easzlab
/
kubeasz
mirror of https://github.com/easzlab/kubeasz.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update jenkins and plugins (#258)

pull/270/head
lusyoe 2018-07-16 10:40:08 +08:00 committed by jmgao
parent fd75e942e5
commit ecca73ae41
5 changed files with 59 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
manifests/jenkins/Chart.yaml
View File

@ -1,7 +1,7 @@
name: jenkins name: jenkins
home: https://jenkins.io/ home: https://jenkins.io/
version: 0.16.1 version: 0.16.6
appVersion: 2.107 appVersion: 2.121.1
description: Open source continuous integration server. It supports multiple SCM tools description: Open source continuous integration server. It supports multiple SCM tools
including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based
projects as well as arbitrary scripts. projects as well as arbitrary scripts.

25
manifests/jenkins/README.md
View File

@ -33,23 +33,24 @@ The following tables list the configurable parameters of the Jenkins chart and t
| `Master.Name` | Jenkins master name | `jenkins-master` | | `Master.Name` | Jenkins master name | `jenkins-master` |
| `Master.Image` | Master image name | `jenkinsci/jenkins` | | `Master.Image` | Master image name | `jenkinsci/jenkins` |
| `Master.ImageTag` | Master image tag | `lts` | | `Master.ImageTag` | Master image tag | `lts` |
| `Master.ImagePullPolicy` | Master image pull policy | `IfNotPresent` | | `Master.ImagePullPolicy` | Master image pull policy | `Always` |
| `Master.ImagePullSecret` | Master image pull secret | Not set | | `Master.ImagePullSecret` | Master image pull secret | Not set |
| `Master.Component` | k8s selector key | `jenkins-master` | | `Master.Component` | k8s selector key | `jenkins-master` |
| `Master.UseSecurity` | Use basic security | `true` | | `Master.UseSecurity` | Use basic security | `true` |
| `Master.AdminUser` | Admin username (and password) created as a secret if useSecurity is true | `admin` | | `Master.AdminUser` | Admin username (and password) created as a secret if useSecurity is true | `admin` |
| `Master.Cpu` | Master requested cpu | `200m` | | `Master.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 50m, memory: 256Mi}, limits: {cpu: 2000m, memory: 2048Mi}}`|
| `Master.Memory` | Master requested memory | `512Mi` |
| `Master.InitContainerEnv` | Environment variables for Init Container | Not set | | `Master.InitContainerEnv` | Environment variables for Init Container | Not set |
| `Master.ContainerEnv` | Environment variables for Jenkins Container | Not set | | `Master.ContainerEnv` | Environment variables for Jenkins Container | Not set |
| `Master.UsePodSecurityContext` | Enable pod security context (must be `true` if `RunAsUser` or `FsGroup` are set) | `true` |
| `Master.RunAsUser` | uid that jenkins runs with | `0` | | `Master.RunAsUser` | uid that jenkins runs with | `0` |
| `Master.FsGroup` | uid that will be used for persistent volume | `0` | | `Master.FsGroup` | uid that will be used for persistent volume | `0` |
| `Master.ServiceAnnotations` | Service annotations | `{}` | | `Master.ServiceAnnotations` | Service annotations | `{}` |
| `Master.ServiceType` | k8s service type | `ClusterIP` | | `Master.ServiceType` | k8s service type | `LoadBalancer` |
| `Master.ServicePort` | k8s service port | `8080` | | `Master.ServicePort` | k8s service port | `8080` |
| `Master.NodePort` | k8s node port | Not set | | `Master.NodePort` | k8s node port | Not set |
| `Master.HealthProbes` | Enable k8s liveness and readiness probes | `true` | | `Master.HealthProbes` | Enable k8s liveness and readiness probes | `true` |
| `Master.HealthProbesTimeout` | Set the timeout for the liveness and readiness probes | `120` | | `Master.HealthProbesLivenessTimeout` | Set the timeout for the liveness probe | `120` |
| `Master.HealthProbesReadinessTimeout` | Set the timeout for the readiness probe | `60` |
