From 994b86dee0876538b5911ae116d13b01bc20183f Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 18:56:43 +0200 Subject: [PATCH 01/38] Update CONTRIBUTING.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4e971ff0..8c49e7ad 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -5,7 +5,7 @@ This document provides guidelines for contributing to the CloudBees CI add-on fo ## Design principles - It follows the same approach as the [Terraform AWS EKS Blueprints for Terraform Patterns](https://aws-ia.github.io/terraform-aws-eks-blueprints/). -- The blueprints use a monorepo configuration where additional configuration repositories are included within the same project. This approach is managed using [Spare Checkouts](https://github.blog/open-source/git/bring-your-monorepo-down-to-size-with-sparse-checkout/). For example, the [At scale blueprint](blueprints/02-at-scale) contains the repository for CasC bundles and Shared Libraries. +- The blueprints use a monorepo configuration where additional configuration repositories are included within the same project. This approach is managed using [Spare Checkouts](https://github.blog/open-source/git/bring-your-monorepo-down-to-size-with-sparse-checkout/). For example, the [At scale blueprint](blueprints/02-at-scale) contains the repository for CasC bundles and shared libraries. - Submit pull requests against the `develop` branch and release from the `main` branch. - `main` branch: - It is the stable branch and is used for releases. From e84b4d3f3b82e4e515d0579f76eb4f4565f939f1 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 18:56:52 +0200 Subject: [PATCH 02/38] Update README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 90ec773f..eaa86073 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ The CloudBees CI [AWS partner add-on](https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/main/aws-partner-addons/) streamlines the adoption and experimentation of CloudBees CI enterprise features by: -- Encapsulating the deployment of [CloudBees CI on modern platforms in AWS EKS](https://docs.cloudbees.com/docs/cloudbees-ci/latest/eks-install-guide/installing-eks-using-helm#_configuring_your_environment) and additional k8s resources into a Terraform module. +- Encapsulating the deployment of [CloudBees CI on modern platforms in AWS EKS](https://docs.cloudbees.com/docs/cloudbees-ci/latest/eks-install-guide/installing-eks-using-helm#_configuring_your_environment) and additional Kubernetes resources into a Terraform module. - Providing a series of opinionated [blueprints](https://github.com/cloudbees/terraform-aws-cloudbees-ci-eks-addon/tree/main/blueprints) that implement the CloudBees CI add-on module for use with [Amazon EKS blueprints for Terraform](https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/main/), which are aligned with the [EKS Best Practices Guides](https://aws.github.io/aws-eks-best-practices/). ## Usage From ad2aaa99268bd76be273eb72f4d705c3cec6fe78 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 18:58:30 +0200 Subject: [PATCH 03/38] Update variables.tf Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 453b4598..41484b1a 100644 --- a/variables.tf +++ b/variables.tf @@ -94,7 +94,7 @@ variable "reg_secret_auth" { } validation { condition = contains(keys(var.reg_secret_auth), "server") && contains(keys(var.reg_secret_auth), "username") && contains(keys(var.reg_secret_auth), "password") && contains(keys(var.reg_secret_auth), "email") - error_message = "The reg_secret_auth must contain the following keys: server, username, password and email." + error_message = "The reg_secret_auth must contain the following keys: server, username, password, and email." } validation { condition = length(var.reg_secret_auth) == 4 From 50b5e4d8ed1529007e9323086d8234f4b386f8e9 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 18:58:35 +0200 Subject: [PATCH 04/38] Update variables.tf Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 41484b1a..4554caaf 100644 --- a/variables.tf +++ b/variables.tf @@ -79,7 +79,7 @@ variable "reg_secret_ns" { type = string validation { condition = length(trimspace(var.reg_secret_ns)) > 0 - error_message = "Agent Namespace must not be an empty string." + error_message = "Agent namespace must not be an empty string." } } From 6e6e6978f6ed159b103fccff1142f8e3fcc5a6a5 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 18:59:10 +0200 Subject: [PATCH 05/38] Update blueprints/02-at-scale/README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- blueprints/02-at-scale/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index bbbdd4a9..3264bad9 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -27,7 +27,7 @@ Once you have familiarized yourself with [CloudBees CI blueprint add-on: Get sta | [Grafana Tempo](https://grafana.com/oss/tempo/) | Provides backend tracing for [Jenkins OpenTelemetry](https://plugins.jenkins.io/opentelemetry/). | | [Hashicorp Vault](https://github.com/hashicorp/vault-helm) | Secrets management system that is integrated via [CloudBees HashiCorp Vault Plugin](https://docs.cloudbees.com/docs/cloudbees-ci/latest/cloud-secure-guide/hashicorp-vault-plugin). | -- Cloudbees CI uses [Configuration as Code (CasC)](https://docs.cloudbees.com/docs/cloudbees-ci/latest/casc-oc/casc-intro) (refer to the [casc](cbci/casc) folder) to enable [exciting new features for streamlined DevOps](https://www.cloudbees.com/blog/cloudbees-ci-exciting-new-features-for-streamlined-devops) and other enterprise features, such as [CloudBees CI hibernation](https://docs.cloudbees.com/docs/cloudbees-ci/latest/cloud-admin-guide/managing-controllers#_hibernation_in_managed_masters). +- Cloudbees CI uses [Configuration as Code (CasC)](https://docs.cloudbees.com/docs/cloudbees-ci/latest/casc-oc/casc-intro) (refer to the [casc](cbci/casc) folder) to enable [exciting new features for streamlined DevOps](https://www.cloudbees.com/blog/cloudbees-ci-exciting-new-features-for-streamlined-devops) and other enterprise features, such as [CloudBees CI hibernation](https://docs.cloudbees.com/docs/cloudbees-ci/latest/cloud-admin-guide/managing-controllers#hibernation-managed-controllers). - The operations center is using the [CasC Bundle Retriever](https://docs.cloudbees.com/docs/cloudbees-ci/latest/casc-oc/bundle-retrieval-scm). - Managed controller configurations are managed from the operations center using [source control management (SCM)](https://docs.cloudbees.com/docs/cloudbees-ci/latest/casc-controller/add-bundle#_adding_casc_bundles_from_an_scm_tool). - The managed controllers are using [CasC bundle inheritance](https://docs.cloudbees.com/docs/cloudbees-ci/latest/casc-controller/advanced#_configuring_bundle_inheritance_with_casc) (refer to the [parent](cbci/casc/mc/parent) folder). This "parent" bundle is inherited by two types of "child" controller bundles: `ha` and `none-ha`, to accommodate [considerations about HA controllers](https://docs.cloudbees.com/docs/cloudbees-ci/latest/ha/ha-considerations). From 88b6d505c5e2a5624b0591b6e7b0adb5f2178796 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 18:59:17 +0200 Subject: [PATCH 06/38] Update blueprints/02-at-scale/README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- blueprints/02-at-scale/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index 3264bad9..828a699b 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -41,7 +41,7 @@ This blueprint divides scalable node groups for different types of workloads: - Shared node group services (role: `shared`): For common/shared workloads using [Amazon EKS-Optimized Amazon Linux 2023](https://aws.amazon.com/blogs/containers/amazon-eks-optimized-amazon-linux-2023-amis-now-available/) Amazon Machine Image (AMI) type. - CloudBees CI node groups: - - CI Services (role: `cb-apps`) + - CI services (role: `cb-apps`): - Services instance type: [AWS Graviton Processor](https://aws.amazon.com/ec2/graviton/) and [Bottlerocket OS](https://aws.amazon.com/bottlerocket/) AMI type. - It uses an [instance profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) for operating with AWS Services permissions (eg. s3 Buckets). However, the recommended options are explained in [Issue 56](https://github.com/cloudbees/terraform-aws-cloudbees-ci-eks-addon/issues/56). - CI Agents (Ephemeral): From 826d5aa5d83bb0e74f1a93c519512729266551d2 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 18:59:28 +0200 Subject: [PATCH 07/38] Update blueprints/02-at-scale/README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- blueprints/02-at-scale/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index 828a699b..f1fce515 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -43,7 +43,7 @@ This blueprint divides scalable node groups for different types of workloads: - CloudBees CI node groups: - CI services (role: `cb-apps`): - Services instance type: [AWS Graviton Processor](https://aws.amazon.com/ec2/graviton/) and [Bottlerocket OS](https://aws.amazon.com/bottlerocket/) AMI type. - - It uses an [instance profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) for operating with AWS Services permissions (eg. s3 Buckets). However, the recommended options are explained in [Issue 56](https://github.com/cloudbees/terraform-aws-cloudbees-ci-eks-addon/issues/56). + - It uses an [instance profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) for operating with AWS services permissions (for example, S3 buckets). However, the recommended options are explained in [Issue 56](https://github.com/cloudbees/terraform-aws-cloudbees-ci-eks-addon/issues/56). - CI Agents (Ephemeral): - Linux: [AWS Graviton Processor](https://aws.amazon.com/ec2/graviton/) and [Bottlerocket OS](https://aws.amazon.com/bottlerocket/) AMI type and includes on-demand (role: `build-linux`) and Spot (role: `build-linux-spot`) capacity types. The Spot agent node groups follow the principles described in [Building for Cost Optimization and Resilience for EKS with Spot Instances](https://aws.amazon.com/blogs/compute/cost-optimization-and-resilience-eks-with-spot-instances/). - Windows (role: `build-windows`): Windows 2019 AMI type. From af3a1eca7437ec96ae2d87428069398ff123cb0c Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 18:59:38 +0200 Subject: [PATCH 08/38] Update variables.tf Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 4554caaf..07be5b3a 100644 --- a/variables.tf +++ b/variables.tf @@ -63,7 +63,7 @@ variable "casc_secrets_file" { type = string validation { condition = length(trimspace(var.casc_secrets_file)) > 0 - error_message = "Casc secret file must not be an empty string." + error_message = "CasC secret file must not be an empty string." } } From b3d51f0c48a98507ccdbc9a13b7ecf635000051d Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 18:59:45 +0200 Subject: [PATCH 09/38] Update variables.tf Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 07be5b3a..c833fc14 100644 --- a/variables.tf +++ b/variables.tf @@ -68,7 +68,7 @@ variable "casc_secrets_file" { } variable "create_reg_secret" { - description = "Create a Kubernetes dockerconfigjson secret for Container Registry authentication (cbci-sec-reg) for CI builds agents." + description = "Create a Kubernetes dockerconfigjson secret for container registry authentication (cbci-sec-reg) for CI builds agents." default = false type = bool } From 189002cc1f75987860294a1955ada986175abb95 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 18:59:53 +0200 Subject: [PATCH 10/38] Update variables.tf Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index c833fc14..72ff851e 100644 --- a/variables.tf +++ b/variables.tf @@ -74,7 +74,7 @@ variable "create_reg_secret" { } variable "reg_secret_ns" { - description = "Agent Namespace to allocate cbci-sec-reg secret. It is required when create_reg_secret is enabled." + description = "Agent namespace to allocate cbci-sec-reg secret. It is required when create_reg_secret is enabled." default = "cbci" type = string validation { From 921f52ef55438c13277643833d2bb35eb3c695b4 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 5 Aug 2024 16:59:59 +0000 Subject: [PATCH 11/38] terraform-docs: automated action --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index eaa86073..a40ec22b 100644 --- a/README.md +++ b/README.md @@ -97,11 +97,11 @@ The CloudBees CI add-on uses `helms release` for its resources definition, makin | trial_license | CloudBees CI trial license details for evaluation. | `map(string)` | n/a | yes | | casc_secrets_file | Secrets .yml file path containing the names:values secrets. It is required when create_casc_secrets is enabled. | `string` | `"secrets-values.yml"` | no | | create_casc_secrets | Create a Kubernetes basic secret for CloudBees Configuration as Code (cbci-sec-casc) and mount it into the Operation Center /var/run/secrets/cbci. | `bool` | `false` | no | -| create_reg_secret | Create a Kubernetes dockerconfigjson secret for Container Registry authentication (cbci-sec-reg) for CI builds agents. | `bool` | `false` | no | +| create_reg_secret | Create a Kubernetes dockerconfigjson secret for container registry authentication (cbci-sec-reg) for CI builds agents. | `bool` | `false` | no | | helm_config | CloudBees CI Helm chart configuration. | `any` | 
{
  "values": [
    ""
  ]
}
| no | | prometheus_target | Creates a service monitor to discover the CloudBees CI Prometheus target dynamically. It is designed to be enabled with the AWS EKS Terraform Addon Kube Prometheus Stack. | `bool` | `false` | no | | reg_secret_auth | Registry server authentication details for cbci-sec-reg secret. It is required when create_reg_secret is enabled. | `map(string)` | 
{
  "email": "foo.bar@acme.com",
  "password": "changeme1234",
  "server": "my-registry.acme:5000",
  "username": "foo"
}
| no | -| reg_secret_ns | Agent Namespace to allocate cbci-sec-reg secret. It is required when create_reg_secret is enabled. | `string` | `"cbci"` | no | +| reg_secret_ns | Agent namespace to allocate cbci-sec-reg secret. It is required when create_reg_secret is enabled. | `string` | `"cbci"` | no | ### Outputs From c839f38b51c57ac2a17a438808ec038a76e6abbc Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:19:19 +0200 Subject: [PATCH 12/38] Update blueprints/02-at-scale/README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- blueprints/02-at-scale/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index f1fce515..c7b1a96c 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -44,7 +44,7 @@ This blueprint divides scalable node groups for different types of workloads: - CI services (role: `cb-apps`): - Services instance type: [AWS Graviton Processor](https://aws.amazon.com/ec2/graviton/) and [Bottlerocket OS](https://aws.amazon.com/bottlerocket/) AMI type. - It uses an [instance profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) for operating with AWS services permissions (for example, S3 buckets). However, the recommended options are explained in [Issue 56](https://github.com/cloudbees/terraform-aws-cloudbees-ci-eks-addon/issues/56). - - CI Agents (Ephemeral): + - CI agents (ephemeral): - Linux: [AWS Graviton Processor](https://aws.amazon.com/ec2/graviton/) and [Bottlerocket OS](https://aws.amazon.com/bottlerocket/) AMI type and includes on-demand (role: `build-linux`) and Spot (role: `build-linux-spot`) capacity types. The Spot agent node groups follow the principles described in [Building for Cost Optimization and Resilience for EKS with Spot Instances](https://aws.amazon.com/blogs/compute/cost-optimization-and-resilience-eks-with-spot-instances/). - Windows (role: `build-windows`): Windows 2019 AMI type. From 9c22ee37b602d7fa2c3700da9f165c7dc6b14742 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:19:36 +0200 Subject: [PATCH 13/38] Update blueprints/02-at-scale/README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- blueprints/02-at-scale/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index c7b1a96c..49b8ca0e 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -49,7 +49,7 @@ This blueprint divides scalable node groups for different types of workloads: - Windows (role: `build-windows`): Windows 2019 AMI type. > [!IMPORTANT] -> It is known that Linux container lunch time are faster than Windows container. That reality can be improved by using a cache container image strategy (see [Speeding up Windows container launch times with EC2 Image builder and image cache strategy](https://aws.amazon.com/blogs/containers/speeding-up-windows-container-launch-times-with-ec2-image-builder-and-image-cache-strategy/) and more about [Windows Container Best Practices](https://aws.github.io/aws-eks-best-practices/windows/docs/ami/)). Alternatively to Windows Containes, it is possible to use Windows VMs using [Shared Agent](https://docs.cloudbees.com/docs/cloudbees-ci/latest/cloud-admin-guide/shared-agents). +> The launch time for Linux containers is faster than Windows containers. This can be improved by using a cache container image strategy. Refer to [Speeding up Windows container launch times with EC2 Image builder and image cache strategy](https://aws.amazon.com/blogs/containers/speeding-up-windows-container-launch-times-with-ec2-image-builder-and-image-cache-strategy/) and more about [Windows Container Best Practices](https://aws.github.io/aws-eks-best-practices/windows/docs/ami/)). Another potential alternative is to use Windows VMs with a [shared agent](https://docs.cloudbees.com/docs/cloudbees-ci/latest/cloud-admin-guide/shared-agents). ![Architecture](img/at-scale.architect.drawio.svg) From 638b92aa1b41a7146c252dbe87b1a21cfe3e8531 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:19:50 +0200 Subject: [PATCH 14/38] Update blueprints/02-at-scale/README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- blueprints/02-at-scale/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index 49b8ca0e..1657ea46 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -119,7 +119,7 @@ This blueprint divides scalable node groups for different types of workloads: ## Prerequisites -This blueprint uses [DockerHub](https://hub.docker.com/) as a Container Registry Service. Then, an existing DockerHub account is required (username, password and email). +This blueprint uses [DockerHub](https://hub.docker.com/) as a container registry service. Note that an existing DockerHub account is required (username, password, and email). > [!TIP] > Use `docker login` to validate username and password. From 7493dadbf6df5a01ce9ef8561af1e6e3b867b1c6 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:20:11 +0200 Subject: [PATCH 15/38] Update blueprints/02-at-scale/README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- blueprints/02-at-scale/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index 1657ea46..6991cc9b 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -163,7 +163,7 @@ Once the resources have been created, a `kubeconfig` file is created in the [/k8 There are differences in CloudBees CI permissions and folder restrictions when signed in as a user of the Admin group versus the Development group. For example, only Admin users have access to the agent validation jobs. -3. CasC is enabled for the [operations center](https://docs.cloudbees.com/docs/cloudbees-ci/latest/casc-oc/) (`cjoc`) and [controllers](https://docs.cloudbees.com/docs/cloudbees-ci/latest/casc-controller/) (`team-b` and `team-c-ha`). `team-a` is not using CasC, to illustrate the difference between the two approaches. Issue the following command to verify that all controllers are Running: +3. CasC is enabled for the [operations center](https://docs.cloudbees.com/docs/cloudbees-ci/latest/casc-oc/) (`cjoc`) and [controllers](https://docs.cloudbees.com/docs/cloudbees-ci/latest/casc-controller/) (`team-b` and `team-c-ha`). `team-a` is not using CasC, to illustrate the difference between the two approaches. Issue the following command to verify that all controllers are running: ```sh eval $(terraform output --raw cbci_controllers_pods) From ae2b910c19047cd2fe02ce1c8a2f501100c0b322 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:20:58 +0200 Subject: [PATCH 16/38] Update blueprints/02-at-scale/README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- blueprints/02-at-scale/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index 6991cc9b..33acac4b 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -177,9 +177,9 @@ Once the resources have been created, a `kubeconfig` file is created in the [/k8 eval $(terraform output --raw cbci_controller_c_hpa) ``` -#### Secrets Management +#### Secrets management -##### Kubernetes Secret +##### Kubernetes secret This blueprint uses a couple of Kubernetes secrets for different purposes. From ef7e2fb8645c7129094da260b0c555fd20a1193c Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:21:16 +0200 Subject: [PATCH 17/38] Update blueprints/02-at-scale/README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- blueprints/02-at-scale/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index 33acac4b..14ea548e 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -181,7 +181,7 @@ Once the resources have been created, a `kubeconfig` file is created in the [/k8 ##### Kubernetes secret -This blueprint uses a couple of Kubernetes secrets for different purposes. +This blueprint Kubernetes secrets for different purposes. > [!NOTE] > - Beyond the CloudBees CI Addon (for demo purposes), Kubernetes secrets can be managed via [External Secret Operators](https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/main/addons/external-secrets/). From f1315991e118d0c3fc9cab8d13f32f1a8e985f8f Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:21:34 +0200 Subject: [PATCH 18/38] Update blueprints/02-at-scale/README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- blueprints/02-at-scale/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index 14ea548e..7206b80e 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -184,7 +184,7 @@ Once the resources have been created, a `kubeconfig` file is created in the [/k8 This blueprint Kubernetes secrets for different purposes. > [!NOTE] -> - Beyond the CloudBees CI Addon (for demo purposes), Kubernetes secrets can be managed via [External Secret Operators](https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/main/addons/external-secrets/). +> - Beyond the CloudBees CI add-on (used for demo purposes), Kubernetes secrets can be managed via [External Secret Operators](https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/main/addons/external-secrets/). > - Kubernetes secrets could be also be retrived as Jenkins Credentials via using the [Kubernetes Credentials Provider plugin](https://jenkinsci.github.io/kubernetes-credentials-provider-plugin/). ###### Casc Secrets From 634d21f467ba5f057b559a1e54b24caefdf13cd5 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:21:46 +0200 Subject: [PATCH 19/38] Update blueprints/02-at-scale/README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- blueprints/02-at-scale/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index 7206b80e..47c02d52 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -187,7 +187,7 @@ This blueprint Kubernetes secrets for different purposes. > - Beyond the CloudBees CI add-on (used for demo purposes), Kubernetes secrets can be managed via [External Secret Operators](https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/main/addons/external-secrets/). > - Kubernetes secrets could be also be retrived as Jenkins Credentials via using the [Kubernetes Credentials Provider plugin](https://jenkinsci.github.io/kubernetes-credentials-provider-plugin/). -###### Casc Secrets +###### CasC secrets The secrets key/value file defined in [k8s/secrets-values.yml](k8s/secrets-values.yml) is converted into a Kubernetes secret (`cbci-sec-casc`) and mounted into /run/secrets/ for Operation Center and Controllers to be consumed via CloudBees Casc. See [Configuration as Code - Handling Secrets - Kubernetes Secrets](https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/secrets.adoc#kubernetes-secrets) for more information. From ec697def42826276b79fbd62599ec1072a1f7894 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:22:00 +0200 Subject: [PATCH 20/38] Update blueprints/02-at-scale/README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- blueprints/02-at-scale/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index 47c02d52..990d3e96 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -189,7 +189,7 @@ This blueprint Kubernetes secrets for different purposes. ###### CasC secrets -The secrets key/value file defined in [k8s/secrets-values.yml](k8s/secrets-values.yml) is converted into a Kubernetes secret (`cbci-sec-casc`) and mounted into /run/secrets/ for Operation Center and Controllers to be consumed via CloudBees Casc. See [Configuration as Code - Handling Secrets - Kubernetes Secrets](https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/secrets.adoc#kubernetes-secrets) for more information. +The secrets key/value file defined in [k8s/secrets-values.yml](k8s/secrets-values.yml) is converted into a Kubernetes secret (`cbci-sec-casc`) and mounted into `/run/secrets/` for the operations center and controllers to be consumed via CloudBees CasC. Refer to [Configuration as Code - Handling Secrets - Kubernetes Secrets](https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/secrets.adoc#kubernetes-secrets) for more information. ###### Container Registry Secrets From aa7d574a5754100cb8f23b021986f9b0ffd65cde Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:22:56 +0200 Subject: [PATCH 21/38] Update blueprints/02-at-scale/README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- blueprints/02-at-scale/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index 990d3e96..353d294e 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -191,7 +191,7 @@ This blueprint Kubernetes secrets for different purposes. The secrets key/value file defined in [k8s/secrets-values.yml](k8s/secrets-values.yml) is converted into a Kubernetes secret (`cbci-sec-casc`) and mounted into `/run/secrets/` for the operations center and controllers to be consumed via CloudBees CasC. Refer to [Configuration as Code - Handling Secrets - Kubernetes Secrets](https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/secrets.adoc#kubernetes-secrets) for more information. -###### Container Registry Secrets +###### Container registry secrets DockerHub authentication is stored as Kubernetes secrets (`cbci-agent-sec-reg`) and mounted to [Kaniko agent containers](https://docs.cloudbees.com/docs/cloudbees-ci/latest/cloud-admin-guide/using-kaniko) to build and push images to this registry. The secret is created using the `dh_reg_secret_auth` variable. From 578fdaba13dddea598f6aea77814a295f7ce314e Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:23:07 +0200 Subject: [PATCH 22/38] Update blueprints/02-at-scale/README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- blueprints/02-at-scale/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index 353d294e..9595b22c 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -206,7 +206,7 @@ DockerHub authentication is stored as Kubernetes secrets (`cbci-agent-sec-reg`) HashiCorp Vault is used as a credential provider for CloudBees CI Pipelines in this blueprint. -1. Run the configure Hashicorp Vault script. Keep in a safe place Admin Token and Unseal Keys (saved in `k8s/vault-init.log`) as well as Role ID and Secret ID for `cbci-oc` App Role. +1. Run the configure Hashicorp Vault script. Store the admin token and unseal keys (saved in `k8s/vault-init.log`) and role ID and secret ID for the `cbci-oc` application role in a safe place. ```sh eval $(terraform output --raw vault_configure) From a823363cab8649396fa52ac5c92a9b04095f3eee Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:23:19 +0200 Subject: [PATCH 23/38] Update blueprints/02-at-scale/README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- blueprints/02-at-scale/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index 9595b22c..edaa6adb 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -212,7 +212,7 @@ HashiCorp Vault is used as a credential provider for CloudBees CI Pipelines in t eval $(terraform output --raw vault_configure) ``` -2. Access the HashiCorp Vault UI by issuing the following command. Enter the root token to log in from the _step 1_. +2. Issue the following command to access the HashiCorp Vault UI. Enter the root token to sign in from _step 1_. ```sh eval $(terraform output --raw vault_dashboard) From 685c7b5d7b116acd0893e1736604da276cfe0b57 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:23:33 +0200 Subject: [PATCH 24/38] Update blueprints/02-at-scale/README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- blueprints/02-at-scale/README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index edaa6adb..6e0cebea 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -218,7 +218,13 @@ HashiCorp Vault is used as a credential provider for CloudBees CI Pipelines in t eval $(terraform output --raw vault_dashboard) ``` -3. Access with admin role to CloudBees CI Operation Center and complete the configuration for the CloudBees CI Vault Plugin by entering the Role ID and Secret ID for `cbci-oc` App Role from _step 1_ in _Manage Jenkins_ > _Credentials Providers_ > _HashiCorp Vault Credentials Provider_. Click on `Test Connection` to verify the inputs are right. Finally, move to `team-b` or `team-c-ha` to run the pipeline _admin_ > _validations_ > _vault-credentials_ and validate that credentials are fetched correctly from Hashicorp Vault. +3. Sign in to the CloudBees CI operations center as a user with the admin role. + +4. Navigate to **Manage Jenkins > Credentials Providers > HashiCorp Vault Credentials Provider** and complete the configuration for the CloudBees CI Vault Plugin by entering the role ID and secret ID for the `cbci-oc` application role from _step 1_. + +5. Select **Test Connection** to verify the inputs are correct. + +6. Move to `team-b` or `team-c-ha` to run the Pipeline (**admin > validations > vault-credentials**) and validate that credentials are fetched correctly from the Hashicorp Vault. > [!NOTE] > Hashicorp Vault can be also be configured to be used for [Configuration as Code - Handling Secrets - Vault](https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/secrets.adoc#hashicorp-vault-secret-source). From 306839985616c7f2226f6f209003a40c85952091 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:23:46 +0200 Subject: [PATCH 25/38] Update blueprints/02-at-scale/README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- blueprints/02-at-scale/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index 6e0cebea..5f0f997a 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -255,7 +255,7 @@ HashiCorp Vault is used as a credential provider for CloudBees CI Pipelines in t eval $(terraform output --raw cbci_controller_b_s3_build) ``` - It triggers `s3-WScacheAndArtifacts` pipeline from `team-b` controller. This pipeline validates a couple of s3 integrations in parallel: one for [CloudBees Workspace Caching](https://docs.cloudbees.com/docs/cloudbees-ci/latest/pipelines/cloudbees-cache-step) (using `linux-mavenAndKaniko-L`) and another for [s3 Artifact Manager](https://plugins.jenkins.io/artifact-manager-s3/) (using `linux-mavenAndKaniko-XL`). + It triggers the `s3-WScacheAndArtifacts` Pipeline from the `team-b` controller. This pipeline validates S3 integrations in parallel for [CloudBees workspace caching](https://docs.cloudbees.com/docs/cloudbees-ci/latest/pipelines/cloudbees-cache-step) (using `linux-mavenAndKaniko-L`) and the [S3 artifact manager](https://plugins.jenkins.io/artifact-manager-s3/) (using `linux-mavenAndKaniko-XL`). Once the second build is complete, you can find the read cache operation at the beginning of the build logs and the write cache operation at the end of the build logs. From 602def3b48969989deca3ca20e8a49149123ef6b Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:23:57 +0200 Subject: [PATCH 26/38] Update blueprints/02-at-scale/README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- blueprints/02-at-scale/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index 5f0f997a..feddfaba 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -259,7 +259,7 @@ HashiCorp Vault is used as a credential provider for CloudBees CI Pipelines in t Once the second build is complete, you can find the read cache operation at the beginning of the build logs and the write cache operation at the end of the build logs. - The `linux-mavenAndKaniko-L` agent template is deployed over On-demand Linux Nodes that have smaller instance types vs the `linux-mavenAndKaniko-XL` template that is deployed over Spot Linux Nodes that have defined larger instance types. + The `linux-mavenAndKaniko-L` agent template is deployed over on-demand Linux nodes that have smaller instance types versus the `linux-mavenAndKaniko-XL` template that is deployed over Spot Linux nodes that have defined larger instance types. - For Windows node pool use: From 7c30c5ac030b6d99a0e5cf59bd4be66bb9e1cb0b Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:24:07 +0200 Subject: [PATCH 27/38] Update blueprints/02-at-scale/README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- blueprints/02-at-scale/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index feddfaba..1461bdb5 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -267,7 +267,7 @@ HashiCorp Vault is used as a credential provider for CloudBees CI Pipelines in t eval $(terraform output --raw cbci_controller_c_windows_node_build) ``` - It triggers `windows-build-nodes` pipeline from `team-c-ha` controller. + It triggers the `windows-build-nodes` Pipeline from the `team-c-ha` controller. Note that the first build for a new Windows image container can take up to 10 minutes to run; subsequent builds should take seconds to run. This behavior can be improved as explained in the section [Architecture](#architecture). From 6301a26e261a6ba955fbe7deeb86151777af2bfd Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:24:44 +0200 Subject: [PATCH 28/38] Update blueprints/02-at-scale/README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- blueprints/02-at-scale/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index 1461bdb5..de2b8ad8 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -269,7 +269,7 @@ HashiCorp Vault is used as a credential provider for CloudBees CI Pipelines in t It triggers the `windows-build-nodes` Pipeline from the `team-c-ha` controller. - Note that the first build for a new Windows image container can take up to 10 minutes to run; subsequent builds should take seconds to run. This behavior can be improved as explained in the section [Architecture](#architecture). + Note that the first build for a new Windows image container can take up to 10 minutes to run; subsequent builds should take seconds to run. This behavior can be improved, as explained in the section [Architecture](#architecture). 3. Right after triggering the builds, issue the following to validate pod agent provisioning to build the pipeline code: From c31fe0a2778cb7fb0fd3787b09db965a902ec6a7 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:25:08 +0200 Subject: [PATCH 29/38] Update blueprints/02-at-scale/README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- blueprints/02-at-scale/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index de2b8ad8..8f231324 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -271,7 +271,7 @@ HashiCorp Vault is used as a credential provider for CloudBees CI Pipelines in t Note that the first build for a new Windows image container can take up to 10 minutes to run; subsequent builds should take seconds to run. This behavior can be improved, as explained in the section [Architecture](#architecture). -3. Right after triggering the builds, issue the following to validate pod agent provisioning to build the pipeline code: +3. Right after triggering the builds, issue the following to validate pod agent provisioning to build the Pipeline code: ```sh eval $(terraform output --raw cbci_agents_pods) From 1d5cc7f98645af497bec0dbdd0237aab403a0887 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:25:25 +0200 Subject: [PATCH 30/38] Update blueprints/02-at-scale/README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- blueprints/02-at-scale/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index 8f231324..44ce13bc 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -277,7 +277,7 @@ HashiCorp Vault is used as a credential provider for CloudBees CI Pipelines in t eval $(terraform output --raw cbci_agents_pods) ``` -4. Check build logs by signing in to the `team-b` and `team-c-ha` controllers, respectively. Navigate to the pipeline jobs and select the first build, indicated by the `#1` build number. [CloudBees Pipeline Explorer](https://docs.cloudbees.com/docs/cloudbees-ci/latest/pipelines/cloudbees-pipeline-explorer-plugin) is enabled as a default. +4. Check build logs by signing in to the `team-b` and `team-c-ha` controllers, respectively. Navigate to the Pipeline jobs and select the first build, indicated by the `#1` build number. [CloudBees Pipeline Explorer](https://docs.cloudbees.com/docs/cloudbees-ci/latest/pipelines/cloudbees-pipeline-explorer-plugin) is enabled by default. ##### Container Registry From 593fe61c4d2d7d188227fa1d1632ecedef8421c9 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:25:45 +0200 Subject: [PATCH 31/38] Update blueprints/02-at-scale/README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- blueprints/02-at-scale/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index 44ce13bc..ab1e4c95 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -281,7 +281,7 @@ HashiCorp Vault is used as a credential provider for CloudBees CI Pipelines in t ##### Container Registry -This blueprints uses a couple of container registries for different purposes. +This blueprints use a couple of container registries for different purposes. - The Public Registry uses DockerHub. - The Private Registry uses AWS ECR. From 8b78ea0e32fff311f6d2276ac242de524f64e75d Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:26:11 +0200 Subject: [PATCH 32/38] Update blueprints/02-at-scale/README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- blueprints/02-at-scale/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index ab1e4c95..eaa21b8b 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -283,8 +283,8 @@ HashiCorp Vault is used as a credential provider for CloudBees CI Pipelines in t This blueprints use a couple of container registries for different purposes. -- The Public Registry uses DockerHub. -- The Private Registry uses AWS ECR. +- The public registry uses DockerHub. +- The private registry uses AWS ECR. > [!NOTE] > Other Container Registry services can be used for the same purporses. From eefd9bc7cf86c37d790159fb3dde6cac8b321de5 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:26:34 +0200 Subject: [PATCH 33/38] Update variables.tf Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 72ff851e..2934384f 100644 --- a/variables.tf +++ b/variables.tf @@ -58,7 +58,7 @@ variable "create_casc_secrets" { } variable "casc_secrets_file" { - description = "Secrets .yml file path containing the names:values secrets. It is required when create_casc_secrets is enabled." + description = "Secrets .yml file path containing the names: values secrets. It is required when create_casc_secrets is enabled." default = "secrets-values.yml" type = string validation { From 4f3f3c63a40920daa7c2cc99a8d7cb613664a2b4 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 5 Aug 2024 20:26:55 +0000 Subject: [PATCH 34/38] terraform-docs: automated action --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a40ec22b..28c9e837 100644 --- a/README.md +++ b/README.md @@ -95,7 +95,7 @@ The CloudBees CI add-on uses `helms release` for its resources