229 lines
7.0 KiB
YAML
229 lines
7.0 KiB
YAML
# services/jenkins/configmap-jcasc.yaml
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: jenkins-jcasc
|
|
namespace: jenkins
|
|
data:
|
|
securityrealm.yaml: |
|
|
jenkins:
|
|
securityRealm:
|
|
oic:
|
|
clientId: "${OIDC_CLIENT_ID}"
|
|
clientSecret: "${OIDC_CLIENT_SECRET}"
|
|
serverConfiguration:
|
|
wellKnown:
|
|
wellKnownOpenIDConfigurationUrl: "${OIDC_ISSUER}/.well-known/openid-configuration"
|
|
scopesOverride: "openid profile email"
|
|
logoutFromOpenIdProvider: true
|
|
postLogoutRedirectUrl: "https://ci.bstein.dev"
|
|
sendScopesInTokenRequest: true
|
|
rootURLFromRequest: true
|
|
userNameField: "preferred_username"
|
|
fullNameFieldName: "name"
|
|
emailFieldName: "email"
|
|
groupsFieldName: "groups"
|
|
authorization.yaml: |
|
|
jenkins:
|
|
authorizationStrategy:
|
|
loggedInUsersCanDoAnything:
|
|
allowAnonymousRead: false
|
|
creds.yaml: |
|
|
credentials:
|
|
system:
|
|
domainCredentials:
|
|
- credentials:
|
|
- usernamePassword:
|
|
scope: GLOBAL
|
|
id: gitea-pat
|
|
username: "${GITEA_PAT_USERNAME}"
|
|
password: "${GITEA_PAT_TOKEN}"
|
|
description: "Gitea PAT for pipelines"
|
|
- usernamePassword:
|
|
scope: GLOBAL
|
|
id: harbor-robot
|
|
username: "${HARBOR_ROBOT_USERNAME}"
|
|
password: "${HARBOR_ROBOT_PASSWORD}"
|
|
description: "Harbor robot for pipelines"
|
|
jobs.yaml: |
|
|
jobs:
|
|
- script: |
|
|
pipelineJob('harbor-arm-build') {
|
|
triggers {
|
|
scm('H/5 * * * *')
|
|
}
|
|
definition {
|
|
cpsScm {
|
|
scm {
|
|
git {
|
|
remote {
|
|
url('https://scm.bstein.dev/bstein/harbor-arm-build.git')
|
|
credentials('gitea-pat')
|
|
}
|
|
branches('*/master')
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
pipelineJob('jellyfin-oidc-plugin') {
|
|
definition {
|
|
cpsScm {
|
|
scm {
|
|
git {
|
|
remote {
|
|
url('https://scm.bstein.dev/bstein/titan-iac.git')
|
|
credentials('gitea-pat')
|
|
}
|
|
branches('*/main')
|
|
}
|
|
}
|
|
scriptPath('services/jellyfin/oidc/Jenkinsfile')
|
|
}
|
|
}
|
|
}
|
|
pipelineJob('ci-demo') {
|
|
triggers {
|
|
scm('H/1 * * * *')
|
|
}
|
|
definition {
|
|
cpsScm {
|
|
scm {
|
|
git {
|
|
remote {
|
|
url('https://scm.bstein.dev/bstein/ci-demo.git')
|
|
credentials('gitea-pat')
|
|
}
|
|
branches('*/master')
|
|
}
|
|
}
|
|
scriptPath('Jenkinsfile')
|
|
}
|
|
}
|
|
}
|
|
pipelineJob('bstein-dev-home') {
|
|
triggers {
|
|
scm('H/2 * * * *')
|
|
}
|
|
definition {
|
|
cpsScm {
|
|
scm {
|
|
git {
|
|
remote {
|
|
url('https://scm.bstein.dev/bstein/bstein-dev-home.git')
|
|
credentials('gitea-pat')
|
|
}
|
|
branches('*/master')
|
|
}
|
|
}
|
|
scriptPath('Jenkinsfile')
|
|
}
|
|
}
|
|
}
|
|
pipelineJob('data-prepper') {
|
|
triggers {
|
|
scm('H/5 * * * *')
|
|
}
|
|
definition {
|
|
cpsScm {
|
|
scm {
|
|
git {
|
|
remote {
|
|
url('https://scm.bstein.dev/bstein/titan-iac.git')
|
|
credentials('gitea-pat')
|
|
}
|
|
branches('*/feature/sso-hardening')
|
|
}
|
|
}
|
|
scriptPath('services/logging/Jenkinsfile.data-prepper')
|
|
}
|
|
}
|
|
}
|
|
multibranchPipelineJob('titan-iac-quality-gate') {
|
|
branchSources {
|
|
branchSource {
|
|
source {
|
|
git {
|
|
id('titan-iac-quality-gate')
|
|
remote('https://scm.bstein.dev/bstein/titan-iac.git')
|
|
credentialsId('gitea-pat')
|
|
}
|
|
}
|
|
}
|
|
}
|
|
factory {
|
|
workflowBranchProjectFactory {
|
|
scriptPath('ci/Jenkinsfile.titan-iac')
|
|
}
|
|
}
|
|
orphanedItemStrategy {
|
|
discardOldItems {
|
|
numToKeep(30)
|
|
}
|
|
}
|
|
triggers {
|
|
periodicFolderTrigger {
|
|
interval('12h')
|
|
}
|
|
}
|
|
}
|
|
base.yaml: |
|
|
jenkins:
|
|
disableRememberMe: false
|
|
mode: NORMAL
|
|
numExecutors: 0
|
|
labelString: ""
|
|
projectNamingStrategy: "standard"
|
|
markupFormatter:
|
|
plainText
|
|
clouds:
|
|
- kubernetes:
|
|
containerCapStr: "10"
|
|
connectTimeout: "5"
|
|
readTimeout: "15"
|
|
jenkinsUrl: "http://jenkins.jenkins.svc.cluster.local:8080"
|
|
jenkinsTunnel: "jenkins.jenkins.svc.cluster.local:50000"
|
|
skipTlsVerify: false
|
|
maxRequestsPerHostStr: "32"
|
|
retentionTimeout: "5"
|
|
waitForPodSec: "600"
|
|
name: "kubernetes"
|
|
namespace: "jenkins"
|
|
restrictedPssSecurityContext: false
|
|
serverUrl: "https://kubernetes.default"
|
|
credentialsId: ""
|
|
podLabels:
|
|
- key: "jenkins/jenkins-jenkins-agent"
|
|
value: "true"
|
|
templates:
|
|
- name: "default"
|
|
namespace: "jenkins"
|
|
containers:
|
|
- name: "jnlp"
|
|
args: "^${computer.jnlpmac} ^${computer.name}"
|
|
envVars:
|
|
- envVar:
|
|
key: "JENKINS_URL"
|
|
value: "http://jenkins.jenkins.svc.cluster.local:8080/"
|
|
image: "jenkins/inbound-agent:3355.v388858a_47b_33-3"
|
|
privileged: "false"
|
|
resourceLimitCpu: 512m
|
|
resourceLimitMemory: 512Mi
|
|
resourceRequestCpu: 512m
|
|
resourceRequestMemory: 512Mi
|
|
ttyEnabled: false
|
|
workingDir: /home/jenkins/agent
|
|
idleMinutes: 0
|
|
instanceCap: 2147483647
|
|
label: "jenkins-jenkins-agent "
|
|
nodeUsageMode: "NORMAL"
|
|
podRetention: Never
|
|
serviceAccount: "jenkins"
|
|
slaveConnectTimeoutStr: "100"
|
|
yamlMergeStrategy: override
|
|
inheritYamlMergeStrategy: false
|
|
slaveAgentPort: 50000
|
|
crumbIssuer:
|
|
standard:
|
|
excludeClientIPFromCrumb: true
|