Jenkins
Jenkins
Serveur d'automatisation. Il aide à automatiser les parties du développement logiciel liées au build, aux tests et au déploiement, et facilite l'intégration continue et la livraison continue.
Pour acceder à l'application, clique ici. Pour acceder au repository de la chart helm, clique ici
Installation de la chart helm
helm repo add jenkinsci https://charts.jenkins.io/
microk8s helm3 upgrade --install jenkins jenkinsci/jenkins -f values.yaml -n jenkins --version 4.4.1
Configuration de la chart helm
configuration du fichier values.yaml
values.yaml
# The default configuration uses this secret to configure an admin user
# If you don't need that user or use a different security realm then you can disable it
adminSecret: true
hostNetworking: false
# When enabling LDAP or another non-Jenkins identity source, the built-in admin account will no longer exist.
# If you disable the non-Jenkins identity store and instead use the Jenkins internal one,
# you should revert controller.adminUser to your preferred admin user:
adminUser: "terinnova-admin"
# adminPassword: <defaults to random>
admin:
existingSecret: ""
userKey: jenkins-admin-user
passwordKey: jenkins-admin-password
# This values should not be changed unless you use your custom image of jenkins or any devired from. If you want to use
# Cloudbees Jenkins Distribution docker, you should set jenkinsHome: "/var/cloudbees-jenkins-distribution"
jenkinsHome: "/var/jenkins_home"
# This values should not be changed unless you use your custom image of jenkins or any devired from. If you want to use
# Cloudbees Jenkins Distribution docker, you should set jenkinsRef: "/usr/share/cloudbees-jenkins-distribution/ref"
jenkinsRef: "/usr/share/jenkins/ref"
# Path to the jenkins war file which is used by jenkins-plugin-cli.
jenkinsWar: "/usr/share/jenkins/jenkins.war"
# Overrides the default arguments passed to the war
# overrideArgs:
# - --httpPort=8080
resources:
requests:
cpu: "50m"
memory: "256Mi"
limits:
cpu: "2000m"
memory: "4096Mi"
# Share process namespace to allow sidecar containers to interact with processes in other containers in the same pod
shareProcessNamespace: false
config installation de plugins
"values.yaml
...
# List of plugins to be install during Jenkins controller start
installPlugins:
- kubernetes:3937.vd7b_82db_e347b_
- workflow-aggregator:596.v8c21c963d92d
- git:5.2.0
- configuration-as-code:1647.ve39ca_b_829b_42
- gitlab-plugin:1.7.14
- docker-plugin:1.4
- docker-commons:439.va_3cb_0a_6a_fb_29
- docker-workflow:563.vd5d2e5c4007f
- ansible:240.vc26740a_625c0
- sonar:2.15
- sonarqube-generic-coverage:1.0
- blueocean:1.27.4
- pipeline-stage-step:305.ve96d0205c1c6
- pipeline-build-step:496.v2449a_9a_221f2
- keycloak:2.3.2
- oic-auth:2.6
# Set to false to download the minimum required version of all dependencies.
installLatestPlugins: true
# Set to true to download latest dependencies of any plugin that is requested to have the latest version.
installLatestSpecifiedPlugins: false
jenkins configuration as code
Si tu souhaites utiliser un fichier de configuration as code, alors il faut activer defaultConfig: true. puis dans le configmap qui sera crée dans kubernetes, tu peux coller le contenu de ton fichier de config as code puis redemarrer le deploiement jenkins.
values.yaml
...
JCasC:
defaultConfig: true
configUrls: []
