diff --git a/Dockerfile b/Dockerfile index 3ac26fa518a077ffff3ec81c13e0694f132025a5..e70a0adee3482c6ac34e7da0472f903b20e3dcca 100644 --- a/Dockerfile +++ b/Dockerfile @@ -42,14 +42,11 @@ HEALTHCHECK --interval=5m --timeout=3s \ CMD curl -fsL ${JENKINS_URL}/login || exit 1 LABEL securitytxt="https://www.cloudbees.com/.well-known/security.txt" -LABEL release=35bd8640427b6d61f14c96f9f6e8aecbe4f3822e -LABEL version=2.249.3.3 +LABEL release=b91ce79ef06dbc1aafd7c750f19bc0083b6eca75 +LABEL version=2.263.1.2 ARG TARBALL=files.tar -COPY ${TARBALL} /tmp -RUN cd / && \ - tar xvf /tmp/files.tar && \ - rm /tmp/files.tar +ADD ${TARBALL} / COPY scripts/ / RUN chmod +x /usr/local/bin/*.sh && \ diff --git a/Jenkinsfile b/Jenkinsfile index 03ae711aa3dd4708caf4acab0ff3542ab09c30f5..05c1f6b43785650e01b21f434e8517cef8de7447 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,2 +1,2 @@ @Library('DCCSCR@master') _ -dccscrPipeline(version: '2.249.3.3') +dccscrPipeline(version: '2.263.1.2') diff --git a/README.md b/README.md index e3ab22126c923cc1e1e36efdf22ce2fad57ee645..2d5baa8f3766439f2229b68752065e8573860b41 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ CloudBees CI (formerly known as _CloudBees Core_) consists of three Docker image For each image, all files other than UBI and native packages are included in a `files.tar` marked with a SHA-256 checksum. -A version of CloudBees CI is given in the format `2.249.3.3` +A version of CloudBees CI is given in the format `2.263.1.2` where the first three components are aligned with a Jenkins LTS. The Helm chart is coversioned with `core-oc`. The `core-mm` image typically shares the same version, @@ -22,13 +22,13 @@ plus whatever other customizations are desired: ```yaml OperationsCenter: Image: - dockerImage: your-registry/core-oc:2.249.3.3 + dockerImage: your-registry/core-oc:2.263.1.2 Master: Image: - dockerImage: your-registry/core-mm:2.249.3.3 + dockerImage: your-registry/core-mm:2.263.1.2 Agents: Image: - dockerImage: your-registry/agent:2.249.3.3 + dockerImage: your-registry/agent:2.263.1.2 ``` and [install via Helm 3](https://docs.cloudbees.com/docs/cloudbees-core/latest/kubernetes-install-guide/installing-kubernetes-using-helm) using the local copy of the chart: diff --git a/download.json b/download.json index 027550c7732516e12419d58826c884cf3e0989e8..f0b9699dcabfd830ca75a4a8eaa83c203d820dfd 100644 --- a/download.json +++ b/download.json @@ -1,11 +1,11 @@ { "resources": [ { - "url": "https://downloads.cloudbees.com/dsop-files/core-oc-files-d57097205d4acc2ebd4db03f9a93d3bf83a7b8468174fa81837741064fbfb7c3.tar", + "url": "https://downloads.cloudbees.com/dsop-files/core-oc-files-40a611ede95284e1911ac85801ab5f27a7f4402ba16d65e1d44d31ce59ae0854.tar", "filename": "files.tar", "validation": { "type": "sha256", - "value": "d57097205d4acc2ebd4db03f9a93d3bf83a7b8468174fa81837741064fbfb7c3" + "value": "40a611ede95284e1911ac85801ab5f27a7f4402ba16d65e1d44d31ce59ae0854" } } ] diff --git a/helm/.helmignore b/helm/.helmignore new file mode 100644 index 0000000000000000000000000000000000000000..ecfd1a16f096ff2f2e1f4a8dc9f654d10f75d38f --- /dev/null +++ b/helm/.helmignore @@ -0,0 +1,3 @@ +README.md.gotmpl +.gitignore +.helmignore diff --git a/helm/Chart.yaml b/helm/Chart.yaml index 8c2835b62338eb2008d6693f498ee69e860d1634..df2528f955ba947a547ff31df5cb6d283d28533c 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,12 +1,13 @@ +name: cloudbees-core +home: https://www.cloudbees.com/products/continuous-integration apiVersion: v1 -appVersion: 2.249.3.3 +appVersion: 2.263.1.2 +version: 3.24.1 +kubeVersion: ^1.14.0-0 description: Enterprise Continuous Integration with Jenkins -engine: gotpl -home: https://www.cloudbees.com/products/continuous-integration icon: https://images.ctfassets.net/vtn4rfaw6n2j/7xprMMXARXDBuVxW4y8XfV/349fff91035050e3f2a8ff37bc0615b5/cloudbees-core-logo_header.svg keywords: -- cloudbees -- jenkins -kubeVersion: ^1.14.0-0 -name: cloudbees-core -version: 3.23.4-DEVELOPMENT + - cloudbees + - jenkins +engine: gotpl + diff --git a/helm/README-template.md b/helm/README-template.md new file mode 100644 index 0000000000000000000000000000000000000000..96141960dcd5e8b61ac88a178ba29c152852199a --- /dev/null +++ b/helm/README-template.md @@ -0,0 +1,183 @@ +# cloudbees-core + +![Version: 3.24.1](https://img.shields.io/badge/Version-3.24.1-informational?style=flat-square) ![AppVersion: 2.263.1.2](https://img.shields.io/badge/AppVersion-2.263.1.2-informational?style=flat-square) + +[CloudBees CI](https://www.cloudbees.com/products/continuous-integration) is the continuous integration platform architected for the enterprise. It provides: + +* DevOps at scale +* Resilience and high availability +* Easy management +* Enterprise grade security + +## TL;DR; + +```console +$ helm repo add cloudbees https://charts.cloudbees.com/public/cloudbees +$ helm install cloudbees/cloudbees-core --name +``` + +## Introduction + +This chart bootstraps a CloudBees CI deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + - Kubernetes 1.14 or higher + - Helm 3.0.2 or higher + +## Requirements + +Kubernetes: `^1.14.0-0` + +| Repository | Name | Version | +|------------|------|---------| +| https://charts.cloudbees.com/public/cloudbees | cloudbees-sidecar-injector | 2.1.0 | +| https://charts.helm.sh/stable | nginx-ingress | 1.40.2 | +| https://kubernetes.github.io/ingress-nginx | ingress-nginx | 2.15.0 | + +## Installing the Chart + +### Default installation + +To install the chart with the release name `cloudbees-core` and hostname `cloudbees-core.example.com`. The default installation requires nginx-ingress controller to be installed. The chart can install the nginx-ingress controller for you. This installation is described in the next section. + +```console +$ helm install cloudbees/cloudbees-core \ + --name cloudbees-core \ + --set OperationsCenter.HostName='cloudbees-core.example.com' +``` + +The command deploys CloudBees CI on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +### Ingress Controller Installation + +The chart is designed, so it can install an ingress-nginx controller. +The `"ingress-nginx".Enabled` field controls ingress controller installation and setup. +To install the chart with the release name `cloudbees-core` and hostname cloudbees-core.example.com. + +```console +$ helm install cloudbees/cloudbees-core \ + --name cloudbees-core \ + --set "ingress-nginx".Enabled=true +``` + +## Uninstalling the Chart + +To uninstall/delete the `cloudbees-core` deployment: + +```console +$ helm delete cloudbees-core +``` +> **NOTE**: The current version of the CloudBees CI Helm Chart only manages the Operation Center. +Users should manage Managed Master using Operation Center. + +The `helm delete` command stops the CloudBees CI deployment than removes the OperationsCenter Center. +The release is still stored in the Helm database, but it will now have the status deleted. +If you wish to completely remove the release, use the following variation of the `helm delete` command. + +```console +$ helm delete cloudbees-core --purge +``` + +> **IMPORTANT**: The `helm delete` command does NOT remove the persistent volume claims as precaution against data loss. +You will need to use the `kubectl delete pvc` command to delete the persistent volume claims. + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +Please refer to the chart `values.yaml` to get the exhaustive list of values that can be customized. +The easiest way to consult it is through the command `helm inspect values cloudbees/cloudbees-core`. + +Each property can override a default value with a value that specific to your Kubernetes cluster +You can provide this values using the `--set` flag on the Helm command line. + +Helm also support merging values files together, so that you can create a YAML file for each environment. + +### Environment Property Value Files +Helm provides the option to use a custom property values file to override the default values set in the `values.yaml` file. +CloudBees recommends creating a custom properties file to override the default for your environments, instead of directly editing the included values.yaml file. + +To use an environment property value file with Helm, use the -f option as shown in the following example: +`helm install cloudbees-core --name cloudbees-core -f example-values.yaml` + +You can download the latest version of the `example-values.yaml` file from CloudBees Examples GitHub repository at https://github.com/cloudbees/cloudbees-examples/tree/master/helm-custom-value-file-examples. + +## Additional Documentation +CloudBees provides complete and more detailed installation and operation documentation on the CloudBees web site at https://docs.cloudbees.com/docs/cloudbees-ci/latest/kubernetes-install-guide/ + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| Agents.Enabled | bool | `true` | Enable to create agent resources (service account, role) | +| Agents.Image.dockerImage | string | `"@@IMAGE_PREFIX@@/agent:@@IMAGE_TAG@@"` | Used to override the default docker image used for agents | +| Agents.ImagePullSecrets | string | `nil` | Name of image pull secret to pull private Docker images or an array of image pull secrets | +| Agents.SeparateNamespace.Create | bool | `false` | If true, the second namespace will be created when installing this chart. Otherwise, the existing namespace should be labeled with `cloudbees.com/role: agents` in order for network policies to work. | +| Agents.SeparateNamespace.Enabled | bool | `false` | If enabled, agents resources will be created in a separate namespace as well as bindings allowing masters to schedule them. | +| Agents.SeparateNamespace.Name | string | `nil` | Namespace where to create agents resources. Defaults to `${namespace}-builds` where `${namespace}` is the namespace where the chart is installed. | +| Hibernation.Enabled | bool | `false` | Whether to enable the [Hibernation](https://docs.cloudbees.com/docs/cloudbees-ci/latest/cloud-admin-guide/managing-masters#_hibernation_of_managed_masters) feature | +| Hibernation.Image.dockerImage | string | `"cloudbees/managed-master-hibernation-monitor:230.ee066a318539"` | Used to override the default docker image | +| Hibernation.Image.dockerPullPolicy | string | `nil` | Used to override the default pull policy | +| Hibernation.ImagePullSecrets | string | `nil` | Name of image pull secret to pull private Docker images or an array of image pull secrets | +| Master.Enabled | bool | `true` | Whether to create the resources