""
jobs:
- script: >
pipelineJob('sample') {
displayName('Sample Job')
description('Job that retrieve a pipeline script from scm')
definition {
cpsScm {
scm {
git{
remote {
url('[email protected]:my-name/your-project.git')
credentials('git-private-key')
}
branch('origin/master')
extensions { }
}
}
lightweight(true)
scriptPath('Jenkinsfile')
}
}
}
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: jenkins-master
namespace: jenkins
spec:
replicas: 1
template:
metadata:
labels:
app: jenkins-master
spec:
serviceAccountName: jenkins
securityContext:
fsGroup: 1000
containers:
- name: jenkins-master
image: jenkins/jenkins:lts
command: ['sh', '-c']
args:
- >
/usr/local/bin/install-plugins.sh
ansicolor
antisamy-markup-formatter
azure-credentials
blueocean
build-timeout
cloudbees-folder
configuration-as-code
configuration-as-code-support
dashboard-view
email-ext
extensible-choice-parameter
gatling
generic-webhook-trigger
git-parameter
greenballs
job-dsl
kubernetes
mailer
monitoring
ldap
locale
role-strategy
ssh-agent
ssh-slaves
timestamper
uno-choice
view-job-filters
workflow-aggregator
ws-cleanup &&
/sbin/tini -- /usr/local/bin/jenkins.sh
ports:
- name: ui
containerPort: 8080
- name: discovery
containerPort: 50000
env:
- name: JAVA_OPTS
value: '-Xmx1400m -Djenkins.install.runSetupWizard=false'
- name: CASC_JENKINS_CONFIG
value: '/var/jenkins_home/casc_config/jenkins.yaml'
resources:
limits:
cpu: 500m
memory: 1500Mi
requests:
cpu: 500m
memory: 1500Mi
volumeMounts:
- name: jenkins-home
mountPath: '/var/jenkins_home'
- name: jenkins-conf
mountPath: '/var/jenkins_home/casc_config/jenkins.yaml'
subPath: 'jenkins.yaml'
readOnly: true
volumes:
- name: jenkins-home
persistentVolumeClaim:
claimName: jenkins-home
- name: jenkins-conf
configMap:
name: jenkins-conf
---
kind: Service
apiVersion: v1
metadata:
name: jenkins-master
namespace: jenkins
spec:
selector:
app: jenkins-master
ports:
- name: ui
protocol: TCP
port: 8080
targetPort: 8080
- name: discovery
protocol: TCP
port: 50000
targetPort: 50000
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: jenkins-ingress
namespace: jenkins
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- host: ''
http:
paths:
- path: /
backend:
serviceName: jenkins-master
servicePort: 8080
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment