From 9b051180ca74929b8ab0027be7dd2f7ec164e8d2 Mon Sep 17 00:00:00 2001 From: jeason Date: Wed, 14 Oct 2020 15:46:13 -0600 Subject: [PATCH 1/8] Project template: file templates --- .gitlab/CODEOWNERS | 6 +++ .gitlab/issue_templates/Access Request.md | 16 ++++++++ .../issue_templates/Application - Archive.md | 21 +++++++++++ .../issue_templates/Application - Initial.md | 32 ++++++++++++++++ .../issue_templates/Application - Update.md | 35 ++++++++++++++++++ .gitlab/issue_templates/Bug.md | 37 +++++++++++++++++++ .gitlab/issue_templates/Feature Request.md | 32 ++++++++++++++++ .../issue_templates/Leadership Question.md | 7 ++++ .gitlab/issue_templates/New Findings.md | 20 ++++++++++ .../issue_templates/Onboarding Question.md | 7 ++++ .gitlab/issue_templates/Pipeline Failure.md | 31 ++++++++++++++++ 11 files changed, 244 insertions(+) create mode 100644 .gitlab/CODEOWNERS create mode 100644 .gitlab/issue_templates/Access Request.md create mode 100644 .gitlab/issue_templates/Application - Archive.md create mode 100644 .gitlab/issue_templates/Application - Initial.md create mode 100644 .gitlab/issue_templates/Application - Update.md create mode 100644 .gitlab/issue_templates/Bug.md create mode 100644 .gitlab/issue_templates/Feature Request.md create mode 100644 .gitlab/issue_templates/Leadership Question.md create mode 100644 .gitlab/issue_templates/New Findings.md create mode 100644 .gitlab/issue_templates/Onboarding Question.md create mode 100644 .gitlab/issue_templates/Pipeline Failure.md diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS new file mode 100644 index 0000000..64a2c68 --- /dev/null +++ b/.gitlab/CODEOWNERS @@ -0,0 +1,6 @@ +[Pipelines] +.gitlab-ci.yml @ironbank-notifications/cht +.gitlab-ci.yaml @ironbank-notifications/cht + +[Gitlab Configuration Files] +.gitlab/* @ironbank-notifications/cht diff --git a/.gitlab/issue_templates/Access Request.md b/.gitlab/issue_templates/Access Request.md new file mode 100644 index 0000000..1a7b224 --- /dev/null +++ b/.gitlab/issue_templates/Access Request.md @@ -0,0 +1,16 @@ +## Summary + +The following individuals are requesting access to this project (one per line): +(List or tag all individuals here) + + +The access level should be: +- [ ] Developer access +- [ ] Remove access + + +## Definition of Done +- [ ] All accounts have been provided the necessary accesses + + +/label ~"Access" ~"To Do" \ No newline at end of file diff --git a/.gitlab/issue_templates/Application - Archive.md b/.gitlab/issue_templates/Application - Archive.md new file mode 100644 index 0000000..9f3b5fe --- /dev/null +++ b/.gitlab/issue_templates/Application - Archive.md @@ -0,0 +1,21 @@ +## Summary + +Requesting this application be archived due to one of the following reasons: +- [ ] Version is no longer supported by vendor +- [ ] Application is End-Of-Life +- [ ] License violation. +- [ ] Other. See below. + +## Detailed Description + +(Please provide a detailed description of why this application should be archived) + + +## Definition of Done +- [ ] Application has been reviewed for archival +- [ ] Project is officially marked as stale +- [ ] Iron Bank frontend no longer lists application as available or approved + + +/label ~"Container::Archive" +/cc @ironbank-notifications/archive \ No newline at end of file diff --git a/.gitlab/issue_templates/Application - Initial.md b/.gitlab/issue_templates/Application - Initial.md new file mode 100644 index 0000000..6594a05 --- /dev/null +++ b/.gitlab/issue_templates/Application - Initial.md @@ -0,0 +1,32 @@ +## Summary + +Requesting application to be hardened. This is only for initial hardening of a container. + + +## Version Information + +Current version: (State the current version of the application as you see it) + +Under support: (Is the updated version within the same major version of the application or is this a new major version?) + + +## Definition of Done +Hardening: +- [ ] Container builds successfully +- [ ] Greylist file has been created (requires a member from container hardening) +- [ ] Branch has been merged into `development` + +Justifications: +- [ ] All findings have been justified per the above documentation +- [ ] Justifications have been provided to the container hardening team + +Approval Process (container hardening team processes): +- [ ] Peer review from Container Hardening Team +- [ ] Findings Approver has reviewed and approved all justifications +- [ ] Approval request has been sent to Authorizing Official +- [ ] Approval request has been processed by Authorizing Official + + + +/label ~"Container::Initial" +/cc @ironbank-notifications/cht \ No newline at end of file diff --git a/.gitlab/issue_templates/Application - Update.md b/.gitlab/issue_templates/Application - Update.md new file mode 100644 index 0000000..caebb3e --- /dev/null +++ b/.gitlab/issue_templates/Application - Update.md @@ -0,0 +1,35 @@ +## Summary + +Requesting application be updated to a newer version. + + + +## Version Information + +Current version: (State the current version of the application as you see it) + +Updated version: (State the version you would like the application updated to) + +Under support: (Is the updated version within the same major version of the application or is this a new major version?) + + +## Definition of Done +Hardening: +- [ ] Container builds successfully +- [ ] Container version has been updated in greylist file +- [ ] Branch has been merged into `development` + +Justifications: +- [ ] All findings have been justified per the above documentation +- [ ] Justifications have been provided to the container hardening team + +Approval Process: +- [ ] Peer review from Container Hardening Team +- [ ] Findings Approver has reviewed and approved all justifications +- [ ] Approval request has been sent to Authorizing Official +- [ ] Approval request has been processed by Authorizing Official + + + +/label ~"Container::Update" +/cc @ironbank-notifications/updates \ No newline at end of file diff --git a/.gitlab/issue_templates/Bug.md b/.gitlab/issue_templates/Bug.md new file mode 100644 index 0000000..1427a0c --- /dev/null +++ b/.gitlab/issue_templates/Bug.md @@ -0,0 +1,37 @@ +## Summary + +(Summarize the bug encountered concisely) + + +## Steps to reproduce + +(How one can reproduce the issue - this is very important) + + +## What is the current bug behavior? + +(What actually happens) + + +## What is the expected correct behavior? + +(What you should see instead) + + +## Relevant logs and/or screenshots + +(Paste any relevant logs - please use code blocks (```) to format console output, +logs, and code as it's very hard to read otherwise.) + + +## Possible fixes + +(If you can, link to the line of code that might be responsible for the problem) + + +## Defintion of Done +- [ ] Bug has been identified and corrected within the container + + +/label ~Bug +/cc @ironbank-notifications/bug \ No newline at end of file diff --git a/.gitlab/issue_templates/Feature Request.md b/.gitlab/issue_templates/Feature Request.md new file mode 100644 index 0000000..a0e2f19 --- /dev/null +++ b/.gitlab/issue_templates/Feature Request.md @@ -0,0 +1,32 @@ +## Feature description + +(Detailed description of the feature being requested) + + +## Use cases + + +(Detailed description of the use case for this feature) + + +## Benefits + +(How does this benefit others) + + +## Requirements + +(Any requirements for this feature to be enabled?) + + +## Links / references + +(List of links or references that support this feature) + + +## Definition of Done +- [ ] Feature has been implemented + + +/label ~Feature +/cc @ironbank-notifications/feature \ No newline at end of file diff --git a/.gitlab/issue_templates/Leadership Question.md b/.gitlab/issue_templates/Leadership Question.md new file mode 100644 index 0000000..4674f82 --- /dev/null +++ b/.gitlab/issue_templates/Leadership Question.md @@ -0,0 +1,7 @@ +## Leadership question + +(Detailed description of the question you'd like to ask the leadership team) + + +/label ~"Question::Leadership" ~"To Do" +/cc @ironbank-notifications/leadership \ No newline at end of file diff --git a/.gitlab/issue_templates/New Findings.md b/.gitlab/issue_templates/New Findings.md new file mode 100644 index 0000000..068d029 --- /dev/null +++ b/.gitlab/issue_templates/New Findings.md @@ -0,0 +1,20 @@ +## Summary + +Container has new findings discovered during continuous monitoring. + + + +## Definition of Done +Justifications: +- [ ] All findings have been justified +- [ ] Justifications have been provided to the container hardening team + +Approval Process: +- [ ] Findings Approver has reviewed and approved all justifications +- [ ] Approval request has been sent to Authorizing Official +- [ ] Approval request has been processed by Authorizing Official + + + +/label ~"Container::New Findings" +/cc @ironbank-notifications/security \ No newline at end of file diff --git a/.gitlab/issue_templates/Onboarding Question.md b/.gitlab/issue_templates/Onboarding Question.md new file mode 100644 index 0000000..77dea11 --- /dev/null +++ b/.gitlab/issue_templates/Onboarding Question.md @@ -0,0 +1,7 @@ +## Onboarding question + +(Detailed description of the question you'd like to ask the onboarding team) + + +/label ~"Question::Onboarding" ~"To Do" +/cc @ironbank-notifications/onboarding \ No newline at end of file diff --git a/.gitlab/issue_templates/Pipeline Failure.md b/.gitlab/issue_templates/Pipeline Failure.md new file mode 100644 index 0000000..28b82a9 --- /dev/null +++ b/.gitlab/issue_templates/Pipeline Failure.md @@ -0,0 +1,31 @@ +## Summary + +(Summarize the pipeline issue encountered concisely) + + +## Link to failed pipeline + +(Link to the failed pipeline) + + +## What is the current bug behavior? + +(What actually happens) + + +## What is the expected correct behavior? + +(What you should see instead) + + +## Possible fixes + +(If you can, link to the line of code that might be responsible for the problem) + + +## Definition of Done +- [ ] Pipeline failure has been resolved + + +/label ~Pipeline +/cc @ironbank-notifications/pipelines \ No newline at end of file -- GitLab From 43865e6cbe114410607269189f3d52ea964bc4dd Mon Sep 17 00:00:00 2001 From: imontero Date: Wed, 4 Nov 2020 11:51:27 +0000 Subject: [PATCH 2/8] 2.249.3.1 --- Dockerfile | 4 +- Jenkinsfile | 2 +- README.md | 8 ++-- download.json | 4 +- helm/Chart.yaml | 6 +-- helm/README.md | 38 +++++++++---------- helm/README.md.gotmpl | 26 ++++++------- helm/requirements.lock | 6 +-- helm/requirements.yaml | 2 +- helm/templates/_helpers.tpl | 8 ++++ .../cjoc-role-master-management.yaml | 2 + helm/templates/cjoc-statefulset.yaml | 12 +++--- helm/values.yaml | 16 ++------ scripts/usr/local/bin/jenkins.sh | 2 +- 14 files changed, 66 insertions(+), 70 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0a524b8..6bf06e3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -42,8 +42,8 @@ HEALTHCHECK --interval=5m --timeout=3s \ CMD curl -fsL ${JENKINS_URL}/login || exit 1 LABEL securitytxt="https://www.cloudbees.com/.well-known/security.txt" -LABEL release=4c482ecc2d194d4868ade0a8cb5f773a3ab1c0d5 -LABEL version=2.249.2.3 +LABEL release=35bd8640427b6d61f14c96f9f6e8aecbe4f3822e +LABEL version=2.249.3.1 ARG TARBALL=files.tar COPY ${TARBALL} /tmp diff --git a/Jenkinsfile b/Jenkinsfile index 6cbfdbd..e1f1927 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,2 +1,2 @@ @Library('DCCSCR@master') _ -dccscrPipeline(version: '2.249.2.3') +dccscrPipeline(version: '2.249.3.1') diff --git a/README.md b/README.md index b2f5ad6..606cf42 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ CloudBees CI (formerly known as _CloudBees Core_) consists of three Docker image For each image, all files other than UBI and native packages are included in a `files.tar` marked with a SHA-256 checksum. -A version of CloudBees CI is given in the format `2.249.2.3` +A version of CloudBees CI is given in the format `2.249.3.1` where the first three components are aligned with a Jenkins LTS. The Helm chart is coversioned with `core-oc`. The `core-mm` image typically shares the same version, @@ -22,13 +22,13 @@ plus whatever other customizations are desired: ```yaml OperationsCenter: Image: - dockerImage: your-registry/core-oc:2.249.2.3 + dockerImage: your-registry/core-oc:2.249.3.1 Master: Image: - dockerImage: your-registry/core-mm:2.249.2.3 + dockerImage: your-registry/core-mm:2.249.3.1 Agents: Image: - dockerImage: your-registry/agent:2.249.2.3 + dockerImage: your-registry/agent:2.249.3.1 ``` and [install via Helm 3](https://docs.cloudbees.com/docs/cloudbees-core/latest/kubernetes-install-guide/installing-kubernetes-using-helm) using the local copy of the chart: diff --git a/download.json b/download.json index 667cfd3..9862a66 100644 --- a/download.json +++ b/download.json @@ -1,11 +1,11 @@ { "resources": [ { - "url": "https://downloads.cloudbees.com/dsop-files/core-oc-files-de64bf3a7e6d55e0c13bcf7ddbc72ef820c76548e6d18b4c1d990215e4773698.tar", + "url": "https://downloads.cloudbees.com/dsop-files/core-oc-files-185ba37cfbe5145a632eb4b91e6ba257cfa3172a30452a9ff6c96205e9cab451.tar", "filename": "files.tar", "validation": { "type": "sha256", - "value": "de64bf3a7e6d55e0c13bcf7ddbc72ef820c76548e6d18b4c1d990215e4773698" + "value": "185ba37cfbe5145a632eb4b91e6ba257cfa3172a30452a9ff6c96205e9cab451" } } ] diff --git a/helm/Chart.yaml b/helm/Chart.yaml index 7175dcb..a58565d 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 -appVersion: 2.249.2.3 -description: The Continuous Delivery Solution for Enterprises +appVersion: 2.249.3.1 +description: Enterprise Continuous Integration with Jenkins engine: gotpl home: https://www.cloudbees.com/products/continuous-integration icon: https://images.ctfassets.net/vtn4rfaw6n2j/7xprMMXARXDBuVxW4y8XfV/349fff91035050e3f2a8ff37bc0615b5/cloudbees-core-logo_header.svg @@ -8,4 +8,4 @@ keywords: - cloudbees - jenkins name: cloudbees-core -version: 3.22.0-DEVELOPMENT +version: 3.23.0-DEVELOPMENT diff --git a/helm/README.md b/helm/README.md index 3c7a9e1..0da9b46 100644 --- a/helm/README.md +++ b/helm/README.md @@ -1,8 +1,8 @@ # cloudbees-core -![Version: 3.22.0](https://img.shields.io/badge/Version-3.22.0-informational?style=flat-square) ![AppVersion: 2.249.2.3](https://img.shields.io/badge/AppVersion-2.249.2.3-informational?style=flat-square) +![Version: 3.23.0](https://img.shields.io/badge/Version-3.23.0-informational?style=flat-square) ![AppVersion: 2.249.3.1](https://img.shields.io/badge/AppVersion-2.249.3.1-informational?style=flat-square) -[CloudBees Core](https://www.cloudbees.com/products/cloudbees-core) is the continuous delivery platform architected for the enterprise. It provides: +[CloudBees CI](https://www.cloudbees.com/products/continuous-integration) is the continuous integration platform architected for the enterprise. It provides: * DevOps at scale * Resilience and high availability @@ -18,17 +18,17 @@ $ helm install cloudbees/cloudbees-core --name ## Introduction -This chart bootstraps a CloudBees Core deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. +This