infra
/
kubernetes
1
0
Fork 0
Code Pull Requests 4 Activity
kubernetes/jenkins/jenkins.yaml

219 lines
4.0 KiB
YAML
Raw Permalink Blame History

apiVersion: v1
kind: Namespace
metadata:
name: jenkins
---
apiVersion: v1
kind: Namespace
metadata:
name: jenkins-jobs
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
namespace: jenkins
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: default
namespace: jenkins-jobs
imagePullSecrets:
- name: imagepull-gitea
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins
namespace: jenkins
labels:
app.kubernetes.io/name: jenkins
app.kubernetes.io/component: master
app.kubernetes.io/instance: jenkins
app.kubernetes.io/part-of: jenkins
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: jenkins
namespace: jenkins
rules:
- apiGroups:
- ''
resources:
- secrets
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: jenkins
namespace: jenkins-jobs
rules:
- apiGroups:
- ''
resources:
- persistentvolumeclaims
- pods
- pods/exec
verbs:
- '*'
- apiGroups:
- ''
resources:
- pods/log
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins
namespace: jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins
namespace: jenkins-jobs
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
namespace: jenkins
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: master
app.kubernetes.io/name: jenkins
app.kubernetes.io/instance: jenkins
app.kubernetes.io/part-of: jenkins
name: jenkins
namespace: jenkins
spec:
ports:
- name: http
port: 8080
- name: jnlp
port: 40414
selector:
app.kubernetes.io/component: master
app.kubernetes.io/name: jenkins
app.kubernetes.io/instance: jenkins
type: ClusterIP
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: jenkins
namespace: jenkins
labels:
app.kubernetes.io/name: jenkins
app.kubernetes.io/component: master
app.kubernetes.io/instance: jenkins
app.kubernetes.io/part-of: jenkins
spec:
serviceName: jenkins
selector:
matchLabels:
app.kubernetes.io/name: jenkins
app.kubernetes.io/component: master
app.kubernetes.io/instance: jenkins
template:
metadata:
annotations:
io.kubernetes.cri-o.TrySkipVolumeSELinuxLabel: 'true'
labels:
app.kubernetes.io/name: jenkins
app.kubernetes.io/component: master
app.kubernetes.io/instance: jenkins
spec:
containers:
- name: jenkins
image: docker.io/jenkins/jenkins:2.426.2-lts
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
- name: jnlp
containerPort: 40414
livenessProbe:
tcpSocket:
port: 40414
initialDelaySeconds: 120
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
securityContext:
seLinuxOptions:
level: s0:c525,c600
volumeMounts:
- name: jenkins-data
mountPath: /var/jenkins_home
nodeSelector:
kubernetes.io/arch: amd64
securityContext:
runAsUser: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
serviceAccountName: jenkins
volumes:
- name: jenkins-data
persistentVolumeClaim:
claimName: jenkins
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jenkins
namespace: jenkins
spec:
ingressClassName: nginx
rules:
- host: jenkins.pyrocufflink.blue
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: jenkins
port:
name: http
tls:
- hosts:
- jenkins.pyrocufflink.blue
View Git Blame Copy Permalink