Commit bd4edb67 authored by Fabius's avatar Fabius

Feat/config

parent 1b425522
......@@ -37,4 +37,5 @@ override.tf.json
# !example_override.tf
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*
\ No newline at end of file
# example: *tfplan*
values.yaml
\ No newline at end of file
......@@ -13,4 +13,7 @@ RUN apt-get update && \
$(lsb_release -cs) \
stable" && \
apt-get update && \
apt-get -y install docker-ce
\ No newline at end of file
apt-get -y install docker-ce
RUN curl -L https://storage.googleapis.com/kubernetes-release/release/v1.17.0/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl && \
chmod +x /usr/local/bin/kubectl
\ No newline at end of file
locals {
values_yaml_rendered = templatefile("${path.module}/values.yaml.tpl",{
master = var.master,
agent = var.agent
})
}
resource "kubernetes_namespace" "jenkins_namespace" {
metadata {
annotations = {
......@@ -15,11 +7,57 @@ resource "kubernetes_namespace" "jenkins_namespace" {
}
}
resource "kubernetes_service_account" "jenkins_service_account"{
metadata {
name = "jenkins-service-account"
}
automount_service_account_token = var.automount_service_account_token
}
resource "kubernetes_cluster_role_binding" "jenkins_service_account_binding" {
metadata {
name = "jenkins_service_account_binding"
}
role_ref {
api_group = "rbac.authorization.k8s.io"
kind = "ClusterRole"
name = "edit"
}
subject {
kind = "ServiceAccount"
name = kubernetes_service_account.jenkins_service_account.metadata[0].name
namespace = kubernetes_service_account.jenkins_service_account.metadata[0].namespace
}
}
data "kubernetes_secret" "jenkins_service_account_secret" {
metadata {
name = kubernetes_service_account.jenkins_service_account.default_secret_name
}
}
locals {
values_yaml_rendered = templatefile("${path.module}/values.yaml.tpl",{
master = var.master,
agent = var.agent,
credentials = var.credentials,
secret_strings = [
{
"id" : "${kubernetes_service_account.jenkins_service_account.metadata[0].name}"
"description" : ""
"secret" : "${lookup(data.kubernetes_secret.jenkins_service_account_secret.data, "token")}"
}
],
host_name = var.host_name
})
}
resource "helm_release" "jenkins"{
name = "jenkins"
namespace = kubernetes_namespace.jenkins_namespace.metadata[0].name
chart = "stable/jenkins"
version = "1.9.19"
version = "1.7.1"
timeout = 600
values = [local.values_yaml_rendered]
......
master:
extraPorts:
- name: ssh
port: 2222
externalPort: 22
protocol: TCP
- name: slvlistener-jen
port: 50000
externalPort: 50000
protocol: TCP
agent:
enabled: true
image: fabiuse/jenkins-with-docker
tag: latest
alwaysPullImage: true
privileged: true
volumes:
- type: HostPath
hostPath: /var/run/docker.sock
mountPath: /var/run/docker.sock
networkPolicy:
enabled: true
\ No newline at end of file
master:
numExecutors: ${master.numExecutors}
installPlugins:
- matrix-auth:2.6.1
- kubernetes:1.26.0
- docker-workflow:1.23
- workflow-job:2.39
- workflow-aggregator:2.6
- credentials-binding:1.23
- git:4.2.2
- credentials:2.3.7
- job-dsl:1.77
- kubernetes-cd:2.3.0
- kubernetes-cli:1.8.3
JCasC:
enabled: true
pluginVersion: "1.36"
configScripts:
welcome-message: |
jenkins:
systemMessage: Welcome to our CI\CD server. This Jenkins is configured and managed 'as code'.
credentials:
system:
domainCredentials:
- credentials:
%{ for credential in credentials }
- usernamePassword:
scope: GLOBAL
id: "${credential.id}"
username: "${credential.username}"
password: "${credential.password}"
%{ endfor }
%{ for secret_string in secret_strings }
- string:
scope: GLOBAL
id: "${secret_string.id}"
description: "${secret_string.description}"
secret: "${secret_string.secret}"
%{ endfor }
jobs:
- script: >
pipelineJob('pipeline') {
triggers {
cron('@daily')
}
definition {
cpsScm {
scriptPath 'Jenkinsfile'
scm {
git {
remote { url 'https://gitlab.hrz.tu-chemnitz.de/faeng--tu-chemnitz.de/react_docker_app.git'}
branch ''
extensions {}
}
}
}
}
}
extraPorts:
- name: ssh
port: 2222
......@@ -9,6 +64,17 @@ master:
port: 50000
externalPort: 50000
protocol: TCP
ingress:
enabled: true
apiVersion: 'networking.k8s.io/v1beta1'
hostName: ${host_name}
tls:
- hosts:
- ${host_name}
secretName: letsencrypt-staging
annotations:
kubernetes.io/ingress.class: nginx
serviceType: ClusterIP
agent:
enabled: ${agent.enabled}
......
variable "master" {
type = any
default = {
"numExecutors": "2",
}
default = {}
}
variable "credentials" {
type = list(any)
default = []
}
variable "agent" {
type = any
default = {
"enabled": "true",
"image": "getintodevops/jenkins-withdocker",
"tag": "lts-docker19.03.5"
"image": "fabiuse/jenkins-with-docker",
"tag": "latest"
"alwaysPullImage" : "true"
}
}
variable "host_name" {
type = string
default = ""
}
variable "automount_service_account_token" {
description = "enable automatic mounting of the service account token"
type = bool
default = false
}
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment