Merge branch 'development' into 'master'

Development

See merge request !53

helm/templates/managed-master-hibernation-monitor-ingress.yaml

@@ -7,35 +7,40 @@ metadata:
   labels:
 {{ include "cloudbees-core.labels" . | indent 4 }}
   annotations:
-{{ include "ingress.annotations" . | indent 4 }}
+{{ include "hibernationMonitor.ingress.annotations" . | indent 4}}
 spec:
   rules:
   -
-{{- if .Values.OperationsCenter.HostName }}
-    host: {{ .Values.OperationsCenter.HostName | quote }}
+{{- if (include "hibernation.hostnamewithoutport" . ) }}
+    host: {{ include "hibernation.hostnamewithoutport" . | quote }}
 {{- end }}
     http:
       paths:
       - path: /hibernation/ns/{{ .Release.Namespace }}/
         backend:
-          serviceName: managed-master-hibernation-monitor
-          servicePort: 80
+{{ include "ingress.backend.hibernation" . | indent 10 }}
+{{- if eq (include "ingress.apiVersion" .) "networking.k8s.io/v1" }}
+        pathType: Prefix
+{{- else }}
       - path: /hibernation/ns/{{ .Release.Namespace }}/*
         backend:
-          serviceName: managed-master-hibernation-monitor
-          servicePort: 80
+
+{{ include "ingress.backend.hibernation" . | indent 10 }}
+{{- end }}
       - path: /hibernation/
         backend:
-          serviceName: managed-master-hibernation-monitor
-          servicePort: 80
+{{ include "ingress.backend.hibernation" . | indent 10 }}
+{{- if eq (include "ingress.apiVersion" .) "networking.k8s.io/v1" }}
+        pathType: Prefix
+{{- else }}
       - path: /hibernation/*
         backend:
-          serviceName: managed-master-hibernation-monitor
-          servicePort: 80
+{{ include "ingress.backend.hibernation" . | indent 10 }}
+{{- end }}
 {{- if .Values.OperationsCenter.Ingress.tls.Enable }}
   tls:
     - hosts:
-        - {{ .Values.OperationsCenter.HostName | quote }}
+        - {{ include "hibernation.hostnamewithoutport" .  | quote }}
       secretName: {{ .Values.OperationsCenter.Ingress.tls.SecretName }}
 {{- end -}}
 {{- end -}}

helm/templates/managed-master-hibernation-monitor-role.yaml

 {{- if .Values.Hibernation.Enabled -}}
 {{- if .Values.rbac.install -}}
 kind: Role
-apiVersion: {{ template "rbac.apiVersion" . }}
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: managed-master-hibernation-monitor
   labels:

helm/templates/managed-master-hibernation-monitor-rolebinding.yaml

 {{- if .Values.Hibernation.Enabled -}}
 {{- if .Values.rbac.install -}}
-apiVersion: {{ template "rbac.apiVersion" . }}
+apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: managed-master-hibernation-monitor
   labels:
 {{ include "cloudbees-core.labels" . | indent 4 }}
 roleRef:
-  apiGroup: {{ template "rbac.apiGroup" . }}
+  apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: managed-master-hibernation-monitor
 subjects:

helm/templates/managed-master-hibernation-monitor-route-namespaced.yaml

+{{- if .Values.Hibernation.Enabled -}}
+{{- if include "cloudbees-core.needs-routes" . -}}
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: managed-master-hibernation-monitor-namespaced
+spec:
+{{- if (include "hibernation.hostnamewithoutport" . ) }}
+  host: {{ include "hibernation.hostnamewithoutport" . | quote }}
+{{- end }}
+  path: /hibernation/ns/{{ .Release.Namespace }}
+  to:
+    kind: Service
+    name: managed-master-hibernation-monitor
+    weight: 100
+  port:
+    targetPort: http
+  wildcardPolicy: None
+{{ include "openshift.tls" . | indent 2 }}
+{{ include "chart.helmRouteFix" $ }}
+{{- end -}}
+{{- end -}}

helm/templates/managed-master-hibernation-monitor-route.yaml

@@ -5,8 +5,8 @@ kind: Route
 metadata:
   name: managed-master-hibernation-monitor
 spec:
-{{- if .Values.OperationsCenter.HostName }}
-  host:  {{ .Values.OperationsCenter.HostName | quote }}
+{{- if (include "hibernation.hostnamewithoutport" . ) }}
+  host: {{ include "hibernation.hostnamewithoutport" . | quote }}
 {{- end }}
   path: /hibernation
   to:
@@ -16,11 +16,7 @@ spec:
   port:
     targetPort: http
   wildcardPolicy: None
-        {{- if eq .Values.OperationsCenter.Route.tls.Enable true }}
-  tls:
-    insecureEdgeTerminationPolicy: Redirect
-    termination: edge
-        {{end }}
+{{ include "openshift.tls" . | indent 2 }}
 {{ include "chart.helmRouteFix" $ }}
 {{- end -}}
 {{- end -}}

