From fe9bd55ca07785f6f9bab7394a7d7e69b34b787c Mon Sep 17 00:00:00 2001 From: imontero Date: Wed, 31 Mar 2021 16:48:22 +0000 Subject: [PATCH] 2.277.2.1-ra --- Dockerfile | 4 +- README.md | 8 +- hardening_manifest.yaml | 8 +- helm/Chart.yaml | 4 +- helm/README-template.md | 8 +- helm/README.md | 8 +- helm/templates/_helpers.tpl | 94 ++++++++++++++++++- .../cjoc-configure-jenkins-groovy.yaml | 2 +- helm/templates/cjoc-ingress.yaml | 20 ++-- helm/templates/cjoc-route.yaml | 4 +- helm/templates/cjoc-statefulset.yaml | 12 ++- ...master-hibernation-monitor-deployment.yaml | 3 + ...ed-master-hibernation-monitor-ingress.yaml | 29 +++--- ...-hibernation-monitor-route-namespaced.yaml | 4 +- ...aged-master-hibernation-monitor-route.yaml | 6 +- helm/values.yaml | 19 +++- scripts/usr/local/bin/jenkins.sh | 2 +- 17 files changed, 175 insertions(+), 60 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9a9f6fa..0e7f94a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -42,8 +42,8 @@ HEALTHCHECK --interval=5m --timeout=3s \ CMD curl -fsL ${JENKINS_URL}/login || exit 1 # L-A-B-E-L securitytxt="https://www.cloudbees.com/.well-known/security.txt" -# L-A-B-E-L release=d7a5eee17fd68064fb4268ca23a591bdc00af60b -# L-A-B-E-L version=2.277.1.7-ra +# L-A-B-E-L release=308768c9f176b5155dd19ff01ca06396b66f5afd +# L-A-B-E-L version=2.277.2.1-ra COPY files.tar /tmp RUN cd / && tar xvf /tmp/files.tar && rm /tmp/files.tar diff --git a/README.md b/README.md index f14508c..cc4dd79 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ CloudBees CI (formerly known as _CloudBees Core_) consists of three Docker image For each image, all files other than UBI and native packages are included in a `files.tar` marked with a SHA-256 checksum. -A version of CloudBees CI is given in the format `2.277.1.7-ra` +A version of CloudBees CI is given in the format `2.277.2.1-ra` where the first three components are aligned with a Jenkins LTS. The Helm chart is coversioned with `core-oc`. The `core-mm` image typically shares the same version, @@ -25,13 +25,13 @@ plus whatever other customizations are desired: ```yaml OperationsCenter: Image: - dockerImage: your-registry/core-oc:2.277.1.7-ra + dockerImage: your-registry/core-oc:2.277.2.1-ra Master: Image: - dockerImage: your-registry/core-mm:2.277.1.7-ra + dockerImage: your-registry/core-mm:2.277.2.1-ra Agents: Image: - dockerImage: your-registry/agent:2.277.1.7-ra + dockerImage: your-registry/agent:2.277.2.1-ra ``` and [install via Helm 3](https://docs.cloudbees.com/docs/cloudbees-core/latest/kubernetes-install-guide/installing-kubernetes-using-helm) using the local copy of the chart: diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index decc513..5fe8b0d 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: "cloudbees/core/core-oc" tags: -- "2.277.1.7-ra" +- "2.277.2.1-ra" - latest labels: org.opencontainers.image.title: "core-oc" @@ -9,7 +9,7 @@ labels: org.opencontainers.image.licenses: proprietary org.opencontainers.image.url: https://docs.cloudbees.com/docs/cloudbees-ci/ org.opencontainers.image.vendor: CloudBees - org.opencontainers.image.version: "2.277.1.7-ra" + org.opencontainers.image.version: "2.277.2.1-ra" mil.dso.ironbank.image.keywords: cicd mil.dso.ironbank.image.type: commercial mil.dso.ironbank.product.name: CloudBees CI @@ -18,10 +18,10 @@ args: BASE_TAG: "1.8.0" resources: - filename: files.tar - url: https://downloads.cloudbees.com/dsop-files/core-oc-files-5ef009a0f4b225510975a80b9a9ab9327de74ba12412d7044c9ef589f4521a3d.tar + url: https://downloads.cloudbees.com/dsop-files/core-oc-files-a8c75c110388343781c00894fcade262363681eb914929bf19c94be5195463a3.tar validation: type: sha256 - value: "5ef009a0f4b225510975a80b9a9ab9327de74ba12412d7044c9ef589f4521a3d" + value: "a8c75c110388343781c00894fcade262363681eb914929bf19c94be5195463a3" maintainers: - email: productivity-team@cloudbees.com name: CloudBees diff --git a/helm/Chart.yaml b/helm/Chart.yaml index ab3c7f6..3a767d5 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: cloudbees-core -version: 3.28.1 +version: 3.29.2 description: Enterprise Continuous Integration with Jenkins keywords: - cloudbees @@ -20,7 +20,7 @@ dependencies: repository: https://charts.cloudbees.com/public/cloudbees condition: sidecarinjector.Enabled icon: https://images.ctfassets.net/vtn4rfaw6n2j/7xprMMXARXDBuVxW4y8XfV/349fff91035050e3f2a8ff37bc0615b5/cloudbees-core-logo_header.svg -appVersion: 2.277.1.2 +appVersion: 2.277.2.3 annotations: artifacthub.io/links: | - name: Product overview diff --git a/helm/README-template.md b/helm/README-template.md index 4d452b0..1f637a4 100644 --- a/helm/README-template.md +++ b/helm/README-template.md @@ -1,6 +1,6 @@ # cloudbees-core -![Version: 3.28.1](https://img.shields.io/badge/Version-3.28.1-informational?style=flat-square) ![AppVersion: 2.277.1.2](https://img.shields.io/badge/AppVersion-2.277.1.2-informational?style=flat-square) +![Version: 3.29.2](https://img.shields.io/badge/Version-3.29.2-informational?style=flat-square) ![AppVersion: 2.277.2.3](https://img.shields.io/badge/AppVersion-2.277.2.3-informational?style=flat-square) [CloudBees CI](https://www.cloudbees.com/products/continuous-integration) is the continuous integration platform architected for the enterprise. It provides: @@ -114,7 +114,7 @@ CloudBees provides complete and more detailed installation and operation documen | Agents.SeparateNamespace.Enabled | bool | `false` | If enabled, agents resources will be created in a separate namespace as well as bindings allowing masters to schedule them. | | Agents.SeparateNamespace.Name | string | `nil` | Namespace where to create agents resources. Defaults to `${namespace}-builds` where `${namespace}` is the namespace where the chart is installed. | | Hibernation.Enabled | bool | `false` | Whether to enable the [Hibernation](https://docs.cloudbees.com/docs/cloudbees-ci/latest/cloud-admin-guide/managing-masters#_hibernation_of_managed_masters) feature | -| Hibernation.Image.dockerImage | string | `"cloudbees/managed-master-hibernation-monitor:230.ee066a318539"` | Used to override the default docker image | +| Hibernation.Image.dockerImage | string | `"cloudbees/managed-master-hibernation-monitor:247.c5dfce00a179"` | Used to override the default docker image | | Hibernation.Image.dockerPullPolicy | string | `nil` | Used to override the default pull policy | | Hibernation.ImagePullSecrets | string | `nil` | Name of image pull secret to pull private Docker images or an array of image pull secrets | | Hibernation.NodeSelector | object | `{}` | Node labels and tolerations for pod assignment ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector | @@ -130,7 +130,7 @@ CloudBees provides complete and more detailed installation and operation documen | OperationsCenter.Annotations | object | `{}` | Additional annotations to put on the pod running Operations Center | | OperationsCenter.CSRF.ProxyCompatibility | bool | `false` | Proxy compatibility for the default CSRF issuer | | OperationsCenter.ContainerPort | int | `8080` | Container port for http traffic | -| OperationsCenter.ContextPath | string | `"/cjoc"` | the path under which Operations Center will be accessible in the given host. | +| OperationsCenter.ContextPath | string | `nil` | the path under which Operations Center will be accessible in the given host. DEPRECATED - Use OperationsCenter.Name instead. | | OperationsCenter.Enabled | bool | `true` | Disable for particular use case like setting up namespaces to host masters only | | OperationsCenter.ExtraConfigMaps | list | `[]` | Extra configmaps deployed with the chart | | OperationsCenter.ExtraContainers | list | `[]` | Extra containers to add to the pod containing Operations Center. | @@ -151,6 +151,7 @@ CloudBees provides complete and more detailed installation and operation documen | OperationsCenter.JenkinsOpts | string | `nil` | Additional arguments for jenkins.war | | OperationsCenter.LoadBalancerIP | string | `nil` | Optionally assign a known public LB IP | | OperationsCenter.LoadBalancerSourceRanges | list | `["0.0.0.0/0"]` | Only applicable when using `ServiceType: LoadBalancer` | +| OperationsCenter.Name | string | `"cjoc"` | the name in the URL under which Operations Center will be accessible in the given host. For instance, if Subdomain is true, the URL to access Operations Center will be {{OperationsCenter.Protocol}}://{{OperationsCenter.Name}}.{{OperationsCenter.HostName}}:{{OperationsCenter.Port}} If Subdomain is false, the URL to access Operations Center will be {{OperationsCenter.Protocol}}://{{OperationsCenter.HostName}}:{{OperationsCenter.Port}}/{{OperationsCenter.Name}} | | OperationsCenter.NodeSelector | object | `{}` | Node labels and tolerations for pod assignment ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector | | OperationsCenter.Platform | string | `"standard"` | Enables specific settings depending on the platform platform specific values are: `eks`, `aws`, `gke`, `aks`, `openshift`, `openshift4` Note: `openshift` maps to OpenShift 3.x | | OperationsCenter.Protocol | string | `"http"` | the protocol used to access CJOC. Possible values are http/https. | @@ -176,6 +177,7 @@ CloudBees provides complete and more detailed installation and operation documen | Persistence.StorageClass | string | `nil` | Persistent Volume Storage Class for Jenkins Home If defined, storageClassName: . If set to "-", storageClassName: "", which disables dynamic provisioning. If undefined (the default) or set to null, the default storage class will be used, unless specified otherwise below. If setting OperationsCenter.Platform == gke, a storage class backed with SSD drives will be created by this chart and used automatically. | | PodSecurityPolicy.Annotations | object | `{}` | Additional annotations to put on the PodSecurityPolicy, e.g. AppArmor/Seccomp settings | | PodSecurityPolicy.Enabled | bool | `false` | Enables [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) support Enable only if the cluster supports it. | +| Subdomain | bool | `false` | Whether to use a DNS subdomain for each controller. | | ingress-nginx.Enabled | bool | `false` | Installs the [ingress-nginx](https://github.com/kubernetes/ingress-nginx/tree/master/charts/ingress-nginx) controller (optional). Enable this section if you don't have an existing installation of ingress-nginx controller Note: use `beta.kubernetes.io/os` when deploying on Kubernetes versions below 1.16 | | ingress-nginx.controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | | ingress-nginx.controller.ingressClass | string | `"nginx"` | | diff --git a/helm/README.md b/helm/README.md index fb94fbb..1d07880 100644 --- a/helm/README.md +++ b/helm/README.md @@ -1,6 +1,6 @@ # cloudbees-core -![Version: 3.28.1](https://img.shields.io/badge/Version-3.28.1-informational?style=flat-square) ![AppVersion: 2.277.1.2](https://img.shields.io/badge/AppVersion-2.277.1.2-informational?style=flat-square) +![Version: 3.29.2](https://img.shields.io/badge/Version-3.29.2-informational?style=flat-square) ![AppVersion: 2.277.2.3](https://img.shields.io/badge/AppVersion-2.277.2.3-informational?style=flat-square) [CloudBees CI](https://www.cloudbees.com/products/continuous-integration) is the continuous integration platform architected for the enterprise. It provides: @@ -114,7 +114,7 @@ CloudBees provides complete and more detailed installation and operation documen | Agents.SeparateNamespace.Enabled | bool | `false` | If enabled, agents resources will be created in a separate namespace as well as bindings allowing masters to schedule them. | | Agents.SeparateNamespace.Name | string | `nil` | Namespace where to create agents resources. Defaults to `${namespace}-builds` where `${namespace}` is the namespace where the chart is installed. | | Hibernation.Enabled | bool | `false` | Whether to enable the [Hibernation](https://docs.cloudbees.com/docs/cloudbees-ci/latest/cloud-admin-guide/managing-masters#_hibernation_of_managed_masters) feature | -| Hibernation.Image.dockerImage | string | `"cloudbees/managed-master-hibernation-monitor:230.ee066a318539"` | Used to override the default docker image | +| Hibernation.Image.dockerImage | string | `"cloudbees/managed-master-hibernation-monitor:247.c5dfce00a179"` | Used to override the default docker image | | Hibernation.Image.dockerPullPolicy | string | `nil` | Used to override the default pull policy | | Hibernation.ImagePullSecrets | string | `nil` | Name of image pull secret to pull private Docker images or an array of image pull secrets | | Hibernation.NodeSelector | object | `{}` | Node labels and tolerations for pod assignment ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector | @@ -130,7 +130,7 @@ CloudBees provides complete and more detailed installation and operation documen | OperationsCenter.Annotations | object | `{}` | Additional annotations to put on the pod running Operations Center | | OperationsCenter.CSRF.ProxyCompatibility | bool | `false` | Proxy compatibility for the default CSRF issuer | | OperationsCenter.ContainerPort | int | `8080` | Container port for http traffic | -| OperationsCenter.ContextPath | string | `"/cjoc"` | the path under which Operations Center will be accessible in the given host. | +| OperationsCenter.ContextPath | string | `nil` | the path under which Operations Center will be accessible in the given host. DEPRECATED - Use OperationsCenter.Name instead. | | OperationsCenter.Enabled | bool | `true` | Disable for particular use case like setting up namespaces to host masters only | | OperationsCenter.ExtraConfigMaps | list | `[]` | Extra configmaps deployed with the chart | | OperationsCenter.ExtraContainers | list | `[]` | Extra containers to add to the pod containing Operations Center. | @@ -151,6 +151,7 @@ CloudBees provides complete and more detailed installation and operation documen | OperationsCenter.JenkinsOpts | string | `nil` | Additional arguments for jenkins.war | | OperationsCenter.LoadBalancerIP | string | `nil` | Optionally assign a known public LB IP | | OperationsCenter.LoadBalancerSourceRanges | list | `["0.0.0.0/0"]` | Only applicable when using `ServiceType: LoadBalancer` | +| OperationsCenter.Name | string | `"cjoc"` | the name in the URL under which Operations Center will be accessible in the given host. For instance, if Subdomain is true, the URL to access Operations Center will be {{OperationsCenter.Protocol}}://{{OperationsCenter.Name}}.{{OperationsCenter.HostName}}:{{OperationsCenter.Port}} If Subdomain is false, the URL to access Operations Center will be {{OperationsCenter.Protocol}}://{{OperationsCenter.HostName}}:{{OperationsCenter.Port}}/{{OperationsCenter.Name}} | | OperationsCenter.NodeSelector | object | `{}` | Node labels and tolerations for pod assignment ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector | | OperationsCenter.Platform | string | `"standard"` | Enables specific settings depending on the platform platform specific values are: `eks`, `aws`, `gke`, `aks`, `openshift`, `openshift4` Note: `openshift` maps to OpenShift 3.x | | OperationsCenter.Protocol | string | `"http"` | the protocol used to access CJOC. Possible values are http/https. | @@ -176,6 +177,7 @@ CloudBees provides complete and more detailed installation and operation documen | Persistence.StorageClass | string | `nil` | Persistent Volume Storage Class for Jenkins Home If defined, storageClassName: . If set to "-", storageClassName: "", which disables dynamic provisioning. If undefined (the default) or set to null, the default storage class will be used, unless specified otherwise below. If setting OperationsCenter.Platform == gke, a storage class backed with SSD drives will be created by this chart and used automatically. | | PodSecurityPolicy.Annotations | object | `{}` | Additional annotations to put on the PodSecurityPolicy, e.g. AppArmor/Seccomp settings | | PodSecurityPolicy.Enabled | bool | `false` | Enables [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) support Enable only if the cluster supports it. | +| Subdomain | bool | `false` | Whether to use a DNS subdomain for each controller. | | ingress-nginx.Enabled | bool | `false` | Installs the [ingress-nginx](https://github.com/kubernetes/ingress-nginx/tree/master/charts/ingress-nginx) controller (optional). Enable this section if you don't have an existing installation of ingress-nginx controller Note: use `beta.kubernetes.io/os` when deploying on Kubernetes versions below 1.16 | | ingress-nginx.controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | | ingress-nginx.controller.ingressClass | string | `"nginx"` | | diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl index 6b62e4f..90998bf 100644 --- a/helm/templates/_helpers.tpl +++ b/helm/templates/_helpers.tpl @@ -88,6 +88,12 @@ true {{- end -}} {{- end -}} +{{- define "cloudbees-core.use-subdomain" -}} +{{- if and (eq (typeOf .Values.Subdomain) "bool") (eq .Values.Subdomain true) -}} +true +{{- end -}} +{{- end -}} + {{/* Return labels, including instance and name. */}} @@ -109,7 +115,18 @@ helm.sh/chart: {{ include "cloudbees-core.chart" . | quote }} Sanitize Operations Center context path to never have a trailing slash */}} {{- define "oc.contextpath" -}} -{{ trimSuffix "/" .Values.OperationsCenter.ContextPath }} +{{- if not (empty .Values.OperationsCenter.ContextPath) -}} +{{- trimSuffix "/" .Values.OperationsCenter.ContextPath -}} +{{- else -}} +{{- if not (include "cloudbees-core.use-subdomain" .) -}} +/ +{{- include "oc.name" . }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "oc.name" -}} +{{ .Values.OperationsCenter.Name }} {{- end -}} {{- define "oc.defaultPort" -}} @@ -130,14 +147,34 @@ Sanitize Operations Center context path to never have a trailing slash Expected Operations Center Hostname. Include port if not 80/443. */}} {{- define "oc.hostname" -}} -{{ .Values.OperationsCenter.HostName }}{{- include "oc.optionalPort" . -}} +{{- include "oc.hostnamewithoutport" . -}}{{- include "oc.optionalPort" . -}} +{{- end -}} + +{{/* +Expected Operations Center Hostname. Include port if not 80/443. +*/}} +{{- define "oc.hostnamewithoutport" -}} +{{- if (include "cloudbees-core.use-subdomain" .) -}} +{{- include "oc.name" . -}}. +{{- end -}} +{{ .Values.OperationsCenter.HostName }} +{{- end -}} + +{{/* +Expected Operations Center Hostname. Include port if not 80/443. +*/}} +{{- define "hibernation.hostnamewithoutport" -}} +{{- if (include "cloudbees-core.use-subdomain" .) -}} +hibernation-{{ .Release.Namespace }}. +{{- end -}} +{{ .Values.OperationsCenter.HostName }} {{- end -}} {{/* Expected Operations Center URL. Always ends with a trailing slash. */}} {{- define "oc.url" -}} -{{- template "oc.protocol" . -}}://{{ include "oc.hostname" . }}{{ include "oc.contextpath" . }}/ +{{- include "oc.protocol" . -}}://{{ include "oc.hostname" . }}{{ include "oc.contextpath" . }}/ {{- end -}} {{- define "ingress.annotations" -}} @@ -161,6 +198,21 @@ nginx.ingress.kubernetes.io/ssl-redirect: "{{- template "ingress.ssl_redirect" . {{- end }} {{- end }} +{{- define "cjoc.ingress.annotations" -}} +{{ include "ingress.annotations" . }} +{{- if eq .Values.OperationsCenter.Platform "eks" }} +alb.ingress.kubernetes.io/healthcheck-path: {{ include "oc.contextpath" . }}/login +{{- end }} +{{- end }} + +{{- define "hibernationMonitor.ingress.annotations" -}} +{{ include "ingress.annotations" . }} +{{- if eq .Values.OperationsCenter.Platform "eks" }} +alb.ingress.kubernetes.io/healthcheck-path: /health/live +{{- end }} +{{- end }} + + {{- define "ingress.root-redirect" -}} {{ include "oc.contextpath" . }}/teams-check/ {{- end }} @@ -191,7 +243,9 @@ extensions {{- end -}} {{- define "ingress.apiVersion" -}} -{{- if ge (atoi (.Capabilities.KubeVersion.Minor)) 15 -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} +networking.k8s.io/v1 +{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}} networking.k8s.io/v1beta1 {{- else -}} extensions/v1beta1 @@ -202,6 +256,30 @@ extensions/v1beta1 {{- .Values.OperationsCenter.Ingress.tls.Enable }} {{- end -}} +{{- define "ingress.backend.cjoc" -}} +{{- if eq (include "ingress.apiVersion" .) "networking.k8s.io/v1" -}} +service: + name: cjoc + port: + number: {{ .Values.OperationsCenter.ServicePort }} +{{- else -}} +serviceName: cjoc +servicePort: {{ .Values.OperationsCenter.ServicePort }} +{{- end -}} +{{- end -}} + +{{- define "ingress.backend.hibernation" -}} +{{- if eq (include "ingress.apiVersion" .) "networking.k8s.io/v1" -}} +service: + name: managed-master-hibernation-monitor + port: + number: 80 +{{- else -}} +serviceName: managed-master-hibernation-monitor +servicePort: 80 +{{- end -}} +{{- end -}} + {{/* If rbac.installCluster is defined, honor it. Otherwise, default to true, except on Openshift 3 where we default to "" (falsy) @@ -471,3 +549,11 @@ status: true {{- end -}} {{- end -}} + +{{- define "hibernation.routenonnamespacedurls" -}} +{{- if and (eq (typeOf .Values.OperationsCenter.Enabled) "bool") (eq .Values.OperationsCenter.Enabled false) -}} +true +{{- else -}} +false +{{- end -}} +{{- end -}} diff --git a/helm/templates/cjoc-configure-jenkins-groovy.yaml b/helm/templates/cjoc-configure-jenkins-groovy.yaml index ac45647..fddeb08 100644 --- a/helm/templates/cjoc-configure-jenkins-groovy.yaml +++ b/helm/templates/cjoc-configure-jenkins-groovy.yaml @@ -7,7 +7,7 @@ metadata: {{ include "cloudbees-core.labels" . | indent 4 }} data: location.groovy: | -{{- if .Values.OperationsCenter.HostName }} +{{- if (include "oc.hostnamewithoutport" .) }} jenkins.model.JenkinsLocationConfiguration.get().setUrl("{{- template "oc.url" . -}}") {{- end }} {{- if .Values.OperationsCenter.ExtraGroovyConfiguration }} diff --git a/helm/templates/cjoc-ingress.yaml b/helm/templates/cjoc-ingress.yaml index 123a793..037c863 100644 --- a/helm/templates/cjoc-ingress.yaml +++ b/helm/templates/cjoc-ingress.yaml @@ -8,7 +8,7 @@ metadata: labels: {{ include "cloudbees-core.labels" . | indent 4 }} annotations: -{{ include "ingress.annotations" . | indent 4 }} +{{ include "cjoc.ingress.annotations" . | indent 4 }} {{- if not (include "cloudbees-core.is-openshift" .) }} nginx.ingress.kubernetes.io/app-root: {{ include "ingress.root-redirect" . | quote }} # "413 Request Entity Too Large" uploading plugins, increase client_max_body_size @@ -18,24 +18,26 @@ metadata: spec: rules: - -{{- if .Values.OperationsCenter.HostName }} - host: {{ .Values.OperationsCenter.HostName | quote }} +{{- if (include "oc.hostnamewithoutport" . ) }} + host: {{ include "oc.hostnamewithoutport" . | quote }} {{- end }} http: paths: {{- include "ingress.redirect-rules" . | indent 6 }} - - path: {{ include "oc.contextpath" . }} + - path: {{ include "oc.contextpath" . | quote }} backend: - serviceName: cjoc - servicePort: {{ .Values.OperationsCenter.ServicePort }} +{{ include "ingress.backend.cjoc" . | indent 10 -}} +{{ if eq (include "ingress.apiVersion" .) "networking.k8s.io/v1" }} + pathType: Prefix +{{ else }} - path: {{ include "oc.contextpath" . }}/* backend: - serviceName: cjoc - servicePort: {{ .Values.OperationsCenter.ServicePort }} +{{ include "ingress.backend.cjoc" . | indent 10 -}} +{{- end -}} {{- if .Values.OperationsCenter.Ingress.tls.Enable }} tls: - hosts: - - {{ .Values.OperationsCenter.HostName | quote }} + - {{ include "oc.hostnamewithoutport" . | quote }} secretName: {{ .Values.OperationsCenter.Ingress.tls.SecretName }} {{- end -}} {{- end -}} diff --git a/helm/templates/cjoc-route.yaml b/helm/templates/cjoc-route.yaml index def9f6f..e723d77 100644 --- a/helm/templates/cjoc-route.yaml +++ b/helm/templates/cjoc-route.yaml @@ -7,8 +7,8 @@ metadata: labels: {{ include "cloudbees-core.labels" . | indent 4 }} spec: -{{- if .Values.OperationsCenter.HostName }} - host: {{ .Values.OperationsCenter.HostName | quote }} +{{- if (include "oc.hostnamewithoutport" .) }} + host: {{ include "oc.hostnamewithoutport" . | quote }} {{- end }} path: {{ include "oc.contextpath" . | quote }} to: diff --git a/helm/templates/cjoc-statefulset.yaml b/helm/templates/cjoc-statefulset.yaml index bab0812..9923a51 100644 --- a/helm/templates/cjoc-statefulset.yaml +++ b/helm/templates/cjoc-statefulset.yaml @@ -116,6 +116,10 @@ spec: -Dcom.cloudbees.jenkins.plugins.kube.NamespaceFilter.defaultNamespace={{ template "agents.namespace" . }} {{- end }} -Dcom.cloudbees.jenkins.plugins.kube.ServiceAccountFilter.defaultServiceAccount={{ .Values.rbac.agentsServiceAccountName }} + -Dcom.cloudbees.networking.useSubdomain={{ default "false" (include "cloudbees-core.use-subdomain" .) }} + -Dcom.cloudbees.networking.protocol={{ include "oc.protocol" . }} + -Dcom.cloudbees.networking.hostname={{ .Values.OperationsCenter.HostName }} + -Dcom.cloudbees.networking.port={{ include "oc.port" . }} {{- if .Values.Master.JavaOpts }} {{ .Values.Master.JavaOpts }} {{- end }} @@ -137,6 +141,10 @@ spec: -Dcom.cloudbees.opscenter.analytics.reporter.JocAnalyticsReporter.PERIOD=120 -Dcom.cloudbees.opscenter.analytics.reporter.metrics.AperiodicMetricSubmitter.PERIOD=120 -Dcom.cloudbees.opscenter.analytics.FeederConfiguration.PERIOD=120 + -Dcom.cloudbees.networking.useSubdomain={{ default "false" (include "cloudbees-core.use-subdomain" .) }} + -Dcom.cloudbees.networking.protocol={{ include "oc.protocol" . }} + -Dcom.cloudbees.networking.hostname={{ .Values.OperationsCenter.HostName }} + -Dcom.cloudbees.networking.port={{ include "oc.port" . }} -Dcom.cloudbees.masterprovisioning.kubernetes.KubernetesMasterProvisioning.fsGroup={{ include "oc.fsGroup" . }} -Dcom.cloudbees.jce.masterprovisioning.DockerImageDefinitionConfiguration.disableAutoConfiguration=true -Dcom.cloudbees.jce.masterprovisioning.DockerImageDefinitionConfiguration.masterImageName={{ include "mm.longname" . | quote}} @@ -151,7 +159,7 @@ spec: {{- if .Values.OperationsCenter.Ingress.Class }} -Dcom.cloudbees.masterprovisioning.kubernetes.KubernetesMasterProvisioning.ingressClass={{ .Values.OperationsCenter.Ingress.Class }} {{- end }} - {{- if not (.Values.OperationsCenter.HostName) }} + {{- if not (include "oc.hostnamewithoutport" .) }} -Dcom.cloudbees.masterprovisioning.kubernetes.KubernetesClusterEndpoint.wildcardIngress=true {{- end }} {{- if .Values.OperationsCenter.JavaOpts }} @@ -164,7 +172,7 @@ spec: {{- if .Values.OperationsCenter.HostName }} -Dcom.cloudbees.jenkins.plugins.platform.PlatformConfiguration.url={{- include "oc.protocol" . -}}://{{ include "oc.hostname" . }}/ {{- end }} - -Dcom.cloudbees.jenkins.plugins.platform.PlatformServer.apiUrl=https://flow-server:8443/ + -Dcom.cloudbees.jenkins.plugins.platform.PlatformServer.apiUrl=https://flow-server.{{ .Release.Namespace }}:8443/ {{- end }} -XX:+UseG1GC -XX:+DisableExplicitGC diff --git a/helm/templates/managed-master-hibernation-monitor-deployment.yaml b/helm/templates/managed-master-hibernation-monitor-deployment.yaml index 9c7e106..40baf49 100644 --- a/helm/templates/managed-master-hibernation-monitor-deployment.yaml +++ b/helm/templates/managed-master-hibernation-monitor-deployment.yaml @@ -48,6 +48,9 @@ spec: imagePullPolicy: {{ .dockerPullPolicy }} {{- end}} {{- end}} + args: + - '-Dcom.cloudbees.networking.useSubdomain={{ default "false" (include "cloudbees-core.use-subdomain" .) }}' + - '-Dcom.cloudbees.networking.routeNonnamespacedURLs={{- include "hibernation.routenonnamespacedurls" . }}' ports: - containerPort: 8090 name: http diff --git a/helm/templates/managed-master-hibernation-monitor-ingress.yaml b/helm/templates/managed-master-hibernation-monitor-ingress.yaml index f1ee17e..a1c07c4 100644 --- a/helm/templates/managed-master-hibernation-monitor-ingress.yaml +++ b/helm/templates/managed-master-hibernation-monitor-ingress.yaml @@ -7,35 +7,40 @@ metadata: labels: {{ include "cloudbees-core.labels" . | indent 4 }} annotations: -{{ include "ingress.annotations" . | indent 4 }} +{{ include "hibernationMonitor.ingress.annotations" . | indent 4}} spec: rules: - -{{- if .Values.OperationsCenter.HostName }} - host: {{ .Values.OperationsCenter.HostName | quote }} +{{- if (include "hibernation.hostnamewithoutport" . ) }} + host: {{ include "hibernation.hostnamewithoutport" . | quote }} {{- end }} http: paths: - path: /hibernation/ns/{{ .Release.Namespace }}/ backend: - serviceName: managed-master-hibernation-monitor - servicePort: 80 +{{ include "ingress.backend.hibernation" . | indent 10 }} +{{- if eq (include "ingress.apiVersion" .) "networking.k8s.io/v1" }} + pathType: Prefix +{{- else }} - path: /hibernation/ns/{{ .Release.Namespace }}/* backend: - serviceName: managed-master-hibernation-monitor - servicePort: 80 + +{{ include "ingress.backend.hibernation" . | indent 10 }} +{{- end }} - path: /hibernation/ backend: - serviceName: managed-master-hibernation-monitor - servicePort: 80 +{{ include "ingress.backend.hibernation" . | indent 10 }} +{{- if eq (include "ingress.apiVersion" .) "networking.k8s.io/v1" }} + pathType: Prefix +{{- else }} - path: /hibernation/* backend: - serviceName: managed-master-hibernation-monitor - servicePort: 80 +{{ include "ingress.backend.hibernation" . | indent 10 }} +{{- end }} {{- if .Values.OperationsCenter.Ingress.tls.Enable }} tls: - hosts: - - {{ .Values.OperationsCenter.HostName | quote }} + - {{ include "hibernation.hostnamewithoutport" . | quote }} secretName: {{ .Values.OperationsCenter.Ingress.tls.SecretName }} {{- end -}} {{- end -}} diff --git a/helm/templates/managed-master-hibernation-monitor-route-namespaced.yaml b/helm/templates/managed-master-hibernation-monitor-route-namespaced.yaml index 3a7d53d..33d125a 100644 --- a/helm/templates/managed-master-hibernation-monitor-route-namespaced.yaml +++ b/helm/templates/managed-master-hibernation-monitor-route-namespaced.yaml @@ -5,8 +5,8 @@ kind: Route metadata: name: managed-master-hibernation-monitor-namespaced spec: -{{- if .Values.OperationsCenter.HostName }} - host: {{ .Values.OperationsCenter.HostName | quote }} +{{- if (include "hibernation.hostnamewithoutport" . ) }} + host: {{ include "hibernation.hostnamewithoutport" . | quote }} {{- end }} path: /hibernation/ns/{{ .Release.Namespace }} to: diff --git a/helm/templates/managed-master-hibernation-monitor-route.yaml b/helm/templates/managed-master-hibernation-monitor-route.yaml index 6b8344e..d1dfacf 100644 --- a/helm/templates/managed-master-hibernation-monitor-route.yaml +++ b/helm/templates/managed-master-hibernation-monitor-route.yaml @@ -1,4 +1,3 @@ -{{- if .Values.OperationsCenter.Enabled -}} {{- if .Values.Hibernation.Enabled -}} {{- if include "cloudbees-core.needs-routes" . -}} apiVersion: route.openshift.io/v1 @@ -6,8 +5,8 @@ kind: Route metadata: name: managed-master-hibernation-monitor