diff --git a/Dockerfile b/Dockerfile index 9a9f6fa1a65a8e8af1d9e38d1693b2d6d7f3c050..0e7f94a9c06200a48f5044048bb4d17571e0418b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -42,8 +42,8 @@ HEALTHCHECK --interval=5m --timeout=3s \ CMD curl -fsL ${JENKINS_URL}/login || exit 1 # L-A-B-E-L securitytxt="https://www.cloudbees.com/.well-known/security.txt" -# L-A-B-E-L release=d7a5eee17fd68064fb4268ca23a591bdc00af60b -# L-A-B-E-L version=2.277.1.7-ra +# L-A-B-E-L release=308768c9f176b5155dd19ff01ca06396b66f5afd +# L-A-B-E-L version=2.277.2.1-ra COPY files.tar /tmp RUN cd / && tar xvf /tmp/files.tar && rm /tmp/files.tar diff --git a/README.md b/README.md index f14508c15239601743c48478897ba5b2a00a6fca..cc4dd791c2b5a84bef82846906138ed0809ff5b0 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ CloudBees CI (formerly known as _CloudBees Core_) consists of three Docker image For each image, all files other than UBI and native packages are included in a `files.tar` marked with a SHA-256 checksum. -A version of CloudBees CI is given in the format `2.277.1.7-ra` +A version of CloudBees CI is given in the format `2.277.2.1-ra` where the first three components are aligned with a Jenkins LTS. The Helm chart is coversioned with `core-oc`. The `core-mm` image typically shares the same version, @@ -25,13 +25,13 @@ plus whatever other customizations are desired: ```yaml OperationsCenter: Image: - dockerImage: your-registry/core-oc:2.277.1.7-ra + dockerImage: your-registry/core-oc:2.277.2.1-ra Master: Image: - dockerImage: your-registry/core-mm:2.277.1.7-ra + dockerImage: your-registry/core-mm:2.277.2.1-ra Agents: Image: - dockerImage: your-registry/agent:2.277.1.7-ra + dockerImage: your-registry/agent:2.277.2.1-ra ``` and [install via Helm 3](https://docs.cloudbees.com/docs/cloudbees-core/latest/kubernetes-install-guide/installing-kubernetes-using-helm) using the local copy of the chart: diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index decc513fe0837b904330e8bac1700f75c4ee6746..5fe8b0dbea56167489ac0b29c95a0b99b5cf50b2 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: "cloudbees/core/core-oc" tags: -- "2.277.1.7-ra" +- "2.277.2.1-ra" - latest labels: org.opencontainers.image.title: "core-oc" @@ -9,7 +9,7 @@ labels: org.opencontainers.image.licenses: proprietary org.opencontainers.image.url: https://docs.cloudbees.com/docs/cloudbees-ci/ org.opencontainers.image.vendor: CloudBees - org.opencontainers.image.version: "2.277.1.7-ra" + org.opencontainers.image.version: "2.277.2.1-ra" mil.dso.ironbank.image.keywords: cicd mil.dso.ironbank.image.type: commercial mil.dso.ironbank.product.name: CloudBees CI @@ -18,10 +18,10 @@ args: BASE_TAG: "1.8.0" resources: - filename: files.tar - url: https://downloads.cloudbees.com/dsop-files/core-oc-files-5ef009a0f4b225510975a80b9a9ab9327de74ba12412d7044c9ef589f4521a3d.tar + url: https://downloads.cloudbees.com/dsop-files/core-oc-files-a8c75c110388343781c00894fcade262363681eb914929bf19c94be5195463a3.tar validation: type: sha256 - value: "5ef009a0f4b225510975a80b9a9ab9327de74ba12412d7044c9ef589f4521a3d" + value: "a8c75c110388343781c00894fcade262363681eb914929bf19c94be5195463a3" maintainers: - email: productivity-team@cloudbees.com name: CloudBees diff --git a/helm/Chart.yaml b/helm/Chart.yaml index ab3c7f657ee157e3b76ddc6e193ab029b9bc8b61..3a767d5a9f97633e5c4e285a7b23dbffbfd3614c 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: cloudbees-core -version: 3.28.1 +version: 3.29.2 description: Enterprise Continuous Integration with Jenkins keywords: - cloudbees @@ -20,7 +20,7 @@ dependencies: repository: https://charts.cloudbees.com/public/cloudbees condition: sidecarinjector.Enabled icon: https://images.ctfassets.net/vtn4rfaw6n2j/7xprMMXARXDBuVxW4y8XfV/349fff91035050e3f2a8ff37bc0615b5/cloudbees-core-logo_header.svg -appVersion: 2.277.1.2 +appVersion: 2.277.2.3 annotations: artifacthub.io/links: | - name: Product overview diff --git a/helm/README-template.md b/helm/README-template.md index 4d452b0c82deb84ceb67f3623faf9e0b8fc97537..1f637a4bf8e658f686e731c790be7f445caa5043 100644 --- a/helm/README-template.md +++ b/helm/README-template.md @@ -1,6 +1,6 @@ # cloudbees-core -![Version: 3.28.1](https://img.shields.io/badge/Version-3.28.1-informational?style=flat-square) ![AppVersion: 2.277.1.2](https://img.shields.io/badge/AppVersion-2.277.1.2-informational?style=flat-square) +![Version: 3.29.2](https://img.shields.io/badge/Version-3.29.2-informational?style=flat-square) ![AppVersion: 2.277.2.3](https://img.shields.io/badge/AppVersion-2.277.2.3-informational?style=flat-square) [CloudBees CI](https://www.cloudbees.com/products/continuous-integration) is the continuous integration platform architected for the enterprise. It provides: @@ -114,7 +114,7 @@ CloudBees provides complete and more detailed installation and operation documen | Agents.SeparateNamespace.Enabled | bool | `false` | If enabled, agents resources will be created in a separate namespace as well as bindings allowing masters to schedule them. | | Agents.SeparateNamespace.Name | string | `nil` | Namespace where to create agents resources. Defaults to `${namespace}-builds` where `${namespace}` is the namespace where the chart is installed. | | Hibernation.Enabled | bool | `false` | Whether to enable the [Hibernation](https://docs.cloudbees.com/docs/cloudbees-ci/latest/cloud-admin-guide/managing-masters#_hibernation_of_managed_masters) feature | -| Hibernation.Image.dockerImage | string | `"cloudbees/managed-master-hibernation-monitor:230.ee066a318539"` | Used to override the default docker image | +| Hibernation.Image.dockerImage | string | `"cloudbees/managed-master-hibernation-monitor:247.c5dfce00a179"` | Used to override the default docker image | | Hibernation.Image.dockerPullPolicy | string | `nil` | Used to override the default pull policy | | Hibernation.ImagePullSecrets | string | `nil` | Name of image pull secret to pull private Docker images or an array of image pull secrets | | Hibernation.NodeSelector | object | `{}` | Node labels and tolerations for pod assignment ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector | @@ -130,7 +130,7 @@ CloudBees provides complete and more detailed installation and operation documen | OperationsCenter.Annotations | object | `{}` | Additional annotations to put on the pod running Operations Center | | OperationsCenter.CSRF.ProxyCompatibility | bool | `false` | Proxy compatibility for the default CSRF issuer | | OperationsCenter.ContainerPort | int | `8080` | Container port for http traffic | -| OperationsCenter.ContextPath | string | `"/cjoc"` | the path under which Operations Center will be accessible in the given host. | +| OperationsCenter.ContextPath | string | `nil` | the path under which Operations Center will be accessible in the given host. DEPRECATED - Use OperationsCenter.Name instead. | | OperationsCenter.Enabled | bool | `true` | Disable for particular use case like setting up namespaces to host masters only | | OperationsCenter.ExtraConfigMaps | list | `[]` | Extra configmaps deployed with the chart | | OperationsCenter.ExtraContainers | list | `[]` | Extra containers to add to the pod containing Operations Center. | @@ -151,6 +151,7 @@ CloudBees provides complete and more detailed installation and operation documen | OperationsCenter.JenkinsOpts | string | `nil` | Additional arguments for jenkins.war | | OperationsCenter.LoadBalancerIP | string | `nil` | Optionally assign a known public LB IP | | OperationsCenter.LoadBalancerSourceRanges | list | `["0.0.0.0/0"]` | Only applicable when using `ServiceType: LoadBalancer` | +| OperationsCenter.Name | string | `"cjoc"` | the name in the URL under which Operations Center will be accessible in the given host. For instance, if Subdomain is true, the URL to access Operations Center will be {{OperationsCenter.Protocol}}://{{OperationsCenter.Name}}.{{OperationsCenter.HostName}}:{{OperationsCenter.Port}} If Subdomain is false, the URL to access Operations Center will be {{OperationsCenter.Protocol}}://{{OperationsCenter.HostName}}:{{OperationsCenter.Port}}/{{OperationsCenter.Name}} | | OperationsCenter.NodeSelector | object | `{}` | Node labels and tolerations for pod assignment ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector | | OperationsCenter.Platform | string | `"standard"` | Enables specific settings depending on the platform platform specific values are: `eks`, `aws`, `gke`, `aks`, `openshift`, `openshift4` Note: `openshift` maps to OpenShift 3.x | | OperationsCenter.Protocol | string | `"http"` | the protocol used to access CJOC. Possible values are http/https. | @@ -176,6 +177,7 @@ CloudBees provides complete and more detailed installation and operation documen | Persistence.StorageClass | string | `nil` | Persistent Volume Storage Class for