2025-12-19 18:31:48 -03:00
# services/jenkins/configmap-jcasc.yaml
apiVersion : v1
kind : ConfigMap
metadata :
name : jenkins-jcasc
namespace : jenkins
data :
securityrealm.yaml : |
jenkins :
securityRealm :
oic :
clientId : "${OIDC_CLIENT_ID}"
clientSecret : "${OIDC_CLIENT_SECRET}"
serverConfiguration :
wellKnown :
wellKnownOpenIDConfigurationUrl : "${OIDC_ISSUER}/.well-known/openid-configuration"
scopesOverride : "openid profile email"
logoutFromOpenIdProvider : true
postLogoutRedirectUrl : "https://ci.bstein.dev"
sendScopesInTokenRequest : true
2026-01-20 09:37:21 -03:00
rootURLFromRequest : false
2025-12-19 18:31:48 -03:00
userNameField : "preferred_username"
fullNameFieldName : "name"
emailFieldName : "email"
groupsFieldName : "groups"
authorization.yaml : |
jenkins :
authorizationStrategy :
loggedInUsersCanDoAnything :
allowAnonymousRead : false
creds.yaml : |
credentials :
system :
domainCredentials :
- credentials :
- usernamePassword :
scope : GLOBAL
id : gitea-pat
username : "${GITEA_PAT_USERNAME}"
password : "${GITEA_PAT_TOKEN}"
description : "Gitea PAT for pipelines"
- usernamePassword :
scope : GLOBAL
id : harbor-robot
username : "${HARBOR_ROBOT_USERNAME}"
password : "${HARBOR_ROBOT_PASSWORD}"
description : "Harbor robot for pipelines"
2026-04-19 22:40:56 -03:00
- usernamePassword :
scope : GLOBAL
id : harbor-robot-streaming
username : "${HARBOR_STREAMING_ROBOT_USERNAME}"
password : "${HARBOR_STREAMING_ROBOT_PASSWORD}"
description : "Harbor robot for streaming pushes"
2026-04-21 19:42:43 -03:00
- string :
scope : GLOBAL
id : sonarqube-token
secret : "${SONARQUBE_TOKEN}"
description : "SonarQube token for quality-gate evidence collection"
2025-12-19 18:31:48 -03:00
jobs.yaml : |
jobs :
- script : |
pipelineJob('harbor-arm-build') {
2026-01-20 10:59:51 -03:00
properties {
pipelineTriggers {
triggers {
2026-01-20 11:14:29 -03:00
scmTrigger {
2026-01-20 11:23:06 -03:00
scmpoll_spec('H/5 * * * *')
2026-01-20 11:14:29 -03:00
ignorePostCommitHooks(false)
}
2026-01-20 10:59:51 -03:00
}
}
2025-12-19 18:31:48 -03:00
}
definition {
cpsScm {
scm {
git {
remote {
url('https://scm.bstein.dev/bstein/harbor-arm-build.git')
credentials('gitea-pat')
}
branches('*/master')
}
}
}
}
}
pipelineJob('bstein-dev-home') {
2026-01-20 10:59:51 -03:00
properties {
pipelineTriggers {
triggers {
2026-01-20 11:14:29 -03:00
scmTrigger {
2026-01-20 11:23:06 -03:00
scmpoll_spec('H/2 * * * *')
2026-01-20 11:14:29 -03:00
ignorePostCommitHooks(false)
}
2026-05-09 23:18:32 -03:00
cron {
2026-06-04 20:38:02 -03:00
spec('H H/12 * * *')
2026-05-09 23:18:32 -03:00
}
2026-01-20 10:59:51 -03:00
}
}
2025-12-19 18:31:48 -03:00
}
definition {
cpsScm {
scm {
git {
remote {
url('https://scm.bstein.dev/bstein/bstein-dev-home.git')