chart bootstraps a CloudBees CI deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. ## Prerequisites - - Kubernetes 1.10 or higher - - Helm 2.12 or higher + - Kubernetes 1.14 or higher + - Helm 3.0.2 or higher ## Requirements | Repository | Name | Version | |------------|------|---------| -| https://charts.cloudbees.com/public/cloudbees | cloudbees-sidecar-injector | 2.0.7 | +| https://charts.cloudbees.com/public/cloudbees | cloudbees-sidecar-injector | 2.1.0 | | https://kubernetes-charts.storage.googleapis.com/ | nginx-ingress | 1.40.2 | | https://kubernetes.github.io/ingress-nginx | ingress-nginx | 2.15.0 | @@ -44,18 +44,18 @@ $ helm install cloudbees/cloudbees-core \ --set OperationsCenter.HostName='cloudbees-core.example.com' ``` -The command deploys CloudBees Core on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. +The command deploys CloudBees CI on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. ### Ingress Controller Installation -The chart is designed, so it can install an nginx-ingress controller. -The `nginx.ingress.Enabled` field controls ingress controller installation and setup. +The chart is designed, so it can install an ingress-nginx controller. +The `"ingress-nginx".Enabled` field controls ingress controller installation and setup. To install the chart with the release name `cloudbees-core` and hostname cloudbees-core.example.com. ```console $ helm install cloudbees/cloudbees-core \ --name cloudbees-core \ - --set nginx.ingress.Enabled=true + --set "ingress-nginx".Enabled=true ``` ## Uninstalling the Chart @@ -65,10 +65,10 @@ To uninstall/delete the `cloudbees-core` deployment: ```console $ helm delete cloudbees-core ``` -> **NOTE**: The current version of the CloudBees Core Helm Chart only manages the Operation Center. +> **NOTE**: The current version of the CloudBees CI Helm Chart only manages the Operation Center. Users should manage Managed Master using Operation Center. -The `helm delete` command stops the CloudBees Core deployment than removes the OperationsCenter Center. +The `helm delete` command stops the CloudBees CI deployment than removes the OperationsCenter Center. The release is still stored in the Helm database, but it will now have the status deleted. If you wish to completely remove the release, use the following variation of the `helm delete` command. @@ -76,8 +76,8 @@ If you wish to completely remove the release, use the following variation of the $ helm delete cloudbees-core --purge ``` -> **IMPORTANT**: The `helm delete` command does NOT remove the persistent volume claims as precaution against data losss. -You will need to use the `kubectl delete pvc` command to delete the persistent volumn claims. +> **IMPORTANT**: The `helm delete` command does NOT remove the persistent volume claims as precaution against data loss. +You will need to use the `kubectl delete pvc` command to delete the persistent volume claims. The command removes all the Kubernetes components associated with the chart and deletes the release. @@ -101,14 +101,14 @@ To use an environment property value file with Helm, use the -f option as shown You can download the latest version of the `example-values.yaml` file from CloudBees Examples GitHub repository at https://github.com/cloudbees/cloudbees-examples/tree/master/helm-custom-value-file-examples. ## Additional Documentation -CloudBees provides complete and more detail installation and operation documentation on the CloudBees web site at https://go.cloudbees.com/docs/cloudbees-core/cloud-install-guide/kubernetes-helm-install/ +CloudBees provides complete and more detailed installation and operation documentation on the CloudBees web site at https://docs.cloudbees.com/docs/cloudbees-ci/latest/kubernetes-install-guide/ ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| | Agents.Enabled | bool | `true` | Enable to create agent resources (service account, role) | -| Agents.Image.dockerImage | string | `"063356183961.dkr.ecr.us-east-1.amazonaws.com/ubi/unified-distribution/agent:2.249.2.3"` | Used to override the default docker image used for agents | +| Agents.Image.dockerImage | string | `"063356183961.dkr.ecr.us-east-1.amazonaws.com/ubi/unified-distribution/agent:2.249.3.1"` | Used to override the default docker image used for agents | | Agents.SeparateNamespace.Create | bool | `false` | If true, the second namespace will be created when installing this chart. Otherwise, the existing namespace should be labeled with `cloudbees.com/role: agents` in order for network policies to work. | | Agents.SeparateNamespace.Enabled | bool | `false` | If enabled, agents resources will be created in a separate namespace as well as bindings allowing masters to schedule them. | | Agents.SeparateNamespace.Name | string | `nil` | Namespace where to create agents resources. Defaults to `${namespace}-builds` where `${namespace}` is the namespace where the chart is installed. | @@ -116,7 +116,7 @@ CloudBees provides complete and more detail installation and operation documenta | Hibernation.Image.dockerImage | string | `"cloudbees/managed-master-hibernation-monitor:230.ee066a318539"` | Used to override the default docker image | | Hibernation.Image.dockerPullPolicy | string | `"IfNotPresent"` | Used to override the default pull policy | | Master.Enabled | bool | `true` | Whether to create the resources required to schedule masters. | -| Master.Image.dockerImage | string | `"063356183961.dkr.ecr.us-east-1.amazonaws.com/ubi/unified-distribution/core-mm:2.249.2.3"` | Used to override the default docker image | +| Master.Image.dockerImage | string | `"063356183961.dkr.ecr.us-east-1.amazonaws.com/ubi/unified-distribution/core-mm:2.249.3.1"` | Used to override the default docker image | | Master.JavaOpts | string | `nil` | Additional Java options to pass to managed masters. For example, setting up a JMX port | | Master.OperationsCenterNamespace | string | `nil` | When deploying Master resources, this grants an Operations Center deployed in another namespace the right to deploy masters | | NetworkPolicy.Enabled | bool | `false` | Enable only if the cluster supports it. Read the [documentation](https://kubernetes.io/docs/concepts/services-networking/network-policies/) to understand what this is about. | @@ -131,7 +131,7 @@ CloudBees provides complete and more detail installation and operation documenta | OperationsCenter.HealthProbeLivenessFailureThreshold | int | `12` | Threshold for liveness failure | | OperationsCenter.HealthProbes | bool | `true` | Enable Kubernetes Liveness and Readiness Probes | | OperationsCenter.HostName | string | `nil` | The hostname used to access Operations Center through the ingress controller. | -| OperationsCenter.Image.dockerImage | string | `"063356183961.dkr.ecr.us-east-1.amazonaws.com/ubi/unified-distribution/core-oc:2.249.2.3"` | Container image to use for Operations Center | +| OperationsCenter.Image.dockerImage | string | `"063356183961.dkr.ecr.us-east-1.amazonaws.com/ubi/unified-distribution/core-oc:2.249.3.1"` | Container image to use for Operations Center | | OperationsCenter.Image.dockerPullPolicy | string | `"Always"` | https://kubernetes.io/docs/concepts/containers/images/#updating-images | | OperationsCenter.ImagePullSecrets | string | `nil` | The name of the image pull secret to pull private docker images | | OperationsCenter.Ingress.Annotations | object | `{"kubernetes.io/tls-acme":"false"}` | annotations to put on Ingress object | @@ -159,8 +159,6 @@ CloudBees provides complete and more detail installation and operation documenta | Persistence.Annotations | object | `{}` | Annotations to put on the PVC | | Persistence.Size | string | `"20Gi"` | Size of the Operations Center volume | | Persistence.StorageClass | string | `nil` | Persistent Volume Storage Class for Jenkins Home If defined, storageClassName: . If set to "-", storageClassName: "", which disables dynamic provisioning. If undefined (the default) or set to null, the default storage class will be used, unless specified otherwise below. If setting OperationsCenter.Platform == gke, a storage class backed with SSD drives will be created by this chart and used automatically. | -| Persistence.mounts | list | `[]` | Additional volume mounts to attach to Operations Center container | -| Persistence.volumes | list | `[]` | Additional volumes to attach to Operations Center pod | | PodSecurityPolicy.Annotations | object | `{}` | Additional annotations to put on the PodSecurityPolicy, e.g. AppArmor/Seccomp settings | | PodSecurityPolicy.Enabled | bool | `false` | Enables [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) support Enable only if the cluster supports it. | | ingress-nginx.Enabled | bool | `false` | Installs the [ingress-nginx](https://github.com/kubernetes/ingress-nginx/tree/master/charts/ingress-nginx) controller (optional). Enable this section if you don't have an existing installation of ingress-nginx controller Note: use `beta.kubernetes.io/os` when deploying on Kubernetes versions below 1.16 | diff --git a/helm/README.md.gotmpl b/helm/README.md.gotmpl index 3f3b13a..58718f7 100644 --- a/helm/README.md.gotmpl +++ b/helm/README.md.gotmpl @@ -2,7 +2,7 @@ {{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} -[CloudBees Core](https://www.cloudbees.com/products/cloudbees-core) is the continuous delivery platform architected for the enterprise. It provides: +[CloudBees CI](https://www.cloudbees.com/products/continuous-integration) is the continuous integration platform architected for the enterprise. It provides: * DevOps at scale * Resilience and high availability @@ -18,11 +18,11 @@ $ helm install cloudbees/cloudbees-core --name ## Introduction -This chart bootstraps a CloudBees Core deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. +This chart bootstraps a CloudBees CI deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. ## Prerequisites - - Kubernetes 1.10 or higher - - Helm 2.12 or higher + - Kubernetes 1.14 or higher + - Helm 3.0.2 or higher {{ template "chart.requirementsSection" . }} @@ -38,18 +38,18 @@ $ helm install cloudbees/cloudbees-core \ --set OperationsCenter.HostName='cloudbees-core.example.com' ``` -The command deploys CloudBees Core on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. +The command deploys CloudBees CI on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. ### Ingress Controller Installation -The chart is designed, so it can install an nginx-ingress controller. -The `nginx.ingress.Enabled` field controls ingress controller installation and setup. +The chart is designed, so it can install an ingress-nginx controller. +The `"ingress-nginx".Enabled` field controls ingress controller installation and setup. To install the chart with the release name `cloudbees-core` and hostname cloudbees-core.example.com. ```console $ helm install cloudbees/cloudbees-core \ --name cloudbees-core \ - --set nginx.ingress.Enabled=true + --set "ingress-nginx".Enabled=true ``` ## Uninstalling the Chart @@ -59,10 +59,10 @@ To uninstall/delete the `cloudbees-core` deployment: ```console $ helm delete cloudbees-core ``` -> **NOTE**: The current version of the CloudBees Core Helm Chart only manages the Operation Center. +> **NOTE**: The current version of the CloudBees CI Helm Chart only manages the Operation Center. Users should manage Managed Master using Operation Center. -The `helm delete` command stops the CloudBees Core deployment than removes the OperationsCenter Center. +The `helm delete` command stops the CloudBees CI deployment than removes the OperationsCenter Center. The release is still stored in the Helm database, but it will now have the status deleted. If you wish to completely remove the release, use the following variation of the `helm delete` command. @@ -70,8 +70,8 @@ If you wish to completely remove the release, use the following variation of the $ helm delete cloudbees-core --purge ``` -> **IMPORTANT**: The `helm delete` command does NOT remove the persistent volume claims as precaution against data losss. -You will need to use the `kubectl delete pvc` command to delete the persistent volumn claims. +> **IMPORTANT**: The `helm delete` command does NOT remove the persistent volume claims as precaution against data loss. +You will need to use the `kubectl delete pvc` command to delete the persistent volume claims. The command removes all the Kubernetes components associated with the chart and deletes the release. @@ -96,6 +96,6 @@ To use an environment property value file with Helm, use the -f option as shown You can download the latest version of the `example-values.yaml` file from CloudBees Examples GitHub repository at https://github.com/cloudbees/cloudbees-examples/tree/master/helm-custom-value-file-examples. ## Additional Documentation -CloudBees provides complete and more detail installation and operation documentation on the CloudBees web site at https://go.cloudbees.com/docs/cloudbees-core/cloud-install-guide/kubernetes-helm-install/ +CloudBees provides complete and more detailed installation and operation documentation on the CloudBees web site at https://docs.cloudbees.com/docs/cloudbees-ci/latest/kubernetes-install-guide/ {{ template "chart.valuesSection" . }} diff --git a/helm/requirements.lock b/helm/requirements.lock index 8511053..03c0434 100644 --- a/helm/requirements.lock +++ b/helm/requirements.lock @@ -7,6 +7,6 @@ dependencies: version: 2.15.0 - name: cloudbees-sidecar-injector repository: https://charts.cloudbees.com/public/cloudbees - version: 2.0.7 -digest: sha256:10f7e8c53d0a6f910f4dbe0fd253fbefd288fb5fc24365635968e99b3bc75dbf -generated: "2020-10-07T14:35:15.239221954Z" + version: 2.1.0 +digest: sha256:9e5e49c0f4e06500b06a529b2dcd0ded06bed93a20427287539a1f267f5c45a0 +generated: "2020-11-04T11:46:50.730617819Z" diff --git a/helm/requirements.yaml b/helm/requirements.yaml index 1747d01..da2b914 100644 --- a/helm/requirements.yaml +++ b/helm/requirements.yaml @@ -8,6 +8,6 @@ dependencies: repository: https://kubernetes.github.io/ingress-nginx condition: ingress-nginx.Enabled - name: cloudbees-sidecar-injector - version: 2.0.7 + version: 2.1.0 repository: https://charts.cloudbees.com/public/cloudbees condition: sidecarinjector.Enabled diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl index 485a0fa..758b8a7 100644 --- a/helm/templates/_helpers.tpl +++ b/helm/templates/_helpers.tpl @@ -133,6 +133,14 @@ Expected Operations Center URL. Always ends with a trailing slash. {{- template "oc.protocol" . -}}://{{ include "oc.hostname" . }}{{ include "oc.contextpath" . }}/ {{- end -}} +{{- define "ingress.apiGroup" -}} +{{- if ge (atoi (.Capabilities.KubeVersion.Minor)) 15 -}} +networking.k8s.io +{{- else -}} +extensions +{{- end -}} +{{- end -}} + {{- define "ingress.apiVersion" -}} {{- if ge (atoi (.Capabilities.KubeVersion.Minor)) 15 -}} networking.k8s.io/v1beta1 diff --git a/helm/templates/cjoc-role-master-management.yaml b/helm/templates/cjoc-role-master-management.yaml index 771798e..eb4d056 100644 --- a/helm/templates/cjoc-role-master-management.yaml +++ b/helm/templates/cjoc-role-master-management.yaml @@ -99,7 +99,9 @@ rules: - create {{- else}} - apiGroups: + # - {{ include "ingress.apiGroup" . }} TODO once we get https://github.com/cloudbees/cloud-platform-master-provisioning-plugin/pull/325 in. - extensions + - networking.k8s.io resources: - ingresses verbs: diff --git a/helm/templates/cjoc-statefulset.yaml b/helm/templates/cjoc-statefulset.yaml index 9e7f843..84a495c 100644 --- a/helm/templates/cjoc-statefulset.yaml +++ b/helm/templates/cjoc-statefulset.yaml @@ -148,7 +148,7 @@ spec: {{- if .Values.OperationsCenter.JavaOpts }} {{ .Values.OperationsCenter.JavaOpts }} {{- end }} - {{- if .Values.OperationsCenter.CSRF.ProxyCompatibility -}} + {{- if .Values.OperationsCenter.CSRF.ProxyCompatibility }} -Djenkins.model.Jenkins.crumbIssuerProxyCompatibility=true {{- end }} -XX:+UseG1GC @@ -170,15 +170,14 @@ spec: cpu: "{{ .Values.OperationsCenter.Resources.Requests.Cpu }}" memory: "{{ .Values.OperationsCenter.Resources.Requests.Memory }}" volumeMounts: -{{- if .Values.Persistence.mounts }} -{{ toYaml .Values.Persistence.mounts | indent 12 }} -{{- end }} - name: jenkins-home mountPath: /var/jenkins_home readOnly: false - name: jenkins-configure-jenkins-groovy mountPath: /var/jenkins_config/configure-jenkins.groovy.d readOnly: true + - name: tmp + mountPath: /tmp {{- if .Values.OperationsCenter.ExtraVolumeMounts }} {{toYaml .Values.OperationsCenter.ExtraVolumeMounts | indent 8}} {{- end }} @@ -202,12 +201,11 @@ spec: {{toYaml .Values.OperationsCenter.ExtraContainers | indent 6}} {{- end }} volumes: -{{- if .Values.Persistence.volumes }} -{{ toYaml .Values.Persistence.volumes | indent 6 }} -{{- end }} - name: jenkins-configure-jenkins-groovy configMap: name: cjoc-configure-jenkins-groovy + - name: tmp + emptyDir: {} {{- if .Values.OperationsCenter.ExtraVolumes }} {{toYaml .Values.OperationsCenter.ExtraVolumes | indent 6}} {{- end }} diff --git a/helm/values.yaml b/helm/values.yaml index 9711d1c..a928def 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -50,7 +50,7 @@ OperationsCenter: # Operations Center docker image Image: # OperationsCenter.Image.dockerImage -- Container image to use for Operations Center - dockerImage: dcar/core-oc:2.249.2.3 + dockerImage: dcar/core-oc:2.249.3.1 # OperationsCenter.Image.dockerPullPolicy -- https://kubernetes.io/docs/concepts/containers/images/#updating-images dockerPullPolicy: IfNotPresent @@ -241,7 +241,7 @@ Master: # Docker image inserted in Operations Center automatically Image: # Master.Image.dockerImage -- Used to override the default docker image - dockerImage: dcar/core-mm:2.249.2.3 + dockerImage: dcar/core-mm:2.249.3.1 # Master.JavaOpts -- Additional Java options to pass to managed masters. For example, setting up a JMX port JavaOpts: null @@ -258,7 +258,7 @@ Agents: Create: false Image: # Agents.Image.dockerImage -- Used to override the default docker image used for agents - dockerImage: dcar/agent:2.249.2.3 + dockerImage: dcar/agent:2.249.3.1 Persistence: # Persistence.StorageClass -- Persistent Volume Storage Class for Jenkins Home @@ -283,16 +283,6 @@ Persistence: # Persistence.Size -- Size of the Operations Center volume Size: 20Gi - # Persistence.volumes -- Additional volumes to attach to Operations Center pod - volumes: [] -# - name: nothing -# emptyDir: {} - # Persistence.mounts -- Additional volume mounts to attach to Operations Center container - mounts: [] -# - mountPath: /var/nothing -# name: nothing -# readOnly: true - # Master hibernation Hibernation: # Hibernation.Enabled -- Whether to enable the [Hibernation](https://docs.cloudbees.com/docs/cloudbees-ci/latest/cloud-admin-guide/managing-masters#_hibernation_of_managed_masters) feature diff --git a/scripts/usr/local/bin/jenkins.sh b/scripts/usr/local/bin/jenkins.sh index f67b156..f8d26ae 100644 --- a/scripts/usr/local/bin/jenkins.sh +++ b/scripts/usr/local/bin/jenkins.sh @@ -52,7 +52,7 @@ find /usr/share/jenkins/ref/ -type f -exec bash -c "copy_reference_file '{}'" \; # if `docker run` first argument start with `--` the user is passing jenkins launcher arguments if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then - eval "exec java ${JAVA_OPTS:-} -jar -Dcb.distributable.name=\"Docker Common CJE\" -Dcb.distributable.commit_sha=4c482ecc2d194d4868ade0a8cb5f773a3ab1c0d5 /usr/share/jenkins/jenkins.war $JENKINS_OPTS \"\$@\"" + eval "exec java ${JAVA_OPTS:-} -jar -Dcb.distributable.name=\"Docker Common CJE\" -Dcb.distributable.commit_sha=35bd8640427b6d61f14c96f9f6e8aecbe4f3822e /usr/share/jenkins/jenkins.war $JENKINS_OPTS \"\$@\"" fi # As argument is not jenkins, assume user want to run his own process, for sample a `bash` shell to explore this image -- GitLab From b229ab4ace62227717c0cded63751002a5b3382c Mon Sep 17 00:00:00 2001 From: imontero Date: Thu, 12 Nov 2020 11:49:13 +0000 Subject: [PATCH 3/8] 2.249.3.2 --- Dockerfile | 2 +- Jenkinsfile | 2 +- README.md | 8 ++++---- download.json | 4 ++-- helm/README.md | 6 +++--- helm/requirements.lock | 2 +- helm/values.yaml | 6 +++--- 7 files changed, 15 insertions(+), 15 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6bf06e3..bfc8b47 100644 --- a/Dockerfile +++ b/Dockerfile @@ -43,7 +43,7 @@ HEALTHCHECK --interval=5m --timeout=3s \ LABEL securitytxt="https://www.cloudbees.com/.well-known/security.txt" LABEL release=35bd8640427b6d61f14c96f9f6e8aecbe4f3822e -LABEL version=2.249.3.1 +LABEL version=2.249.3.2 ARG TARBALL=files.tar COPY ${TARBALL} /tmp diff --git a/Jenkinsfile b/Jenkinsfile index e1f1927..018aa91 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,2 +1,2 @@ @Library('DCCSCR@master') _ -dccscrPipeline(version: '2.249.3.1') +dccscrPipeline(version: '2.249.3.2') diff --git a/README.md b/README.md index 606cf42..95e319d 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ CloudBees CI (formerly known as _CloudBees Core_) consists of three Docker image For each image, all files other than UBI and native packages are included in a `files.tar` marked with a SHA-256 checksum. -A version of CloudBees CI is given in the format `2.249.3.1` +A version of CloudBees CI is given in the format `2.249.3.2` where the first three components are aligned with a Jenkins LTS. The Helm chart is coversioned with `core-oc`. The `core-mm` image typically shares the same version, @@ -22,13 +22,13 @@ plus whatever other customizations are desired: ```yaml OperationsCenter: Image: - dockerImage: your-registry/core-oc:2.249.3.1 + dockerImage: your-registry/core-oc:2.249.3.2 Master: Image: - dockerImage: your-registry/core-mm:2.249.3.1 + dockerImage: your-registry/core-mm:2.249.3.2 Agents: Image: - dockerImage: your-registry/agent:2.249.3.1 + dockerImage: your-registry/agent:2.249.3.2 ``` and [install via Helm 3](https://docs.cloudbees.com/docs/cloudbees-core/latest/kubernetes-install-guide/installing-kubernetes-using-helm) using the local copy of the chart: diff --git a/download.json b/download.json index 9862a66..6f54fcc 100644 --- a/download.json +++ b/download.json @@ -1,11 +1,11 @@ { "resources": [ { - "url": "https://downloads.cloudbees.com/dsop-files/core-oc-files-185ba37cfbe5145a632eb4b91e6ba257cfa3172a30452a9ff6c96205e9cab451.tar", + "url": "https://downloads.cloudbees.com/dsop-files/core-oc-files-45df0b174ea42936f67a06b7afec951c191e1efc68aa08cc14ba6e532b3372c4.tar", "filename": "files.tar", "validation": { "type": "sha256", - "value": "185ba37cfbe5145a632eb4b91e6ba257cfa3172a30452a9ff6c96205e9cab451" + "value": "45df0b174ea42936f67a06b7afec951c191e1efc68aa08cc14ba6e532b3372c4" } } ] diff --git a/helm/README.md b/helm/README.md index 0da9b46..5beb633 100644 --- a/helm/README.md +++ b/helm/README.md @@ -108,7 +108,7 @@ CloudBees provides complete and more detailed installation and operation documen | Key | Type | Default | Description | |-----|------|---------|-------------| | Agents.Enabled | bool | `true` | Enable to create agent resources (service account, role) | -| Agents.Image.dockerImage | string | `"063356183961.dkr.ecr.us-east-1.amazonaws.com/ubi/unified-distribution/agent:2.249.3.1"` | Used to override the default docker image used for agents | +| Agents.Image.dockerImage | string | `"cloudbees/cloudbees-core-agent:2.249.3.1"` | Used to override the default docker image used for agents | | Agents.SeparateNamespace.Create | bool | `false` | If true, the second namespace will be created when installing this chart. Otherwise, the existing namespace should be labeled with `cloudbees.com/role: agents` in order for network policies to work. | | Agents.SeparateNamespace.Enabled | bool | `false` | If enabled, agents resources will be created in a separate namespace as well as bindings allowing masters to schedule them. | | Agents.SeparateNamespace.Name | string | `nil` | Namespace where to create agents resources. Defaults to `${namespace}-builds` where `${namespace}` is the namespace where the chart is installed. | @@ -116,7 +116,7 @@ CloudBees provides complete and more detailed installation and operation documen | Hibernation.Image.dockerImage | string | `"cloudbees/managed-master-hibernation-monitor:230.ee066a318539"` | Used to override the default docker image | | Hibernation.Image.dockerPullPolicy | string | `"IfNotPresent"` | Used to override the default pull policy | | Master.Enabled | bool | `true` | Whether to create the resources required to schedule masters. | -| Master.Image.dockerImage | string | `"063356183961.dkr.ecr.us-east-1.amazonaws.com/ubi/unified-distribution/core-mm:2.249.3.1"` | Used to override the default docker image | +| Master.Image.dockerImage | string | `"cloudbees/cloudbees-core-mm:2.249.3.1"` | Used to override the default docker image | | Master.JavaOpts | string | `nil` | Additional Java options to pass to managed masters. For example, setting up a JMX port | | Master.OperationsCenterNamespace | string | `nil` | When deploying Master resources, this grants an Operations Center deployed in another namespace the right to deploy masters | | NetworkPolicy.Enabled | bool | `false` | Enable only if the cluster supports it. Read the [documentation](https://kubernetes.io/docs/concepts/services-networking/network-policies/) to understand what this is about. | @@ -131,7 +131,7 @@ CloudBees provides complete and more detailed installation and operation documen | OperationsCenter.HealthProbeLivenessFailureThreshold | int | `12` | Threshold for liveness failure | | OperationsCenter.HealthProbes | bool | `true` | Enable Kubernetes Liveness and Readiness Probes | | OperationsCenter.HostName | string | `nil` | The hostname used to access Operations Center through the ingress controller. | -| OperationsCenter.Image.dockerImage | string | `"063356183961.dkr.ecr.us-east-1.amazonaws.com/ubi/unified-distribution/core-oc:2.249.3.1"` | Container image to use for Operations Center | +| OperationsCenter.Image.dockerImage | string | `"cloudbees/cloudbees-cloud-core-oc:2.249.3.1"` | Container image to use for Operations Center | | OperationsCenter.Image.dockerPullPolicy | string | `"Always"` | https://kubernetes.io/docs/concepts/containers/images/#updating-images | | OperationsCenter.ImagePullSecrets | string | `nil` | The name of the image pull secret to pull private docker images | | OperationsCenter.Ingress.Annotations | object | `{"kubernetes.io/tls-acme":"false"}` | annotations to put on Ingress object | diff --git a/helm/requirements.lock b/helm/requirements.lock index 03c0434..06db7ac 100644 --- a/helm/requirements.lock +++ b/helm/requirements.lock @@ -9,4 +9,4 @@ dependencies: repository: https://charts.cloudbees.com/public/cloudbees version: 2.1.0 digest: sha256:9e5e49c0f4e06500b06a529b2dcd0ded06bed93a20427287539a1f267f5c45a0 -generated: "2020-11-04T11:46:50.730617819Z" +generated: "2020-11-12T11:44:35.044232426Z" diff --git a/helm/values.yaml b/helm/values.yaml index a928def..52e074b 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -50,7 +50,7 @@ OperationsCenter: # Operations Center docker image Image: # OperationsCenter.Image.dockerImage -- Container image to use for Operations Center - dockerImage: dcar/core-oc:2.249.3.1 + dockerImage: dcar/core-oc:2.249.3.2 # OperationsCenter.Image.dockerPullPolicy -- https://kubernetes.io/docs/concepts/containers/images/#updating-images dockerPullPolicy: IfNotPresent @@ -241,7 +241,7 @@ Master: # Docker image inserted in Operations Center automatically Image: # Master.Image.dockerImage -- Used to override the default docker image - dockerImage: dcar/core-mm:2.249.3.1 + dockerImage: dcar/core-mm:2.249.3.2 # Master.JavaOpts -- Additional Java options to pass to managed masters. For example, setting up a JMX port JavaOpts: null @@ -258,7 +258,7 @@ Agents: Create: false Image: # Agents.Image.dockerImage -- Used to override the default docker image used for agents - dockerImage: dcar/agent:2.249.3.1 + dockerImage: dcar/agent:2.249.3.2 Persistence: # Persistence.StorageClass -- Persistent Volume Storage Class for Jenkins Home -- GitLab From de132e9cb7d85a94564be5da9e01bbcd745c9936 Mon Sep 17 00:00:00 2001 From: imontero Date: Thu, 19 Nov 2020 13:54:13 +0000 Subject: [PATCH 4/8] 2.249.3.3 --- Dockerfile | 2 +- Jenkinsfile | 2 +- README.md | 8 ++++---- download.json | 4 ++-- helm/Chart.yaml | 5 +++-- helm/README.md | 10 ++++++---- helm/requirements.lock | 2 +- helm/values.yaml | 6 +++--- 8 files changed, 21 insertions(+), 18 deletions(-) diff --git a/Dockerfile b/Dockerfile index bfc8b47..3ac26fa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -43,7 +43,7 @@ HEALTHCHECK --interval=5m --timeout=3s \ LABEL securitytxt="https://www.cloudbees.com/.well-known/security.txt" LABEL release=35bd8640427b6d61f14c96f9f6e8aecbe4f3822e -LABEL version=2.249.3.2 +LABEL version=2.249.3.3 ARG TARBALL=files.tar COPY ${TARBALL} /tmp diff --git a/Jenkinsfile b/Jenkinsfile index 018aa91..03ae711 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,2 +1,2 @@ @Library('DCCSCR@master') _ -dccscrPipeline(version: '2.249.3.2') +dccscrPipeline(version: '2.249.3.3') diff --git a/README.md b/README.md index 95e319d..e3ab221 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ CloudBees CI (formerly known as _CloudBees Core_) consists of three Docker image For each image, all files other than UBI and native packages are included in a `files.tar` marked with a SHA-256 checksum. -A version of CloudBees CI is given in the format `2.249.3.2` +A version of CloudBees CI is given in the format `2.249.3.3` where the first three components are aligned with a Jenkins LTS. The Helm chart is coversioned with `core-oc`. The `core-mm` image typically shares the same version, @@ -22,13 +22,13 @@ plus whatever other customizations are desired: ```yaml OperationsCenter: Image: - dockerImage: your-registry/core-oc:2.249.3.2 + dockerImage: your-registry/core-oc:2.249.3.3 Master: Image: - dockerImage: your-registry/core-mm:2.249.3.2 + dockerImage: your-registry/core-mm:2.249.3.3 Agents: Image: - dockerImage: your-registry/agent:2.249.3.2 + dockerImage: your-registry/agent:2.249.3.3 ``` and [install via Helm 