diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 5ace4600a..000000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,6 +0,0 @@ -version: 2 -updates: - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "weekly" diff --git a/.github/renovate-config.json5 b/.github/renovate-config.json5 new file mode 100644 index 000000000..bfaa6f16e --- /dev/null +++ b/.github/renovate-config.json5 @@ -0,0 +1,80 @@ +{ + $schema: "https://docs.renovatebot.com/renovate-schema.json", + onboarding: false, + requireConfig: "ignored", + platform: "github", + repositories: ["jenkinsci/helm-charts"], + allowedPostUpgradeCommands: ["^\.github\/renovate-postupgrade\.sh {{{depName}}} {{{newVersion}}}$"], + prConcurrentLimit: 0, + semanticCommits: "enabled", + enabledManagers: [ + "helm-values", + "github-actions", + "regex", + ], + packageRules: [ + { + matchDepNames: ["jenkins/inbound-agent"], + versioning: "regex:^(?\\d+)?\\.(?\\w+?)?_(?\\w+)?-(?\\d+)?$", + }, + { + matchDepNames: ["jenkins/jenkins"], + versioning: "regex:^(?\\d+?)\\.(?\\d+?)\\.(?\\d+?)(-(?\\w+))?$", + }, + { + matchFileNames: ["charts/jenkins/**"], + postUpgradeTasks: { + commands: [ + ".github/renovate-postupgrade.sh {{{depName}}} {{{newVersion}}}", + ], + fileFilters: ["charts/jenkins/**"], + executionMode: "branch", + }, + }, + ], + customManagers: [ + { + customType: "regex", + fileMatch: ["(^|/)\\.github/workflows/[^/]+\\.ya?ml$", "(^|/)\\.github/[^/]+\\.sh$"], + matchStrings: [ + "# renovate: datasource=(?.*?) depName=(?.*?)( versioning=(?.*?))?\\s+?[\\w\\s-]*?version:? (?.*)\\s", + "# renovate: datasource=(?.*?) depName=(?.*?)( versioning=(?.*?))?\\sENV .*?_VERSION=(?.*)\\s", + ], + }, + { + customType: "regex", + fileMatch: [ + "^charts/jenkins/Chart.yaml$", + "^charts/jenkins/values.yaml$", + ], + matchStrings: [ + "appVersion: (?.*?)\\s", + 'repository: \\"jenkins/jenkins\\"\\s*?# tag: \\"(?.*?)\\"', + ], + depNameTemplate: "jenkins/jenkins", + datasourceTemplate: "docker", + }, + { + customType: "regex", + fileMatch: ["^charts/jenkins/values.yaml$"], + matchStringsStrategy: "recursive", + matchStrings: [ + "installPlugins:[\\s\\w:.-]*?(?:\\r*\\n){2}", + "- (?.*?):(?.*?)\\s", + ], + datasourceTemplate: "jenkins-plugins", + versioningTemplate: "regex:^(?\\d+)?\\.(?\\w+?)?(\\.(?\\d+?))?$", + }, + { + customType: "regex", + fileMatch: ["^charts/jenkins/Chart.yaml$"], + matchStringsStrategy: "recursive", + matchStrings: [ + "artifacthub\\.io\\/images: \\|[\\s\\w:.\\/-]*(?:artifacthub)", + "image: (?.*?):(?.*?)\\s", + ], + datasourceTemplate: "docker", + versioningTemplate: "regex:^(?\\d+)?\\.(?\\w+?)?(_|\\.)(?\\w+)?(-(?\\d+))?.*", + }, + ], +} diff --git a/.github/renovate-entrypoint.sh b/.github/renovate-entrypoint.sh new file mode 100755 index 000000000..23765f3fa --- /dev/null +++ b/.github/renovate-entrypoint.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +# renovate: datasource=github-tags depName=mikefarah/yq +export YQ_VERSION=v4.40.5 + +# renovate: datasource=github-tags depName=helm/helm +export HELM_VERSION=v3.14.0 + +# renovate: datasource=github-tags depName=helm-unittest/helm-unittest +export HELM_UNITTEST_VERSION=v0.3.6 + +# renovate: datasource=github-tags depName=jenkins-x-plugins/jx-release-version +export JENKINS_JX_VERSION=v2.7.3 + +apt update + +apt install -y curl git + +curl -fsSL -o /tmp/helm.tar.gz https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz +mkdir -p /tmp/helm && tar -xf /tmp/helm.tar.gz -C /tmp/helm +mv /tmp/helm/linux-amd64/helm /usr/local/bin/helm +chmod a+x /usr/local/bin/helm + +runuser -u ubuntu -- helm plugin install https://github.com/helm-unittest/helm-unittest --version ${HELM_UNITTEST_VERSION} + +curl -fsSL -o /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 +chmod a+x /usr/local/bin/yq + +curl -fsSL -o /tmp/jx-release.tar.gz https://github.com/jenkins-x-plugins/jx-release-version/releases/download/${JENKINS_JX_VERSION}/jx-release-version-linux-amd64.tar.gz +mkdir -p /tmp/jx && tar -xf /tmp/jx-release.tar.gz -C /tmp/jx +mv /tmp/jx/jx-release-version /usr/local/bin/jx-release-version +chmod a+x /usr/local/bin/jx-release-version + +runuser -u ubuntu renovate diff --git a/.github/renovate-postupgrade.sh b/.github/renovate-postupgrade.sh new file mode 100755 index 000000000..6e97cbf11 --- /dev/null +++ b/.github/renovate-postupgrade.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +CHARTVERSION="$(jx-release-version -previous-version=from-file:charts/jenkins/Chart.yaml)" +export CHARTVERSION +export DEPNAME="$1" +export NEWVERSION="$2" + +helm unittest --strict -f 'unittests/*.yaml' charts/jenkins -u +yq eval '.version = env(CHARTVERSION)' -i charts/jenkins/Chart.yaml +sed -i "/git commit to be able to get more details./a \\\n## ${CHARTVERSION}\n\nUpdate \`${DEPNAME}\` to version \`${NEWVERSION}\`" charts/jenkins/CHANGELOG.md diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index c9b76cc47..446e0634b 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -26,16 +26,19 @@ jobs: - name: Set up Helm uses: azure/setup-helm@v3 with: + # renovate: datasource=github-tags depName=helm/helm version: v3.12.0 - name: Set up Python uses: actions/setup-python@v5 with: + # renovate: datasource=docker depName=python python-version: 3.11.4 - name: Set up chart-testing uses: helm/chart-testing-action@v2 with: + # renovate: datasource=github-tags depName=helm/chart-testing version: v3.8.0 - name: Run chart-testing (list-changed) @@ -50,7 +53,8 @@ jobs: if: steps.list-changed.outputs.changed == 'true' run: | helm env - helm plugin install https://github.com/helm-unittest/helm-unittest --version 0.3.6 + # renovate: datasource=github-tags depName=helm-unittest/helm-unittest + helm plugin install https://github.com/helm-unittest/helm-unittest --version v0.3.6 - name: Run chart-testing (lint) run: ct lint --config ct.yaml diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml new file mode 100644 index 000000000..e4540eae1 --- /dev/null +++ b/.github/workflows/renovate.yaml @@ -0,0 +1,29 @@ +name: Renovate +on: + schedule: + - cron: "0/15 * * * *" + workflow_dispatch: + +jobs: + renovate: + runs-on: ubuntu-latest + steps: + - name: Get token + id: get_token + uses: tibdex/github-app-token@v2 + with: + app_id: ${{ secrets.JENKINS_DEPENDENCY_UPDATER_APP_ID }} + private_key: ${{ secrets.JENKINS_DEPENDENCY_UPDATER_PRIVATE_KEY }} + + - name: Checkout + uses: actions/checkout@v4 + + - name: Self-hosted Renovate + uses: renovatebot/github-action@v40.0.0 + with: + token: "${{ steps.get_token.outputs.token }}" + docker-cmd-file: .github/renovate-entrypoint.sh + docker-user: root + configurationFile: .github/renovate-config.json5 + env: + LOG_LEVEL: 'debug' diff --git a/.github/workflows/sync-lts.yaml b/.github/workflows/sync-lts.yaml deleted file mode 100644 index bc591d9eb..000000000 --- a/.github/workflows/sync-lts.yaml +++ /dev/null @@ -1,77 +0,0 @@ ---- -name: Sync LTS Version - -on: - schedule: - - cron: "0 * * * 3" - workflow_dispatch: - -jobs: - build: - runs-on: ubuntu-latest - steps: - - name: Check out source code - uses: actions/checkout@v4 - - - name: next release version - id: nextversion - uses: jenkins-x-plugins/jx-release-version@v2.7.3 - with: - previous-version: from-file:charts/jenkins/Chart.yaml - - - name: Jenkins LTS version - id: lts - uses: jenkins-infra/jenkins-version@0.5.0 - with: - version-identifier: lts - - - name: Check if update is available - id: update - run: | - CURRENT_VERSION=$(grep -E "^appVersion:" charts/jenkins/Chart.yaml | awk '{print $2}') - if [ "${CURRENT_VERSION}" = "${{ steps.lts.outputs.jenkins_version }}" ]; then - echo "available=false" >> "${GITHUB_OUTPUT}" - else - echo "available=true" >> "${GITHUB_OUTPUT}" - echo "current-version=${CURRENT_VERSION}" >> "${GITHUB_OUTPUT}" - fi - - - name: Update version in Chart.yaml - uses: mikefarah/yq@v4.40.5 - if: ${{ steps.update.outputs.available == 'true' }} - with: - cmd: yq eval '.version = "${{ steps.nextversion.outputs.version }}"' -i charts/jenkins/Chart.yaml - - - name: Update LTS version in files - if: ${{ steps.update.outputs.available == 'true' }} - run: | - grep -ilr ${{ steps.update.outputs.current-version }} charts/jenkins | grep -v CHANGELOG.md | xargs sed -i 's/${{ steps.update.outputs.current-version }}/${{ steps.lts.outputs.jenkins_version }}/g' - - - name: Changelog - if: ${{ steps.update.outputs.available == 'true' }} - run: | - sed -i '/git commit to be able to get more details./a \\n## ${{ steps.nextversion.outputs.version }}\n\nUpdate Jenkins image and appVersion to jenkins lts release version ${{ steps.lts.outputs.jenkins_version }}\n' charts/jenkins/CHANGELOG.md - - - name: Git Diff - if: ${{ steps.update.outputs.available == 'true' }} - run: | - git diff - # update the changelog - - - uses: tibdex/github-app-token@v2 - id: generate-token - with: - app_id: ${{ secrets.JENKINS_DEPENDENCY_UPDATER_APP_ID }} - private_key: ${{ secrets.JENKINS_DEPENDENCY_UPDATER_PRIVATE_KEY }} - - - name: Create Pull Request - id: cpr - uses: peter-evans/create-pull-request@v5 - if: ${{ steps.update.outputs.available == 'true' }} - with: - token: ${{ steps.generate-token.outputs.token }} - commit-message: 'chore(deps): bump lts to ${{ steps.lts.outputs.jenkins_version }}' - author: jenkins-dependency-updater <81680575+jenkins-dependency-updater[bot]@users.noreply.github.com> - committer: jenkins-dependency-updater <81680575+jenkins-dependency-updater[bot]@users.noreply.github.com> - signoff: true - title: 'chore(deps): bump lts to ${{ steps.lts.outputs.jenkins_version }}' diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index d7b1d4f19..3042aecfe 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -56,7 +56,6 @@ $ helm unittest --strict -f 'unittests/*.yaml' charts/jenkins PASS PersistentVolumeClaim charts/jenkins/unittests/home-pvc-test.yaml PASS Configuration as Code charts/jenkins/unittests/jcasc-config-test.yaml PASS Jenkins Agent Service charts/jenkins/unittests/jenkins-agent-svc-test.yaml - PASS Jenkins Backup Cronjob charts/jenkins/unittests/jenkins-backup-cronjob-test.yaml PASS Controller Prometheus PrometheusRule charts/jenkins/unittests/jenkins-controller-alerting-rules-test.yaml PASS Controller Primary Ingress charts/jenkins/unittests/jenkins-controller-ingress-1.19-test.yaml PASS Controller Primary Ingress charts/jenkins/unittests/jenkins-controller-ingress-test.yaml diff --git a/charts/jenkins/CHANGELOG.md b/charts/jenkins/CHANGELOG.md index c75a40bc6..ca35cf03a 100644 --- a/charts/jenkins/CHANGELOG.md +++ b/charts/jenkins/CHANGELOG.md @@ -12,11 +12,17 @@ Use the following links to reference issues, PRs, and commits prior to v2.6.0. The changelog until v1.5.7 was auto-generated based on git commits. Those entries include a reference to the git commit to be able to get more details. +## 5.0.0 + + > [!CAUTION] + > Several fields have been renamed or removed. See [UPGRADING.md](./UPGRADING.md#to-500) + +The Helm Chart is now updated automatically via [Renovate](https://docs.renovatebot.com/) + ## 4.12.1 Update Jenkins image and appVersion to jenkins lts release version 2.426.3 - ## 4.12.0 Add support for [generic ephemeral storage](https://github.com/jenkinsci/kubernetes-plugin/pull/1489) in `agent.volumes` and `agents.workspaceVolume`. diff --git a/charts/jenkins/Chart.yaml b/charts/jenkins/Chart.yaml index 96417da41..e9c9b9c32 100644 --- a/charts/jenkins/Chart.yaml +++ b/charts/jenkins/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: jenkins home: https://jenkins.io/ -version: 4.12.1 +version: 5.0.0 appVersion: 2.426.3 description: Jenkins - Build great things at any scale! The leading open source automation server, Jenkins provides over 1800 plugins to support building, deploying and automating any project. sources: @@ -40,7 +40,5 @@ annotations: image: kiwigrid/k8s-sidecar:1.24.4 - name: inbound-agent image: jenkins/inbound-agent:3192.v713e3b_039fb_e-5 - - name: backup - image: maorfr/kube-tasks:0.2.0 artifacthub.io/category: "integration-delivery" artifacthub.io/license: "Apache-2.0" diff --git a/charts/jenkins/README.md b/charts/jenkins/README.md index 32172e1b6..3b90f8b0f 100644 --- a/charts/jenkins/README.md +++ b/charts/jenkins/README.md @@ -490,315 +490,6 @@ controller: RBAC is enabled by default. If you want to disable it you will need to set `rbac.create` to `false`. -### Backup - -Adds a backup CronJob for jenkins, along with required RBAC resources. See additional `backup` values using [configuration commands](#configuration). - -#### Example: Backup to Google Cloud Storage Bucket - -Let's look at a quick example. Let's pretend we are backing up Jenkins to a **Google Cloud Storage (GCS) Bucket**. Here is what the process would look like: - -##### 1. Create a Google Cloud Platform Account - -If you don't have a GCP account, you can create a Free Account with the link below: - -- - -##### 2. Create a GCS bucket with a unique name - -You need to create a GCS bucket with a unique name, which you can do by following the guide below: - -- - -##### 3. Create a GCP Service Account - -In order for the backup job to upload Jenkins data to the GCS bucket, you need to provide it with a Google Service Account, which you can create by following the guide below: - -- - -##### 4. Bind `roles/storage.admin` role to Service Account - -Now you need to provide your GCP Service Account with the `roles/storage.admin` role, which has permissions to read/write content to a GCS bucket. You can do this by following the guide below: - -- - -##### 5. Create a Service Account Key - -Now that you have a Service Account (SA), you need to create a Service Account Key, which is a file that represents the GCP Service Account that will get passed to the Backup Job (and later on to the Recovery Job). You can create it by following the guide below: - -- - -##### 6. Create a Kubernetes Secret from the Service Account key - -In order for the Backup Job to access the GCP Service Account Key you need to create Kubernetes Secret, which you can create using the command below: - -```bash -# Replace with the path to the SA Key -kubectl -n jenkins create secret generic jenkinsgcp --from-file=sa-credentials.json=/path/to/sa_key.json -``` - -**NOTE**: This assumes that you will deploy the Jenkins chart in the `jenkins` namespace. - -##### 7. Deploy the Jenkins Helm Chart using a modified values file - -Rather than using a long command to pass on all the new Chart values, create a values file called `values.yaml`, then put the following content on it, then save it: - -```yaml -backup: - enabled: true - schedule: "0 2 * * *" # Runs every day at 2 am, change it to whatever interval works for you - existingSecret: - jenkinsgcp: # This is the secret name - gcpcredentials: sa-credentials.json # The service account file in the secret - destination: "gcs://BUCKET_NAME/jenkins-k8s-backup" # Replace with Bucket Name from previous step -controller: - initializeOnce: true # Installs latest plugins as soon as Jenkins starts - installLatestPlugins: true -persistence: - enabled: true # So that we have a PVC that we can backup -``` - -**NOTE**: The [`gcpcredentials`](https://github.com/fabiogomezdiaz/helm-charts-1/blob/main/charts/jenkins/values.yaml#L829) key in the [`jenkinsgcp`](https://github.com/fabiogomezdiaz/helm-charts-1/blob/main/charts/jenkins/values.yaml#L827) field tells the Helm chart that we will be using a GCS bucket as our backup. - -##### 8. Deploy Jenkins Chart with new values - -Now that we have everything in place, let's deploy the Jenkins Chart with the new values file: - -```bash -helm upgrade --install jenkins --namespace jenkins \ - -f values.yaml \ - jenkinsci/jenkins; -``` - -**NOTE**: Save the password from this installation as it will be needed in the [Restore from Backup in Google Cloud Storage Bucket](#example-restore-from-backup-in-google-cloud-storage-bucket) section. - -##### 9. Create resources to backup in Jenkins - -Once Jenkins is available, go to Jenkins and create jobs, download plugins, and create credentials so that we have something to backup other than the default Jenkins installation. - -##### 10. Trigger the backup job - -The values file we used to deploy Jenkins runs the backup job every day at 2 AM. - -If you don't want to wait that long for the job to start running, then patch the CronJob to run in the next minute with the following commands: - -```bash -# Update CronJob to run every minute -kubectl -n jenkins patch cronjob.batch/jenkins-backup --patch '{"spec": {"schedule": "* * * * *"}}' - -# Run this command until the "jenkins-backup-*" container is running -kubectl get pods | grep backup; - -# To prevent multiple jobs from spanning every minute, change the CronJob back to original schedule -kubectl -n jenkins patch cronjob.batch/jenkins-backup --patch '{"spec": {"schedule": "0 2 * * *"}}' -``` - -##### 11. Verify that the backup job completed successfully - -Once the job is running, then query the backup pod logs to monitor progress as follows: - -```bash -# Get backup container name -BACKUP_CONTAINER=$(kubectl get pods | grep backup | awk '{print $1}'); - -# Stream logs of backup container until job is finished -kubectl logs -f ${BACKUP_CONTAINER}; -``` - -**NOTE**: The backup job will create a time-stamped folder in the GCS bucket each time the backup job runs. - -If you can see a success message from the backup job and can see the contents of the backup on your GCS bucket, then the backup was successful! - -A similar process would work for AWS S3. See additional `backup` values using [configuration commands](#configuration). - -**NOTE**: If an environmental variable `AWS_REGION` is not provided, the region of the AWS S3 bucket will be assumed to be `eu-central-1`. If you want to use an S3 bucket in another region, you need to provide the bucket's region as an