definition, makin | cert_arn | AWS Certificate Manager (ACM) certificate for Amazon Resource Names (ARN). | `string` | n/a | yes | | hosted_zone | Amazon Route 53 hosted zone name. | `string` | n/a | yes | | trial_license | CloudBees CI trial license details for evaluation. | `map(string)` | n/a | yes | -| casc_secrets_file | Secrets .yml file path containing the names:values secrets. It is required when create_casc_secrets is enabled. | `string` | `"secrets-values.yml"` | no | +| casc_secrets_file | Secrets .yml file path containing the names: values secrets. It is required when create_casc_secrets is enabled. | `string` | `"secrets-values.yml"` | no | | create_casc_secrets | Create a Kubernetes basic secret for CloudBees Configuration as Code (cbci-sec-casc) and mount it into the Operation Center /var/run/secrets/cbci. | `bool` | `false` | no | | create_reg_secret | Create a Kubernetes dockerconfigjson secret for container registry authentication (cbci-sec-reg) for CI builds agents. | `bool` | `false` | no | | helm_config | CloudBees CI Helm chart configuration. | `any` | 
{
  "values": [
    ""
  ]
}
| no | From 87b01f29e7a65f7fccc6c8f8d796f557dc8f6a2c Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:27:02 +0200 Subject: [PATCH 35/38] Update blueprints/02-at-scale/README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- blueprints/02-at-scale/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index eaa21b8b..3fd53f1f 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -287,7 +287,7 @@ This blueprints use a couple of container registries for different purposes. - The private registry uses AWS ECR. > [!NOTE] -> Other Container Registry services can be used for the same purporses. +> Other Container Registry services can be used for the same purposes. Access with admin role to CloudBees CI to `team-b` or `team-c-ha` to run the pipeline _admin_ > _validations_ > _kaniko_ enter as parameters an existing DockerHub Organization and an existing AWS ECR Repository to test that Build and Push towards every repository works fine. From 4f855b89f151c50256ccbcf6f480a543626d1083 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:27:34 +0200 Subject: [PATCH 36/38] Update variables.tf Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 2934384f..ec2fa0fa 100644 --- a/variables.tf +++ b/variables.tf @@ -52,7 +52,7 @@ variable "trial_license" { } variable "create_casc_secrets" { - description = "Create a Kubernetes basic secret for CloudBees Configuration as Code (cbci-sec-casc) and mount it into the Operation Center /var/run/secrets/cbci." + description = "Create a Kubernetes basic secret for CloudBees CasC (cbci-sec-casc) and mount it into the operations center (/var/run/secrets/cbci)." default = false type = bool } From c2bb59cfbdd082b1e5fccf658d139ac34d6f4d11 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:27:50 +0200 Subject: [PATCH 37/38] Update blueprints/02-at-scale/README.md Co-authored-by: Kellie Freeman <80066741+kellie-freeman@users.noreply.github.com> --- blueprints/02-at-scale/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index 3fd53f1f..33ce8748 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -289,7 +289,7 @@ This blueprints use a couple of container registries for different purposes. > [!NOTE] > Other Container Registry services can be used for the same purposes. -Access with admin role to CloudBees CI to `team-b` or `team-c-ha` to run the pipeline _admin_ > _validations_ > _kaniko_ enter as parameters an existing DockerHub Organization and an existing AWS ECR Repository to test that Build and Push towards every repository works fine. +Sign in to the CloudBees CI to `team-b` or `team-c-ha` controllers with admin access. Run the **admin > validations > kaniko** Pipeline and enter (using parameters) an existing DockerHub organization and an existing AWS ECR Repository to test that building and pushing to all repositories works as expected. > [!NOTE] > Besides Kaniko, there are [other alternitives tools](https://docs.cloudbees.com/docs/cloudbees-ci/latest/cloud-admin-guide/using-kaniko#_alternatives). From a8ba851881cd0830dcadb06dc73c32f05d658b21 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 5 Aug 2024 20:28:06 +0000 Subject: [PATCH 38/38] terraform-docs: automated action --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 28c9e837..1359fb05 100644 --- a/README.md +++ b/README.md @@ -96,7 +96,7 @@ The CloudBees CI add-on uses `helms release` for its resources definition, makin | hosted_zone | Amazon Route 53 hosted zone name. | `string` | n/a | yes | | trial_license | CloudBees CI trial license details for evaluation. | `map(string)` | n/a | yes | | casc_secrets_file | Secrets .yml file path containing the names: values secrets. It is required when create_casc_secrets is enabled. | `string` | `"secrets-values.yml"` | no | -| create_casc_secrets | Create a Kubernetes basic secret for CloudBees Configuration as Code (cbci-sec-casc) and mount it into the Operation Center /var/run/secrets/cbci. | `bool` | `false` | no | +| create_casc_secrets | Create a Kubernetes basic secret for CloudBees CasC (cbci-sec-casc) and mount it into the operations center (/var/run/secrets/cbci). | `bool` | `false` | no | | create_reg_secret | Create a Kubernetes dockerconfigjson secret for container registry authentication (cbci-sec-reg) for CI builds agents. | `bool` | `false` | no | | helm_config | CloudBees CI Helm chart configuration. | `any` | 
{
  "values": [
    ""
  ]
}
| no | | prometheus_target | Creates a service monitor to discover the CloudBees CI Prometheus target dynamically. It is designed to be enabled with the AWS EKS Terraform Addon Kube Prometheus Stack. | `bool` | `false` | no |