Jenkins Home If defined, storageClassName: . If set to "-", storageClassName: "", which disables dynamic provisioning. If undefined (the default) or set to null, the default storage class will be used, unless specified otherwise below. If setting OperationsCenter.Platform == gke, a storage class backed with SSD drives will be created by this chart and used automatically. | | PodSecurityPolicy.Annotations | object | `{}` | Additional annotations to put on the PodSecurityPolicy, e.g. AppArmor/Seccomp settings | | PodSecurityPolicy.Enabled | bool | `false` | Enables [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) support Enable only if the cluster supports it. | +| Subdomain | bool | `false` | Whether to use a DNS subdomain for each controller. | | ingress-nginx.Enabled | bool | `false` | Installs the [ingress-nginx](https://github.com/kubernetes/ingress-nginx/tree/master/charts/ingress-nginx) controller (optional). Enable this section if you don't have an existing installation of ingress-nginx controller Note: use `beta.kubernetes.io/os` when deploying on Kubernetes versions below 1.16 | | ingress-nginx.controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | | ingress-nginx.controller.ingressClass | string | `"nginx"` | | diff --git a/helm/README.md b/helm/README.md index fb94fbb37cdba70d0f9e08837ba62812cd4a1206..1d07880bf47c99baf95b0c826d5cc57ae6c27e03 100644 --- a/helm/README.md +++ b/helm/README.md @@ -1,6 +1,6 @@ # cloudbees-core -![Version: 3.28.1](https://img.shields.io/badge/Version-3.28.1-informational?style=flat-square) ![AppVersion: 2.277.1.2](https://img.shields.io/badge/AppVersion-2.277.1.2-informational?style=flat-square) +![Version: 3.29.2](https://img.shields.io/badge/Version-3.29.2-informational?style=flat-square) ![AppVersion: 2.277.2.3](https://img.shields.io/badge/AppVersion-2.277.2.3-informational?style=flat-square) [CloudBees CI](https://www.cloudbees.com/products/continuous-integration) is the continuous integration platform architected for the enterprise. It provides: @@ -114,7 +114,7 @@ CloudBees provides complete and more detailed installation and operation documen | Agents.SeparateNamespace.Enabled | bool | `false` | If enabled, agents resources will be created in a separate namespace as well as bindings allowing masters to schedule them. | | Agents.SeparateNamespace.Name | string | `nil` | Namespace where to create agents resources. Defaults to `${namespace}-builds` where `${namespace}` is the namespace where the chart is installed. | | Hibernation.Enabled | bool | `false` | Whether to enable the [Hibernation](https://docs.cloudbees.com/docs/cloudbees-ci/latest/cloud-admin-guide/managing-masters#_hibernation_of_managed_masters) feature | -| Hibernation.Image.dockerImage | string | `"cloudbees/managed-master-hibernation-monitor:230.ee066a318539"` | Used to override the default docker image | +| Hibernation.Image.dockerImage | string | `"cloudbees/managed-master-hibernation-monitor:247.c5dfce00a179"` | Used to override the default docker image | | Hibernation.Image.dockerPullPolicy | string | `nil` | Used to override the default pull policy | | Hibernation.ImagePullSecrets | string | `nil` | Name of image pull secret to pull private Docker images or an array of image pull secrets | | Hibernation.NodeSelector | object | `{}` | Node labels and tolerations for pod assignment ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector | @@ -130,7 +130,7 @@ CloudBees provides complete and more detailed installation and operation documen | OperationsCenter.Annotations | object | `{}` | Additional annotations to put on the pod running Operations Center | | OperationsCenter.CSRF.ProxyCompatibility | bool | `false` | Proxy compatibility for the default CSRF issuer | | OperationsCenter.ContainerPort | int | `8080` | Container port for http traffic | -| OperationsCenter.ContextPath | string | `"/cjoc"` | the path under which Operations Center will be accessible in the given host. | +| OperationsCenter.ContextPath | string | `nil` | the path under which Operations Center will be accessible in the given host. DEPRECATED - Use OperationsCenter.Name instead. | | OperationsCenter.Enabled | bool | `true` | Disable for particular use case like setting up namespaces to host masters only | | OperationsCenter.ExtraConfigMaps | list | `[]` | Extra configmaps deployed with the chart | | OperationsCenter.ExtraContainers | list | `[]` | Extra containers to add to the pod containing Operations Center. | @@ -151,6 +151,7 @@ CloudBees provides complete and more detailed installation and operation documen | OperationsCenter.JenkinsOpts | string | `nil` | Additional arguments for jenkins.war | | OperationsCenter.LoadBalancerIP | string | `nil` | Optionally assign a known public LB IP | | OperationsCenter.LoadBalancerSourceRanges | list | `["0.0.0.0/0"]` | Only applicable when using `ServiceType: LoadBalancer` | +| OperationsCenter.Name | string | `"cjoc"` | the name in the URL under which Operations Center will be accessible in the given host. For instance, if Subdomain is true, the URL to access Operations Center will be {{OperationsCenter.Protocol}}://{{OperationsCenter.Name}}.{{OperationsCenter.HostName}}:{{OperationsCenter.Port}} If Subdomain is false, the URL to access Operations Center will be {{OperationsCenter.Protocol}}://{{OperationsCenter.HostName}}:{{OperationsCenter.Port}}/{{OperationsCenter.Name}} | | OperationsCenter.NodeSelector | object | `{}` | Node labels and tolerations for pod assignment ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector | | OperationsCenter.Platform | string | `"standard"` | Enables specific settings depending on the platform platform specific values are: `eks`, `aws`, `gke`, `aks`, `openshift`, `openshift4` Note: `openshift` maps to OpenShift 3.x | | OperationsCenter.Protocol | string | `"http"` | the protocol used to access CJOC. Possible values are http/https. | @@ -176,6 +177,7 @@ CloudBees provides complete and more detailed installation and operation documen | Persistence.StorageClass | string | `nil` | Persistent Volume Storage Class for Jenkins Home If defined, storageClassName: . If set to "-", storageClassName: "", which disables dynamic provisioning. If undefined (the default) or set to null, the default storage class will be used, unless specified otherwise below. If setting OperationsCenter.Platform == gke, a storage class backed with SSD drives will be created by this chart and used automatically. | | PodSecurityPolicy.Annotations | object | `{}` | Additional annotations to put on the PodSecurityPolicy, e.g. AppArmor/Seccomp settings | | PodSecurityPolicy.Enabled | bool | `false` | Enables [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) support Enable only if the cluster supports it. | +| Subdomain | bool | `false` | Whether to use a DNS subdomain for each controller. | | ingress-nginx.Enabled | bool | `false` | Installs the [ingress-nginx](https://github.com/kubernetes/ingress-nginx/tree/master/charts/ingress-nginx) controller (optional). Enable this section if you don't have an existing installation of ingress-nginx controller Note: use `beta.kubernetes.io/os` when deploying on Kubernetes versions below 1.16 | | ingress-nginx.controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | | ingress-nginx.controller.ingressClass | string | `"nginx"` | | diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl index 6b62e4faf7bb1fc8b7102590a63b95c8886a6d4c..90998bf3f6a00da60291b7257236ff96f0160995 100644 --- a/helm/templates/_helpers.tpl +++ b/helm/templates/_helpers.tpl @@ -88,6 +88,12 @@ true {{- end -}} {{- end -}} +{{- define "cloudbees-core.use-subdomain" -}} +{{- if and (eq (typeOf .Values.Subdomain) "bool") (eq .Values.Subdomain true) -}} +true +{{- end -}} +{{- end -}} + {{/* Return labels, including instance and name. */}} @@ -109,7 +115,18 @@ helm.sh/chart: {{ include "cloudbees-core.chart" . | quote }} Sanitize Operations Center context path to never have a trailing slash */}} {{- define "oc.contextpath" -}} -{{ trimSuffix "/" .Values.OperationsCenter.ContextPath }} +{{- if not (empty .Values.OperationsCenter.ContextPath) -}} +{{- trimSuffix "/" .Values.OperationsCenter.ContextPath -}} +{{- else -}} +{{- if not (include "cloudbees-core.use-subdomain" .) -}} +/ +{{- include "oc.name" . }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "oc.name" -}} +{{ .Values.OperationsCenter.Name }} {{- end -}} {{- define "oc.defaultPort" -}} @@ -130,14 +147,34 @@ Sanitize Operations Center context path to never have a trailing slash Expected Operations Center Hostname. Include port if not 80/443. */}} {{- define "oc.hostname" -}} -{{ .Values.OperationsCenter.HostName }}{{- include "oc.optionalPort" . -}} +{{- include "oc.hostnamewithoutport" . -}}{{- include "oc.optionalPort" . -}} +{{- end -}} + +{{/* +Expected Operations Center Hostname. Include port if not 80/443. +*/}} +{{- define "oc.hostnamewithoutport" -}} +{{- if (include "cloudbees-core.use-subdomain" .) -}} +{{- include "oc.name" . -}}. +{{- end -}} +{{ .Values.OperationsCenter.HostName }} +{{- end -}} + +{{/* +Expected Operations Center Hostname. Include port if not 80/443. +*/}} +{{- define "hibernation.hostnamewithoutport" -}} +{{- if (include "cloudbees-core.use-subdomain" .) -}} +hibernation-{{ .Release.Namespace }}. +{{- end -}} +{{ .Values.OperationsCenter.HostName }} {{- end -}} {{/* Expected Operations Center URL. Always ends with a trailing slash. */}} {{- define "oc.url" -}} -{{- template "oc.protocol" . -}}://{{ include "oc.hostname" . }}{{ include "oc.contextpath" . }}/ +{{- include "oc.protocol" . -}}://{{ include "oc.hostname" . }}{{ include "oc.contextpath" . }}/ {{- end -}} {{- define "ingress.annotations" -}} @@ -161,6 +198,21 @@ nginx.ingress.kubernetes.io/ssl-redirect: "{{- template "ingress.ssl_redirect" . {{- end }} {{- end }} +{{- define "cjoc.ingress.annotations" -}} +{{ include "ingress.annotations" . }} +{{- if eq .Values.OperationsCenter.Platform "eks" }} +alb.ingress.kubernetes.io/healthcheck-path: {{ include "oc.contextpath" . }}/login +{{- end }} +{{- end }} + +{{- define "hibernationMonitor.ingress.annotations" -}} +{{ include "ingress.annotations" . }} +{{- if eq .Values.OperationsCenter.Platform "eks" }} +alb.ingress.kubernetes.io/healthcheck-path: /health/live +{{- end }} +{{- end }} + + {{- define "ingress.root-redirect" -}} {{ include "oc.contextpath" . }}/teams-check/ {{- end }} @@ -191,7 +243,9 @@ extensions {{- end -}} {{- define "ingress.apiVersion" -}} -{{- if ge (atoi (.Capabilities.KubeVersion.Minor)) 15 -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} +networking.k8s.io/v1 +{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}} networking.k8s.io/v1beta1 {{- else -}} extensions/v1beta1 @@ -202,6 +256,30 @@ extensions/v1beta1 {{- .Values.OperationsCenter.Ingress.tls.Enable }} {{- end -}} +{{- define "ingress.backend.cjoc" -}} +{{- if eq (include "ingress.apiVersion" .) "networking.k8s.io/v1" -}} +service: + name: cjoc + port: + number: {{ .Values.OperationsCenter.ServicePort }} +{{- else -}} +serviceName: cjoc +servicePort: {{ .Values.OperationsCenter.ServicePort }} +{{- end -}} +{{- end -}} + +{{- define "ingress.backend.hibernation" -}} +{{- if eq (include "ingress.apiVersion" .) "networking.k8s.io/v1" -}} +service: + name: managed-master-hibernation-monitor + port: + number: 80 +{{- else -}} +serviceName: managed-master-hibernation-monitor +servicePort: 80 +{{- end -}} +{{- end -}} + {{/* If rbac.installCluster is defined, honor it. Otherwise, default to true, except on Openshift 3 where we default to "" (falsy) @@ -471,3 +549,11 @@ status: true {{- end -}} {{- end -}} + +{{- define "hibernation.routenonnamespacedurls" -}} +{{- if and (eq (typeOf .Values.OperationsCenter.Enabled) "bool") (eq .Values.OperationsCenter.Enabled false) -}} +true +{{- else -}} +false +{{- end -}} +{{- end -}} diff --git a/helm/templates/cjoc-configure-jenkins-groovy.yaml b/helm/templates/cjoc-configure-jenkins-groovy.yaml index ac4564723d718cf572327423897eafabf9600103..fddeb085cf42cedcc7cf1c613034ccd48f489882 100644 --- a/helm/templates/cjoc-configure-jenkins-groovy.yaml +++ b/helm/templates/cjoc-configure-jenkins-groovy.yaml @@ -7,7 +7,7 @@ metadata: {{ include "cloudbees-core.labels" . | indent 4 }} data: location.groovy: | -{{- if .Values.OperationsCenter.HostName }} +{{- if (include "oc.hostnamewithoutport" .) }} jenkins.model.JenkinsLocationConfiguration.get().setUrl("{{- template "oc.url" . -}}") {{- end }} {{- if .Values.OperationsCenter.ExtraGroovyConfiguration }} diff --git a/helm/templates/cjoc-ingress.yaml b/helm/templates/cjoc-ingress.yaml index 123a79316575bf4504cd6f93da702c0ba3c0a938..037c8630292fbb78181d0b49c15aa27bc7791927 100644 --- a/helm/templates/cjoc-ingress.yaml +++ b/helm/templates/cjoc-ingress.yaml @@ -8,7 +8,7 @@ metadata: labels: {{ include "cloudbees-core.labels" . | indent 4 }} annotations: -{{ include "ingress.annotations" . | indent 4 }} +{{ include "cjoc.ingress.annotations" . | indent 4 }} {{- if not (include "cloudbees-core.is-openshift" .) }} nginx.ingress.kubernetes.io/app-root: {{ include "ingress.root-redirect" . | quote }} # "413 Request Entity Too Large" uploading plugins, increase