mirror of https://github.com/easzlab/kubeasz.git
232 lines
8.2 KiB
YAML
232 lines
8.2 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: {{ template "jenkins.fullname" . }}
|
|
labels:
|
|
heritage: {{ .Release.Service | quote }}
|
|
release: {{ .Release.Name | quote }}
|
|
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
|
component: "{{ .Release.Name }}-{{ .Values.Master.Name }}"
|
|
spec:
|
|
replicas: 1
|
|
strategy:
|
|
type: RollingUpdate
|
|
selector:
|
|
matchLabels:
|
|
component: "{{ .Release.Name }}-{{ .Values.Master.Component }}"
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: {{ template "jenkins.fullname" . }}
|
|
heritage: {{ .Release.Service | quote }}
|
|
release: {{ .Release.Name | quote }}
|
|
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
|
component: "{{ .Release.Name }}-{{ .Values.Master.Component }}"
|
|
annotations:
|
|
checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
|
|
{{- if .Values.Master.PodAnnotations }}
|
|
{{ toYaml .Values.Master.PodAnnotations | indent 8 }}
|
|
{{- end }}
|
|
spec:
|
|
{{- if .Values.Master.NodeSelector }}
|
|
nodeSelector:
|
|
{{ toYaml .Values.Master.NodeSelector | indent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.Master.Tolerations }}
|
|
tolerations:
|
|
{{ toYaml .Values.Master.Tolerations | indent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.Master.Affinity }}
|
|
affinity:
|
|
{{ toYaml .Values.Master.Affinity | indent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.Master.UsePodSecurityContext }}
|
|
securityContext:
|
|
runAsUser: {{ default 0 .Values.Master.RunAsUser }}
|
|
{{- if and (.Values.Master.RunAsUser) (.Values.Master.FsGroup) }}
|
|
{{- if not (eq .Values.Master.RunAsUser 0.0) }}
|
|
fsGroup: {{ .Values.Master.FsGroup }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
serviceAccountName: {{ if .Values.rbac.install }}{{ template "jenkins.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }}
|
|
initContainers:
|
|
- name: "copy-default-config"
|
|
image: "{{ .Values.Master.Image }}:{{ .Values.Master.ImageTag }}"
|
|
imagePullPolicy: "{{ .Values.Master.ImagePullPolicy }}"
|
|
command: [ "sh", "/var/jenkins_config/apply_config.sh" ]
|
|
{{- if .Values.Master.InitContainerEnv }}
|
|
env:
|
|
{{ toYaml .Values.Master.InitContainerEnv | indent 12 }}
|
|
{{- end }}
|
|
volumeMounts:
|
|
-
|
|
mountPath: /var/jenkins_home
|
|
name: jenkins-home
|
|
-
|
|
mountPath: /var/jenkins_config
|
|
name: jenkins-config
|
|
{{- if .Values.Master.CredentialsXmlSecret }}
|
|
-
|
|
mountPath: /var/jenkins_credentials
|
|
name: jenkins-credentials
|
|
readOnly: true
|
|
{{- end }}
|
|
{{- if .Values.Master.SecretsFilesSecret }}
|
|
-
|
|
mountPath: /var/jenkins_secrets
|
|
name: jenkins-secrets
|
|
readOnly: true
|
|
{{- end }}
|
|
{{- if .Values.Master.Jobs }}
|
|
-
|
|
mountPath: /var/jenkins_jobs
|
|
name: jenkins-jobs
|
|
readOnly: true
|
|
{{- end }}
|
|
{{- if .Values.Master.InstallPlugins }}
|
|
-
|
|
mountPath: /var/jenkins_plugins
|
|
name: plugin-dir
|
|
{{- end }}
|
|
-
|
|
mountPath: /usr/share/jenkins/ref/secrets/
|
|
name: secrets-dir
|
|
containers:
|
|
- name: {{ template "jenkins.fullname" . }}
|
|
image: "{{ .Values.Master.Image }}:{{ .Values.Master.ImageTag }}"
|
|
imagePullPolicy: "{{ .Values.Master.ImagePullPolicy }}"
|
|
{{- if .Values.Master.UseSecurity }}
|
|
args: [ "--argumentsRealm.passwd.$(ADMIN_USER)=$(ADMIN_PASSWORD)", "--argumentsRealm.roles.$(ADMIN_USER)=admin"]
|
|
{{- end }}
|
|
env:
|
|
- name: JAVA_OPTS
|
|
value: "{{ default "" .Values.Master.JavaOpts}}"
|
|
- name: JENKINS_OPTS
|
|
value: "{{ if .Values.Master.JenkinsUriPrefix }}--prefix={{ .Values.Master.JenkinsUriPrefix }} {{ end }}{{ default "" .Values.Master.JenkinsOpts}}"
|
|
{{- if .Values.Master.UseSecurity }}
|
|
- name: ADMIN_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ template "jenkins.fullname" . }}
|
|
key: jenkins-admin-password
|
|
- name: ADMIN_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ template "jenkins.fullname" . }}
|
|
key: jenkins-admin-user
|
|
{{- end }}
|
|
{{- if .Values.Master.ContainerEnv }}
|
|
{{ toYaml .Values.Master.ContainerEnv | indent 12 }}
|
|
{{- end }}
|
|
ports:
|
|
- containerPort: {{ .Values.Master.ContainerPort }}
|
|
name: http
|
|
- containerPort: {{ .Values.Master.SlaveListenerPort }}
|
|
name: slavelistener
|
|
{{- if .Values.Master.JMXPort }}
|
|
- containerPort: {{ .Values.Master.JMXPort }}
|
|
name: jmx
|
|
{{- end }}
|
|
{{- if .Values.Master.HealthProbes }}
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /login
|
|
port: http
|
|
initialDelaySeconds: {{ .Values.Master.HealthProbesLivenessTimeout }}
|
|
timeoutSeconds: 5
|
|
failureThreshold: {{ .Values.Master.HealthProbeLivenessFailureThreshold }}
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /login
|
|
port: http
|
|
initialDelaySeconds: {{ .Values.Master.HealthProbesReadinessTimeout }}
|
|
{{- end }}
|
|
resources:
|
|
{{ if or .Values.Master.Cpu .Values.Master.Memory }}
|
|
requests:
|
|
cpu: "{{ .Values.Master.Cpu }}"
|
|
memory: "{{ .Values.Master.Memory }}"
|
|
{{ else }}
|
|
{{ toYaml .Values.Master.resources | indent 12 }}
|
|
{{ end }}
|
|
volumeMounts:
|
|
{{- if .Values.Persistence.mounts }}
|
|
{{ toYaml .Values.Persistence.mounts | indent 12 }}
|
|
{{- end }}
|
|
-
|
|
mountPath: /var/jenkins_home
|
|
name: jenkins-home
|
|
readOnly: false
|
|
-
|
|
mountPath: /var/jenkins_config
|
|
name: jenkins-config
|
|
readOnly: true
|
|
{{- if .Values.Master.CredentialsXmlSecret }}
|
|
-
|
|
mountPath: /var/jenkins_credentials
|
|
name: jenkins-credentials
|
|
readOnly: true
|
|
{{- end }}
|
|
{{- if .Values.Master.SecretsFilesSecret }}
|
|
-
|
|
mountPath: /var/jenkins_secrets
|
|
name: jenkins-secrets
|
|
readOnly: true
|
|
{{- end }}
|
|
{{- if .Values.Master.Jobs }}
|
|
-
|
|
mountPath: /var/jenkins_jobs
|
|
name: jenkins-jobs
|
|
readOnly: true
|
|
{{- end }}
|
|
{{- if .Values.Master.InstallPlugins }}
|
|
-
|
|
mountPath: /usr/share/jenkins/ref/plugins/
|
|
name: plugin-dir
|
|
readOnly: false
|
|
{{- end }}
|
|
-
|
|
mountPath: /usr/share/jenkins/ref/secrets/
|
|
name: secrets-dir
|
|
readOnly: false
|
|
volumes:
|
|
{{- if .Values.Persistence.volumes }}
|
|
{{ toYaml .Values.Persistence.volumes | indent 6 }}
|
|
{{- end }}
|
|
- name: jenkins-config
|
|
configMap:
|
|
name: {{ template "jenkins.fullname" . }}
|
|
{{- if .Values.Master.CredentialsXmlSecret }}
|
|
- name: jenkins-credentials
|
|
secret:
|
|
secretName: {{ .Values.Master.CredentialsXmlSecret }}
|
|
{{- end }}
|
|
{{- if .Values.Master.SecretsFilesSecret }}
|
|
- name: jenkins-secrets
|
|
secret:
|
|
secretName: {{ .Values.Master.SecretsFilesSecret }}
|
|
{{- end }}
|
|
{{- if .Values.Master.Jobs }}
|
|
- name: jenkins-jobs
|
|
configMap:
|
|
name: {{ template "jenkins.fullname" . }}-jobs
|
|
{{- end }}
|
|
{{- if .Values.Master.InstallPlugins }}
|
|
- name: plugin-dir
|
|
emptyDir: {}
|
|
{{- end }}
|
|
- name: secrets-dir
|
|
emptyDir: {}
|
|
- name: jenkins-home
|
|
{{- if .Values.Persistence.Enabled }}
|
|
persistentVolumeClaim:
|
|
claimName: {{ .Values.Persistence.ExistingClaim | default (include "jenkins.fullname" .) }}
|
|
{{- else }}
|
|
emptyDir: {}
|
|
{{- end -}}
|
|
{{- if .Values.Master.ImagePullSecret }}
|
|
imagePullSecrets:
|
|
- name: {{ .Values.Master.ImagePullSecret }}
|
|
{{- end -}}
|