jenkins: Add storage for Gentoo Portage/binpkgs

Jenkins that build Gentoo-based systems, like Aimee OS, need a
persistent storage volume for the Gentoo ebuild repository. The Job
initially populates the repository using `emerge-webrsync`, and then the
CronJob keeps it up-to-date by running `emaint sync` daily.

In addition to the Portage repository, we also need a volume to store
built binary packages.  Jenkins job pods can mount this volume to make
binary packages they build available for subsequent runs.

Both of these volumes are exposed to use cases outside the cluster using
`rsync` in daemon mode.  This can be useful for e.g. local builds.

jenkins/gentoo-storage.yaml

@@ -0,0 +1,170 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: portage
+  namespace: jenkins-jobs
+  labels:
+    app.kubernetes.io/name: portage
+    app.kubernetes.io/component: gentoo
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 4Gi
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: binpkgs
+  namespace: jenkins-jobs
+  labels:
+    app.kubernetes.io/name: binpkgs
+    app.kubernetes.io/component: gentoo
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 10Gi
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: gentoo-dist
+  namespace: jenkins-jobs
+  labels:
+    app.kubernetes.io/name: gentoo-dist
+    app.kubernetes.io/component: gentoo
+data:
+  rsyncd.conf: |+
+    [gentoo-portage]
+    path = /var/db/repos/gentoo
+
+    [binpkgs]
+    path = /var/cache/binpkgs
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: gentoo-dist
+  namespace: jenkins-jobs
+spec:
+  selector:
+    app.kubernetes.io/name: gentoo-dist
+    app.kubernetes.io/component: gentoo
+  ports:
+  - name: rsync
+    port: 873
+    targetPort: rsync
+  type: NodePort
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gentoo-dist
+  namespace: jenkins-jobs
+  labels: &labels
+    app.kubernetes.io/name: gentoo-dist
+    app.kubernetes.io/component: gentoo
+spec:
+  selector:
+    matchLabels: *labels
+  template:
+    metadata:
+      labels: *labels
+    spec:
+      containers:
+      - name: rsync
+        image: docker.io/gentoo/stage3
+        command:
+        - /usr/bin/rsync
+        - --daemon
+        - --no-detach
+        - --port=8873
+        - --log-file=/dev/stderr
+        ports:
+        - name: rsync
+          containerPort: 8873
+        securityContext:
+          readOnlyRootFilesystem: true
+          runAsUser: 250
+          runAsGroup: 250
+        volumeMounts:
+        - mountPath: /etc/rsyncd.conf
+          name: config
+          subPath: rsyncd.conf
+        - mountPath: /var/db/repos/gentoo
+          name: portage
+        - mountPath: /var/cache/binpkgs
+          name: binpkgs
+      volumes:
+      - name: binpkgs
+        persistentVolumeClaim:
+          claimName: binpkgs
+      - name: config
+        configMap:
+          name: gentoo-dist
+      - name: portage
+        persistentVolumeClaim:
+          claimName: portage
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: emerge-webrsync
+  namespace: jenkins-jobs
+  labels:
+    app.kubernetes.io/name: emerge-webrsync
+    app.kubernetes.io/component: gentoo
+spec:
+  template:
+    spec:
+      containers:
+      - name: sync
+        image: docker.io/gentoo/stage3
+        command:
+        - emerge-webrsync
+        volumeMounts:
+        - mountPath: /var/db/repos/gentoo
+          name: portage
+      restartPolicy: OnFailure
+      volumes:
+      - name: portage
+        persistentVolumeClaim:
+          claimName: portage
+
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: sync-portage
+  namespace: jenkins-jobs
+  labels:
+    app.kubernetes.io/name: sync-portage
+    app.kubernetes.io/component: gentoo
+spec:
+  schedule: 4 19 * * *
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: sync
+            image: docker.io/gentoo/stage3
+            command:
+            - emaint
+            - sync
+            volumeMounts:
+            - mountPath: /var/db/repos/gentoo
+              name: portage
+          restartPolicy: OnFailure
+          volumes:
+          - name: portage
+            persistentVolumeClaim:
+              claimName: portage

jenkins/kustomization.yaml

@@ -9,6 +9,7 @@ resources:
 - jenkins.yaml
 - secrets.yaml
 - iscsi.yaml
+- gentoo-storage.yaml
 
 configMapGenerator:
 - name: ssh-known-hosts