environmental variable as below: - -```yaml -backup: - env: # The region of your S3 bucket. - - name: AWS_REGION - value: us-east-1 -``` - -### Restore From Backup - -To restore a backup, you can use the `kube-tasks` underlying tool called [skbn](https://github.com/maorfr/skbn), which copies files from cloud storage to Kubernetes. -The best way to do it would be using a `Job` to copy files from the desired backup tag to the Jenkins pod. - -See the following example for more details. - -#### Example: Restore from Backup in Google Cloud Storage Bucket - -**NOTE**: This section assumes that you ran the steps in [Example: Backup to Google Cloud Storage Bucket](#example-backup-to-google-cloud-storage-bucket) beforehand and that you **saved the password** for that Jenkins installation, which you will need at the end of this section. - -Let's pretend you are restoring a backup from a Google Cloud Storage Bucket because you completely lost your Jenkins installation and you are starting from scratch. - -In the following steps, we will explain what this process would look like: - -##### 1. Reinstall the Jenkins Helm Chart - -First, we need to remove the old Jenkins installation that we backed up previously, then we can install a clean Jenkins instance to restore from GCS backup. - -To do so, run the following commands: - -```bash -# Delete old Jenkins installation -helm delete jenkins - -# Install Jenkins Chart -helm upgrade --install jenkins --namespace jenkins \ - -f values.yaml \ - jenkinsci/jenkins; -``` - -**NOTE**: This Command uses the same values file that was created in the [7. Deploy the Jenkins Helm Chart using a modified values file](#7-deploy-the-jenkins-helm-chart-using-a-modified-values-file) section. - -Now verify that Jenkins is up and running and it DOES NOT have any of the resources you created earlier. - -##### 2. Create a Kubernetes Service Account for the Restore Job - -In order for the Restore job to pull backup data from the GCS bucket and put it in the jenkins `/var/jenkins_home` folder in the Jenkins pod, you need to create the following: - -- A [Kubernetes Service Account](https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/) (not to be confused with a GCP Service Account) for the Restore job. -- A [Kubernetes ClusterRole](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole) that lists the necessary permissions to update the data in the volumes of other pods. -- A [Kubernetes ClusterRoleBinding](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#rolebinding-and-clusterrolebinding) that binds the above ClusterRole to the Service Account. - -To do so, create a file called `restore-rbac.yaml` and enter the following content, then save it: - -```yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: skbn - name: skbn - namespace: jenkins ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: skbn - name: skbn -rules: -- apiGroups: [""] - resources: ["pods", "pods/log"] - verbs: ["get", "list"] -- apiGroups: [""] - resources: ["pods/exec"] - verbs: ["create"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app: skbn - name: skbn -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: skbn -subjects: -- kind: ServiceAccount - name: skbn - namespace: jenkins -``` - -To apply the above manifest, run the following command: - -```bash -kubectl apply -f restore-rbac.yaml -``` - -##### 3. Create a Kubernetes Job to restore Jenkins - -The logic that will execute the Jenkins restoration from a GCS backup will be done through a -[Kubernetes Job](https://kubernetes.io/docs/concepts/workloads/controllers/job/), which will run only once as needed. - -To create the job, create a manifest file called `restore.yaml` with the following content, then save it: - -```yaml -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app: skbn - name: skbn - namespace: jenkins -spec: - template: - metadata: - labels: - app: skbn - spec: - restartPolicy: OnFailure - serviceAccountName: skbn - containers: - - name: skbn - image: maorfr/skbn - command: ["skbn"] - args: - - "cp" - - "--src" - - "gcs://BUCKET_NAME/jenkins-k8s-backup/BACKUP_NAME" - - "--dst" - - "k8s://jenkins/jenkins-0/jenkins/var/jenkins_home" - imagePullPolicy: IfNotPresent - env: - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/run/secrets/jenkinsgcp/sa-credentials.json - volumeMounts: - - mountPath: /var/run/secrets/jenkinsgcp - name: jenkinsgcp - volumes: - - name: jenkinsgcp - secret: - secretName: jenkinsgcp -``` - -While the above Job manifest is mostly complete, you need to replace a couple of things, as follows: - -- Replace `BUCKET_NAME` with the GCS Bucket name created in [Create a GCS bucket with a unique name](#2-create-a-gcs-bucket-with-a-unique-name). -- Go to your GCS bucket and find the name of the latest timestamped folder (i.e. `20210717154947`), then replace `BACKUP_NAME` with it, then save the file. - -Notice that we are using the `jenkinsgcp` Kubernetes Secret that holds the `sa-credentials.json` key file for the GCP Service Account that we created in [Create a Service Account Key](#5-create-a-service-account-key). - -Having the Kubernetes Secret provide the GCP Service Account Key to the Restore Kubernetes Job is what will allow the Job to download the contents of the backup from the GCS bucket and put it into the `/var/jenkins_home` folder in the Persistent Volume Claim of the `jenkins-0` pod. - -##### 4. Deploy the Restore Job - -Deploy the Restore Job using the following command: - -```bash -kubectl apply -f restore.yaml -``` - -Wait about a minute for the Job to start, then query the logs using the following commands: - -```bash -# Get restore container name -RESTORE_CONTAINER=$(kubectl get pods | grep skbn | awk '{print $1}'); - -# Stream logs of restore container until job is finished -kubectl logs -f ${RESTORE_CONTAINER}; -``` - -Watch the logs until the job is done. This usually takes a few minutes. - -##### 5. Verify that Jenkins was restored from GCS Backup - -Login to Jenkins, then click on `Manage Jenkins-> Reload Configuration from Disk`, then press `OK`. - -Jenkins is now going to reload the backup content from disk and restart. Now, if you performed this on a new Jenkins installation, you will **not be able to login** using the password for the new installation of Jenkins. - -Because we are restoring from the backup of a previous installation, we need to login using the password for the old Jenkins installation. - -So, refresh your browser and login to Jenkins using the password from the backup. - -Now, verify that all your jobs, plugins, and credentials from that backup are showing up, and if they are, then CONGRATULATIONS on successfully restoring Jenkins from a GCS Backup! - -A similar process would work for AWS S3. See additional `backup` values using [configuration commands](#configuration) to figure out how what fields to put in the Restore Job manifest. - ### Adding Custom Pod Templates It is possible to add custom pod templates for the default configured kubernetes cloud. @@ -1012,116 +703,4 @@ Upgrade an existing release from `stable/jenkins` to `jenkins/jenkins` seamlessl Chart release versions follow [SemVer](../../CONTRIBUTING.md#versioning), where a MAJOR version change (example `1.0.0` -> `2.0.0`) indicates an incompatible breaking change needing manual actions. -### To 3.0.0 - -* Check `securityRealm` and `authorizationStrategy` and adjust it. - Otherwise, your configured users and permissions will be overridden. -* You need to use helm version 3 as the `Chart.yaml` uses `apiVersion: v2`. -* All XML configuration options have been removed. - In case those are still in use you need to migrate to configuration as code. - Upgrade guide to 2.0.0 contains pointers how to do that. -* Jenkins is now using a `StatefulSet` instead of a `Deployment` -* terminology has been adjusted that's also reflected in values.yaml - The following values from `values.yaml` have been renamed: - - * `master` => `controller` - * `master.useSecurity` => `controller.adminSecret` - * `master.slaveListenerPort` => `controller.agentListenerPort` - * `master.slaveHostPort` => `controller.agentListenerHostPort` - * `master.slaveKubernetesNamespace` => `agent.namespace` - * `master.slaveDefaultsProviderTemplate` => `agent.defaultsProviderTemplate` - * `master.slaveJenkinsUrl` => `agent.jenkinsUrl` - * `master.slaveJenkinsTunnel` => `agent.jenkinsTunnel` - * `master.slaveConnectTimeout` => `agent.kubernetesConnectTimeout` - * `master.slaveReadTimeout` => `agent.kubernetesReadTimeout` - * `master.slaveListenerServiceAnnotations` => `controller.agentListenerServiceAnnotations` - * `master.slaveListenerServiceType` => `controller.agentListenerServiceType` - * `master.slaveListenerLoadBalancerIP` => `controller.agentListenerLoadBalancerIP` - * `agent.slaveConnectTimeout` => `agent.connectTimeout` -* Removed values: - - * `master.imageTag`: use `controller.image` and `controller.tag` instead - * `slave.imageTag`: use `agent.image` and `agent.tag` instead - -### To 2.0.0 - -Configuration as Code is now default + container does not run as root anymore. - -#### Configuration as Code new default - -Configuration is done via [Jenkins Configuration as Code Plugin](https://github.com/jenkinsci/configuration-as-code-plugin) by default. -That means that changes in values which result in a configuration change are always applied. -In contrast, the XML configuration was only applied during the first start and never altered. - -:exclamation::exclamation::exclamation: -Attention: -This also means if you manually altered configuration then this will most likely be reset to what was configured by default. -It also applies to `securityRealm` and `authorizationStrategy` as they are also configured using configuration as code. -:exclamation::exclamation::exclamation: - -#### Image does not run as root anymore - -It's not recommended to run containers in Kubernetes as `root`. - -❗Attention: If you had not configured a different user before then you need to ensure that your image supports the user and group ID configured and also manually change permissions of all files so that Jenkins is still able to use them. - -#### Summary of updated values - -As version 2.0.0 only updates default values and nothing else it's still possible to migrate to this version and opt out of some or all new defaults. -All you have to do is ensure the old values are set in your installation. - -Here we show which values have changed and the previous default values: - -```yaml -controller: - runAsUser: 1000 # was unset before - fsGroup: 1000 # was unset before - JCasC: - enabled: true # was false - defaultConfig: true # was false - sidecars: - configAutoReload: - enabled: true # was false -``` - -#### Migration steps - -Migration instructions heavily depend on your current setup. -So think of the list below more as a general guideline of what should be done. - -- Ensure that the Jenkins image you are using contains a user with ID 1000 and a group with the same ID. - That's the case for `jenkins/jenkins:lts` image, which the chart uses by default -- Make a backup of your existing installation especially the persistent volume -- Ensure that you have the configuration as code plugin installed -- Export your current settings via the plugin: - `Manage Jenkins` -> `Configuration as Code` -> `Download Configuration` -- prepare your values file for the update e.g. add additional configuration as code setting that you need. - The export taken from above might be a good starting point for this. - In addition, the [demos](https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos) from the plugin itself are quite useful. -- Test drive those setting on a separate installation -- Put Jenkins to Quiet Down mode so that it does not accept new jobs - `/quietDown` -- Change permissions of all files and folders to the new user and group id: - - ```console - kubectl exec -it -c jenkins /bin/bash - chown -R 1000:1000 /var/jenkins_home - ``` - -- Update Jenkins - -### To 1.0.0 - -Breaking changes: - -- Values have been renamed to follow [helm recommended naming conventions](https://helm.sh/docs/chart_best_practices/#naming-conventions) so that all variables start with a lowercase letter and words are separated with camelcase -- All resources are now using [helm recommended standard labels](https://helm.sh/docs/chart_best_practices/#standard-labels) - -As a result of the label changes also the selectors of the deployment have been updated. -Those are immutable so trying an updated will cause an error like: - -```console -Error: Deployment.apps "jenkins" is invalid: spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"app.kubernetes.io/component":"jenkins-controller", "app.kubernetes.io/instance":"jenkins"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable -``` - -In order to upgrade, [uninstall](#uninstall-chart) the Jenkins Deployment before upgrading: +See [UPGRADING.md](./UPGRADING.md) for a list of breaking changes diff --git a/charts/jenkins/UPGRADING.md b/charts/jenkins/UPGRADING.md new file mode 100644 index 000000000..41e424dbd --- /dev/null +++ b/charts/jenkins/UPGRADING.md @@ -0,0 +1,148 @@ +# Upgrade Notes + +## To 5.0.0 +- `controller.image`, `controller.tag`, and `controller.tagLabel` have been removed. If you want to overwrite the image you now need to configure any or all of: + - `controller.image.registry` + - `controller.image.repository` + - `controller.image.tag` + - `controller.image.tagLabel` +- `controller.imagePullPolicy` has been removed. If you want to overwrite the pull policy you now need to configure `controller.image.pullPolicy`. +- `controller.sidecars.configAutoReload.image` has been removed. If you want to overwrite the configAutoReload image you now need to configure any or all of: + - `controller.sidecars.configAutoReload.image.registry` + - `controller.sidecars.configAutoReload.image.repository` + - `controller.sidecars.configAutoReload.image.tag` +- `controller.sidecars.other` has been renamed to `controller.sidecars.additionalSidecarContainers`. +- `agent.image` and `agent.tag` have been removed. If you want to overwrite the agent image you now need to configure any or all of: + - `agent.image.repository` + - `agent.image.tag` + - The registry can still be overwritten by `agent.jnlpregistry` +- `agent.additionalContainers[*].image` has been renamed to `agent.additionalContainers[*].image.repository` +- `agent.additionalContainers[*].tag` has been renamed to `agent.additionalContainers[*].image.tag` +- `additionalAgents.*.image` has been renamed to `additionalAgents.*.image.repository` +- `additionalAgents.*.tag` has been renamed to `additionalAgents.*.image.tag` +- `additionalClouds.*.additionalAgents.*.image` has been renamed to `additionalClouds.*.additionalAgents.*.image.repository` +- `additionalClouds.*.additionalAgents.*.tag` has been renamed to `additionalClouds.*.additionalAgents.*.image.tag` +- `helmtest.bats.image` has been split up to: + - `helmtest.bats.image.registry` + - `helmtest.bats.image.repository` + - `helmtest.bats.image.tag` +- `controller.adminUsername` and `controller.adminPassword` have been renamed to `controller.admin.username` and `controller.admin.password` respectively +- `controller.adminSecret` has been renamed to `controller.admin.createSecret` +- `backup.*` was unmaintained and has thus been removed. See the following page for alternatives: [Kubernetes Backup and Migrations](https://nubenetes.com/kubernetes-backup-migrations/). + +## To 4.0.0 +Removes automatic `remotingSecurity` setting when using a container tag older than `2.326` (introduced in [`3.11.7`](./CHANGELOG.md#3117)). If you're using a version older than `2.326`, you should explicitly set `.controller.legacyRemotingSecurityEnabled` to `true`. + +## To 3.0.0 + +* Check `securityRealm` and `authorizationStrategy` and adjust it. + Otherwise, your configured users and permissions will be overridden. +* You need to use helm version 3 as the `Chart.yaml` uses `apiVersion: v2`. +* All XML configuration options have been removed. + In case those are still in use you need to migrate to configuration as code. + Upgrade guide to 2.0.0 contains pointers how to do that. +* Jenkins is now using a `StatefulSet` instead of a `Deployment` +* terminology has been adjusted that's also reflected in values.yaml + The following values from `values.yaml` have been renamed: + + * `master` => `controller` + * `master.useSecurity` => `controller.adminSecret` + * `master.slaveListenerPort` => `controller.agentListenerPort` + * `master.slaveHostPort` => `controller.agentListenerHostPort` + * `master.slaveKubernetesNamespace` => `agent.namespace` + * `master.slaveDefaultsProviderTemplate` => `agent.defaultsProviderTemplate` + * `master.slaveJenkinsUrl` => `agent.jenkinsUrl` + * `master.slaveJenkinsTunnel` => `agent.jenkinsTunnel` + * `master.slaveConnectTimeout` => `agent.kubernetesConnectTimeout` + * `master.slaveReadTimeout` => `agent.kubernetesReadTimeout` + * `master.slaveListenerServiceAnnotations` => `controller.agentListenerServiceAnnotations` + * `master.slaveListenerServiceType` => `controller.agentListenerServiceType` + * `master.slaveListenerLoadBalancerIP` => `controller.agentListenerLoadBalancerIP` + * `agent.slaveConnectTimeout` => `agent.connectTimeout` +* Removed values: + + * `master.imageTag`: use `controller.image` and `controller.tag` instead + * `slave.imageTag`: use `agent.image` and `agent.tag` instead + +## To 2.0.0 + +Configuration as Code is now default + container does not run as root anymore. + +### Configuration as Code new default + +Configuration is done via [Jenkins Configuration as Code Plugin](https://github.com/jenkinsci/configuration-as-code-plugin) by default. +That means that changes in values which result in a configuration change are always applied. +In contrast, the XML configuration was only applied during the first start and never altered. + +:exclamation::exclamation::exclamation: +Attention: +This also means if you manually altered configuration then this will most likely be reset to what was configured by default. +It also applies to `securityRealm` and `authorizationStrategy` as they are also configured using configuration as code. +:exclamation::exclamation::exclamation: + +### Image does not run as root anymore + +It's not recommended to run containers in Kubernetes as `root`. + +❗Attention: If you had not configured a different user before then you need to ensure that your image supports the user and group ID configured and also manually change permissions of all files so that Jenkins is still able to use them. + +### Summary of updated values + +As version 2.0.0 only updates default values and nothing else it's still possible to migrate to this version and opt out of some or all new defaults. +All you have to do is ensure the old values are set in your installation. + +Here we show which values have changed and the previous default values: + +```yaml +controller: + runAsUser: 1000 # was unset before + fsGroup: 1000 # was unset before + JCasC: + enabled: true # was false + defaultConfig: true # was false + sidecars: + configAutoReload: + enabled: true # was false +``` + +### Migration steps + +Migration instructions heavily depend on your current setup. +So think of the list below more as a general guideline of what should be done. + +- Ensure that the Jenkins image you are using contains a user with ID 1000 and a group with the same ID. + That's the case for `jenkins/jenkins:lts` image, which the chart uses by default +- Make a backup of your existing installation especially the persistent volume +- Ensure that you have the configuration as code plugin installed +- Export your current settings via the plugin: + `Manage Jenkins` -> `Configuration as Code` -> `Download Configuration` +- prepare your values file for the update e.g. add additional configuration as code setting that you need. + The export taken from above might be a good starting point for this. + In addition, the [demos](https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos) from the plugin itself are quite useful. +- Test drive those setting on a separate installation +- Put Jenkins to Quiet Down mode so that it does not accept new jobs + `/quietDown` +- Change permissions of all files and folders to the new user and group id: + + ```console + kubectl exec -it -c jenkins /bin/bash + chown -R 1000:1000 /var/jenkins_home + ``` + +- Update Jenkins + +## To 1.0.0 + +Breaking changes: + +- Values have been renamed to follow [helm recommended naming conventions](https://helm.sh/docs/chart_best_practices/#naming-conventions) so that all variables start with a lowercase letter and words are separated with camelcase +- All resources are now using [helm recommended standard labels](https://helm.sh/docs/chart_best_practices/#standard-labels) + +As a result of the label changes also the selectors of the deployment have been updated. +Those are immutable so trying an updated will cause an error like: + +```console +Error: Deployment.apps "jenkins" is invalid: spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"app.kubernetes.io/component":"jenkins-controller", "app.kubernetes.io/instance":"jenkins"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable +``` + +In order to upgrade, [uninstall](./README.md#uninstall-chart) the Jenkins Deployment before upgrading: diff --git a/charts/jenkins/VALUES_SUMMARY.md b/charts/jenkins/VALUES_SUMMARY.md index 11671ee2f..2c60937cc 100644 --- a/charts/jenkins/VALUES_SUMMARY.md +++ b/charts/jenkins/VALUES_SUMMARY.md @@ -31,7 +31,9 @@ The following tables list the configurable parameters of the Jenkins chart and t | `controller.JCasC.authorizationStrategy` | Jenkins Config as Code for Authorization Strategy | `loggedInUsersCanDoAnything` | | `controller.sidecars.configAutoReload` | Jenkins Config as Code auto-reload settings | | | `controller.sidecars.configAutoReload.enabled` | Jenkins Config as Code auto-reload settings (Attention: rbac needs to be enabled otherwise the sidecar can't read the config map) | `true` | -| `controller.sidecars.configAutoReload.image` | Image which triggers the reload | `kiwigrid/k8s-sidecar:1.24.4` | +| `controller.sidecars.configAutoReload.image.registry` | Registry for the image which triggers the reload | `docker.io` | +| `controller.sidecars.configAutoReload.image.repository` | Image which triggers the reload | `kiwigrid/k8s-sidecar` | +| `controller.sidecars.configAutoReload.image.tag` | Tag for the image which triggers the reload | `1.24.4` | | `controller.sidecars.configAutoReload.reqRetryConnect` | How many connection-related errors to retry on | `10` | | `controller.sidecars.configAutoReload.sleepTime` | How many seconds to wait before updating config-maps/secrets (sets METHOD=SLEEP on the sidecar) | Not set | | `controller.sidecars.configAutoReload.envFrom` | Environment variable sources for the Jenkins Config as Code auto-reload container | Not set | @@ -109,10 +111,11 @@ The following tables list the configurable parameters of the Jenkins chart and t | Parameter | Description | Default | |--------------------------------------------|------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------| -| `controller.image` | Controller image name | `jenkins/jenkins` | -| `controller.tagLabel` | Controller image tag label | `jdk17` | -| `controller.tag` | Controller image tag override | Not set | -| `controller.imagePullPolicy` | Controller image pull policy | `Always` | +| `controller.image.registry` | Controller image registry | `docker.io` | +| `controller.image.repository` | Controller image name | `jenkins/jenkins` | +| `controller.image.tagLabel` | Controller image tag label | `jdk17` | +| `controller.image.tag` | Controller image tag override | Not set | +| `controller.image.pullPolicy` | Controller image pull policy | `Always` | | `controller.imagePullSecretName` | Controller image pull secret | Not set | | `controller.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 50m, memory: 256Mi}, limits: {cpu: 2000m, memory: 4096Mi}}` | | `controller.initContainerResources` | Resources allocation (Requests and Limits) for Init Container | Not set | @@ -255,9 +258,9 @@ The following tables list the configurable parameters of the Jenkins chart and t | Parameter | Description | Default | |----------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------| -| `controller.adminUser` | Admin username (and password) created as a secret if adminSecret is true | `admin` | -| `controller.adminPassword` | Admin password (and user) created as a secret if adminSecret is true | Random value | -| `controller.existingSecret` | The name of an existing secret containing keys credentials. | `""` | +| `controller.admin.username` | Admin username (and password) created as a secret if `controller.admin.createSecret` is true | `admin` | +| `controller.admin.password` | Admin password (and user) created as a secret if `controller.admin.createSecret` is true | Random value | +| `controller.admin.existingSecret` | The name of an existing secret containing keys credentials. | `""` | | `controller.additionalSecrets` | List of additional secrets to create and mount according to [JCasC docs](https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/secrets.adoc#kubernetes-secrets) | `[]` | | `controller.additionalExistingSecrets` | List of additional existing secrets to mount according to [JCasC docs](https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/secrets.adoc#kubernetes-secrets) | `[]` | | `controller.secretClaims` | List of `SecretClaim` resources to create | `[]` | @@ -341,20 +344,21 @@ The following tables list the configurable parameters of the Jenkins chart and t #### Side Container Configuration -| Parameter | Description | Default | -|---------------------------|------------------------------------------------|------------------------------------------------------------------------------| -| `agent.sideContainerName` | Side container name in agent | jnlp | -| `agent.image` | Agent image name | `jenkins/inbound-agent` | -| `agent.tag` | Agent image tag | `3192.v713e3b_039fb_e-5` | -| `agent.alwaysPullImage` | Always pull agent container image before build | `false` | -| `agent.privileged` | Agent privileged container | `false` | -| `agent.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 512m, memory: 512Mi}, limits: {cpu: 512m, memory: 512Mi}}` | -| `agent.runAsUser` | Configure container user | Not set | -| `agent.runAsGroup` | Configure container group | Not set | -| `agent.command` | Executed command when side container starts | Not set | -| `agent.args` | Arguments passed to executed command | `${computer.jnlpmac} ${computer.name}` | -| `agent.TTYEnabled` | Allocate pseudo tty to the side container | false | -| `agent.workingDir` | Configure working directory for default agent | `/home/jenkins/agent` | +| Parameter | Description | Default | +|---------------------------| ----------------------------------------------- |--------------------------------------------------------------------------------| +| `agent.sideContainerName` | Side container name in agent | jnlp | +| `agent.image.repository` | Agent image name | `jenkins/inbound-agent` | +| `agent.image.tag` | Agent image tag | `3192.v713e3b_039fb_e-5` | +| `agent.alwaysPullImage` | Always pull agent container image before build | `false` | +| `agent.privileged` | Agent privileged container | `false` | +| `agent.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 512m, memory: 512Mi}, limits: {cpu: 512m, memory: 512Mi}}` | +| `agent.runAsUser` | Configure container user | Not set | +| `agent.runAsGroup` | Configure container group | Not set | +| `agent.command` | Executed command when side container starts | Not set | +| `agent.args` | Arguments passed to executed command | `${computer.jnlpmac} ${computer.name}` | +| `agent.TTYEnabled` | Allocate pseudo tty to the side container | false | +| `agent.workingDir` | Configure working directory for default agent | `/home/jenkins/agent` | + #### Other @@ -380,42 +384,10 @@ The following tables list the configurable parameters of the Jenkins chart and t | `persistence.volumes` | Additional volumes | `nil` | | `persistence.mounts` | Additional mounts | `nil` | -### Backup - -| Parameter | Description | Default | -|--------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|----------------------------| -| `backup.enabled` | Enable the use of a backup CronJob | `false` | -| `backup.schedule` | Schedule to run jobs | `0 2 * * *` | -| `backup.labels` | Backup pod labels | `{}` | -| `backup.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `backup.serviceAccount.name` | name of the backup ServiceAccount | autogenerated | -| `backup.serviceAccount.annotations` | Backup pod annotations | `{}` | -| `backup.image.repo` | Backup image repository | `maorfr/kube-tasks` | -| `backup.image.tag` | Backup image tag | `0.2.0` | -| `backup.image.imagePullSecretName` | Backup image pull secret | Not set | -| `backup.extraArgs` | Additional arguments for kube-tasks | `[]` | -| `backup.existingSecret` | Environment variables to add to the cronjob container | `{}` | -| `backup.existingSecret.*` | Specify the secret name containing the AWS or GCP credentials | `jenkinsaws` | -| `backup.existingSecret.*.awsaccesskey` | `secretKeyRef.key` used for `AWS_ACCESS_KEY_ID` | `jenkins_aws_access_key` | -| `backup.existingSecret.*.awssecretkey` | `secretKeyRef.key` used for `AWS_SECRET_ACCESS_KEY` | `jenkins_aws_secret_key` | -| `backup.existingSecret.*.azstorageaccount` | `secretKeyRef.key` used for `AZURE_STORAGE_ACCOUNT` | `""` | -| `backup.existingSecret.*.azstoragekey` | `secretKeyRef.key` used for `AZURE_STORAGE_ACCESS_KEY` | `""` | -| `backup.existingSecret.*.gcpcredentials` | Mounts secret as volume and sets `GOOGLE_APPLICATION_CREDENTIALS` | `credentials.json` | -| `backup.env` | Backup environment variables | `[]` | -| `backup.resources` | Backup CPU/Memory resource requests/limits | Memory: `1Gi`, CPU: `1` | -| `backup.destination` | Destination to store backup artifacts | `s3://jenkins-data/backup` | -| `backup.onlyJobs` | Only backup the job folder | `false` | -| `backup.usePodSecurityContext` | Enable backup pod's security context (must be `true` if `runAsUser`, `fsGroup`, or `podSecurityContextOverride` are set) | `true` | -| `backup.runAsUser` | Deprecated in favor of `backup.podSecurityContextOverride`. uid that jenkins runs with. | `1000` | -| `backup.fsGroup` | Deprecated in favor of `backup.podSecurityContextOverride`. uid that will be used for persistent volume. | `1000` | -| `backup.podSecurityContextOverride` | Completely overwrites the contents of the backup pod's security context, ignoring the values provided for `runAsUser`, and `fsGroup`. | Not set | -| `cronJob.apiVersion` | CronJob API version | 'batch/v1' | -| `awsSecurityGroupPolicies.enabled` | Enable the creation of SecurityGroupPolicy resources | `false` | -| `awsSecurityGroupPolicies.policies` | Security Group Policy definitions. `awsSecurityGroupPolicies.enabled` must be `true` | Not set | - ### Helm Tests -| Parameter | Description | Default | -|-----------------------|-----------------------------------|-------------| -| `helmtest.bats.image` | Image used to test the framework | `bats/bats` | -| `helmtest.bats.tag` | Test framework image tag override | `1.2.1` | +| Parameter | Description | Default | +|----------------------------------|-------------------------------------|-------------| +| `helmtest.bats.image.registry` | Registry used to test the framework | `docker.io` | +| `helmtest.bats.image.repository` | Image used to test the framework | `bats/bats` | +| `helmtest.bats.image.tag` | Test framework image tag override | `1.2.1` | diff --git a/charts/jenkins/ci/other-values.yaml b/charts/jenkins/ci/other-values.yaml index 589998018..e9cdd95f5 100644 --- a/charts/jenkins/ci/other-values.yaml +++ b/charts/jenkins/ci/other-values.yaml @@ -56,14 +56,16 @@ agent: customJenkinsLabels: maven # An example of overriding the jnlp container # sideContainerName: jnlp - image: jenkins/jnlp-agent-maven - tag: latest + image: + repository: jenkins/jnlp-agent-maven + tag: latest python: podName: python customJenkinsLabels: python sideContainerName: python - image: python - tag: "3" + image: + repository: python + tag: "3" command: "/bin/sh -c" args: "cat" TTYEnabled: true diff --git a/charts/jenkins/templates/NOTES.txt b/charts/jenkins/templates/NOTES.txt index 0d2df0b93..953dd2606 100644 --- a/charts/jenkins/templates/NOTES.txt +++ b/charts/jenkins/templates/NOTES.txt @@ -1,6 +1,6 @@ {{- $prefix := .Values.controller.jenkinsUriPrefix | default "" -}} {{- $url := "" -}} -1. Get your '{{ .Values.controller.adminUser }}' user password by running: +1. Get your '{{ .Values.controller.admin.username }}' user password by running: kubectl exec --namespace {{ template "jenkins.namespace" . }} -it svc/{{ template "jenkins.fullname" . }} -c jenkins -- /bin/cat /run/secrets/additional/chart-admin-password && echo {{- if .Values.controller.ingress.hostName -}} {{- if .Values.controller.ingress.tls -}} @@ -43,7 +43,7 @@ {{- end }} {{- end }} -3. Login with the password from step 1 and the username: {{ .Values.controller.adminUser }} +3. Login with the password from step 1 and the username: {{ .Values.controller.admin.username }} 4. Configure security realm and authorization strategy 5. Use Jenkins Configuration as Code by specifying configScripts in your values.yaml file, see documentation: {{ $url }}/configuration-as-code and examples: https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos @@ -53,7 +53,7 @@ https://cloud.google.com/solutions/jenkins-on-container-engine For more information about Jenkins Configuration as Code, visit: https://jenkins.io/projects/jcasc/ -{{ if (eq .Values.controller.image "jenkins/jenkins") }} +{{ if and (eq .Values.controller.image.repository "jenkins/jenkins") (eq .Values.controller.image.registry "docker.io") }} NOTE: Consider using a custom image with pre-installed plugins {{- else if .Values.controller.installPlugins }} NOTE: Consider disabling `installPlugins` if your image already contains plugins. diff --git a/charts/jenkins/templates/_helpers.tpl b/charts/jenkins/templates/_helpers.tpl index 1b416c805..6ed08cab6 100644 --- a/charts/jenkins/templates/_helpers.tpl +++ b/charts/jenkins/templates/_helpers.tpl @@ -61,8 +61,8 @@ Returns the admin password https://github.com/helm/charts/issues/5167#issuecomment-619137759 */}} {{- define "jenkins.password" -}} - {{ if .Values.controller.adminPassword -}} - {{- .Values.controller.adminPassword | b64enc | quote }} + {{- if .Values.controller.admin.password -}} + {{- .Values.controller.admin.password | b64enc | quote }} {{- else -}} {{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "jenkins.fullname" .)).data -}} {{- if $secret -}} @@ -180,10 +180,10 @@ jenkins: value: {{ $val | quote }} {{- end }} templates: - {{- if not .Values.agent.disableDefaultAgent }} + {{- if not .Values.agent.disableDefaultAgent }} {{- include "jenkins.casc.podTemplate" . | nindent 8 }} - {{- end }} - {{- if .Values.additionalAgents }} + {{- end }} + {{- if .Values.additionalAgents }} {{- /* save .Values.agent */}} {{- $agent := .Values.agent }} {{- range $name, $additionalAgent := .Values.additionalAgents }} @@ -200,11 +200,11 @@ jenkins: {{- end }} {{- /* restore .Values.agent */}} {{- $_ := set .Values "agent" $agent }} - {{- end }} + {{- end }} {{- if .Values.agent.podTemplates }} - {{- range $key, $val := .Values.agent.podTemplates }} - {{- tpl $val $ | nindent 8 }} - {{- end }} + {{- range $key, $val := .Values.agent.podTemplates }} + {{- tpl $val $ | nindent 8 }} + {{- end }} {{- end }} {{- end }} {{- if .Values.additionalClouds }} @@ -284,8 +284,8 @@ jenkins: {{- /* restore .Values.agent */}} {{- $_ := set .Values "agent" $agent }} {{- end }} - {{- if .Values.agent.podTemplates }} - {{- range $key, $val := .Values.agent.podTemplates }} + {{- with .Values.agent.podTemplates }} + {{- range $key, $val := . }} {{- tpl $val $ | nindent 8 }} {{- end }} {{- end }} @@ -301,16 +301,18 @@ jenkins: excludeClientIPFromCrumb: {{ if .Values.controller.csrf.defaultCrumbIssuer.proxyCompatability }}true{{ else }}false{{- end }} {{- end }} {{- include "jenkins.casc.security" . }} -{{- if .Values.controller.scriptApproval }} +{{- with .Values.controller.scriptApproval }} scriptApproval: approvedSignatures: -{{- range $key, $val := .Values.controller.scriptApproval }} + {{- range $key, $val := . }} - "{{ $val }}" -{{- end }} + {{- end }} {{- end }} unclassified: location: - adminAddress: {{ default "" .Values.controller.jenkinsAdminEmail }} + {{- with .Values.controller.jenkinsAdminEmail }} + adminAddress: {{ . }} + {{- end }} url: {{ template "jenkins.url" . }} {{- end -}} @@ -342,7 +344,9 @@ Returns kubernetes pod template configuration as code - name: "{{ .Values.agent.sideContainerName }}" alwaysPullImage: {{ .Values.agent.alwaysPullImage }} args: "{{ .Values.agent.args | replace "$" "^$" }}" - command: {{ .Values.agent.command }} + {{- with .Values.agent.command }} + command: {{ . }} + {{- end }} envVars: - envVar: {{- if .Values.agent.directConnection }} @@ -360,7 +364,7 @@ Returns kubernetes pod template configuration as code value: "http://{{ template "jenkins.fullname" . }}.{{ template "jenkins.namespace" . }}.svc.{{.Values.clusterZone}}:{{.Values.controller.servicePort}}{{ default "/" .Values.controller.jenkinsUriPrefix }}" {{- end }} {{- end }} - image: "{{ .Values.agent.image }}:{{ .Values.agent.tag }}" + image: "{{ .Values.agent.image.repository }}:{{ .Values.agent.image.tag }}" {{- if .Values.agent.livenessProbe }} livenessProbe: execArgs: {{.Values.agent.livenessProbe.execArgs | quote}} @@ -373,23 +377,29 @@ Returns kubernetes pod template configuration as code privileged: "{{- if .Values.agent.privileged }}true{{- else }}false{{- end }}" resourceLimitCpu: {{.Values.agent.resources.limits.cpu}} resourceLimitMemory: {{.Values.agent.resources.limits.memory}} - {{- if .Values.agent.resources.limits.ephemeralStorage }} - resourceLimitEphemeralStorage: {{.Values.agent.resources.limits.ephemeralStorage}} + {{- with .Values.agent.resources.limits.ephemeralStorage }} + resourceLimitEphemeralStorage: {{.}} {{- end }} resourceRequestCpu: {{.Values.agent.resources.requests.cpu}} resourceRequestMemory: {{.Values.agent.resources.requests.memory}} - {{- if .Values.agent.resources.requests.ephemeralStorage }} - resourceRequestEphemeralStorage: {{.Values.agent.resources.requests.ephemeralStorage}} + {{- with .Values.agent.resources.requests.ephemeralStorage }} + resourceRequestEphemeralStorage: {{.}} + {{- end }} + {{- with .Values.agent.runAsUser }} + runAsUser: {{ . }} + {{- end }} + {{- with .Values.agent.runAsGroup }} + runAsGroup: {{ . }} {{- end }} - runAsUser: {{ .Values.agent.runAsUser }} - runAsGroup: {{ .Values.agent.runAsGroup }} ttyEnabled: {{ .Values.agent.TTYEnabled }} workingDir: {{ .Values.agent.workingDir }} {{- range $additionalContainers := .Values.agent.additionalContainers }} - name: "{{ $additionalContainers.sideContainerName }}" alwaysPullImage: {{ $additionalContainers.alwaysPullImage | default $.Values.agent.alwaysPullImage }} args: "{{ $additionalContainers.args | replace "$" "^$" }}" - command: {{ $additionalContainers.command }} + {{- with $additionalContainers.command }} + command: {{ . }} + {{- end }} envVars: - envVar: key: "JENKINS_URL" @@ -398,7 +408,7 @@ Returns kubernetes pod template configuration as code {{- else }} value: "http://{{ template "jenkins.fullname" $ }}.{{ template "jenkins.namespace" $ }}.svc.{{ $.Values.clusterZone }}:{{ $.Values.controller.servicePort }}{{ default "/" $.Values.controller.jenkinsUriPrefix }}" {{- end }} - image: "{{ $additionalContainers.image }}:{{ $additionalContainers.tag }}" + image: "{{ $additionalContainers.image.repository }}:{{ $additionalContainers.image.tag }}" {{- if $additionalContainers.livenessProbe }} livenessProbe: execArgs: {{$additionalContainers.livenessProbe.execArgs | quote}} @@ -413,8 +423,12 @@ Returns kubernetes pod template configuration as code resourceLimitMemory: {{ if $additionalContainers.resources }}{{ $additionalContainers.resources.limits.memory }}{{ else }}{{ $.Values.agent.resources.limits.memory }}{{ end }} resourceRequestCpu: {{ if $additionalContainers.resources }}{{ $additionalContainers.resources.requests.cpu }}{{ else }}{{ $.Values.agent.resources.requests.cpu }}{{ end }} resourceRequestMemory: {{ if $additionalContainers.resources }}{{ $additionalContainers.resources.requests.memory }}{{ else }}{{ $.Values.agent.resources.requests.memory }}{{ end }} + {{- if or $additionalContainers.runAsUser $.Values.agent.runAsUser }} runAsUser: {{ $additionalContainers.runAsUser | default $.Values.agent.runAsUser }} + {{- end }} + {{- if or $additionalContainers.runAsGroup $.Values.agent.runAsGroup }} runAsGroup: {{ $additionalContainers.runAsGroup | default $.Values.agent.runAsGroup }} + {{- end }} ttyEnabled: {{ $additionalContainers.TTYEnabled | default $.Values.agent.TTYEnabled }} workingDir: {{ $additionalContainers.workingDir | default $.Values.agent.workingDir }} {{- end }} @@ -509,7 +523,7 @@ Returns kubernetes pod template configuration as code {{- define "jenkins.kubernetes-version" -}} {{- if .Values.controller.installPlugins -}} {{- range .Values.controller.installPlugins -}} - {{ if hasPrefix "kubernetes:" . }} + {{- if hasPrefix "kubernetes:" . }} {{- $split := splitList ":" . }} {{- printf "%s" (index $split 1 ) -}} {{- end -}} @@ -548,25 +562,14 @@ Create the name of the service account for Jenkins agents to use {{- end -}} {{- end -}} -{{/* -Create the name of the service account for Jenkins backup to use -*/}} -{{- define "backup.serviceAccountBackupName" -}} -{{- if .Values.backup.serviceAccount.create -}} - {{ default (printf "%s-%s" (include "jenkins.fullname" .) "backup") .Values.backup.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.backup.serviceAccount.name }} -{{- end -}} -{{- end -}} - {{/* Create a full tag name for controller image */}} -{{- define "controller.tag" -}} -{{- if .Values.controller.tagLabel -}} - {{- default (printf "%s-%s" .Chart.AppVersion .Values.controller.tagLabel) .Values.controller.tag -}} +{{- define "controller.image.tag" -}} +{{- if .Values.controller.image.tagLabel -}} + {{- default (printf "%s-%s" .Chart.AppVersion .Values.controller.image.tagLabel) .Values.controller.image.tag -}} {{- else -}} - {{- default .Chart.AppVersion .Values.controller.tag -}} + {{- default .Chart.AppVersion .Values.controller.image.tag -}} {{- end -}} {{- end -}} @@ -586,7 +589,7 @@ Create the HTTP port for interacting with the controller {{- $containerName := index . 1 -}} {{- $containerType := index . 2 -}} - name: {{ $containerName }} - image: "{{ $root.Values.controller.sidecars.configAutoReload.image }}" + image: "{{ $root.Values.controller.sidecars.configAutoReload.image.registry }}/{{ $root.Values.controller.sidecars.configAutoReload.image.repository }}:{{ $root.Values.controller.sidecars.configAutoReload.image.tag }}" imagePullPolicy: {{ $root.Values.controller.sidecars.configAutoReload.imagePullPolicy }} {{- if $root.Values.controller.sidecars.configAutoReload.containerSecurityContext }} securityContext: {{- toYaml $root.Values.controller.sidecars.configAutoReload.containerSecurityContext | nindent 4 }} diff --git a/charts/jenkins/templates/deprecation.yaml b/charts/jenkins/templates/deprecation.yaml index 43a798de9..f54017ce4 100644 --- a/charts/jenkins/templates/deprecation.yaml +++ b/charts/jenkins/templates/deprecation.yaml @@ -4,7 +4,7 @@ {{- end }} {{- if .Values.controller.imageTag }} - {{ fail "`controller.imageTag` does no longer exist. Please use `controller.tag` instead" }} + {{ fail "`controller.imageTag` does no longer exist. Please use `controller.image.tag` instead" }} {{- end }} {{- if .Values.controller.slaveListenerPort }} @@ -112,4 +112,40 @@ {{- if .Values.controller.rollingUpdate }} {{ fail "`controller.rollingUpdate` does no longer exist. It is no longer relevant, since a StatefulSet is used for the Jenkins controller" }} {{- end }} + + {{- if .Values.controller.tag }} + {{ fail "`controller.tag` no longer exists. It has been renamed to `controller.image.tag'" }} + {{- end }} + + {{- if .Values.controller.tagLabel }} + {{ fail "`controller.tagLabel` no longer exists. It has been renamed to `controller.image.tagLabel`" }} + {{- end }} + + {{- if .Values.controller.adminSecret }} + {{ fail "`controller.adminSecret` no longer exists. It has been renamed to `controller.admin.createSecret`" }} + {{- end }} + + {{- if .Values.controller.adminUser }} + {{ fail "`controller.adminUser` no longer exists. It has been renamed to `controller.admin.username`" }} + {{- end }} + + {{- if .Values.controller.adminPassword }} + {{ fail "`controller.adminPassword` no longer exists. It has been renamed to `controller.admin.password`" }} + {{- end }} + + {{- if .Values.controller.sidecars.other }} + {{ fail "`controller.sidecars.other` no longer exists. It has been renamed to `controller.sidecars.additionalSidecarContainers`" }} + {{- end }} + + {{- if .Values.agent.tag }} + {{ fail "`controller.agent.tag` no longer exists. It has been renamed to `controller.agent.image.tag`" }} + {{- end }} + + {{- if .Values.backup }} + {{ fail "`controller.backup` no longer exists." }} + {{- end }} + + {{- if .Values.helmtest.bats.tag }} + {{ fail "`helmtest.bats.tag` no longer exists. It has been renamed to `helmtest.bats.image.tag`" }} + {{- end }} {{- end }} diff --git a/charts/jenkins/templates/jcasc-config.yaml b/charts/jenkins/templates/jcasc-config.yaml index 684c985ab..e40419452 100644 --- a/charts/jenkins/templates/jcasc-config.yaml +++ b/charts/jenkins/templates/jcasc-config.yaml @@ -40,6 +40,6 @@ metadata: {{ template "jenkins.fullname" $root }}-jenkins-config: "true" data: jcasc-default-config.yaml: |- - {{- include "jenkins.casc.defaults" . |nindent 4 }} + {{- include "jenkins.casc.defaults" . | nindent 4 }} {{- end}} {{- end }} diff --git a/charts/jenkins/templates/jenkins-backup-cronjob.yaml b/charts/jenkins/templates/jenkins-backup-cronjob.yaml deleted file mode 100644 index d710dd5e5..000000000 --- a/charts/jenkins/templates/jenkins-backup-cronjob.yaml +++ /dev/null @@ -1,168 +0,0 @@ -{{- if .Values.backup.enabled }} -apiVersion: {{ .Values.cronJob.apiVersion }} -kind: CronJob -metadata: - name: {{ template "jenkins.fullname" . }}-backup - namespace: {{ template "jenkins.namespace" . }} - labels: - "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' - {{- if .Values.renderHelmLabels }} - "helm.sh/chart": "{{ template "jenkins.label" .}}" - {{- end }} - "app.kubernetes.io/managed-by": "{{ .Release.Service }}" - "app.kubernetes.io/instance": "{{ .Release.Name }}" - "app.kubernetes.io/component": "{{ .Values.backup.componentName }}" -spec: - schedule: {{ .Values.backup.schedule | quote }} - concurrencyPolicy: Forbid - startingDeadlineSeconds: 120 - jobTemplate: - spec: -{{- if .Values.backup.activeDeadlineSeconds }} - activeDeadlineSeconds: {{ .Values.backup.activeDeadlineSeconds }} -{{- end }} - template: - metadata: - {{- if .Values.backup.labels }} - labels: - {{- toYaml .Values.backup.labels | trim | nindent 12 }} - {{- end }} - {{- if .Values.backup.annotations }} - annotations: - {{- toYaml .Values.backup.annotations | trim | nindent 12 }} - {{- end }} - spec: - restartPolicy: OnFailure - serviceAccountName: {{ include "backup.serviceAccountBackupName" . }} - {{- if .Values.backup.usePodSecurityContext }} - securityContext: - {{- if hasKey .Values.backup "podSecurityContextOverride" }} - {{- tpl (toYaml .Values.backup.podSecurityContextOverride | nindent 12) . }} - {{- else }} - runAsUser: {{ default 0 .Values.backup.runAsUser }} - {{- if and (.Values.backup.runAsUser) (.Values.backup.fsGroup) }} - {{- if not (eq (int .Values.backup.runAsUser) 0) }} - fsGroup: {{ .Values.backup.fsGroup }} - {{- end }} - {{- end }} - {{- if .Values.backup.securityContextCapabilities }} - capabilities: - {{- toYaml .Values.backup.securityContextCapabilities | nindent 12 }} - {{- end }} - {{- end }} - {{- end }} - containers: - - name: jenkins-backup - image: "{{ .Values.backup.image.repository }}:{{ .Values.backup.image.tag }}" - command: ["kube-tasks"] - args: - - simple-backup - - -n - - {{ template "jenkins.namespace" . }} - - -l - - app.kubernetes.io/instance={{ .Release.Name }} - - --container - - jenkins - - --path - {{- if .Values.backup.onlyJobs }} - - {{ .Values.controller.jenkinsHome }}/jobs - {{- else}} - - {{ .Values.controller.jenkinsHome }} - {{- end}} - - --dst - - {{ .Values.backup.destination }} - {{- with .Values.backup.extraArgs }} - {{- toYaml . | nindent 12 }} - {{- end }} - env: - {{- with .Values.backup.env }} - {{- toYaml . | trim | nindent 12 }} - {{- end }} - {{- if .Values.backup.existingSecret }} - {{- range $key,$value := .Values.backup.existingSecret }} - {{- if $value.awsaccesskey }} - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: {{ $key }} - key: {{ $value.awsaccesskey | quote }} - {{- end }} - {{- if $value.awssecretkey }} - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: {{ $key }} - key: {{ $value.awssecretkey | quote}} - {{- end }} - {{- if $value.azstorageaccount }} - - name: AZURE_STORAGE_ACCOUNT - valueFrom: - secretKeyRef: - name: {{ $key }} - key: {{ $value.azstorageaccount | quote}} - {{- end }} - {{- if $value.azstoragekey }} - - name: AZURE_STORAGE_ACCESS_KEY - valueFrom: - secretKeyRef: - name: {{ $key }} - key: {{ $value.azstoragekey | quote}} - {{- end }} - {{- if $value.gcpcredentials }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: "/var/run/secrets/{{ $key }}/{{ $value.gcpcredentials }}" - {{- end }} - {{- end }} - {{- end }} - {{- with .Values.backup.resources }} - resources: - {{- toYaml . | trim | nindent 14 }} - {{- end }} - volumeMounts: - {{- if .Values.backup.existingSecret }} - {{- range $key,$value := .Values.backup.existingSecret }} - {{- if $value.gcpcredentials }} - - mountPath: /var/run/secrets/{{ $key }} - name: {{ $key }} - {{- end }} - {{- end }} - {{- end }} - volumes: - {{- if .Values.backup.existingSecret }} - {{- range $key,$value := .Values.backup.existingSecret }} - {{- if $value.gcpcredentials }} - - name: {{ $key }} - secret: - secretName: {{ $key }} - {{- end }} - {{- end }} - {{- end }} - affinity: - podAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - topologyKey: "kubernetes.io/hostname" - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - {{ template "jenkins.fullname" . }} - - key: release - operator: In - values: - - {{ .Release.Name }} - {{- with .Values.controller.tolerations }} - tolerations: - {{- toYaml . | nindent 10 }} - {{- end }} - {{- with .Values.controller.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- if .Values.backup.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.backup.imagePullSecretName }} - {{- end -}} -{{- end }} diff --git a/charts/jenkins/templates/jenkins-backup-rbac.yaml b/charts/jenkins/templates/jenkins-backup-rbac.yaml deleted file mode 100644 index 0f94fa833..000000000 --- a/charts/jenkins/templates/jenkins-backup-rbac.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{- if .Values.backup.enabled }} -{{- if .Values.backup.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "backup.serviceAccountBackupName" . }} - namespace: {{ template "jenkins.namespace" . }} - labels: - "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' - {{- if .Values.renderHelmLabels }} - "helm.sh/chart": "{{ template "jenkins.label" .}}" - {{- end }} - "app.kubernetes.io/managed-by": "{{ .Release.Service }}" - "app.kubernetes.io/instance": "{{ .Release.Name }}" - "app.kubernetes.io/component": "{{ .Values.controller.componentName }}" - {{- if .Values.backup.serviceAccount.annotations }} - annotations: - {{- toYaml .Values.backup.serviceAccount.annotations | nindent 4 }} - {{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "jenkins.fullname" . }}-backup - namespace: {{ template "jenkins.namespace" . }} - labels: - "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' - {{- if .Values.renderHelmLabels }} - "helm.sh/chart": "{{ template "jenkins.label" .}}" - {{- end }} - "app.kubernetes.io/managed-by": "{{ .Release.Service }}" - "app.kubernetes.io/instance": "{{ .Release.Name }}" - "app.kubernetes.io/component": "{{ .Values.controller.componentName }}" -rules: -- apiGroups: [""] - resources: ["pods", "pods/log"] - verbs: ["get", "list"] -- apiGroups: [""] - resources: ["pods/exec"] - verbs: ["create"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "jenkins.fullname" . }}-backup - namespace: {{ template "jenkins.namespace" . }} - labels: - "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' - {{- if .Values.renderHelmLabels }} - "helm.sh/chart": "{{ template "jenkins.label" .}}" - {{- end }} - "app.kubernetes.io/managed-by": "{{ .Release.Service }}" - "app.kubernetes.io/instance": "{{ .Release.Name }}" - "app.kubernetes.io/component": "{{ .Values.controller.componentName }}" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "jenkins.fullname" . }}-backup -subjects: -- kind: ServiceAccount - name: {{ include "backup.serviceAccountBackupName" . }} - namespace: {{ template "jenkins.namespace" . }} -{{- end }} diff --git a/charts/jenkins/templates/jenkins-controller-statefulset.yaml b/charts/jenkins/templates/jenkins-controller-statefulset.yaml index 9cfe93633..d049670df 100644 --- a/charts/jenkins/templates/jenkins-controller-statefulset.yaml +++ b/charts/jenkins/templates/jenkins-controller-statefulset.yaml @@ -118,8 +118,8 @@ spec: {{- end}} - name: "init" - image: "{{ .Values.controller.image }}:{{- include "controller.tag" . -}}" - imagePullPolicy: "{{ .Values.controller.imagePullPolicy }}" + image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{- include "controller.image.tag" . -}}" + imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}" {{- if .Values.controller.containerSecurityContext }} securityContext: {{- toYaml .Values.controller.containerSecurityContext | nindent 12 }} {{- end }} @@ -170,8 +170,8 @@ spec: {{- end }} containers: - name: jenkins - image: "{{ .Values.controller.image }}:{{- include "controller.tag" . -}}" - imagePullPolicy: "{{ .Values.controller.imagePullPolicy }}" + image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{- include "controller.image.tag" . -}}" + imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}" {{- if .Values.controller.containerSecurityContext }} securityContext: {{- toYaml .Values.controller.containerSecurityContext | nindent 12 }} {{- end }} @@ -205,7 +205,7 @@ spec: {{- if .Values.controller.containerEnv }} {{ (tpl ( toYaml .Values.controller.containerEnv) .) | indent 12 }} {{- end }} - {{- if or .Values.controller.additionalSecrets .Values.controller.existingSecret .Values.controller.additionalExistingSecrets .Values.controller.adminSecret }} + {{- if or .Values.controller.additionalSecrets .Values.controller.existingSecret .Values.controller.additionalExistingSecrets .Values.controller.admin.createSecret }} - name: SECRETS value: /run/secrets/additional {{- end }} @@ -298,7 +298,7 @@ spec: - name: sc-config-volume mountPath: {{ .Values.controller.sidecars.configAutoReload.folder | default (printf "%s/casc_configs" (.Values.controller.jenkinsRef)) }} {{- end }} - {{- if or .Values.controller.additionalSecrets .Values.controller.existingSecret .Values.controller.additionalExistingSecrets .Values.controller.adminSecret }} + {{- if or .Values.controller.additionalSecrets .Values.controller.existingSecret .Values.controller.additionalExistingSecrets .Values.controller.admin.createSecret }} - name: jenkins-secrets mountPath: /run/secrets/additional readOnly: true @@ -351,7 +351,7 @@ spec: - name: plugin-dir emptyDir: {} {{- end }} - {{- if or .Values.controller.additionalSecrets .Values.controller.existingSecret .Values.controller.additionalExistingSecrets .Values.controller.adminSecret }} + {{- if or .Values.controller.additionalSecrets .Values.controller.existingSecret .Values.controller.additionalExistingSecrets .Values.controller.admin.createSecret }} - name: jenkins-secrets projected: sources: @@ -368,7 +368,7 @@ spec: path: {{ tpl $value.name $ }}-{{ tpl $value.keyName $ }} {{- end }} {{- end }} - {{- if .Values.controller.adminSecret }} + {{- if .Values.controller.admin.createSecret }} - secret: name: {{ .Values.controller.admin.existingSecret | default (include "jenkins.fullname" .) }} items: diff --git a/charts/jenkins/templates/secret.yaml b/charts/jenkins/templates/secret.yaml index 4feb52f42..cc6ace179 100644 --- a/charts/jenkins/templates/secret.yaml +++ b/charts/jenkins/templates/secret.yaml @@ -1,4 +1,4 @@ -{{- if and (not .Values.controller.admin.existingSecret) (.Values.controller.adminSecret) -}} +{{- if and (not .Values.controller.admin.existingSecret) (.Values.controller.admin.createSecret) -}} apiVersion: v1 kind: Secret @@ -16,5 +16,5 @@ metadata: type: Opaque data: jenkins-admin-password: {{ template "jenkins.password" . }} - jenkins-admin-user: {{ .Values.controller.adminUser | b64enc | quote }} + jenkins-admin-user: {{ .Values.controller.admin.username | b64enc | quote }} {{- end }} diff --git a/charts/jenkins/templates/tests/jenkins-test.yaml b/charts/jenkins/templates/tests/jenkins-test.yaml index 20e06b593..12a935ecc 100644 --- a/charts/jenkins/templates/tests/jenkins-test.yaml +++ b/charts/jenkins/templates/tests/jenkins-test.yaml @@ -17,7 +17,7 @@ spec: {{- end }} initContainers: - name: "test-framework" - image: {{ .Values.helmtest.bats.image }}:{{ .Values.helmtest.bats.tag }} + image: "{{ .Values.helmtest.bats.image.registry }}/{{ .Values.helmtest.bats.image.repository }}:{{ .Values.helmtest.bats.image.tag }}" command: - "bash" - "-c" @@ -31,7 +31,7 @@ spec: name: tools containers: - name: {{ .Release.Name }}-ui-test - image: "{{ .Values.controller.image }}:{{- include "controller.tag" . -}}" + image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{- include "controller.image.tag" . -}}" command: ["/tools/bats/bin/bats", "-t", "/tests/run.sh"] volumeMounts: - mountPath: /tests diff --git a/charts/jenkins/unittests/__snapshot__/config-test.yaml.snap b/charts/jenkins/unittests/__snapshot__/config-test.yaml.snap new file mode 100644 index 000000000..8b83970eb --- /dev/null +++ b/charts/jenkins/unittests/__snapshot__/config-test.yaml.snap @@ -0,0 +1,15 @@ +additional plugins config: + 1: | + |- + kubernetes:4174.v4230d0ccd951 + workflow-aggregator:596.v8c21c963d92d + git:5.1.0 + configuration-as-code:1670.v564dc8b_982d0 + kubernetes-credentials-provider +default config: + 1: | + |- + kubernetes:4174.v4230d0ccd951 + workflow-aggregator:596.v8c21c963d92d + git:5.1.0 + configuration-as-code:1670.v564dc8b_982d0 diff --git a/charts/jenkins/unittests/__snapshot__/jcasc-config-test.yaml.snap b/charts/jenkins/unittests/__snapshot__/jcasc-config-test.yaml.snap new file mode 100644 index 000000000..7327d167c --- /dev/null +++ b/charts/jenkins/unittests/__snapshot__/jcasc-config-test.yaml.snap @@ -0,0 +1,2821 @@ +additional clouds: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "default" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: f44268ff75c10f757598246e8523f7c65a9bcb7a9fcb6b2a5f847099dc35c623 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "remote-cloud-1" + namespace: "default" + serverUrl: "https://api.remote-cloud.com" + credentialsId: "remote-cloud-token" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: f44268ff75c10f757598246e8523f7c65a9bcb7a9fcb6b2a5f847099dc35c623 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +additional clouds inheriting additional agents: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "default" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: f44268ff75c10f757598246e8523f7c65a9bcb7a9fcb6b2a5f847099dc35c623 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + - name: "maven" + namespace: "maven" + id: e1e33fdb50032908b6edd2bfff5986baf24673dae3e8f5be26bc33fe650b4eb9 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/jnlp-agent-maven:latest" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent maven" + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "remote-cloud-1" + namespace: "default" + serverUrl: "https://api.remote-cloud.com" + credentialsId: "remote-cloud-token" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: f44268ff75c10f757598246e8523f7c65a9bcb7a9fcb6b2a5f847099dc35c623 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + - name: "maven" + namespace: "maven" + id: e1e33fdb50032908b6edd2bfff5986baf24673dae3e8f5be26bc33fe650b4eb9 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/jnlp-agent-maven:latest" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent maven" + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +additional clouds overriding additional agents: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "default" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: f44268ff75c10f757598246e8523f7c65a9bcb7a9fcb6b2a5f847099dc35c623 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + - name: "maven" + namespace: "maven" + id: e1e33fdb50032908b6edd2bfff5986baf24673dae3e8f5be26bc33fe650b4eb9 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/jnlp-agent-maven:latest" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent maven" + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "remote-cloud-1" + namespace: "default" + serverUrl: "https://api.remote-cloud.com" + credentialsId: "remote-cloud-token" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: f44268ff75c10f757598246e8523f7c65a9bcb7a9fcb6b2a5f847099dc35c623 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +adds custom labels on agent pods: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.NAMESPACE.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.NAMESPACE.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "NAMESPACE" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + - key: "label-one" + value: "value-one" + - key: "label-two" + value: "true" + templates: + - name: "default" + namespace: "NAMESPACE" + id: f02e77721ce95294405b146db7b133cc84a48f80ac911e64bc50ec2155886038 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.NAMESPACE.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +agent namespace and templates: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.controller-namespace.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.controller-namespace.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "jenkins-agents" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "jenkins-agents" + id: ca0fbc2c8caf078a964168b7c33cb1e802e46f9e50146f40a5d41f02ff31d48b + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.controller-namespace.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + - name: "maven" + namespace: "maven" + id: 481a51d7ff99453f880444a3e1bfa419f4e51fcfb73c27976fd84b00404d8c96 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.controller-namespace.svc.cluster.local:8080/" + image: "jenkins/jnlp-agent-maven:latest" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent maven" + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + - name: "python" + namespace: "jenkins-agents" + id: 773cf093c15a9b4fcc6e2ff5470db96a5b0f20375fd83ef4c1d41b92247a8457 + containers: + - name: "python" + alwaysPullImage: false + args: "cat" + command: /bin/sh -c + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.controller-namespace.svc.cluster.local:8080/" + image: "python:3" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: true + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent python" + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + - name: python3 + label: jenkins-python3 + serviceAccount: jenkins + containers: + - name: python + image: python:3 + command: "/bin/sh -c" + args: "cat" + ttyEnabled: true + privileged: true + resourceRequestCpu: "400m" + resourceRequestMemory: "512Mi" + resourceRequestEphemeralStorage: "1Gi" + resourceLimitCpu: "1" + resourceLimitMemory: "1024Mi" + resourceLimitEphemeralStorage: "2Gi" + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +agent with liveness probe: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "default" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: b1cac02826df53b00c0580c6153d79176f57421ace95c992f8821022490a9554 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + livenessProbe: + execArgs: "cat /tmp/healthy" + failureThreshold: 3 + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +agents with liveness probe: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "default" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: d0c6d5f3223c8ec16a9e9a9f6a74e7f76dfd5c4a598e0246fc4fd3a91daf11fa + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + - name: "side-container" + alwaysPullImage: false + args: "" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "REPOSITORY:TAG" + livenessProbe: + execArgs: "cat /tmp/healthy" + failureThreshold: 3 + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +configure hostnetworking to agent: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "default" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: f07215c3d91893fa06e39ca483273efd70eae68af0fc535a3409bc3bc1fb804b + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + hostNetwork: true + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +custom dynamic pvc workspace volume: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "default" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: 78e72bf2bbc02b4dd9f0d5f408d455b9d1e183609e651fc4a71d9ba5f0c65bdb + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + workspaceVolume: + dynamicPVC: + accessModes: "ReadWriteOnce" + requestsSize: "2Gi" + storageClassName: "gp2" + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +custom emptyDir workspace volume: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "default" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: d22452c64c79eb5622bd603d7b248ebda657770d6b4fa49bfeeaf2c92bbe2144 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + workspaceVolume: + emptyDirWorkspaceVolume: + memory: true + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +custom hostPath workspace volume: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "default" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: e957a67018c12c9319da91b23d6fec6bf83fc90125ae9088ec4838ca2299d9dc + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + workspaceVolume: + hostPathWorkspaceVolume: + hostPath: "/data" + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +custom jenkins label: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "testlabel" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "default" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: f44268ff75c10f757598246e8523f7c65a9bcb7a9fcb6b2a5f847099dc35c623 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +custom nfs workspace volume: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "default" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: 185d6d0f5560254bb7ed9180e79983947f35e7c1e7788d893118b49ecebe683b + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + workspaceVolume: + nfsWorkspaceVolume: + readOnly: false + serverAddress: "1.1.1.1" + serverPath: "/data" + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +custom other workspace volume: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "default" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: ee300383fbaf200c00e58da6203caef9960aaad8972ec422eaae8adf04455c85 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + workspaceVolume: + persistentVolumeClaimWorkspaceVolume: + claimName: "my-claim" + readOnly: false + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +custom pvc workspace volume: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "default" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: 2dd89444b6ba60a7525f19d71728f99ca28df0db3d85cf2c9cee52c825961cd7 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + workspaceVolume: + persistentVolumeClaimWorkspaceVolume: + claimName: "my-claim" + readOnly: false + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +customized config: + 1: | + |- + jenkins: + authorizationStrategy: + globalMatrix: + permissions: + - "Overall/Read:anonymous" + securityRealm: + local + disableRememberMe: true + mode: EXCLUSIVE + numExecutors: 1 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + rawHtml: + disableSyntaxHighlighting: true + clouds: + - kubernetes: + containerCapStr: "22" + jnlpregistry: "private.registry.com" + defaultsProviderTemplate: "my-defaults" + connectTimeout: "11" + readTimeout: "12" + jenkinsUrl: "http://my-release-jenkins.other.svc.cluster.local:8080" + jenkinsTunnel: "my-release-jenkins-agent.other.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "default" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/my-release-jenkins-agent" + value: "true" + templates: + - name: "my-agent" + namespace: "default" + annotations: + - key: ci.jenkins-agent/test + value: "custom" + id: bd55f3780fa955cad283f2dcfcd00d0443125771f7b888be585e1b8846feece7 + containers: + - name: "sideContainer" + alwaysPullImage: true + args: "^${computer.jnlpmac} ^${computer.name}" + command: /bin/command + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://my-release-jenkins.other.svc.cluster.local:8080/" + image: "my-image/jnlp:v1.2.3" + privileged: "true" + resourceLimitCpu: 1024m + resourceLimitMemory: 1Gi + resourceLimitEphemeralStorage: 1Gi + resourceRequestCpu: 756m + resourceRequestMemory: 768Mi + resourceRequestEphemeralStorage: 512Mi + runAsUser: 2000 + runAsGroup: 2000 + ttyEnabled: true + workingDir: /workdir + envVars: + - envVar: + key: VAR + value: value + idleMinutes: 30 + instanceCap: 2147483647 + imagePullSecrets: + - name: pullSecret + label: "my-release-jenkins-agent " + nodeSelector: jenkins-agent=v1,selector=abc + nodeUsageMode: "NORMAL" + podRetention: onFailure + showRawYaml: true + serviceAccount: "agent-serviceaccount" + slaveConnectTimeoutStr: "111" + volumes: + - configMapVolume: + configMapName: "myconfigmap" + mountPath: "/var/myapp/myconfigmap" + - emptyDirVolume: + memory: false + mountPath: "/var/myapp/myemptydir" + - hostPathVolume: + hostPath: "/var/lib/containers" + mountPath: "/var/myapp/myhostpath" + - nfsVolume: + mountPath: "/var/myapp/mynfs" + readOnly: false + serverAddress: "192.0.2.0" + serverPath: "/var/lib/containers" + - persistentVolumeClaim: + claimName: "mypvc" + mountPath: "/var/myapp/mypvc" + readOnly: false + - secretVolume: + defaultMode: "600" + mountPath: "/var/myapp/mysecret" + secretName: "mysecret" + - genericEphemeralVolume: + accessModes: "ReadWriteOnce" + mountPath: "/var/myapp/myephemeralvolume" + requestsSize: "2Gi" + storageClassName: "test-storageclass" + yaml: |- + apiVersion: v1 + kind: Pod + spec: + tolerations: + - key: "key" + operator: "Equal" + value: "value" + yamlMergeStrategy: merge + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + adminAddress: admin@example.org + url: https://jenkins.example.com +default config: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "default" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: f44268ff75c10f757598246e8523f7c65a9bcb7a9fcb6b2a5f847099dc35c623 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +disable agents: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.controller-namespace.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.controller-namespace.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "controller-namespace" + serverUrl: "https://kubernetes.default" + credentialsId: "" + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +empty projectNamingStrategy: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "default" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: f44268ff75c10f757598246e8523f7c65a9bcb7a9fcb6b2a5f847099dc35c623 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +legacyRemotingSecurityEnabled = false: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "default" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: f44268ff75c10f757598246e8523f7c65a9bcb7a9fcb6b2a5f847099dc35c623 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +legacyRemotingSecurityEnabled = true: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + remotingSecurity: + enabled: true + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "default" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: f44268ff75c10f757598246e8523f7c65a9bcb7a9fcb6b2a5f847099dc35c623 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +non-string projectNamingStrategy: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: + myConfiguration: + mySetting1: true + mySetting2: something + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "default" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: f44268ff75c10f757598246e8523f7c65a9bcb7a9fcb6b2a5f847099dc35c623 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +set directConnection: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + directConnection: true + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "default" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: dfc43695e648388acdb3f1040aba5b87d2d8f255ef42921d028239ebc0ac9f0d + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_DIRECT_CONNECTION" + value: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +set secretEnvVars: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "default" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: 4515dfaf3d6e3ffdda734b7e0392af901552c2739419bbb200d2e8a74d56a4bd + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + envVars: + - envVar: + key: UNITTEST_ENV + value: testvalue + - secretEnvVar: + key: UNITTEST_PATH + secretName: k8s-unittest-secret-name + secretKey: UNITTEST_K8S_PATH + optional: false + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +specify additional container: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "default" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: 1ee97fd90be21ec439a7f86642e6db0fcb4d9021f328928b46462963efa7ae97 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + - name: "dind" + alwaysPullImage: false + args: "" + command: dockerd-entrypoint.sh + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "docker:dind" + privileged: "true" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +specify additional container and clear in additional agent: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "default" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: 1ee97fd90be21ec439a7f86642e6db0fcb4d9021f328928b46462963efa7ae97 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + - name: "dind" + alwaysPullImage: false + args: "" + command: dockerd-entrypoint.sh + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "docker:dind" + privileged: "true" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + - name: "additional-agent" + namespace: "default" + id: 8cfdfaba21a5977113c804f1a6e9c1f9e1fe101eb6b4abb7cce3c1b7cf1be210 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +specify additional container and overwrite in additional agent: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "default" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: 1ee97fd90be21ec439a7f86642e6db0fcb4d9021f328928b46462963efa7ae97 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + - name: "dind" + alwaysPullImage: false + args: "" + command: dockerd-entrypoint.sh + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "docker:dind" + privileged: "true" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + - name: "additional-agent" + namespace: "default" + id: d8c45dbc5c05f87ccf4e2f72cda75cb4b854d71c3c4a1739e035e7a1c661fde1 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + - name: "additional" + alwaysPullImage: false + args: "arg1 arg2" + command: entrypoint.sh + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "my-additional-container-image:latest" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +specify security settings with apiToken override: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "default" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: f44268ff75c10f757598246e8523f7c65a9bcb7a9fcb6b2a5f847099dc35c623 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: overridden + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 +specify security settings without apiToken override: + 1: | + |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" + jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "default" + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/RELEASE-NAME-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "default" + id: f44268ff75c10f757598246e8523f7c65a9bcb7a9fcb6b2a5f847099dc35c623 + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "RELEASE-NAME-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + gitHostKeyVerificationConfiguration: + sshHostKeyVerificationStrategy: acceptFirstConnectionStrategy + unclassified: + location: + url: http://RELEASE-NAME-jenkins:8080 diff --git a/charts/jenkins/unittests/__snapshot__/jenkins-controller-statefulset-test.yaml.snap b/charts/jenkins/unittests/__snapshot__/jenkins-controller-statefulset-test.yaml.snap index e4df7eaf9..5097cd3c3 100644 --- a/charts/jenkins/unittests/__snapshot__/jenkins-controller-statefulset-test.yaml.snap +++ b/charts/jenkins/unittests/__snapshot__/jenkins-controller-statefulset-test.yaml.snap @@ -1,3 +1,221 @@ +configure empty image tag label: + 1: | + docker.io/jenkins/jenkins:2.426.3 +configure image tag label: + 1: | + docker.io/jenkins/jenkins:2.426.3-alpine +default values: + 1: | + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: jenkins-controller + app.kubernetes.io/instance: my-release + serviceName: my-release-jenkins + template: + metadata: + annotations: + checksum/config: d07ed80fe87695afb403730897369275917d5984231041cbd3b8960d6b230aa2 + labels: + app.kubernetes.io/component: jenkins-controller + app.kubernetes.io/instance: my-release + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: jenkins + spec: + containers: + - args: + - --httpPort=8080 + env: + - name: SECRETS + value: /run/secrets/additional + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: JAVA_OPTS + value: '-Dcasc.reload.token=$(POD_NAME) ' + - name: JENKINS_OPTS + value: '--webroot=/var/jenkins_cache/war ' + - name: JENKINS_SLAVE_AGENT_PORT + value: "50000" + - name: CASC_JENKINS_CONFIG + value: /var/jenkins_home/casc_configs + image: docker.io/jenkins/jenkins:2.426.3-jdk17 + imagePullPolicy: Always + livenessProbe: + failureThreshold: 5 + httpGet: + path: /login + port: http + periodSeconds: 10 + timeoutSeconds: 5 + name: jenkins + ports: + - containerPort: 8080 + name: http + - containerPort: 50000 + name: agent-listener + readinessProbe: + failureThreshold: 3 + httpGet: + path: /login + port: http + periodSeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 50m + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsUser: 1000 + startupProbe: + failureThreshold: 12 + httpGet: + path: /login + port: http + periodSeconds: 10 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /var/jenkins_home + name: jenkins-home + readOnly: false + - mountPath: /var/jenkins_config + name: jenkins-config + readOnly: true + - mountPath: /usr/share/jenkins/ref/plugins/ + name: plugin-dir + readOnly: false + - mountPath: /var/jenkins_home/casc_configs + name: sc-config-volume + - mountPath: /run/secrets/additional + name: jenkins-secrets + readOnly: true + - mountPath: /var/jenkins_cache + name: jenkins-cache + - mountPath: /tmp + name: tmp-volume + - env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: LABEL + value: my-release-jenkins-jenkins-config + - name: FOLDER + value: /var/jenkins_home/casc_configs + - name: NAMESPACE + value: my-namespace + - name: REQ_URL + value: http://localhost:8080/reload-configuration-as-code/?casc-reload-token=$(POD_NAME) + - name: REQ_METHOD + value: POST + - name: REQ_RETRY_CONNECT + value: "10" + image: docker.io/kiwigrid/k8s-sidecar:1.24.4 + imagePullPolicy: IfNotPresent + name: config-reload + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /var/jenkins_home/casc_configs + name: sc-config-volume + - mountPath: /var/jenkins_home + name: jenkins-home + initContainers: + - env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: LABEL + value: my-release-jenkins-jenkins-config + - name: FOLDER + value: /var/jenkins_home/casc_configs + - name: NAMESPACE + value: my-namespace + - name: METHOD + value: LIST + image: docker.io/kiwigrid/k8s-sidecar:1.24.4 + imagePullPolicy: IfNotPresent + name: config-reload-init + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /var/jenkins_home/casc_configs + name: sc-config-volume + - mountPath: /var/jenkins_home + name: jenkins-home + - command: + - sh + - /var/jenkins_config/apply_config.sh + image: docker.io/jenkins/jenkins:2.426.3-jdk17 + imagePullPolicy: Always + name: init + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 50m + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsUser: 1000 + volumeMounts: + - mountPath: /var/jenkins_home + name: jenkins-home + - mountPath: /var/jenkins_config + name: jenkins-config + - mountPath: /usr/share/jenkins/ref/plugins + name: plugins + - mountPath: /var/jenkins_plugins + name: plugin-dir + - mountPath: /tmp + name: tmp-volume + securityContext: + fsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + serviceAccountName: my-release-jenkins + volumes: + - emptyDir: {} + name: plugins + - configMap: + name: my-release-jenkins + name: jenkins-config + - emptyDir: {} + name: plugin-dir + - name: jenkins-secrets + projected: + sources: + - secret: + items: + - key: jenkins-admin-user + path: chart-admin-username + - key: jenkins-admin-password + path: chart-admin-password + name: my-release-jenkins + - emptyDir: {} + name: jenkins-cache + - name: jenkins-home + persistentVolumeClaim: + claimName: my-release-jenkins + - emptyDir: {} + name: sc-config-volume + - emptyDir: {} + name: tmp-volume render pod annotations: 1: | checksum/config: d07ed80fe87695afb403730897369275917d5984231041cbd3b8960d6b230aa2 diff --git a/charts/jenkins/unittests/config-test.yaml b/charts/jenkins/unittests/config-test.yaml index b12472aa3..97f8f5aa8 100644 --- a/charts/jenkins/unittests/config-test.yaml +++ b/charts/jenkins/unittests/config-test.yaml @@ -37,13 +37,8 @@ tests: # Copy plugins to shared volume yes n | cp -i /usr/share/jenkins/ref/plugins/* /var/jenkins_plugins/; echo "finished initialization" - - equal: + - matchSnapshot: path: data["plugins.txt"] - value: |- - kubernetes:4174.v4230d0ccd951 - workflow-aggregator:596.v8c21c963d92d - git:5.1.0 - configuration-as-code:1670.v564dc8b_982d0 - it: no plugins set: controller.installPlugins: [] @@ -66,14 +61,8 @@ tests: additionalPlugins: - kubernetes-credentials-provider asserts: - - equal: + - matchSnapshot: path: data["plugins.txt"] - value: |- - kubernetes:4174.v4230d0ccd951 - workflow-aggregator:596.v8c21c963d92d - git:5.1.0 - configuration-as-code:1670.v564dc8b_982d0 - kubernetes-credentials-provider - it: install latest plugins set: controller.installLatestPlugins: false diff --git a/charts/jenkins/unittests/jcasc-config-test.yaml b/charts/jenkins/unittests/jcasc-config-test.yaml index 06c6b9968..5720a4866 100644 --- a/charts/jenkins/unittests/jcasc-config-test.yaml +++ b/charts/jenkins/unittests/jcasc-config-test.yaml @@ -15,90 +15,8 @@ tests: - matchRegex: path: metadata.labels["helm.sh/chart"] pattern: ^jenkins- - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: 923e6d6b3128baaa56764f4b69d4c62b61e55d00f8170e3428f011148767dc99 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - it: agent namespace and templates release: namespace: controller-namespace @@ -108,21 +26,23 @@ tests: namespace: maven podName: maven customJenkinsLabels: maven - image: jenkins/jnlp-agent-maven - tag: latest + image: + repository: jenkins/jnlp-agent-maven + tag: latest python: podName: python customJenkinsLabels: python sideContainerName: python - image: python - tag: "3" + image: + repository: python + tag: "3" command: /bin/sh -c args: "cat" TTYEnabled: true agent: namespace: jenkins-agents podTemplates: - python3: | + python3: |- - name: python3 label: jenkins-python3 serviceAccount: jenkins @@ -139,171 +59,9 @@ tests: resourceLimitCpu: "1" resourceLimitMemory: "1024Mi" resourceLimitEphemeralStorage: "2Gi" - asserts: - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.controller-namespace.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.controller-namespace.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "jenkins-agents" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "jenkins-agents" - id: fa33fa17a3a581eb24c93b10cdce8d625ef4ee4e6145269f253d2b7a48ce27b4 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.controller-namespace.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - - name: "maven" - namespace: "maven" - id: 519c05520c082e7b03f4b618fc9e8b5596b85ed6db1fb608a3b7f8985a130b84 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.controller-namespace.svc.cluster.local:8080/" - image: "jenkins/jnlp-agent-maven:latest" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent maven" - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - - name: "python" - namespace: "jenkins-agents" - id: 91cce14f8699291c0af8cf24e8761f2421aee625985fce2f874de0cb959c3294 - containers: - - name: "python" - alwaysPullImage: false - args: "cat" - command: /bin/sh -c - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.controller-namespace.svc.cluster.local:8080/" - image: "python:3" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: true - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent python" - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - - name: python3 - label: jenkins-python3 - serviceAccount: jenkins - containers: - - name: python - image: python:3 - command: "/bin/sh -c" - args: "cat" - ttyEnabled: true - privileged: true - resourceRequestCpu: "400m" - resourceRequestMemory: "512Mi" - resourceRequestEphemeralStorage: "1Gi" - resourceLimitCpu: "1" - resourceLimitMemory: "1024Mi" - resourceLimitEphemeralStorage: "2Gi" - - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - it: customized config set: controller: @@ -339,8 +97,9 @@ tests: sideContainerName: sideContainer alwaysPullImage: true command: /bin/command - image: my-image/jnlp - tag: v1.2.3 + image: + repository: my-image/jnlp + tag: v1.2.3 privileged: true resources: limits: @@ -456,244 +215,8 @@ tests: jenkins: systemMessage: Welcome to our CI\CD server. This Jenkins is configured and managed 'as code'. - documentIndex: 1 - equal: - path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - globalMatrix: - permissions: - - "Overall/Read:anonymous" - securityRealm: - local - disableRememberMe: true - mode: EXCLUSIVE - numExecutors: 1 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - rawHtml: - disableSyntaxHighlighting: true - clouds: - - kubernetes: - containerCapStr: "22" - jnlpregistry: "private.registry.com" - defaultsProviderTemplate: "my-defaults" - connectTimeout: "11" - readTimeout: "12" - jenkinsUrl: "http://my-release-jenkins.other.svc.cluster.local:8080" - jenkinsTunnel: "my-release-jenkins-agent.other.