credentials('gitea-pat')
}
branches('*/master')
}
}
scriptPath('Jenkinsfile')
}
}
}
2026-01-20 03:30:48 -03:00
pipelineJob('ariadne') {
2026-01-20 10:59:51 -03:00
properties {
pipelineTriggers {
triggers {
2026-01-20 11:14:29 -03:00
scmTrigger {
2026-01-20 11:23:06 -03:00
scmpoll_spec('H/2 * * * *')
2026-01-20 11:14:29 -03:00
ignorePostCommitHooks(false)
}
2026-05-09 23:18:32 -03:00
cron {
2026-06-04 20:38:02 -03:00
spec('H H/12 * * *')
2026-05-09 23:18:32 -03:00
}
2026-01-20 10:59:51 -03:00
}
}
2026-01-20 03:30:48 -03:00
}
definition {
cpsScm {
scm {
git {
remote {
url('https://scm.bstein.dev/bstein/ariadne.git')
credentials('gitea-pat')
}
branches('*/master')
}
}
scriptPath('Jenkinsfile')
}
}
}
2026-04-10 16:38:55 -03:00
pipelineJob('metis') {
2026-04-10 05:19:25 -03:00
properties {
pipelineTriggers {
triggers {
scmTrigger {
scmpoll_spec('H/5 * * * *')
ignorePostCommitHooks(false)
}
2026-05-09 23:18:32 -03:00
cron {
2026-06-04 20:38:02 -03:00
spec('H H/12 * * *')
2026-05-09 23:18:32 -03:00
}
2026-04-10 05:19:25 -03:00
}
}
}
definition {
cpsScm {
scm {
git {
remote {
2026-04-10 16:38:55 -03:00
url('https://scm.bstein.dev/bstein/metis.git')
2026-04-10 05:19:25 -03:00
credentials('gitea-pat')
}
2026-04-10 16:38:55 -03:00
branches('*/master')
2026-04-10 05:19:25 -03:00
}
}
scriptPath('Jenkinsfile')
}
}
}
2026-04-10 16:38:55 -03:00
pipelineJob('ananke') {
2026-03-31 15:03:55 -03:00
properties {
pipelineTriggers {
triggers {
scmTrigger {
scmpoll_spec('H/5 * * * *')
ignorePostCommitHooks(false)
}
2026-05-09 23:18:32 -03:00
cron {
2026-06-04 20:38:02 -03:00
spec('H H/12 * * *')
2026-05-09 23:18:32 -03:00
}
2026-03-31 15:03:55 -03:00
}
}
}
definition {
cpsScm {
scm {
git {
remote {
2026-04-10 16:38:55 -03:00
url('https://scm.bstein.dev/bstein/ananke.git')
2026-03-31 15:03:55 -03:00
credentials('gitea-pat')
}
2026-04-10 16:38:55 -03:00
branches('*/main')
2026-03-31 15:03:55 -03:00
}
}
scriptPath('Jenkinsfile')
}
}
}
2026-04-10 16:38:55 -03:00
pipelineJob('lesavka') {
2026-04-10 03:26:51 -03:00
properties {
pipelineTriggers {
triggers {
scmTrigger {
scmpoll_spec('H/5 * * * *')
ignorePostCommitHooks(false)
}
2026-05-16 13:48:01 -03:00
cron {
spec('H H * * *')
}
2026-04-10 03:26:51 -03:00
}
}
}
definition {
cpsScm {
scm {
git {
remote {
2026-04-10 16:38:55 -03:00
url('https://scm.bstein.dev/bstein/lesavka.git')
2026-04-10 03:26:51 -03:00
credentials('gitea-pat')
}
2026-04-10 16:38:55 -03:00
branches('*/master')
2026-04-10 03:26:51 -03:00
}
}
scriptPath('Jenkinsfile')
}
}
}
2026-04-19 14:18:41 -03:00
pipelineJob('arcanagon') {
properties {
pipelineTriggers {
triggers {
scmTrigger {
scmpoll_spec('H/5 * * * *')
ignorePostCommitHooks(false)
}
}
}
}
definition {
cpsScm {
scm {
git {
remote {
url('https://scm.bstein.dev/bstein/arcanagon.git')
credentials('gitea-pat')
}
branches('*/master')
}
}
scriptPath('Jenkinsfile')
}
}
}
2026-04-10 16:38:55 -03:00
pipelineJob('pegasus') {
2026-01-20 10:59:51 -03:00
properties {
pipelineTriggers {
triggers {
2026-01-20 11:14:29 -03:00
scmTrigger {
2026-01-20 11:23:06 -03:00
scmpoll_spec('H/5 * * * *')
2026-01-20 11:14:29 -03:00
ignorePostCommitHooks(false)
}
2026-05-09 23:18:32 -03:00
cron {
2026-06-04 20:38:02 -03:00
spec('H H/12 * * *')
2026-05-09 23:18:32 -03:00
}
2026-01-20 10:59:51 -03:00
}
}
2026-01-10 05:01:17 -03:00
}
definition {
cpsScm {
scm {
git {
remote {
2026-04-10 16:38:55 -03:00
url('https://scm.bstein.dev/bstein/pegasus.git')
2026-01-10 05:01:17 -03:00
credentials('gitea-pat')
}
2026-04-10 05:19:25 -03:00
branches('*/main')
2026-01-10 05:01:17 -03:00
}
}
2026-04-10 16:38:55 -03:00
scriptPath('Jenkinsfile')
2026-04-12 04:35:12 -03:00
}
}
}
pipelineJob('atlasbot') {
properties {
pipelineTriggers {
triggers {
scmTrigger {
scmpoll_spec('H/5 * * * *')
ignorePostCommitHooks(false)
}
2026-05-09 23:18:32 -03:00
cron {
2026-06-04 20:38:02 -03:00
spec('H H/12 * * *')
2026-05-09 23:18:32 -03:00
}
2026-04-12 04:35:12 -03:00
}
}
}
definition {
cpsScm {
scm {
git {
remote {
url('https://scm.bstein.dev/bstein/atlasbot.git')
credentials('gitea-pat')
}
branches('*/main')
}
}
scriptPath('Jenkinsfile')
}
}
}
pipelineJob('soteria') {
properties {
pipelineTriggers {
triggers {
scmTrigger {
scmpoll_spec('H/5 * * * *')
ignorePostCommitHooks(false)
}
2026-05-09 23:18:32 -03:00
cron {
2026-06-04 20:38:02 -03:00
spec('H H/12 * * *')
2026-05-09 23:18:32 -03:00
}
2026-04-12 04:35:12 -03:00
}
}
}
definition {
cpsScm {
scm {
git {
remote {
url('https://scm.bstein.dev/bstein/soteria.git')
credentials('gitea-pat')
}
branches('*/main')
}
}
scriptPath('Jenkinsfile')
2026-01-10 05:01:17 -03:00
}
}
}
2026-04-10 16:38:55 -03:00
pipelineJob('data-prepper') {
2026-04-10 05:19:25 -03:00
properties {
pipelineTriggers {
triggers {
scmTrigger {
scmpoll_spec('H/5 * * * *')
ignorePostCommitHooks(false)
}
2026-05-09 23:18:32 -03:00
cron {
2026-06-04 20:38:02 -03:00
spec('H H/12 * * *')
2026-05-09 23:18:32 -03:00
}
2026-04-10 05:19:25 -03:00
}
}
}
definition {
cpsScm {
scm {
git {
remote {
2026-04-10 16:38:55 -03:00
url('https://scm.bstein.dev/bstein/titan-iac.git')
2026-04-10 05:19:25 -03:00
credentials('gitea-pat')
}
2026-04-12 05:26:45 -03:00
branches('*/main')
2026-04-10 05:19:25 -03:00
}
}
2026-04-10 16:38:55 -03:00
scriptPath('services/logging/Jenkinsfile.data-prepper')
2026-04-10 05:19:25 -03:00
}
}
}
2026-04-10 17:12:46 -03:00
pipelineJob('titan-iac') {
properties {
pipelineTriggers {
triggers {
scmTrigger {
