diff --git a/Dockerfile b/Dockerfile index 019bd2119909c5df4f69bfc2d333503ac7041663..7510b7f939348e71ee357847cb8b346f986616f6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -41,9 +41,9 @@ ENTRYPOINT ["tini", "--", "/usr/local/bin/launch.sh"] HEALTHCHECK --interval=5m --timeout=3s \ CMD curl -fsL ${JENKINS_URL}/login || exit 1 -# LABEL securitytxt="https://www.cloudbees.com/.well-known/security.txt" -# LABEL release=69f7102311718b7e0fbed31edb877f1352ca5cf1 -# LABEL version=2.263.2.4-ra +# L-A-B-E-L securitytxt="https://www.cloudbees.com/.well-known/security.txt" +# L-A-B-E-L release=caa8c31f923e651462d8c5423dc257a4097b868b +# L-A-B-E-L version=2.277.1.6-ra COPY files.tar /tmp RUN cd / && tar xvf /tmp/files.tar && rm /tmp/files.tar @@ -65,7 +65,7 @@ ENV VOLUME_SERVICE=http://localhost:31080 ENV TENANT=cjoc ENV JENKINS_VARIANT=cjoc -# LABEL name="CloudBees CI Operation Center" -# LABEL vendor="CloudBees, Inc." -# LABEL summary="CloudBees CI is the continuous delivery platform architected for the enterprise" -# LABEL description="This container image will deploy one instance of CloudBees CI Operations Center." +# L-A-B-E-L name="CloudBees CI Operation Center" +# L-A-B-E-L vendor="CloudBees, Inc." +# L-A-B-E-L summary="CloudBees CI is the continuous delivery platform architected for the enterprise" +# L-A-B-E-L description="This container image will deploy one instance of CloudBees CI Operations Center." diff --git a/README.md b/README.md index ea3ee64b92c17992c4400eb665af72ef02cc4e9c..b0f997f957b20121f5dfad9e41ce9669214bba78 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # CloudBees CI setup -## Approved with Conditions: +## Approved with Conditions Must run behind CNAP or VPN (no internet facing). CloudBees CI (formerly known as _CloudBees Core_) consists of three Docker images installed via Helm chart: @@ -12,7 +12,7 @@ CloudBees CI (formerly known as _CloudBees Core_) consists of three Docker image For each image, all files other than UBI and native packages are included in a `files.tar` marked with a SHA-256 checksum. -A version of CloudBees CI is given in the format `2.263.2.4-ra` +A version of CloudBees CI is given in the format `2.277.1.6-ra` where the first three components are aligned with a Jenkins LTS. The Helm chart is coversioned with `core-oc`. The `core-mm` image typically shares the same version, @@ -25,13 +25,13 @@ plus whatever other customizations are desired: ```yaml OperationsCenter: Image: - dockerImage: your-registry/core-oc:2.263.2.4-ra + dockerImage: your-registry/core-oc:2.277.1.6-ra Master: Image: - dockerImage: your-registry/core-mm:2.263.2.4-ra + dockerImage: your-registry/core-mm:2.277.1.6-ra Agents: Image: - dockerImage: your-registry/agent:2.263.2.4-ra + dockerImage: your-registry/agent:2.277.1.6-ra ``` and [install via Helm 3](https://docs.cloudbees.com/docs/cloudbees-core/latest/kubernetes-install-guide/installing-kubernetes-using-helm) using the local copy of the chart: diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index b128c489be464b75f560e7c19605efe759a4e0c8..e5b0fe344dc17374b2c59c8151c8001dd3c29812 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -1,7 +1,7 @@ apiVersion: v1 -name: cloudbees/core/core-oc +name: "cloudbees/core/core-oc" tags: -- "2.263.2.4-ra" +- "2.277.1.6-ra" - latest labels: org.opencontainers.image.title: "core-oc" @@ -9,7 +9,7 @@ labels: org.opencontainers.image.licenses: proprietary org.opencontainers.image.url: https://docs.cloudbees.com/docs/cloudbees-ci/ org.opencontainers.image.vendor: CloudBees - org.opencontainers.image.version: "2.263.2.4-ra" + org.opencontainers.image.version: "2.277.1.6-ra" mil.dso.ironbank.image.keywords: cicd mil.dso.ironbank.image.type: commercial mil.dso.ironbank.product.name: CloudBees CI @@ -18,10 +18,14 @@ args: BASE_TAG: "1.8.0" resources: - filename: files.tar - url: https://downloads.cloudbees.com/dsop-files/core-oc-files-fdaeb7127afa7670743296125be0d1782e152c6ec14bca5e62ec69ef5d667901.tar + url: https://downloads.cloudbees.com/dsop-files/core-oc-files-8efbfb6463290955d66c4a6f63d2f11c67161d6f23e71ba6a4df8571b65801ed.tar validation: type: sha256 - value: "fdaeb7127afa7670743296125be0d1782e152c6ec14bca5e62ec69ef5d667901" + value: "8efbfb6463290955d66c4a6f63d2f11c67161d6f23e71ba6a4df8571b65801ed" maintainers: - email: productivity-team@cloudbees.com + name: CloudBees + username: imontero - email: andre.maksymowicz@centauricorp.com + name: Andy Maksymowicz + username: andymaks diff --git a/helm/Chart.yaml b/helm/Chart.yaml index da8ccfd3b47ca313588d9210a75d192dcbd1a172..ab3c7f657ee157e3b76ddc6e193ab029b9bc8b61 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,12 +1,29 @@ +apiVersion: v2 name: cloudbees-core -home: https://www.cloudbees.com/products/continuous-integration -apiVersion: v1 -appVersion: 2.263.2.3 -version: 3.25.3 +version: 3.28.1 description: Enterprise Continuous Integration with Jenkins -icon: https://images.ctfassets.net/vtn4rfaw6n2j/7xprMMXARXDBuVxW4y8XfV/349fff91035050e3f2a8ff37bc0615b5/cloudbees-core-logo_header.svg keywords: - cloudbees - jenkins -engine: gotpl - +home: https://www.cloudbees.com/products/continuous-integration +dependencies: + - name: nginx-ingress + version: 1.40.2 + repository: https://charts.helm.sh/stable + condition: nginx-ingress.Enabled + - name: ingress-nginx + version: 2.15.0 + repository: https://kubernetes.github.io/ingress-nginx + condition: ingress-nginx.Enabled + - name: cloudbees-sidecar-injector + version: 2.1.3 + repository: https://charts.cloudbees.com/public/cloudbees + condition: sidecarinjector.Enabled +icon: https://images.ctfassets.net/vtn4rfaw6n2j/7xprMMXARXDBuVxW4y8XfV/349fff91035050e3f2a8ff37bc0615b5/cloudbees-core-logo_header.svg +appVersion: 2.277.1.2 +annotations: + artifacthub.io/links: | + - name: Product overview + url: https://www.cloudbees.com/products/continuous-integration + - name: Documentation + url: https://docs.cloudbees.com/docs/cloudbees-ci/latest/ diff --git a/helm/README-template.md b/helm/README-template.md index b86f7f950857766487de290e7be474c2e2cbbb69..4d452b0c82deb84ceb67f3623faf9e0b8fc97537 100644 --- a/helm/README-template.md +++ b/helm/README-template.md @@ -1,6 +1,6 @@ # cloudbees-core -![Version: 3.25.3](https://img.shields.io/badge/Version-3.25.3-informational?style=flat-square) ![AppVersion: 2.263.2.3](https://img.shields.io/badge/AppVersion-2.263.2.3-informational?style=flat-square) +![Version: 3.28.1](https://img.shields.io/badge/Version-3.28.1-informational?style=flat-square) ![AppVersion: 2.277.1.2](https://img.shields.io/badge/AppVersion-2.277.1.2-informational?style=flat-square) [CloudBees CI](https://www.cloudbees.com/products/continuous-integration) is the continuous integration platform architected for the enterprise. It provides: @@ -28,7 +28,7 @@ This chart bootstraps a CloudBees CI deployment on a [Kubernetes](http://kuberne | Repository | Name | Version | |------------|------|---------| -| https://charts.cloudbees.com/public/cloudbees | cloudbees-sidecar-injector | 2.1.0 | +| https://charts.cloudbees.com/public/cloudbees | cloudbees-sidecar-injector | 2.1.3 | | https://charts.helm.sh/stable | nginx-ingress | 1.40.2 | | https://kubernetes.github.io/ingress-nginx | ingress-nginx | 2.15.0 | @@ -132,6 +132,11 @@ CloudBees provides complete and more detailed installation and operation documen | OperationsCenter.ContainerPort | int | `8080` | Container port for http traffic | | OperationsCenter.ContextPath | string | `"/cjoc"` | the path under which Operations Center will be accessible in the given host. | | OperationsCenter.Enabled | bool | `true` | Disable for particular use case like setting up namespaces to host masters only | +| OperationsCenter.ExtraConfigMaps | list | `[]` | Extra configmaps deployed with the chart | +| OperationsCenter.ExtraContainers | list | `[]` | Extra containers to add to the pod containing Operations Center. | +| OperationsCenter.ExtraGroovyConfiguration | object | `{}` | Provides additional init groovy scripts Each key becomes a file in /var/jenkins_config | +| OperationsCenter.ExtraVolumeMounts | list | `[]` | Extra volume mounts to add to the container containing Operations Center | +| OperationsCenter.ExtraVolumes | list | `[]` | Extra volumes to add to the pod | | OperationsCenter.HealthProbeLivenessFailureThreshold | int | `12` | Threshold for liveness failure | | OperationsCenter.HealthProbes | bool | `true` | Enable Kubernetes Liveness and Readiness Probes | | OperationsCenter.HostName | string | `nil` | The hostname used to access Operations Center through the ingress controller. | @@ -153,7 +158,13 @@ CloudBees provides complete and more detailed installation and operation documen | OperationsCenter.Resources.Limits.Memory | string | `"2G"` | Memory limit to run Operations Center https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-memory | | OperationsCenter.Resources.Requests.Cpu | int | `1` | CPU request to run Operations Center https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-cpu | | OperationsCenter.Resources.Requests.Memory | string | `"2G"` | Memory request to run Operations Center https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-memory | -| OperationsCenter.Route.tls.Enable | bool | `false` | Set this to true in OpenShift to terminate TLS at route level | +| OperationsCenter.Route.tls.CACertificate | string | `nil` | CA Certificate PEM-encoded | +| OperationsCenter.Route.tls.Certificate | string | `nil` | Certificate PEM-encoded | +| OperationsCenter.Route.tls.DestinationCACertificate | string | `nil` | When using `termination=reencrypt`, destination CA PEM-encoded | +| OperationsCenter.Route.tls.Enable | bool | `false` | Set this to true in OpenShift to terminate TLS at route level Read https://docs.openshift.com/container-platform/4.6/networking/routes/secured-routes.html for details. These also apply to Hibernation monitor if enabled. | +| OperationsCenter.Route.tls.InsecureEdgeTerminationPolicy | string | `"Redirect"` | Whether to redirect http to https | +| OperationsCenter.Route.tls.Key | string | `nil` | Private key PEM-encoded | +| OperationsCenter.Route.tls.Termination | string | `"edge"` | Type of termination | | OperationsCenter.ServiceAgentListenerPort | int | `50000` | Controls the service port where Operations Center TCP port for agents is exposed. Don't change this parameter unless you know what you are doing | | OperationsCenter.ServiceAnnotations | object | `{}` | Additional annotations to put on the Operations Center service | | OperationsCenter.ServicePort | int | `80` | Controls the service port where Operations Center http port is exposed. Don't change this parameter unless you know what you are doing | @@ -166,6 +177,7 @@ CloudBees provides complete and more detailed installation and operation documen | PodSecurityPolicy.Annotations | object | `{}` | Additional annotations to put on the PodSecurityPolicy, e.g. AppArmor/Seccomp settings | | PodSecurityPolicy.Enabled | bool | `false` | Enables [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) support Enable only if the cluster supports it. | | ingress-nginx.Enabled | bool | `false` | Installs the [ingress-nginx](https://github.com/kubernetes/ingress-nginx/tree/master/charts/ingress-nginx) controller (optional). Enable this section if you don't have an existing installation of ingress-nginx controller Note: use `beta.kubernetes.io/os` when deploying on Kubernetes versions below 1.16 | +| ingress-nginx.controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | | ingress-nginx.controller.ingressClass | string | `"nginx"` | | | ingress-nginx.controller.nodeSelector."kubernetes.io/os" | string | `"linux"` | | | ingress-nginx.controller.service.externalTrafficPolicy | string | `"Local"` | | diff --git a/helm/README.md b/helm/README.md index dd51b08265afc2dfce0186f3c9786ba9e05f7f5d..fb94fbb37cdba70d0f9e08837ba62812cd4a1206 100644 --- a/helm/README.md +++ b/helm/README.md @@ -1,6 +1,6 @@ # cloudbees-core -![Version: 3.25.3](https://img.shields.io/badge/Version-3.25.3-informational?style=flat-square) ![AppVersion: 2.263.2.3](https://img.shields.io/badge/AppVersion-2.263.2.3-informational?style=flat-square) +![Version: 3.28.1](https://img.shields.io/badge/Version-3.28.1-informational?style=flat-square) ![AppVersion: 2.277.1.2](https://img.shields.io/badge/AppVersion-2.277.1.2-informational?style=flat-square) [CloudBees CI](https://www.cloudbees.com/products/continuous-integration) is the continuous integration platform architected for the enterprise. It provides: @@ -28,7 +28,7 @@ This chart bootstraps a CloudBees CI deployment on a [Kubernetes](http://kuberne | Repository | Name | Version | |------------|------|---------| -| https://charts.cloudbees.com/public/cloudbees | cloudbees-sidecar-injector | 2.1.0 | +| https://charts.cloudbees.com/public/cloudbees | cloudbees-sidecar-injector | 2.1.3 | | https://charts.helm.sh/stable | nginx-ingress | 1.40.2 | | https://kubernetes.github.io/ingress-nginx | ingress-nginx | 2.15.0 | @@ -132,6 +132,11 @@ CloudBees provides complete and more detailed installation and operation documen | OperationsCenter.ContainerPort | int | `8080` | Container port for http traffic | | OperationsCenter.ContextPath | string | `"/cjoc"` | the path under which Operations Center will be accessible in the given host. | | OperationsCenter.Enabled | bool | `true` | Disable for particular use case like setting up namespaces to host masters only | +| OperationsCenter.ExtraConfigMaps | list | `[]` | Extra configmaps deployed with the chart | +| OperationsCenter.ExtraContainers | list | `[]` | Extra containers to add to the pod containing Operations Center. | +| OperationsCenter.ExtraGroovyConfiguration | object | `{}` | Provides additional init groovy scripts Each key becomes a file in /var/jenkins_config | +| OperationsCenter.ExtraVolumeMounts | list | `[]` | Extra volume mounts to add to the container containing Operations Center | +| OperationsCenter.ExtraVolumes | list | `[]` | Extra volumes to add to the pod | | OperationsCenter.HealthProbeLivenessFailureThreshold | int | `12` | Threshold for liveness failure | | OperationsCenter.HealthProbes | bool | `true` | Enable Kubernetes Liveness and Readiness Probes | | OperationsCenter.HostName | string | `nil` | The hostname used to access Operations Center through the ingress controller. | @@ -153,7 +158,13 @@ CloudBees provides complete and more detailed installation and operation documen | OperationsCenter.Resources.Limits.Memory | string | `"2G"` | Memory limit to run Operations Center https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-memory | | OperationsCenter.Resources.Requests.Cpu | int | `1` | CPU request to run Operations Center https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-cpu | | OperationsCenter.Resources.Requests.Memory | string | `"2G"` | Memory request to run Operations Center https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-memory | -| OperationsCenter.Route.tls.Enable | bool | `false` | Set this to true in OpenShift to terminate TLS at route level | +| OperationsCenter.Route.tls.CACertificate | string | `nil` | CA Certificate PEM-encoded | +| OperationsCenter.Route.tls.Certificate | string | `nil` | Certificate PEM-encoded | +| OperationsCenter.Route.tls.DestinationCACertificate | string | `nil` | When using `termination=reencrypt`, destination CA PEM-encoded | +| OperationsCenter.Route.tls.Enable | bool | `false` | Set this to true in OpenShift to terminate TLS at route level Read https://docs.openshift.com/container-platform/4.6/networking/routes/secured-routes.html for details. These also apply to Hibernation monitor if enabled. | +| OperationsCenter.Route.tls.InsecureEdgeTerminationPolicy | string | `"Redirect"` | Whether to redirect http to https | +| OperationsCenter.Route.tls.Key | string | `nil` | Private key PEM-encoded | +| OperationsCenter.Route.tls.Termination | string | `"edge"` | Type of termination | | OperationsCenter.ServiceAgentListenerPort | int | `50000` | Controls the service port where Operations Center TCP port for agents is exposed. Don't change this parameter unless you know what you are doing | | OperationsCenter.ServiceAnnotations | object | `{}` | Additional annotations to put on the Operations Center service | | OperationsCenter.ServicePort | int | `80` | Controls the service port where Operations Center http port is exposed. Don't change this parameter unless you know what you are doing | @@ -166,6 +177,7 @@ CloudBees provides complete and more detailed installation and operation documen | PodSecurityPolicy.Annotations | object | `{}` | Additional annotations to put on the PodSecurityPolicy, e.g. AppArmor/Seccomp settings | | PodSecurityPolicy.Enabled | bool | `false` | Enables [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) support Enable only if the cluster supports it. | | ingress-nginx.Enabled | bool | `false` | Installs the [ingress-nginx](https://github.com/kubernetes/ingress-nginx/tree/master/charts/ingress-nginx) controller (optional). Enable this section if you don't have an existing installation of ingress-nginx controller Note: use `beta.kubernetes.io/os` when deploying on Kubernetes versions below 1.16 | +| ingress-nginx.controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | | ingress-nginx.controller.ingressClass | string | `"nginx"` | | | ingress-nginx.controller.nodeSelector."kubernetes.io/os" | string | `"linux"` | | | ingress-nginx.controller.service.externalTrafficPolicy | string | `"Local"` | | diff --git a/helm/requirements.lock b/helm/requirements.lock index 4b08a7fbd90e574682d8d63b95f90a6c92050627..b6d8456a8906c84c747398ecb414b7c253eacaf1 100644 --- a/helm/requirements.lock +++ b/helm/requirements.lock @@ -7,6 +7,6 @@ dependencies: version: 2.15.0 - name: cloudbees-sidecar-injector repository: https://charts.cloudbees.com/public/cloudbees - version: 2.1.0 -digest: sha256:996f7a1d8ae1bb7465e7df2865ef4521e1ebe3e10827d6544caebd4d0c811c23 -generated: "2020-11-02T17:56:50.500073-05:00" + version: 2.1.3 +digest: sha256:a1c4f1c479b0edb8530d98691ccb6e935c43867539bf2b0c7df246462c475cd0 +generated: "2021-02-09T09:09:33.126879+01:00" diff --git a/helm/requirements.yaml b/helm/requirements.yaml deleted file mode 100644 index 417a1df374bf249a36339f88ea3697a460adbbdb..0000000000000000000000000000000000000000 --- a/helm/requirements.yaml +++ /dev/null @@ -1,13 +0,0 @@ -dependencies: -- name: nginx-ingress - version: 1.40.2 - repository: https://charts.helm.sh/stable - condition: nginx-ingress.Enabled -- name: ingress-nginx - version: 2.15.0 - repository: https://kubernetes.github.io/ingress-nginx - condition: ingress-nginx.Enabled -- name: cloudbees-sidecar-injector - version: 2.1.0 - repository: https://charts.cloudbees.com/public/cloudbees - condition: sidecarinjector.Enabled diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl index 18a400cee34f0fcdbb2ca5d8df8468a47f290712..6b62e4faf7bb1fc8b7102590a63b95c8886a6d4c 100644 --- a/helm/templates/_helpers.tpl +++ b/helm/templates/_helpers.tpl @@ -53,7 +53,7 @@ kubectl {{- end -}} {{- define "cloudbees-core.needs-routes" -}} -{{- if include "cloudbees-core.is-openshift" . -}} +{{- if or (include "cloudbees-core.is-openshift" . ) (.Values.OperationsCenter.Route.tls.Enable) -}} true {{- end -}} {{- end -}} @@ -228,14 +228,6 @@ true {{- end -}} {{- end -}} -{{- define "rbac.apiVersion" -}} -{{- default .Values.rbac.apiVersion "rbac.authorization.k8s.io/v1" -}} -{{- end -}} - -{{- define "rbac.apiGroup" -}} -{{- default .Values.rbac.apiGroup "rbac.authorization.k8s.io" -}} -{{- end -}} - {{- define "validate.operationscenter" -}} {{- if and (.Values.OperationsCenter.Enabled) (.Values.Master.OperationsCenterNamespace) -}} {{ fail "Can't use both OperationsCenter.Enabled=true and Master.OperationsCenterNamespace" }} @@ -330,23 +322,19 @@ ingress-nginx {{/* stable/nginx-ingress chart going away in Nov. 2020. This will be part of the 10/2020 release. Delete this after 4/2021 */}} {{- define "nginxingress.podSelectors" -}} -{{- if index .Values "nginx-ingress" "Enabled" }} -{{ include "nginxingress.includedPodSelector" . }} -{{- else if .Values.NetworkPolicy.ingressControllerSelector }} -{{ toYaml .Values.NetworkPolicy.ingressControllerSelector -}} -{{- else }} -{{ include "nginxingress.defaultPodSelectors" . }} -{{- end }} -{{- end -}} - -{{- define "nginxingress.includedPodSelector" -}} +{{- if (index .Values "nginx-ingress" "Enabled")}} - podSelector: matchLabels: - app: {{ include "ingress.name" . }} + app: nginx-ingress component: controller -{{- end -}} - -{{- define "nginxingress.defaultPodSelectors" -}} +{{- else if (index .Values "ingress-nginx" "Enabled") }} +- podSelector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/component: controller +{{- else if .Values.NetworkPolicy.ingressControllerSelector }} +{{ toYaml .Values.NetworkPolicy.ingressControllerSelector -}} +{{- else }} - namespaceSelector: matchLabels: name: {{ include "ingress.name" . }} @@ -368,25 +356,9 @@ ingress-nginx matchLabels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/component: controller -{{- end -}} - -{{- define "ingressnginx.podSelectors" -}} -{{- if index .Values "ingress-nginx" "Enabled" }} -{{ include "ingressnginx.includedPodSelector" . }} -{{- else if .Values.NetworkPolicy.ingressControllerSelector }} -{{ toYaml .Values.NetworkPolicy.ingressControllerSelector -}} -{{- else }} -{{ include "ingressnginx.defaultPodSelectors" . }} {{- end }} {{- end -}} -{{- define "ingressnginx.includedPodSelector" -}} -- podSelector: - matchLabels: - app: {{ include "ingress.name" . }} - component: controller -{{- end -}} - {{- define "networkpolicy.cjoc.http" -}} {{- if include "cloudbees-core.is-openshift" . -}} {{ .Values.OperationsCenter.ContainerPort }} @@ -444,6 +416,30 @@ managed-premium {{- end -}} {{- end -}} +{{- define "openshift.tls" -}} +{{- if .Values.OperationsCenter.Route.tls.Enable -}} +tls: + insecureEdgeTerminationPolicy: {{ .Values.OperationsCenter.Route.tls.InsecureEdgeTerminationPolicy }} + termination: {{ .Values.OperationsCenter.Route.tls.Termination }} +{{- if .Values.OperationsCenter.Route.tls.CACertificate }} + caCertificate: |- +{{ .Values.OperationsCenter.Route.tls.CACertificate | indent 4 }} +{{- end }} +{{- if .Values.OperationsCenter.Route.tls.Certificate }} + certificate: |- +{{ .Values.OperationsCenter.Route.tls.Certificate | indent 4 }} +{{- end }} +{{- if .Values.OperationsCenter.Route.tls.Key }} + key: |- +{{ .Values.OperationsCenter.Route.tls.Key | indent 4 }} +{{- end }} +{{- if .Values.OperationsCenter.Route.tls.DestinationCACertificate }} + destinationCACertificate: |- +{{ .Values.OperationsCenter.Route.tls.DestinationCACertificate | indent 4}} +{{- end }} +{{- end }} +{{- end }} + {{/* Workaround https://github.com/openshift/origin/issues/24060 */}} @@ -462,10 +458,16 @@ status: {{- end -}} {{- define "ingress.check" -}} -{{- if not (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress") }} +{{- if not (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1") }} {{ fail "\n\nERROR: Kubernetes 1.14 or later is required to use Ingress in networking.k8s.io/v1beta1" }} {{- end -}} {{- if and (index .Values "nginx-ingress" "Enabled") (index .Values "ingress-nginx" "Enabled") -}} {{ fail "\n\nERROR: Only one of nginx-ingress.Enabled or ingress-nginx.Enabled may be true" }} {{- end -}} {{- end -}} + +{{- define "features.enableServiceLinks-available" -}} +{{- if semverCompare ">=1.13.0-0" .Capabilities.KubeVersion.Version -}} +true +{{- end -}} +{{- end -}} diff --git a/helm/templates/cjoc-clusterrole-master-management.yaml b/helm/templates/cjoc-clusterrole-master-management.yaml index b241013cbcf752ded647efa6e66037ccd1525403..76667512724fece394d2a0f5f02e208071473301 100644 --- a/helm/templates/cjoc-clusterrole-master-management.yaml +++ b/helm/templates/cjoc-clusterrole-master-management.yaml @@ -1,6 +1,6 @@ {{- if and .Values.OperationsCenter.Enabled .Values.rbac.install (include "rbac.install-cluster" .) -}} kind: ClusterRole -apiVersion: {{ template "rbac.apiVersion" . }} +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: cjoc-master-management-{{ .Release.Namespace }} labels: diff --git a/helm/templates/cjoc-clusterrolebinding.yaml b/helm/templates/cjoc-clusterrolebinding.yaml index e7381e001425931c027451f58b48dafba1ed6833..867fa1b286f200a59546a999266d2ccec93bf8a8 100644 --- a/helm/templates/cjoc-clusterrolebinding.yaml +++ b/helm/templates/cjoc-clusterrolebinding.yaml @@ -1,12 +1,12 @@ {{- if and .Values.OperationsCenter.Enabled .Values.rbac.install (include "rbac.install-cluster" .) -}} kind: ClusterRoleBinding -apiVersion: {{ template "rbac.apiVersion" . }} +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: cjoc-role-binding-{{ .Release.Namespace }} labels: {{ include "cloudbees-core.labels" . | indent 4 }} roleRef: - apiGroup: {{ template "rbac.apiGroup" . }} + apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cjoc-master-management-{{ .Release.Namespace }} subjects: diff --git a/helm/templates/cjoc-role-agents.yaml b/helm/templates/cjoc-role-agents.yaml new file mode 100644 index 0000000000000000000000000000000000000000..15c036b35cb6f792a68828893d5ba3cbdd3d19a1 --- /dev/null +++ b/helm/templates/cjoc-role-agents.yaml @@ -0,0 +1,21 @@ +{{ template "validate.operationscenter" . }} +{{- if or (.Values.OperationsCenter.Enabled) (.Values.Master.OperationsCenterNamespace) -}} +{{- if .Values.Agents.SeparateNamespace.Enabled -}} +{{- if .Values.rbac.install -}} +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: cjoc-agents-test-connection + namespace: {{ template "agents.namespace" . }} + labels: +{{ include "cloudbees-core.labels" . | indent 4 }} +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - list +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/helm/templates/cjoc-role-master-management.yaml b/helm/templates/cjoc-role-master-management.yaml index eb4d0564121883073fe9a91b40f4c66a1cbab6ef..2e91c9acab4a5e0f4f0837b4a068f362c01f4b07 100644 --- a/helm/templates/cjoc-role-master-management.yaml +++ b/helm/templates/cjoc-role-master-management.yaml @@ -2,12 +2,21 @@ {{- if or (.Values.OperationsCenter.Enabled) (.Values.Master.OperationsCenterNamespace) -}} {{- if .Values.rbac.install -}} kind: Role -apiVersion: {{ template "rbac.apiVersion" . }} +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: cjoc-master-management labels: {{ include "cloudbees-core.labels" . | indent 4 }} rules: +{{- if .Values.Master.OperationsCenterNamespace }} +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list +{{- end }} - apiGroups: - "" resources: diff --git a/helm/templates/cjoc-rolebinding-agents.yaml b/helm/templates/cjoc-rolebinding-agents.yaml new file mode 100644 index 0000000000000000000000000000000000000000..8dcf0b44da61653729e3494b0c49c841ffff051a --- /dev/null +++ b/helm/templates/cjoc-rolebinding-agents.yaml @@ -0,0 +1,22 @@ +{{ template "validate.operationscenter" . }} +{{- if or (.Values.OperationsCenter.Enabled) (.Values.Master.OperationsCenterNamespace) -}} +{{- if .Values.Agents.SeparateNamespace.Enabled -}} +{{- if .Values.rbac.install -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: cjoc-agents-role-binding + namespace: {{ template "agents.namespace" . }} + labels: +{{ include "cloudbees-core.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cjoc-agents-test-connection +subjects: +- kind: ServiceAccount + name: {{ .Values.rbac.serviceAccountName }} + namespace: {{ .Release.Namespace }} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/helm/templates/cjoc-rolebinding.yaml b/helm/templates/cjoc-rolebinding.yaml index feb48aceb846804c137ae0ffc464a611bfae9ce2..85a145fbcc5133009c95085b33d946dc6d7ea79a 100644 --- a/helm/templates/cjoc-rolebinding.yaml +++ b/helm/templates/cjoc-rolebinding.yaml @@ -1,14 +1,14 @@ {{ template "validate.operationscenter" . }} {{- if or (.Values.OperationsCenter.Enabled) (.Values.Master.OperationsCenterNamespace) -}} {{- if .Values.rbac.install -}} -apiVersion: {{ template "rbac.apiVersion" . }} +apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: cjoc-role-binding labels: {{ include "cloudbees-core.labels" . | indent 4 }} roleRef: - apiGroup: {{ template "rbac.apiGroup" . }} + apiGroup: rbac.authorization.k8s.io kind: Role name: cjoc-master-management subjects: diff --git a/helm/templates/cjoc-route.yaml b/helm/templates/cjoc-route.yaml index 65913e9bc4bc7675533c4386b2e618e929c3e3bb..def9f6f5304f01b0d0ba7fdcdaae9885dc4b5b03 100644 --- a/helm/templates/cjoc-route.yaml +++ b/helm/templates/cjoc-route.yaml @@ -18,11 +18,7 @@ spec: port: targetPort: http wildcardPolicy: None - {{- if eq .Values.OperationsCenter.Route.tls.Enable true }} - tls: - insecureEdgeTerminationPolicy: Redirect - termination: edge - {{end }} +{{ include "openshift.tls" . | indent 2 }} {{ include "chart.helmRouteFix" $ }} {{- end -}} {{- end -}} diff --git a/helm/templates/cjoc-statefulset.yaml b/helm/templates/cjoc-statefulset.yaml index 788ff4b86fdc2f7dd522e805b37987a66689e821..bab081230bda8d59f5bdbb68c4f78c04168d076e 100644 --- a/helm/templates/cjoc-statefulset.yaml +++ b/helm/templates/cjoc-statefulset.yaml @@ -62,7 +62,9 @@ spec: operator: In values: - slave + {{- if include "features.enableServiceLinks-available" . }} enableServiceLinks: false + {{- end }} serviceAccountName: {{ .Values.rbac.serviceAccountName }} {{- if .Values.OperationsCenter.NodeSelector }} nodeSelector: @@ -140,6 +142,9 @@ spec: -Dcom.cloudbees.jce.masterprovisioning.DockerImageDefinitionConfiguration.masterImageName={{ include "mm.longname" . | quote}} -Dcom.cloudbees.jce.masterprovisioning.DockerImageDefinitionConfiguration.masterImage={{ .Values.Master.Image.dockerImage}} -Dcom.cloudbees.masterprovisioning.kubernetes.KubernetesMasterProvisioning.serviceAccount={{ .Values.rbac.masterServiceAccountName }} + {{- if .Values.Agents.SeparateNamespace.Enabled }} + -Dcom.cloudbees.jenkins.plugins.kube.NamespaceFilter.defaultNamespace={{ template "agents.namespace" . }} + {{- end }} {{- if (include "persistence.storageclass" .) }} -Dcom.cloudbees.masterprovisioning.kubernetes.KubernetesMasterProvisioning.storageClassName={{ include "persistence.storageclass" . | quote }} {{- end }} @@ -155,6 +160,12 @@ spec: {{- if .Values.OperationsCenter.CSRF.ProxyCompatibility }} -Djenkins.model.Jenkins.crumbIssuerProxyCompatibility=true {{- end }} + {{- if .Values.sda }} + {{- if .Values.OperationsCenter.HostName }} + -Dcom.cloudbees.jenkins.plugins.platform.PlatformConfiguration.url={{- include "oc.protocol" . -}}://{{ include "oc.hostname" . }}/ + {{- end }} + -Dcom.cloudbees.jenkins.plugins.platform.PlatformServer.apiUrl=https://flow-server:8443/ + {{- end }} -XX:+UseG1GC -XX:+DisableExplicitGC ports: diff --git a/helm/templates/managed-master-hibernation-monitor-deployment.yaml b/helm/templates/managed-master-hibernation-monitor-deployment.yaml index b8b28ca0aeb458c6f34d7787f5a7f57ebdee1d78..9c7e106a244f05e80bae353767ad5a9032ea6d2a 100644 --- a/helm/templates/managed-master-hibernation-monitor-deployment.yaml +++ b/helm/templates/managed-master-hibernation-monitor-deployment.yaml @@ -71,7 +71,9 @@ spec: limits: memory: 250Mi serviceAccountName: {{ .Values.rbac.hibernationMonitorServiceAccountName }} + {{- if include "features.enableServiceLinks-available" . }} enableServiceLinks: false + {{- end }} {{- if .Values.Hibernation.NodeSelector }} nodeSelector: {{ toYaml .Values.Hibernation.NodeSelector | indent 8 }} diff --git a/helm/templates/managed-master-hibernation-monitor-role.yaml b/helm/templates/managed-master-hibernation-monitor-role.yaml index 53c54ba901cd04a6ce125ab3e4550d1b5cfddc3b..0ece24ed7fcf315668f8967c5dcdc29773a767f6 100644 --- a/helm/templates/managed-master-hibernation-monitor-role.yaml +++ b/helm/templates/managed-master-hibernation-monitor-role.yaml @@ -1,7 +1,7 @@ {{- if .Values.Hibernation.Enabled -}} {{- if .Values.rbac.install -}} kind: Role -apiVersion: {{ template "rbac.apiVersion" . }} +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: managed-master-hibernation-monitor labels: diff --git a/helm/templates/managed-master-hibernation-monitor-rolebinding.yaml b/helm/templates/managed-master-hibernation-monitor-rolebinding.yaml index a0271679b1378e415151146aedce4c261ff86caa..22198b5961b2d2337c38abc0b52e64755ede8d0c 100644 --- a/helm/templates/managed-master-hibernation-monitor-rolebinding.yaml +++ b/helm/templates/managed-master-hibernation-monitor-rolebinding.yaml @@ -1,13 +1,13 @@ {{- if .Values.Hibernation.Enabled -}} {{- if .Values.rbac.install -}} -apiVersion: {{ template "rbac.apiVersion" . }} +apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: managed-master-hibernation-monitor labels: {{ include "cloudbees-core.labels" . | indent 4 }} roleRef: - apiGroup: {{ template "rbac.apiGroup" . }} + apiGroup: rbac.authorization.k8s.io kind: Role name: managed-master-hibernation-monitor subjects: diff --git a/helm/templates/managed-master-hibernation-monitor-route-namespaced.yaml b/helm/templates/managed-master-hibernation-monitor-route-namespaced.