Merge branch 'feat/config' into 'master'

Feat/config See merge request !1

Merge branch 'feat/config' into 'master'
Feat/config See merge request !1
d91e1aab · Fabius · 1b425522 · bd4edb67 · d91e1aab · d91e1aab
Commit d91e1aab authored Jun 06, 2020 by Fabius
Showing with 139 additions and 41 deletions

.gitignore .gitignore +2 -1

Dockerfile Dockerfile +4 -1

main.tf main.tf +47 -9

values.yaml values.yaml +0 -24

values.yaml.tpl values.yaml.tpl +67 -1

variables.tf variables.tf +19 -5

No files found.
--- a/.gitignore
+++ b/.gitignore
@@ -37,4 +37,5 @@ override.tf.json
 # !example_override.tf

 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
-# example: *tfplan*
\ No newline at end of file
+# example: *tfplan*
+values.yaml
\ No newline at end of file
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,4 +13,7 @@ RUN apt-get update && \
      $(lsb_release -cs) \
      stable" && \
   apt-get update && \
-   apt-get -y install docker-ce
\ No newline at end of file
+   apt-get -y install docker-ce
+
+RUN curl -L https://storage.googleapis.com/kubernetes-release/release/v1.17.0/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl && \
+    chmod +x /usr/local/bin/kubectl
\ No newline at end of file
--- a/main.tf
+++ b/main.tf
-locals {
-
-    values_yaml_rendered = templatefile("${path.module}/values.yaml.tpl",{
-        master = var.master,
-        agent  = var.agent
-    })
-}
-
 resource "kubernetes_namespace" "jenkins_namespace" {
    metadata {
        annotations = {
@@ -15,11 +7,57 @@ resource "kubernetes_namespace" "jenkins_namespace" {
    }
 }

+resource "kubernetes_service_account" "jenkins_service_account"{
+  metadata {
+    name = "jenkins-service-account"
+  }
+  automount_service_account_token = var.automount_service_account_token
+}
+
+resource "kubernetes_cluster_role_binding" "jenkins_service_account_binding" {
+  metadata {
+    name = "jenkins_service_account_binding"
+  }
+  role_ref {
+    api_group = "rbac.authorization.k8s.io"
+    kind      = "ClusterRole"
+    name      = "edit"
+  }
+  subject {
+    kind      = "ServiceAccount"
+    name      = kubernetes_service_account.jenkins_service_account.metadata[0].name
+    namespace = kubernetes_service_account.jenkins_service_account.metadata[0].namespace
+  }
+}
+
+data "kubernetes_secret" "jenkins_service_account_secret" {
+  metadata {
+    name = kubernetes_service_account.jenkins_service_account.default_secret_name
+  }
+}
+
+locals {
+
+    values_yaml_rendered = templatefile("${path.module}/values.yaml.tpl",{
+        master          = var.master,
+        agent           = var.agent,
+        credentials     = var.credentials,
+        secret_strings  = [
+                            {
+                            "id" : "${kubernetes_service_account.jenkins_service_account.metadata[0].name}"
+                            "description" : ""
+                            "secret" : "${lookup(data.kubernetes_secret.jenkins_service_account_secret.data, "token")}"
+                            }
+                        ],
+        host_name       = var.host_name
+    })
+}
+
 resource "helm_release" "jenkins"{
    name        = "jenkins"
    namespace   = kubernetes_namespace.jenkins_namespace.metadata[0].name
    chart       = "stable/jenkins"
-    version     = "1.9.19"
+    version     = "1.7.1"
    timeout     = 600

    values = [local.values_yaml_rendered]

--- a/values.yaml
+++ b/values.yaml
-master:
-  extraPorts:
-  - name: ssh
-    port: 2222
-    externalPort: 22
-    protocol: TCP
-  - name: slvlistener-jen
-    port: 50000
-    externalPort: 50000
-    protocol: TCP
-
-agent:
-  enabled: true
-  image: fabiuse/jenkins-with-docker
-  tag: latest
-  alwaysPullImage: true
-  privileged: true
-  volumes:
-    - type: HostPath
-      hostPath: /var/run/docker.sock
-      mountPath: /var/run/docker.sock
-
-networkPolicy:
-  enabled: true
\ No newline at end of file
--- a/values.yaml.tpl
+++ b/values.yaml.tpl
 master:
-  numExecutors: ${master.numExecutors}
+  installPlugins:
+    - matrix-auth:2.6.1
+    - kubernetes:1.26.0
+    - docker-workflow:1.23
+    - workflow-job:2.39
+    - workflow-aggregator:2.6
+    - credentials-binding:1.23
+    - git:4.2.2
+    - credentials:2.3.7
+    - job-dsl:1.77
+    - kubernetes-cd:2.3.0
+    - kubernetes-cli:1.8.3
+  JCasC:
+    enabled: true
+    pluginVersion: "1.36"
+    configScripts:
+      welcome-message: |
+        jenkins:
+          systemMessage: Welcome to our CI\CD server.  This Jenkins is configured and managed 'as code'.
+        credentials:
+          system:
+            domainCredentials:
+              - credentials:
+%{ for credential in credentials }
+                - usernamePassword:
+                    scope: GLOBAL
+                    id: "${credential.id}"
+                    username: "${credential.username}"
+                    password: "${credential.password}"
+%{ endfor }
+%{ for secret_string in secret_strings }
+                - string:
+                    scope: GLOBAL
+                    id: "${secret_string.id}"
+                    description: "${secret_string.description}"
+                    secret: "${secret_string.secret}"
+%{ endfor }
+        jobs:
+          - script: >
+              pipelineJob('pipeline') {
+                triggers {
+                  cron('@daily')
+                }
+                definition {
+                  cpsScm {
+                    scriptPath 'Jenkinsfile'
+                    scm {
+                      git {
+                        remote { url 'https://gitlab.hrz.tu-chemnitz.de/faeng--tu-chemnitz.de/react_docker_app.git'}
+                        branch ''
+                        extensions {}
+                      }
+                    }
+                  }
+                }
+              }
  extraPorts:
  - name: ssh
    port: 2222
@@ -9,6 +64,17 @@ master:
    port: 50000
    externalPort: 50000
    protocol: TCP
+  ingress:
+    enabled: true
+    apiVersion: 'networking.k8s.io/v1beta1'
+    hostName: ${host_name}
+    tls:
+    - hosts:
+      - ${host_name}
+      secretName: letsencrypt-staging
+    annotations:
+      kubernetes.io/ingress.class: nginx
+  serviceType: ClusterIP

 agent:
  enabled: ${agent.enabled}

--- a/variables.tf
+++ b/variables.tf
 variable "master" {
    type = any
-    default = {
-        "numExecutors": "2",
-    }
+    default = {}
+}
+
+variable "credentials" {
+    type    = list(any)
+    default = []
 }

 variable "agent" {
    type = any
    default = {
        "enabled": "true",
-        "image": "getintodevops/jenkins-withdocker",
-        "tag": "lts-docker19.03.5"
+        "image": "fabiuse/jenkins-with-docker",
+        "tag": "latest"
        "alwaysPullImage" : "true"
    }
+}
+
+variable "host_name" {
+    type = string
+    default = ""
+}
+
+variable "automount_service_account_token" {
+    description = "enable automatic mounting of the service account token"
+    type        = bool
+    default     = false
 }
\ No newline at end of file