Merge branch '2.277.1.7-ra' into 'development'

2.277.1.7-ra See merge request !50

Merge branch '2.277.1.7-ra' into 'development'
2.277.1.7-ra See merge request !50
eb72502a · Andy Maksymowicz · 62ea0f23 · 2c13d980 · eb72502a · eb72502a
Commit eb72502a authored Mar 18, 2021 by Andy Maksymowicz
10 changed files
--- a/helm/templates/managed-master-hibernation-monitor-route-namespaced.yaml
+++ b/helm/templates/managed-master-hibernation-monitor-route-namespaced.yaml
+{{- if .Values.Hibernation.Enabled -}}
+{{- if include "cloudbees-core.needs-routes" . -}}
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: managed-master-hibernation-monitor-namespaced
+spec:
+{{- if .Values.OperationsCenter.HostName }}
+  host:  {{ .Values.OperationsCenter.HostName | quote }}
+{{- end }}
+  path: /hibernation/ns/{{ .Release.Namespace }}
+  to:
+    kind: Service
+    name: managed-master-hibernation-monitor
+    weight: 100
+  port:
+    targetPort: http
+  wildcardPolicy: None
+{{ include "openshift.tls" . | indent 2 }}
+{{ include "chart.helmRouteFix" $ }}
+{{- end -}}
+{{- end -}}
--- a/helm/templates/managed-master-hibernation-monitor-route.yaml
+++ b/helm/templates/managed-master-hibernation-monitor-route.yaml
+{{- if .Values.OperationsCenter.Enabled -}}
 {{- if .Values.Hibernation.Enabled -}}
 {{- if include "cloudbees-core.needs-routes" . -}}
 apiVersion: route.openshift.io/v1
@@ -16,11 +17,8 @@ spec:
  port:
    targetPort: http
  wildcardPolicy: None
-        {{- if eq .Values.OperationsCenter.Route.tls.Enable true }}
-  tls:
-    insecureEdgeTerminationPolicy: Redirect
-    termination: edge
-        {{end }}
+{{ include "openshift.tls" . | indent 2 }}
 {{ include "chart.helmRouteFix" $ }}
 {{- end -}}
 {{- end -}}
+{{- end -}}
--- a/helm/templates/master-role-agents-management.yaml
+++ b/helm/templates/master-role-agents-management.yaml
 {{- if .Values.Master.Enabled -}}
 {{- if .Values.rbac.install -}}
 kind: Role
-apiVersion: {{ template "rbac.apiVersion" . }}
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: cjoc-agents
  namespace: {{ template "agents.namespace" . }}

--- a/helm/templates/master-rolebinding.yaml
+++ b/helm/templates/master-rolebinding.yaml
 {{- if .Values.Master.Enabled -}}
 {{- if .Values.rbac.install -}}
-apiVersion: {{ template "rbac.apiVersion" . }}
+apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: cjoc-master-role-binding
@@ -8,7 +8,7 @@ metadata:
  labels:
 {{ include "cloudbees-core.labels" . | indent 4 }}
 roleRef:
-  apiGroup: {{ template "rbac.apiGroup" . }}
+  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: cjoc-agents
 subjects:

--- a/helm/templates/psp-restricted-agents-role.yaml
+++ b/helm/templates/psp-restricted-agents-role.yaml
 {{- if and (include "psp.enabled" .) (.Values.Agents.SeparateNamespace.Enabled) }}
 kind: Role
-apiVersion: {{ template "rbac.apiVersion" . }}
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: "cb:podsecuritypolicy:restricted"
  namespace: {{ template "agents.namespace" . }}

--- a/helm/templates/psp-restricted-agents-rolebinding.yaml
+++ b/helm/templates/psp-restricted-agents-rolebinding.yaml
 {{- if and (include "psp.enabled" .) (.Values.Agents.SeparateNamespace.Enabled) }}
-apiVersion: {{ template "rbac.apiVersion" . }}
+apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: "cb:podsecuritypolicy:restricted"
@@ -7,7 +7,7 @@ metadata:
  labels:
 {{ include "cloudbees-core.labels" . | indent 4 }}
 roleRef:
-  apiGroup: {{ template "rbac.apiGroup" . }}
+  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: "cb:podsecuritypolicy:restricted"
 subjects:

--- a/helm/templates/psp-restricted-role.yaml
+++ b/helm/templates/psp-restricted-role.yaml
 {{- if include "psp.enabled" . }}
 kind: Role
-apiVersion: {{ template "rbac.apiVersion" . }}
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: "cb:podsecuritypolicy:restricted"
  labels:

--- a/helm/templates/psp-restricted-rolebinding.yaml
+++ b/helm/templates/psp-restricted-rolebinding.yaml
 {{- if include "psp.enabled" . }}
-apiVersion: {{ template "rbac.apiVersion" . }}
+apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: "cb:podsecuritypolicy:restricted"
  labels:
 {{ include "cloudbees-core.labels" . | indent 4 }}
 roleRef:
-  apiGroup: {{ template "rbac.apiGroup" . }}
+  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: "cb:podsecuritypolicy:restricted"
 subjects:

--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -13,6 +13,10 @@ ingress-nginx:
      kubernetes.io/os: linux
    service:
      externalTrafficPolicy: Local
+    admissionWebhooks:
+      patch:
+        nodeSelector:
+          kubernetes.io/os: linux
  defaultBackend:
    nodeSelector:
      kubernetes.io/os: linux
@@ -50,7 +54,7 @@ OperationsCenter:
  # Operations Center docker image
  Image:
    # OperationsCenter.Image.dockerImage -- Container image to use for Operations Center
-    dockerImage: dcar/core-oc:2.263.2.4-ra
+    dockerImage: dcar/core-oc:2.277.1.7-ra
    # OperationsCenter.Image.dockerPullPolicy -- https://kubernetes.io/docs/concepts/containers/images/#updating-images
    dockerPullPolicy: null

@@ -184,11 +188,23 @@ OperationsCenter:
  Route:
    tls:
      # OperationsCenter.Route.tls.Enable -- Set this to true in OpenShift to terminate TLS at route level
+      # Read https://docs.openshift.com/container-platform/4.6/networking/routes/secured-routes.html for details.
+      # These also apply to Hibernation monitor if enabled.
      Enable: false
-
-  ## @param ExtraConfigMaps - array of objects - optional
-  ## Extra configmaps deployed with the chart
-  #
+      # OperationsCenter.Route.tls.Termination -- Type of termination
+      Termination: edge
+      # OperationsCenter.Route.tls.InsecureEdgeTerminationPolicy -- Whether to redirect http to https
+      InsecureEdgeTerminationPolicy: Redirect
+      # OperationsCenter.Route.tls.CACertificate -- CA Certificate PEM-encoded
+      CACertificate: null
+      # OperationsCenter.Route.tls.Certificate -- Certificate PEM-encoded
+      Certificate: null
+      # OperationsCenter.Route.tls.Key -- Private key PEM-encoded
+      Key: null
+      # OperationsCenter.Route.tls.DestinationCACertificate -- When using `termination=reencrypt`, destination CA PEM-encoded
+      DestinationCACertificate: null
+  # OperationsCenter.ExtraConfigMaps -- Extra configmaps deployed with the chart
+  ExtraConfigMaps: []
  # ExtraConfigMaps:
  # - name: my-config-map
  #   labels:
@@ -199,33 +215,29 @@ OperationsCenter:
  #      myfile.yaml: |
  #        foo: bar

-  ## @param ExtraContainers - array of objects - optional
-  ## Extra containers to add to the pod containing Operations Center.
-  #
+  # OperationsCenter.ExtraContainers -- Extra containers to add to the pod containing Operations Center.
+  ExtraContainers: []
  # ExtraContainers:
  # - name: sleep
  #   image: tutum/curl
  #   command: ["sleep", "infinity"]

-  ## @param ExtraGroovyConfiguration - list of objects - optional
-  ## Provides additional init groovy scripts
-  ## Each key becomes a file in /var/jenkins_config
-  #
+  # OperationsCenter.ExtraGroovyConfiguration -- Provides additional init groovy scripts
+  # Each key becomes a file in /var/jenkins_config
+  ExtraGroovyConfiguration: {}
  # ExtraGroovyConfiguration:
  #   hello-world.groovy: |
  #     System.out.println('Hello world!')

-  ## @param ExtraVolumes - array of objects - optional
-  ## Extra volumes to add to the pod
-  #
+  # OperationsCenter.ExtraVolumes -- Extra volumes to add to the pod
+  ExtraVolumes: []
  # ExtraVolumes:
  # - name: my-volume
  #   configMap:
  #     name: my-config-map

-  ## @param ExtraVolumesMounts - array of objects - optional
-  ## Extra volume mounts to add to the container containing Operations Center
-  #
+  # OperationsCenter.ExtraVolumeMounts -- Extra volume mounts to add to the container containing Operations Center
+  ExtraVolumeMounts: []
  # ExtraVolumeMounts:
  # - name: my-volume
  #   mountPath: /var/my-path
@@ -241,7 +253,7 @@ Master:
  # Docker image inserted in Operations Center automatically
  Image:
    # Master.Image.dockerImage -- Used to override the default docker image
-    dockerImage: dcar/core-mm:2.263.2.4-ra
+    dockerImage: dcar/core-mm:2.277.1.7-ra
  # Master.JavaOpts -- Additional Java options to pass to managed masters. For example, setting up a JMX port
  JavaOpts: null

@@ -258,7 +270,7 @@ Agents:
    Create: false
  Image:
    # Agents.Image.dockerImage -- Used to override the default docker image used for agents
-    dockerImage: dcar/agent:2.263.2.4-ra
+    dockerImage: dcar/agent:2.277.1.7-ra
  # Image pull secrets
  # Enable this option when using a private registry.
  # https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line

--- a/scripts/usr/local/bin/jenkins.sh
+++ b/scripts/usr/local/bin/jenkins.sh
@@ -52,7 +52,7 @@ find /usr/share/jenkins/ref/ -type f -exec bash -c "copy_reference_file '{}'" \;

 # if `docker run` first argument start with `--` the user is passing jenkins launcher arguments
 if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then
-  eval "exec java ${JAVA_OPTS:-} -jar -Dcb.distributable.name=\"Docker Common CJE\" -Dcb.distributable.commit_sha=69f7102311718b7e0fbed31edb877f1352ca5cf1 /usr/share/jenkins/jenkins.war $JENKINS_OPTS \"\$@\""
+  eval "exec java ${JAVA_OPTS:-} -jar -Dcb.distributable.name=\"Docker Common CJE\" -Dcb.distributable.commit_sha=d7a5eee17fd68064fb4268ca23a591bdc00af60b /usr/share/jenkins/jenkins.war $JENKINS_OPTS \"\$@\""
 fi

 # As argument is not jenkins, assume user want to run his own process, for sample a `bash` shell to explore this image