bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
titan-iac/services/jenkins/deployment.yaml

196 lines
5.6 KiB
YAML
Raw Blame History

# services/jenkins/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: jenkins
labels:
app: jenkins
spec:
replicas: 1
selector:
matchLabels:
app: jenkins
strategy:
type: Recreate
template:
metadata:
labels:
app: jenkins
spec:
serviceAccountName: jenkins
nodeSelector:
kubernetes.io/arch: arm64
node-role.kubernetes.io/worker: "true"
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 90
preference:
matchExpressions:
- key: hardware
operator: In
values: ["rpi5"]
- weight: 50
preference:
matchExpressions:
- key: hardware
operator: In
values: ["rpi4"]
hostAliases:
- ip: 38.28.125.112
hostnames:
- sso.bstein.dev
securityContext:
fsGroup: 1000
initContainers:
- name: install-plugins
image: jenkins/jenkins:2.528.3-jdk21
imagePullPolicy: IfNotPresent
command:
- sh
- -c
- |
set -euo pipefail
jenkins-plugin-cli --plugin-file /plugins/plugins.txt
volumeMounts:
- name: plugins
mountPath: /plugins/plugins.txt
subPath: plugins.txt
- name: plugin-dir
mountPath: /usr/share/jenkins/ref/plugins
containers:
- name: jenkins
image: jenkins/jenkins:2.528.3-jdk21
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
- name: agent-listener
containerPort: 50000
env:
- name: JAVA_OPTS
value: "-Xms512m -Xmx2048m"
- name: JENKINS_OPTS
value: "--webroot=/var/jenkins_cache/war"
- name: JENKINS_SLAVE_AGENT_PORT
value: "50000"
- name: CASC_JENKINS_CONFIG
value: /config/jcasc
- name: ENABLE_OIDC
value: "true"
- name: OIDC_ISSUER
value: "https://sso.bstein.dev/realms/atlas"
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: jenkins-oidc
key: clientId
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: jenkins-oidc
key: clientSecret
- name: OIDC_AUTH_URL
valueFrom:
secretKeyRef:
name: jenkins-oidc
key: authorizationUrl
- name: OIDC_TOKEN_URL
valueFrom:
secretKeyRef:
name: jenkins-oidc
key: tokenUrl
- name: OIDC_USERINFO_URL
valueFrom:
secretKeyRef:
name: jenkins-oidc
key: userInfoUrl
- name: OIDC_LOGOUT_URL
valueFrom:
secretKeyRef:
name: jenkins-oidc
key: logoutUrl
- name: HARBOR_ROBOT_USERNAME
valueFrom:
secretKeyRef:
name: harbor-robot-creds
key: username
- name: HARBOR_ROBOT_PASSWORD
valueFrom:
secretKeyRef:
name: harbor-robot-creds
key: password
- name: GITEA_PAT_USERNAME
valueFrom:
secretKeyRef:
name: gitea-pat
key: username
- name: GITEA_PAT_TOKEN
valueFrom:
secretKeyRef:
name: gitea-pat
key: token
resources:
requests:
cpu: 750m
memory: 1536Mi
limits:
cpu: 1500m
memory: 3Gi
livenessProbe:
httpGet:
path: /login
port: http
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
readinessProbe:
httpGet:
path: /login
port: http
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
startupProbe:
httpGet:
path: /login
port: http
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 20
volumeMounts:
- name: jenkins-home
mountPath: /var/jenkins_home
- name: jenkins-cache
mountPath: /var/jenkins_cache
- name: jcasc
mountPath: /config/jcasc
- name: init-scripts
mountPath: /usr/share/jenkins/ref/init.groovy.d
- name: plugin-dir
mountPath: /usr/share/jenkins/ref/plugins
- name: tmp
mountPath: /tmp
volumes:
- name: jenkins-home
persistentVolumeClaim:
claimName: jenkins
- name: jenkins-cache
emptyDir: {}
- name: plugin-dir
emptyDir: {}
- name: plugins
configMap:
name: jenkins-plugins
- name: jcasc
configMap:
name: jenkins-jcasc
- name: init-scripts
configMap:
name: jenkins-init-scripts
- name: tmp
emptyDir: {}
Reference in New Issue View Git Blame Copy Permalink