Skip to content

Commit

Permalink
Jenkins Updates
Browse files Browse the repository at this point in the history
  • Loading branch information
danmanners committed Sep 9, 2023
1 parent bfab899 commit ead7009
Show file tree
Hide file tree
Showing 6 changed files with 47 additions and 161 deletions.
92 changes: 21 additions & 71 deletions manifests/workloads/argo-workflows/rbac.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,77 +3,27 @@ kind: ClusterRole
metadata:
name: goodmannershosting-admins
rules:
- verbs:
- get
- watch
- list
apiGroups:
- ''
resources:
- configmaps
- events
- verbs:
- get
- list
- watch
- delete
apiGroups:
- ''
resources:
- pods
- verbs:
- get
- list
apiGroups:
- ''
resources:
- pods/log
- verbs:
- get
apiGroups:
- ''
resources:
- secrets
resourceNames:
- sso
- verbs:
- create
apiGroups:
- ''
resources:
- secrets
- verbs:
- get
- list
- watch
apiGroups:
- ''
resources:
- serviceaccounts
- verbs:
- get
apiGroups:
- ''
resources:
- secrets
- verbs:
- watch
- create
- patch
apiGroups:
- ''
resources:
- events
- verbs:
- create
- get
- list
- watch
- update
- patch
- delete
apiGroups:
- argoproj.io
- verbs: [get, watch, list]
apiGroups: [""]
resources: [configmaps, events]
- verbs: [get, watch, list, delete]
apiGroups: [""]
resources: [pods]
- verbs: [get, list]
apiGroups: [""]
resources: [pods/log]
- verbs: [get, create]
apiGroups: [""]
resources: [secrets]
resourceNames: [sso]
- verbs: [get, list, watch]
apiGroups: [""]
resources: [serviceaccounts]
- verbs: [create, watch, patch]
apiGroups: [""]
resources: [events]
- verbs: [create, get, list, watch, update, patch, delete]
apiGroups: [argoproj.io]
resources:
- cronworkflows
- eventbus
Expand Down
20 changes: 0 additions & 20 deletions manifests/workloads/jenkins-oss/argoproj-application.yaml

This file was deleted.

3 changes: 3 additions & 0 deletions manifests/workloads/jenkins-oss/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,6 @@ images:
- name: jenkins-container-image:latest
newName: core.harbor.homelab.danmanners.com/docker.io/jenkins/jenkins
newTag: 2.414.1-lts
- name: busybox-image
newName: core.harbor.homelab.danmanners.com/docker.io/library/busybox
newTag: stable
21 changes: 14 additions & 7 deletions manifests/workloads/jenkins-oss/rbac.yaml
Original file line number Diff line number Diff line change
@@ -1,13 +1,20 @@
---
apiVersion: v1
kind: ServiceAccount
# automountServiceAccountToken: true
metadata:
name: default
---
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
name: default.service-account-token
annotations:
kubernetes.io/service-account.name: default
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: default
name: jenkins
rules:
- apiGroups: [""]
Expand All @@ -21,11 +28,11 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: jenkins-user
subjects:
- kind: ServiceAccount
name: default
namespace: default
roleRef:
kind: ClusterRole
name: jenkins
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
subjects:
- name: default
kind: ServiceAccount
namespace: default
56 changes: 0 additions & 56 deletions manifests/workloads/jenkins-oss/statefulset.yaml

This file was deleted.

16 changes: 9 additions & 7 deletions manifests/workloads/jenkins-oss/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,8 @@ image:
tag: latest
pullPolicy: IfNotPresent

nodeSelector:
kubernetes.io/arch: amd64

podSecurityContext:
fsGroup: 1000
runAsUser: 1000
runAsGroup: 1000

Expand All @@ -19,13 +17,19 @@ termination:
resources:
limits:
cpu: "2"
memory: "4Gi"
requests:
cpu: "1"
memory: "2Gi"

initContainers:
init-jenkins:
image: docker.io/library/busybox:stable
init:
image: busybox-image
command: ["sh", "-c", "ls -halt /var/jenkins_home && chown -R 1000:1000 /var/jenkins_home"]
securityContext:
runAsUser: 0
allowPrivilegeEscalation: true

volumeMounts:
- name: jenkins-home
mountPath: /var/jenkins_home
Expand Down Expand Up @@ -60,13 +64,11 @@ ingress:
paths:
- path: /
pathType: Prefix
service:

persistence:
jenkins-home:
enabled: true
storageClass: ceph-rbd
accessMode: ReadWriteOnce
mountPath: /var/jenkins_home
# subPath: jenkins-volume
size: 20Gi

0 comments on commit ead7009

Please sign in to comment.