2025-12-19 18:31:48 -03:00
|
|
|
# services/jenkins/configmap-jcasc.yaml
|
|
|
|
|
apiVersion: v1
|
|
|
|
|
kind: ConfigMap
|
|
|
|
|
metadata:
|
|
|
|
|
name: jenkins-jcasc
|
|
|
|
|
namespace: jenkins
|
|
|
|
|
data:
|
|
|
|
|
securityrealm.yaml: |
|
|
|
|
|
jenkins:
|
|
|
|
|
securityRealm:
|
|
|
|
|
oic:
|
|
|
|
|
clientId: "${OIDC_CLIENT_ID}"
|
|
|
|
|
clientSecret: "${OIDC_CLIENT_SECRET}"
|
|
|
|
|
serverConfiguration:
|
|
|
|
|
wellKnown:
|
|
|
|
|
wellKnownOpenIDConfigurationUrl: "${OIDC_ISSUER}/.well-known/openid-configuration"
|
|
|
|
|
scopesOverride: "openid profile email"
|
|
|
|
|
logoutFromOpenIdProvider: true
|
|
|
|
|
postLogoutRedirectUrl: "https://ci.bstein.dev"
|
|
|
|
|
sendScopesInTokenRequest: true
|
2026-01-20 09:37:21 -03:00
|
|
|
rootURLFromRequest: false
|
2025-12-19 18:31:48 -03:00
|
|
|
userNameField: "preferred_username"
|
|
|
|
|
fullNameFieldName: "name"
|
|
|
|
|
emailFieldName: "email"
|
|
|
|
|
groupsFieldName: "groups"
|
|
|
|
|
authorization.yaml: |
|
|
|
|
|
jenkins:
|
|
|
|
|
authorizationStrategy:
|
|
|
|
|
loggedInUsersCanDoAnything:
|
|
|
|
|
allowAnonymousRead: false
|
|
|
|
|
creds.yaml: |
|
|
|
|
|
credentials:
|
|
|
|
|
system:
|
|
|
|
|
domainCredentials:
|
|
|
|
|
- credentials:
|
|
|
|
|
- usernamePassword:
|
|
|
|
|
scope: GLOBAL
|
|
|
|
|
id: gitea-pat
|
|
|
|
|
username: "${GITEA_PAT_USERNAME}"
|
|
|
|
|
password: "${GITEA_PAT_TOKEN}"
|
|
|
|
|
description: "Gitea PAT for pipelines"
|
|
|
|
|
- usernamePassword:
|
|
|
|
|
scope: GLOBAL
|
|
|
|
|
id: harbor-robot
|
|
|
|
|
username: "${HARBOR_ROBOT_USERNAME}"
|
|
|
|
|
password: "${HARBOR_ROBOT_PASSWORD}"
|
|
|
|
|
description: "Harbor robot for pipelines"
|
|
|
|
|
jobs.yaml: |
|
|
|
|
|
jobs:
|
|
|
|
|
- script: |
|
|
|
|
|
pipelineJob('harbor-arm-build') {
|
2026-01-20 10:59:51 -03:00
|
|
|
properties {
|
|
|
|
|
pipelineTriggers {
|
|
|
|
|
triggers {
|
2026-01-20 11:14:29 -03:00
|
|
|
scmTrigger {
|
2026-01-20 11:23:06 -03:00
|
|
|
scmpoll_spec('H/5 * * * *')
|
2026-01-20 11:14:29 -03:00
|
|
|
ignorePostCommitHooks(false)
|
|
|
|
|
}
|
2026-01-20 10:59:51 -03:00
|
|
|
}
|
|
|
|
|
}
|
2025-12-19 18:31:48 -03:00
|
|
|
}
|
|
|
|
|
definition {
|
|
|
|
|
cpsScm {
|
|
|
|
|
scm {
|
|
|
|
|
git {
|
|
|
|
|
remote {
|
|
|
|
|
url('https://scm.bstein.dev/bstein/harbor-arm-build.git')
|
|
|
|
|
credentials('gitea-pat')
|
|
|
|
|
}
|
|
|
|
|
branches('*/master')
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2025-12-20 13:32:36 -03:00
|
|
|
pipelineJob('jellyfin-oidc-plugin') {
|
|
|
|
|
definition {
|
|
|
|
|
cpsScm {
|
|
|
|
|
scm {
|
|
|
|
|
git {
|
|
|
|
|
remote {
|
|
|
|
|
url('https://scm.bstein.dev/bstein/titan-iac.git')
|
|
|
|
|
credentials('gitea-pat')
|
|
|
|
|
}
|
2026-01-20 01:14:30 -03:00
|
|
|
branches('*/main')
|
2025-12-20 13:32:36 -03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
scriptPath('services/jellyfin/oidc/Jenkinsfile')
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2025-12-19 18:31:48 -03:00
|
|
|
pipelineJob('ci-demo') {
|
2026-01-20 10:59:51 -03:00
|
|
|
properties {
|
|
|
|
|
pipelineTriggers {
|
|
|
|
|
triggers {
|
2026-01-20 11:14:29 -03:00
|
|
|
scmTrigger {
|
2026-01-20 11:23:06 -03:00
|
|
|
scmpoll_spec('H/1 * * * *')
|
2026-01-20 11:14:29 -03:00
