Oops! This page doesn't exist. Try going back to our home page.
- -You can learn how to make a 404 page like this in Custom 404 Pages.
-
-
-
- Some of the problems we want to solve:
-
Text can be bold, italic, or strikethrough. Links should be blue with no underlines (unless hovered over).
There should be whitespace between paragraphs. There should be whitespace between paragraphs. There should be whitespace between paragraphs. There should be whitespace between paragraphs.
- -There should be whitespace between paragraphs. There should be whitespace between paragraphs. There should be whitespace between paragraphs. There should be whitespace between paragraphs.
- --- -There should be no margin above this first sentence.
- -Blockquotes should be a lighter gray with a border along the left side in the secondary color.
- -There should be no margin below this final sentence.
-
This is a normal paragraph following a header. Bacon ipsum dolor sit amet t-bone doner shank drumstick, pork belly porchetta chuck sausage brisket ham hock rump pig. Chuck kielbasa leberkas, pork bresaola ham hock filet mignon cow shoulder short ribs biltong. Bacon ipsum dolor sit amet t-bone doner shank drumstick, pork belly porchetta chuck sausage brisket ham hock rump pig. Chuck kielbasa leberkas, pork bresaola ham hock filet mignon cow shoulder short ribs biltong. Bacon ipsum dolor sit amet t-bone doner shank drumstick, pork belly porchetta chuck sausage brisket ham hock rump pig. Chuck kielbasa leberkas, pork bresaola ham hock filet mignon cow shoulder short ribs biltong.
- -Bacon ipsum dolor sit amet t-bone doner shank drumstick, pork belly porchetta chuck sausage brisket ham hock rump pig. Chuck kielbasa leberkas, pork bresaola ham hock filet mignon cow shoulder short ribs biltong.
- -On big screens, paragraphs and headings should not take up the full container width, but we want tables, code blocks and similar to take the full width.
- -Lorem markdownum tuta hospes stabat; idem saxum facit quaterque repetito -occumbere, oves novem gestit haerebat frena; qui. Respicit recurvam erat: -pignora hinc reppulit nos aut, aptos, ipsa.
- -Meae optatos passa est Epiros utiliter Talibus niveis, hoc lata, edidit. -Dixi ad aestum.
- --- -This is a blockquote following a header. Bacon ipsum dolor sit amet t-bone doner shank drumstick, pork belly porchetta chuck sausage brisket ham hock rump pig. Chuck kielbasa leberkas, pork bresaola ham hock filet mignon cow shoulder short ribs biltong.
-
This is a code block following a header.| What | -Follows | -
|---|---|
| A table | -A header | -
| A table | -A header | -
| A table | -A header | -
There’s a horizontal rule above and below this.
- -Here is an unordered list:
- -And an ordered list:
- -And an unordered task list:
- -And a “mixed” task list:
- -And a nested list:
- -Definition lists can be used with Markdown syntax. Definition terms are bold.
- -Tables should have bold headings and alternating shaded rows.
- -| Artist | -Album | -Year | -
|---|---|---|
| Michael Jackson | -Thriller | -1982 | -
| Prince | -Purple Rain | -1984 | -
| Beastie Boys | -License to Ill | -1986 | -
If a table is too wide, it should scroll horizontally.
- -| Artist | -Album | -Year | -Label | -Awards | -Songs | -
|---|---|---|---|---|---|
| Michael Jackson | -Thriller | -1982 | -Epic Records | -Grammy Award for Album of the Year, American Music Award for Favorite Pop/Rock Album, American Music Award for Favorite Soul/R&B Album, Brit Award for Best Selling Album, Grammy Award for Best Engineered Album, Non-Classical | -Wanna Be Startin’ Somethin’, Baby Be Mine, The Girl Is Mine, Thriller, Beat It, Billie Jean, Human Nature, P.Y.T. (Pretty Young Thing), The Lady in My Life | -
| Prince | -Purple Rain | -1984 | -Warner Brothers Records | -Grammy Award for Best Score Soundtrack for Visual Media, American Music Award for Favorite Pop/Rock Album, American Music Award for Favorite Soul/R&B Album, Brit Award for Best Soundtrack/Cast Recording, Grammy Award for Best Rock Performance by a Duo or Group with Vocal | -Let’s Go Crazy, Take Me With U, The Beautiful Ones, Computer Blue, Darling Nikki, When Doves Cry, I Would Die 4 U, Baby I’m a Star, Purple Rain | -
| Beastie Boys | -License to Ill | -1986 | -Mercury Records | -noawardsbutthistablecelliswide | -Rhymin & Stealin, The New Style, She’s Crafty, Posse in Effect, Slow Ride, Girls, (You Gotta) Fight for Your Right, No Sleep Till Brooklyn, Paul Revere, Hold It Now, Hit It, Brass Monkey, Slow and Low, Time to Get Ill | -
Code snippets like var foo = "bar"; can be shown inline.
Also, this should vertically align with thisand this.
Code can also be shown in a block element.
-foo := "bar";
-bar := "foo";Code can also use syntax highlighting.
-func main() {
- input := `var foo = "bar";`
-
- lexer := lexers.Get("javascript")
- iterator, _ := lexer.Tokenise(nil, input)
- style := styles.Get("github")
- formatter := html.New(html.WithLineNumbers())
-
- var buff bytes.Buffer
- formatter.Format(&buff, style, iterator)
-
- fmt.Println(buff.String())
-}Long, single-line code blocks should not wrap. They should horizontally scroll if they are too long. This line should be long enough to demonstrate this.Inline code inside table cells should still be distinguishable.
- -| Language | -Code | -
|---|---|
| Javascript | -var foo = "bar"; |
-
| Ruby | -foo = "bar"{ |
-
Small images should be shown at their actual size.
- -Large images should always scale down and fit in the content container.
- -- -
Add some sections here to see how the ToC looks like. Bacon ipsum dolor sit amet t-bone doner shank drumstick, pork belly porchetta chuck sausage brisket ham hock rump pig. Chuck kielbasa leberkas, pork bresaola ham hock filet mignon cow shoulder short ribs biltong.
- -Bacon ipsum dolor sit amet t-bone doner shank drumstick, pork belly porchetta chuck sausage brisket ham hock rump pig. Chuck kielbasa leberkas, pork bresaola ham hock filet mignon cow shoulder short ribs biltong.
- -Bacon ipsum dolor sit amet t-bone doner shank drumstick, pork belly porchetta chuck sausage brisket ham hock rump pig. Chuck kielbasa leberkas, pork bresaola ham hock filet mignon cow shoulder short ribs biltong.
- -Bacon ipsum dolor sit amet t-bone doner shank drumstick, pork belly porchetta chuck sausage brisket ham hock rump pig. Chuck kielbasa leberkas, pork bresaola ham hock filet mignon cow shoulder short ribs biltong.
- -Bacon ipsum dolor sit amet t-bone doner shank drumstick, pork belly porchetta chuck sausage brisket ham hock rump pig. Chuck kielbasa leberkas, pork bresaola ham hock filet mignon cow shoulder short ribs biltong.
- -Bacon ipsum dolor sit amet t-bone doner shank drumstick, pork belly porchetta chuck sausage brisket ham hock rump pig. Chuck kielbasa leberkas, pork bresaola ham hock filet mignon cow shoulder short ribs biltong.
- -Bacon ipsum dolor sit amet t-bone doner shank drumstick, pork belly porchetta chuck sausage brisket ham hock rump pig. Chuck kielbasa leberkas, pork bresaola ham hock filet mignon cow shoulder short ribs biltong.
- -Bacon ipsum dolor sit amet t-bone doner shank drumstick, pork belly porchetta chuck sausage brisket ham hock rump pig. Chuck kielbasa leberkas, pork bresaola ham hock filet mignon cow shoulder short ribs biltong.
-This is the final element on the page and there should be no margin below this.This is a typical blog post that includes images.
- -The front matter specifies the date of the blog post, its title, a short description that will be displayed on the blog landing page, and its author.
- -Here’s an image (featured-sunset-get.png) that includes a byline and a caption.
-
-
-Fetch and scale an image in the upcoming Hugo 0.43.
-
Photo: Riona MacNamara / CC-BY-CA
The front matter of this post specifies properties to be assigned to all image resources:
-resources:
-- src: "**.{png,jpg}"
- title: "Image #:counter"
- params:
- byline: "Photo: Riona MacNamara / CC-BY-CA"To include the image in a page, specify its details like this:
-
-
-
-
-
-
-
-
-
-
-
-
-Fetch and scale an image in the upcoming Hugo 0.43.
-
Photo: Riona MacNamara / CC-BY-CA
-
-
-The image will be rendered at the size and byline specified in the front matter.
- - - -Text can be bold, italic, or strikethrough. Links should be blue with no underlines (unless hovered over).
There should be whitespace between paragraphs. There should be whitespace between paragraphs. There should be whitespace between paragraphs. There should be whitespace between paragraphs.
- -There should be whitespace between paragraphs. There should be whitespace between paragraphs. There should be whitespace between paragraphs. There should be whitespace between paragraphs.
- --- -There should be no margin above this first sentence.
- -Blockquotes should be a lighter gray with a border along the left side in the secondary color.
- -There should be no margin below this final sentence.
-
This is a normal paragraph following a header. Bacon ipsum dolor sit amet t-bone doner shank drumstick, pork belly porchetta chuck sausage brisket ham hock rump pig. Chuck kielbasa leberkas, pork bresaola ham hock filet mignon cow shoulder short ribs biltong. Bacon ipsum dolor sit amet t-bone doner shank drumstick, pork belly porchetta chuck sausage brisket ham hock rump pig. Chuck kielbasa leberkas, pork bresaola ham hock filet mignon cow shoulder short ribs biltong. Bacon ipsum dolor sit amet t-bone doner shank drumstick, pork belly porchetta chuck sausage brisket ham hock rump pig. Chuck kielbasa leberkas, pork bresaola ham hock filet mignon cow shoulder short ribs biltong.
- -Bacon ipsum dolor sit amet t-bone doner shank drumstick, pork belly porchetta chuck sausage brisket ham hock rump pig. Chuck kielbasa leberkas, pork bresaola ham hock filet mignon cow shoulder short ribs biltong.
- -On big screens, paragraphs and headings should not take up the full container width, but we want tables, code blocks and similar to take the full width.
- -Lorem markdownum tuta hospes stabat; idem saxum facit quaterque repetito -occumbere, oves novem gestit haerebat frena; qui. Respicit recurvam erat: -pignora hinc reppulit nos aut, aptos, ipsa.
- -Meae optatos passa est Epiros utiliter Talibus niveis, hoc lata, edidit. -Dixi ad aestum.
- --- -This is a blockquote following a header. Bacon ipsum dolor sit amet t-bone doner shank drumstick, pork belly porchetta chuck sausage brisket ham hock rump pig. Chuck kielbasa leberkas, pork bresaola ham hock filet mignon cow shoulder short ribs biltong.
-
This is a code block following a header.| What | -Follows | -
|---|---|
| A table | -A header | -
| A table | -A header | -
| A table | -A header | -
There’s a horizontal rule above and below this.
- -Here is an unordered list:
- -And an ordered list:
- -And an unordered task list:
- -And a “mixed” task list:
- -And a nested list:
- -Definition lists can be used with Markdown syntax. Definition terms are bold.
- -Tables should have bold headings and alternating shaded rows.
- -| Artist | -Album | -Year | -
|---|---|---|
| Michael Jackson | -Thriller | -1982 | -
| Prince | -Purple Rain | -1984 | -
| Beastie Boys | -License to Ill | -1986 | -
If a table is too wide, it should scroll horizontally.
- -| Artist | -Album | -Year | -Label | -Awards | -Songs | -
|---|---|---|---|---|---|
| Michael Jackson | -Thriller | -1982 | -Epic Records | -Grammy Award for Album of the Year, American Music Award for Favorite Pop/Rock Album, American Music Award for Favorite Soul/R&B Album, Brit Award for Best Selling Album, Grammy Award for Best Engineered Album, Non-Classical | -Wanna Be Startin’ Somethin’, Baby Be Mine, The Girl Is Mine, Thriller, Beat It, Billie Jean, Human Nature, P.Y.T. (Pretty Young Thing), The Lady in My Life | -
| Prince | -Purple Rain | -1984 | -Warner Brothers Records | -Grammy Award for Best Score Soundtrack for Visual Media, American Music Award for Favorite Pop/Rock Album, American Music Award for Favorite Soul/R&B Album, Brit Award for Best Soundtrack/Cast Recording, Grammy Award for Best Rock Performance by a Duo or Group with Vocal | -Let’s Go Crazy, Take Me With U, The Beautiful Ones, Computer Blue, Darling Nikki, When Doves Cry, I Would Die 4 U, Baby I’m a Star, Purple Rain | -
| Beastie Boys | -License to Ill | -1986 | -Mercury Records | -noawardsbutthistablecelliswide | -Rhymin & Stealin, The New Style, She’s Crafty, Posse in Effect, Slow Ride, Girls, (You Gotta) Fight for Your Right, No Sleep Till Brooklyn, Paul Revere, Hold It Now, Hit It, Brass Monkey, Slow and Low, Time to Get Ill | -
Code snippets like var foo = "bar"; can be shown inline.
Also, this should vertically align with thisand this.
Code can also be shown in a block element.
-foo := "bar";
-bar := "foo";Code can also use syntax highlighting.
-func main() {
- input := `var foo = "bar";`
-
- lexer := lexers.Get("javascript")
- iterator, _ := lexer.Tokenise(nil, input)
- style := styles.Get("github")
- formatter := html.New(html.WithLineNumbers())
-
- var buff bytes.Buffer
- formatter.Format(&buff, style, iterator)
-
- fmt.Println(buff.String())
-}Long, single-line code blocks should not wrap. They should horizontally scroll if they are too long. This line should be long enough to demonstrate this.Inline code inside table cells should still be distinguishable.
- -| Language | -Code | -
|---|---|
| Javascript | -var foo = "bar"; |
-
| Ruby | -foo = "bar"{ |
-
Small images should be shown at their actual size.
- -Large images should always scale down and fit in the content container.
- -- -
Add some sections here to see how the ToC looks like. Bacon ipsum dolor sit amet t-bone doner shank drumstick, pork belly porchetta chuck sausage brisket ham hock rump pig. Chuck kielbasa leberkas, pork bresaola ham hock filet mignon cow shoulder short ribs biltong.
- -Bacon ipsum dolor sit amet t-bone doner shank drumstick, pork belly porchetta chuck sausage brisket ham hock rump pig. Chuck kielbasa leberkas, pork bresaola ham hock filet mignon cow shoulder short ribs biltong.
- -Bacon ipsum dolor sit amet t-bone doner shank drumstick, pork belly porchetta chuck sausage brisket ham hock rump pig. Chuck kielbasa leberkas, pork bresaola ham hock filet mignon cow shoulder short ribs biltong.
- -Bacon ipsum dolor sit amet t-bone doner shank drumstick, pork belly porchetta chuck sausage brisket ham hock rump pig. Chuck kielbasa leberkas, pork bresaola ham hock filet mignon cow shoulder short ribs biltong.
- -Bacon ipsum dolor sit amet t-bone doner shank drumstick, pork belly porchetta chuck sausage brisket ham hock rump pig. Chuck kielbasa leberkas, pork bresaola ham hock filet mignon cow shoulder short ribs biltong.
- -Bacon ipsum dolor sit amet t-bone doner shank drumstick, pork belly porchetta chuck sausage brisket ham hock rump pig. Chuck kielbasa leberkas, pork bresaola ham hock filet mignon cow shoulder short ribs biltong.
- -Bacon ipsum dolor sit amet t-bone doner shank drumstick, pork belly porchetta chuck sausage brisket ham hock rump pig. Chuck kielbasa leberkas, pork bresaola ham hock filet mignon cow shoulder short ribs biltong.
- -Bacon ipsum dolor sit amet t-bone doner shank drumstick, pork belly porchetta chuck sausage brisket ham hock rump pig. Chuck kielbasa leberkas, pork bresaola ham hock filet mignon cow shoulder short ribs biltong.
-This is the final element on the page and there should be no margin below this.Saturday, October 06, 2018 in News
- - - - - - -Text can be bold, italic, or strikethrough. Links should be blue with no underlines (unless hovered over). -There should be whitespace between paragraphs. There should be whitespace between paragraphs. There should be whitespace between paragraphs. …
- -Saturday, October 06, 2018 in News
- - - - - - - -
-
- This is a typical blog post that includes images. -The front matter specifies the date of the blog post, its title, a short description that will be displayed on the blog landing page, and its author. -Including images Here’s an image …
- -Thursday, January 04, 2018 in Releases
- - - - - - -Text can be bold, italic, or strikethrough. Links should be blue with no underlines (unless hovered over). -There should be whitespace between paragraphs. There should be whitespace between paragraphs. There should be whitespace between paragraphs. …
- -Saturday, October 06, 2018 in News
- - - - - - -Text can be bold, italic, or strikethrough. Links should be blue with no underlines (unless hovered over). -There should be whitespace between paragraphs. There should be whitespace between paragraphs. There should be whitespace between paragraphs. …
- -Saturday, October 06, 2018 in News
- - - - - - - -
-
- This is a typical blog post that includes images. -The front matter specifies the date of the blog post, its title, a short description that will be displayed on the blog landing page, and its author. -Including images Here’s an image …
- -Thursday, January 04, 2018 in Releases
- - - - - - -Text can be bold, italic, or strikethrough. Links should be blue with no underlines (unless hovered over). -There should be whitespace between paragraphs. There should be whitespace between paragraphs. There should be whitespace between paragraphs. …
- -Jenkins Operator is an open source project that anyone in the community can use, improve, and enjoy. We'd love you to join us! Here's a few ways to find out what's happening and get involved. -
-Using or want to use Jenkins Operator? Find out more here: - -
If you want to get more involved by contributing to Jenkins Operator, join us here: - -
You can find out how to contribute to these docs in our Contribution Guidelines. -
This document explains how to setup your development environment.
- -git clone git@github.com:jenkinsci/kubernetes-operator.git
-cd kubernetes-operator
-make go-dependenciesStart minikube instance configured for Jenkins Operator. Appropriate minikube version will be downloaded to bin folder.
-make minikube-startNext run Jenkins Operator locally.
-make runConsole output indicating readiness of this phase:
-+ build
-+ run
-kubectl config use-context minikube
-Switched to context "minikube".
-Watching 'default' namespace
-bin/manager --jenkins-api-hostname=192.168.99.252 --jenkins-api-port=0 --jenkins-api-use-nodeport=true --cluster-domain=cluster.local
-2021-02-08T14:14:45.263+0100 INFO cmd Version: v0.5.0
-2021-02-08T14:14:45.263+0100 INFO cmd Git commit: 305dbeda-dirty-dirty
-2021-02-08T14:14:45.264+0100 INFO cmd Go Version: go1.15.6
-2021-02-08T14:14:45.264+0100 INFO cmd Go OS/Arch: darwin/amd64
-2021-02-08T14:14:45.264+0100 INFO cmd Watch namespace: default
-2021-02-08T14:14:45.592+0100 INFO controller-runtime.metrics metrics server is starting to listen {"addr": "0.0.0.0:8383"}
-2021-02-08T14:14:45.599+0100 INFO cmd starting manager
-2021-02-08T14:14:45.599+0100 INFO controller-runtime.manager starting metrics server {"path": "/metrics"}
-2021-02-08T14:14:45.599+0100 INFO controller-runtime.manager.controller.jenkins Starting EventSource {"reconciler group": "jenkins.io", "reconciler kind": "Jenkins", "source": "kind source: jenkins.io/v1alpha2, Kind=Jenkins"}
-2021-02-08T14:14:45.700+0100 INFO controller-runtime.manager.controller.jenkins Starting EventSource {"reconciler group": "jenkins.io", "reconciler kind": "Jenkins", "source": "kind source: /, Kind="}
-2021-02-08T14:14:45.800+0100 INFO controller-runtime.manager.controller.jenkins Starting EventSource {"reconciler group": "jenkins.io", "reconciler kind": "Jenkins", "source": "kind source: /, Kind="}
-2021-02-08T14:14:45.901+0100 INFO controller-runtime.manager.controller.jenkins Starting EventSource {"reconciler group": "jenkins.io", "reconciler kind": "Jenkins", "source": "kind source: /, Kind="}
-2021-02-08T14:14:46.003+0100 INFO controller-runtime.manager.controller.jenkins Starting EventSource {"reconciler group": "jenkins.io", "reconciler kind": "Jenkins", "source": "kind source: core/v1, Kind=Secret"}
-2021-02-08T14:14:46.004+0100 INFO controller-runtime.manager.controller.jenkins Starting EventSource {"reconciler group": "jenkins.io", "reconciler kind": "Jenkins", "source": "kind source: core/v1, Kind=ConfigMap"}
-2021-02-08T14:14:46.004+0100 INFO controller-runtime.manager.controller.jenkins Starting EventSource {"reconciler group": "jenkins.io", "reconciler kind": "Jenkins", "source": "kind source: jenkins.io/v1alpha2, Kind=Jenkins"}
-2021-02-08T14:14:46.004+0100 INFO controller-runtime.manager.controller.jenkins Starting Controller {"reconciler group": "jenkins.io", "reconciler kind": "Jenkins"}
-2021-02-08T14:14:46.004+0100 INFO controller-runtime.manager.controller.jenkins Starting workers {"reconciler group": "jenkins.io", "reconciler kind": "Jenkins", "worker count": 1}Lastly apply Jenkins Custom Resource to minikube cluster:
-kubectl apply -f config/samples/jenkins.io_v1alpha2_jenkins.yaml
-
-{"level":"info","ts":1612790690.875426,"logger":"controller-jenkins","msg":"Setting default Jenkins container command","cr":"jenkins-example"}
-{"level":"info","ts":1612790690.8754492,"logger":"controller-jenkins","msg":"Setting default Jenkins container JAVA_OPTS environment variable","cr":"jenkins-example"}
-{"level":"info","ts":1612790690.875456,"logger":"controller-jenkins","msg":"Setting default operator plugins","cr":"jenkins-example"}
-{"level":"info","ts":1612790690.875463,"logger":"controller-jenkins","msg":"Setting default Jenkins master service","cr":"jenkins-example"}
-{"level":"info","ts":1612790690.875467,"logger":"controller-jenkins","msg":"Setting default Jenkins slave service","cr":"jenkins-example"}
-{"level":"info","ts":1612790690.881811,"logger":"controller-jenkins","msg":"*v1alpha2.Jenkins/jenkins-example has been updated","cr":"jenkins-example"}
-{"level":"info","ts":1612790691.252834,"logger":"controller-jenkins","msg":"Creating a new Jenkins Master Pod default/jenkins-jenkins-example","cr":"jenkins-example"}
-{"level":"info","ts":1612790691.322793,"logger":"controller-jenkins","msg":"Jenkins master pod restarted by operator:","cr":"jenkins-example"}
-{"level":"info","ts":1612790691.322817,"logger":"controller-jenkins","msg":"Jenkins Operator version has changed, actual '' new 'v0.5.0'","cr":"jenkins-example"}
-{"level":"info","ts":1612790691.3228202,"logger":"controller-jenkins","msg":"Jenkins CR has been replaced","cr":"jenkins-example"}
-{"level":"info","ts":1612790695.8789551,"logger":"controller-jenkins","msg":"Creating a new Jenkins Master Pod default/jenkins-jenkins-example","cr":"jenkins-example"}
-{"level":"warn","ts":1612790817.9423082,"logger":"controller-jenkins","msg":"Reconcile loop failed: couldn't't init Jenkins API client: Get \"http://192.168.99.254:31998/api/json\": dial tcp 192.168.99.254:31998: connect: connection refused","cr":"jenkins-example"}
-{"level":"warn","ts":1612790817.9998221,"logger":"controller-jenkins","msg":"Reconcile loop failed: couldn't't init Jenkins API client: Get \"http://192.168.99.254:31998/api/json\": dial tcp 192.168.99.254:31998: connect: connection refused","cr":"jenkins-example"}
-{"level":"info","ts":1612790818.581316,"logger":"controller-jenkins","msg":"base-groovy ConfigMap 'jenkins-operator-base-configuration-jenkins-example' name '1-basic-settings.groovy' running groovy script","cr":"jenkins-example"}
-...
-{"level":"info","ts":1612790820.9473379,"logger":"controller-jenkins","msg":"base-groovy ConfigMap 'jenkins-operator-base-configuration-jenkins-example' name '8-disable-job-dsl-script-approval.groovy' running groovy script","cr":"jenkins-example"}
-{"level":"info","ts":1612790821.244055,"logger":"controller-jenkins","msg":"Base configuration phase is complete, took 2m6s","cr":"jenkins-example"}
-{"level":"info","ts":1612790821.7953842,"logger":"controller-jenkins","msg":"Waiting for Seed Job Agent `seed-job-agent`...","cr":"jenkins-example"}
-...
-
-{"level":"info","ts":1612790851.843638,"logger":"controller-jenkins","msg":"Waiting for Seed Job Agent `seed-job-agent`...","cr":"jenkins-example"}
-{"level":"info","ts":1612790853.489524,"logger":"controller-jenkins","msg":"User configuration phase is complete, took 2m38s","cr":"jenkins-example"}
-
-Two log lines says that Jenkins Operator works correctly:
-
-* `Base configuration phase is complete` - ensures manifests, Jenkins pod, Jenkins configuration and Jenkins API token
-* `User configuration phase is complete` - ensures Jenkins restore, backup and seed jobs along with user configuration
-
-> Details about base and user phase can be found [here](https://jenkinsci.github.io/kubernetes-operator/docs/how-it-works/architecture-and-design/).kubectl get jenkins -o yaml
-
-apiVersion: v1
-items:
-- apiVersion: jenkins.io/v1alpha2
- kind: Jenkins
- metadata:
- ...
- spec:
- backup:
- action: {}
- containerName: ""
- interval: 0
- makeBackupBeforePodDeletion: false
- configurationAsCode:
- configurations: []
- secret:
- name: ""
- groovyScripts:
- configurations: []
- secret:
- name: ""
- jenkinsAPISettings:
- authorizationStrategy: createUser
- master:
- basePlugins:
- ...
- containers:
- - command:
- - bash
- - -c
- - /var/jenkins/scripts/init.sh && exec /usr/bin/tini -s -- /usr/local/bin/jenkins.sh
- env:
- - name: JAVA_OPTS
- value: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap
- -XX:MaxRAMFraction=1 -Djenkins.install.runSetupWizard=false -Djava.awt.headless=true
- image: jenkins/jenkins:2.263.3-lts-alpine
- imagePullPolicy: Always
- livenessProbe:
- ...
- readinessProbe:
- ...
- resources:
- limits:
- cpu: 1500m
- memory: 3Gi
- requests:
- cpu: "1"
- memory: 500Mi
- disableCSRFProtection: false
- restore:
- action: {}
- containerName: ""
- getLatestAction: {}
- seedJobs:
- - additionalClasspath: ""
- bitbucketPushTrigger: false
- buildPeriodically: ""
- description: Jenkins Operator repository
- failOnMissingPlugin: false
- githubPushTrigger: false
- id: jenkins-operator
- ignoreMissingFiles: false
- pollSCM: ""
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.git
- targets: cicd/jobs/*.jenkins
- unstableOnDeprecation: false
- service:
- port: 8080
- type: NodePort
- serviceAccount: {}
- slaveService:
- port: 50000
- type: ClusterIP
- status:
- appliedGroovyScripts:
- - configurationType: base-groovy
- hash: 2ownqpRyBjQYmzTRttUx7axok3CKe2E45frI5iRwH0w=
- name: 1-basic-settings.groovy
- source: jenkins-operator-base-configuration-jenkins-example
- ...
- baseConfigurationCompletedTime: "2021-02-08T13:27:01Z"
- createdSeedJobs:
- - jenkins-operator
- operatorVersion: v0.5.0
- provisionStartTime: "2021-02-08T13:24:55Z"
- userAndPasswordHash: nnfZsWmFfAYlYyVYeKhWW2KB4L8mE61JUfetAsr9IMM=
- userConfigurationCompletedTime: "2021-02-08T13:27:33Z"
-kind: List
-metadata:
- resourceVersion: ""
- selfLink: ""kubectl get po
-
-NAME READY STATUS RESTARTS AGE
-jenkins-jenkins-example 1/1 Running 0 23m
-seed-job-agent-jenkins-example-758cc7cc5c-82hbl 1/1 Running 0 21mInstall Docker Desktop. If you are using Docker Desktop for Windows, you will also need to install WSL or WSL2. Ensure that Docker Desktop is currently running, and that you have enabled Kubernetes in it.
- -Run Jenkins Operator locally.
-make config="config.docker-desktop.env" runFrom this point on, Docker Desktop usage is identical to minikube usage.
- -make run OPERATOR_EXTRA_ARGS="--debug"To stop Kubernetes cluster running locally on minikube:
-minikube stopTo delete the cluster altogether:
-minikube deleteYou can also run the controller locally and make it listen to a remote Kubernetes server.
-make run NAMESPACE=default KUBECTL_CONTEXT=remote-k8s EXTRA_ARGS='--kubeconfig ~/.kube/config'Once Jenkins Operator are up and running, apply Jenkins custom resource:
-kubectl --context remote-k8s --namespace default apply -f deploy/crds/jenkins_v1alpha2_jenkins_cr.yaml
-kubectl --context remote-k8s --namespace default get jenkins -o yaml
-kubectl --context remote-k8s --namespace default get poTests are written using Ginkgo with Gomega.
- -Run unit tests with go fmt, lint, staticcheck, vet:
-make verifyRun unit tests only:
-make testRun e2e tests with minikube:
-make minikube-start
-make e2eRun Helm e2e tests:
-eval $(bin/minikube docker-env)
-make helm-e2eRun the specific e2e test:
-make e2e E2E_TEST_SELECTOR='^TestConfiguration$'To be able to work with the docker daemon on minikube machine run the following command before building an image:
eval $(bin/minikube docker-env)api/v1alpha2/jenkins_types.go has changedRun:
-make manifestsminikube service jenkins-operator-http-<cr_name> --url
-kubectl get secret jenkins-operator-credentials-<cr_name> -o 'jsonpath={.data.user}' | base64 -d
-kubectl get secret jenkins-operator-credentials-<cr_name> -o 'jsonpath={.data.password}' | base64 -dTo deploy the operator along with webhook, run :
-eval $(minikube docker-env)
-make deploy-webhookIt uses cert-manager as an external dependency.
- -Tutorial: Deep Dive into the Operator Framework for… Melvin Hillsman, Michael Hrivnak, & Matt Dorn -
This document answers the most frequently asked questions.
- -Jenkins can lose compatibility with its plugins or their dependencies. -If you want to reduce the probability of it happening, don’t use ‘latest’ Jenkins image tag. -Use set version of Jenkins image and declare plugins and all their dependencies in the Jenkins -Custom Resource under ‘plugins’. If you are not sure which plugins to pin, you can check the logs -from the ‘initial-config’ initcontainer or ‘jenkins-master’.
- -You can always add a custom Role for your Jenkins with the permissions you need and reference it in the -Jenkins Custom Resource under ‘spec.roles’. The Operator will create a RoleBinding for it. Be careful. -Operator may also not have these permissions. As a quick temporary workaround, you can manually bind this -role to the Operator service account.
- -In order to provide smooth extension, scalability and errorless backups, Jenkins needs to stay ephemeral. -There is no way to change volume for JENKINS_HOME. All the configurations should be volatile in Jenkins -and kept in a VCS.
- -This document describes a getting started guide for Jenkins Operator
- -Prepare your Kubernetes cluster and set up your kubectl access.
Once you have a running Kubernetes cluster you can focus on installing Jenkins Operator according to the -Installation guide.
- -How to work with the latest, currently supported Jenkins Operator version. -
-How to work with Jenkins Operator 0.6.x version. We recommend migrating to a newer version. -
-How to work with Jenkins Operator 0.5.x version. We recommend migrating to a newer version. -
-How to work with Jenkins Operator 0.4.x version. We recommend migrating to a newer version. -
-How to work with Jenkins Operator 0.3.x version. We recommend migrating to a newer version. -
-How to work with Jenkins Operator 0.2.x version. We recommend migrating to a newer version. -
-How to work with Jenkins Operator 0.1.x version. We recommend migrating to a newer version. -
-Azure AKS managed Kubernetes service adds to every pod the following environment variables:
-- name: KUBERNETES_PORT_443_TCP_ADDR
- value:
-- name: KUBERNETES_PORT
- value: tcp://
-- name: KUBERNETES_PORT_443_TCP
- value: tcp://
-- name: KUBERNETES_SERVICE_HOST
- value:The operator is aware of it and omits these environment variables when checking if a Jenkins pod environment has been changed. It prevents the -restart of a Jenkins pod over and over again.
- - - --- -Because of Jenkins Operator’s architecture, the configuration of Jenkins should be done using ConfigurationAsCode -or GroovyScripts and jobs should be defined as SeedJobs. It means that there is no point in backing up any job configuration -up. Therefore, the backup script makes a copy of jobs history only.
-
Backup and restore is done by a container sidecar.
- -Save to the file named pvc.yaml:
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: <pvc_name>
- namespace: <namespace>
-spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 500GiRun the following command:
-$ kubectl -n <namespace> create -f pvc.yamlapiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: jenkins-cr
-spec:
- jenkinsAPISettings:
- authorizationStrategy: createUser
- master:
- securityContext:
- runAsUser: 1000
- fsGroup: 1000
- disableCSRFProtection: false
- containers:
- - name: jenkins-master
- image: jenkins/jenkins:2.277.4-lts-alpine
- imagePullPolicy: IfNotPresent
- resources:
- limits:
- cpu: 1500m
- memory: 3Gi
- requests:
- cpu: "1"
- memory: 500Mi
- - name: backup # container responsible for the backup and restore
- env:
- - name: BACKUP_DIR
- value: /backup
- - name: JENKINS_HOME
- value: /jenkins-home
- - name: BACKUP_COUNT
- value: "3" # keep only the 2 most recent backups
- image: virtuslab/jenkins-operator-backup-pvc:v0.1.1 # look at backup/pvc directory
- imagePullPolicy: IfNotPresent
- volumeMounts:
- - mountPath: /jenkins-home # Jenkins home volume
- name: jenkins-home
- - mountPath: /backup # backup volume
- name: backup
- resources:
- limits:
- cpu: 1000m
- memory: 3Gi
- requests:
- cpu: "1"
- memory: 500Mi
- volumes:
- - name: backup # PVC volume where backups will be stored
- persistentVolumeClaim:
- claimName: <pvc_name>
- backup:
- containerName: backup # container name is responsible for backup
- action:
- exec:
- command:
- - /home/user/bin/backup.sh # this command is invoked on "backup" container to make backup, for example /home/user/bin/backup.sh <backup_number>, <backup_number> is passed by operator
- interval: 30 # how often make backup in seconds
- makeBackupBeforePodDeletion: true # make a backup before pod deletion
- restore:
- containerName: backup # container name is responsible for restore backup
- action:
- exec:
- command:
- - /home/user/bin/restore.sh # this command is invoked on "backup" container to make restore backup, for example /home/user/bin/restore.sh <backup_number>, <backup_number> is passed by operator
- #recoveryOnce: <backup_number> # if want to restore specific backup configure this field and then Jenkins will be restarted and desired backup will be restored
- getLatestAction:
- exec:
- command:
- - /home/user/bin/get-latest.sh # this command is invoked on "backup" container to get last backup number before pod deletion; not having it in the CR may cause loss of dataJenkins operator uses job-dsl and kubernetes-credentials-provider plugins for configuring jobs -and deploy keys.
- -First you have to prepare pipelines and job definition in your GitHub repository using the following structure:
-cicd/
-├── jobs
-│ └── k8s.jenkins
-└── pipelines
- └── k8s.jenkinscicd/jobs/k8s.jenkins is a job definition:
#!/usr/bin/env groovy
-
-pipelineJob('k8s-e2e') {
- displayName('Kubernetes Plugin E2E Test')
-
- logRotator {
- numToKeep(10)
- daysToKeep(30)
- }
-
- configure { project ->
- project / 'properties' / 'org.jenkinsci.plugins.workflow.job.properties.DurabilityHintJobProperty' {
- hint('PERFORMANCE_OPTIMIZED')
- }
- }
-
- definition {
- cpsScm {
- scm {
- git {
- remote {
- url('https://github.com/jenkinsci/kubernetes-operator.git')
- credentials('jenkins-operator')
- }
- branches('*/master')
- }
- }
- scriptPath('cicd/pipelines/k8s.jenkins')
- }
- }
-}cicd/pipelines/k8s.jenkins is an actual Jenkins pipeline:
#!/usr/bin/env groovy
-
-def label = "k8s-${UUID.randomUUID().toString()}"
-def home = "/home/jenkins"
-def workspace = "${home}/workspace/build-jenkins-operator"
-def workdir = "${workspace}/src/github.com/jenkinsci/kubernetes-operator/"
-
-podTemplate(label: label,
- containers: [
- containerTemplate(name: 'alpine', image: 'alpine:3.11', ttyEnabled: true, command: 'cat'),
- ],
- ) {
- node(label) {
- stage('Run shell') {
- container('alpine') {
- sh 'echo "hello world"'
- }
- }
- }
-}Jenkins Seed Jobs are configured using Jenkins.spec.seedJobs section from your custom resource manifest:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- seedJobs:
- - id: jenkins-operator
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.gitJenkins Operator will automatically discover and configure all the seed jobs.
- -You can verify if deploy keys were successfully configured in the Jenkins Credentials tab.
- -
You can verify if your pipelines were successfully configured in the Jenkins Seed Job console output.
- -
If your GitHub repository is private you have to configure SSH or username/password authentication.
- -There are two methods of SSH private key generation:
-$ openssl genrsa -out <filename> 2048or
-$ ssh-keygen -t rsa -b 2048
-$ ssh-keygen -p -f <filename> -m pemThen copy content from generated file.
- -If you want to upload your public key to your Git server you need to extract it.
- -If key was generated by openssl then you need to type this to extract public key:
$ openssl rsa -in <filename> -pubout > <filename>.pubIf key was generated by ssh-keygen the public key content is located in
Configure a seed job like this:
-apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- seedJobs:
- - id: jenkins-operator-ssh
- credentialType: basicSSHUserPrivateKey
- credentialID: k8s-ssh
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: git@github.com:jenkinsci/kubernetes-operator.gitand create a Kubernetes Secret (name of secret should be the same from credentialID field):
apiVersion: v1
-kind: Secret
-metadata:
- name: k8s-ssh
- labels:
- "jenkins.io/credentials-type": "basicSSHUserPrivateKey"
- annotations:
- "jenkins.io/credentials-description" : "ssh github.com:jenkinsci/kubernetes-operator"
-stringData:
- privateKey: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIJKAIBAAKCAgEAxxDpleJjMCN5nusfW/AtBAZhx8UVVlhhhIKXvQ+dFODQIdzO
- oDXybs1zVHWOj31zqbbJnsfsVZ9Uf3p9k6xpJ3WFY9b85WasqTDN1xmSd6swD4N8
- ...
- username: github_user_nameConfigure the seed job like:
-apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- seedJobs:
- - id: jenkins-operator-user-pass
- credentialType: usernamePassword
- credentialID: k8s-user-pass
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.gitand create a Kubernetes Secret (name of secret should be the same from credentialID field):
apiVersion: v1
-kind: Secret
-metadata:
- name: k8s-user-pass
-stringData:
- username: github_user_name
- password: password_or_tokenYou can use external credential type if you want to configure authentication using Configuration As Code or Groovy Script.
Example:
-apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- seedJobs:
- - id: jenkins-operator-external
- credentialType: external
- credentialID: k8s-external
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.gitRemember that credentialID must match the id of the credentials configured in Jenkins. Consult the
-Jenkins docs for using credentials for details.
To use forwarding proxy with an operator to download plugins you need to add the following environment variable to Jenkins Custom Resource (CR), e.g.:
-spec:
- master:
- containers:
- - name: jenkins-master
- env:
- - name: CURL_OPTIONS
- value: -L -x <proxy_url>In CURL_OPTIONS var you can set additional arguments to curl command.
To pull a Docker Image from private repository you can use imagePullSecrets.
Please follow the instructions on creating a secret with a docker config.
- -To use Docker Hub additional steps are required.
- -Edit the previously created secret:
-kubectl -n <namespace> edit secret <name>The .dockerconfigjson key’s value needs to be replaced with a modified version.
After modifications, it needs to be encoded as a Base64 value before setting the .dockerconfigjson key.
Example config file to modify and use:
-{
- "auths":{
- "https://index.docker.io/v1/":{
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "auth.docker.io":{
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "registry.docker.io":{
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "docker.io":{
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "https://registry-1.docker.io/v2/": {
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "registry-1.docker.io/v2/": {
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "registry-1.docker.io": {
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "https://registry-1.docker.io": {
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- }
- }
-}With enough effort one can create a custom backup and restore provider -for the Jenkins Operator.
- -Two commands (e.g. scripts) are required:
- -backup.sh that takes one argument, a backup numberbackup.sh that takes one argument, a backup numberBoth scripts need to return an exit code of 0 on success and 1 or greater for failure.
One of those scripts (or the entry point of the container) needs to be responsible -for backup cleanup or rotation if required, or an external system.
- -The mechanism relies on basic Kubernetes and UNIX functionalities.
- -The backup (and restore) container runs as a sidecar in the same -Kubernetes pod as the Jenkins master.
- -Name of the backup and restore containers can be set as necessary using
-spec.backup.containerName and spec.restore.containerName.
-In most cases it will be the same container, but we allow for less common use cases.
The operator will call a backup or restore commands inside a sidecar container when necessary:
- -spec.backup.action.exec.command)
-will be called every N seconds configurable in: spec.backup.interval
-and on pod shutdown (if enabled in spec.backup.makeBackupBeforePodDeletion)
-with an integer representing the current backup number as first and only argumentspec.restore.action.exec.command)
-will be called at Jenkins startup
-with an integer representing the backup number to restore as first and only argument
-(can be overridden using spec.restore.recoveryOnce)This example shows abbreviated version of a simple AWS S3 backup implementation
-using: aws-cli, bash and kube2iam.
In addition to your normal Jenkins CustomResource some additional settings
-for backup and restore are required, e.g.:
kind: Jenkins
-apiVersion: jenkins.io/v1alpha1
-metadata:
- name: example
- namespace: jenkins
-spec:
- master:
- masterAnnotations:
- iam.amazonaws.com/role: "my-example-backup-role" # tell kube2iam where the AWS IAM role is
- containers:
- - name: jenkins-master
- ...
- - name: backup # container responsible for backup and restore
- image: quay.io/virtuslab/aws-cli:1.16.263-2
- workingDir: /home/user/bin/
- command: # our container entry point
- - sleep
- - infinity
- env:
- - name: BACKUP_BUCKET
- value: my-example-bucket # the S3 bucket name to use
- - name: BACKUP_PATH
- value: my-backup-path # the S3 bucket path prefix to use
- - name: JENKINS_HOME
- value: /jenkins-home # the path to mount jenkins home dir in the backup container
- volumeMounts:
- - mountPath: /jenkins-home # Jenkins home volume
- name: jenkins-home
- - mountPath: /home/user/bin/backup.sh
- name: backup-scripts
- subPath: backup.sh
- readOnly: true
- - mountPath: /home/user/bin/restore.sh
- name: backup-scripts
- subPath: restore.sh
- readOnly: true
- volumes:
- - name: backup-scripts
- configMap:
- defaultMode: 0754
- name: jenkins-operator-backup-s3
- securityContext: # make sure both containers use the same UID and GUID
- runAsUser: 1000
- fsGroup: 1000
- ...