required to schedule masters. | +| Master.Image.dockerImage | string | `"@@IMAGE_PREFIX@@/core-mm:@@IMAGE_TAG@@"` | Used to override the default docker image | +| Master.JavaOpts | string | `nil` | Additional Java options to pass to managed masters. For example, setting up a JMX port | +| Master.OperationsCenterNamespace | string | `nil` | When deploying Master resources, this grants an Operations Center deployed in another namespace the right to deploy masters | +| NetworkPolicy.Enabled | bool | `false` | Enable only if the cluster supports it. Read the [documentation](https://kubernetes.io/docs/concepts/services-networking/network-policies/) to understand what this is about. | +| NetworkPolicy.JMXSelectors | list | `[]` | Custom selectors for accessing JMX port | +| NetworkPolicy.ingressControllerSelector | list | `[]` | Custom selector for the ingress-controller | +| OperationsCenter.AgentListenerPort | int | `50000` | Container port for agent listener traffic | +| OperationsCenter.Annotations | object | `{}` | Additional annotations to put on the pod running Operations Center | +| OperationsCenter.CSRF.ProxyCompatibility | bool | `false` | Proxy compatibility for the default CSRF issuer | +| OperationsCenter.ContainerPort | int | `8080` | Container port for http traffic | +| OperationsCenter.ContextPath | string | `"/cjoc"` | the path under which Operations Center will be accessible in the given host. | +| OperationsCenter.Enabled | bool | `true` | Disable for particular use case like setting up namespaces to host masters only | +| OperationsCenter.HealthProbeLivenessFailureThreshold | int | `12` | Threshold for liveness failure | +| OperationsCenter.HealthProbes | bool | `true` | Enable Kubernetes Liveness and Readiness Probes | +| OperationsCenter.HostName | string | `nil` | The hostname used to access Operations Center through the ingress controller. | +| OperationsCenter.Image.dockerImage | string | `"@@IMAGE_PREFIX@@/core-oc:@@IMAGE_TAG@@"` | Container image to use for Operations Center | +| OperationsCenter.Image.dockerPullPolicy | string | `nil` | https://kubernetes.io/docs/concepts/containers/images/#updating-images | +| OperationsCenter.ImagePullSecrets | string | `nil` | Name of image pull secret to pull private Docker images or an array of image pull secrets | +| OperationsCenter.Ingress.Annotations | object | `{"kubernetes.io/tls-acme":"false"}` | annotations to put on Ingress object | +| OperationsCenter.Ingress.Class | string | `"nginx"` | Ingress class to use for OC and MM ingresses Should be set to the same value as nginx-ingress.controller.ingressClass if enabled | +| OperationsCenter.Ingress.tls.Enable | bool | `false` | Set this to true in order to enable TLS on the ingress record | +| OperationsCenter.Ingress.tls.SecretName | string | `nil` | The name of the secret containing the certificate and private key to terminate TLS for the ingress | +| OperationsCenter.JavaOpts | string | `nil` | Additional java options to pass to the Operations Center | +| OperationsCenter.JenkinsOpts | string | `nil` | Additional arguments for jenkins.war | +| OperationsCenter.LoadBalancerIP | string | `nil` | Optionally assign a known public LB IP | +| OperationsCenter.LoadBalancerSourceRanges | list | `["0.0.0.0/0"]` | Only applicable when using `ServiceType: LoadBalancer` | +| OperationsCenter.NodeSelector | object | `{}` | Node labels and tolerations for pod assignment ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector | +| OperationsCenter.Platform | string | `"standard"` | Enables specific settings depending on the platform platform specific values are: `eks`, `aws`, `gke`, `aks`, `openshift`, `openshift4` Note: `openshift` maps to OpenShift 3.x | +| OperationsCenter.Protocol | string | `"http"` | the protocol used to access CJOC. Possible values are http/https. | +| OperationsCenter.Resources.Limits.Cpu | int | `1` | CPU limit to run Operations Center https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-cpu | +| OperationsCenter.Resources.Limits.Memory | string | `"2G"` | Memory limit to run Operations Center https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-memory | +| OperationsCenter.Resources.Requests.Cpu | int | `1` | CPU request to run Operations Center https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-cpu | +| OperationsCenter.Resources.Requests.Memory | string | `"2G"` | Memory request to run Operations Center https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-memory | +| OperationsCenter.Route.tls.Enable | bool | `false` | Set this to true in OpenShift to terminate TLS at route level | +| OperationsCenter.ServiceAgentListenerPort | int | `50000` | Controls the service port where Operations Center TCP port for agents is exposed. Don't change this parameter unless you know what you are doing | +| OperationsCenter.ServiceAnnotations | object | `{}` | Additional annotations to put on the Operations Center service | +| OperationsCenter.ServicePort | int | `80` | Controls the service port where Operations Center http port is exposed. Don't change this parameter unless you know what you are doing | +| OperationsCenter.ServiceType | string | `"ClusterIP"` | Service Type. Defaults to ClusterIP, since we recommend using an