| `Master.HealthProbeLivenessFailureThreshold` | Set the failure threshold for the liveness probe | `12` | | `Master.HealthProbeLivenessFailureThreshold` | Set the failure threshold for the liveness probe | `12` |
| `Master.ContainerPort` | Master listening port | `8080` | | `Master.ContainerPort` | Master listening port | `8080` |
| `Master.SlaveListenerPort` | Listening port for agents | `50000` | | `Master.SlaveListenerPort` | Listening port for agents | `50000` |
@ -72,10 +73,11 @@ The following tables list the configurable parameters of the Jenkins chart and t
| `Master.NodeSelector` | Node labels for pod assignment | `{}` | | `Master.NodeSelector` | Node labels for pod assignment | `{}` |
| `Master.Affinity` | Affinity settings | `{}` | | `Master.Affinity` | Affinity settings | `{}` |
| `Master.Tolerations` | Toleration labels for pod assignment | `{}` | | `Master.Tolerations` | Toleration labels for pod assignment | `{}` |
| `Master.PodAnnotations` | Annotations for master pod | `{}` |
| `NetworkPolicy.Enabled` | Enable creation of NetworkPolicy resources. | `false` | | `NetworkPolicy.Enabled` | Enable creation of NetworkPolicy resources. | `false` |
| `NetworkPolicy.ApiVersion` | NetworkPolicy ApiVersion | `extensions/v1beta1` | | `NetworkPolicy.ApiVersion` | NetworkPolicy ApiVersion | `extensions/v1beta1` |
| `rbac.install` | Create service account and ClusterRoleBinding for Kubernetes plugin | `true` | | `rbac.install` | Create service account and ClusterRoleBinding for Kubernetes plugin | `false` |
| `rbac.apiVersion` | RBAC API version | `v1` | | `rbac.apiVersion` | RBAC API version | `v1beta1` |
| `rbac.roleRef` | Cluster role name to bind to | `cluster-admin` | | `rbac.roleRef` | Cluster role name to bind to | `cluster-admin` |
### Jenkins Agent ### Jenkins Agent
@ -84,12 +86,11 @@ The following tables list the configurable parameters of the Jenkins chart and t
| ----------------------- | ----------------------------------------------- | ---------------------- | | ----------------------- | ----------------------------------------------- | ---------------------- |
| `Agent.AlwaysPullImage` | Always pull agent container image before build | `false` | | `Agent.AlwaysPullImage` | Always pull agent container image before build | `false` |
| `Agent.Enabled` | Enable Kubernetes plugin jnlp-agent podTemplate | `true` | | `Agent.Enabled` | Enable Kubernetes plugin jnlp-agent podTemplate | `true` |
| `Agent.Image` | Agent image name | `jenkins/jnlp-slave` | | `Agent.Image` | Agent image name | `jenkinsci/jnlp-slave` |
| `Agent.ImagePullSecret` | Agent image pull secret | Not set | | `Agent.ImagePullSecret` | Agent image pull secret | Not set |
| `Agent.ImageTag` | Agent image tag | `latest` | | `Agent.ImageTag` | Agent image tag | `2.62` |
| `Agent.Privileged` | Agent privileged container | `false` | | `Agent.Privileged` | Agent privileged container | `false` |
| `Agent.Cpu` | Agent requested cpu | `200m` | | `Agent.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 200m, memory: 256Mi}, limits: {cpu: 200m, memory: 256Mi}}`|
| `Agent.Memory` | Agent requested memory | `256Mi` |
| `Agent.volumes` | Additional volumes | `nil` | | `Agent.volumes` | Additional volumes | `nil` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
@ -149,7 +150,7 @@ It is possible to mount several volumes using `Persistence.volumes` and `Persist
| `Persistence.Size` | The size of the PVC | `8Gi` | | `Persistence.Size` | The size of the PVC | `8Gi` |
| `Persistence.volumes` | Additional volumes | `nil` | | `Persistence.volumes` | Additional volumes | `nil` |
| `Persistence.mounts` | Additional mounts | `nil` | | `Persistence.mounts` | Additional mounts | `nil` |
| `Persistence.StorageClass` | The PV Provisioner | `nfs-dynamic-class`| | `Persistence.StorageClass` | The PV Provisioner | `nfs-dynamic-class`|
#### Existing PersistentVolumeClaim #### Existing PersistentVolumeClaim

11
manifests/jenkins/templates/config.yaml
View File

@ -67,10 +67,13 @@ data:
<command></command> <command></command>
<args>${computer.jnlpmac} ${computer.name}</args> <args>${computer.jnlpmac} ${computer.name}</args>
<ttyEnabled>false</ttyEnabled> <ttyEnabled>false</ttyEnabled>
<resourceRequestCpu>{{.Values.Agent.Cpu}}</resourceRequestCpu> # Resources configuration is a little hacky. This was to prevent breaking
<resourceRequestMemory>{{.Values.Agent.Memory}}</resourceRequestMemory> # changes, and should be cleanned up in the future once everybody had
<resourceLimitCpu>{{.Values.Agent.Cpu}}</resourceLimitCpu> # enough time to migrate.
<resourceLimitMemory>{{.Values.Agent.Memory}}</resourceLimitMemory> <resourceRequestCpu>{{.Values.Agent.Cpu | default .Values.Agent.resources.requests.cpu}}</resourceRequestCpu>
<resourceRequestMemory>{{.Values.Agent.Memory | default .Values.Agent.resources.requests.memory}}</resourceRequestMemory>
<resourceLimitCpu>{{.Values.Agent.Cpu | default .Values.Agent.resources.limits.cpu}}</resourceLimitCpu>
<resourceLimitMemory>{{.Values.Agent.Memory | default .Values.Agent.resources.limits.memory}}</resourceLimitMemory>
</org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate> </org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
</containers> </containers>
<envVars/> <envVars/>

13
manifests/jenkins/templates/jenkins-master-deployment.yaml
View File

@ -24,6 +24,9 @@ spec:
component: "{{ .Release.Name }}-{{ .Values.Master.Component }}" component: "{{ .Release.Name }}-{{ .Values.Master.Component }}"
annotations: annotations:
checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
{{- if .Values.Master.PodAnnotations }}
{{ toYaml .Values.Master.PodAnnotations | indent 8 }}
{{- end }}
spec: spec:
{{- if .Values.Master.NodeSelector }} {{- if .Values.Master.NodeSelector }}
nodeSelector: nodeSelector:
@ -37,12 +40,14 @@ spec:
affinity: affinity:
{{ toYaml .Values.Master.Affinity | indent 8 }} {{ toYaml .Values.Master.Affinity | indent 8 }}
{{- end }} {{- end }}
{{- if .Values.Master.UsePodSecurityContext }}
securityContext: securityContext:
runAsUser: {{ default 0 .Values.Master.RunAsUser }} runAsUser: {{ default 0 .Values.Master.RunAsUser }}
{{- if and (.Values.Master.RunAsUser) (.Values.Master.FsGroup) }} {{- if and (.Values.Master.RunAsUser) (.Values.Master.FsGroup) }}
{{- if not (eq .Values.Master.RunAsUser 0.0) }} {{- if not (eq .Values.Master.RunAsUser 0.0) }}
fsGroup: {{ .Values.Master.FsGroup }} fsGroup: {{ .Values.Master.FsGroup }}
{{- end }} {{- end }}
{{- end }}
{{- end }} {{- end }}
serviceAccountName: {{ if .Values.rbac.install }}{{ template "jenkins.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} serviceAccountName: {{ if .Values.rbac.install }}{{ template "jenkins.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }}
initContainers: initContainers:
@ -128,19 +133,23 @@ spec:
httpGet: httpGet:
path: /login path: /login
port: http port: http
initialDelaySeconds: {{ .Values.Master.HealthProbesTimeout }} initialDelaySeconds: {{ .Values.Master.HealthProbesLivenessTimeout }}
timeoutSeconds: 5 timeoutSeconds: 5
failureThreshold: {{ .Values.Master.HealthProbeLivenessFailureThreshold }} failureThreshold: {{ .Values.Master.HealthProbeLivenessFailureThreshold }}
readinessProbe: readinessProbe:
httpGet: httpGet:
path: /login path: /login
port: http port: http
initialDelaySeconds: {{ .Values.Master.HealthProbesTimeout }} initialDelaySeconds: {{ .Values.Master.HealthProbesReadinessTimeout }}
{{- end }} {{- end }}
resources: resources:
{{ if or .Values.Master.Cpu .Values.Master.Memory }}
requests: requests:
cpu: "{{ .Values.Master.Cpu }}" cpu: "{{ .Values.Master.Cpu }}"
memory: "{{ .Values.Master.Memory }}" memory: "{{ .Values.Master.Memory }}"
{{ else }}
{{ toYaml .Values.Master.resources | indent 12 }}
{{ end }}
volumeMounts: volumeMounts:
{{- if .Values.Persistence.mounts }} {{- if .Values.Persistence.mounts }}
{{ toYaml .Values.Persistence.mounts | indent 12 }} {{ toYaml .Values.Persistence.mounts | indent 12 }}