3](https://docs.cloudbees.com/docs/cloudbees-core/latest/kubernetes-install-guide/installing-kubernetes-using-helm) using the local copy of the chart: diff --git a/download.json b/download.json index 6f54fcc..027550c 100644 --- a/download.json +++ b/download.json @@ -1,11 +1,11 @@ { "resources": [ { - "url": "https://downloads.cloudbees.com/dsop-files/core-oc-files-45df0b174ea42936f67a06b7afec951c191e1efc68aa08cc14ba6e532b3372c4.tar", + "url": "https://downloads.cloudbees.com/dsop-files/core-oc-files-d57097205d4acc2ebd4db03f9a93d3bf83a7b8468174fa81837741064fbfb7c3.tar", "filename": "files.tar", "validation": { "type": "sha256", - "value": "45df0b174ea42936f67a06b7afec951c191e1efc68aa08cc14ba6e532b3372c4" + "value": "d57097205d4acc2ebd4db03f9a93d3bf83a7b8468174fa81837741064fbfb7c3" } } ] diff --git a/helm/Chart.yaml b/helm/Chart.yaml index a58565d..8c2835b 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 2.249.3.1 +appVersion: 2.249.3.3 description: Enterprise Continuous Integration with Jenkins engine: gotpl home: https://www.cloudbees.com/products/continuous-integration @@ -7,5 +7,6 @@ icon: https://images.ctfassets.net/vtn4rfaw6n2j/7xprMMXARXDBuVxW4y8XfV/349fff910 keywords: - cloudbees - jenkins +kubeVersion: ^1.14.0-0 name: cloudbees-core -version: 3.23.0-DEVELOPMENT +version: 3.23.4-DEVELOPMENT diff --git a/helm/README.md b/helm/README.md index 5beb633..abe4b03 100644 --- a/helm/README.md +++ b/helm/README.md @@ -1,6 +1,6 @@ # cloudbees-core -![Version: 3.23.0](https://img.shields.io/badge/Version-3.23.0-informational?style=flat-square) ![AppVersion: 2.249.3.1](https://img.shields.io/badge/AppVersion-2.249.3.1-informational?style=flat-square) +![Version: 3.23.4](https://img.shields.io/badge/Version-3.23.4-informational?style=flat-square) ![AppVersion: 2.249.3.3](https://img.shields.io/badge/AppVersion-2.249.3.3-informational?style=flat-square) [CloudBees CI](https://www.cloudbees.com/products/continuous-integration) is the continuous integration platform architected for the enterprise. It provides: @@ -26,6 +26,8 @@ This chart bootstraps a CloudBees CI deployment on a [Kubernetes](http://kuberne ## Requirements +Kubernetes: `^1.14.0-0` + | Repository | Name | Version | |------------|------|---------| | https://charts.cloudbees.com/public/cloudbees | cloudbees-sidecar-injector | 2.1.0 | @@ -108,7 +110,7 @@ CloudBees provides complete and more detailed installation and operation documen | Key | Type | Default | Description | |-----|------|---------|-------------| | Agents.Enabled | bool | `true` | Enable to create agent resources (service account, role) | -| Agents.Image.dockerImage | string | `"cloudbees/cloudbees-core-agent:2.249.3.1"` | Used to override the default docker image used for agents | +| Agents.Image.dockerImage | string | `"cloudbees/cloudbees-core-agent:2.249.3.3"` | Used to override the default docker image used for agents | | Agents.SeparateNamespace.Create | bool | `false` | If true, the second namespace will be created when installing this chart. Otherwise, the existing namespace should be labeled with `cloudbees.com/role: agents` in order for network policies to work. | | Agents.SeparateNamespace.Enabled | bool | `false` | If enabled, agents resources will be created in a separate namespace as well as bindings allowing masters to schedule them. | | Agents.SeparateNamespace.Name | string | `nil` | Namespace where to create agents resources. Defaults to `${namespace}-builds` where `${namespace}` is the namespace where the chart is installed. | @@ -116,7 +118,7 @@ CloudBees provides complete and more detailed installation and operation documen | Hibernation.Image.dockerImage | string | `"cloudbees/managed-master-hibernation-monitor:230.ee066a318539"` | Used to override the default docker image | | Hibernation.Image.dockerPullPolicy | string | `"IfNotPresent"` | Used to override the default pull policy | | Master.Enabled | bool | `true` | Whether to create the resources required to schedule masters. | -| Master.Image.dockerImage | string | `"cloudbees/cloudbees-core-mm:2.249.3.1"` | Used to override the default docker image | +| Master.Image.dockerImage | string | `"cloudbees/cloudbees-core-mm:2.249.3.3"` | Used to override the default docker image | | Master.JavaOpts | string | `nil` | Additional Java options to pass to managed masters. For example, setting up a JMX port | | Master.OperationsCenterNamespace | string | `nil` | When deploying Master resources, this grants an Operations Center deployed in another namespace the right to deploy masters | | NetworkPolicy.Enabled | bool | `false` | Enable only if the cluster supports it. Read the [documentation](https://kubernetes.io/docs/concepts/services-networking/network-policies/) to understand what this is about. | @@ -131,7 +133,7 @@ CloudBees provides complete and more detailed installation and operation documen | OperationsCenter.HealthProbeLivenessFailureThreshold | int | `12` | Threshold for liveness failure | | OperationsCenter.HealthProbes | bool | `true` | Enable Kubernetes Liveness and Readiness Probes | | OperationsCenter.HostName | string | `nil` | The hostname used to access Operations Center through the ingress controller. | -| OperationsCenter.Image.dockerImage | string | `"cloudbees/cloudbees-cloud-core-oc:2.249.3.1"` | Container image to use for Operations Center | +| OperationsCenter.Image.dockerImage | string | `"cloudbees/cloudbees-cloud-core-oc:2.249.3.3"` | Container image to use for Operations Center | | OperationsCenter.Image.dockerPullPolicy | string | `"Always"` | https://kubernetes.io/docs/concepts/containers/images/#updating-images | | OperationsCenter.ImagePullSecrets | string | `nil` | The name of the image pull secret to pull private docker images | | OperationsCenter.Ingress.Annotations | object | `{"kubernetes.io/tls-acme":"false"}` | annotations to put on Ingress object | diff --git a/helm/requirements.lock b/helm/requirements.lock index 06db7ac..a5cf6dc 100644 --- a/helm/requirements.lock +++ b/helm/requirements.lock @@ -9,4 +9,4 @@ dependencies: repository: https://charts.cloudbees.com/public/cloudbees version: 2.1.0 digest: sha256:9e5e49c0f4e06500b06a529b2dcd0ded06bed93a20427287539a1f267f5c45a0 -generated: "2020-11-12T11:44:35.044232426Z" +generated: "2020-11-19T13:49:22.025947935Z" diff --git a/helm/values.yaml b/helm/values.yaml index 52e074b..56f2db9 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -50,7 +50,7 @@ OperationsCenter: # Operations Center docker image Image: # OperationsCenter.Image.dockerImage -- Container image to use for Operations Center - dockerImage: dcar/core-oc:2.249.3.2 + dockerImage: dcar/core-oc:2.249.3.3 # OperationsCenter.Image.dockerPullPolicy -- https://kubernetes.io/docs/concepts/containers/images/#updating-images dockerPullPolicy: IfNotPresent @@ -241,7 +241,7 @@ Master: # Docker image inserted in Operations Center automatically Image: # Master.Image.dockerImage -- Used to override the default docker image - dockerImage: dcar/core-mm:2.249.3.2 + dockerImage: dcar/core-mm:2.249.3.3 # Master.JavaOpts -- Additional Java options to pass to managed masters. For example, setting up a JMX port JavaOpts: null @@ -258,7 +258,7 @@ Agents: Create: false Image: # Agents.Image.dockerImage -- Used to override the default docker image used for agents - dockerImage: dcar/agent:2.249.3.2 + dockerImage: dcar/agent:2.249.3.3 Persistence: # Persistence.StorageClass -- Persistent Volume Storage Class for Jenkins Home -- GitLab From b21bc3aca794e44fdcb98accda8200cedc842a99 Mon Sep 17 00:00:00 2001 From: imontero Date: Thu, 3 Dec 2020 15:26:46 +0000 Subject: [PATCH 5/8] 2.263.1.2 --- Dockerfile | 9 +- Jenkinsfile | 2 +- README.md | 8 +- download.json | 4 +- helm/.helmignore | 3 + helm/Chart.yaml | 17 +- helm/README-template.md | 183 ++++++++++++++++++ helm/README.md | 22 ++- helm/README.md.gotmpl | 101 ---------- helm/requirements.lock | 6 +- helm/requirements.yaml | 2 +- helm/templates/_helpers.tpl | 2 +- helm/templates/agents-service-account.yaml | 2 +- .../cjoc-configure-jenkins-groovy.yaml | 1 - helm/templates/cjoc-statefulset.yaml | 4 + ...master-hibernation-monitor-deployment.yaml | 3 + helm/values.yaml | 26 ++- scripts/usr/local/bin/jenkins.sh | 2 +- scripts/usr/local/bin/support.sh | 2 - 19 files changed, 249 insertions(+), 150 deletions(-) create mode 100644 helm/.helmignore create mode 100644 helm/README-template.md delete mode 100644 helm/README.md.gotmpl diff --git a/Dockerfile b/Dockerfile index 3ac26fa..e70a0ad 100644 --- a/Dockerfile +++ b/Dockerfile @@ -42,14 +42,11 @@ HEALTHCHECK --interval=5m --timeout=3s \ CMD curl -fsL ${JENKINS_URL}/login || exit 1 LABEL securitytxt="https://www.cloudbees.com/.well-known/security.txt" -LABEL release=35bd8640427b6d61f14c96f9f6e8aecbe4f3822e -LABEL version=2.249.3.3 +LABEL release=b91ce79ef06dbc1aafd7c750f19bc0083b6eca75 +LABEL version=2.263.1.2 ARG TARBALL=files.tar -COPY ${TARBALL} /tmp -RUN cd / && \ - tar xvf /tmp/files.tar && \ - rm /tmp/files.tar +ADD ${TARBALL} / COPY scripts/ / RUN chmod +x /usr/local/bin/*.sh && \ diff --git a/Jenkinsfile b/Jenkinsfile index 03ae711..05c1f6b 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,2 +1,2 @@ @Library('DCCSCR@master') _ -dccscrPipeline(version: '2.249.3.3') +dccscrPipeline(version: '2.263.1.2') diff --git a/README.md b/README.md index e3ab221..2d5baa8 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ CloudBees CI (formerly known as _CloudBees Core_) consists of three Docker image For each image, all files other than UBI and native packages are included in a `files.tar` marked with a SHA-256 checksum. -A version of CloudBees CI is given in the format `2.249.3.3` +A version of CloudBees CI is given in the format `2.263.1.2` where the first three components are aligned with a Jenkins LTS. The Helm chart is coversioned with `core-oc`. The `core-mm` image typically shares the same version, @@ -22,13 +22,13 @@ plus whatever other customizations are desired: ```yaml OperationsCenter: Image: - dockerImage: your-registry/core-oc:2.249.3.3 + dockerImage: your-registry/core-oc:2.263.1.2 Master: Image: - dockerImage: your-registry/core-mm:2.249.3.3 + dockerImage: your-registry/core-mm:2.263.1.2 Agents: Image: - dockerImage: your-registry/agent:2.249.3.3 + dockerImage: your-registry/agent:2.263.1.2 ``` and [install via Helm 3](https://docs.cloudbees.com/docs/cloudbees-core/latest/kubernetes-install-guide/installing-kubernetes-using-helm) using the local copy of the chart: diff --git a/download.json b/download.json index 027550c..f0b9699 100644 --- a/download.json +++ b/download.json @@ -1,11 +1,11 @@ { "resources": [ { - "url": "https://downloads.cloudbees.com/dsop-files/core-oc-files-d57097205d4acc2ebd4db03f9a93d3bf83a7b8468174fa81837741064fbfb7c3.tar", + "url": "https://downloads.cloudbees.com/dsop-files/core-oc-files-40a611ede95284e1911ac85801ab5f27a7f4402ba16d65e1d44d31ce59ae0854.tar", "filename": "files.tar", "validation": { "type": "sha256", - "value": "d57097205d4acc2ebd4db03f9a93d3bf83a7b8468174fa81837741064fbfb7c3" + "value": "40a611ede95284e1911ac85801ab5f27a7f4402ba16d65e1d44d31ce59ae0854" } } ] diff --git a/helm/.helmignore b/helm/.helmignore new file mode 100644 index 0000000..ecfd1a1 --- /dev/null +++ b/helm/.helmignore @@ -0,0 +1,3 @@ +README.md.gotmpl +.gitignore +.helmignore diff --git a/helm/Chart.yaml b/helm/Chart.yaml index 8c2835b..df2528f 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,12 +1,13 @@ +name: cloudbees-core +home: https://www.cloudbees.com/products/continuous-integration apiVersion: v1 -appVersion: 2.249.3.3 +appVersion: 2.263.1.2 +version: 3.24.1 +kubeVersion: ^1.14.0-0 description: Enterprise Continuous Integration with Jenkins -engine: gotpl -home: https://www.cloudbees.com/products/continuous-integration icon: https://images.ctfassets.net/vtn4rfaw6n2j/7xprMMXARXDBuVxW4y8XfV/349fff91035050e3f2a8ff37bc0615b5/cloudbees-core-logo_header.svg keywords: -- cloudbees -- jenkins -kubeVersion: ^1.14.0-0 -name: cloudbees-core -version: 3.23.4-DEVELOPMENT + - cloudbees + - jenkins +engine: gotpl + diff --git a/helm/README-template.md b/helm/README-template.md new file mode 100644 index 0000000..9614196 --- /dev/null +++ b/helm/README-template.md @@ -0,0 +1,183 @@ +# cloudbees-core + +![Version: 3.24.1](https://img.shields.io/badge/Version-3.24.1-informational?style=flat-square) ![AppVersion: 2.263.1.2](https://img.shields.io/badge/AppVersion-2.263.1.2-informational?style=flat-square) + +[CloudBees CI](https://www.cloudbees.com/products/continuous-integration) is the continuous integration platform architected for the enterprise. It provides: + +* DevOps at scale +* Resilience and high availability +* Easy management +* Enterprise grade security + +## TL;DR; + +```console +$ helm repo add cloudbees https://charts.cloudbees.com/public/cloudbees +$ helm install cloudbees/cloudbees-core --name +``` + +## Introduction + +This chart bootstraps a CloudBees CI deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + - Kubernetes 1.14 or higher + - Helm 3.0.2 or higher + +## Requirements + +Kubernetes: `^1.14.0-0` + +| Repository | Name | Version | +|------------|------|---------| +| https://charts.cloudbees.com/public/cloudbees | cloudbees-sidecar-injector | 2.1.0 | +| https://charts.helm.sh/stable | nginx-ingress | 1.40.2 | +| https://kubernetes.github.io/ingress-nginx | ingress-nginx | 2.15.0 | + +## Installing the Chart + +### Default installation + +To install the chart with the release name `cloudbees-core` and hostname `cloudbees-core.example.com`. The default installation requires nginx-ingress controller to be installed. The chart can install the nginx-ingress controller for you. This installation is described in the next section. + +```console +$ helm install cloudbees/cloudbees-core \ + --name cloudbees-core \ + --set OperationsCenter.HostName='cloudbees-core.example.com' +``` + +The command deploys CloudBees CI on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +### Ingress Controller Installation + +The chart is designed, so it can install an ingress-nginx controller. +The `"ingress-nginx".Enabled` field controls ingress controller installation and setup. +To install the chart with the release name `cloudbees-core` and hostname cloudbees-core.example.com. + +```console +$ helm install cloudbees/cloudbees-core \ + --name cloudbees-core \ + --set "ingress-nginx".Enabled=true +``` + +## Uninstalling the Chart + +To uninstall/delete the `cloudbees-core` deployment: + +```console +$ helm delete cloudbees-core +``` +> **NOTE**: The current version of the CloudBees CI Helm Chart only manages the Operation Center. +Users should manage Managed Master using Operation Center. + +The `helm delete` command stops the CloudBees CI deployment than removes the OperationsCenter Center. +The release is still stored in the Helm database, but it will now have the status deleted. +If you wish to completely remove the release, use the following variation of the `helm delete` command. + +```console +$ helm delete cloudbees-core --purge +``` + +> **IMPORTANT**: The `helm delete` command does NOT remove the persistent volume claims as precaution against data loss. +You will need to use the `kubectl delete pvc` command to delete the persistent volume claims. + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +Please refer to the chart `values.yaml` to get the exhaustive list of values that can be customized. +The easiest way to consult it is through the command `helm inspect values cloudbees/cloudbees-core`. + +Each property can override a default value with a value that specific to your Kubernetes cluster +You can provide this values using the `--set` flag on the Helm command line. + +Helm also support merging values files together, so that you can create a YAML file for each environment. + +### Environment Property Value Files +Helm provides the option to use a custom property values file to override the default values set in the `values.yaml` file. +CloudBees recommends creating a custom properties file to override the default for your environments, instead of directly editing the included values.yaml file. + +To use an environment property value file with Helm, use the -f option as shown in the following example: +`helm install cloudbees-core --name cloudbees-core -f example-values.yaml` + +You can download the latest version of the `example-values.yaml` file from CloudBees Examples GitHub repository at https://github.com/cloudbees/cloudbees-examples/tree/master/helm-custom-value-file-examples. + +## Additional Documentation +CloudBees provides complete and more detailed installation and operation documentation on the CloudBees web site at https://docs.cloudbees.com/docs/cloudbees-ci/latest/kubernetes-install-guide/ + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| Agents.Enabled | bool | `true` | Enable to create agent resources (service account, role) | +| Agents.Image.dockerImage | string | `"@@IMAGE_PREFIX@@/agent:@@IMAGE_TAG@@"` | Used to override the default docker image used for agents | +| Agents.ImagePullSecrets | string | `nil` | Name of image pull secret to pull private Docker images or an array of image pull secrets | +| Agents.SeparateNamespace.Create | bool | `false` | If true, the second namespace will be created when installing this chart. Otherwise, the existing namespace should be labeled with `cloudbees.com/role: agents` in order for network policies to work. | +| Agents.SeparateNamespace.Enabled | bool | `false` | If enabled, agents resources will be created in a separate namespace as well as bindings allowing masters to schedule them. | +| Agents.SeparateNamespace.Name | string | `nil` | Namespace where to create agents resources. Defaults to `${namespace}-builds` where `${namespace}` is the namespace where the chart is installed. | +| Hibernation.Enabled | bool | `false` | Whether to enable the [Hibernation](https://docs.cloudbees.com/docs/cloudbees-ci/latest/cloud-admin-guide/managing-masters#_hibernation_of_managed_masters) feature | +| Hibernation.Image.dockerImage | string | `"cloudbees/managed-master-hibernation-monitor:230.ee066a318539"` | Used to override the default docker image | +| Hibernation.Image.dockerPullPolicy | string | `nil` | Used to override the default pull policy | +| Hibernation.ImagePullSecrets | string | `nil` | Name of image pull secret to pull private Docker images or an array of image pull secrets | +| Master.Enabled | bool | `true` | Whether to create the resources required to schedule masters. | +| Master.Image.dockerImage | string | `"@@IMAGE_PREFIX@@/core-mm:@@IMAGE_TAG@@"` | Used to override the default docker image | +| Master.JavaOpts | string | `nil` | Additional Java options to pass to managed masters. For example, setting up a JMX port | +| Master.OperationsCenterNamespace | string | `nil` | When deploying Master resources, this grants an Operations Center deployed in another namespace the right to deploy masters | +| NetworkPolicy.Enabled | bool | `false` | Enable only if the cluster supports it. Read the [documentation](https://kubernetes.io/docs/concepts/services-networking/network-policies/) to understand what this is about. | +| NetworkPolicy.JMXSelectors | list | `[]` | Custom selectors for accessing JMX port | +| NetworkPolicy.ingressControllerSelector | list | `[]` | Custom selector for the ingress-controller | +| OperationsCenter.AgentListenerPort | int | `50000` | Container port for agent listener traffic | +| OperationsCenter.Annotations | object | `{}` | Additional annotations to put on the pod running Operations Center | +| OperationsCenter.CSRF.ProxyCompatibility | bool | `false` | Proxy compatibility for the default CSRF issuer | +| OperationsCenter.ContainerPort | int | `8080` | Container port for http traffic | +| OperationsCenter.ContextPath | string | `"/cjoc"` | the path under which Operations Center will be accessible in the given host. | +| OperationsCenter.Enabled | bool | `true` | Disable for particular use case like setting up namespaces to host masters only | +| OperationsCenter.HealthProbeLivenessFailureThreshold | int | `12` | Threshold for liveness failure | +| OperationsCenter.HealthProbes | bool | `true` | Enable Kubernetes Liveness and Readiness Probes | +| OperationsCenter.HostName | string | `nil` | The hostname used to access Operations Center through the ingress controller. | +| OperationsCenter.Image.dockerImage | string | `"@@IMAGE_PREFIX@@/core-oc:@@IMAGE_TAG@@"` | Container image to use for Operations Center | +| OperationsCenter.Image.dockerPullPolicy | string | `nil` | https://kubernetes.io/docs/concepts/containers/images/#updating-images | +| OperationsCenter.ImagePullSecrets | string | `nil` | Name of image pull secret to pull private Docker images or an array of image pull secrets | +| OperationsCenter.Ingress.Annotations | object | `{"kubernetes.io/tls-acme":"false"}` | annotations to put on Ingress object | +| OperationsCenter.Ingress.Class | string | `"nginx"` | Ingress class to use for OC and MM ingresses Should be set to the same value as nginx-ingress.controller.ingressClass if enabled | +| OperationsCenter.Ingress.tls.Enable | bool | `false` | Set this to true in order to enable TLS on the ingress record | +| OperationsCenter.Ingress.tls.SecretName | string | `nil` | The name of the secret containing the certificate and private key to terminate TLS for the ingress | +| OperationsCenter.JavaOpts | string | `nil` | Additional java options to pass to the Operations Center | +| OperationsCenter.JenkinsOpts | string | `nil` | Additional arguments for jenkins.war | +| OperationsCenter.LoadBalancerIP | string | `nil` | Optionally assign a known public LB IP | +| OperationsCenter.LoadBalancerSourceRanges | list | `["0.0.0.0/0"]` | Only applicable when using `ServiceType: LoadBalancer` | +| OperationsCenter.NodeSelector | object | `{}` | Node labels and tolerations for pod assignment ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector | +| OperationsCenter.Platform | string | `"standard"` | Enables specific settings depending on the platform platform specific values are: `eks`, `aws`, `gke`, `aks`, `openshift`, `openshift4` Note: `openshift` maps to OpenShift 3.x | +| OperationsCenter.Protocol | string | `"http"` | the protocol used to access CJOC. Possible values are http/https. | +| OperationsCenter.Resources.Limits.Cpu | int | `1` | CPU limit to run Operations Center https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-cpu | +| OperationsCenter.Resources.Limits.Memory | string | `"2G"` | Memory limit to run Operations Center https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-memory | +| OperationsCenter.Resources.Requests.Cpu | int | `1` | CPU request to run Operations Center https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-cpu | +| OperationsCenter.Resources.Requests.Memory | string | `"2G"` | Memory request to run Operations Center https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-memory | +| OperationsCenter.Route.tls.Enable | bool | `false` | Set this to true in OpenShift to terminate TLS at route level | +| OperationsCenter.ServiceAgentListenerPort | int | `50000` | Controls the service port where Operations Center TCP port for agents is exposed. Don't change this parameter unless you know what you are doing | +| OperationsCenter.ServiceAnnotations | object | `{}` | Additional annotations to put on the Operations Center service | +| OperationsCenter.ServicePort | int | `80` | Controls the service port where Operations Center http port is exposed. Don't change this parameter unless you know what you are doing | +| OperationsCenter.ServiceType | string | `"ClusterIP"` | Service Type. Defaults to ClusterIP, since we recommend using an ingress controller. | +| OperationsCenter.Tolerations | list | `[]` | Specify tolerations for the Operations Center pod. See [documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | +| Persistence.AccessMode | string | `"ReadWriteOnce"` | Access mode for the PVC ([doc](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)) | +| Persistence.Annotations | object | `{}` | Annotations to put on the PVC | +| Persistence.Size | string | `"20Gi"` | Size of the Operations Center volume | +| Persistence.StorageClass | string | `nil` | Persistent Volume Storage Class for Jenkins Home If defined, storageClassName: . If set to "-", storageClassName: "", which disables dynamic provisioning. If undefined (the default) or set to null, the default storage class will be used, unless specified otherwise below. If setting OperationsCenter.Platform == gke, a storage class backed with SSD drives will be created by this chart and used automatically. | +| PodSecurityPolicy.Annotations | object | `{}` | Additional annotations to put on the PodSecurityPolicy, e.g. AppArmor/Seccomp settings | +| PodSecurityPolicy.Enabled | bool | `false` | Enables [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) support Enable only if the cluster supports it. | +| ingress-nginx.Enabled | bool | `false` | Installs the [ingress-nginx](https://github.com/kubernetes/ingress-nginx/tree/master/charts/ingress-nginx) controller (optional). Enable this section if you don't have an existing installation of ingress-nginx controller Note: use `beta.kubernetes.io/os` when deploying on Kubernetes versions below 1.16 | +| ingress-nginx.controller.ingressClass | string | `"nginx"` | | +| ingress-nginx.controller.nodeSelector."kubernetes.io/os" | string | `"linux"` | | +| ingress-nginx.controller.service.externalTrafficPolicy | string | `"Local"` | | +| ingress-nginx.defaultBackend.nodeSelector."kubernetes.io/os" | string | `"linux"` | | +| nginx-ingress.Enabled | bool | `false` | Installs the [nginx-ingress](https://github.com/helm/charts/tree/master/stable/nginx-ingress) controller (optional). DEPRECATED - Use ingress-nginx section instead. Enable this section if you don't have an existing installation of nginx-ingress controller Note: use `beta.kubernetes.io/os` when deploying on Kubernetes versions below 1.16 | +| nginx-ingress.controller.ingressClass | string | `"nginx"` | | +| nginx-ingress.controller.nodeSelector."kubernetes.io/os" | string | `"linux"` | | +| nginx-ingress.controller.service.externalTrafficPolicy | string | `"Local"` | | +| nginx-ingress.defaultBackend.nodeSelector."kubernetes.io/os" | string | `"linux"` | | +| rbac.agentsServiceAccountName | string | `"jenkins-agents"` | | +| rbac.hibernationMonitorServiceAccountName | string | `"managed-master-hibernation-monitor"` | Name of the service account the Hibernation monitor will run as (if enabled) | +| rbac.install | bool | `true` | Install `role`/`rolebindings`/`serviceAccount`. If false (and rbac is enabled in the cluster anyway), provide valid names for all service accounts. | +| rbac.masterServiceAccountName | string | `"jenkins"` | Name of the service account Jenkins masters will run as | +| rbac.serviceAccountName | string | `"cjoc"` | Name of the service account Operations Center will run as | +| sidecarinjector.Enabled | bool | `false` | Whether to enable installation of Sidecar Injector | diff --git a/helm/README.md b/helm/README.md index abe4b03..19f19e2 100644 --- a/helm/README.md +++ b/helm/README.md @@ -1,6 +1,6 @@ # cloudbees-core -![Version: 3.23.4](https://img.shields.io/badge/Version-3.23.4-informational?style=flat-square) ![AppVersion: 2.249.3.3](https://img.shields.io/badge/AppVersion-2.249.3.3-informational?style=flat-square) +![Version: 3.24.1](https://img.shields.io/badge/Version-3.24.1-informational?style=flat-square) ![AppVersion: 2.263.1.2](https://img.shields.io/badge/AppVersion-2.263.1.2-informational?style=flat-square) [CloudBees CI](https://www.cloudbees.com/products/continuous-integration) is the continuous integration platform architected for the enterprise. It provides: @@ -31,7 +31,7 @@ Kubernetes: `^1.14.0-0` | Repository | Name | Version | |------------|------|---------| | https://charts.cloudbees.com/public/cloudbees | cloudbees-sidecar-injector | 2.1.0 | -| https://kubernetes-charts.storage.googleapis.com/ | nginx-ingress | 1.40.2 | +| https://charts.helm.sh/stable | nginx-ingress | 1.40.2 | | https://kubernetes.github.io/ingress-nginx | ingress-nginx | 2.15.0 | ## Installing the Chart @@ -110,15 +110,17 @@ CloudBees provides complete and more detailed installation and operation documen | Key | Type | Default | Description | |-----|------|---------|-------------| | Agents.Enabled | bool | `true` | Enable to create agent resources (service account, role) | -| Agents.Image.dockerImage | string | `"cloudbees/cloudbees-core-agent:2.249.3.3"` | Used to override the default docker image used for agents | +| Agents.Image.dockerImage | string | `"test/agent:latest"` | Used to override the default docker image used for agents | +| Agents.ImagePullSecrets | string | `nil` | Name of image pull secret to pull private Docker images or an array of image pull secrets | | Agents.SeparateNamespace.Create | bool | `false` | If true, the second namespace will be created when installing this chart. Otherwise, the existing namespace should be labeled with `cloudbees.com/role: agents` in order for network policies to work. | | Agents.SeparateNamespace.Enabled | bool | `false` | If enabled, agents resources will be created in a separate namespace as well as bindings allowing masters to schedule them. | | Agents.SeparateNamespace.Name | string | `nil` | Namespace where to create agents resources. Defaults to `${namespace}-builds` where `${namespace}` is the namespace where the chart is installed. | | Hibernation.Enabled | bool | `false` | Whether to enable the [Hibernation](https://docs.cloudbees.com/docs/cloudbees-ci/latest/cloud-admin-guide/managing-masters#_hibernation_of_managed_masters) feature | | Hibernation.Image.dockerImage | string | `"cloudbees/managed-master-hibernation-monitor:230.ee066a318539"` | Used to override the default docker image | -| Hibernation.Image.dockerPullPolicy | string | `"IfNotPresent"` | Used to override the default pull policy | +| Hibernation.Image.dockerPullPolicy | string | `nil` | Used to override the default pull