spec: -{{- if .Values.OperationsCenter.HostName }} - host: {{ .Values.OperationsCenter.HostName | quote }} +{{- if (include "hibernation.hostnamewithoutport" . ) }} + host: {{ include "hibernation.hostnamewithoutport" . | quote }} {{- end }} path: /hibernation to: @@ -21,4 +20,3 @@ spec: {{ include "chart.helmRouteFix" $ }} {{- end -}} {{- end -}} -{{- end -}} diff --git a/helm/values.yaml b/helm/values.yaml index 4edaa61..3725e7b 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -2,6 +2,9 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +# Subdomain -- Whether to use a DNS subdomain for each controller. +Subdomain: false + # ingress-nginx.Enabled -- Installs the [ingress-nginx](https://github.com/kubernetes/ingress-nginx/tree/master/charts/ingress-nginx) controller (optional). # Enable this section if you don't have an existing installation of ingress-nginx controller # Note: use `beta.kubernetes.io/os` when deploying on Kubernetes versions below 1.16 @@ -54,7 +57,7 @@ OperationsCenter: # Operations Center docker image Image: # OperationsCenter.Image.dockerImage -- Container image to use for Operations Center - dockerImage: dcar/core-oc:2.277.1.7-ra + dockerImage: dcar/core-oc:2.277.2.1-ra # OperationsCenter.Image.dockerPullPolicy -- https://kubernetes.io/docs/concepts/containers/images/#updating-images dockerPullPolicy: null @@ -73,7 +76,13 @@ OperationsCenter: HostName: null # OperationsCenter.ContextPath -- the path under which Operations Center will be accessible in the given host. - ContextPath: /cjoc + # DEPRECATED - Use OperationsCenter.Name instead. + ContextPath: null + + # OperationsCenter.Name -- the name in the URL under which Operations Center will be accessible in the given host. + # For instance, if Subdomain is true, the URL to access Operations Center will be {{OperationsCenter.Protocol}}://{{OperationsCenter.Name}}.{{OperationsCenter.HostName}}:{{OperationsCenter.Port}} + # If Subdomain is false, the URL to access Operations Center will be {{OperationsCenter.Protocol}}://{{OperationsCenter.HostName}}:{{OperationsCenter.Port}}/{{OperationsCenter.Name}} + Name: cjoc # OperationsCenter.Protocol -- the protocol used to access CJOC. Possible values are http/https. Protocol: http @@ -253,7 +262,7 @@ Master: # Docker image inserted in Operations Center automatically Image: # Master.Image.dockerImage -- Used to override the default docker image - dockerImage: dcar/core-mm:2.277.1.7-ra + dockerImage: dcar/core-mm:2.277.2.1-ra # Master.JavaOpts -- Additional Java options to pass to managed masters. For example, setting up a JMX port JavaOpts: null @@ -270,7 +279,7 @@ Agents: Create: false Image: # Agents.Image.dockerImage -- Used to override the default docker image used for agents - dockerImage: dcar/agent:2.277.1.7-ra + dockerImage: dcar/agent:2.277.2.1-ra # Image pull secrets # Enable this option when using a private registry. # https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line @@ -306,7 +315,7 @@ Hibernation: Enabled: false Image: # Hibernation.Image.dockerImage -- Used to override the default docker image - dockerImage: cloudbees/managed-master-hibernation-monitor:230.ee066a318539 + dockerImage: cloudbees/managed-master-hibernation-monitor:247.c5dfce00a179 # Hibernation.Image.dockerPullPolicy -- Used to override the default pull policy dockerPullPolicy: null # Image pull secrets diff --git a/scripts/usr/local/bin/jenkins.sh b/scripts/usr/local/bin/jenkins.sh index bbfd10f..3b94c87 100644 --- a/scripts/usr/local/bin/jenkins.sh +++ b/scripts/usr/local/bin/jenkins.sh @@ -52,7 +52,7 @@ find /usr/share/jenkins/ref/ -type f -exec bash -c "copy_reference_file '{}'" \; # if `docker run` first argument start with `--` the user is passing jenkins launcher arguments if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then - eval "exec java ${JAVA_OPTS:-} -jar -Dcb.distributable.name=\"Docker Common CJE\" -Dcb.distributable.commit_sha=d7a5eee17fd68064fb4268ca23a591bdc00af60b /usr/share/jenkins/jenkins.war $JENKINS_OPTS \"\$@\"" + eval "exec java ${JAVA_OPTS:-} -jar -Dcb.distributable.name=\"Docker Common CJE\" -Dcb.distributable.commit_sha=308768c9f176b5155dd19ff01ca06396b66f5afd /usr/share/jenkins/jenkins.war $JENKINS_OPTS \"\$@\"" fi # As argument is not jenkins, assume user want to run his own process, for sample a `bash` shell to explore this image -- GitLab