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3a7d53d177726252c54e45af439eeeb1b79c126b --- /dev/null +++ b/helm/templates/managed-master-hibernation-monitor-route-namespaced.yaml @@ -0,0 +1,22 @@ +{{- if .Values.Hibernation.Enabled -}} +{{- if include "cloudbees-core.needs-routes" . -}} +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: managed-master-hibernation-monitor-namespaced +spec: +{{- if .Values.OperationsCenter.HostName }} + host: {{ .Values.OperationsCenter.HostName | quote }} +{{- end }} + path: /hibernation/ns/{{ .Release.Namespace }} + to: + kind: Service + name: managed-master-hibernation-monitor + weight: 100 + port: + targetPort: http + wildcardPolicy: None +{{ include "openshift.tls" . | indent 2 }} +{{ include "chart.helmRouteFix" $ }} +{{- end -}} +{{- end -}} diff --git a/helm/templates/managed-master-hibernation-monitor-route.yaml b/helm/templates/managed-master-hibernation-monitor-route.yaml index 50c79e6431e37d276ba23c2893dabfae12403673..6b8344e5e2d13b134a6f3347b4646687670b28d1 100644 --- a/helm/templates/managed-master-hibernation-monitor-route.yaml +++ b/helm/templates/managed-master-hibernation-monitor-route.yaml @@ -1,3 +1,4 @@ +{{- if .Values.OperationsCenter.Enabled -}} {{- if .Values.Hibernation.Enabled -}} {{- if include "cloudbees-core.needs-routes" . -}} apiVersion: route.openshift.io/v1 @@ -16,11 +17,8 @@ spec: port: targetPort: http wildcardPolicy: None - {{- if eq .Values.OperationsCenter.Route.tls.Enable true }} - tls: - insecureEdgeTerminationPolicy: Redirect - termination: edge - {{end }} +{{ include "openshift.tls" . | indent 2 }} {{ include "chart.helmRouteFix" $ }} {{- end -}} {{- end -}} +{{- end -}} diff --git a/helm/templates/master-role-agents-management.yaml b/helm/templates/master-role-agents-management.yaml index 9cd8231017ac46bd6d4af8738e896f90b69d5144..891147e85566488b1e17bc207fd7e85b7ea57b85 100644 --- a/helm/templates/master-role-agents-management.yaml +++ b/helm/templates/master-role-agents-management.yaml @@ -1,7 +1,7 @@ {{- if .Values.Master.Enabled -}} {{- if .Values.rbac.install -}} kind: Role -apiVersion: {{ template "rbac.apiVersion" . }} +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: cjoc-agents namespace: {{ template "agents.namespace" . }} diff --git a/helm/templates/master-rolebinding.yaml b/helm/templates/master-rolebinding.yaml index a8c8c4fe3f2381a63acf2d015f2e6858c496991a..da121adb262f810eb8b5675597a0891689823d6b 100644 --- a/helm/templates/master-rolebinding.yaml +++ b/helm/templates/master-rolebinding.yaml @@ -1,6 +1,6 @@ {{- if .Values.Master.Enabled -}} {{- if .Values.rbac.install -}} -apiVersion: {{ template "rbac.apiVersion" . }} +apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: cjoc-master-role-binding @@ -8,7 +8,7 @@ metadata: labels: {{ include "cloudbees-core.labels" . | indent 4 }} roleRef: - apiGroup: {{ template "rbac.apiGroup" . }} + apiGroup: rbac.authorization.k8s.io kind: Role name: cjoc-agents subjects: diff --git a/helm/templates/psp-restricted-agents-role.yaml b/helm/templates/psp-restricted-agents-role.yaml index b1296a0700a452c4a3cf070723e1bb943ac2c677..caaaa52259883b509c3cb545d2942de7e10302e4 100644 --- a/helm/templates/psp-restricted-agents-role.yaml +++ b/helm/templates/psp-restricted-agents-role.yaml @@ -1,6 +1,6 @@ {{- if and (include "psp.enabled" .) (.Values.Agents.SeparateNamespace.Enabled) }} kind: Role -apiVersion: {{ template "rbac.apiVersion" . }} +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: "cb:podsecuritypolicy:restricted" namespace: {{ template "agents.namespace" . }} diff --git a/helm/templates/psp-restricted-agents-rolebinding.yaml b/helm/templates/psp-restricted-agents-rolebinding.yaml index 58ed1338abf83bf4c5a6626624d700e062df0a14..0e8cd57d7914f0322e227082fc913206f62df1e5 100644 --- a/helm/templates/psp-restricted-agents-rolebinding.yaml +++ b/helm/templates/psp-restricted-agents-rolebinding.yaml @@ -1,5 +1,5 @@ {{- if and (include "psp.enabled" .) (.Values.Agents.SeparateNamespace.Enabled) }} -apiVersion: {{ template "rbac.apiVersion" . }} +apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: "cb:podsecuritypolicy:restricted" @@ -7,7 +7,7 @@ metadata: labels: {{ include "cloudbees-core.labels" . | indent 4 }} roleRef: - apiGroup: {{ template "rbac.apiGroup" . }} + apiGroup: rbac.authorization.k8s.io kind: Role name: "cb:podsecuritypolicy:restricted" subjects: diff --git a/helm/templates/psp-restricted-role.yaml b/helm/templates/psp-restricted-role.yaml index fe65cd70d296d8ec4f03b4521183e1ba707aba56..40e4f39eb9d7e1e8ff515df15dd55393fcb3089b 100644 --- a/helm/templates/psp-restricted-role.yaml +++ b/helm/templates/psp-restricted-role.yaml @@ -1,6 +1,6 @@ {{- if include "psp.enabled" . }} kind: Role -apiVersion: {{ template "rbac.apiVersion" . }} +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: "cb:podsecuritypolicy:restricted" labels: diff --git a/helm/templates/psp-restricted-rolebinding.yaml b/helm/templates/psp-restricted-rolebinding.yaml index 7b8649fde1c64e52dd40dda27c5ef3c8ffe79cf9..20d452af05398318c9bce029ba307c8a91503fb6 100644 --- a/helm/templates/psp-restricted-rolebinding.yaml +++ b/helm/templates/psp-restricted-rolebinding.yaml @@ -1,12 +1,12 @@ {{- if include "psp.enabled" . }} -apiVersion: {{ template "rbac.apiVersion" . }} +apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: "cb:podsecuritypolicy:restricted" labels: {{ include "cloudbees-core.labels" . | indent 4 }} roleRef: - apiGroup: {{ template "rbac.apiGroup" . }} + apiGroup: rbac.authorization.k8s.io kind: Role name: "cb:podsecuritypolicy:restricted" subjects: diff --git a/helm/values.yaml b/helm/values.yaml index e04ee07b74f4dc42f7e2acd688093baab200331d..20c04748ed942fd53a36a6645a54123d8153698a 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -13,6 +13,10 @@ ingress-nginx: kubernetes.io/os: linux service: externalTrafficPolicy: Local + admissionWebhooks: + patch: + nodeSelector: + kubernetes.io/os: linux defaultBackend: nodeSelector: kubernetes.io/os: linux @@ -50,7 +54,7 @@ OperationsCenter: # Operations Center docker image Image: # OperationsCenter.Image.dockerImage -- Container image to use for Operations Center - dockerImage: dcar/core-oc:2.263.2.4-ra + dockerImage: dcar/core-oc:2.277.1.6-ra # OperationsCenter.Image.dockerPullPolicy -- https://kubernetes.io/docs/concepts/containers/images/#updating-images dockerPullPolicy: null @@ -184,11 +188,23 @@ OperationsCenter: Route: tls: # OperationsCenter.Route.tls.Enable -- Set this to true in OpenShift to terminate TLS at route level + # Read https://docs.openshift.com/container-platform/4.6/networking/routes/secured-routes.html for details. + # These also apply to Hibernation monitor if enabled. Enable: false - - ## @param ExtraConfigMaps - array of objects - optional - ## Extra configmaps deployed with the chart - # + # OperationsCenter.Route.tls.Termination -- Type of termination + Termination: edge + # OperationsCenter.Route.tls.InsecureEdgeTerminationPolicy -- Whether to redirect http to https + InsecureEdgeTerminationPolicy: Redirect + # OperationsCenter.Route.tls.CACertificate -- CA Certificate PEM-encoded + CACertificate: null + # OperationsCenter.Route.tls.Certificate -- Certificate PEM-encoded + Certificate: null + # OperationsCenter.Route.tls.Key -- Private key PEM-encoded + Key: null + # OperationsCenter.Route.tls.DestinationCACertificate -- When using `termination=reencrypt`, destination CA PEM-encoded + DestinationCACertificate: null + # OperationsCenter.ExtraConfigMaps -- Extra configmaps deployed with the chart + ExtraConfigMaps: [] # ExtraConfigMaps: # - name: my-config-map # labels: @@ -199,33 +215,29 @@ OperationsCenter: # myfile.yaml: | # foo: bar - ## @param ExtraContainers - array of objects - optional - ## Extra containers to add to the pod containing Operations Center. - # + # OperationsCenter.ExtraContainers -- Extra containers to add to the pod containing Operations Center. + ExtraContainers: [] # ExtraContainers: # - name: sleep # image: tutum/curl # command: ["sleep", "infinity"] - ## @param ExtraGroovyConfiguration - list of objects - optional - ## Provides additional init groovy scripts - ## Each key becomes a file in /var/jenkins_config - # + # OperationsCenter.ExtraGroovyConfiguration -- Provides additional init groovy scripts + # Each key becomes a file in /var/jenkins_config + ExtraGroovyConfiguration: {} # ExtraGroovyConfiguration: # hello-world.groovy: | # System.out.println('Hello world!') - ## @param ExtraVolumes - array of objects - optional - ## Extra volumes to add to the pod - # + # OperationsCenter.ExtraVolumes -- Extra volumes to add to the pod + ExtraVolumes: [] # ExtraVolumes: # - name: my-volume # configMap: # name: my-config-map - ## @param ExtraVolumesMounts - array of objects - optional - ## Extra volume mounts to add to the container containing Operations Center - # + # OperationsCenter.ExtraVolumeMounts -- Extra volume mounts to add to the container containing Operations Center + ExtraVolumeMounts: [] # ExtraVolumeMounts: # - name: my-volume # mountPath: /var/my-path @@ -241,7 +253,7 @@ Master: # Docker image inserted in Operations Center automatically Image: # Master.Image.dockerImage -- Used to override the default docker image - dockerImage: dcar/core-mm:2.263.2.4-ra + dockerImage: dcar/core-mm:2.277.1.6-ra # Master.JavaOpts -- Additional Java options to pass to managed masters. For example, setting up a JMX port JavaOpts: null @@ -258,7 +270,7 @@ Agents: Create: false Image: # Agents.Image.dockerImage -- Used to override the default docker image used for agents - dockerImage: dcar/agent:2.263.2.4-ra + dockerImage: dcar/agent:2.277.1.6-ra # Image pull secrets # Enable this option when using a private registry. # https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line diff --git a/scripts/usr/local/bin/jenkins.sh b/scripts/usr/local/bin/jenkins.sh index e82afca2b477448922e269e9e0f6055d817540ad..9862b4f2c89a1ab16cb63adbcc3f89be4b5e0a97 100644 --- a/scripts/usr/local/bin/jenkins.sh +++ b/scripts/usr/local/bin/jenkins.sh @@ -52,7 +52,7 @@ find /usr/share/jenkins/ref/ -type f -exec bash -c "copy_reference_file '{}'" \; # if `docker run` first argument start with `--` the user is passing jenkins launcher arguments if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then - eval "exec java ${JAVA_OPTS:-} -jar -Dcb.distributable.name=\"Docker Common CJE\" -Dcb.distributable.commit_sha=69f7102311718b7e0fbed31edb877f1352ca5cf1 /usr/share/jenkins/jenkins.war $JENKINS_OPTS \"\$@\"" + eval "exec java ${JAVA_OPTS:-} -jar -Dcb.distributable.name=\"Docker Common CJE\" -Dcb.distributable.commit_sha=caa8c31f923e651462d8c5423dc257a4097b868b /usr/share/jenkins/jenkins.war $JENKINS_OPTS \"\$@\"" fi # As argument is not jenkins, assume user want to run his own process, for sample a `bash` shell to explore this image