helm/templates/master-role-agents-management.yaml

 {{- if .Values.Master.Enabled -}}
 {{- if .Values.rbac.install -}}
 kind: Role
-apiVersion: {{ template "rbac.apiVersion" . }}
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: cjoc-agents
   namespace: {{ template "agents.namespace" . }}

helm/templates/master-rolebinding.yaml

 {{- if .Values.Master.Enabled -}}
 {{- if .Values.rbac.install -}}
-apiVersion: {{ template "rbac.apiVersion" . }}
+apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: cjoc-master-role-binding
@@ -8,7 +8,7 @@ metadata:
   labels:
 {{ include "cloudbees-core.labels" . | indent 4 }}
 roleRef:
-  apiGroup: {{ template "rbac.apiGroup" . }}
+  apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: cjoc-agents
 subjects:

helm/templates/psp-restricted-agents-role.yaml

 {{- if and (include "psp.enabled" .) (.Values.Agents.SeparateNamespace.Enabled) }}
 kind: Role
-apiVersion: {{ template "rbac.apiVersion" . }}
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: "cb:podsecuritypolicy:restricted"
   namespace: {{ template "agents.namespace" . }}

helm/templates/psp-restricted-agents-rolebinding.yaml

 {{- if and (include "psp.enabled" .) (.Values.Agents.SeparateNamespace.Enabled) }}
-apiVersion: {{ template "rbac.apiVersion" . }}
+apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: "cb:podsecuritypolicy:restricted"
@@ -7,7 +7,7 @@ metadata:
   labels:
 {{ include "cloudbees-core.labels" . | indent 4 }}
 roleRef:
-  apiGroup: {{ template "rbac.apiGroup" . }}
+  apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: "cb:podsecuritypolicy:restricted"
 subjects:

helm/templates/psp-restricted-role.yaml

 {{- if include "psp.enabled" . }}
 kind: Role
-apiVersion: {{ template "rbac.apiVersion" . }}
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: "cb:podsecuritypolicy:restricted"
   labels:

helm/templates/psp-restricted-rolebinding.yaml

 {{- if include "psp.enabled" . }}
-apiVersion: {{ template "rbac.apiVersion" . }}
+apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: "cb:podsecuritypolicy:restricted"
   labels:
 {{ include "cloudbees-core.labels" . | indent 4 }}
 roleRef:
-  apiGroup: {{ template "rbac.apiGroup" . }}
+  apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: "cb:podsecuritypolicy:restricted"
 subjects:

helm/values.yaml

@@ -2,6 +2,9 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
+# Subdomain -- Whether to use a DNS subdomain for each controller.
+Subdomain: false
+
 # ingress-nginx.Enabled -- Installs the [ingress-nginx](https://github.com/kubernetes/ingress-nginx/tree/master/charts/ingress-nginx) controller (optional).
 # Enable this section if you don't have an existing installation of ingress-nginx controller
 # Note: use `beta.kubernetes.io/os` when deploying on Kubernetes versions below 1.16
@@ -13,6 +16,10 @@ ingress-nginx:
       kubernetes.io/os: linux
     service:
       externalTrafficPolicy: Local
+    admissionWebhooks:
+      patch:
+        nodeSelector:
+          kubernetes.io/os: linux
   defaultBackend:
     nodeSelector:
       kubernetes.io/os: linux
@@ -50,7 +57,7 @@ OperationsCenter:
   # Operations Center docker image
   Image:
     # OperationsCenter.Image.dockerImage -- Container image to use for Operations Center
-    dockerImage: dcar/core-oc:2.263.2.4-ra
+    dockerImage: dcar/core-oc:2.277.2.1-ra
     # OperationsCenter.Image.dockerPullPolicy -- https://kubernetes.io/docs/concepts/containers/images/#updating-images
     dockerPullPolicy: null
 
@@ -69,7 +76,13 @@ OperationsCenter:
   HostName: null
 
   # OperationsCenter.ContextPath -- the path under which Operations Center will be accessible in the given host.
-  ContextPath: /cjoc
+  # DEPRECATED - Use OperationsCenter.Name instead.
+  ContextPath: null
+
+  # OperationsCenter.Name -- the name in the URL under which Operations Center will be accessible in the given host.
+  # For instance, if Subdomain is true, the URL to access Operations Center will be {{OperationsCenter.Protocol}}://{{OperationsCenter.Name}}.{{OperationsCenter.HostName}}:{{OperationsCenter.Port}}
+  # If Subdomain is false, the URL to access Operations Center will be {{OperationsCenter.Protocol}}://{{OperationsCenter.HostName}}:{{OperationsCenter.Port}}/{{OperationsCenter.Name}}
+  Name: cjoc
 