client_max_body_size @@ -18,24 +18,26 @@ metadata: spec: rules: - -{{- if .Values.OperationsCenter.HostName }} - host: {{ .Values.OperationsCenter.HostName | quote }} +{{- if (include "oc.hostnamewithoutport" . ) }} + host: {{ include "oc.hostnamewithoutport" . | quote }} {{- end }} http: paths: {{- include "ingress.redirect-rules" . | indent 6 }} - - path: {{ include "oc.contextpath" . }} + - path: {{ include "oc.contextpath" . | quote }} backend: - serviceName: cjoc - servicePort: {{ .Values.OperationsCenter.ServicePort }} +{{ include "ingress.backend.cjoc" . | indent 10 -}} +{{ if eq (include "ingress.apiVersion" .) "networking.k8s.io/v1" }} + pathType: Prefix +{{ else }} - path: {{ include "oc.contextpath" . }}/* backend: - serviceName: cjoc - servicePort: {{ .Values.OperationsCenter.ServicePort }} +{{ include "ingress.backend.cjoc" . | indent 10 -}} +{{- end -}} {{- if .Values.OperationsCenter.Ingress.tls.Enable }} tls: - hosts: - - {{ .Values.OperationsCenter.HostName | quote }} + - {{ include "oc.hostnamewithoutport" . | quote }} secretName: {{ .Values.OperationsCenter.Ingress.tls.SecretName }} {{- end -}} {{- end -}} diff --git a/helm/templates/cjoc-route.yaml b/helm/templates/cjoc-route.yaml index def9f6f5304f01b0d0ba7fdcdaae9885dc4b5b03..e723d773ac7b90e79e8a29d0a261edca457a14a8 100644 --- a/helm/templates/cjoc-route.yaml +++ b/helm/templates/cjoc-route.yaml @@ -7,8 +7,8 @@ metadata: labels: {{ include "cloudbees-core.labels" . | indent 4 }} spec: -{{- if .Values.OperationsCenter.HostName }} - host: {{ .Values.OperationsCenter.HostName | quote }} +{{- if (include "oc.hostnamewithoutport" .) }} + host: {{ include "oc.hostnamewithoutport" . | quote }} {{- end }} path: {{ include "oc.contextpath" . | quote }} to: diff --git a/helm/templates/cjoc-statefulset.yaml b/helm/templates/cjoc-statefulset.yaml index bab081230bda8d59f5bdbb68c4f78c04168d076e..9923a51129a4830f779e93f04874fede0b222c53 100644 --- a/helm/templates/cjoc-statefulset.yaml +++ b/helm/templates/cjoc-statefulset.yaml @@ -116,6 +116,10 @@ spec: -Dcom.cloudbees.jenkins.plugins.kube.NamespaceFilter.defaultNamespace={{ template "agents.namespace" . }} {{- end }} -Dcom.cloudbees.jenkins.plugins.kube.ServiceAccountFilter.defaultServiceAccount={{ .Values.rbac.agentsServiceAccountName }} + -Dcom.cloudbees.networking.useSubdomain={{ default "false" (include "cloudbees-core.use-subdomain" .) }} + -Dcom.cloudbees.networking.protocol={{ include "oc.protocol" . }} + -Dcom.cloudbees.networking.hostname={{ .Values.OperationsCenter.HostName }} + -Dcom.cloudbees.networking.port={{ include "oc.port" . }} {{- if .Values.Master.JavaOpts }} {{ .Values.Master.JavaOpts }} {{- end }} @@ -137,6 +141,10 @@ spec: -Dcom.cloudbees.opscenter.analytics.reporter.JocAnalyticsReporter.PERIOD=120 -Dcom.cloudbees.opscenter.analytics.reporter.metrics.AperiodicMetricSubmitter.PERIOD=120 -Dcom.cloudbees.opscenter.analytics.FeederConfiguration.PERIOD=120 + -Dcom.cloudbees.networking.useSubdomain={{ default "false" (include "cloudbees-core.use-subdomain" .) }} + -Dcom.cloudbees.networking.protocol={{ include "oc.protocol" . }} + -Dcom.cloudbees.networking.hostname={{ .Values.OperationsCenter.HostName }} + -Dcom.cloudbees.networking.port={{ include "oc.port" . }} -Dcom.cloudbees.masterprovisioning.kubernetes.KubernetesMasterProvisioning.fsGroup={{ include "oc.fsGroup" . }} -Dcom.cloudbees.jce.masterprovisioning.DockerImageDefinitionConfiguration.disableAutoConfiguration=true -Dcom.cloudbees.jce.masterprovisioning.DockerImageDefinitionConfiguration.masterImageName={{ include "mm.longname" . | quote}} @@ -151,7 +159,7 @@ spec: {{- if .Values.OperationsCenter.Ingress.Class }} -Dcom.cloudbees.masterprovisioning.kubernetes.KubernetesMasterProvisioning.ingressClass={{ .Values.OperationsCenter.Ingress.Class }} {{- end }} - {{- if not (.Values.OperationsCenter.HostName) }} + {{- if not (include "oc.hostnamewithoutport" .) }} -Dcom.cloudbees.masterprovisioning.kubernetes.KubernetesClusterEndpoint.wildcardIngress=true {{- end }} {{- if .Values.OperationsCenter.JavaOpts }} @@ -164,7 +172,7 @@ spec: {{- if .Values.OperationsCenter.HostName }} -Dcom.cloudbees.jenkins.plugins.platform.PlatformConfiguration.url={{- include "oc.protocol" . -}}://{{ include "oc.hostname" . }}/ {{- end }} - -Dcom.cloudbees.jenkins.plugins.platform.PlatformServer.apiUrl=https://flow-server:8443/ + -Dcom.cloudbees.jenkins.plugins.platform.PlatformServer.apiUrl=https://flow-server.