From 7dcfd5f6cfe039571370f28016c797a4d81a1183 Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Wed, 17 Dec 2025 02:23:54 -0300 Subject: [PATCH] jenkins: stop JCasC resetting OIDC --- services/jenkins/helmrelease.yaml | 73 ++++++++++++++++++++++++++++++- 1 file changed, 72 insertions(+), 1 deletion(-) diff --git a/services/jenkins/helmrelease.yaml b/services/jenkins/helmrelease.yaml index 226ae4e..38115f9 100644 --- a/services/jenkins/helmrelease.yaml +++ b/services/jenkins/helmrelease.yaml @@ -102,7 +102,7 @@ spec: - -c - | set -euo pipefail - rm -f /var/jenkins_home/casc_configs/*.yaml || true + rm -f /var/jenkins_home/casc_configs/* || true securityContext: runAsNonRoot: true runAsUser: 1000 @@ -160,7 +160,78 @@ spec: throw e } JCasC: + defaultConfig: false configScripts: + base.yaml: | + jenkins: + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://jenkins.jenkins.svc.cluster.local:8080" + jenkinsTunnel: "jenkins-agent.jenkins.svc.cluster.local:50000" + skipTlsVerify: false + usageRestricted: false + maxRequestsPerHostStr: "32" + retentionTimeout: "5" + waitForPodSec: "600" + name: "kubernetes" + namespace: "jenkins" + restrictedPssSecurityContext: false + serverUrl: "https://kubernetes.default" + credentialsId: "" + podLabels: + - key: "jenkins/jenkins-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "jenkins" + id: a23c9bbcd21e360a77d51b426f05bd7b8032d8fdedd6ffb97c436883ce6c5ffa + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://jenkins.jenkins.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:3355.v388858a_47b_33-3" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "jenkins-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + inheritYamlMergeStrategy: false + slaveAgentPort: 50000 + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: creds.yaml: | credentials: system: