# services/jenkins/configmap-jcasc.yaml apiVersion: v1 kind: ConfigMap metadata: name: jenkins-jcasc namespace: jenkins data: securityrealm.yaml: | jenkins: securityRealm: oic: clientId: "${OIDC_CLIENT_ID}" clientSecret: "${OIDC_CLIENT_SECRET}" serverConfiguration: wellKnown: wellKnownOpenIDConfigurationUrl: "${OIDC_ISSUER}/.well-known/openid-configuration" scopesOverride: "openid profile email" logoutFromOpenIdProvider: true postLogoutRedirectUrl: "https://ci.bstein.dev" sendScopesInTokenRequest: true rootURLFromRequest: true userNameField: "preferred_username" fullNameFieldName: "name" emailFieldName: "email" groupsFieldName: "groups" authorization.yaml: | jenkins: authorizationStrategy: loggedInUsersCanDoAnything: allowAnonymousRead: false creds.yaml: | credentials: system: domainCredentials: - credentials: - usernamePassword: scope: GLOBAL id: gitea-pat username: "${GITEA_PAT_USERNAME}" password: "${GITEA_PAT_TOKEN}" description: "Gitea PAT for pipelines" - usernamePassword: scope: GLOBAL id: harbor-robot username: "${HARBOR_ROBOT_USERNAME}" password: "${HARBOR_ROBOT_PASSWORD}" description: "Harbor robot for pipelines" jobs.yaml: | jobs: - script: | pipelineJob('harbor-arm-build') { triggers { scm('H/5 * * * *') } definition { cpsScm { scm { git { remote { url('https://scm.bstein.dev/bstein/harbor-arm-build.git') credentials('gitea-pat') } branches('*/master') } } } } } pipelineJob('jellyfin-oidc-plugin') { definition { cpsScm { scm { git { remote { url('https://scm.bstein.dev/bstein/titan-iac.git') credentials('gitea-pat') } branches('*/main') } } scriptPath('services/jellyfin/oidc/Jenkinsfile') } } } pipelineJob('ci-demo') { triggers { scm('H/1 * * * *') } definition { cpsScm { scm { git { remote { url('https://scm.bstein.dev/bstein/ci-demo.git') credentials('gitea-pat') } branches('*/master') } } scriptPath('Jenkinsfile') } } } pipelineJob('bstein-dev-home') { triggers { scm('H/2 * * * *') } definition { cpsScm { scm { git { remote { url('https://scm.bstein.dev/bstein/bstein-dev-home.git') credentials('gitea-pat') } branches('*/master') } } scriptPath('Jenkinsfile') } } } pipelineJob('data-prepper') { triggers { scm('H/5 * * * *') } definition { cpsScm { scm { git { remote { url('https://scm.bstein.dev/bstein/titan-iac.git') credentials('gitea-pat') } branches('*/feature/sso-hardening') } } scriptPath('services/logging/Jenkinsfile.data-prepper') } } } pipelineJob('titan-iac-quality-gate') { triggers { scm('H/5 * * * *') } definition { cpsScm { scm { git { remote { url('https://scm.bstein.dev/bstein/titan-iac.git') credentials('gitea-pat') } branches('*/feature/ariadne') } } scriptPath('ci/Jenkinsfile.titan-iac') } } } base.yaml: | jenkins: disableRememberMe: false mode: NORMAL numExecutors: 0 labelString: "" projectNamingStrategy: "standard" markupFormatter: plainText clouds: - kubernetes: containerCapStr: "10" connectTimeout: "5" readTimeout: "15" jenkinsUrl: "http://jenkins.jenkins.svc.cluster.local:8080" jenkinsTunnel: "jenkins.jenkins.svc.cluster.local:50000" skipTlsVerify: false maxRequestsPerHostStr: "32" retentionTimeout: "5" waitForPodSec: "600" name: "kubernetes" namespace: "jenkins" restrictedPssSecurityContext: false serverUrl: "https://kubernetes.default" credentialsId: "" podLabels: - key: "jenkins/jenkins-jenkins-agent" value: "true" templates: - name: "default" namespace: "jenkins" containers: - name: "jnlp" args: "^${computer.jnlpmac} ^${computer.name}" envVars: - envVar: key: "JENKINS_URL" value: "http://jenkins.jenkins.svc.cluster.local:8080/" image: "jenkins/inbound-agent:3355.v388858a_47b_33-3" privileged: "false" resourceLimitCpu: 512m resourceLimitMemory: 512Mi resourceRequestCpu: 512m resourceRequestMemory: 512Mi ttyEnabled: false workingDir: /home/jenkins/agent idleMinutes: 0 instanceCap: 2147483647 label: "jenkins-jenkins-agent " nodeUsageMode: "NORMAL" podRetention: Never serviceAccount: "jenkins" slaveConnectTimeoutStr: "100" yamlMergeStrategy: override inheritYamlMergeStrategy: false slaveAgentPort: 50000 crumbIssuer: standard: excludeClientIPFromCrumb: true