deploy-templates/templates/jenkins-deployment.yaml (149 lines of code) (raw):
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
app: jenkins
{{- include "jenkins-operator.metaLabels" . | nindent 4 }}
{{- with .Values.jenkins.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
name: jenkins
spec:
replicas: 1
selector:
matchLabels:
app: jenkins
template:
metadata:
labels:
app: jenkins
annotations:
{{- if ne .Values.cloudProvider "AWS" }}
backup.velero.io/backup-volumes: jenkins-data
{{- end }}
sidecar.istio.io/inject: "false"
spec:
volumes:
- name: jenkins-data
persistentVolumeClaim:
claimName: jenkins-data
- name: logging-properties
configMap:
name: jenkins-logging-properties
- name: gerrit-ciuser-sshkey
secret:
secretName: gerrit-ciuser-sshkey
items:
- key: id_rsa
path: id_rsa
mode: 400
defaultMode: 400
initContainers:
- name: grant-permissions
image: {{ .Values.jenkins.initImage.name }}
command:
- sh
- '-c'
- >-
JENKINS_HOME="/var/lib/jenkins"; mkdir -p $JENKINS_HOME/.ssh; if [
-d /tmp/ssh ];then chmod 777 -R $JENKINS_HOME/.ssh; cat
/tmp/ssh/id_rsa > $JENKINS_HOME/.ssh/id_rsa;chmod 400
$JENKINS_HOME/.ssh/id_rsa; if [ -e $JENKINS_HOME/.ssh/config ];
then chmod 400 -fR $JENKINS_HOME/.ssh/config; fi; fi
resources: {}
volumeMounts:
- name: jenkins-data
mountPath: /var/lib/jenkins
- name: gerrit-ciuser-sshkey
readOnly: true
mountPath: /tmp/ssh
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
securityContext:
runAsUser: 999
runAsGroup: 998
containers:
- name: jenkins
image: {{ template "imageRegistry" . }}{{ .Values.jenkins.image.name }}:{{ .Values.jenkins.image.version }}
ports:
- containerPort: 8080
protocol: TCP
env:
- name: CI_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: OPENSHIFT_ENABLE_OAUTH
value: 'false'
- name: OPENSHIFT_ENABLE_REDIRECT_PROMPT
value: 'true'
- name: KUBERNETES_MASTER
value: 'https://kubernetes.default:443'
- name: KUBERNETES_TRUST_CERTIFICATES
value: 'true'
- name: JNLP_SERVICE_NAME
value: jenkins-jnlp
- name: JENKINS_PASSWORD
valueFrom:
secretKeyRef:
name: jenkins-admin-password
key: password
- name: JENKINS_UI_URL
value: https://{{ include "jenkins-operator.jenkinsBaseUrl" . }}
- name: JENKINS_OPTS
value: '--requestHeaderSize=32768'
- name: PLATFORM_TYPE
value: openshift
resources:
requests:
memory: 500Mi
volumeMounts:
- name: jenkins-data
mountPath: /var/lib/jenkins
- name: logging-properties
mountPath: /var/lib/jenkins/logging.properties
subPath: logging.properties
readinessProbe:
httpGet:
path: /login
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 10
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: Always
securityContext:
runAsUser: 999
runAsGroup: 998
{{- with .Values.jenkins.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.jenkins.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.jenkins.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
serviceAccountName: {{ .Values.jenkins.serviceAccountName }}
securityContext:
runAsNonRoot: true
fsGroup: 0
runAsUser: 999
schedulerName: default-scheduler
strategy:
type: Recreate
revisionHistoryLimit: 10
progressDeadlineSeconds: 600