|
|
|
ignorePostCommitHooks(false)
|
|
|
|
|
}
|
2026-01-20 10:59:51 -03:00
|
|
|
}
|
|
|
|
|
}
|
2025-12-19 18:31:48 -03:00
|
|
|
}
|
|
|
|
|
definition {
|
|
|
|
|
cpsScm {
|
|
|
|
|
scm {
|
|
|
|
|
git {
|
|
|
|
|
remote {
|
|
|
|
|
url('https://scm.bstein.dev/bstein/ci-demo.git')
|
|
|
|
|
credentials('gitea-pat')
|
|
|
|
|
}
|
|
|
|
|
branches('*/master')
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
scriptPath('Jenkinsfile')
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
pipelineJob('bstein-dev-home') {
|
2026-01-20 10:59:51 -03:00
|
|
|
properties {
|
|
|
|
|
pipelineTriggers {
|
|
|
|
|
triggers {
|
2026-01-20 11:14:29 -03:00
|
|
|
scmTrigger {
|
2026-01-20 11:23:06 -03:00
|
|
|
scmpoll_spec('H/2 * * * *')
|
2026-01-20 11:14:29 -03:00
|
|
|
ignorePostCommitHooks(false)
|
|
|
|
|
}
|
2026-01-20 10:59:51 -03:00
|
|
|
}
|
|
|
|
|
}
|
2025-12-19 18:31:48 -03:00
|
|
|
}
|
|
|
|
|
definition {
|
|
|
|
|
cpsScm {
|
|
|
|
|
scm {
|
|
|
|
|
git {
|
|
|
|
|
remote {
|
|
|
|
|
url('https://scm.bstein.dev/bstein/bstein-dev-home.git')
|
|
|
|
|
credentials('gitea-pat')
|
|
|
|
|
}
|
|
|
|
|
branches('*/master')
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
scriptPath('Jenkinsfile')
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2026-01-20 03:30:48 -03:00
|
|
|
pipelineJob('ariadne') {
|
2026-01-20 10:59:51 -03:00
|
|
|
properties {
|
|
|
|
|
pipelineTriggers {
|
|
|
|
|
triggers {
|
2026-01-20 11:14:29 -03:00
|
|
|
scmTrigger {
|
2026-01-20 11:23:06 -03:00
|
|
|
scmpoll_spec('H/2 * * * *')
|
2026-01-20 11:14:29 -03:00
|
|
|
ignorePostCommitHooks(false)
|
|
|
|
|
}
|
2026-01-20 10:59:51 -03:00
|
|
|
}
|
|
|
|
|
}
|
2026-01-20 03:30:48 -03:00
|
|
|
}
|
|
|
|
|
definition {
|
|
|
|
|
cpsScm {
|
|
|
|
|
scm {
|
|
|
|
|
git {
|
|
|
|
|
remote {
|
|
|
|
|
url('https://scm.bstein.dev/bstein/ariadne.git')
|
|
|
|
|
credentials('gitea-pat')
|
|
|
|
|
}
|
|
|
|
|
branches('*/master')
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
scriptPath('Jenkinsfile')
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2026-01-10 05:01:17 -03:00
|
|
|
pipelineJob('data-prepper') {
|
2026-01-20 10:59:51 -03:00
|
|
|
properties {
|
|
|
|
|
pipelineTriggers {
|
|
|
|
|
triggers {
|
2026-01-20 11:14:29 -03:00
|
|
|
scmTrigger {
|
2026-01-20 11:23:06 -03:00
|
|
|
scmpoll_spec('H/5 * * * *')
|
2026-01-20 11:14:29 -03:00
|
|
|
ignorePostCommitHooks(false)
|
|
|
|
|
}
|
2026-01-20 10:59:51 -03:00
|
|
|
}
|
|
|
|
|
}
|
2026-01-10 05:01:17 -03:00
|
|
|
}
|
|
|
|
|
definition {
|
|
|
|
|
cpsScm {
|
|
|
|
|
scm {
|
|
|
|
|
git {
|
|
|
|
|
remote {
|
|
|
|
|
url('https://scm.bstein.dev/bstein/titan-iac.git')
|
|
|
|
|
credentials('gitea-pat')
|
|
|
|
|
}
|
|
|
|
|
branches('*/feature/sso-hardening')
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
scriptPath('services/logging/Jenkinsfile.data-prepper')
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2026-01-20 10:15:33 -03:00
|
|
|
multibranchPipelineJob('titan-iac-quality-gate') {
|
|
|
|
|
branchSources {
|
|
|
|
|
branchSource {
|
|
|
|
|
source {
|
2026-01-18 21:23:11 -03:00
|
|
|
git {
|
2026-01-20 10:15:33 -03:00
|
|
|
id('titan-iac-quality-gate')
|
|
|
|
|
remote('https://scm.bstein.dev/bstein/titan-iac.git')
|
|
|
|
|
