deploy-templates/templates/jenkins/deployment_config.yaml (151 lines of code) (raw):
{{if and (eq .Values.global.platform "openshift") (eq .Values.global.openshift.deploymentType "deploymentConfigs")}}
{{if .Values.jenkins.deploy}}
apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
labels:
app: jenkins
{{- include "jenkins-operator.labels" . | nindent 4 }}
{{- with .Values.jenkins.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
name: jenkins
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
app: jenkins
strategy:
activeDeadlineSeconds: 21600
recreateParams:
timeoutSeconds: 6000
resources: {}
type: Recreate
template:
metadata:
labels:
app: jenkins
spec:
containers:
- env:
- name: CI_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: OPENSHIFT_ENABLE_OAUTH
value: 'false'
- name: OPENSHIFT_ENABLE_REDIRECT_PROMPT
value: 'true'
- name: KUBERNETES_TRUST_CERTIFICATES
value: 'true'
- name: JNLP_SERVICE_NAME
value: jenkins-jnlp
- name: JENKINS_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: jenkins-admin-password
- name: JENKINS_UI_URL
value: https://{{ include "jenkins-operator.jenkinsBaseUrl" . }}
- name: JENKINS_OPTS
value: '--requestHeaderSize=32768'
- name: PLATFORM_TYPE
value: openshift
- name: JENKINS_JAVA_OPTIONS
value: {{ template "jenkins.jenkinsJavaOptions" . }}
image: {{.Values.jenkins.image}}:{{.Values.jenkins.version}}
imagePullPolicy: "{{ .Values.jenkins.imagePullPolicy }}"
name: edp-jenkins
ports:
- containerPort: 8080
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /login
port: 8080
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources:
requests:
memory: 500Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/lib/jenkins
name: jenkins-jenkins-data
{{- if .Values.jenkins.caCerts.enabled }}
- name: jenkins-jenkins-data
mountPath: /var/lib/jenkins/certs
subPath: certs
{{- end }}
{{- with .Values.jenkins.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.jenkins.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.jenkins.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: ClusterFirst
initContainers:
- command:
- sh
- '-c'
- >-
JENKINS_HOME="/var/lib/jenkins"; mkdir -p $JENKINS_HOME/.ssh; if [
-d /tmp/ssh ];then chmod 777 -R $JENKINS_HOME/.ssh; cat
/tmp/ssh/id_rsa > $JENKINS_HOME/.ssh/id_rsa;chmod 400
$JENKINS_HOME/.ssh/id_rsa; if [ -e $JENKINS_HOME/.ssh/config ];
then chmod 400 -fR $JENKINS_HOME/.ssh/config; fi; fi
image: {{.Values.jenkins.initImage}}
imagePullPolicy: "{{ .Values.jenkins.imagePullPolicy }}"
name: grant-permissions
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/lib/jenkins
name: jenkins-jenkins-data
{{- if .Values.jenkins.caCerts.enabled }}
- name: ca-certs
image: {{ default "adoptopenjdk/openjdk11:alpine" .Values.jenkins.caCerts.image }}
imagePullPolicy: {{ .Values.jenkins.imagePullPolicy }}
command: ["sh"]
args: ["-c", "cp -f \"${JAVA_HOME}/lib/security/cacerts\" /tmp/certs/cacerts; if [ \"$(ls /tmp/secrets/ca-certs)\" ]; then for f in /tmp/secrets/ca-certs/*; do keytool -importcert -file \"${f}\" -alias \"$(basename \"${f}\")\" -keystore /tmp/certs/cacerts -storepass changeit -trustcacerts -noprompt; done; fi;"]
volumeMounts:
- mountPath: /tmp/certs
name: jenkins-jenkins-data
subPath: certs
- mountPath: /tmp/secrets/ca-certs
name: ca-certs
{{- end }}
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: jenkins
serviceAccountName: jenkins
terminationGracePeriodSeconds: 30
volumes:
- name: jenkins-jenkins-data
persistentVolumeClaim:
claimName: jenkins-data
{{- if .Values.jenkins.caCerts.enabled }}
- name: ca-certs
secret:
secretName: {{ .Values.jenkins.caCerts.secret }}
{{- end }}
test: false
triggers:
- type: ConfigChange
{{end}}
{{end}}