policy | +| Hibernation.ImagePullSecrets | string | `nil` | Name of image pull secret to pull private Docker images or an array of image pull secrets | | Master.Enabled | bool | `true` | Whether to create the resources required to schedule masters. | -| Master.Image.dockerImage | string | `"cloudbees/cloudbees-core-mm:2.249.3.3"` | Used to override the default docker image | +| Master.Image.dockerImage | string | `"test/core-mm:latest"` | Used to override the default docker image | | Master.JavaOpts | string | `nil` | Additional Java options to pass to managed masters. For example, setting up a JMX port | | Master.OperationsCenterNamespace | string | `nil` | When deploying Master resources, this grants an Operations Center deployed in another namespace the right to deploy masters | | NetworkPolicy.Enabled | bool | `false` | Enable only if the cluster supports it. Read the [documentation](https://kubernetes.io/docs/concepts/services-networking/network-policies/) to understand what this is about. | @@ -133,9 +135,9 @@ CloudBees provides complete and more detailed installation and operation documen | OperationsCenter.HealthProbeLivenessFailureThreshold | int | `12` | Threshold for liveness failure | | OperationsCenter.HealthProbes | bool | `true` | Enable Kubernetes Liveness and Readiness Probes | | OperationsCenter.HostName | string | `nil` | The hostname used to access Operations Center through the ingress controller. | -| OperationsCenter.Image.dockerImage | string | `"cloudbees/cloudbees-cloud-core-oc:2.249.3.3"` | Container image to use for Operations Center | -| OperationsCenter.Image.dockerPullPolicy | string | `"Always"` | https://kubernetes.io/docs/concepts/containers/images/#updating-images | -| OperationsCenter.ImagePullSecrets | string | `nil` | The name of the image pull secret to pull private docker images | +| OperationsCenter.Image.dockerImage | string | `"test/core-oc:latest"` | Container image to use for Operations Center | +| OperationsCenter.Image.dockerPullPolicy | string | `nil` | https://kubernetes.io/docs/concepts/containers/images/#updating-images | +| OperationsCenter.ImagePullSecrets | string | `nil` | Name of image pull secret to pull private Docker images or an array of image pull secrets | | OperationsCenter.Ingress.Annotations | object | `{"kubernetes.io/tls-acme":"false"}` | annotations to put on Ingress object | | OperationsCenter.Ingress.Class | string | `"nginx"` | Ingress class to use for OC and MM ingresses Should be set to the same value as nginx-ingress.controller.ingressClass if enabled | | OperationsCenter.Ingress.tls.Enable | bool | `false` | Set this to true in order to enable TLS on the ingress record | @@ -145,7 +147,7 @@ CloudBees provides complete and more detailed installation and operation documen | OperationsCenter.LoadBalancerIP | string | `nil` | Optionally assign a known public LB IP | | OperationsCenter.LoadBalancerSourceRanges | list | `["0.0.0.0/0"]` | Only applicable when using `ServiceType: LoadBalancer` | | OperationsCenter.NodeSelector | object | `{}` | Node labels and tolerations for pod assignment ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector | -| OperationsCenter.Platform | string | `"standard"` | Enables specific settings depending on the platform platform specific values are: `eks`, `aws`, `gke`, `aks`, `pks`, `openshift`, `openshift4` Note: `openshift` maps to OpenShift 3.x | +| OperationsCenter.Platform | string | `"standard"` | Enables specific settings depending on the platform platform specific values are: `eks`, `aws`, `gke`, `aks`, `openshift`, `openshift4` Note: `openshift` maps to OpenShift 3.x | | OperationsCenter.Protocol | string | `"http"` | the protocol used to access CJOC. Possible values are http/https. | | OperationsCenter.Resources.Limits.Cpu | int | `1` | CPU limit to run Operations Center https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-cpu | | OperationsCenter.Resources.Limits.Memory | string | `"2G"` | Memory limit to run Operations Center https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-memory | @@ -175,7 +177,7 @@ CloudBees provides complete and more detailed installation and operation documen | nginx-ingress.defaultBackend.nodeSelector."kubernetes.io/os" | string | `"linux"` | | | rbac.agentsServiceAccountName | string | `"jenkins-agents"` | | | rbac.hibernationMonitorServiceAccountName | string | `"managed-master-hibernation-monitor"` | Name of the service account the Hibernation monitor will run as (if enabled) | -| rbac.install | bool | `true` | Install `role`/`rolebindings`/`serviceAccount`. If false (and rbac is enabled in the cluster anyway), provide valid names for `serviceAccountName`, `masterServiceAccountName` and `hibernationMonitorServiceAccountName` | +| rbac.install | bool | `true` | Install `role`/`rolebindings`/`serviceAccount`. If false (and rbac is enabled in the cluster anyway), provide valid names for all service accounts. | | rbac.masterServiceAccountName | string | `"jenkins"` | Name of the service account Jenkins masters will run as | | rbac.serviceAccountName | string | `"cjoc"` | Name of the service account Operations Center will run as | | sidecarinjector.Enabled | bool | `false` | Whether to enable installation of Sidecar Injector | diff --git a/helm/README.md.gotmpl b/helm/README.md.gotmpl deleted file mode 100644 index 58718f7..0000000 --- a/helm/README.md.gotmpl +++ /dev/null @@ -1,101 +0,0 @@ -# cloudbees-core - -{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} - -[CloudBees CI](https://www.cloudbees.com/products/continuous-integration) is the continuous integration platform architected for the enterprise. It provides: - -* DevOps at scale -* Resilience and high availability -* Easy management -* Enterprise grade security - -## TL;DR; - -```console -$ helm repo add cloudbees https://charts.cloudbees.com/public/cloudbees -$ helm install cloudbees/cloudbees-core --name -``` - -## Introduction - -This chart bootstraps a CloudBees CI deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Prerequisites - - Kubernetes 1.14 or higher - - Helm 3.0.2 or higher - -{{ template "chart.requirementsSection" . }} - -## Installing the Chart - -### Default installation - -To install the chart with the release name `cloudbees-core` and hostname `cloudbees-core.example.com`. The default installation requires nginx-ingress controller to be installed. The chart can install the nginx-ingress controller for you. This installation is described in the next section. - -```console -$ helm install cloudbees/cloudbees-core \ - --name cloudbees-core \ - --set OperationsCenter.HostName='cloudbees-core.example.com' -``` - -The command deploys CloudBees CI on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -### Ingress Controller Installation - -The chart is designed, so it can install an ingress-nginx controller. -The `"ingress-nginx".Enabled` field controls ingress controller installation and setup. -To install the chart with the release name `cloudbees-core` and hostname cloudbees-core.example.com. - -```console -$ helm install cloudbees/cloudbees-core \ - --name cloudbees-core \ - --set "ingress-nginx".Enabled=true -``` - -## Uninstalling the Chart - -To uninstall/delete the `cloudbees-core` deployment: - -```console -$ helm delete cloudbees-core -``` -> **NOTE**: The current version of the CloudBees CI Helm Chart only manages the Operation Center. -Users should manage Managed Master using Operation Center. - -The `helm delete` command stops the CloudBees CI deployment than removes the OperationsCenter Center. -The release is still stored in the Helm database, but it will now have the status deleted. -If you wish to completely remove the release, use the following variation of the `helm delete` command. - -```console -$ helm delete cloudbees-core --purge -``` - -> **IMPORTANT**: The `helm delete` command does NOT remove the persistent volume claims as precaution against data loss. -You will need to use the `kubectl delete pvc` command to delete the persistent volume claims. - - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -Please refer to the chart `values.yaml` to get the exhaustive list of values that can be customized. -The easiest way to consult it is through the command `helm inspect values cloudbees/cloudbees-core`. - -Each property can override a default value with a value that specific to your Kubernetes cluster -You can provide this values using the `--set` flag on the Helm command line. - -Helm also support merging values files together, so that you can create a YAML file for each environment. - -### Environment Property Value Files -Helm provides the option to use a custom property values file to override the default values set in the `values.yaml` file. -CloudBees recommends creating a custom properties file to override the default for your environments, instead of directly editing the included values.yaml file. - -To use an environment property value file with Helm, use the -f option as shown in the following example: -`helm install cloudbees-core --name cloudbees-core -f example-values.yaml` - -You can download the latest version of the `example-values.yaml` file from CloudBees Examples GitHub repository at https://github.com/cloudbees/cloudbees-examples/tree/master/helm-custom-value-file-examples. - -## Additional Documentation -CloudBees provides complete and more detailed installation and operation documentation on the CloudBees web site at https://docs.cloudbees.com/docs/cloudbees-ci/latest/kubernetes-install-guide/ - -{{ template "chart.valuesSection" . }} diff --git a/helm/requirements.lock b/helm/requirements.lock index a5cf6dc..cfe7684 100644 --- a/helm/requirements.lock +++ b/helm/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: nginx-ingress - repository: https://kubernetes-charts.storage.googleapis.com/ + repository: https://charts.helm.sh/stable version: 1.40.2 - name: ingress-nginx repository: https://kubernetes.github.io/ingress-nginx @@ -8,5 +8,5 @@ dependencies: - name: cloudbees-sidecar-injector repository: https://charts.cloudbees.com/public/cloudbees version: 2.1.0 -digest: sha256:9e5e49c0f4e06500b06a529b2dcd0ded06bed93a20427287539a1f267f5c45a0 -generated: "2020-11-19T13:49:22.025947935Z" +digest: sha256:b1cd3367672f5c35bdcff06f4a7d87f072f5f89f4e654a90aa199f3c1b939070 +generated: "2020-12-03T15:21:23.671272905Z" diff --git a/helm/requirements.yaml b/helm/requirements.yaml index da2b914..417a1df 100644 --- a/helm/requirements.yaml +++ b/helm/requirements.yaml @@ -1,7 +1,7 @@ dependencies: - name: nginx-ingress version: 1.40.2 - repository: https://kubernetes-charts.storage.googleapis.com/ + repository: https://charts.helm.sh/stable condition: nginx-ingress.Enabled - name: ingress-nginx version: 2.15.0 diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl index 758b8a7..6df1523 100644 --- a/helm/templates/_helpers.tpl +++ b/helm/templates/_helpers.tpl @@ -95,7 +95,7 @@ helm.sh/chart: {{ include "cloudbees-core.chart" . | quote }} {{- end -}} {{- define "oc.protocol" -}} -{{- if .Values.OperationsCenter.Ingress.tls.Enable -}}https{{- else -}}{{ .Values.OperationsCenter.Protocol }}{{- end -}} +{{- if or (.Values.OperationsCenter.Ingress.tls.Enable) (.Values.OperationsCenter.Route.tls.Enable) -}}https{{- else -}}{{ .Values.OperationsCenter.Protocol }}{{- end -}} {{- end -}} {{/* diff --git a/helm/templates/agents-service-account.yaml b/helm/templates/agents-service-account.yaml index 959ee0c..f4bbe1b 100644 --- a/helm/templates/agents-service-account.yaml +++ b/helm/templates/agents-service-account.yaml @@ -1,4 +1,4 @@ -{{- if and (.Values.rbac.install) (.Values.Agents.SeparateNamespace.Enabled) -}} +{{- if and (.Values.rbac.install) -}} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/helm/templates/cjoc-configure-jenkins-groovy.yaml b/helm/templates/cjoc-configure-jenkins-groovy.yaml index a88903c..ac45647 100644 --- a/helm/templates/cjoc-configure-jenkins-groovy.yaml +++ b/helm/templates/cjoc-configure-jenkins-groovy.yaml @@ -7,7 +7,6 @@ metadata: {{ include "cloudbees-core.labels" . | indent 4 }} data: location.groovy: | - hudson.ExtensionList.lookupSingleton(com.cloudbees.jenkins.support.impl.cloudbees.TcpSlaveAgentListenerMonitor.class).disable(true) {{- if .Values.OperationsCenter.HostName }} jenkins.model.JenkinsLocationConfiguration.get().setUrl("{{- template "oc.url" . -}}") {{- end }} diff --git a/helm/templates/cjoc-statefulset.yaml b/helm/templates/cjoc-statefulset.yaml index 84a495c..788ff4b 100644 --- a/helm/templates/cjoc-statefulset.yaml +++ b/helm/templates/cjoc-statefulset.yaml @@ -62,6 +62,7 @@ spec: operator: In values: - slave + enableServiceLinks: false serviceAccountName: {{ .Values.rbac.serviceAccountName }} {{- if .Values.OperationsCenter.NodeSelector }} nodeSelector: @@ -92,8 +93,10 @@ spec: - name: jenkins {{- with .Values.OperationsCenter.Image}} image: "{{ .dockerImage }}" + {{- if .dockerPullPolicy }} imagePullPolicy: "{{ .dockerPullPolicy }}" {{- end}} + {{- end}} env: {{- if .Values.OperationsCenter.ContainerEnv }} {{ toYaml .Values.OperationsCenter.ContainerEnv | indent 8 }} @@ -110,6 +113,7 @@ spec: {{- if .Values.Agents.SeparateNamespace.Enabled }} -Dcom.cloudbees.jenkins.plugins.kube.NamespaceFilter.defaultNamespace={{ template "agents.namespace" . }} {{- end }} + -Dcom.cloudbees.jenkins.plugins.kube.ServiceAccountFilter.defaultServiceAccount={{ .Values.rbac.agentsServiceAccountName }} {{- if .Values.Master.JavaOpts }} {{ .Values.Master.JavaOpts }} {{- end }} diff --git a/helm/templates/managed-master-hibernation-monitor-deployment.yaml b/helm/templates/managed-master-hibernation-monitor-deployment.yaml index c526a26..25b5a96 100644 --- a/helm/templates/managed-master-hibernation-monitor-deployment.yaml +++ b/helm/templates/managed-master-hibernation-monitor-deployment.yaml @@ -44,8 +44,10 @@ spec: - name: managed-master-hibernation-monitor {{- with .Values.Hibernation.Image}} image: {{ .dockerImage }} + {{- if .dockerPullPolicy }} imagePullPolicy: {{ .dockerPullPolicy }} {{- end}} + {{- end}} ports: - containerPort: 8090 name: http @@ -69,4 +71,5 @@ spec: limits: memory: 250Mi serviceAccountName: {{ .Values.rbac.hibernationMonitorServiceAccountName }} + enableServiceLinks: false {{- end -}} diff --git a/helm/values.yaml b/helm/values.yaml index 56f2db9..daaca64 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -50,18 +50,18 @@ OperationsCenter: # Operations Center docker image Image: # OperationsCenter.Image.dockerImage -- Container image to use for Operations Center - dockerImage: dcar/core-oc:2.249.3.3 + dockerImage: dcar/core-oc:2.263.1.2 # OperationsCenter.Image.dockerPullPolicy -- https://kubernetes.io/docs/concepts/containers/images/#updating-images - dockerPullPolicy: IfNotPresent + dockerPullPolicy: null # Image pull secrets # Enable this option when using a private registry. # https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line - # OperationsCenter.ImagePullSecrets -- The name of the image pull secret to pull private docker images + # OperationsCenter.ImagePullSecrets -- Name of image pull secret to pull private Docker images or an array of image pull secrets ImagePullSecrets: null # OperationsCenter.Platform -- Enables specific settings depending on the platform - # platform specific values are: `eks`, `aws`, `gke`, `aks`, `pks`, `openshift`, `openshift4` + # platform specific values are: `eks`, `aws`, `gke`, `aks`, `openshift`, `openshift4` # Note: `openshift` maps to OpenShift 3.x Platform: standard @@ -241,7 +241,7 @@ Master: # Docker image inserted in Operations Center automatically Image: # Master.Image.dockerImage -- Used to override the default docker image - dockerImage: dcar/core-mm:2.249.3.3 + dockerImage: dcar/core-mm:2.263.1.2 # Master.JavaOpts -- Additional Java options to pass to managed masters. For example, setting up a JMX port JavaOpts: null @@ -258,7 +258,12 @@ Agents: Create: false Image: # Agents.Image.dockerImage -- Used to override the default docker image used for agents - dockerImage: dcar/agent:2.249.3.3 + dockerImage: dcar/agent:2.263.1.2 + # Image pull secrets + # Enable this option when using a private registry. + # https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line + # Agents.ImagePullSecrets -- Name of image pull secret to pull private Docker images or an array of image pull secrets + ImagePullSecrets: null Persistence: # Persistence.StorageClass -- Persistent Volume Storage Class for Jenkins Home @@ -291,7 +296,12 @@ Hibernation: # Hibernation.Image.dockerImage -- Used to override the default docker image dockerImage: cloudbees/managed-master-hibernation-monitor:230.ee066a318539 # Hibernation.Image.dockerPullPolicy -- Used to override the default pull policy - dockerPullPolicy: IfNotPresent + dockerPullPolicy: null + # Image pull secrets + # Enable this option when using a private registry. + # https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line + # Hibernation.ImagePullSecrets -- Name of image pull secret to pull private Docker images or an array of image pull secrets + ImagePullSecrets: null PodSecurityPolicy: # Requires rbac.installCluster = true @@ -328,7 +338,7 @@ NetworkPolicy: ## Install Default RBAC roles and bindings rbac: # rbac.install -- Install `role`/`rolebindings`/`serviceAccount`. - # If false (and rbac is enabled in the cluster anyway), provide valid names for `serviceAccountName`, `masterServiceAccountName` and `hibernationMonitorServiceAccountName` + # If false (and rbac is enabled in the cluster anyway), provide valid names for all service accounts. install: true # rbac.installCluster -- Install `clusterrole`/`clusterrolebinding` diff --git a/scripts/usr/local/bin/jenkins.sh b/scripts/usr/local/bin/jenkins.sh index f8d26ae..570c61e 100644 --- a/scripts/usr/local/bin/jenkins.sh +++ b/scripts/usr/local/bin/jenkins.sh @@ -52,7 +52,7 @@ find /usr/share/jenkins/ref/ -type f -exec bash -c "copy_reference_file '{}'" \; # if `docker run` first argument start with `--` the user is passing jenkins launcher arguments if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then - eval "exec java ${JAVA_OPTS:-} -jar -Dcb.distributable.name=\"Docker Common CJE\" -Dcb.distributable.commit_sha=35bd8640427b6d61f14c96f9f6e8aecbe4f3822e /usr/share/jenkins/jenkins.war $JENKINS_OPTS \"\$@\"" + eval "exec java ${JAVA_OPTS:-} -jar -Dcb.distributable.name=\"Docker Common CJE\" -Dcb.distributable.commit_sha=b91ce79ef06dbc1aafd7c750f19bc0083b6eca75 /usr/share/jenkins/jenkins.war $JENKINS_OPTS \"\$@\"" fi # As argument is not jenkins, assume user want to run his own process, for sample a `bash` shell to explore this image diff --git a/scripts/usr/local/bin/support.sh b/scripts/usr/local/bin/support.sh index 5c47faa..992ef78 100644 --- a/scripts/usr/local/bin/support.sh +++ b/scripts/usr/local/bin/support.sh @@ -2,8 +2,6 @@ set-java-options() { export JAVA_OPTS="-Duser.home=$JENKINS_HOME ${JAVA_OPTS:-}" - # CPLT2-6044: http/2 is causing issues with Openshift 4.x users - #export JAVA_OPTS="-Xbootclasspath/p:/usr/share/jenkins/alpn-boot.jar ${JAVA_OPTS:-}" } set-jenkins-options() { -- GitLab From 446c3f65806463038be97f7160970ac33d012e84 Mon Sep 17 00:00:00 2001 From: imontero Date: Fri, 11 Dec 2020 09:43:40 +0000 Subject: [PATCH 6/8] 2.263.1.2 --- Dockerfile | 2 +- LICENSE.adoc => LICENSE | 0 download.json | 4 ++-- helm/requirements.lock | 2 +- scripts/usr/local/bin/jenkins.sh | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) rename LICENSE.adoc => LICENSE (100%) diff --git a/Dockerfile b/Dockerfile index e70a0ad..8f868e1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -42,7 +42,7 @@ HEALTHCHECK --interval=5m --timeout=3s \ CMD curl -fsL ${JENKINS_URL}/login || exit 1 LABEL securitytxt="https://www.cloudbees.com/.well-known/security.txt" -LABEL release=b91ce79ef06dbc1aafd7c750f19bc0083b6eca75 +LABEL release=39e96b82ab7adf049eac0aacdb3c432f51abaf1b LABEL version=2.263.1.2 ARG TARBALL=files.tar diff --git a/LICENSE.adoc b/LICENSE similarity index 100% rename from LICENSE.adoc rename to LICENSE diff --git a/download.json b/download.json index f0b9699..434ca93 100644 --- a/download.json +++ b/download.json @@ -1,11 +1,11 @@ { "resources": [ { - "url": "https://downloads.cloudbees.com/dsop-files/core-oc-files-40a611ede95284e1911ac85801ab5f27a7f4402ba16d65e1d44d31ce59ae0854.tar", + "url": "https://downloads.cloudbees.com/dsop-files/core-oc-files-0aefab0f8d3d18886ab7e143939eeec200a193b7de109941346886993646ad14.tar", "filename": "files.tar", "validation": { "type": "sha256", - "value": "40a611ede95284e1911ac85801ab5f27a7f4402ba16d65e1d44d31ce59ae0854" + "value": "0aefab0f8d3d18886ab7e143939eeec200a193b7de109941346886993646ad14" } } ] diff --git a/helm/requirements.lock b/helm/requirements.lock index cfe7684..f0c0b3b 100644 --- a/helm/requirements.lock +++ b/helm/requirements.lock @@ -9,4 +9,4 @@ dependencies: repository: https://charts.cloudbees.com/public/cloudbees version: 2.1.0 digest: sha256:b1cd3367672f5c35bdcff06f4a7d87f072f5f89f4e654a90aa199f3c1b939070 -generated: "2020-12-03T15:21:23.671272905Z" +generated: "2020-12-11T09:39:09.337984855Z" diff --git a/scripts/usr/local/bin/jenkins.sh b/scripts/usr/local/bin/jenkins.sh index 570c61e..0aaca5c 100644 --- a/scripts/usr/local/bin/jenkins.sh +++ b/scripts/usr/local/bin/jenkins.sh @@ -52,7 +52,7 @@ find /usr/share/jenkins/ref/ -type f -exec bash -c "copy_reference_file '{}'" \; # if `docker run` first argument start with `--` the user is passing jenkins launcher arguments if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then - eval "exec java ${JAVA_OPTS:-} -jar -Dcb.distributable.name=\"Docker Common CJE\" -Dcb.distributable.commit_sha=b91ce79ef06dbc1aafd7c750f19bc0083b6eca75 /usr/share/jenkins/jenkins.war $JENKINS_OPTS \"\$@\"" + eval "exec java ${JAVA_OPTS:-} -jar -Dcb.distributable.name=\"Docker Common CJE\" -Dcb.distributable.commit_sha=39e96b82ab7adf049eac0aacdb3c432f51abaf1b /usr/share/jenkins/jenkins.war $JENKINS_OPTS \"\$@\"" fi # As argument is not jenkins, assume user want to run his own process, for sample a `bash` shell to explore this image -- GitLab From f04aa1b82e1e8c3623e4e661b9a19106b5d9552e Mon Sep 17 00:00:00 2001 From: imontero Date: Tue, 5 Jan 2021 21:27:04 +0000 Subject: [PATCH 7/8] 2.263.1.2 --- Dockerfile | 14 +++++++------- Jenkinsfile | 2 -- download.json | 12 ------------ hardening_manifest.yaml | 23 +++++++++++++++++++++++ helm/requirements.lock | 4 ++-- scripts/usr/local/bin/jenkins.sh | 2 +- 6 files changed, 33 insertions(+), 24 deletions(-) delete mode 100644 Jenkinsfile delete mode 100644 download.json create mode 100644 hardening_manifest.yaml diff --git a/Dockerfile b/Dockerfile index 8f868e1..01bb305 100644 --- a/Dockerfile +++ b/Dockerfile @@ -41,9 +41,9 @@ ENTRYPOINT ["tini", "--", "/usr/local/bin/launch.sh"] HEALTHCHECK --interval=5m --timeout=3s \ CMD curl -fsL ${JENKINS_URL}/login || exit 1 -LABEL securitytxt="https://www.cloudbees.com/.well-known/security.txt" -LABEL release=39e96b82ab7adf049eac0aacdb3c432f51abaf1b -LABEL version=2.263.1.2 +# LABEL securitytxt="https://www.cloudbees.com/.well-known/security.txt" +# LABEL release=3011be3b5ab0e30ea7af04d1194f4d007a795ef5 +# LABEL version=2.263.1.2 ARG TARBALL=files.tar ADD ${TARBALL} / @@ -65,7 +65,7 @@ ENV VOLUME_SERVICE=http://localhost:31080 ENV TENANT=cjoc ENV JENKINS_VARIANT=cjoc -LABEL name="CloudBees CI Operation Center" \ - vendor="CloudBees, Inc." \ - summary="CloudBees CI is the continuous delivery platform architected for the enterprise" \ - description="This container image will deploy one instance of CloudBees CI Operations Center." +# LABEL name="CloudBees CI Operation Center" +# LABEL vendor="CloudBees, Inc." +# LABEL summary="CloudBees CI is the continuous delivery platform architected for the enterprise" +# LABEL description="This container image will deploy one instance of CloudBees CI Operations Center." diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index 05c1f6b..0000000 --- a/Jenkinsfile +++ /dev/null @@ -1,2 +0,0 @@ -@Library('DCCSCR@master') _ -dccscrPipeline(version: '2.263.1.2') diff --git a/download.json b/download.json deleted file mode 100644 index 434ca93..0000000 --- a/download.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "resources": [ - { - "url": "https://downloads.cloudbees.com/dsop-files/core-oc-files-0aefab0f8d3d18886ab7e143939eeec200a193b7de109941346886993646ad14.tar", - "filename": "files.tar", - "validation": { - "type": "sha256", - "value": "0aefab0f8d3d18886ab7e143939eeec200a193b7de109941346886993646ad14" - } - } - ] -} diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml new file mode 100644 index 0000000..265a91c --- /dev/null +++ b/hardening_manifest.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +name: cloudbees/core/core-oc +tags: +- "2.263.1.2" +- latest +labels: + org.opencontainers.image.title: core-oc + org.opencontainers.image.description: "CloudBees CI (core-oc subcomponent)" + org.opencontainers.image.licenses: proprietary + org.opencontainers.image.url: https://docs.cloudbees.com/docs/cloudbees-ci/ + org.opencontainers.image.vendor: CloudBees + org.opencontainers.image.version: "2.263.1.2" + mil.dso.ironbank.image.keywords: cicd + mil.dso.ironbank.image.type: commercial + mil.dso.ironbank.product.name: CloudBees CI +resources: +- filename: files.tar + url: https://downloads.cloudbees.com/dsop-files/core-oc-files-bde4ca940874c9026da7b3cd2ee0e27cd4eccee9ff71e272608c1404882cb231.tar + validation: + type: sha256 + value: bde4ca940874c9026da7b3cd2ee0e27cd4eccee9ff71e272608c1404882cb231 +maintainers: +- email: productivity-team@cloudbees.com diff --git a/helm/requirements.lock b/helm/requirements.lock index f0c0b3b..4b08a7f 100644 --- a/helm/requirements.lock +++ b/helm/requirements.lock @@ -8,5 +8,5 @@ dependencies: - name: cloudbees-sidecar-injector repository: https://charts.cloudbees.com/public/cloudbees version: 2.1.0 -digest: sha256:b1cd3367672f5c35bdcff06f4a7d87f072f5f89f4e654a90aa199f3c1b939070 -generated: "2020-12-11T09:39:09.337984855Z" +digest: sha256:996f7a1d8ae1bb7465e7df2865ef4521e1ebe3e10827d6544caebd4d0c811c23 +generated: "2020-11-02T17:56:50.500073-05:00" diff --git a/scripts/usr/local/bin/jenkins.sh b/scripts/usr/local/bin/jenkins.sh index 0aaca5c..7065848 100644 --- a/scripts/usr/local/bin/jenkins.sh +++ b/scripts/usr/local/bin/jenkins.sh @@ -52,7 +52,7 @@ find /usr/share/jenkins/ref/ -type f -exec bash -c "copy_reference_file '{}'" \; # if `docker run` first argument start with `--` the user is passing jenkins launcher arguments if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then - eval "exec java ${JAVA_OPTS:-} -jar -Dcb.distributable.name=\"Docker Common CJE\" -Dcb.distributable.commit_sha=39e96b82ab7adf049eac0aacdb3c432f51abaf1b /usr/share/jenkins/jenkins.war $JENKINS_OPTS \"\$@\"" + eval "exec java ${JAVA_OPTS:-} -jar -Dcb.distributable.name=\"Docker Common CJE\" -Dcb.distributable.commit_sha=3011be3b5ab0e30ea7af04d1194f4d007a795ef5 /usr/share/jenkins/jenkins.war $JENKINS_OPTS \"\$@\"" fi # As argument is not jenkins, assume user want to run his own process, for sample a `bash` shell to explore this image -- GitLab From a968b6d23d0059e0b9f850f20fbeb2ff54145f07 Mon Sep 17 00:00:00 2001 From: imontero Date: Thu, 4 Feb 2021 10:28:33 +0000 Subject: [PATCH 8/8] 2.263.2.4-ra --- Dockerfile | 8 +-- README.md | 8 +-- hardening_manifest.yaml | 14 +++-- helm/Chart.yaml | 5 +- helm/README-template.md | 6 +-- helm/README.md | 6 +-- helm/templates/_helpers.tpl | 52 +++++++++++++++++++ helm/templates/cjoc-ingress.yaml | 13 ++--- ...master-hibernation-monitor-deployment.yaml | 8 +++ ...ed-master-hibernation-monitor-ingress.yaml | 18 ++++--- helm/values.yaml | 12 +++-- scripts/usr/local/bin/jenkins.sh | 2 +- 12 files changed, 113 insertions(+), 39 deletions(-) diff --git a/Dockerfile b/Dockerfile index 01bb305..019bd21 100644 --- a/Dockerfile +++ b/Dockerfile @@ -42,11 +42,11 @@ HEALTHCHECK --interval=5m --timeout=3s \ CMD curl -fsL ${JENKINS_URL}/login || exit 1 # LABEL securitytxt="https://www.cloudbees.com/.well-known/security.txt" -# LABEL release=3011be3b5ab0e30ea7af04d1194f4d007a795ef5 -# LABEL version=2.263.1.2 +# LABEL release=69f7102311718b7e0fbed31edb877f1352ca5cf1 +# LABEL version=2.263.2.4-ra -ARG TARBALL=files.tar -ADD ${TARBALL} / +COPY files.tar /tmp +RUN cd / && tar xvf /tmp/files.tar && rm /tmp/files.tar COPY scripts/ / RUN chmod +x /usr/local/bin/*.sh && \ diff --git a/README.md b/README.md index 2d5baa8..b77c12b 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ CloudBees CI (formerly known as _CloudBees Core_) consists of three Docker image For each image, all files other than UBI and native packages are included in a `files.tar` marked with a SHA-256 checksum. -A version of CloudBees CI is given in the format `2.263.1.2` +A version of CloudBees CI is given in the format `2.263.2.4-ra` where the first three components are aligned with a Jenkins LTS. The Helm chart is coversioned with `core-oc`. The `core-mm` image typically shares the same version, @@ -22,13 +22,13 @@ plus whatever other customizations are desired: ```yaml OperationsCenter: Image: - dockerImage: your-registry/core-oc:2.263.1.2 + dockerImage: your-registry/core-oc:2.263.2.4-ra Master: Image: - dockerImage: your-registry/core-mm:2.263.1.2 + dockerImage: your-registry/core-mm:2.263.2.4-ra Agents: Image: - dockerImage: your-registry/agent:2.263.1.2 + dockerImage: your-registry/agent:2.263.2.4-ra ``` and [install via Helm 3](https://docs.cloudbees.com/docs/cloudbees-core/latest/kubernetes-install-guide/installing-kubernetes-using-helm) using the local copy of the chart: diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 265a91c..b128c48 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -1,23 +1,27 @@ apiVersion: v1 name: cloudbees/core/core-oc tags: -- "2.263.1.2" +- "2.263.2.4-ra" - latest labels: - org.opencontainers.image.title: core-oc + org.opencontainers.image.title: "core-oc" org.opencontainers.image.description: "CloudBees CI (core-oc subcomponent)" org.opencontainers.image.licenses: proprietary org.opencontainers.image.url: https://docs.cloudbees.com/docs/cloudbees-ci/ org.opencontainers.image.vendor: CloudBees - org.opencontainers.image.version: "2.263.1.2" + org.opencontainers.image.version: "2.263.2.4-ra" mil.dso.ironbank.image.keywords: cicd mil.dso.ironbank.image.type: commercial mil.dso.ironbank.product.name: CloudBees CI +args: + BASE_IMAGE: "redhat/openjdk/openjdk8-devel" + BASE_TAG: "1.8.0" resources: - filename: files.tar - url: https://downloads.cloudbees.com/dsop-files/core-oc-files-bde4ca940874c9026da7b3cd2ee0e27cd4eccee9ff71e272608c1404882cb231.tar + url: https://downloads.cloudbees.com/dsop-files/core-oc-files-fdaeb7127afa7670743296125be0d1782e152c6ec14bca5e62ec69ef5d667901.tar validation: type: sha256 - value: bde4ca940874c9026da7b3cd2ee0e27cd4eccee9ff71e272608c1404882cb231 + value: "fdaeb7127afa7670743296125be0d1782e152c6ec14bca5e62ec69ef5d667901" maintainers: - email: productivity-team@cloudbees.com +- email: andre.maksymowicz@centauricorp.com diff --git a/helm/Chart.yaml b/helm/Chart.yaml index df2528f..da8ccfd 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,9 +1,8 @@ name: cloudbees-core home: https://www.cloudbees.com/products/continuous-integration apiVersion: v1 -appVersion: 2.263.1.2 -version: 3.24.1 -kubeVersion: ^1.14.0-0 +appVersion: 2.263.2.3 +version: 3.25.3 description: Enterprise Continuous Integration with Jenkins icon: https://images.ctfassets.net/vtn4rfaw6n2j/7xprMMXARXDBuVxW4y8XfV/349fff91035050e3f2a8ff37bc0615b5/cloudbees-core-logo_header.svg keywords: diff --git a/helm/README-template.md b/helm/README-template.md index 9614196..b86f7f9 100644 --- a/helm/README-template.md +++ b/helm/README-template.md @@ -1,6 +1,6 @@ # cloudbees-core -![Version: 3.24.1](https://img.shields.io/badge/Version-3.24.1-informational?style=flat-square) ![AppVersion: 2.263.1.2](https://img.shields.io/badge/AppVersion-2.263.1.2-informational?style=flat-square) +![Version: 3.25.3](https://img.shields.io/badge/Version-3.25.3-informational?style=flat-square) ![AppVersion: 2.263.2.3](https://img.shields.io/badge/AppVersion-2.263.2.3-informational?style=flat-square) [CloudBees CI](https://www.cloudbees.com/products/continuous-integration) is the continuous integration platform architected for the enterprise. It provides: @@ -26,8 +26,6 @@ This chart bootstraps a CloudBees CI deployment on a [Kubernetes](http://kuberne ## Requirements -Kubernetes: `^1.14.0-0` - | Repository | Name | Version | |------------|------|---------| | https://charts.cloudbees.com/public/cloudbees | cloudbees-sidecar-injector | 2.1.0 | @@ -119,6 +117,8 @@ CloudBees provides complete and more detailed installation and operation documen | Hibernation.Image.dockerImage | string | `"cloudbees/managed-master-hibernation-monitor:230.ee066a318539"` | Used to override the default docker image | | Hibernation.Image.dockerPullPolicy | string | `nil` | Used to override the default pull policy | | Hibernation.ImagePullSecrets | string | `nil` | Name of image pull secret to pull private Docker images or an array of image pull secrets | +| Hibernation.NodeSelector | object | `{}` | Node labels and tolerations for pod assignment ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector | +| Hibernation.Tolerations | list | `[]` | Specify tolerations for the Hibernation Monitor pod. See [documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | | Master.Enabled | bool | `true` | Whether to create the resources required to schedule masters. | | Master.Image.dockerImage | string | `"@@IMAGE_PREFIX@@/core-mm:@@IMAGE_TAG@@"` | Used to override the default docker image | | Master.JavaOpts | string | `nil` | Additional Java options to pass to managed masters. For example, setting up a JMX port | diff --git a/helm/README.md b/helm/README.md index 19f19e2..dd51b08 100644 --- a/helm/README.md +++ b/helm/README.md @@ -1,6 +1,6 @@ # cloudbees-core -![Version: 3.24.1](https://img.shields.io/badge/Version-3.24.1-informational?style=flat-square) ![AppVersion: 2.263.1.2](https://img.shields.io/badge/AppVersion-2.263.1.2-informational?style=flat-square) +![Version: 3.25.3](https://img.shields.io/badge/Version-3.25.3-informational?style=flat-square) ![AppVersion: 2.263.2.3](https://img.shields.io/badge/AppVersion-2.263.2.3-informational?style=flat-square) [CloudBees CI](https://www.cloudbees.com/products/continuous-integration) is the continuous integration platform architected for the enterprise. It provides: @@ -26,8 +26,6 @@ This chart bootstraps a CloudBees CI deployment on a [Kubernetes](http://kuberne ## Requirements -Kubernetes: `^1.14.0-0` - | Repository | Name | Version | |------------|------|---------| | https://charts.cloudbees.com/public/cloudbees | cloudbees-sidecar-injector | 2.1.0 | @@ -119,6 +117,8 @@ CloudBees provides complete and more detailed installation and operation documen | Hibernation.Image.dockerImage | string | `"cloudbees/managed-master-hibernation-monitor:230.ee066a318539"` | Used to override the default docker image | | Hibernation.Image.dockerPullPolicy | string | `nil` | Used to override the default pull policy | | Hibernation.ImagePullSecrets | string | `nil` | Name of image pull secret to pull private Docker images or an array of image pull secrets | +| Hibernation.NodeSelector | object | `{}` | Node labels and tolerations for pod assignment ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector | +| Hibernation.Tolerations | list | `[]` | Specify tolerations for the Hibernation Monitor pod. See [documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | | Master.Enabled | bool | `true` | Whether to create the resources required to schedule masters. | | Master.Image.dockerImage | string | `"test/core-mm:latest"` | Used to override the default docker image | | Master.JavaOpts | string | `nil` | Additional Java options to pass to managed masters. For example, setting up a JMX port | diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl index 6df1523..18a400c 100644 --- a/helm/templates/_helpers.tpl +++ b/helm/templates/_helpers.tpl @@ -6,6 +6,13 @@ Expand the name of the chart. {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Full name of the release +*/}} +{{- define "cloudbees-core.fullname" -}} +{{ printf "%s-%s" .Release.Name .Release.Namespace | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* Create chart name and version as used by the chart label. */}} @@ -133,6 +140,48 @@ Expected Operations Center URL. Always ends with a trailing slash. {{- template "oc.protocol" . -}}://{{ include "oc.hostname" . }}{{ include "oc.contextpath" . }}/ {{- end -}} +{{- define "ingress.annotations" -}} +{{ toYaml .Values.OperationsCenter.Ingress.Annotations }} +{{- if .Values.OperationsCenter.Ingress.Class }} +kubernetes.io/ingress.class: {{ .Values.OperationsCenter.Ingress.Class }} +{{- end }} +{{- if eq .Values.OperationsCenter.Platform "eks" }} + {{- if eq (include "oc.protocol" .) "https" }} +alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}, {"HTTPS":443}]' +alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + {{- end }} + {{- if not (eq (include "oc.contextpath" .) "") }} +alb.ingress.kubernetes.io/actions.root-redirect: '{"Type": "redirect", "RedirectConfig": { "Path":{{ include "ingress.root-redirect" . | quote }}, "StatusCode": "HTTP_301"}}' + {{- end }} +alb.ingress.kubernetes.io/group.name: {{ include "cloudbees-core.fullname" .}} +alb.ingress.kubernetes.io/target-type: ip +{{- end }} +{{- if not (include "cloudbees-core.is-openshift" .) }} +nginx.ingress.kubernetes.io/ssl-redirect: "{{- template "ingress.ssl_redirect" . }}" +{{- end }} +{{- end }} + +{{- define "ingress.root-redirect" -}} +{{ include "oc.contextpath" . }}/teams-check/ +{{- end }} + +{{- define "ingress.redirect-rules" -}} +{{- if eq .Values.OperationsCenter.Platform "eks" }} + {{- if eq (include "oc.protocol" .) "https" }} +- path: /* + backend: + serviceName: ssl-redirect + servicePort: use-annotation + {{- end }} + {{- if not (eq (include "oc.contextpath" .) "") }} +- path: / + backend: + serviceName: root-redirect + servicePort: use-annotation + {{- end }} +{{- end }} +{{- end }} + {{- define "ingress.apiGroup" -}} {{- if ge (atoi (.Capabilities.KubeVersion.Minor)) 15 -}} networking.k8s.io @@ -413,6 +462,9 @@ status: {{- end -}} {{- define "ingress.check" -}} +{{- if not (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress") }} + {{ fail "\n\nERROR: Kubernetes 1.14 or later is required to use Ingress in networking.k8s.io/v1beta1" }} +{{- end -}} {{- if and (index .Values "nginx-ingress" "Enabled") (index .Values "ingress-nginx" "Enabled") -}} {{ fail "\n\nERROR: Only one of nginx-ingress.Enabled or ingress-nginx.Enabled may be true" }} {{- end -}} diff --git a/helm/templates/cjoc-ingress.yaml b/helm/templates/cjoc-ingress.yaml index 60ee882..123a793 100644 --- a/helm/templates/cjoc-ingress.yaml +++ b/helm/templates/cjoc-ingress.yaml @@ -8,13 +8,9 @@ metadata: labels: {{ include "cloudbees-core.labels" . | indent 4 }} annotations: -{{ toYaml .Values.OperationsCenter.Ingress.Annotations | indent 4 }} -{{ if .Values.OperationsCenter.Ingress.Class }} - kubernetes.io/ingress.class: {{ .Values.OperationsCenter.Ingress.Class }} -{{- end }} +{{ include "ingress.annotations" . | indent 4 }} {{- if not (include "cloudbees-core.is-openshift" .) }} - nginx.ingress.kubernetes.io/app-root: "{{ template "oc.contextpath" . }}/teams-check/" - nginx.ingress.kubernetes.io/ssl-redirect: "{{- template "ingress.ssl_redirect" . }}" + nginx.ingress.kubernetes.io/app-root: {{ include "ingress.root-redirect" . | quote }} # "413 Request Entity Too Large" uploading plugins, increase client_max_body_size nginx.ingress.kubernetes.io/proxy-body-size: 50m nginx.ingress.kubernetes.io/proxy-request-buffering: "off" @@ -27,10 +23,15 @@ spec: {{- end }} http: paths: +{{- include "ingress.redirect-rules" . | indent 6 }} - path: {{ include "oc.contextpath" . }} backend: serviceName: cjoc servicePort: {{ .Values.OperationsCenter.ServicePort }} + - path: {{ include "oc.contextpath" . }}/* + backend: + serviceName: cjoc + servicePort: {{ .Values.OperationsCenter.ServicePort }} {{- if .Values.OperationsCenter.Ingress.tls.Enable }} tls: - hosts: diff --git a/helm/templates/managed-master-hibernation-monitor-deployment.yaml b/helm/templates/managed-master-hibernation-monitor-deployment.yaml index 25b5a96..b8b28ca 100644 --- a/helm/templates/managed-master-hibernation-monitor-deployment.yaml +++ b/helm/templates/managed-master-hibernation-monitor-deployment.yaml @@ -72,4 +72,12 @@ spec: memory: 250Mi serviceAccountName: {{ .Values.rbac.hibernationMonitorServiceAccountName }} enableServiceLinks: false + {{- if .Values.Hibernation.NodeSelector }} + nodeSelector: +{{ toYaml .Values.Hibernation.NodeSelector | indent 8 }} + {{- end }} + {{- if .Values.Hibernation.Tolerations }} + tolerations: +{{ toYaml .Values.Hibernation.Tolerations | indent 8 }} + {{- end }} {{- end -}} diff --git a/helm/templates/managed-master-hibernation-monitor-ingress.yaml b/helm/templates/managed-master-hibernation-monitor-ingress.yaml index 3e3b8eb..f1ee17e 100644 --- a/helm/templates/managed-master-hibernation-monitor-ingress.yaml +++ b/helm/templates/managed-master-hibernation-monitor-ingress.yaml @@ -7,11 +7,7 @@ metadata: labels: {{ include "cloudbees-core.labels" . | indent 4 }} annotations: -{{ toYaml .Values.OperationsCenter.Ingress.Annotations | indent 4 }} -{{ if .Values.OperationsCenter.Ingress.Class }} - kubernetes.io/ingress.class: {{ .Values.OperationsCenter.Ingress.Class }} -{{- end }} - nginx.ingress.kubernetes.io/ssl-redirect: "{{- template "ingress.ssl_redirect" . }}" +{{ include "ingress.annotations" . | indent 4 }} spec: rules: - @@ -20,11 +16,19 @@ spec: {{- end }} http: paths: - - path: /hibernation + - path: /hibernation/ns/{{ .Release.Namespace }}/ + backend: + serviceName: managed-master-hibernation-monitor + servicePort: 80 + - path: /hibernation/ns/{{ .Release.Namespace }}/* + backend: + serviceName: managed-master-hibernation-monitor + servicePort: 80 + - path: /hibernation/ backend: serviceName: managed-master-hibernation-monitor servicePort: 80 - - path: /hibernation/ns/{{ .Release.Namespace }} + - path: /hibernation/* backend: serviceName: managed-master-hibernation-monitor servicePort: 80 diff --git a/helm/values.yaml b/helm/values.yaml index daaca64..e04ee07 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -50,7 +50,7 @@ OperationsCenter: # Operations Center docker image Image: # OperationsCenter.Image.dockerImage -- Container image to use for Operations Center - dockerImage: dcar/core-oc:2.263.1.2 + dockerImage: dcar/core-oc:2.263.2.4-ra # OperationsCenter.Image.dockerPullPolicy -- https://kubernetes.io/docs/concepts/containers/images/#updating-images dockerPullPolicy: null @@ -241,7 +241,7 @@ Master: # Docker image inserted in Operations Center automatically Image: # Master.Image.dockerImage -- Used to override the default docker image - dockerImage: dcar/core-mm:2.263.1.2 + dockerImage: dcar/core-mm:2.263.2.4-ra # Master.JavaOpts -- Additional Java options to pass to managed masters. For example, setting up a JMX port JavaOpts: null @@ -258,7 +258,7 @@ Agents: Create: false Image: # Agents.Image.dockerImage -- Used to override the default docker image used for agents - dockerImage: dcar/agent:2.263.1.2 + dockerImage: dcar/agent:2.263.2.4-ra # Image pull secrets # Enable this option when using a private registry. # https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line @@ -302,6 +302,12 @@ Hibernation: # https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line # Hibernation.ImagePullSecrets -- Name of image pull secret to pull private Docker images or an array of image pull secrets ImagePullSecrets: null + # Hibernation.NodeSelector -- Node labels and tolerations for pod assignment + # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + NodeSelector: {} + # Hibernation.Tolerations -- Specify tolerations for the Hibernation Monitor pod. + # See [documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) + Tolerations: [] PodSecurityPolicy: # Requires rbac.installCluster = true diff --git a/scripts/usr/local/bin/jenkins.sh b/scripts/usr/local/bin/jenkins.sh index 7065848..e82afca 100644 --- a/scripts/usr/local/bin/jenkins.sh +++ b/scripts/usr/local/bin/jenkins.sh @@ -52,7 +52,7 @@ find /usr/share/jenkins/ref/ -type f -exec bash -c "copy_reference_file '{}'" \; # if `docker run` first argument start with `--` the user is passing jenkins launcher arguments if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then - eval "exec java ${JAVA_OPTS:-} -jar -Dcb.distributable.name=\"Docker Common CJE\" -Dcb.distributable.commit_sha=3011be3b5ab0e30ea7af04d1194f4d007a795ef5 /usr/share/jenkins/jenkins.war $JENKINS_OPTS \"\$@\"" + eval "exec java ${JAVA_OPTS:-} -jar -Dcb.distributable.name=\"Docker Common CJE\" -Dcb.distributable.commit_sha=69f7102311718b7e0fbed31edb877f1352ca5cf1 /usr/share/jenkins/jenkins.war $JENKINS_OPTS \"\$@\"" fi # As argument is not jenkins, assume user want to run his own process, for sample a `bash` shell to explore this image -- GitLab