   # OperationsCenter.Protocol -- the protocol used to access CJOC. Possible values are http/https.
   Protocol: http
@@ -184,11 +197,23 @@ OperationsCenter:
   Route:
     tls:
       # OperationsCenter.Route.tls.Enable -- Set this to true in OpenShift to terminate TLS at route level
+      # Read https://docs.openshift.com/container-platform/4.6/networking/routes/secured-routes.html for details.
+      # These also apply to Hibernation monitor if enabled.
       Enable: false
-
-  ## @param ExtraConfigMaps - array of objects - optional
-  ## Extra configmaps deployed with the chart
-  #
+      # OperationsCenter.Route.tls.Termination -- Type of termination
+      Termination: edge
+      # OperationsCenter.Route.tls.InsecureEdgeTerminationPolicy -- Whether to redirect http to https
+      InsecureEdgeTerminationPolicy: Redirect
+      # OperationsCenter.Route.tls.CACertificate -- CA Certificate PEM-encoded
+      CACertificate: null
+      # OperationsCenter.Route.tls.Certificate -- Certificate PEM-encoded
+      Certificate: null
+      # OperationsCenter.Route.tls.Key -- Private key PEM-encoded
+      Key: null
+      # OperationsCenter.Route.tls.DestinationCACertificate -- When using `termination=reencrypt`, destination CA PEM-encoded
+      DestinationCACertificate: null
+  # OperationsCenter.ExtraConfigMaps -- Extra configmaps deployed with the chart
+  ExtraConfigMaps: []
   # ExtraConfigMaps:
   # - name: my-config-map
   #   labels:
@@ -199,33 +224,29 @@ OperationsCenter:
   #      myfile.yaml: |
   #        foo: bar
 
-  ## @param ExtraContainers - array of objects - optional
-  ## Extra containers to add to the pod containing Operations Center.
-  #
+  # OperationsCenter.ExtraContainers -- Extra containers to add to the pod containing Operations Center.
+  ExtraContainers: []
   # ExtraContainers:
   # - name: sleep
   #   image: tutum/curl
   #   command: ["sleep", "infinity"]
 
-  ## @param ExtraGroovyConfiguration - list of objects - optional
-  ## Provides additional init groovy scripts
-  ## Each key becomes a file in /var/jenkins_config
-  #
+  # OperationsCenter.ExtraGroovyConfiguration -- Provides additional init groovy scripts
+  # Each key becomes a file in /var/jenkins_config
+  ExtraGroovyConfiguration: {}
   # ExtraGroovyConfiguration:
   #   hello-world.groovy: |
   #     System.out.println('Hello world!')
 
-  ## @param ExtraVolumes - array of objects - optional
-  ## Extra volumes to add to the pod
-  #
+  # OperationsCenter.ExtraVolumes -- Extra volumes to add to the pod
+  ExtraVolumes: []
   # ExtraVolumes:
   # - name: my-volume
   #   configMap:
   #     name: my-config-map
 
-  ## @param ExtraVolumesMounts - array of objects - optional
-  ## Extra volume mounts to add to the container containing Operations Center
-  #
+  # OperationsCenter.ExtraVolumeMounts -- Extra volume mounts to add to the container containing Operations Center
+  ExtraVolumeMounts: []
   # ExtraVolumeMounts:
   # - name: my-volume
   #   mountPath: /var/my-path
@@ -241,7 +262,7 @@ Master:
   # Docker image inserted in Operations Center automatically
   Image:
     # Master.Image.dockerImage -- Used to override the default docker image
-    dockerImage: dcar/core-mm:2.263.2.4-ra
+    dockerImage: dcar/core-mm:2.277.2.1-ra
   # Master.JavaOpts -- Additional Java options to pass to managed masters. For example, setting up a JMX port
   JavaOpts: null
 
@@ -258,7 +279,7 @@ Agents:
     Create: false
   Image:
     # Agents.Image.dockerImage -- Used to override the default docker image used for agents
-    dockerImage: dcar/agent:2.263.2.4-ra
+    dockerImage: dcar/agent:2.277.2.1-ra
   # Image pull secrets
   # Enable this option when using a private registry.
   # https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line
@@ -294,7 +315,7 @@ Hibernation:
   Enabled: false
   Image:
     # Hibernation.Image.dockerImage -- Used to override the default docker image
-    dockerImage: cloudbees/managed-master-hibernation-monitor:230.ee066a318539
+    dockerImage: cloudbees/managed-master-hibernation-monitor:247.c5dfce00a179
     # Hibernation.Image.dockerPullPolicy -- Used to override the default pull policy
     dockerPullPolicy: null
   # Image pull secrets

scripts/usr/local/bin/jenkins.sh

@@ -52,7 +52,7 @@ find /usr/share/jenkins/ref/ -type f -exec bash -c "copy_reference_file '{}'" \;
 
 # if `docker run` first argument start with `--` the user is passing jenkins launcher arguments
 if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then
-  eval "exec java ${JAVA_OPTS:-} -jar -Dcb.distributable.name=\"Docker Common CJE\" -Dcb.distributable.commit_sha=69f7102311718b7e0fbed31edb877f1352ca5cf1 /usr/share/jenkins/jenkins.war $JENKINS_OPTS \"\$@\""
+  eval "exec java ${JAVA_OPTS:-} -jar -Dcb.distributable.name=\"Docker Common CJE\" -Dcb.distributable.commit_sha=308768c9f176b5155dd19ff01ca06396b66f5afd /usr/share/jenkins/jenkins.war $JENKINS_OPTS \"\$@\""
 fi
 
 # As argument is not jenkins, assume user want to run his own process, for sample a `bash` shell to explore this image