# - https://acme.org/jenkins.yaml
# Remote URL:s for configuration files.
configScripts: {}
# welcome-message: |
# jenkins:
# systemMessage: Welcome to our CI\CD server. This Jenkins is configured and managed 'as code'.
# Allows adding to the top-level security JCasC section. For legacy, default the chart includes apiToken configurations
security:
apiToken:
creationOfLegacyTokenEnabled: false
tokenGenerationOnCreationEnabled: false
usageStatisticsEnabled: true
# Ignored if securityRealm is defined in controller.JCasC.configScripts
securityRealm: |-
local:
allowsSignup: false
enableCaptcha: false
users:
- id: "${chart-admin-username}"
name: "Jenkins Admin"
password: "${chart-admin-password}"
# Ignored if authorizationStrategy is defined in controller.JCasC.configScripts
authorizationStrategy: |-
loggedInUsersCanDoAnything:
allowAnonymousRead: false
# Optionally specify additional init-containers
customInitContainers: []
# - name: custom-init
# image: "alpine:3.7"
# imagePullPolicy: Always
# command: [ "uname", "-a" ]
config as code par default avec configuration de l'acces par OIDC avec keycloak
configAsCode-default.yaml
jenkins:
agentProtocols:
- "JNLP4-connect"
- "Ping"
authorizationStrategy:
loggedInUsersCanDoAnything:
allowAnonymousRead: false
clouds:
- kubernetes:
containerCap: 10
containerCapStr: "10"
jenkinsTunnel: "jenkins-agent.jenkins.svc.cluster.local:50000"
jenkinsUrl: "jenkins.terinnova.com"
name: "kubernetes"
namespace: "jenkins"
podLabels:
- key: "jenkins/jenkins-jenkins-agent"
value: "true"
serverUrl: "https://kubernetes.default"
templates:
- containers:
- args: "^${computer.jnlpmac} ^${computer.name}"
envVars:
- envVar:
key: "JENKINS_URL"
value: "jenkins.terinnova.com"
image: "jenkins/inbound-agent:3107.v665000b_51092-15"
name: "jnlp"
resourceLimitCpu: "512m"
resourceLimitMemory: "512Mi"
resourceRequestCpu: "512m"
resourceRequestMemory: "512Mi"
workingDir: "/home/jenkins/agent"
id: "af336ddf87858dd02fb41a326ed9977da1515e635e70f86c32ff9ab887c9e8ae"
label: "jenkins-jenkins-agent"
name: "default"
namespace: "jenkins"
nodeUsageMode: NORMAL
podRetention: "never"
serviceAccount: "default"
slaveConnectTimeout: 100
slaveConnectTimeoutStr: "100"
yamlMergeStrategy: "override"
crumbIssuer:
standard:
excludeClientIPFromCrumb: true
disableRememberMe: true
labelAtoms:
- name: "built-in"
- name: "jenkins-jenkins-agent"
markupFormatter: "plainText"
mode: NORMAL
myViewsTabBar: "standard"
numExecutors: 0
primaryView:
all:
name: "all"
projectNamingStrategy: "standard"
quietPeriod: 5
remotingSecurity:
enabled: true
scmCheckoutRetryCount: 0
securityRealm:
oic:
authorizationServerUrl: "https://keycloak.terinnova.com/auth/realms/terinnova/protocol/openid-connect/auth"
automanualconfigure: "manual"
clientId: "jenkins-id"
clientSecret: "{AQAAABAAAAAwEawdIS4skvfFoq1A/HfCadpEKnaVNaH6TjKf8gknptlVIwTxAjjYnGC/0QXOyFmw1Mxubrq53sFzHroGAQk+2A==}"
disableSslVerification: false
emailFieldName: "email"
endSessionEndpoint: "https://keycloak.terinnova.com/auth/realms/terinnova/protocol/openid-connect/logout"
escapeHatchSecret: "{AQAAABAAAAAQ4clRSIIUbE+tC0Fz4U7ToAjoI1L7HN2cZ3OGkiPOKjU=}"
fullNameFieldName: "name"
groupsFieldName: "groups"
postLogoutRedirectUrl: "https://jenkins.terinnova.com"
scopes: "openid preferred_username"
tokenAuthMethod: "client_secret_post"
tokenServerUrl: "https://keycloak.terinnova.com/auth/realms/terinnova/protocol/openid-connect/token"
userInfoServerUrl: "https://keycloak.terinnova.com/auth/realms/terinnova/protocol/openid-connect/userinfo"
userNameField: "preferred_username"
slaveAgentPort: 50000
updateCenter:
sites:
- id: "default"
url: "https://updates.jenkins.io/update-center.json"
views:
- all:
name: "all"
viewsTabBar: "standard"
globalCredentialsConfiguration:
configuration:
providerFilter: "none"
typeFilter: "none"