credentialsId('gitea-pat')
|
2026-01-18 21:23:11 -03:00
|
|
|
}
|
|
|
|
|
}
|
2026-01-20 10:15:33 -03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
factory {
|
|
|
|
|
workflowBranchProjectFactory {
|
2026-01-18 21:23:11 -03:00
|
|
|
scriptPath('ci/Jenkinsfile.titan-iac')
|
|
|
|
|
}
|
|
|
|
|
}
|
2026-01-20 10:15:33 -03:00
|
|
|
orphanedItemStrategy {
|
|
|
|
|
discardOldItems {
|
|
|
|
|
numToKeep(30)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
triggers {
|
|
|
|
|
periodicFolderTrigger {
|
|
|
|
|
interval('12h')
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
configure { node ->
|
2026-01-20 10:31:30 -03:00
|
|
|
def webhookToken = System.getenv('TITAN_IAC_WEBHOOK_TOKEN') ?: ''
|
2026-01-20 10:15:33 -03:00
|
|
|
def triggers = node / 'triggers'
|
2026-01-20 10:31:30 -03:00
|
|
|
def webhook = triggers.appendNode('com.igalg.jenkins.plugins.mswt.trigger.ComputedFolderWebHookTrigger')
|
|
|
|
|
webhook.appendNode('token', webhookToken)
|
2026-01-20 10:15:33 -03:00
|
|
|
}
|
2026-01-18 21:23:11 -03:00
|
|
|
}
|
2025-12-19 18:31:48 -03:00
|
|
|
base.yaml: |
|
|
|
|
|
jenkins:
|
|
|
|
|
disableRememberMe: false
|
|
|
|
|
mode: NORMAL
|
|
|
|
|
numExecutors: 0
|
|
|
|
|
labelString: ""
|
|
|
|
|
projectNamingStrategy: "standard"
|
|
|
|
|
markupFormatter:
|
|
|
|
|
plainText
|
|
|
|
|
clouds:
|
|
|
|
|
- kubernetes:
|
|
|
|
|
containerCapStr: "10"
|
|
|
|
|
connectTimeout: "5"
|
|
|
|
|
readTimeout: "15"
|
|
|
|
|
jenkinsUrl: "http://jenkins.jenkins.svc.cluster.local:8080"
|
2025-12-20 18:42:16 -03:00
|
|
|
jenkinsTunnel: "jenkins.jenkins.svc.cluster.local:50000"
|
2025-12-19 18:31:48 -03:00
|
|
|
skipTlsVerify: false
|
|
|
|
|
maxRequestsPerHostStr: "32"
|
|
|
|
|
retentionTimeout: "5"
|
|
|
|
|
waitForPodSec: "600"
|
|
|
|
|
name: "kubernetes"
|
|
|
|
|
namespace: "jenkins"
|
|
|
|
|
restrictedPssSecurityContext: false
|
|
|
|
|
serverUrl: "https://kubernetes.default"
|
|
|
|
|
credentialsId: ""
|
|
|
|
|
podLabels:
|
|
|
|
|
- key: "jenkins/jenkins-jenkins-agent"
|
|
|
|
|
value: "true"
|
|
|
|
|
templates:
|
|
|
|
|
- name: "default"
|
|
|
|
|
namespace: "jenkins"
|
|
|
|
|
containers:
|
|
|
|
|
- name: "jnlp"
|
|
|
|
|
args: "^${computer.jnlpmac} ^${computer.name}"
|
|
|
|
|
envVars:
|
|
|
|
|
- envVar:
|
|
|
|
|
key: "JENKINS_URL"
|
|
|
|
|
value: "http://jenkins.jenkins.svc.cluster.local:8080/"
|
|
|
|
|
image: "jenkins/inbound-agent:3355.v388858a_47b_33-3"
|
|
|
|
|
privileged: "false"
|
|
|
|
|
resourceLimitCpu: 512m
|
|
|
|
|
resourceLimitMemory: 512Mi
|
|
|
|
|
resourceRequestCpu: 512m
|
|
|
|
|
resourceRequestMemory: 512Mi
|
|
|
|
|
ttyEnabled: false
|
|
|
|
|
workingDir: /home/jenkins/agent
|
|
|
|
|
idleMinutes: 0
|
|
|
|
|
instanceCap: 2147483647
|
|
|
|
|
label: "jenkins-jenkins-agent "
|
|
|
|
|
nodeUsageMode: "NORMAL"
|
|
|
|
|
podRetention: Never
|
2025-12-20 18:08:30 -03:00
|
|
|
serviceAccount: "jenkins"
|
2025-12-19 18:31:48 -03:00
|
|
|
slaveConnectTimeoutStr: "100"
|
|
|
|
|
yamlMergeStrategy: override
|
|
|
|
|
inheritYamlMergeStrategy: false
|
|
|
|
|
slaveAgentPort: 50000
|
|
|
|
|
crumbIssuer:
|
|
|
|
|
standard:
|
|
|
|
|
excludeClientIPFromCrumb: true
|
2026-01-20 09:37:21 -03:00
|
|
|
unclassified:
|
|
|
|
|
location:
|
|
|
|
|
url: "https://ci.bstein.dev/"
|