ingress controller. | +| OperationsCenter.Tolerations | list | `[]` | Specify tolerations for the Operations Center pod. See [documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | +| Persistence.AccessMode | string | `"ReadWriteOnce"` | Access mode for the PVC ([doc](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)) | +| Persistence.Annotations | object | `{}` | Annotations to put on the PVC | +| Persistence.Size | string | `"20Gi"` | Size of the Operations Center volume | +| Persistence.StorageClass | string | `nil` | Persistent Volume Storage Class for Jenkins Home If defined, storageClassName: . If set to "-", storageClassName: "", which disables dynamic provisioning. If undefined (the default) or set to null, the default storage class will be used, unless specified otherwise below. If setting OperationsCenter.Platform == gke, a storage class backed with SSD drives will be created by this chart and used automatically. | +| PodSecurityPolicy.Annotations | object | `{}` | Additional annotations to put on the PodSecurityPolicy, e.g. AppArmor/Seccomp settings | +| PodSecurityPolicy.Enabled | bool | `false` | Enables [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) support Enable only if the cluster supports it. | +| ingress-nginx.Enabled | bool | `false` | Installs the [ingress-nginx](https://github.com/kubernetes/ingress-nginx/tree/master/charts/ingress-nginx) controller (optional). Enable this section if you don't have an existing installation of ingress-nginx controller Note: use `beta.kubernetes.io/os` when deploying on Kubernetes versions below 1.16 | +| ingress-nginx.controller.ingressClass | string | `"nginx"` | | +| ingress-nginx.controller.nodeSelector."kubernetes.io/os" | string | `"linux"` | | +| ingress-nginx.controller.service.externalTrafficPolicy | string | `"Local"` | | +| ingress-nginx.defaultBackend.nodeSelector."kubernetes.io/os" | string | `"linux"` | | +| nginx-ingress.Enabled | bool | `false` | Installs the [nginx-ingress](https://github.com/helm/charts/tree/master/stable/nginx-ingress) controller (optional). DEPRECATED - Use ingress-nginx section instead. Enable this section if you don't have an existing installation of nginx-ingress controller Note: use `beta.kubernetes.io/os` when deploying on Kubernetes versions below 1.16 | +| nginx-ingress.controller.ingressClass | string | `"nginx"` | | +| nginx-ingress.controller.nodeSelector."kubernetes.io/os" | string | `"linux"` | | +| nginx-ingress.controller.service.externalTrafficPolicy | string | `"Local"` | | +| nginx-ingress.defaultBackend.nodeSelector."kubernetes.io/os" | string | `"linux"` | | +| rbac.agentsServiceAccountName | string | `"jenkins-agents"` | | +| rbac.hibernationMonitorServiceAccountName | string | `"managed-master-hibernation-monitor"` | Name of the service account the Hibernation monitor will run as (if enabled) | +| rbac.install | bool | `true` | Install `role`/`rolebindings`/`serviceAccount`. If false (and rbac is enabled in the cluster anyway), provide valid names for all service accounts. | +| rbac.masterServiceAccountName | string | `"jenkins"` | Name of the service account Jenkins masters will run as | +| rbac.serviceAccountName | string | `"cjoc"` | Name of the service account Operations Center will run as | +| sidecarinjector.Enabled | bool | `false` | Whether to enable installation of Sidecar Injector | diff --git a/helm/README.md b/helm/README.md index abe4b03afb0cf15416e52dbb19ae552e4c7ad3c9..19f19e294f79fa89200557adda90442c06de4510 100644 --- a/helm/README.md +++ b/helm/README.md @@ -1,6 +1,6 @@ # cloudbees-core -![Version: 3.23.4](https://img.shields.io/badge/Version-3.23.4-informational?style=flat-square) ![AppVersion: 2.249.3.3](https://img.shields.io/badge/AppVersion-2.249.3.3-informational?style=flat-square) +![Version: 3.24.1](https://img.shields.io/badge/Version-3.24.1-informational?style=flat-square) ![AppVersion: 2.263.1.2](https://img.shields.io/badge/AppVersion-2.263.1.2-informational?style=flat-square) [CloudBees CI](https://www.cloudbees.com/products/continuous-integration) is the continuous integration platform architected for the enterprise. It provides: @@ -31,7 +31,7 @@ Kubernetes: `^1.14.0-0` | Repository | Name | Version | |------------|------|---------| | https://charts.cloudbees.com/public/cloudbees | cloudbees-sidecar-injector | 2.1.0 | -| https://kubernetes-charts.storage.googleapis.com/ | nginx-ingress | 1.40.2 | +| https://charts.helm.sh/stable | nginx-ingress | 1.40.2 | | https://kubernetes.github.io/ingress-nginx | ingress-nginx | 2.15.0 | ## Installing the Chart @@ -110,15 +110,17 @@ CloudBees provides complete and more detailed installation and operation documen | Key | Type | Default | Description | |-----|------|---------|-------------| | Agents.Enabled | bool | `true` | Enable to create agent resources (service account, role) | -| Agents.Image.dockerImage | string | `"cloudbees/cloudbees-core-agent:2.249.3.3"` | Used to override the default docker image used for agents | +| Agents.Image.dockerImage | string | `"test/agent:latest"` | Used to override the default docker image used for agents | +| Agents.ImagePullSecrets | string | `nil` | Name of image pull secret to pull private Docker images or an array of image pull