{{ .Release.Namespace }}:8443/ {{- end }} -XX:+UseG1GC -XX:+DisableExplicitGC diff --git a/helm/templates/managed-master-hibernation-monitor-deployment.yaml b/helm/templates/managed-master-hibernation-monitor-deployment.yaml index 9c7e106a244f05e80bae353767ad5a9032ea6d2a..40baf492a867e546ddbd077b3686a90ab0773597 100644 --- a/helm/templates/managed-master-hibernation-monitor-deployment.yaml +++ b/helm/templates/managed-master-hibernation-monitor-deployment.yaml @@ -48,6 +48,9 @@ spec: imagePullPolicy: {{ .dockerPullPolicy }} {{- end}} {{- end}} + args: + - '-Dcom.cloudbees.networking.useSubdomain={{ default "false" (include "cloudbees-core.use-subdomain" .) }}' + - '-Dcom.cloudbees.networking.routeNonnamespacedURLs={{- include "hibernation.routenonnamespacedurls" . }}' ports: - containerPort: 8090 name: http diff --git a/helm/templates/managed-master-hibernation-monitor-ingress.yaml b/helm/templates/managed-master-hibernation-monitor-ingress.yaml index f1ee17eb1c5b60f3d80e9517302c29f4e88d582b..a1c07c451d951b44a1c691f7159c2d3d1872a31c 100644 --- a/helm/templates/managed-master-hibernation-monitor-ingress.yaml +++ b/helm/templates/managed-master-hibernation-monitor-ingress.yaml @@ -7,35 +7,40 @@ metadata: labels: {{ include "cloudbees-core.labels" . | indent 4 }} annotations: -{{ include "ingress.annotations" . | indent 4 }} +{{ include "hibernationMonitor.ingress.annotations" . | indent 4}} spec: rules: - -{{- if .Values.OperationsCenter.HostName }} - host: {{ .Values.OperationsCenter.HostName | quote }} +{{- if (include "hibernation.hostnamewithoutport" . ) }} + host: {{ include "hibernation.hostnamewithoutport" . | quote }} {{- end }} http: paths: - path: /hibernation/ns/{{ .Release.Namespace }}/ backend: - serviceName: managed-master-hibernation-monitor - servicePort: 80 +{{ include "ingress.backend.hibernation" . | indent 10 }} +{{- if eq (include "ingress.apiVersion" .) "networking.k8s.io/v1" }} + pathType: Prefix +{{- else }} - path: /hibernation/ns/{{ .Release.Namespace }}/* backend: - serviceName: managed-master-hibernation-monitor - servicePort: 80 + +{{ include "ingress.backend.hibernation" . | indent 10 }} +{{- end }} - path: /hibernation/ backend: - serviceName: managed-master-hibernation-monitor - servicePort: 80 +{{ include "ingress.backend.hibernation" . | indent 10 }} +{{- if eq (include "ingress.apiVersion" .) "networking.k8s.io/v1" }} + pathType: Prefix +{{- else }} - path: /hibernation/* backend: - serviceName: managed-master-hibernation-monitor - servicePort: 80 +{{ include "ingress.backend.hibernation" . | indent 10 }} +{{- end }} {{- if .Values.OperationsCenter.Ingress.tls.Enable }} tls: - hosts: - - {{ .Values.OperationsCenter.HostName | quote }} + - {{ include "hibernation.hostnamewithoutport" . | quote }} secretName: {{ .Values.OperationsCenter.Ingress.tls.SecretName }} {{- end -}} {{- end -}} diff --git a/helm/templates/managed-master-hibernation-monitor-route-namespaced.yaml b/helm/templates/managed-master-hibernation-monitor-route-namespaced.yaml index 3a7d53d177726252c54e45af439eeeb1b79c126b..33d125a5af3ad8d3c56509afc41754f3a1b0c13a 100644 --- a/helm/templates/managed-master-hibernation-monitor-route-namespaced.yaml +++ b/helm/templates/managed-master-hibernation-monitor-route-namespaced.yaml @@ -5,8 +5,8 @@ kind: Route metadata: name: managed-master-hibernation-monitor-namespaced spec: -{{- if .Values.OperationsCenter.HostName }} - host: {{ .Values.OperationsCenter.HostName | quote }} +{{- if (include "hibernation.hostnamewithoutport" . ) }} + host: {{ include "hibernation.hostnamewithoutport" . | quote }} {{- end }} path: /hibernation/ns/{{ .Release.Namespace }} to: diff --git a/helm/templates/managed-master-hibernation-monitor-route.yaml b/helm/templates/managed-master-hibernation-monitor-route.yaml index 6b8344e5e2d13b134a6f3347b4646687670b28d1..d1dfacfe6b86d0a503a04710b729b2e51ede9c8e 100644 --- a/helm/templates/managed-master-hibernation-monitor-route.yaml +++ b/helm/templates/managed-master-hibernation-monitor-route.yaml @@ -1,4 +1,3 @@ -{{- if .Values.OperationsCenter.Enabled -}} {{- if .Values.Hibernation.Enabled -}} {{- if include "cloudbees-core.needs-routes" . -}} apiVersion: route.openshift.io/v1 @@ -6,8 +5,8 @@ kind: Route metadata: name: managed-master-hibernation-monitor spec: -{{- if .Values.OperationsCenter.HostName }} - host: {{ .Values.OperationsCenter.HostName | quote }} +{{- if (include "hibernation.hostnamewithoutport" . ) }} + host: {{ include "hibernation.hostnamewithoutport" . | quote }} {{- end }} path: /hibernation to: @@ -21,4 +20,3 @@ spec: {{ include "chart.helmRouteFix" $ }} {{- end -}} {{- end -}} -{{- end -}} diff --git a/helm/values.yaml b/helm/values.yaml index 4edaa61f459a36667b9bc4cfbff4b6b0e849f73c..3725e7bd95ca9a6756c4b0aa0f857d503127395b 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -2,6 +2,9 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +# Subdomain -- Whether to use a DNS subdomain for each controller. +Subdomain: false + # ingress-nginx.Enabled -- Installs the [ingress-nginx](https://github.com/kubernetes/ingress-nginx/tree/master/charts/ingress-nginx) controller (optional). # Enable this section if you don't have an existing installation of ingress-nginx controller # Note: use `beta.kubernetes.io/os` when deploying on Kubernetes versions below 1.16 @@ -54,7 +57,7 @@ OperationsCenter: # Operations Center docker image Image: # OperationsCenter.Image.dockerImage -- Container image to use for Operations Center - dockerImage: dcar/core-oc:2.277.1.7-ra + dockerImage: dcar/core-oc:2.277.2.1-ra # OperationsCenter.Image.dockerPullPolicy -- https://kubernetes.io/docs/concepts/containers/images/#updating-images dockerPullPolicy: null @@ -73,7 +76,13 @@ OperationsCenter: HostName: null # OperationsCenter.ContextPath -- the path under which Operations Center will be accessible in the given host. - ContextPath: /cjoc + # DEPRECATED - Use OperationsCenter.Name instead. + ContextPath: null + + # OperationsCenter.Name -- the name in the URL under which Operations Center will be accessible in the given host. + # For instance, if Subdomain is true, the URL to access Operations Center will be {{OperationsCenter.Protocol}}://{{OperationsCenter.Name}}.{{OperationsCenter.HostName}}:{{OperationsCenter.Port}} + # If Subdomain is false, the URL to access Operations Center will be {{OperationsCenter.Protocol}}://{{OperationsCenter.HostName}}:{{OperationsCenter.Port}}/{{OperationsCenter.Name}} + Name: cjoc # OperationsCenter.Protocol -- the protocol used to access CJOC. Possible values are http/https. Protocol: http @@ -253,7 +262,7 @@ Master: # Docker image inserted in Operations Center automatically Image: # Master.Image.dockerImage -- Used to override the default docker image - dockerImage: dcar/core-mm:2.277.1.7-ra + dockerImage: dcar/core-mm:2.277.2.1-ra # Master.JavaOpts -- Additional Java options to pass to managed masters. For example, setting up a JMX port JavaOpts: null @@ -270,7 +279,7 @@ Agents: Create: false Image: # Agents.Image.dockerImage -- Used to override the default docker image used for agents - dockerImage: dcar/agent:2.277.1.7-ra + dockerImage: dcar/agent:2.277.2.1-ra # Image pull secrets # Enable this option when using a private registry. # https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line @@ -306,7 +315,7 @@ Hibernation: Enabled: false Image: # Hibernation.Image.dockerImage -- Used to override the default docker image - dockerImage: cloudbees/managed-master-hibernation-monitor:230.ee066a318539 + dockerImage: cloudbees/managed-master-hibernation-monitor:247.c5dfce00a179 # Hibernation.Image.dockerPullPolicy -- Used to override the default pull policy dockerPullPolicy: null # Image pull secrets diff --git a/scripts/usr/local/bin/jenkins.sh b/scripts/usr/local/bin/jenkins.sh index bbfd10f363ce70d74bd6d292442f89072ffeccff..3b94c876846252c0a0830460f65f2754f3439f99 100644 --- a/scripts/usr/local/bin/jenkins.sh +++ b/scripts/usr/local/bin/jenkins.sh @@ -52,7 +52,7 @@ find /usr/share/jenkins/ref/ -type f -exec bash -c "copy_reference_file '{}'" \; # if `docker run` first argument start with `--` the user is passing jenkins launcher arguments if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then - eval "exec java ${JAVA_OPTS:-} -jar -Dcb.distributable.name=\"Docker Common CJE\" -Dcb.distributable.commit_sha=d7a5eee17fd68064fb4268ca23a591bdc00af60b /usr/share/jenkins/jenkins.war $JENKINS_OPTS \"\$@\"" + eval "exec java ${JAVA_OPTS:-} -jar -Dcb.distributable.name=\"Docker Common CJE\" -Dcb.distributable.commit_sha=308768c9f176b5155dd19ff01ca06396b66f5afd /usr/share/jenkins/jenkins.war $JENKINS_OPTS \"\$@\"" fi # As argument is not jenkins, assume user want to run his own process, for sample a `bash` shell to explore this image