36
manifests/jenkins/values.yaml
View File

@ -18,8 +18,13 @@ Master:
UseSecurity: true UseSecurity: true
AdminUser: admin AdminUser: admin
AdminPassword: admin AdminPassword: admin
Cpu: "200m" resources:
Memory: "512Mi" requests:
cpu: "50m"
memory: "256Mi"
limits:
cpu: "2000m"
memory: "2048Mi"
# Environment variables that get added to the init container (useful for e.g. http_proxy) # Environment variables that get added to the init container (useful for e.g. http_proxy)
# InitContainerEnv: # InitContainerEnv:
# - name: http_proxy # - name: http_proxy
@ -31,6 +36,10 @@ Master:
# JavaOpts: "-Xms512m -Xmx512m" # JavaOpts: "-Xms512m -Xmx512m"
# JenkinsOpts: "" # JenkinsOpts: ""
# JenkinsUriPrefix: "/jenkins" # JenkinsUriPrefix: "/jenkins"
# Enable pod security context (must be `true` if RunAsUser or FsGroup are set)
# UsePodSecurityContext: true
# Set RunAsUser to 1000 to let Jenkins run as non-root user 'jenkins' which exists in 'jenkins/jenkins' docker image. # Set RunAsUser to 1000 to let Jenkins run as non-root user 'jenkins' which exists in 'jenkins/jenkins' docker image.
# When setting RunAsUser to a different value than 0 also set FsGroup to the same value: # When setting RunAsUser to a different value than 0 also set FsGroup to the same value:
# RunAsUser: <defaults to 0> # RunAsUser: <defaults to 0>
@ -47,9 +56,10 @@ Master:
# NodePort: <to set explicitly, choose port between 30000-32767 # NodePort: <to set explicitly, choose port between 30000-32767
ContainerPort: 8080 ContainerPort: 8080
# Enable Kubernetes Liveness and Readiness Probes # Enable Kubernetes Liveness and Readiness Probes
# ~ 2 minutes to allow Jenkins to restart when upgrading plugins. Set ReadinessTimeout to be shorter than LivenessTimeout.
HealthProbes: true HealthProbes: true
HealthProbesTimeout: 60 HealthProbesLivenessTimeout: 90
# ~2 minutes to allow Jenkins to restart when upgrading plugins HealthProbesReadinessTimeout: 60
HealthProbeLivenessFailureThreshold: 12 HealthProbeLivenessFailureThreshold: 12
SlaveListenerPort: 50000 SlaveListenerPort: 50000
DisabledAgentProtocols: DisabledAgentProtocols:
@ -84,12 +94,12 @@ Master:
# List of plugins to be install during Jenkins master start # List of plugins to be install during Jenkins master start
InstallPlugins: InstallPlugins:
- kubernetes:1.6.3 - kubernetes:1.10.0
- workflow-aggregator:2.5 - workflow-aggregator:2.5
- workflow-job:2.21 - workflow-job:2.21
- credentials-binding:1.16 - credentials-binding:1.16
- git:3.9.0 - git:3.9.1
- gitlab:1.5.6 - gitlab:1.5.8
# Used to approve a list of groovy functions in pipelines used the script-security plugin. Can be viewed under /scriptApproval # Used to approve a list of groovy functions in pipelines used the script-security plugin. Can be viewed under /scriptApproval
# ScriptApproval: # ScriptApproval:
# - "method groovy.json.JsonSlurperClassic parseText java.lang.String" # - "method groovy.json.JsonSlurperClassic parseText java.lang.String"
@ -115,6 +125,7 @@ Master:
NodeSelector: {} NodeSelector: {}
Tolerations: {} Tolerations: {}
PodAnnotations: {}
Ingress: Ingress:
ApiVersion: extensions/v1beta1 ApiVersion: extensions/v1beta1
@ -129,13 +140,18 @@ Master:
Agent: Agent:
Enabled: true Enabled: true
Image: jenkins/jnlp-slave Image: jenkinsci/jnlp-slave
ImageTag: alpine ImageTag: alpine
# ImagePullSecret: jenkins # ImagePullSecret: jenkins
Component: "jenkins-slave" Component: "jenkins-slave"
Privileged: false Privileged: false
Cpu: "200m" resources:
Memory: "256Mi" requests:
cpu: "200m"
memory: "256Mi"
limits:
cpu: "200m"
memory: "256Mi"
# You may want to change this to true while testing a new image # You may want to change this to true while testing a new image
AlwaysPullImage: false AlwaysPullImage: false
# You can define the volumes that you want to mount for this container # You can define the volumes that you want to mount for this container