- backup:
- containerName: backup # container name responsible for backup
- interval: 3600 # how often make a backup in seconds
- makeBackupBeforePodDeletion: true # trigger backup just before deleting the pod
- action:
- exec:
- command:
- # this command is invoked on "backup" container to create a backup,
- # <backup_number> is passed by operator,
- # for example /home/user/bin/backup.sh <backup_number>
- - /home/user/bin/backup.sh
- restore:
- containerName: backup # container name is responsible for restore backup
- action:
- exec:
- command:
- # this command is invoked on "backup" container to restore a backup,
- # <backup_number> is passed by operator
- # for example /home/user/bin/restore.sh <backup_number>
- - /home/user/bin/restore.sh
-# recoveryOnce: <backup_number> # if want to restore specific backup configure this field and then Jenkins will be restarted and desired backup will be restoredThe actual backup and restore scripts will be provided in a ConfigMap:
kind: ConfigMap
-apiVersion: v1
-metadata:
- name: jenkins-operator-backup-s3
- namespace: jenkins
- labels:
- app: jenkins-operator
-data:
- backup.sh: |-
- #!/bin/bash -xeu
- [[ ! $# -eq 1 ]] && echo "Usage: $0 backup_number" && exit 1;
- [[ -z "${BACKUP_BUCKET}" ]] && echo "Required 'BACKUP_BUCKET' env not set" && exit 1;
- [[ -z "${BACKUP_PATH}" ]] && echo "Required 'BACKUP_PATH' env not set" && exit 1;
- [[ -z "${JENKINS_HOME}" ]] && echo "Required 'JENKINS_HOME' env not set" && exit 1;
-
- backup_number=$1
- echo "Running backup #${backup_number}"
-
- BACKUP_TMP_DIR=$(mktemp -d)
- tar -C ${JENKINS_HOME} -czf "${BACKUP_TMP_DIR}/${backup_number}.tar.gz" --exclude jobs/*/workspace* -c jobs && \
-
- aws s3 cp ${BACKUP_TMP_DIR}/${backup_number}.tar.gz s3://${BACKUP_BUCKET}/${BACKUP_PATH}/${backup_number}.tar.gz
- echo Done
-
- restore.sh: |-
- #!/bin/bash -xeu
- [[ ! $# -eq 1 ]] && echo "Usage: $0 backup_number" && exit 1
- [[ -z "${BACKUP_BUCKET}" ]] && echo "Required 'BACKUP_BUCKET' env not set" && exit 1;
- [[ -z "${BACKUP_PATH}" ]] && echo "Required 'BACKUP_PATH' env not set" && exit 1;
- [[ -z "${JENKINS_HOME}" ]] && echo "Required 'JENKINS_HOME' env not set" && exit 1;
-
- backup_number=$1
- echo "Running restore #${backup_number}"
-
- BACKUP_TMP_DIR=$(mktemp -d)
- aws s3 cp s3://${BACKUP_BUCKET}/${BACKUP_PATH}/${backup_number}.tar.gz ${BACKUP_TMP_DIR}/${backup_number}.tar.gz
-
- tar -C ${JENKINS_HOME} -zxf "${BACKUP_TMP_DIR}/${backup_number}.tar.gz"
- echo DoneIn our example we will use S3 bucket lifecycle policy to keep -the number of backups under control, e.g. Cloud Formation fragment:
- Type: AWS::S3::Bucket
- Properties:
- BucketName: my-example-bucket
- ...
- LifecycleConfiguration:
- Rules:
- - Id: BackupCleanup
- Status: Enabled
- Prefix: my-backup-path
- ExpirationInDays: 7
- NoncurrentVersionExpirationInDays: 14
- AbortIncompleteMultipartUpload:
- DaysAfterInitiation: 3Jenkins can be customized with plugins. -Plugin’s configuration is applied as groovy scripts or the configuration as code plugin. -Any plugin working for Jenkins can be installed by the Jenkins Operator.
- -Pre-installed plugins:
- -Rest of the plugins can be found in plugins repository.
- -Edit Custom Resource under spec.master.plugins:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- master:
- plugins:
- - name: simple-theme-plugin
- version: "0.7"Under spec.master.basePlugins you can find plugins for a valid Jenkins Operator:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- master:
- basePlugins:
- - name: kubernetes
- version: "1.30.11"
- - name: workflow-job
- version: "2.42"
- - name: workflow-aggregator
- version: "2.6"
- - name: git
- version: "4.10.0"
- - name: job-dsl
- version: "1.78.1"
- - name: configuration-as-code
- version: "1.55"
- - name: kubernetes-credentials-provider
- version: "0.20"You can change their versions.
- -The Jenkins Operator will then automatically install plugins after the Jenkins master pod restart.
- -By using a ConfigMap you can create your own Jenkins customized configuration.
-Then you must reference the ConfigMap in the Jenkins pod customization file in spec.groovyScripts or spec.configurationAsCode
Create a ConfigMap with specific name (eg. jenkins-operator-user-configuration). Then, modify the Jenkins manifest:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- configurationAsCode:
- configurations:
- - name: jenkins-operator-user-configuration
- groovyScripts:
- configurations:
- - name: jenkins-operator-user-configurationHere is an example of jenkins-operator-user-configuration:
apiVersion: v1
-kind: ConfigMap
-metadata:
- name: jenkins-operator-user-configuration
-data:
- 1-configure-theme.groovy: |
- import jenkins.*
- import jenkins.model.*
- import hudson.*
- import hudson.model.*
- import org.jenkinsci.plugins.simpletheme.ThemeElement
- import org.jenkinsci.plugins.simpletheme.CssTextThemeElement
- import org.jenkinsci.plugins.simpletheme.CssUrlThemeElement
-
- Jenkins jenkins = Jenkins.getInstance()
-
- def decorator = Jenkins.instance.getDescriptorByType(org.codefirst.SimpleThemeDecorator.class)
-
- List<ThemeElement> configElements = new ArrayList<>();
- configElements.add(new CssTextThemeElement("DEFAULT"));
- configElements.add(new CssUrlThemeElement("https://cdn.rawgit.com/afonsof/jenkins-material-theme/gh-pages/dist/material-light-green.css"));
- decorator.setElements(configElements);
- decorator.save();
-
- jenkins.save()
- 1-system-message.yaml: |
- jenkins:
- systemMessage: "Configuration as Code integration works!!!"*.groovy is Groovy script configuration*.yaml is configuration as codeIf you want to correct your configuration you can edit it while the Jenkins Operator is running. -Jenkins will reconcile and apply the new configuration.
- -If you configured spec.groovyScripts.secret.name, then this secret is available to use from map Groovy scripts.
-The secrets are loaded to secrets map.
Create a secret with for example the name jenkins-conf-secrets.
kind: Secret
-apiVersion: v1
-type: Opaque
-metadata:
- name: jenkins-conf-secrets
- namespace: default
-data:
- SYSTEM_MESSAGE: SGVsbG8gd29ybGQ=Then modify the Jenkins pod manifest by changing spec.groovyScripts.secret.name to jenkins-conf-secrets.
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- configurationAsCode:
- configurations:
- - name: jenkins-operator-user-configuration
- secret:
- name: jenkins-conf-secrets
- groovyScripts:
- configurations:
- - name: jenkins-operator-user-configuration
- secret:
- name: jenkins-conf-secretsNow you can test that the secret is mounted by applying this ConfigMap for Groovy script:
apiVersion: v1
-kind: ConfigMap
-metadata:
- name: jenkins-operator-user-configuration
-data:
- 1-system-message.groovy: |
- import jenkins.*
- import jenkins.model.*
- import hudson.*
- import hudson.model.*
- Jenkins jenkins = Jenkins.getInstance()
-
- jenkins.setSystemMessage(secrets["SYSTEM_MESSAGE"])
- jenkins.save()Or by applying this configuration as code:
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: jenkins-operator-user-configuration
-data:
- 1-system-message.yaml: |
- jenkins:
- systemMessage: ${SYSTEM_MESSAGE}After this, you should see the Hello world system message from the Jenkins homepage.
This document describes the procedure for deploying Jenkins.
- -The Operator needs to have been deployed beforehand. The procedure for deploying Jenkins described here doesn’t apply to
-installation of Operator via Helm chart unless jenkins.enabled was set to false.
-That’s because by default, installation via Helm chart also covers deploying Jenkins.
Once Jenkins Operator is up and running let’s deploy actual Jenkins instance.
-Create manifest e.g. jenkins_instance.yaml with following data and save it on drive.
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
- namespace: default
-spec:
- configurationAsCode:
- configurations: []
- secret:
- name: ""
- groovyScripts:
- configurations: []
- secret:
- name: ""
- jenkinsAPISettings:
- authorizationStrategy: createUser
- master:
- disableCSRFProtection: false
- containers:
- - name: jenkins-master
- image: jenkins/jenkins:2.319.1-lts-alpine
- imagePullPolicy: Always
- livenessProbe:
- failureThreshold: 12
- httpGet:
- path: /login
- port: http
- scheme: HTTP
- initialDelaySeconds: 100
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 5
- readinessProbe:
- failureThreshold: 10
- httpGet:
- path: /login
- port: http
- scheme: HTTP
- initialDelaySeconds: 80
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 1
- resources:
- limits:
- cpu: 1500m
- memory: 3Gi
- requests:
- cpu: "1"
- memory: 500Mi
- seedJobs:
- - id: jenkins-operator
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.gitDeploy a Jenkins to Kubernetes:
-kubectl create -f jenkins_instance.yamlWatch the Jenkins instance being created:
-kubectl get pods -wGet the Jenkins credentials:
-kubectl get secret jenkins-operator-credentials-<cr_name> -o 'jsonpath={.data.user}' | base64 -d
-kubectl get secret jenkins-operator-credentials-<cr_name> -o 'jsonpath={.data.password}' | base64 -dConnect to the Jenkins instance (minikube):
-minikube service jenkins-operator-http-<cr_name> --urlConnect to the Jenkins instance (actual Kubernetes cluster):
-kubectl port-forward jenkins-<cr_name> 8080:8080Then open browser with address http://localhost:8080.
This document describes a getting started guide for Jenkins Operator v0.7.x and also additional configuration.
Prepare your Kubernetes cluster and set up your kubectl access.
Once you have a running Kubernetes cluster you can focus on installing Jenkins Operator according to the -Installation guide.
- -How to install Jenkins Operator -
-Deploy production ready Jenkins manifest -
-How to customize Jenkins -
-How to configure Jenkins with Operator -
-Prevent loss of job history -
-How to install Jenkins and Jenkins Operator in separate namespaces -
-Custom backup and restore provider -
-Additional configuration for Azure Kubernetes Service -
-Additional configuration for LDAP -
-Additional configuration for OpenShift -
-API Schema definitions for Jenkins CRD -
-This document describes installation procedure for Jenkins Operator. -All container images can be found at virtuslab/jenkins-operator Docker Hub repository.
- -To run Jenkins Operator, you will need:
- -1.17+kubectl version 1.17+Listed below are the two ways to deploy Jenkins Operator.
- -First, install Jenkins Custom Resource Definition:
-kubectl apply -f https://raw.githubusercontent.com/jenkinsci/kubernetes-operator/master/config/crd/bases/jenkins.io_jenkins.yaml Then, install the Operator and other required resources:
-kubectl apply -f https://raw.githubusercontent.com/jenkinsci/kubernetes-operator/master/deploy/all-in-one-v1alpha2.yamlWatch Jenkins Operator instance being created:
-kubectl get pods -wNow Jenkins Operator should be up and running in the default namespace.
-For deploying Jenkins, refer to Deploy Jenkins section.
Alternatively, you can also use Helm to install the Operator (and optionally, by default, Jenkins). It requires the Helm 3+ for deployment.
- -Create a namespace for the operator:
-$ kubectl create namespace <your-namespace>To install, you need only to type these commands:
-$ helm repo add jenkins https://raw.githubusercontent.com/jenkinsci/kubernetes-operator/master/chart
-$ helm install <name> jenkins/jenkins-operator -n <your-namespace>To add custom labels and annotations, you can use values.yaml file or pass them into helm install command, e.g.:
$ helm install <name> jenkins/jenkins-operator -n <your-namespace> --set jenkins.labels.LabelKey=LabelValue,jenkins.annotations.AnnotationKey=AnnotationValueYou can further customize Jenkins using values.yaml:
-
| - | Field | -Default value | -Description | -||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
-jenkins
- |
-
- operator is section for configuring operator deployment -
|
-||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| - | Field | -Default value | -Description | -||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
- operator
- |
-
- operator is section for configuring operator deployment -
|
- ||||||||||||||||||||||||||||||||
-(Appears on: -JenkinsConfiguration) -
--Backup defines configuration of Jenkins backup. -
- -| Field | -Default value | -Description | -||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
- enabled
- |
- - true - | -- Enabled is enable/disable switch for backup feature. - | -||||||||||||
- image
- |
- - virtuslab/jenkins-operator-backup-pvc:v0.1.1 - | -- Image used by backup feature. - | -||||||||||||
- containerName
- |
- - backup - | -- Backup container name. - | -||||||||||||
- interval
- |
- - 30 - | -- Defines how often make backup in seconds. - | -||||||||||||
- makeBackupBeforePodDeletion
- |
- - true - | -- When enabled will make backup before pod deletion. - | -||||||||||||
- backupCommand
- |
- - /home/user/bin/backup.sh - | -- Backup container command. - | -||||||||||||
- restoreCommand
- |
- - /home/user/bin/restore.sh - | -- Backup restore command. - | -||||||||||||
- pvc
- |
-
- Persistent Volume Claim Kubernetes resource --
|
- |||||||||||||
- env
- |
-
--- name: BACKUP_DIR - value: /backup -- name: JENKINS_HOME - value: /jenkins-home -- name: BACKUP_COUNT - value: "3" -- |
-
- Contains container environment variables.
- PVC backup provider handles these variables: - BACKUP_DIR - path for storing backup files (default: "/backup") - JENKINS_HOME - path to jenkins home (default: "/jenkins-home") - BACKUP_COUNT - define how much recent backups will be kept - |
-
- ||||||||||||
- volumeMounts
- |
-
--- name: jenkins-home - mountPath: /jenkins-home -- mountPath: /backup - name: backup -- |
- - Holds the mount points for volumes. - | -||||||||||||
- (Appears on: - Jenkins instance configuration) -
- -| Field | -Default value | -Description | -
|---|---|---|
- configurationAsCode
- |
- - {} - | -
- ConfigurationAsCode defines configuration of Jenkins customization via Configuration as Code Jenkins plugin.
-Example: -
-- configMapName: jenkins-casc
- content: {}
-
- |
-
- groovyScripts
- |
- - {} - | -
- GroovyScripts defines configuration of Jenkins customization via groovy scripts.
- Example: -
-- configMapName: jenkins-gs
- content: {}
-
- |
-
- secretRefName
- |
- - “” - | -- secretRefName of existing secret (previously created). - | -
- secretData
- |
- - {} - | -- If secretRefName is empty, secretData creates new secret and fills with data provided in secretData. - | -
If you wish to use the newest, not yet released version of the Operator, you can use one of nightly built snapshot images, however the maintainers of this project cannot guarantee their stability.
- -You can find nightly built images by heading to virtuslab/jenkins-operator Docker Hub repository and looking for images with tag in the form of {git-hash}, {git-hash} being the hash of master branch commit that you want to use snapshot of.
Current design of the Operator puts an emphasis on creating a full GitOps flow of work for Jenkins users. -One of the key points of this design is maintaining an immutable state of Jenkins.
- -One of the prerequisites of this is an ephemeral Jenkins home directory. To achieve that, Operator mounts emptyDir Volume -(jenkins-home) as Jenkins home directory. -It is not possible to overwrite volumeMount and specify any other Volume for Jenkins home directory, -as attempting to do so will result in Operator error.
