diff --git a/dockerfiles/Dockerfile.data-prepper b/dockerfiles/Dockerfile.data-prepper new file mode 100644 index 0000000..b33c18c --- /dev/null +++ b/dockerfiles/Dockerfile.data-prepper @@ -0,0 +1,16 @@ +FROM --platform=$BUILDPLATFORM opensearchproject/data-prepper:2.8.0 AS source + +FROM --platform=$TARGETPLATFORM eclipse-temurin:17-jre + +ENV DATA_PREPPER_PATH=/usr/share/data-prepper + +RUN useradd -u 10001 -M -U -d / -s /usr/sbin/nologin data_prepper \ + && mkdir -p /var/log/data-prepper + +COPY --from=source /usr/share/data-prepper /usr/share/data-prepper + +RUN chown -R 10001:10001 /usr/share/data-prepper /var/log/data-prepper + +USER 10001 +WORKDIR /usr/share/data-prepper +CMD ["bin/data-prepper"] diff --git a/services/jenkins/configmap-jcasc.yaml b/services/jenkins/configmap-jcasc.yaml index f72f6aa..2c188db 100644 --- a/services/jenkins/configmap-jcasc.yaml +++ b/services/jenkins/configmap-jcasc.yaml @@ -120,6 +120,25 @@ data: } } } + pipelineJob('data-prepper') { + triggers { + scm('H/5 * * * *') + } + definition { + cpsScm { + scm { + git { + remote { + url('https://scm.bstein.dev/bstein/titan-iac.git') + credentials('gitea-pat') + } + branches('*/feature/sso-hardening') + } + } + scriptPath('services/logging/Jenkinsfile.data-prepper') + } + } + } base.yaml: | jenkins: disableRememberMe: false diff --git a/services/logging/Jenkinsfile.data-prepper b/services/logging/Jenkinsfile.data-prepper new file mode 100644 index 0000000..ce7e3bd --- /dev/null +++ b/services/logging/Jenkinsfile.data-prepper @@ -0,0 +1,83 @@ +pipeline { + agent { + kubernetes { + yaml """ +apiVersion: v1 +kind: Pod +spec: + restartPolicy: Never + serviceAccountName: jenkins + nodeSelector: + hardware: rpi5 + node-role.kubernetes.io/worker: "true" + containers: + - name: git + image: alpine/git:2.47.1 + command: + - cat + tty: true + - name: kaniko + image: gcr.io/kaniko-project/executor:v1.23.2 + command: + - /busybox/cat + tty: true + resources: + requests: + cpu: "500m" + memory: "1Gi" + limits: + cpu: "1500m" + memory: "2Gi" +""" + } + } + options { + timestamps() + } + parameters { + string(name: 'HARBOR_REPO', defaultValue: 'registry.bstein.dev/monitoring/data-prepper', description: 'Docker repository for Data Prepper') + string(name: 'IMAGE_TAG', defaultValue: '2.8.0', description: 'Image tag to publish') + booleanParam(name: 'PUSH_LATEST', defaultValue: true, description: 'Also push the latest tag') + } + stages { + stage('Checkout') { + steps { + container('git') { + checkout scm + } + } + } + stage('Build & Push') { + steps { + container('kaniko') { + withCredentials([usernamePassword(credentialsId: 'harbor-robot', usernameVariable: 'HARBOR_USERNAME', passwordVariable: 'HARBOR_PASSWORD')]) { + sh ''' + set -euo pipefail + mkdir -p /kaniko/.docker + ref_host="$(echo "${HARBOR_REPO}" | cut -d/ -f1)" + auth="$(printf "%s:%s" "${HARBOR_USERNAME}" "${HARBOR_PASSWORD}" | base64 | tr -d '\\n')" + cat > /kaniko/.docker/config.json <