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/my-release-jenkins-agent" - value: "true" - templates: - - name: "my-agent" - namespace: "default" - annotations: - - key: ci.jenkins-agent/test - value: "custom" - id: 8d8b353b1f27b74148ea53bdafaa66c35d1f18a4d1f9bf7eb119fbcc3d0ae4f4 - containers: - - name: "sideContainer" - alwaysPullImage: true - args: "^${computer.jnlpmac} ^${computer.name}" - command: /bin/command - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://my-release-jenkins.other.svc.cluster.local:8080/" - image: "my-image/jnlp:v1.2.3" - privileged: "true" - resourceLimitCpu: 1024m - resourceLimitMemory: 1Gi - resourceLimitEphemeralStorage: 1Gi - resourceRequestCpu: 756m - resourceRequestMemory: 768Mi - resourceRequestEphemeralStorage: 512Mi - runAsUser: 2000 - runAsGroup: 2000 - ttyEnabled: true - workingDir: /workdir - envVars: - - envVar: - key: VAR - value: value - idleMinutes: 30 - instanceCap: 2147483647 - imagePullSecrets: - - name: pullSecret - label: "my-release-jenkins-agent " - nodeSelector: jenkins-agent=v1,selector=abc - nodeUsageMode: "NORMAL" - podRetention: onFailure - showRawYaml: true - serviceAccount: "agent-serviceaccount" - slaveConnectTimeoutStr: "111" - volumes: - - configMapVolume: - configMapName: "myconfigmap" - mountPath: "/var/myapp/myconfigmap" - - emptyDirVolume: - memory: false - mountPath: "/var/myapp/myemptydir" - - hostPathVolume: - hostPath: "/var/lib/containers" - mountPath: "/var/myapp/myhostpath" - - nfsVolume: - mountPath: "/var/myapp/mynfs" - readOnly: false - serverAddress: "192.0.2.0" - serverPath: "/var/lib/containers" - - persistentVolumeClaim: - claimName: "mypvc" - mountPath: "/var/myapp/mypvc" - readOnly: false - - secretVolume: - defaultMode: "600" - mountPath: "/var/myapp/mysecret" - secretName: "mysecret" - - genericEphemeralVolume: - accessModes: "ReadWriteOnce" - mountPath: "/var/myapp/myephemeralvolume" - requestsSize: "2Gi" - storageClassName: "test-storageclass" - yaml: |- - apiVersion: v1 - kind: Pod - spec: - tolerations: - - key: "key" - operator: "Equal" - value: "value" - yamlMergeStrategy: merge - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: admin@example.org - url: https://jenkins.example.com - - it: custom ephemeral storage workspace volume - set: - agent: - workspaceVolume: - type: "EphemeralVolume" - accessModes: "ReadWriteOnce" - requestsSize: "2Gi" - storageClassName: "test-storageclass" - release: - namespace: default - asserts: - - isKind: - of: ConfigMap - - hasDocuments: - count: 1 - - isNotEmpty: - path: data["jcasc-default-config.yaml"] - - matchRegex: - path: metadata.labels["helm.sh/chart"] - pattern: ^jenkins- - - equal: + matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: ea5eb73a5f6e8914d92a87ba9567e3253aa768f60ec4cddb6a7d4c9189ba0889 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - workspaceVolume: - genericEphemeralVolume: - accessModes: "ReadWriteOnce" - requestsSize: "2Gi" - storageClassName: "test-storageclass" - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - it: custom dynamic pvc workspace volume set: agent: @@ -714,95 +237,8 @@ tests: - matchRegex: path: metadata.labels["helm.sh/chart"] pattern: ^jenkins- - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: 067fcef0882b10f163a4e3728b468d1c5c835e8b62f7423cf1fee029c5d802a2 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - workspaceVolume: - dynamicPVC: - accessModes: "ReadWriteOnce" - requestsSize: "2Gi" - storageClassName: "gp2" - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - it: custom emptyDir workspace volume set: agent: @@ -821,93 +257,8 @@ tests: - matchRegex: path: metadata.labels["helm.sh/chart"] pattern: ^jenkins- - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: 605224081078a8d9c7f68890ed8b37530ca55f79161d1589392db296129b2328 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - workspaceVolume: - emptyDirWorkspaceVolume: - memory: true - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - it: custom hostPath workspace volume set: agent: @@ -926,93 +277,8 @@ tests: - matchRegex: path: metadata.labels["helm.sh/chart"] pattern: ^jenkins- - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: ef835bdad4865690a6648a22275700c3d1a04828663f5944534693797e292578 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - workspaceVolume: - hostPathWorkspaceVolume: - hostPath: "/data" - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - it: custom nfs workspace volume set: agent: @@ -1033,95 +299,8 @@ tests: - matchRegex: path: metadata.labels["helm.sh/chart"] pattern: ^jenkins- - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: a72cba3ce68a3eadd81298f8cd08555145ca92d9aa54df93e07c5dd0fae5a02c - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - workspaceVolume: - nfsWorkspaceVolume: - readOnly: false - serverAddress: "1.1.1.1" - serverPath: "/data" - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - it: custom pvc workspace volume set: agent: @@ -1141,94 +320,8 @@ tests: - matchRegex: path: metadata.labels["helm.sh/chart"] pattern: ^jenkins- - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: 0fb89b278fcc7ca2e7fde07d9719c61452b8fb8ffcc5278b322b4426453e368c - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - workspaceVolume: - persistentVolumeClaimWorkspaceVolume: - claimName: "my-claim" - readOnly: false - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - it: custom other workspace volume set: agent: @@ -1248,94 +341,8 @@ tests: - matchRegex: path: metadata.labels["helm.sh/chart"] pattern: ^jenkins- - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: ce6595e446a85f835269e7d76da9b26cb9cdf97f015a0e9ca081a17b1ef0af28 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - workspaceVolume: - persistentVolumeClaimWorkspaceVolume: - claimName: "my-claim" - readOnly: false - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - it: disable helm.sh label set: renderHelmLabels: false @@ -1354,55 +361,8 @@ tests: set: agent.enabled: false asserts: - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.controller-namespace.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.controller-namespace.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "controller-namespace" - serverUrl: "https://kubernetes.default" - credentialsId: "" - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - it: disable default config set: controller.JCasC.defaultConfig: false @@ -1425,90 +385,8 @@ tests: - matchRegex: path: metadata.labels["helm.sh/chart"] pattern: ^jenkins- - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "testlabel" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: 923e6d6b3128baaa56764f4b69d4c62b61e55d00f8170e3428f011148767dc99 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - it: adds custom labels on agent pods set: agent: @@ -1525,94 +403,8 @@ tests: - matchRegex: path: metadata.labels["helm.sh/chart"] pattern: ^jenkins- - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.NAMESPACE.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.NAMESPACE.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "NAMESPACE" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - - key: "label-one" - value: "value-one" - - key: "label-two" - value: "true" - templates: - - name: "default" - namespace: "NAMESPACE" - id: dcdfe2fcfa63642b10dc0437db653d5995351abd1011b12df9e39b069327ed17 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.NAMESPACE.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - it: legacyRemotingSecurityEnabled = false release: namespace: default @@ -1629,90 +421,8 @@ tests: - matchRegex: path: metadata.labels["helm.sh/chart"] pattern: ^jenkins- - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: 923e6d6b3128baaa56764f4b69d4c62b61e55d00f8170e3428f011148767dc99 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - it: legacyRemotingSecurityEnabled = true release: namespace: default @@ -1729,92 +439,8 @@ tests: - matchRegex: path: metadata.labels["helm.sh/chart"] pattern: ^jenkins- - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - remotingSecurity: - enabled: true - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: 923e6d6b3128baaa56764f4b69d4c62b61e55d00f8170e3428f011148767dc99 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - it: empty projectNamingStrategy release: namespace: default @@ -1822,89 +448,8 @@ tests: controller: projectNamingStrategy: asserts: - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: 923e6d6b3128baaa56764f4b69d4c62b61e55d00f8170e3428f011148767dc99 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - it: non-string projectNamingStrategy release: namespace: default @@ -1915,93 +460,8 @@ tests: mySetting1: true mySetting2: something asserts: - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: - myConfiguration: - mySetting1: true - mySetting2: something - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: 923e6d6b3128baaa56764f4b69d4c62b61e55d00f8170e3428f011148767dc99 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - it: specify security settings without apiToken override release: namespace: default @@ -2012,93 +472,9 @@ tests: gitHostKeyVerificationConfiguration: sshHostKeyVerificationStrategy: "acceptFirstConnectionStrategy" asserts: - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: 923e6d6b3128baaa56764f4b69d4c62b61e55d00f8170e3428f011148767dc99 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - gitHostKeyVerificationConfiguration: - sshHostKeyVerificationStrategy: acceptFirstConnectionStrategy - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - - it: specify security settings without apiToken override + - it: specify security settings with apiToken override release: namespace: default set: @@ -2107,87 +483,8 @@ tests: security: apiToken: overridden asserts: - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: 923e6d6b3128baaa56764f4b69d4c62b61e55d00f8170e3428f011148767dc99 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: overridden - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - it: specify additional container release: namespace: default @@ -2195,114 +492,15 @@ tests: agent: additionalContainers: - sideContainerName: dind - image: docker - tag: dind + image: + repository: docker + tag: dind command: dockerd-entrypoint.sh args: "" privileged: true asserts: - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: fbfed069d6bf26a9928c0f79915d3c7305b568f6ef29995524b476f2c98c0e42 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - - name: "dind" - alwaysPullImage: false - args: "" - command: dockerd-entrypoint.sh - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "docker:dind" - privileged: "true" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - it: specify additional container and overwrite in additional agent release: namespace: default @@ -2310,8 +508,9 @@ tests: agent: additionalContainers: - sideContainerName: dind - image: docker - tag: dind + image: + repository: docker + tag: dind command: dockerd-entrypoint.sh args: "" privileged: true @@ -2320,162 +519,14 @@ tests: podName: additional-agent additionalContainers: - sideContainerName: additional - image: my-additional-container-image - tag: latest + image: + repository: my-additional-container-image + tag: latest command: entrypoint.sh args: arg1 arg2 asserts: - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: fbfed069d6bf26a9928c0f79915d3c7305b568f6ef29995524b476f2c98c0e42 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - - name: "dind" - alwaysPullImage: false - args: "" - command: dockerd-entrypoint.sh - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "docker:dind" - privileged: "true" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - - name: "additional-agent" - namespace: "default" - id: 4cb1b28f4fa92261fec428bc1245a39a065f21ca69ffe9715dd3f8e3a1fe395c - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - - name: "additional" - alwaysPullImage: false - args: "arg1 arg2" - command: entrypoint.sh - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "my-additional-container-image:latest" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - it: specify additional container and clear in additional agent release: namespace: default @@ -2483,8 +534,9 @@ tests: agent: additionalContainers: - sideContainerName: dind - image: docker - tag: dind + image: + repository: docker + tag: dind command: dockerd-entrypoint.sh args: "" privileged: true @@ -2493,139 +545,8 @@ tests: podName: additional-agent additionalContainers: [] asserts: - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: fbfed069d6bf26a9928c0f79915d3c7305b568f6ef29995524b476f2c98c0e42 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - - name: "dind" - alwaysPullImage: false - args: "" - command: dockerd-entrypoint.sh - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "docker:dind" - privileged: "true" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - - name: "additional-agent" - namespace: "default" - id: 7622a745faff6a9b15a36bd668a64af0e03904ca67eb2c5409228d8d323cfb36 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - it: configure hostnetworking to agent release: namespace: default @@ -2633,91 +554,8 @@ tests: agent: hostNetworking: true asserts: - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: f155ec0bd24ae05df7910efcc791774c117fc28a74b2bade56e74ccad456c7b0 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - hostNetwork: true - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - it: set secretEnvVars set: agent: @@ -2740,99 +578,8 @@ tests: - matchRegex: path: metadata.labels["helm.sh/chart"] pattern: ^jenkins- - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: 1a4088ba5aeb723cfa79c768d148ce06e93056e9b7464b5f15c6ccb92f7ffda7 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - envVars: - - envVar: - key: UNITTEST_ENV - value: testvalue - - secretEnvVar: - key: UNITTEST_PATH - secretName: k8s-unittest-secret-name - secretKey: UNITTEST_K8S_PATH - optional: false - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - it: set directConnection set: agent: @@ -2849,90 +596,10 @@ tests: - matchRegex: path: metadata.labels["helm.sh/chart"] pattern: ^jenkins- - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - directConnection: true - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: 539b908fac1ed185549b1a32e1254d10ba97d7d4bad3a0344a8a2a0bfc532850 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_DIRECT_CONNECTION" - value: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - - it: agents with liveness probe + + - it: agent with liveness probe set: agent: livenessProbe: @@ -2954,104 +621,16 @@ tests: - matchRegex: path: metadata.labels["helm.sh/chart"] pattern: ^jenkins- - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: 4631810ef8d23d3b61342d6c6dcf80552f812038c993b528331c23347bc10c39 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - livenessProbe: - execArgs: "cat /tmp/healthy" - failureThreshold: 3 - initialDelaySeconds: 0 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - it: agents with liveness probe set: agent: additionalContainers: - sideContainerName: side-container - image: IMAGE - tag: TAG + image: + repository: REPOSITORY + tag: TAG args: "" command: "" livenessProbe: @@ -3073,115 +652,8 @@ tests: - matchRegex: path: metadata.labels["helm.sh/chart"] pattern: ^jenkins- - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: f75348a7b0abec0b1d5ac55f823e64ebd76898d4ee4a7a9d0df845881d48617d - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - - name: "side-container" - alwaysPullImage: false - args: "" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "IMAGE:TAG" - livenessProbe: - execArgs: "cat /tmp/healthy" - failureThreshold: 3 - initialDelaySeconds: 0 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - it: additional clouds set: additionalClouds: @@ -3200,139 +672,8 @@ tests: - matchRegex: path: metadata.labels["helm.sh/chart"] pattern: ^jenkins- - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: 923e6d6b3128baaa56764f4b69d4c62b61e55d00f8170e3428f011148767dc99 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "remote-cloud-1" - namespace: "default" - serverUrl: "https://api.remote-cloud.com" - credentialsId: "remote-cloud-token" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: 923e6d6b3128baaa56764f4b69d4c62b61e55d00f8170e3428f011148767dc99 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - it: additional clouds inheriting additional agents set: additionalAgents: @@ -3340,8 +681,9 @@ tests: namespace: maven podName: maven customJenkinsLabels: maven - image: jenkins/jnlp-agent-maven - tag: latest + image: + repository: jenkins/jnlp-agent-maven + tag: latest additionalClouds: remote-cloud-1: kubernetesURL: https://api.remote-cloud.com @@ -3358,202 +700,8 @@ tests: - matchRegex: path: metadata.labels["helm.sh/chart"] pattern: ^jenkins- - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: 923e6d6b3128baaa56764f4b69d4c62b61e55d00f8170e3428f011148767dc99 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - - name: "maven" - namespace: "maven" - id: 77265108d78497ecf62874facf837d929a471b1d26e578bdf8cdf15bdea2403a - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/jnlp-agent-maven:latest" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent maven" - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "remote-cloud-1" - namespace: "default" - serverUrl: "https://api.remote-cloud.com" - credentialsId: "remote-cloud-token" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: 923e6d6b3128baaa56764f4b69d4c62b61e55d00f8170e3428f011148767dc99 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - - name: "maven" - namespace: "maven" - id: 77265108d78497ecf62874facf837d929a471b1d26e578bdf8cdf15bdea2403a - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/jnlp-agent-maven:latest" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent maven" - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - - it: additional clouds overriding additional agents set: additionalAgents: @@ -3561,8 +709,9 @@ tests: namespace: maven podName: maven customJenkinsLabels: maven - image: jenkins/jnlp-agent-maven - tag: latest + image: + repository: jenkins/jnlp-agent-maven + tag: latest additionalClouds: remote-cloud-1: kubernetesURL: https://api.remote-cloud.com @@ -3580,168 +729,5 @@ tests: - matchRegex: path: metadata.labels["helm.sh/chart"] pattern: ^jenkins- - - equal: + - matchSnapshot: path: data["jcasc-default-config.yaml"] - value: |- - jenkins: - authorizationStrategy: - loggedInUsersCanDoAnything: - allowAnonymousRead: false - securityRealm: - local: - allowsSignup: false - enableCaptcha: false - users: - - id: "${chart-admin-username}" - name: "Jenkins Admin" - password: "${chart-admin-password}" - disableRememberMe: false - mode: NORMAL - numExecutors: 0 - labelString: "" - projectNamingStrategy: "standard" - markupFormatter: - plainText - clouds: - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "kubernetes" - namespace: "default" - serverUrl: "https://kubernetes.default" - credentialsId: "" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: 923e6d6b3128baaa56764f4b69d4c62b61e55d00f8170e3428f011148767dc99 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - - name: "maven" - namespace: "maven" - id: 77265108d78497ecf62874facf837d929a471b1d26e578bdf8cdf15bdea2403a - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/jnlp-agent-maven:latest" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent maven" - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - - kubernetes: - containerCapStr: "10" - defaultsProviderTemplate: "" - connectTimeout: "5" - readTimeout: "15" - jenkinsUrl: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080" - jenkinsTunnel: "RELEASE-NAME-jenkins-agent.default.svc.cluster.local:50000" - maxRequestsPerHostStr: "32" - retentionTimeout: "5" - waitForPodSec: "600" - name: "remote-cloud-1" - namespace: "default" - serverUrl: "https://api.remote-cloud.com" - credentialsId: "remote-cloud-token" - podLabels: - - key: "jenkins/RELEASE-NAME-jenkins-agent" - value: "true" - templates: - - name: "default" - namespace: "default" - id: 923e6d6b3128baaa56764f4b69d4c62b61e55d00f8170e3428f011148767dc99 - containers: - - name: "jnlp" - alwaysPullImage: false - args: "^${computer.jnlpmac} ^${computer.name}" - command: - envVars: - - envVar: - key: "JENKINS_URL" - value: "http://RELEASE-NAME-jenkins.default.svc.cluster.local:8080/" - image: "jenkins/inbound-agent:3192.v713e3b_039fb_e-5" - privileged: "false" - resourceLimitCpu: 512m - resourceLimitMemory: 512Mi - resourceRequestCpu: 512m - resourceRequestMemory: 512Mi - runAsUser: - runAsGroup: - ttyEnabled: false - workingDir: /home/jenkins/agent - idleMinutes: 0 - instanceCap: 2147483647 - label: "RELEASE-NAME-jenkins-agent " - nodeUsageMode: "NORMAL" - podRetention: Never - showRawYaml: true - serviceAccount: "default" - slaveConnectTimeoutStr: "100" - yamlMergeStrategy: override - crumbIssuer: - standard: - excludeClientIPFromCrumb: true - security: - apiToken: - creationOfLegacyTokenEnabled: false - tokenGenerationOnCreationEnabled: false - usageStatisticsEnabled: true - unclassified: - location: - adminAddress: - url: http://RELEASE-NAME-jenkins:8080 - diff --git a/charts/jenkins/unittests/jenkins-backup-cronjob-test.yaml b/charts/jenkins/unittests/jenkins-backup-cronjob-test.yaml deleted file mode 100644 index e1dd18fba..000000000 --- a/charts/jenkins/unittests/jenkins-backup-cronjob-test.yaml +++ /dev/null @@ -1,62 +0,0 @@ -suite: Jenkins Backup Cronjob -release: - name: my-release - namespace: my-namespace -templates: - - jenkins-backup-cronjob.yaml -tests: - - it: test default values - set: - backup: - enabled: true - asserts: - - isKind: - of: CronJob - - equal: - path: spec.jobTemplate.spec.template.spec.securityContext - value: - fsGroup: 1000 - runAsUser: 1000 - - it: test empty backup.podSecurityContextOverride - set: - backup: - enabled: true - podSecurityContextOverride: {} - asserts: - - equal: - path: spec.jobTemplate.spec.template.spec.securityContext - value: {} - - it: test backup.podSecurityContextOverride - set: - backup: - enabled: true - podSecurityContextOverride: - runAsNonRoot: true - runAsUser: 4444 - supplementalGroups: [5555] - asserts: - - equal: - path: spec.jobTemplate.spec.template.spec.securityContext - value: - runAsNonRoot: true - runAsUser: 4444 - supplementalGroups: - - 5555 - - it: test empty backup.imagePullSecretName - set: - backup: - enabled: true - imagePullSecretName: - asserts: - - isNull: - path: spec.jobTemplate.spec.template.spec.imagePullSecrets - - it: test backup.imagePullSecretName - set: - backup: - enabled: true - imagePullSecretName: my-secret - asserts: - - equal: - path: spec.jobTemplate.spec.template.spec.imagePullSecrets - value: - - name: my-secret diff --git a/charts/jenkins/unittests/jenkins-controller-statefulset-test.yaml b/charts/jenkins/unittests/jenkins-controller-statefulset-test.yaml index 4d731d22e..ff655c937 100644 --- a/charts/jenkins/unittests/jenkins-controller-statefulset-test.yaml +++ b/charts/jenkins/unittests/jenkins-controller-statefulset-test.yaml @@ -35,219 +35,8 @@ tests: matchLabels: app.kubernetes.io/component: jenkins-controller app.kubernetes.io/instance: my-release - - equal: + - matchSnapshot: path: spec - value: - serviceName: my-release-jenkins - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: jenkins-controller - app.kubernetes.io/instance: my-release - template: - metadata: - annotations: - checksum/config: d07ed80fe87695afb403730897369275917d5984231041cbd3b8960d6b230aa2 - labels: - app.kubernetes.io/component: jenkins-controller - app.kubernetes.io/instance: my-release - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: jenkins - spec: - containers: - - args: - - --httpPort=8080 - env: - - name: SECRETS - value: /run/secrets/additional - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: JAVA_OPTS - value: "-Dcasc.reload.token=$(POD_NAME) " - - name: JENKINS_OPTS - value: "--webroot=/var/jenkins_cache/war " - - name: JENKINS_SLAVE_AGENT_PORT - value: "50000" - - name: CASC_JENKINS_CONFIG - value: /var/jenkins_home/casc_configs - image: jenkins/jenkins:2.426.3-jdk17 - imagePullPolicy: Always - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - livenessProbe: - failureThreshold: 5 - httpGet: - path: /login - port: http - periodSeconds: 10 - timeoutSeconds: 5 - name: jenkins - ports: - - containerPort: 8080 - name: http - - containerPort: 50000 - name: agent-listener - readinessProbe: - failureThreshold: 3 - httpGet: - path: /login - port: http - periodSeconds: 10 - timeoutSeconds: 5 - resources: - limits: - cpu: 2000m - memory: 4096Mi - requests: - cpu: 50m - memory: 256Mi - startupProbe: - httpGet: - path: "/login" - port: http - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 12 - volumeMounts: - - mountPath: /var/jenkins_home - name: jenkins-home - readOnly: false - - mountPath: /var/jenkins_config - name: jenkins-config - readOnly: true - - mountPath: /usr/share/jenkins/ref/plugins/ - name: plugin-dir - readOnly: false - - mountPath: /var/jenkins_home/casc_configs - name: sc-config-volume - - mountPath: /run/secrets/additional - name: jenkins-secrets - readOnly: true - - mountPath: /var/jenkins_cache - name: jenkins-cache - - mountPath: /tmp - name: tmp-volume - - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: LABEL - value: my-release-jenkins-jenkins-config - - name: FOLDER - value: /var/jenkins_home/casc_configs - - name: NAMESPACE - value: my-namespace - - name: REQ_URL - value: http://localhost:8080/reload-configuration-as-code/?casc-reload-token=$(POD_NAME) - - name: REQ_METHOD - value: POST - - name: REQ_RETRY_CONNECT - value: "10" - image: kiwigrid/k8s-sidecar:1.24.4 - imagePullPolicy: IfNotPresent - securityContext: - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - name: config-reload - resources: {} - volumeMounts: - - mountPath: /var/jenkins_home/casc_configs - name: sc-config-volume - - mountPath: /var/jenkins_home - name: jenkins-home - initContainers: - - name: config-reload-init - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: LABEL - value: my-release-jenkins-jenkins-config - - name: FOLDER - value: /var/jenkins_home/casc_configs - - name: NAMESPACE - value: my-namespace - - name: METHOD - value: LIST - image: kiwigrid/k8s-sidecar:1.24.4 - imagePullPolicy: IfNotPresent - resources: {} - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /var/jenkins_home/casc_configs - name: sc-config-volume - - mountPath: /var/jenkins_home - name: jenkins-home - - name: init - command: - - sh - - /var/jenkins_config/apply_config.sh - image: jenkins/jenkins:2.426.3-jdk17 - imagePullPolicy: Always - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - resources: - limits: - cpu: 2000m - memory: 4096Mi - requests: - cpu: 50m - memory: 256Mi - volumeMounts: - - mountPath: /var/jenkins_home - name: jenkins-home - - mountPath: /var/jenkins_config - name: jenkins-config - - mountPath: /usr/share/jenkins/ref/plugins - name: plugins - - mountPath: /var/jenkins_plugins - name: plugin-dir - - mountPath: /tmp - name: tmp-volume - securityContext: - fsGroup: 1000 - runAsUser: 1000 - runAsNonRoot: true - serviceAccountName: my-release-jenkins - volumes: - - emptyDir: {} - name: plugins - - configMap: - name: my-release-jenkins - name: jenkins-config - - emptyDir: {} - name: plugin-dir - - name: jenkins-secrets - projected: - sources: - - secret: - name: my-release-jenkins - items: - - key: jenkins-admin-user - path: chart-admin-username - - key: jenkins-admin-password - path: chart-admin-password - - emptyDir: {} - name: jenkins-cache - - name: jenkins-home - persistentVolumeClaim: - claimName: my-release-jenkins - - emptyDir: {} - name: sc-config-volume - - emptyDir: {} - name: tmp-volume - it: test different values template: jenkins-controller-statefulset.yaml capabilities: @@ -363,42 +152,41 @@ tests: - it: configure image tag template: jenkins-controller-statefulset.yaml set: - controller.tag: 2.426.3-slim - controller.imagePullPolicy: IfNotPresent + controller.image.tag: slim + controller.image.pullPolicy: IfNotPresent asserts: - equal: path: spec.template.spec.containers[0].image - value: jenkins/jenkins:2.426.3-slim + value: docker.io/jenkins/jenkins:slim - equal: path: spec.template.spec.containers[0].imagePullPolicy value: IfNotPresent - it: configure image tag label template: jenkins-controller-statefulset.yaml set: - controller.tagLabel: alpine + controller.image.tagLabel: alpine asserts: - - equal: + - matchSnapshot: path: spec.template.spec.containers[0].image - value: jenkins/jenkins:2.426.3-alpine - it: configure empty image tag label template: jenkins-controller-statefulset.yaml set: - controller.tagLabel: + controller.image.tagLabel: asserts: - - equal: + - matchSnapshot: path: spec.template.spec.containers[0].image - value: jenkins/jenkins:2.426.3 - it: custom image template: jenkins-controller-statefulset.yaml set: controller: - image: registry/image - tag: my-tag + image: + repository: registry/image + tag: my-tag javaOpts: -Dio.jenkins.plugins.kubernetes.disableNoDelayProvisioning=true asserts: - equal: path: spec.template.spec.containers[0].image - value: registry/image:my-tag + value: docker.io/registry/image:my-tag - contains: path: spec.template.spec.containers[0].env content: diff --git a/charts/jenkins/unittests/secret-test.yaml b/charts/jenkins/unittests/secret-test.yaml index 9cf3301f0..67e93436a 100644 --- a/charts/jenkins/unittests/secret-test.yaml +++ b/charts/jenkins/unittests/secret-test.yaml @@ -30,7 +30,7 @@ tests: path: data.jenkins-admin-password - it: set admin password set: - controller.adminPassword: secret + controller.admin.password: secret asserts: - equal: path: data.jenkins-admin-user @@ -51,8 +51,7 @@ tests: app.kubernetes.io/name: jenkins - it: disable set: - controller: - adminSecret: false + controller.admin.createSecret: false asserts: - hasDocuments: count: 0 diff --git a/charts/jenkins/values.yaml b/charts/jenkins/values.yaml index 6de17156a..4322e0e06 100644 --- a/charts/jenkins/values.yaml +++ b/charts/jenkins/values.yaml @@ -24,10 +24,12 @@ renderHelmLabels: true controller: # Used for label app.kubernetes.io/component componentName: "jenkins-controller" - image: "jenkins/jenkins" - # tag: "2.426.3-jdk17" - tagLabel: jdk17 - imagePullPolicy: "Always" + image: + registry: "docker.io" + repository: "jenkins/jenkins" + # tag: "2.426.3-jdk17" + tagLabel: jdk17 + pullPolicy: "Always" imagePullSecretName: # Optionally configure lifetime for controller-container lifecycle: @@ -43,20 +45,23 @@ controller: # This is ignored if enableRawHtmlMarkupFormatter is true markupFormatter: plainText customJenkinsLabels: [] - # The default configuration uses this secret to configure an admin user - # If you don't need that user or use a different security realm then you can disable it - adminSecret: true hostNetworking: false # When enabling LDAP or another non-Jenkins identity source, the built-in admin account will no longer exist. # If you disable the non-Jenkins identity store and instead use the Jenkins internal one, - # you should revert controller.adminUser to your preferred admin user: - adminUser: "admin" - # adminPassword: + # you should revert controller.admin.username to your preferred admin user: admin: - existingSecret: "" + username: "admin" + # password: + userKey: jenkins-admin-user passwordKey: jenkins-admin-password + + # The default configuration uses this secret to configure an admin user + # If you don't need that user or use a different security realm then you can disable it + createSecret: true + existingSecret: "" + # This values should not be changed unless you use your custom image of jenkins or any devired from. If you want to use # Cloudbees Jenkins Distribution docker, you should set jenkinsHome: "/var/cloudbees-jenkins-distribution" jenkinsHome: "/var/jenkins_home" @@ -359,7 +364,7 @@ controller: # Optionally specify additional init-containers customInitContainers: [] # - name: custom-init - # image: "alpine:3.7" + # image: "alpine:3" # imagePullPolicy: Always # command: [ "uname", "-a" ] @@ -369,7 +374,10 @@ controller: # jcasc changes will cause a reboot and will only be applied at the subsequent start-up. Auto-reload uses the # http:///reload-configuration-as-code endpoint to reapply config when changes to the configScripts are detected. enabled: true - image: kiwigrid/k8s-sidecar:1.24.4 + image: + registry: docker.io + repository: kiwigrid/k8s-sidecar + tag: 1.24.4 imagePullPolicy: IfNotPresent resources: {} # limits: @@ -399,8 +407,8 @@ controller: readOnlyRootFilesystem: true allowPrivilegeEscalation: false - # Allows you to inject additional/other sidecars - other: [] + # Allows you to inject additional sidecars + additionalSidecarContainers: [] ## The example below runs the client for https://smee.io as sidecar container next to Jenkins, ## that allows to trigger build behind a secure firewall. ## https://jenkins.io/blog/2019/01/07/webhook-firewalls/#triggering-builds-with-webhooks-behind-a-secure-firewall @@ -638,8 +646,9 @@ agent: namespace: # private registry for agent image jnlpregistry: - image: "jenkins/inbound-agent" - tag: "3192.v713e3b_039fb_e-5" + image: + repository: "jenkins/inbound-agent" + tag: "3192.v713e3b_039fb_e-5" workingDir: "/home/jenkins/agent" nodeUsageMode: "NORMAL" customJenkinsLabels: [] @@ -791,8 +800,9 @@ agent: # Containers specified here are added to all agents. Set key empty to remove container from additional agents. additionalContainers: [] # - sideContainerName: dind - # image: docker - # tag: dind + # image: + # repository: docker + # tag: dind # command: dockerd-entrypoint.sh # args: "" # privileged: true @@ -840,14 +850,16 @@ additionalAgents: {} # customJenkinsLabels: maven # # An example of overriding the jnlp container # # sideContainerName: jnlp -# image: jenkins/jnlp-agent-maven -# tag: latest +# image: +# repository: jenkins/jnlp-agent-maven +# tag: latest # python: # podName: python # customJenkinsLabels: python # sideContainerName: python -# image: python -# tag: "3" +# image: +# repository: python +# tag: "3" # command: "/bin/sh -c" # args: "cat" # TTYEnabled: true @@ -867,8 +879,9 @@ additionalClouds: {} # customJenkinsLabels: maven # # An example of overriding the jnlp container # # sideContainerName: jnlp -# image: jenkins/jnlp-agent-maven -# tag: latest +# image: +# repository: jenkins/jnlp-agent-maven +# tag: latest # namespace: my-other-maven-namespace # remote-cloud-2: # kubernetesURL: https://api.remote-cloud.com @@ -945,76 +958,6 @@ serviceAccountAgent: extraLabels: {} imagePullSecretName: -## Backup cronjob configuration -## Ref: https://github.com/maorfr/kube-tasks -backup: - # Backup must use RBAC - # So by enabling backup you are enabling RBAC specific for backup - enabled: false - # Used for label app.kubernetes.io/component - componentName: "backup" - # Schedule to run jobs. Must be in cron time format - # Ref: https://crontab.guru/ - schedule: "0 2 * * *" - labels: {} - serviceAccount: - create: true - name: - annotations: {} - # Example for authorization to AWS S3 using kube2iam or IRSA - # Can also be done using environment variables - # iam.amazonaws.com/role: "jenkins" - # "eks.amazonaws.com/role-arn": "arn:aws:iam::123456789012:role/jenkins-backup" - # Set this to terminate the job that is running/failing continously and set the job status to "Failed" - activeDeadlineSeconds: "" - image: - repository: "maorfr/kube-tasks" - tag: "0.2.0" - imagePullSecretName: - # Additional arguments for kube-tasks - # Ref: https://github.com/maorfr/kube-tasks#simple-backup - extraArgs: [] - # Add existingSecret for AWS credentials - existingSecret: {} - ## Example for using an existing secret - # jenkinsaws: - ## Use this key for AWS access key ID - # awsaccesskey: jenkins_aws_access_key - ## Use this key for AWS secret access key - # awssecretkey: jenkins_aws_secret_key - # Add additional environment variables - # jenkinsgcp: - ## Use this key for GCP credentials - # gcpcredentials: credentials.json - env: [] - # Example environment variable required for AWS credentials chain - # - name: "AWS_REGION" - # value: "us-east-1" - resources: - requests: - memory: 1Gi - cpu: 1 - limits: - memory: 1Gi - cpu: 1 - # Destination to store the backup artifacts - # Supported cloud storage services: AWS S3, Minio S3, Azure Blob Storage, Google Cloud Storage - # Additional support can added. Visit this repository for details - # Ref: https://github.com/maorfr/skbn - destination: "s3://jenkins-data/backup" - # By enabling only the jenkins_home/jobs folder gets backed up, not the whole jenkins instance - onlyJobs: false - # Enable backup pod security context (must be `true` if runAsUser or fsGroup are set) - usePodSecurityContext: true - # When setting runAsUser to a different value than 0 also set fsGroup to the same value: - runAsUser: 1000 - fsGroup: 1000 - securityContextCapabilities: {} - # drop: - # - NET_RAW -cronJob: - apiVersion: batch/v1 - checkDeprecation: true awsSecurityGroupPolicies: @@ -1029,5 +972,7 @@ helmtest: # A testing framework for bash bats: # Bash Automated Testing System (BATS) - image: "bats/bats" - tag: "1.9.0" + image: + registry: "docker.io" + repository: "bats/bats" + tag: "1.9.0"