security:
apiToken:
creationOfLegacyTokenEnabled: false
tokenGenerationOnCreationEnabled: false
usageStatisticsEnabled: true
gitHooks:
allowedOnAgents: false
allowedOnController: false
gitHostKeyVerificationConfiguration:
sshHostKeyVerificationStrategy: "knownHostsFileVerificationStrategy"
sSHD:
port: -1
unclassified:
bitbucketEndpointConfiguration:
endpoints:
- bitbucketCloudEndpoint:
enableCache: false
manageHooks: false
repositoriesCacheDuration: 0
teamCacheDuration: 0
buildDiscarders:
configuredBuildDiscarders:
- "jobBuildDiscarder"
fingerprints:
fingerprintCleanupDisabled: false
storage: "file"
gitHubConfiguration:
apiRateLimitChecker: ThrottleForNormalize
gitHubPluginConfig:
hookUrl: "https://jenkins.terinnova.com/github-webhook/"
gitLabConnectionConfig:
connections:
- clientBuilderId: "autodetect"
connectionTimeout: 10
ignoreCertificateErrors: false
readTimeout: 10
useAuthenticatedEndpoint: true
junitTestResultStorage:
storage: "file"
location:
adminAddress: "Adresse pas encore configurée <nobody@nowhere>"
url: "https://jenkins.terinnova.com/"
mailer:
charset: "UTF-8"
useSsl: false
useTls: false
pollSCM:
pollingThreadCount: 10
prismConfiguration:
theme: PRISM
scmGit:
addGitTagAction: false
allowSecondFetch: false
createAccountBasedOnEmail: false
disableGitToolChooser: false
hideCredentials: false
showEntireCommitSummaryInChanges: false
useExistingAccountWithSameEmail: false
sonarGlobalConfiguration:
buildWrapperEnabled: false
tool:
git:
installations:
- home: "git"
name: "Default"
mavenGlobalConfig:
globalSettingsProvider: "standard"
settingsProvider: "standard"
config ingress
values.yaml
...
ingress:
enabled: true
# Override for the default paths that map requests to the backend
paths: []
# - backend:
# serviceName: ssl-redirect
# servicePort: use-annotation
# - backend:
# serviceName: >-
# {{ template "jenkins.fullname" . }}
# # Don't use string here, use only integer value!
# servicePort: 8080
# For Kubernetes v1.14+, use 'networking.k8s.io/v1beta1'
# For Kubernetes v1.19+, use 'networking.k8s.io/v1'
apiVersion: "networking.k8s.io/v1"
labels:
app: jenkins
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt
# For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
# ingressClassName: nginx
# Set this path to jenkinsUriPrefix above or use annotations to rewrite path
path: "/"
# configures the hostname e.g. jenkins.example.com
hostName: jenkins.terinnova.com
tls:
- secretName: jenkins-letsencrypt
hosts:
- jenkins.terinnova.com
configuration l'agent jenkins
values.yaml
...
agent:
enabled: true
defaultsProviderTemplate: ""
# URL for connecting to the Jenkins controller
jenkinsUrl: jenkins.terinnova.com
# connect to the specified host and port, instead of connecting directly to the Jenkins controller
jenkinsTunnel:
kubernetesConnectTimeout: 5
kubernetesReadTimeout: 15
maxRequestsPerHostStr: "32"
namespace:
# private registry for agent image
jnlpregistry:
image: "jenkins/inbound-agent"
tag: "3107.v665000b_51092-15"
workingDir: "/home/jenkins/agent"
nodeUsageMode: "NORMAL"
customJenkinsLabels: []
# name of the secret to be used for image pulling
imagePullSecretName:
componentName: "jenkins-agent"
websocket: false
directConnection: false
privileged: false
runAsUser:
runAsGroup:
hostNetworking: false
resources:
requests:
cpu: "512m"
memory: "512Mi"
limits:
cpu: "512m"
memory: "512Mi"
livenessProbe: {}
config persistent volume
values.yaml
...
persistence:
enabled: true
## A manually managed Persistent Volume and Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
existingClaim:
## jenkins data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass:
annotations: {}
labels: {}
accessMode: "ReadWriteOnce"
size: "100Gi"
volumes:
# - name: nothing
# emptyDir: {}
mounts:
# - mountPath: /var/nothing
# name: nothing
# readOnly: true