secrets | | Agents.SeparateNamespace.Create | bool | `false` | If true, the second namespace will be created when installing this chart. Otherwise, the existing namespace should be labeled with `cloudbees.com/role: agents` in order for network policies to work. | | Agents.SeparateNamespace.Enabled | bool | `false` | If enabled, agents resources will be created in a separate namespace as well as bindings allowing masters to schedule them. | | Agents.SeparateNamespace.Name | string | `nil` | Namespace where to create agents resources. Defaults to `${namespace}-builds` where `${namespace}` is the namespace where the chart is installed. | | Hibernation.Enabled | bool | `false` | Whether to enable the [Hibernation](https://docs.cloudbees.com/docs/cloudbees-ci/latest/cloud-admin-guide/managing-masters#_hibernation_of_managed_masters) feature | | Hibernation.Image.dockerImage | string | `"cloudbees/managed-master-hibernation-monitor:230.ee066a318539"` | Used to override the default docker image | -| Hibernation.Image.dockerPullPolicy | string | `"IfNotPresent"` | Used to override the default pull policy | +| Hibernation.Image.dockerPullPolicy | string | `nil` | Used to override the default pull policy | +| Hibernation.ImagePullSecrets | string | `nil` | Name of image pull secret to pull private Docker images or an array of image pull secrets | | Master.Enabled | bool | `true` | Whether to create the resources required to schedule masters. | -| Master.Image.dockerImage | string | `"cloudbees/cloudbees-core-mm:2.249.3.3"` | Used to override the default docker image | +| Master.Image.dockerImage | string | `"test/core-mm:latest"` | Used to override the default docker image | | Master.JavaOpts | string | `nil` | Additional Java options to pass to managed masters. For example, setting up a JMX port | | Master.OperationsCenterNamespace | string | `nil` | When deploying Master resources, this grants an Operations Center deployed in another namespace the right to deploy masters | | NetworkPolicy.Enabled | bool | `false` | Enable only if the cluster supports it. Read the [documentation](https://kubernetes.io/docs/concepts/services-networking/network-policies/) to understand what this is about. | @@ -133,9 +135,9 @@ CloudBees provides complete and more detailed installation and operation documen | OperationsCenter.HealthProbeLivenessFailureThreshold | int | `12` | Threshold for liveness failure | | OperationsCenter.HealthProbes | bool | `true` | Enable Kubernetes Liveness and Readiness Probes | | OperationsCenter.HostName | string | `nil` | The hostname used to access Operations Center through the ingress controller. | -| OperationsCenter.Image.dockerImage | string | `"cloudbees/cloudbees-cloud-core-oc:2.249.3.3"` | Container image to use for Operations Center | -| OperationsCenter.Image.dockerPullPolicy | string | `"Always"` | https://kubernetes.io/docs/concepts/containers/images/#updating-images | -| OperationsCenter.ImagePullSecrets | string | `nil` | The name of the image pull secret to pull private docker images | +| OperationsCenter.Image.dockerImage | string | `"test/core-oc:latest"` | Container image to use for Operations Center | +| OperationsCenter.Image.dockerPullPolicy | string | `nil` | https://kubernetes.io/docs/concepts/containers/images/#updating-images | +| OperationsCenter.ImagePullSecrets | string | `nil` | Name of image pull secret to pull private Docker images or an array of image pull secrets | | OperationsCenter.Ingress.Annotations | object | `{"kubernetes.io/tls-acme":"false"}` | annotations to put on Ingress object | | OperationsCenter.Ingress.Class | string | `"nginx"` | Ingress class to use for OC and MM ingresses Should be set to the same value as nginx-ingress.controller.ingressClass if enabled | | OperationsCenter.Ingress.tls.Enable | bool | `false` | Set this to true in order to enable TLS on the ingress record | @@ -145,7 +147,7 @@ CloudBees provides complete and more detailed installation and operation documen | OperationsCenter.LoadBalancerIP | string | `nil` | Optionally assign a known public LB IP | | OperationsCenter.LoadBalancerSourceRanges | list | `["0.0.0.0/0"]` | Only applicable when using `ServiceType: LoadBalancer` | | OperationsCenter.NodeSelector | object | `{}` | Node labels and tolerations for pod assignment ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector | -| OperationsCenter.Platform | string | `"standard"` | Enables specific settings depending on the platform platform specific values are: `eks`, `aws`, `gke`, `aks`, `pks`, `openshift`, `openshift4` Note: `openshift` maps to OpenShift 3.x | +| OperationsCenter.Platform | string | `"standard"` | Enables specific settings depending on the platform platform specific values are: `eks`, `aws`, `gke`, `aks`, `openshift`, `openshift4` Note: `openshift` maps to OpenShift 3.x | | OperationsCenter.Protocol | string | `"http"` | the protocol used to access CJOC. Possible values are http/https. | | OperationsCenter.Resources.Limits.Cpu | int | `1` | CPU limit to run Operations Center https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-cpu | | OperationsCenter.Resources.Limits.Memory | string | `"2G"` | Memory limit to run Operations Center https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-memory | @@ -175,7 +177,7 @@ CloudBees provides complete and more detailed installation and operation documen | nginx-ingress.defaultBackend.nodeSelector."kubernetes.io/os" | string | `"linux"` | | | rbac.agentsServiceAccountName | string | `"jenkins-agents"` | | | rbac.hibernationMonitorServiceAccountName | string | `"managed-master-hibernation-monitor"` | Name of the service account the Hibernation monitor will run as (if enabled) | -| rbac.install | bool | `true` | Install `role`/`rolebindings`/`serviceAccount`. If false (and rbac is enabled in the cluster anyway), provide valid names for `serviceAccountName`, `masterServiceAccountName` and `hibernationMonitorServiceAccountName` | +| rbac.install | bool | `true` | Install `role`/`rolebindings`/`serviceAccount`. If false (and rbac is enabled in the cluster anyway), provide valid names for all service accounts. | | rbac.masterServiceAccountName | string | `"jenkins"` | Name of the service account Jenkins masters will run as | | rbac.serviceAccountName | string | `"cjoc"` | Name of the service account Operations Center will run as | | sidecarinjector.Enabled | bool | `false` | Whether to enable installation of Sidecar Injector | diff --git a/helm/README.md.gotmpl b/helm/README.md.gotmpl deleted file mode 100644 index 58718f7fcb55ef8e1e8c215c98b4d31013d598fc..0000000000000000000000000000000000000000 --- a/helm/README.md.gotmpl +++ /dev/null @@ -1,101 +0,0 @@ -# cloudbees-core - -{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} - -[CloudBees CI](https://www.cloudbees.com/products/continuous-integration) is the continuous integration platform architected for the enterprise. It provides: - -* DevOps at scale -* Resilience and high availability -* Easy management -* Enterprise grade security - -## TL;DR; - -```console -$ helm repo add cloudbees https://charts.cloudbees.com/public/cloudbees -$ helm install cloudbees/cloudbees-core --name -``` - -## Introduction - -This chart bootstraps a CloudBees CI deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Prerequisites - - Kubernetes 1.14 or higher - - Helm 3.0.2 or higher - -{{ template "chart.requirementsSection" . }} - -## Installing the Chart - -### Default installation - -To install the chart with the release name `cloudbees-core` and hostname `cloudbees-core.example.com`. The default installation requires nginx-ingress controller to be installed. The chart can install the nginx-ingress controller for you. This installation is described in the next section. - -```console -$ helm install cloudbees/cloudbees-core \ - --name cloudbees-core \ - --set OperationsCenter.HostName='cloudbees-core.example.com' -``` - -The command deploys CloudBees CI on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -### Ingress Controller Installation - -The chart is designed, so it can install an ingress-nginx controller. -The `"ingress-nginx".Enabled` field controls ingress controller installation and setup. -To install the chart with the release name `cloudbees-core` and hostname cloudbees-core.example.com. - -```console -$ helm install cloudbees/cloudbees-core \ - --name cloudbees-core \ - --set "ingress-nginx".Enabled=true -``` - -## Uninstalling the Chart - -To uninstall/delete the `cloudbees-core` deployment: - -```console -$ helm delete cloudbees-core -``` -> **NOTE**: The current version of the CloudBees CI Helm Chart only manages the Operation Center. -Users should manage Managed Master using Operation Center. - -The `helm delete` command stops the CloudBees CI deployment than removes the OperationsCenter Center. -The release is still stored in the Helm database, but it will now have the status deleted. -If you wish to completely remove the release, use the following variation of the `helm delete` command. - -```console -$ helm delete cloudbees-core --purge -``` - -> **IMPORTANT**: The `helm delete` command does NOT remove the persistent volume claims as precaution against data loss. -You will need to use the `kubectl delete pvc` command to delete the persistent volume claims. - - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -Please refer to the chart `values.yaml` to get the exhaustive list of values that can be customized. -The easiest way to consult it is through the command `helm inspect values cloudbees/cloudbees-core`. - -Each property can override a default value with a value that specific to your Kubernetes cluster -You can provide this values using the `--set` flag on the Helm command line. - -Helm also support merging values files together, so that you can create a YAML file for each environment. - -### Environment Property Value Files -Helm provides the option to use a custom property values file to override the default values set in the `values.yaml` file. -CloudBees recommends creating a custom properties file to override the default for your environments, instead of directly editing the included values.yaml file. - -To use an environment property value file with Helm, use the -f option as shown in the following example: -`helm install cloudbees-core --name cloudbees-core -f example-values.yaml` - -You can download the latest version of the `example-values.yaml` file from CloudBees Examples GitHub repository at