- -jenkins-home is not the only Jenkins controller pod volumeMount that is non-configurable and managed by Operator, -below is the full list of those volumeMounts:
- -Validating webhook can be used in order to increase the Operator’s capabilities to monitor security issues. It will look for security vulnerabilities in the base and requested plugins. It can be easily installed via Helm charts by setting webhook.enabled in values.yaml.
- -Note: The webhook takes some time to get up and running. It’s recommended to first deploy the Operator and later Jenkins Custom Resource by using toggles in values.yaml.
-For the installation with yaml manifests (without using Helm chart), first, install cert-manager:
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.1/cert-manager.yaml It takes some time to get cert-manager up and running. -Then, install the webhook and other required resources:
-kubectl apply -f https://raw.githubusercontent.com/jenkinsci/kubernetes-operator/master/deploy/all-in-one-webhook.yamlNow, download the manifests for the operator and other resources from here and provide these additional fields in the Operator manifest:
- -
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: jenkins-operator
- labels:
- control-plane: controller-manager
-spec:
- selector:
- matchLabels:
- control-plane: controller-manager
- replicas: 1
- template:
- metadata:
- labels:
- control-plane: controller-manager
- spec:
- serviceAccountName: jenkins-operator
- securityContext:
- runAsUser: 65532
- containers:
- - command:
- - /manager
- args:
- - --leader-elect
- - --validate-security-warnings
- image: virtuslab/jenkins-operator:v0.7.0
- name: jenkins-operator
- imagePullPolicy: IfNotPresent
- securityContext:
- allowPrivilegeEscalation: false
- livenessProbe:
- httpGet:
- path: /healthz
- port: 8081
- initialDelaySeconds: 15
- periodSeconds: 20
- readinessProbe:
- httpGet:
- path: /readyz
- port: 8081
- initialDelaySeconds: 5
- periodSeconds: 10
- resources:
- limits:
- cpu: 200m
- memory: 100Mi
- requests:
- cpu: 100m
- memory: 20Mi
- env:
- - name: WATCH_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- volumeMounts:
- - mountPath: /tmp/k8s-webhook-server/serving-certs
- name: webhook-certs
- readOnly: true
- volumes:
- - name: webhook-certs
- secret:
- defaultMode: 420
- secretName: jenkins-webhook-certificate
- terminationGracePeriodSeconds: 10
-
-
-
-To enable security validation in the Jenkins Custom Resource, set
- --- - - -jenkins.ValidateSecurityWarnings=true
-
Configuring LDAP is not supported out of the box, but can be achieved through -plugins and some well tuned configurations.
- -The plugin we will use is: https://plugins.jenkins.io/ldap/
- --- -Note: This is an example of how LDAP authentication can be achieved. The LDAP -plugin is from a third-party, and there may be other alternatives that suits -your use case better. Use this guide with a grain of salt.
-
LDAP server accessible from the Kubernetes cluster where your Jenkins -instance will live.
Credentials to a manager account in your AD. Jenkins Operator will use -this account to authenticate with Jenkins for health checks, seed jobs, etc.
In your Jenkins configuration, add the following plugin:
-plugins:
- # Check https://plugins.jenkins.io/ldap/ to find the latest version.
- - name: ldap
- version: "2.7"Easiest step is to then start up Jenkins then navigate to your instance’s -“Configure Global Security” page and configure it accordingly.
- -http://jenkins.example.com/configureSecurity/
Once it’s set up and tested, you can navigate to your JCasC page and export -the LDAP settings.
- -https://jenkins.example.com/configuration-as-code/
Feed the relevant new settings into your Kubernetes ConfigMap for your JCasC -settings.
- -Here’s a snippet of the LDAP-related configurations:
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: jenkins-casc
-data:
- ldap.yaml: |
- jenkins:
- securityRealm:
- ldap:
- configurations:
- - displayNameAttributeName: "name"
- groupSearchBase: "OU=Groups,OU=MyCompany"
- groupSearchFilter: "(& (cn={0}) (objectclass=group) )"
- inhibitInferRootDN: false
- managerDN: "CN=Jenkins Admin,OU=UsersSystem,OU=UsersOther,OU=MyCompany,DC=mycompany,DC=local"
- managerPasswordSecret: "${LDAP_MANAGER_PASSWORD}"
- rootDN: "DC=mycompany,DC=local"
- server: "MyCompany.local"
- userSearch: "SamAccountName={0}"
- userSearchBase: "OU=MyCompany"
- disableMailAddressResolver: false
- disableRolePrefixing: true
- groupIdStrategy: "caseInsensitive"
- userIdStrategy: "caseInsensitive"-- - - -Note the use of
-${LDAP_MANAGER_PASSWORD}above. You can reference -Kubernetes secrets in your JCasC ConfigMaps by adding the following to your -Jenkins object:-> kind: Jenkins -> spec: -> configurationAsCode: -> configurations: -> - name: jenkins-casc -> secret: -> # This here -> name: jenkins-casc-secrets -> ``` -> -> ```yaml -> apiVersion: v1 -> kind: Secret -> metadata: -> name: jenkins-cred-conf-secrets -> stringData: -> LDAP_MANAGER_PASSWORD: <password-for-manager-created-in-ldap> -> ``` -> -> Schema reference: [v1alpha2.ConfigurationAsCode](./schema/#github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.ConfigurationAsCode) - -Finally you must configure the Jenkins operator to use the manager's -credentials from the AD. - -This is because this procedure will disable Jenkins' own user database, and the -Jenkins operator still needs to be able to talk to Jenkins in an authorized -manner. - -Create the following Kubernetes secret:yaml -apiVersion: v1 -kind: Secret -metadata: - name: jenkins-operator-credentials-
- -- namespace: -stringData: - user: - password: -``` Note: Values in stringData do not need to be base64 encoded. They are -encoded by Kubernetes when the manifest is applied.
-
This document contains API scheme for jenkins-operator Custom Resource Definition manifest
Packages:
--
Package v1alpha2 contains API Schema definitions for the jenkins.io v1alpha2 API group
- -Resource Types: --
Jenkins is the Schema for the jenkins API
- -| Field | -Description | -||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
-apiVersion
-string |
-
-
-jenkins.io/v1alpha2
-
- |
-||||||||||||||||||||||||||
-kind
-string
- |
-Jenkins |
-||||||||||||||||||||||||||
-metadata
-
-
-Kubernetes meta/v1.ObjectMeta
-
-
- |
-
-Refer to the Kubernetes API documentation for the fields of the
-metadata field.
- |
-||||||||||||||||||||||||||
-spec
-
-
-JenkinsSpec
-
-
- |
-
- Spec defines the desired state of the Jenkins -- -
|
-||||||||||||||||||||||||||
-status
-
-
-JenkinsStatus
-
-
- |
-
- Status defines the observed state of Jenkins - |
-
-(Appears on: -JenkinsStatus) -
--
AppliedGroovyScript is the applied groovy script in Jenkins by the operator.
- -| Field | -Description | -
|---|---|
-configurationType
-
-string
-
- |
-
- ConfigurationType is the name of the configuration type(base-groovy, user-groovy, user-casc) - |
-
-source
-
-string
-
- |
-
- Source is the name of source where is located groovy script - |
-
-name
-
-string
-
- |
-
- Name is the name of the groovy script - |
-
-hash
-
-string
-
- |
-
- Hash is the hash of the groovy script and secrets which it uses - |
-
string alias)-(Appears on: -JenkinsAPISettings) -
--
AuthorizationStrategy defines authorization strategy of the operator for the Jenkins API
- --(Appears on: -JenkinsSpec) -
--
Backup defines configuration of Jenkins backup.
- -| Field | -Description | -
|---|---|
-containerName
-
-string
-
- |
-
- ContainerName is the container name responsible for backup operation - |
-
-action
-
-
-Handler
-
-
- |
-
- Action defines action which performs backup in backup container sidecar - |
-
-interval
-
-uint64
-
- |
-
- Interval tells how often make backup in seconds -Defaults to 30. - |
-
-makeBackupBeforePodDeletion
-
-bool
-
- |
-
- MakeBackupBeforePodDeletion tells operator to make backup before Jenkins master pod deletion - |
-
-(Appears on: -Customization) -
--
ConfigMapRef is reference to Kubernetes ConfigMap.
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-- | -
-(Appears on: -JenkinsSpec) -
--
ConfigurationAsCode defines configuration of Jenkins customization via Configuration as Code Jenkins plugin.
- -| Field | -Description | -
|---|---|
-Customization
-
-
-Customization
-
-
- |
-
-
-(Members of |
-
-(Appears on: -JenkinsMaster) -
--
Container defines Kubernetes container attributes.
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-
- Name of the container specified as a DNS_LABEL. -Each container in a pod must have a unique name (DNS_LABEL). - |
-
-image
-
-string
-
- |
-
- Docker image name. -More info: https://kubernetes.io/docs/concepts/containers/images - |
-
-imagePullPolicy
-
-
-Kubernetes core/v1.PullPolicy
-
-
- |
-
- Image pull policy. -One of Always, Never, IfNotPresent. -Defaults to Always. - |
-
-resources
-
-
-Kubernetes core/v1.ResourceRequirements
-
-
- |
-
- Compute Resources required by this container. -More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - |
-
-command
-
-[]string
-
- |
-
-(Optional)
- Entrypoint array. Not executed within a shell. -The docker image’s ENTRYPOINT is used if this is not provided. -Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable -cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax -can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, -regardless of whether the variable exists or not. -More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - |
-
-args
-
-[]string
-
- |
-
-(Optional)
- Arguments to the entrypoint. -The docker image’s CMD is used if this is not provided. -Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable -cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax -can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, -regardless of whether the variable exists or not. -More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - |
-
-workingDir
-
-string
-
- |
-
-(Optional)
- Container’s working directory. -If not specified, the container runtime’s default will be used, which -might be configured in the container image. - |
-
-ports
-
-
-[]Kubernetes core/v1.ContainerPort
-
-
- |
-
-(Optional)
- List of ports to expose from the container. Exposing a port here gives -the system additional information about the network connections a -container uses, but is primarily informational. Not specifying a port here -DOES NOT prevent that port from being exposed. Any port which is -listening on the default “0.0.0.0” address inside a container will be -accessible from the network. - |
-
-envFrom
-
-
-[]Kubernetes core/v1.EnvFromSource
-
-
- |
-
-(Optional)
- List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple -sources, the value associated with the last source will take precedence. -Values defined by an Env with a duplicate key will take precedence. - |
-
-env
-
-
-[]Kubernetes core/v1.EnvVar
-
-
- |
-
-(Optional)
- List of environment variables to set in the container. - |
-
-volumeMounts
-
-
-[]Kubernetes core/v1.VolumeMount
-
-
- |
-
-(Optional)
- Pod volumes to mount into the container’s filesystem. - |
-
-livenessProbe
-
-
-Kubernetes core/v1.Probe
-
-
- |
-
-(Optional)
- Periodic probe of container liveness. -Container will be restarted if the probe fails. - |
-
-readinessProbe
-
-
-Kubernetes core/v1.Probe
-
-
- |
-
-(Optional)
- Periodic probe of container service readiness. -Container will be removed from service endpoints if the probe fails. - |
-
-lifecycle
-
-
-Kubernetes core/v1.Lifecycle
-
-
- |
-
-(Optional)
- Actions that the management system should take in response to container lifecycle events. - |
-
-securityContext
-
-
-Kubernetes core/v1.SecurityContext
-
-
- |
-
-(Optional)
- Security options the pod should run with. -More info: https://kubernetes.io/docs/concepts/policy/security-context/ -More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - |
-
-(Appears on: -ConfigurationAsCode, -GroovyScripts) -
--
Customization defines configuration of Jenkins customization.
- -| Field | -Description | -
|---|---|
-secret
-
-
-SecretRef
-
-
- |
-- | -
-configurations
-
-
-[][]github.com/jenkinsci/kubernetes-operator/api/v1alpha2.ConfigMapRef
-
-
- |
-- | -
-(Appears on: -JenkinsSpec) -
--
GroovyScripts defines configuration of Jenkins customization via groovy scripts.
- -| Field | -Description | -
|---|---|
-Customization
-
-
-Customization
-
-
- |
-
-
-(Members of |
-
-(Appears on: -Backup, -Restore) -
--
Handler defines a specific action that should be taken.
- -| Field | -Description | -
|---|---|
-exec
-
-
-Kubernetes core/v1.ExecAction
-
-
- |
-
- Exec specifies the action to take. - |
-
-(Appears on: -JenkinsSpec) -
--
JenkinsAPISettings defines configuration used by the operator to gain admin access to the Jenkins API
- -| Field | -Description | -
|---|---|
-authorizationStrategy
-
-
-AuthorizationStrategy
-
-
- |
-- | -
string alias)-(Appears on: -SeedJob) -
--
JenkinsCredentialType defines type of Jenkins credential used to seed job mechanism.
- --(Appears on: -JenkinsSpec) -
--
JenkinsMaster defines the Jenkins master pod attributes and plugins, -every single change requires a Jenkins master pod restart.
- -| Field | -Description | -
|---|---|
-annotations
-
-map[string]string
-
- |
-
-(Optional)
- Annotations is an unstructured key value map stored with a resource that may be -set by external tools to store and retrieve arbitrary metadata. They are not -queryable and should be preserved when modifying objects. -More info: http://kubernetes.io/docs/user-guide/annotations - |
-
-labels
-
-map[string]string
-
- |
-
-(Optional)
- Map of string keys and values that can be used to organize and categorize -(scope and select) objects. May match selectors of replication controllers -and services. -More info: http://kubernetes.io/docs/user-guide/labels - |
-
-nodeSelector
-
-map[string]string
-
- |
-
-(Optional)
- NodeSelector is a selector which must be true for the pod to fit on a node. -Selector which must match a node’s labels for the pod to be scheduled on that node. -More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - |
-
-securityContext
-
-
-Kubernetes core/v1.PodSecurityContext
-
-
- |
-
-(Optional)
- SecurityContext that applies to all the containers of the Jenkins -Master. As per kubernetes specification, it can be overridden -for each container individually. -Defaults to: -runAsUser: 1000 -fsGroup: 1000 - |
-
-containers
-
-
-[][]github.com/jenkinsci/kubernetes-operator/api/v1alpha2.Container
-
-
- |
-
-(Optional)
- List of containers belonging to the pod. -Containers cannot currently be added or removed. -There must be at least one container in a Pod. -Defaults to: -- image: jenkins/jenkins:lts -imagePullPolicy: Always -livenessProbe: -failureThreshold: 12 -httpGet: -path: /login -port: http -scheme: HTTP -initialDelaySeconds: 80 -periodSeconds: 10 -successThreshold: 1 -timeoutSeconds: 5 -name: jenkins-master -readinessProbe: -failureThreshold: 3 -httpGet: -path: /login -port: http -scheme: HTTP -initialDelaySeconds: 30 -periodSeconds: 10 -successThreshold: 1 -timeoutSeconds: 1 -resources: -limits: -cpu: 1500m -memory: 3Gi -requests: -cpu: “1” -memory: 600Mi - |
-
-imagePullSecrets
-
-
-[]Kubernetes core/v1.LocalObjectReference
-
-
- |
-
-(Optional)
- ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. -If specified, these secrets will be passed to individual puller implementations for them to use. For example, -in the case of docker, only DockerConfig type secrets are honored. -More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod - |
-
-volumes
-
-
-[]Kubernetes core/v1.Volume
-
-
- |
-
-(Optional)
- List of volumes that can be mounted by containers belonging to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes - |
-
-tolerations
-
-
-[]Kubernetes core/v1.Toleration
-
-
- |
-
-(Optional)
- If specified, the pod’s tolerations. - |
-
-basePlugins
-
-
-[][]github.com/jenkinsci/kubernetes-operator/api/v1alpha2.Plugin
-
-
- |
-
-(Optional)
- BasePlugins contains plugins required by operator -Defaults to : -- name: kubernetes -version: “1.30.11” -- name: workflow-job -version: “2.42” -- name: workflow-aggregator -version: “2.6” -- name: git -version: “4.10.0” -- name: job-dsl -version: “1.78.1” -- name: configuration-as-code -version: “1.55” -- name: kubernetes-credentials-provider -version: “0.20” - |
-
-plugins
-
-
-[][]github.com/jenkinsci/kubernetes-operator/api/v1alpha2.Plugin
-
-
- |
-
-(Optional)
- Plugins contains plugins required by user - |
-
-disableCSRFProtection
-
-bool
-
- |
-
- DisableCSRFProtection allows you to toggle CSRF Protection on Jenkins - |
-
-priorityClassName
-
-string
-
- |
-
-(Optional)
- PriorityClassName for Jenkins master pod - |
-
-hostAliases
-
-
-[]Kubernetes core/v1.HostAlias
-
-
- |
-
-(Optional)
- HostAliases for Jenkins master pod and SeedJob agent - |
-
-(Appears on: -Jenkins) -
--
JenkinsSpec defines the desired state of Jenkins
- -| Field | -Description | -
|---|---|
-master
-
-
-JenkinsMaster
-
-
- |
-
- Master represents Jenkins master pod properties and Jenkins plugins. -Every single change here requires a pod restart. - |
-
-seedJobs
-
-
-[][]github.com/jenkinsci/kubernetes-operator/api/v1alpha2.SeedJob
-
-
- |
-
-(Optional)
- SeedJobs defines list of Jenkins Seed Job configurations -More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configuration#configure-seed-jobs-and-pipelines - |
-
-validateSecurityWarnings
-
-bool
-
- |
-
-(Optional)
- ValidateSecurityWarnings enables or disables validating potential security warnings in Jenkins plugins via admission webhooks. - |
-
-notifications
-
-
-[][]github.com/jenkinsci/kubernetes-operator/api/v1alpha2.Notification
-
-
- |
-
-(Optional)
- Notifications defines list of a services which are used to inform about Jenkins status -Can be used to integrate chat services like Slack, Microsoft Teams or Mailgun - |
-
-service
-
-
-Service
-
-
- |
-
-(Optional)
- Service is Kubernetes service of Jenkins master HTTP pod -Defaults to : -port: 8080 -type: ClusterIP - |
-
-slaveService
-
-
-Service
-
-
- |
-
-(Optional)
- Service is Kubernetes service of Jenkins slave pods -Defaults to : -port: 50000 -type: ClusterIP - |
-
-backup
-
-
-Backup
-
-
- |
-
-(Optional)
- Backup defines configuration of Jenkins backup -More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configure-backup-and-restore/ - |
-
-restore
-
-
-Restore
-
-
- |
-
-(Optional)
- Backup defines configuration of Jenkins backup restore -More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configure-backup-and-restore/ - |
-
-groovyScripts
-
-
-GroovyScripts
-
-
- |
-
-(Optional)
- GroovyScripts defines configuration of Jenkins customization via groovy scripts - |
-
-configurationAsCode
-
-
-ConfigurationAsCode
-
-
- |
-
-(Optional)
- ConfigurationAsCode defines configuration of Jenkins customization via Configuration as Code Jenkins plugin - |
-
-roles
-
-
-[]Kubernetes rbac/v1.RoleRef
-
-
- |
-
-(Optional)
- Roles defines list of extra RBAC roles for the Jenkins Master pod service account - |
-
-serviceAccount
-
-
-ServiceAccount
-
-
- |
-
-(Optional)
- ServiceAccount defines Jenkins master service account attributes - |
-
-jenkinsAPISettings
-
-
-JenkinsAPISettings
-
-
- |
-
- JenkinsAPISettings defines configuration used by the operator to gain admin access to the Jenkins API - |
-
-(Appears on: -Jenkins) -
--
JenkinsStatus defines the observed state of Jenkins
- -| Field | -Description | -
|---|---|
-operatorVersion
-
-string
-
- |
-
-(Optional)
- OperatorVersion is the operator version which manages this CR - |
-
-provisionStartTime
-
-
-Kubernetes meta/v1.Time
-
-
- |
-
-(Optional)
- ProvisionStartTime is a time when Jenkins master pod has been created - |
-
-baseConfigurationCompletedTime
-
-
-Kubernetes meta/v1.Time
-
-
- |
-
-(Optional)
- BaseConfigurationCompletedTime is a time when Jenkins base configuration phase has been completed - |
-
-userConfigurationCompletedTime
-
-
-Kubernetes meta/v1.Time
-
-
- |
-
-(Optional)
- UserConfigurationCompletedTime is a time when Jenkins user configuration phase has been completed - |
-
-restoredBackup
-
-uint64
-
- |
-
-(Optional)
- RestoredBackup is the restored backup number after Jenkins master pod restart - |
-
-lastBackup
-
-uint64
-
- |
-
-(Optional)
- LastBackup is the latest backup number - |
-
-pendingBackup
-
-uint64
-
- |
-
-(Optional)
- PendingBackup is the pending backup number - |
-
-backupDoneBeforePodDeletion
-
-bool
-
- |
-
-(Optional)
- BackupDoneBeforePodDeletion tells if backup before pod deletion has been made - |
-
-userAndPasswordHash
-
-string
-
- |
-
-(Optional)
- UserAndPasswordHash is a SHA256 hash made from user and password - |
-
-createdSeedJobs
-
-[]string
-
- |
-
-(Optional)
- CreatedSeedJobs contains list of seed job id already created in Jenkins - |
-
-appliedGroovyScripts
-
-
-[][]github.com/jenkinsci/kubernetes-operator/api/v1alpha2.AppliedGroovyScript
-
-
- |
-
-(Optional)
- AppliedGroovyScripts is a list with all applied groovy scripts in Jenkins by the operator - |
-
-(Appears on: -Notification) -
--
Mailgun is handler for Mailgun email service notification channel.
- -| Field | -Description | -
|---|---|
-domain
-
-string
-
- |
-- | -
-apiKeySecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-- | -
-recipient
-
-string
-
- |
-- | -
-from
-
-string
-
- |
-- | -
-(Appears on: -Notification) -
--
MicrosoftTeams is handler for Microsoft MicrosoftTeams notification channel.
- -| Field | -Description | -
|---|---|
-webHookURLSecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-
- The web hook URL to MicrosoftTeams App - |
-
-(Appears on: -JenkinsSpec) -
--
Notification is a service configuration used to send notifications about Jenkins status.
- -| Field | -Description | -
|---|---|
-level
-
-
-NotificationLevel
-
-
- |
-- | -
-verbose
-
-bool
-
- |
-- | -
-name
-
-string
-
- |
-- | -
-slack
-
-
-github.com/jenkinsci/kubernetes-operator/api/v1alpha2.Slack
-
-
- |
-- | -
-teams
-
-
-github.com/jenkinsci/kubernetes-operator/api/v1alpha2.MicrosoftTeams
-
-
- |
-- | -
-mailgun
-
-
-github.com/jenkinsci/kubernetes-operator/api/v1alpha2.Mailgun
-
-
- |
-- | -
-smtp
-
-
-github.com/jenkinsci/kubernetes-operator/api/v1alpha2.SMTP
-
-
- |
-- | -
string alias)-(Appears on: -Notification) -
--
NotificationLevel defines the level of a Notification.
- --(Appears on: -JenkinsMaster) -
--
Plugin defines Jenkins plugin.
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-
- Name is the name of Jenkins plugin - |
-
-version
-
-string
-
- |
-
- Version is the version of Jenkins plugin - |
-
-downloadURL
-
-string
-
- |
-
- DownloadURL is the custom url from where plugin has to be downloaded. - |
-
-
-| Field | -Description | -
|---|---|
-Version
-
-string
-
- |
-- | -
-Kind
-
-string
-
- |
-- | -
-(Appears on: -PluginsInfo) -
--
-| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-- | -
-securityWarnings
-
-
-[][]github.com/jenkinsci/kubernetes-operator/api/v1alpha2.Warning
-
-
- |
-- | -
-(Appears on: -SecurityValidator) -
--
-| Field | -Description | -
|---|---|
-plugins
-
-
-[][]github.com/jenkinsci/kubernetes-operator/api/v1alpha2.PluginInfo
-
-
- |
-- | -
-(Appears on: -JenkinsSpec) -
--
Restore defines configuration of Jenkins backup restore operation.
- -| Field | -Description | -
|---|---|
-containerName
-
-string
-
- |
-
- ContainerName is the container name responsible for restore backup operation - |
-
-action
-
-
-Handler
-
-
- |
-
- Action defines action which performs restore backup in restore container sidecar - |
-
-getLatestAction
-
-
-Handler
-
-
- |
-
-(Optional)
- GetLatestAction defines action which returns the latest backup number. If there is no backup “-1” should be -returned. - |
-
-recoveryOnce
-
-uint64
-
- |
-
-(Optional)
- RecoveryOnce if want to restore specific backup set this field and then Jenkins will be restarted and desired backup will be restored - |
-
-(Appears on: -Notification) -
--
SMTP is handler for sending emails via this protocol.
- -| Field | -Description | -
|---|---|
-usernameSecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-- | -
-passwordSecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-- | -
-port
-
-int
-
- |
-- | -
-server
-
-string
-
- |
-- | -
-tlsInsecureSkipVerify
-
-bool
-
- |
-- | -
-from
-
-string
-
- |
-- | -
-to
-
-string
-
- |
-- | -
-(Appears on: -Mailgun, -MicrosoftTeams, -SMTP, -Slack) -
--
SecretKeySelector selects a key of a Secret.
- -| Field | -Description | -
|---|---|
-secret
-
-
-Kubernetes core/v1.LocalObjectReference
-
-
- |
-
- The name of the secret in the pod’s namespace to select from. - |
-
-key
-
-string
-
- |
-
- The key of the secret to select from. Must be a valid secret key. - |
-
-(Appears on: -Customization) -
--
SecretRef is reference to Kubernetes secret.
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-- | -
-
-| Field | -Description | -
|---|---|
-PluginDataCache
-
-
-PluginsInfo
-
-
- |
-- | -
-isCached
-
-bool
-
- |
-- | -
-Attempts
-
-int
-
- |
-- | -
-checkingPeriod
-
-time.Duration
-
- |
-- | -
-(Appears on: -JenkinsSpec) -
--
SeedJob defines configuration for seed job -More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configuration/#configure-seed-jobs-and-pipelines.
- -| Field | -Description | -
|---|---|
-id
-
-string
-
- |
-
- ID is the unique seed job name - |
-
-credentialID
-
-string
-
- |
-
- CredentialID is the Kubernetes secret name which stores repository access credentials - |
-
-description
-
-string
-
- |
-
-(Optional)
- Description is the description of the seed job - |
-
-targets
-
-string
-
- |
-
- Targets is the repository path where are seed job definitions - |
-
-repositoryBranch
-
-string
-
- |
-
- RepositoryBranch is the repository branch where are seed job definitions - |
-
-repositoryUrl
-
-string
-
- |
-
- RepositoryURL is the repository access URL. Can be SSH or HTTPS. - |
-
-credentialType
-
-
-JenkinsCredentialType
-
-
- |
-
-(Optional)
- JenkinsCredentialType is the https://jenkinsci.github.io/kubernetes-credentials-provider-plugin/ credential type - |
-
-bitbucketPushTrigger
-
-bool
-
- |
-
-(Optional)
- BitbucketPushTrigger is used for Bitbucket web hooks - |
-
-githubPushTrigger
-
-bool
-
- |
-
-(Optional)
- GitHubPushTrigger is used for GitHub web hooks - |
-
-buildPeriodically
-
-string
-
- |
-
-(Optional)
- BuildPeriodically is setting for scheduled trigger - |
-
-pollSCM
-
-string
-
- |
-
-(Optional)
- PollSCM is setting for polling changes in SCM - |
-
-ignoreMissingFiles
-
-bool
-
- |
-
-(Optional)
- IgnoreMissingFiles is setting for Job DSL API plugin to ignore files that miss - |
-
-additionalClasspath
-
-string
-
- |
-
-(Optional)
- AdditionalClasspath is setting for Job DSL API plugin to set Additional Classpath - |
-
-failOnMissingPlugin
-
-bool
-
- |
-
-(Optional)
- FailOnMissingPlugin is setting for Job DSL API plugin that fails job if required plugin is missing - |
-
-unstableOnDeprecation
-
-bool
-
- |
-
-(Optional)
- UnstableOnDeprecation is setting for Job DSL API plugin that sets build status as unstable if build using deprecated features - |
-
-(Appears on: -JenkinsSpec) -
--
Service defines Kubernetes service attributes
- -| Field | -Description | -
|---|---|
-annotations
-
-map[string]string
-
- |
-
-(Optional)
- Annotations is an unstructured key value map stored with a resource that may be -set by external tools to store and retrieve arbitrary metadata. They are not -queryable and should be preserved when modifying objects. -More info: http://kubernetes.io/docs/user-guide/annotations - |
-
-labels
-
-map[string]string
-
- |
-
-(Optional)
- Route service traffic to pods with label keys and values matching this -selector. If empty or not present, the service is assumed to have an -external process managing its endpoints, which Kubernetes will not -modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. -Ignored if type is ExternalName. -More info: https://kubernetes.io/docs/concepts/services-networking/service/ - |
-
-type
-
-
-Kubernetes core/v1.ServiceType
-
-
- |
-
-(Optional)
- Type determines how the Service is exposed. Defaults to ClusterIP. Valid -options are ExternalName, ClusterIP, NodePort, and LoadBalancer. -“ExternalName” maps to the specified externalName. -“ClusterIP” allocates a cluster-internal IP address for load-balancing to -endpoints. Endpoints are determined by the selector or if that is not -specified, by manual construction of an Endpoints object. If clusterIP is -“None”, no virtual IP is allocated and the endpoints are published as a -set of endpoints rather than a stable IP. -“NodePort” builds on ClusterIP and allocates a port on every node which -routes to the clusterIP. -“LoadBalancer” builds on NodePort and creates an -external load-balancer (if supported in the current cloud) which routes -to the clusterIP. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services—service-types - |
-
-port
-
-int32
-
- |
-
- The port that are exposed by this service. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - |
-
-nodePort
-
-int32
-
- |
-
-(Optional)
- The port on each node on which this service is exposed when type=NodePort or LoadBalancer. -Usually assigned by the system. If specified, it will be allocated to the service -if unused or else creation of the service will fail. -Default is to auto-allocate a port if the ServiceType of this Service requires one. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - |
-
-loadBalancerSourceRanges
-
-[]string
-
- |
-
-(Optional)
- If specified and supported by the platform, this will restrict traffic through the cloud-provider -load-balancer will be restricted to the specified client IPs. This field will be ignored if the -cloud-provider does not support the feature.” -More info: https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/#restricting-cloud-metadata-api-access - |
-
-loadBalancerIP
-
-string
-
- |
-
-(Optional)
- Only applies to Service Type: LoadBalancer -LoadBalancer will get created with the IP specified in this field. -This feature depends on whether the underlying cloud-provider supports specifying -the loadBalancerIP when a load balancer is created. -This field will be ignored if the cloud-provider does not support the feature. - |
-
-(Appears on: -JenkinsSpec) -
--
ServiceAccount defines Kubernetes service account attributes
- -| Field | -Description | -
|---|---|
-annotations
-
-map[string]string
-
- |
-
-(Optional)
- Annotations is an unstructured key value map stored with a resource that may be -set by external tools to store and retrieve arbitrary metadata. They are not -queryable and should be preserved when modifying objects. -More info: http://kubernetes.io/docs/user-guide/annotations - |
-
-(Appears on: -Notification) -
--
Slack is handler for Slack notification channel.