scmpoll_spec('H/5 * * * *')
ignorePostCommitHooks(false)
}
2026-05-09 23:18:32 -03:00
cron {
2026-06-04 20:38:02 -03:00
spec('H H/12 * * *')
2026-05-09 23:18:32 -03:00
}
2026-04-10 17:12:46 -03:00
}
}
}
definition {
cpsScm {
scm {
git {
remote {
url('https://scm.bstein.dev/bstein/titan-iac.git')
credentials('gitea-pat')
}
branches('*/main')
}
}
scriptPath('Jenkinsfile')
}
}
}
2026-04-13 03:35:39 -03:00
pipelineJob('typhon') {
properties {
pipelineTriggers {
triggers {
scmTrigger {
scmpoll_spec('H/5 * * * *')
ignorePostCommitHooks(false)
}
2026-05-16 15:37:11 -03:00
cron {
spec('H H * * *')
}
2026-04-13 03:35:39 -03:00
}
}
}
definition {
cpsScm {
scm {
git {
remote {
url('https://scm.bstein.dev/bstein/typhon.git')
credentials('gitea-pat')
}
branches('*/main')
}
}
scriptPath('Jenkinsfile')
}
}
}
2026-06-09 00:46:46 -03:00
pipelineJob('veles') {
disabled(true)
description('Staged Veles alpha image pipeline. Backend/frontend should build linux/amd64 and linux/arm64; sim-worker may begin amd64-only if Forge dependencies require it.')
definition {
cpsScm {
scm {
git {
remote {
url('https://scm.bstein.dev/bstein/veles.git')
credentials('gitea-pat')
}
branches('*/main')
}
}
scriptPath('Jenkinsfile')
}
}
}
2026-01-20 10:15:33 -03:00
multibranchPipelineJob('titan-iac-quality-gate') {
branchSources {
branchSource {
source {
2026-01-18 21:23:11 -03:00
git {
2026-01-20 10:15:33 -03:00
id('titan-iac-quality-gate')
remote('https://scm.bstein.dev/bstein/titan-iac.git')
credentialsId('gitea-pat')
2026-01-18 21:23:11 -03:00
}
}
2026-01-20 10:15:33 -03:00
}
}
factory {
workflowBranchProjectFactory {
2026-01-18 21:23:11 -03:00
scriptPath('ci/Jenkinsfile.titan-iac')
}
}
2026-01-20 10:15:33 -03:00
orphanedItemStrategy {
discardOldItems {
numToKeep(30)
}
}
triggers {
periodicFolderTrigger {
interval('12h')
}
}
configure { node ->
2026-01-20 10:31:30 -03:00
def webhookToken = System.getenv('TITAN_IAC_WEBHOOK_TOKEN') ? : ''
2026-01-20 10:15:33 -03:00
def triggers = node / 'triggers'
2026-01-20 10:31:30 -03:00
def webhook = triggers.appendNode('com.igalg.jenkins.plugins.mswt.trigger.ComputedFolderWebHookTrigger')
webhook.appendNode('token', webhookToken)
2026-01-20 10:15:33 -03:00
}
2026-01-18 21:23:11 -03:00
}
2025-12-19 18:31:48 -03:00
base.yaml : |
jenkins :
disableRememberMe : false
mode : NORMAL
numExecutors : 0
labelString : ""
projectNamingStrategy : "standard"
markupFormatter :
plainText
clouds :
- kubernetes :
2026-05-20 06:33:12 -03:00
containerCapStr : "5"
2026-05-10 02:17:30 -03:00
connectTimeout : "20"
readTimeout : "90"
2025-12-19 18:31:48 -03:00
jenkinsUrl : "http://jenkins.jenkins.svc.cluster.local:8080"
2025-12-20 18:42:16 -03:00
jenkinsTunnel : "jenkins.jenkins.svc.cluster.local:50000"