https://github.com/cloudbees/cloudbees-examples/tree/master/helm-custom-value-file-examples. - -## Additional Documentation -CloudBees provides complete and more detailed installation and operation documentation on the CloudBees web site at https://docs.cloudbees.com/docs/cloudbees-ci/latest/kubernetes-install-guide/ - -{{ template "chart.valuesSection" . }} diff --git a/helm/requirements.lock b/helm/requirements.lock index a5cf6dcac62cc4d7b692cfeaf2cd3ff978b72bae..cfe76842301480b6c8df7fa8efa996d4b122d93b 100644 --- a/helm/requirements.lock +++ b/helm/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: nginx-ingress - repository: https://kubernetes-charts.storage.googleapis.com/ + repository: https://charts.helm.sh/stable version: 1.40.2 - name: ingress-nginx repository: https://kubernetes.github.io/ingress-nginx @@ -8,5 +8,5 @@ dependencies: - name: cloudbees-sidecar-injector repository: https://charts.cloudbees.com/public/cloudbees version: 2.1.0 -digest: sha256:9e5e49c0f4e06500b06a529b2dcd0ded06bed93a20427287539a1f267f5c45a0 -generated: "2020-11-19T13:49:22.025947935Z" +digest: sha256:b1cd3367672f5c35bdcff06f4a7d87f072f5f89f4e654a90aa199f3c1b939070 +generated: "2020-12-03T15:21:23.671272905Z" diff --git a/helm/requirements.yaml b/helm/requirements.yaml index da2b9146c4087bf8b3aaa14fd31cbbf8ee0f1058..417a1df374bf249a36339f88ea3697a460adbbdb 100644 --- a/helm/requirements.yaml +++ b/helm/requirements.yaml @@ -1,7 +1,7 @@ dependencies: - name: nginx-ingress version: 1.40.2 - repository: https://kubernetes-charts.storage.googleapis.com/ + repository: https://charts.helm.sh/stable condition: nginx-ingress.Enabled - name: ingress-nginx version: 2.15.0 diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl index 758b8a7f9274511871f13bb01a0d7afe717a87ff..6df15239e4bafcb0075f0a4e050adcf379afddd5 100644 --- a/helm/templates/_helpers.tpl +++ b/helm/templates/_helpers.tpl @@ -95,7 +95,7 @@ helm.sh/chart: {{ include "cloudbees-core.chart" . | quote }} {{- end -}} {{- define "oc.protocol" -}} -{{- if .Values.OperationsCenter.Ingress.tls.Enable -}}https{{- else -}}{{ .Values.OperationsCenter.Protocol }}{{- end -}} +{{- if or (.Values.OperationsCenter.Ingress.tls.Enable) (.Values.OperationsCenter.Route.tls.Enable) -}}https{{- else -}}{{ .Values.OperationsCenter.Protocol }}{{- end -}} {{- end -}} {{/* diff --git a/helm/templates/agents-service-account.yaml b/helm/templates/agents-service-account.yaml index 959ee0c7f7a335f2dddb0465487f0fb490d2e2aa..f4bbe1b9bdb4f498fb0c9a6755991882f05c66be 100644 --- a/helm/templates/agents-service-account.yaml +++ b/helm/templates/agents-service-account.yaml @@ -1,4 +1,4 @@ -{{- if and (.Values.rbac.install) (.Values.Agents.SeparateNamespace.Enabled) -}} +{{- if and (.Values.rbac.install) -}} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/helm/templates/cjoc-configure-jenkins-groovy.yaml b/helm/templates/cjoc-configure-jenkins-groovy.yaml index a88903c805d892c77532bb13dc4bf764fc1c58dd..ac4564723d718cf572327423897eafabf9600103 100644 --- a/helm/templates/cjoc-configure-jenkins-groovy.yaml +++ b/helm/templates/cjoc-configure-jenkins-groovy.yaml @@ -7,7 +7,6 @@ metadata: {{ include "cloudbees-core.labels" . | indent 4 }} data: location.groovy: | - hudson.ExtensionList.lookupSingleton(com.cloudbees.jenkins.support.impl.cloudbees.TcpSlaveAgentListenerMonitor.class).disable(true) {{- if .Values.OperationsCenter.HostName }} jenkins.model.JenkinsLocationConfiguration.get().setUrl("{{- template "oc.url" . -}}") {{- end }} diff --git a/helm/templates/cjoc-statefulset.yaml b/helm/templates/cjoc-statefulset.yaml index 84a495cf22d5e0557bc37950e8c36f1afd72bea5..788ff4b86fdc2f7dd522e805b37987a66689e821 100644 --- a/helm/templates/cjoc-statefulset.yaml +++ b/helm/templates/cjoc-statefulset.yaml @@ -62,6 +62,7 @@ spec: operator: In values: - slave + enableServiceLinks: false serviceAccountName: {{ .Values.rbac.serviceAccountName }} {{- if .Values.OperationsCenter.NodeSelector }} nodeSelector: @@ -92,8 +93,10 @@ spec: - name: jenkins {{- with .Values.OperationsCenter.Image}} image: "{{ .dockerImage }}" + {{- if .dockerPullPolicy }} imagePullPolicy: "{{ .dockerPullPolicy }}" {{- end}} + {{- end}} env: {{- if .Values.OperationsCenter.ContainerEnv }} {{ toYaml .Values.OperationsCenter.ContainerEnv | indent 8 }} @@ -110,6 +113,7 @@ spec: {{- if .Values.Agents.SeparateNamespace.Enabled }} -Dcom.cloudbees.jenkins.plugins.kube.NamespaceFilter.defaultNamespace={{ template "agents.namespace" . }} {{- end }} + -Dcom.cloudbees.jenkins.plugins.kube.ServiceAccountFilter.defaultServiceAccount={{ .Values.rbac.agentsServiceAccountName }} {{- if .Values.Master.JavaOpts }} {{ .Values.Master.JavaOpts }} {{- end }} diff --git a/helm/templates/managed-master-hibernation-monitor-deployment.yaml b/helm/templates/managed-master-hibernation-monitor-deployment.yaml index c526a26fdba5baf6ba5e7c6ffb97f82763981dc5..25b5a969a6644acd76aa689e1d0c9d195a9a1ec9 100644 --- a/helm/templates/managed-master-hibernation-monitor-deployment.yaml +++ b/helm/templates/managed-master-hibernation-monitor-deployment.yaml @@ -44,8 +44,10 @@ spec: - name: managed-master-hibernation-monitor {{- with .Values.Hibernation.Image}} image: {{ .dockerImage }} + {{- if .dockerPullPolicy }} imagePullPolicy: {{ .dockerPullPolicy }} {{- end}} + {{- end}} ports: - containerPort: 8090 name: http @@ -69,4 +71,5 @@ spec: limits: memory: 250Mi serviceAccountName: {{ .Values.rbac.hibernationMonitorServiceAccountName }} + enableServiceLinks: false {{- end -}} diff --git a/helm/values.yaml b/helm/values.yaml index 56f2db9974164c87bcd1ee60934a42c98f331810..daaca64f06abea0c75c6a75e800f6ff364592475 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -50,18 +50,18 @@ OperationsCenter: # Operations Center docker image Image: # OperationsCenter.Image.dockerImage -- Container image to use for Operations Center - dockerImage: dcar/core-oc:2.249.3.3 + dockerImage: dcar/core-oc:2.263.1.2 # OperationsCenter.Image.dockerPullPolicy -- https://kubernetes.io/docs/concepts/containers/images/#updating-images - dockerPullPolicy: IfNotPresent + dockerPullPolicy: null # Image pull secrets # Enable this option when using a private registry. # https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line - # OperationsCenter.ImagePullSecrets -- The name of the image pull secret to pull private docker images + # OperationsCenter.ImagePullSecrets -- Name of image pull secret to pull private Docker images or an array of image pull secrets ImagePullSecrets: null # OperationsCenter.Platform -- Enables specific settings depending on the platform - # platform specific values are: `eks`, `aws`, `gke`, `aks`, `pks`, `openshift`, `openshift4` + # platform specific values are: `eks`, `aws`, `gke`, `aks`, `openshift`, `openshift4` # Note: `openshift` maps to OpenShift 3.x Platform: standard @@ -241,7 +241,7 @@ Master: # Docker image inserted in Operations Center automatically Image: # Master.Image.dockerImage -- Used to override the default docker image - dockerImage: dcar/core-mm:2.249.3.3 + dockerImage: dcar/core-mm:2.263.1.2 # Master.JavaOpts -- Additional Java options to pass to managed masters. For example, setting up a JMX port JavaOpts: null @@ -258,7 +258,12 @@ Agents: Create: false Image: # Agents.Image.dockerImage -- Used to override the default docker image used for agents - dockerImage: dcar/agent:2.249.3.3 + dockerImage: dcar/agent:2.263.1.2 + # Image pull secrets + # Enable this option when using a private registry. + # https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line + # Agents.ImagePullSecrets -- Name of image pull secret to pull private Docker images or an array of image pull secrets + ImagePullSecrets: null Persistence: # Persistence.StorageClass -- Persistent Volume Storage Class for Jenkins Home @@ -291,7 +296,12 @@ Hibernation: # Hibernation.Image.dockerImage -- Used to override the default docker image dockerImage: cloudbees/managed-master-hibernation-monitor:230.ee066a318539 # Hibernation.Image.dockerPullPolicy -- Used to override the default pull policy - dockerPullPolicy: IfNotPresent + dockerPullPolicy: null + # Image pull secrets + # Enable this option when using a private registry. + # https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line + # Hibernation.ImagePullSecrets -- Name of image pull secret to pull private Docker images or an array of image pull secrets + ImagePullSecrets: null PodSecurityPolicy: # Requires rbac.installCluster = true @@ -328,7 +338,7 @@ NetworkPolicy: ## Install Default RBAC roles and bindings rbac: # rbac.install -- Install `role`/`rolebindings`/`serviceAccount`. - # If false (and rbac is enabled in the cluster anyway), provide valid names for `serviceAccountName`, `masterServiceAccountName` and `hibernationMonitorServiceAccountName` + # If false (and rbac is enabled in the cluster anyway), provide valid names for all service accounts. install: true # rbac.installCluster -- Install `clusterrole`/`clusterrolebinding` diff --git a/scripts/usr/local/bin/jenkins.sh b/scripts/usr/local/bin/jenkins.sh index f8d26aeb061930cf0952e743fc01948b984cbf71..570c61e20bdbbc60f09b6f5c6691f4f1a513ea20 100644 --- a/scripts/usr/local/bin/jenkins.sh +++ b/scripts/usr/local/bin/jenkins.sh @@ -52,7 +52,7 @@ find /usr/share/jenkins/ref/ -type f -exec bash -c "copy_reference_file '{}'" \; # if `docker run` first argument start with `--` the user is passing jenkins launcher arguments if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then - eval "exec java ${JAVA_OPTS:-} -jar -Dcb.distributable.name=\"Docker Common CJE\" -Dcb.distributable.commit_sha=35bd8640427b6d61f14c96f9f6e8aecbe4f3822e /usr/share/jenkins/jenkins.war $JENKINS_OPTS \"\$@\"" + eval "exec java ${JAVA_OPTS:-} -jar -Dcb.distributable.name=\"Docker Common CJE\" -Dcb.distributable.commit_sha=b91ce79ef06dbc1aafd7c750f19bc0083b6eca75 /usr/share/jenkins/jenkins.war $JENKINS_OPTS \"\$@\"" fi # As argument is not jenkins, assume user want to run his own process, for sample a `bash` shell to explore this image diff --git a/scripts/usr/local/bin/support.sh b/scripts/usr/local/bin/support.sh index 5c47faa6fadcfa72b355c3928f21158928d3cb78..992ef780b08afc99ddd69c606820120aa30dd3eb 100644 --- a/scripts/usr/local/bin/support.sh +++ b/scripts/usr/local/bin/support.sh @@ -2,8 +2,6 @@ set-java-options() { export JAVA_OPTS="-Duser.home=$JENKINS_HOME ${JAVA_OPTS:-}" - # CPLT2-6044: http/2 is causing issues with Openshift 4.x users - #export JAVA_OPTS="-Xbootclasspath/p:/usr/share/jenkins/alpn-boot.jar ${JAVA_OPTS:-}" } set-jenkins-options() {