2025-12-19 18:31:48 -03:00
skipTlsVerify : false
maxRequestsPerHostStr : "32"
retentionTimeout : "5"
waitForPodSec : "600"
name : "kubernetes"
namespace : "jenkins"
restrictedPssSecurityContext : false
serverUrl : "https://kubernetes.default"
credentialsId : ""
podLabels :
- key : "jenkins/jenkins-jenkins-agent"
value : "true"
templates :
- name : "default"
namespace : "jenkins"
2026-01-20 17:04:24 -03:00
workspaceVolume :
2026-04-19 14:18:41 -03:00
dynamicPVC :
accessModes : "ReadWriteOnce"
requestsSize : "20Gi"
storageClassName : "astreae"
2025-12-19 18:31:48 -03:00
containers :
- name : "jnlp"
args : "^${computer.jnlpmac} ^${computer.name}"
envVars :
- envVar :
key : "JENKINS_URL"
value : "http://jenkins.jenkins.svc.cluster.local:8080/"
image : "jenkins/inbound-agent:3355.v388858a_47b_33-3"
privileged : "false"
resourceLimitCpu : 512m
resourceLimitMemory : 512Mi
resourceRequestCpu : 512m
resourceRequestMemory : 512Mi
ttyEnabled : false
workingDir : /home/jenkins/agent
idleMinutes : 0
instanceCap : 2147483647
2026-04-19 14:18:41 -03:00
label : "jenkins-jenkins-agent "
2025-12-19 18:31:48 -03:00
nodeUsageMode : "NORMAL"
podRetention : Never
2025-12-20 18:08:30 -03:00
serviceAccount : "jenkins"
2025-12-19 18:31:48 -03:00
slaveConnectTimeoutStr : "100"
2026-04-21 20:48:02 -03:00
yaml : |
spec :
2026-05-10 03:24:51 -03:00
nodeSelector :
kubernetes.io/arch : arm64
node-role.kubernetes.io/worker : "true"
2026-04-21 20:48:02 -03:00
affinity :
nodeAffinity :
2026-05-10 03:24:51 -03:00
requiredDuringSchedulingIgnoredDuringExecution :
nodeSelectorTerms :
- matchExpressions :
- key : kubernetes.io/hostname
operator : NotIn
values :
- titan-06
2026-04-21 20:48:02 -03:00
preferredDuringSchedulingIgnoredDuringExecution :
- weight : 100
preference :
matchExpressions :
- key : atlas.bstein.dev/spillover
operator : DoesNotExist
- weight : 95
preference :
matchExpressions :
- key : kubernetes.io/hostname
operator : NotIn
values :
- titan-13
- titan-15
- titan-17
- titan-19
- weight : 85
preference :
matchExpressions :
- key : hardware
operator : In
values :
- rpi5
2026-05-19 23:30:34 -03:00
- weight : 45
preference :
matchExpressions :
- key : hardware
operator : In
values :
- rpi4
2026-04-21 20:48:02 -03:00
topologySpreadConstraints :
- maxSkew : 1
topologyKey : kubernetes.io/hostname
2026-05-20 06:53:29 -03:00
whenUnsatisfiable : ScheduleAnyway
2026-04-21 20:48:02 -03:00
labelSelector :
matchLabels :
jenkins/jenkins-jenkins-agent : "true"
2025-12-19 18:31:48 -03:00
yamlMergeStrategy : override
inheritYamlMergeStrategy : false
slaveAgentPort : 50000
crumbIssuer :
standard :
excludeClientIPFromCrumb : true
2026-01-20 09:37:21 -03:00
unclassified :
location :
url : "https://ci.bstein.dev/"