- -| Field | -Description | -
|---|---|
-webHookURLSecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-
- The web hook URL to Slack App - |
-
-(Appears on: -Warning) -
--
-| Field | -Description | -
|---|---|
-firstVersion
-
-string
-
- |
-- | -
-lastVersion
-
-string
-
- |
-- | -
-(Appears on: -PluginInfo) -
--
-| Field | -Description | -
|---|---|
-versions
-
-
-[][]github.com/jenkinsci/kubernetes-operator/api/v1alpha2.Version
-
-
- |
-- | -
-id
-
-string
-
- |
-- | -
-message
-
-string
-
- |
-- | -
-url
-
-string
-
- |
-- | -
-active
-
-bool
-
- |
-- | -
-Generated with gen-crd-api-reference-docs
-on git commit 76078d5f.
-
You need to create two namespaces, for example we’ll call them jenkins for Jenkins and jenkins-operator for Jenkins Operator.
-$ kubectl create ns jenkins-operator
-$ kubectl create ns jenkinsNext, you need to install resources necessary for the Operator to work in the jenkins-operator namespace. To do that,
-copy the manifest you see below to jenkins-operator-rbac.yamlfile.
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: jenkins-operator
----
-# permissions to do leader election.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: leader-election-role
-rules:
-- apiGroups:
- - ""
- - coordination.k8s.io
- resources:
- - configmaps
- - leases
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - patch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: leader-election-rolebinding
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: leader-election-role
-subjects:
-- kind: ServiceAccount
- name: jenkins-operator
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: jenkins-operator
-rules:
-- apiGroups:
- - apps
- resources:
- - daemonsets
- - deployments
- - replicasets
- - statefulsets
- verbs:
- - '*'
-- apiGroups:
- - apps
- - jenkins-operator
- resources:
- - deployments/finalizers
- verbs:
- - update
-- apiGroups:
- - build.openshift.io
- resources:
- - buildconfigs
- - builds
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - ""
- resources:
- - configmaps
- - secrets
- - services
- verbs:
- - create
- - get
- - list
- - update
- - watch
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - get
- - list
- - patch
- - watch
-- apiGroups:
- - ""
- resources:
- - persistentvolumeclaims
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - ""
- resources:
- - pods
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - ""
- resources:
- - pods
- - pods/exec
- verbs:
- - '*'
-- apiGroups:
- - ""
- resources:
- - pods/log
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - ""
- resources:
- - pods/portforward
- verbs:
- - create
-- apiGroups:
- - ""
- resources:
- - serviceaccounts
- verbs:
- - create
- - get
- - list
- - update
- - watch
-- apiGroups:
- - image.openshift.io
- resources:
- - imagestreams
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - jenkins.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - jenkins.io
- resources:
- - jenkins
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - jenkins.io
- resources:
- - jenkins/finalizers
- verbs:
- - update
-- apiGroups:
- - jenkins.io
- resources:
- - jenkins/status
- verbs:
- - get
- - patch
- - update
-- apiGroups:
- - rbac.authorization.k8s.io
- resources:
- - rolebindings
- - roles
- verbs:
- - create
- - get
- - list
- - update
- - watch
-- apiGroups:
- - route.openshift.io
- resources:
- - routes
- verbs:
- - create
- - get
- - list
- - update
- - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: jenkins-operator
-subjects:
- - kind: ServiceAccount
- name: jenkins-operator
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: jenkins-operatorNow install the required resources in jenkins-operator namespace with:
kubectl apply -n jenkins-operator -f jenkins-operator-rbac.yamlThere’s only one thing left to install in jenkins-operator namespace, and that is the Operator itself. The manifest
-below contains the Operator as defined in all-in-one manifest found in Installing the Operator
-page, the only difference is that the one here sets WATCH_NAMESPACE to the jenkins namespace we created.
Copy its content to jenkins-operator.yaml file.
apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: jenkins-operator
- labels:
- control-plane: controller-manager
-spec:
- selector:
- matchLabels:
- control-plane: controller-manager
- replicas: 1
- template:
- metadata:
- labels:
- control-plane: controller-manager
- spec:
- serviceAccountName: jenkins-operator
- securityContext:
- runAsUser: 65532
- containers:
- - command:
- - /manager
- args:
- - --leader-elect
- image: virtuslab/jenkins-operator:v0.7.0
- name: jenkins-operator
- imagePullPolicy: IfNotPresent
- securityContext:
- allowPrivilegeEscalation: false
- livenessProbe:
- httpGet:
- path: /healthz
- port: 8081
- initialDelaySeconds: 15
- periodSeconds: 20
- readinessProbe:
- httpGet:
- path: /readyz
- port: 8081
- initialDelaySeconds: 5
- periodSeconds: 10
- resources:
- limits:
- cpu: 100m
- memory: 30Mi
- requests:
- cpu: 100m
- memory: 20Mi
- env:
- - name: WATCH_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- terminationGracePeriodSeconds: 10Install the Operator in jenkins-operator namespace with:
kubectl apply -n jenkins-operator -f jenkins-operator.yamlYou have installed the Operator in jenkins-operator namespace, watching for Jenkins in jenkins namespace. Now
-there are two things left to do: creating necessary Role and RoleBinding for the Operator in jenkins namespace, and
-deploying actual Jenkins instance there.
Below you can find manifest with RBAC that needs to be created in jenkins namespace. Copy its content to jenkins-ns-rbac.yaml file.
apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: jenkins-operator
-rules:
- - apiGroups:
- - apps
- resources:
- - daemonsets
- - deployments
- - replicasets
- - statefulsets
- verbs:
- - '*'
- - apiGroups:
- - apps
- - jenkins-operator
- resources:
- - deployments/finalizers
- verbs:
- - update
- - apiGroups:
- - build.openshift.io
- resources:
- - buildconfigs
- - builds
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - ""
- resources:
- - configmaps
- - secrets
- - services
- verbs:
- - create
- - get
- - list
- - update
- - watch
- - apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - get
- - list
- - patch
- - watch
- - apiGroups:
- - ""
- resources:
- - persistentvolumeclaims
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - ""
- resources:
- - pods
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
- - apiGroups:
- - ""
- resources:
- - pods
- - pods/exec
- verbs:
- - '*'
- - apiGroups:
- - ""
- resources:
- - pods/log
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - ""
- resources:
- - pods/portforward
- verbs:
- - create
- - apiGroups:
- - ""
- resources:
- - serviceaccounts
- verbs:
- - create
- - get
- - list
- - update
- - watch
- - apiGroups:
- - image.openshift.io
- resources:
- - imagestreams
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - jenkins.io
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - jenkins.io
- resources:
- - jenkins
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
- - apiGroups:
- - jenkins.io
- resources:
- - jenkins/finalizers
- verbs:
- - update
- - apiGroups:
- - jenkins.io
- resources:
- - jenkins/status
- verbs:
- - get
- - patch
- - update
- - apiGroups:
- - rbac.authorization.k8s.io
- resources:
- - rolebindings
- - roles
- verbs:
- - create
- - get
- - list
- - update
- - watch
- - apiGroups:
- - route.openshift.io
- resources:
- - routes
- verbs:
- - create
- - get
- - list
- - update
- - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: jenkins-operator
-subjects:
- - kind: ServiceAccount
- name: jenkins-operator
- namespace: jenkins-operator
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: jenkins-operatorNow apply it with:
-kubectl apply -n jenkins -f jenkins-ns-rbac.yamlThe last thing to do is to deploy Jenkins. Below you can find an example Jenkins resource manifest.
-It’s the same as one used in Deploying Jenkins.
-Copy it to jenkins-instance.yaml
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- configurationAsCode:
- configurations: []
- secret:
- name: ""
- groovyScripts:
- configurations: []
- secret:
- name: ""
- jenkinsAPISettings:
- authorizationStrategy: createUser
- master:
- disableCSRFProtection: false
- containers:
- - name: jenkins-master
- image: jenkins/jenkins:2.319.1-lts-alpine
- imagePullPolicy: Always
- livenessProbe:
- failureThreshold: 12
- httpGet:
- path: /login
- port: http
- scheme: HTTP
- initialDelaySeconds: 100
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 5
- readinessProbe:
- failureThreshold: 10
- httpGet:
- path: /login
- port: http
- scheme: HTTP
- initialDelaySeconds: 80
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 1
- resources:
- limits:
- cpu: 1500m
- memory: 3Gi
- requests:
- cpu: "1"
- memory: 500Mi
- seedJobs:
- - id: jenkins-operator
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.gitNow you can deploy it with:
-kubectl apply -n jenkins -f jenkins-instance.yamlWith this, you have just set up Jenkins Operator and Jenkins in separate namespaces. Now the Operator will run in
-its own namespace (jenkins-operator), watch for CRs in jenkins namespace, and deploy Jenkins there.
Azure AKS managed Kubernetes service adds to every pod the following environment variables:
-- name: KUBERNETES_PORT_443_TCP_ADDR
- value:
-- name: KUBERNETES_PORT
- value: tcp://
-- name: KUBERNETES_PORT_443_TCP
- value: tcp://
-- name: KUBERNETES_SERVICE_HOST
- value:The operator is aware of it and omits these environment variables when checking if a Jenkins pod environment has been changed. It prevents -the restart of a Jenkins pod over and over again.
- - - -Jenkins operator uses job-dsl and kubernetes-credentials-provider plugins for configuring jobs -and deploy keys.
- -First you have to prepare pipelines and job definition in your GitHub repository using the following structure:
-cicd/
-├── jobs
-│ └── build.jenkins
-└── pipelines
- └── build.jenkinscicd/jobs/build.jenkins it’s a job definition:
-#!/usr/bin/env groovy
-
-pipelineJob('build-jenkins-operator') {
- displayName('Build jenkins-operator')
-
- definition {
- cpsScm {
- scm {
- git {
- remote {
- url('https://github.com/jenkinsci/kubernetes-operator.git')
- credentials('jenkins-operator')
- }
- branches('*/master')
- }
- }
- scriptPath('cicd/pipelines/build.jenkins')
- }
- }
-}cicd/pipelines/build.jenkins is an actual Jenkins pipeline:
-#!/usr/bin/env groovy
-
-def label = "build-jenkins-operator-${UUID.randomUUID().toString()}"
-def home = "/home/jenkins"
-def workspace = "${home}/workspace/build-jenkins-operator"
-def workdir = "${workspace}/src/github.com/jenkinsci/kubernetes-operator/"
-
-podTemplate(label: label,
- containers: [
- containerTemplate(name: 'jnlp', image: 'jenkins/inbound-agent:alpine'),
- containerTemplate(name: 'go', image: 'golang:1-alpine', command: 'cat', ttyEnabled: true),
- ],
- envVars: [
- envVar(key: 'GOPATH', value: workspace),
- ],
- ) {
-
- node(label) {
- dir(workdir) {
- stage('Init') {
- timeout(time: 3, unit: 'MINUTES') {
- checkout scm
- }
- container('go') {
- sh 'apk --no-cache --update add make git gcc libc-dev'
- }
- }
-
- stage('Dep') {
- container('go') {
- sh 'make dep'
- }
- }
-
- stage('Test') {
- container('go') {
- sh 'make test'
- }
- }
-
- stage('Build') {
- container('go') {
- sh 'make build'
- }
- }
- }
- }
-}Jenkins Seed Jobs are configured using Jenkins.spec.seedJobs section from your custom resource manifest:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- seedJobs:
- - id: jenkins-operator
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.gitJenkins Operator will automatically discover and configure all the seed jobs.
- -You can verify if deploy keys were successfully configured in the Jenkins Credentials tab.
- -
You can verify if your pipelines were successfully configured in the Jenkins Seed Job console output.
- -
If your GitHub repository is private you have to configure SSH or username/password authentication.
- -There are two methods of SSH private key generation:
-$ openssl genrsa -out <filename> 2048or
-$ ssh-keygen -t rsa -b 2048
-$ ssh-keygen -p -f <filename> -m pemThen copy content from generated file.
- -If you want to upload your public key to your Git server you need to extract it.
- -If key was generated by openssl then you need to type this to extract public key:
$ openssl rsa -in <filename> -pubout > <filename>.pubIf key was generated by ssh-keygen the public key content is located in
Configure a seed job like this:
-apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- seedJobs:
- - id: jenkins-operator-ssh
- credentialType: basicSSHUserPrivateKey
- credentialID: k8s-ssh
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: git@github.com:jenkinsci/kubernetes-operator.gitand create a Kubernetes Secret (name of secret should be the same from credentialID field):
apiVersion: v1
-kind: Secret
-metadata:
- name: k8s-ssh
-stringData:
- privateKey: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIJKAIBAAKCAgEAxxDpleJjMCN5nusfW/AtBAZhx8UVVlhhhIKXvQ+dFODQIdzO
- oDXybs1zVHWOj31zqbbJnsfsVZ9Uf3p9k6xpJ3WFY9b85WasqTDN1xmSd6swD4N8
- ...
- username: github_user_nameConfigure a seed job like this:
-apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- seedJobs:
- - id: jenkins-operator-user-pass
- credentialType: usernamePassword
- credentialID: k8s-user-pass
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.gitand create a Kubernetes Secret (name of secret should be the same from credentialID field):
apiVersion: v1
-kind: Secret
-metadata:
- name: k8s-user-pass
-stringData:
- username: github_user_name
- password: password_or_tokenTo use forwarding proxy with an operator to download plugins you need to add the following environment variable to Jenkins CR, for e.g.:
-spec:
- master:
- containers:
- - name: jenkins-master
- env:
- - name: CURL_OPTIONS
- value: -L -x <proxy_url>In CURL_OPTIONS var you can set additional arguments to curl command.
The operator automatically generates a Jenkins username and password and stores it in Kubernetes secret named
-jenkins-operator-credentials-<cr_name> in the namespace where Jenkins CR has been deployed.
If you want change it you can override the secret:
-apiVersion: v1
-kind: Secret
-metadata:
- name: jenkins-operator-credentials-<cr-name>
- namespace: <namespace>
-data:
- user: <base64-encoded-new-username>
- password: <base64-encoded-new-password>If needed Jenkins Operator will restart the Jenkins master pod and then you can login with the new username and password -credentials.
- -The default command for the Jenkins master container jenkins/jenkins:lts looks like:
command:
-- bash
-- -c
-- /var/jenkins/scripts/init.sh && /usr/bin/tini -s -- /usr/local/bin/jenkins.shThe script/var/jenkins/scripts/init.sh is provided by the operator and configures init.groovy.d (creates the Jenkins user)
-and installs plugins.
-The /usr/bin/tini -s -- /usr/local/bin/jenkins.sh command runs the Jenkins master main process.
You can overwrite it in the following pattern:
-command:
-- bash
-- -c
-- /var/jenkins/scripts/init.sh && <custom-code-here> && /usr/bin/tini -s -- /usr/local/bin/jenkins.shBackup and restore is done by a container sidecar.
- -Save to the file named pvc.yaml:
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: <pvc_name>
- namespace: <namespace>
-spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 500GiRun the following command:
-$ kubectl -n <namespace> create -f pvc.yamlapiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: <cr_name>
- namespace: <namespace>
-spec:
- master:
- securityContext:
- runAsUser: 1000
- fsGroup: 1000
- containers:
- - name: jenkins-master
- image: jenkins/jenkins:lts
- - name: backup # container responsible for the backup and restore
- env:
- - name: BACKUP_DIR
- value: /backup
- - name: JENKINS_HOME
- value: /jenkins-home
- - name: BACKUP_COUNT
- value: "3" # keep only the 2 most recent backups
- image: virtuslab/jenkins-operator-backup-pvc:v0.0.8 # look at backup/pvc directory
- imagePullPolicy: IfNotPresent
- volumeMounts:
- - mountPath: /jenkins-home # Jenkins home volume
- name: jenkins-home
- - mountPath: /backup # backup volume
- name: backup
- volumes:
- - name: backup # PVC volume where backups will be stored
- persistentVolumeClaim:
- claimName: <pvc_name>
- backup:
- containerName: backup # container name is responsible for backup
- action:
- exec:
- command:
- - /home/user/bin/backup.sh # this command is invoked on "backup" container to make backup, for example /home/user/bin/backup.sh <backup_number>, <backup_number> is passed by operator
- interval: 30 # how often to make a backup, in seconds
- makeBackupBeforePodDeletion: true # make a backup before pod deletion
- restore:
- containerName: backup # container name is responsible to restore the backup
- action:
- exec:
- command:
- - /home/user/bin/restore.sh # this command is invoked on "backup" container to restore the backup, for example /home/user/bin/restore.sh <backup_number>, <backup_number> is passed by operator
- #recoveryOnce: <backup_number> # if want to restore specific backup configure this field and then Jenkins will be restarted and desired backup will be restoredJenkins can be customized by using groovy scripts or the Jenkins Configuration as a Code Plugin. All custom configuration is stored in
-the jenkins-operator-user-configuration-
The Jenkins Operator creates a jenkins-operator-user-configuration-PASSWORD then you can use it in the
-Jenkins Configuration as a Code Plugin as adminAddress: "${PASSWORD}".
kubectl get secret jenkins-operator-user-configuration- -o yaml
-
-kind: Secret
-apiVersion: v1
-type: Opaque
-metadata:
- name: jenkins-operator-user-configuration-
- namespace: default
-data:
- SECRET_JENKINS_ADMIN_ADDRESS: YXNkZgo= kubectl get configmap jenkins-operator-user-configuration- -o yaml
-
-apiVersion: v1
-data:
- 1-configure-theme.groovy: |2
- import jenkins.*
- import jenkins.model.*
- import hudson.*
- import hudson.model.*
- import org.jenkinsci.plugins.simpletheme.ThemeElement
- import org.jenkinsci.plugins.simpletheme.CssTextThemeElement
- import org.jenkinsci.plugins.simpletheme.CssUrlThemeElement
-
- Jenkins jenkins = Jenkins.getInstance()
-
- def decorator = Jenkins.instance.getDescriptorByType(org.codefirst.SimpleThemeDecorator.class)
-
- List configElements = new ArrayList<>();
- configElements.add(new CssTextThemeElement("DEFAULT"));
- configElements.add(new CssUrlThemeElement("https://cdn.rawgit.com/afonsof/jenkins-material-theme/gh-pages/dist/material-light-green.css"));
- decorator.setElements(configElements);
- decorator.save();
-
- jenkins.save()
- 1-system-message.yaml: |2
- jenkins:
- systemMessage: "Configuration as Code integration works!!!"
- adminAddress: "${SECRET_JENKINS_ADMIN_ADDRESS}"
-kind: ConfigMap
-metadata:
- name: jenkins-operator-user-configuration-
- namespace: default When the jenkins-operator-user-configuration-
Edit CR under spec.master.plugins:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- master:
- plugins:
- - name: simple-theme-plugin
- version: 0.5.1Under spec.master.basePlugins you can find plugins for a valid Jenkins Operator:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- master:
- basePlugins:
- - name: kubernetes
- version: 1.18.3
- - name: workflow-job
- version: "2.34"
- - name: workflow-aggregator
- version: "2.6"
- - name: git
- version: 3.12.0
- - name: job-dsl
- version: "1.76"
- - name: configuration-as-code
- version: "1.31"
- - name: kubernetes-credentials-provider
- version: 0.12.1You can change their versions.
- -The Jenkins Operator will then automatically install those plugins after the Jenkins master pod restart.
- - - -Once the Jenkins Operator is up and running let’s deploy an actual Jenkins instance. -Create a manifest ie. jenkins_instance.yaml with following data and save it on drive.
-apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- master:
- containers:
- - name: jenkins-master
- image: jenkins/jenkins:lts
- imagePullPolicy: Always
- livenessProbe:
- failureThreshold: 12
- httpGet:
- path: /login
- port: http
- scheme: HTTP
- initialDelaySeconds: 80
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 5
- readinessProbe:
- failureThreshold: 3
- httpGet:
- path: /login
- port: http
- scheme: HTTP
- initialDelaySeconds: 30
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 1
- resources:
- limits:
- cpu: 1500m
- memory: 3Gi
- requests:
- cpu: "1"
- memory: 500Mi
- seedJobs:
- - id: jenkins-operator
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.gitDeploy a Jenkins to K8s:
-kubectl create -f jenkins_instance.yamlWatch the Jenkins instance being created:
-kubectl get pods -wGet the Jenkins credentials:
-kubectl get secret jenkins-operator-credentials-<cr_name> -o 'jsonpath={.data.user}' | base64 -d
-kubectl get secret jenkins-operator-credentials-<cr_name> -o 'jsonpath={.data.password}' | base64 -dConnect to the Jenkins Operator (minikube):
-minikube service jenkins-operator-http-<cr_name> --urlConnect to the Jenkins instance (actual Kubernetes cluster):
-kubectl port-forward jenkins-<cr_name> 8080:8080Then open browser with address http://localhost:8080.
-
Turn on debug in Jenkins Operator deployment:
-sed -i 's|\(args:\).*|\1\ ["--debug"\]|' deploy/operator.yaml
-kubectl apply -f deploy/operator.yamlWatch Kubernetes events:
-kubectl get events --sort-by='{.lastTimestamp}'Verify Jenkins master logs:
-kubectl logs -f jenkins-<cr_name>Verify jenkins-operator logs:
-kubectl logs deployment/jenkins-operatorDelete the Jenkins master pod and wait for the new one to come up:
-kubectl delete pod jenkins-<cr_name>This document describes a getting started guide for Jenkins Operator v0.1.x and also additional configuration.
Prepare your Kubernetes cluster and set up your kubectl access.
Once you have running Kubernetes cluster you can focus on installing Jenkins Operator according to the Installation guide.
- -Deploy production ready Jenkins Operator manifest -
-How to configure Jenkins with Operator -
-How to customize Jenkins -
-Additional configuration for Azure Kubernetes Service -
-Prevent loss of job history -
-How to deal with jenkins-operator problems -
-API Schema definitions for Jenkins CR -
-How to migrate to new CRD manifest -
-Please note that CRD manifests are global, not namespaced, so every Jenkins operator running on the cluster -will be impacted by the new CRD manifest. Multiple operator instances with different versions should continue to work.
- -Run command:
-$ kubectl -n <namespace> scale deployment.apps/jenkins-operator --replicas=0
-deployment.apps/jenkins-operator scaledVerify the desired state, by running this command:
-$ kubectl -n <namespace> get po
-No resources found.Run command:
-$ kubectl -n <namespace> get po
-NAME READY STATUS RESTARTS AGE
-jenkins-operator-<cr_name> 2/2 Running 0 3m35s
-$ kubectl -n <namespace> get delete po jenkins-operator-<cr_name>
-pod "jenkins-operator-<cr_name>" deletedVerify the desired state, by running this command:
-$ kubectl -n <namespace> get po
-No resources found.Run command:
-$ kubectl -n <namespace> get jenkins <cr_name> -o yaml > jenkins.yamlChange apiVersion to apiVersion: jenkins.io/v1alpha2
New plugin format without dependent plugins:
- -spec.master.basePlugins example:
spec:
-master:
-basePlugins:
- - name: a-plugin-name
- version: "1.0.0"
- ...spec.master.plugins example:
spec:
-master:
-plugins:
- - name: a-plugin-name
- version: "1.0.0"
-...Move Jenkins master container properties to spec.master.containers[jenkins-master] (non exhaustive list):
-- spec.master.image -> spec.master.containers[jenkins-master].image
-- spec.master.imagePullPolicy -> spec.master.containers[jenkins-master].imagePullPolicy
-- spec.master.livenessProbe -> spec.master.containers[jenkins-master].livenessProbe
-- spec.master.readinessProbe -> spec.master.containers[jenkins-master].readinessProbe
-- spec.master.resources -> spec.master.containers[jenkins-master].resources
-- spec.master.env -> spec.master.containers[jenkins-master].env
spec:
- master:
- containers:
- - name: jenkins-master
- image: jenkins/jenkins:lts
- ...See also the examples below for more details. For even more details please look at the source code. -Code that defines the data structures can be found here
- -Old format:
-apiVersion: jenkins.io/v1alpha1
-kind: Jenkins
-metadata:
- name: <cr_name>
- namespace: <namespace>
-spec:
- master:
- basePlugins:
- configuration-as-code:1.17:
- - configuration-as-code-support:1.17
- git:3.10.0:
- - apache-httpcomponents-client-4-api:4.5.5-3.0
- - credentials:2.1.19
- - display-url-api:2.3.1
- - git-client:2.7.7
- - jsch:0.1.55
- - junit:1.28
- - mailer:1.23
- - matrix-project:1.14
- - scm-api:2.4.1
- - script-security:1.59
- - ssh-credentials:1.16
- - structs:1.19
- - workflow-api:2.34
- - workflow-scm-step:2.7
- - workflow-step-api:2.19
- job-dsl:1.74:
- - script-security:1.59
- - structs:1.19
- kubernetes-credentials-provider:0.12.1:
- - credentials:2.1.19
- - structs:1.19
- - variant:1.2
- kubernetes:1.15.5:
- - apache-httpcomponents-client-4-api:4.5.5-3.0
- - cloudbees-folder:6.8
- - credentials:2.1.19
- - durable-task:1.29
- - jackson2-api:2.9.9
- - kubernetes-credentials:0.4.0
- - plain-credentials:1.5
- - structs:1.19
- - variant:1.2
- - workflow-step-api:2.19
- workflow-aggregator:2.6:
- - ace-editor:1.1
- - apache-httpcomponents-client-4-api:4.5.5-3.0
- - authentication-tokens:1.3
- - branch-api:2.5.2
- - cloudbees-folder:6.8
- - credentials-binding:1.18
- - credentials:2.1.19
- - display-url-api:2.3.1
- - docker-commons:1.15
- - docker-workflow:1.18
- - durable-task:1.29
- - git-client:2.7.7
- - git-server:1.7
- - handlebars:1.1.1
- - jackson2-api:2.9.9
- - jquery-detached:1.2.1
- - jsch:0.1.55
- - junit:1.28
- - lockable-resources:2.5
- - mailer:1.23
- - matrix-project:1.14
- - momentjs:1.1.1
- - pipeline-build-step:2.9
- - pipeline-graph-analysis:1.10
- - pipeline-input-step:2.10
- - pipeline-milestone-step:1.3.1
- - pipeline-model-api:1.3.8
- - pipeline-model-declarative-agent:1.1.1
- - pipeline-model-definition:1.3.8
- - pipeline-model-extensions:1.3.8
- - pipeline-rest-api:2.11
- - pipeline-stage-step:2.3
- - pipeline-stage-tags-metadata:1.3.8
- - pipeline-stage-view:2.11
- - plain-credentials:1.5
- - scm-api:2.4.1
- - script-security:1.59
- - ssh-credentials:1.16
- - structs:1.19
- - workflow-api:2.34
- - workflow-basic-steps:2.16
- - workflow-cps-global-lib:2.13
- - workflow-cps:2.69
- - workflow-durable-task-step:2.30
- - workflow-job:2.32
- - workflow-multibranch:2.21
- - workflow-scm-step:2.7
- - workflow-step-api:2.19
- - workflow-support:3.3
- workflow-job:2.32:
- - scm-api:2.4.1
- - script-security:1.59
- - structs:1.19
- - workflow-api:2.34
- - workflow-step-api:2.19
- - workflow-support:3.3
- image: jenkins/jenkins:lts
- imagePullPolicy: Always
- livenessProbe:
- failureThreshold: 12
- httpGet:
- path: /login
- port: 8080
- scheme: HTTP
- initialDelaySeconds: 30
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 5
- plugins:
- simple-theme-plugin:0.5.1: []
- slack:2.24:
- - workflow-step-api:2.19
- - credentials:2.1.19
- - display-url-api:2.3.1
- - junit:1.28
- - plain-credentials:1.5
- - script-security:1.59
- - structs:1.19
- - token-macro:2.8
- readinessProbe:
- failureThreshold: 12
- httpGet:
- path: /login
- port: 8080
- scheme: HTTP
- initialDelaySeconds: 30
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 5
- resources:
- limits:
- cpu: 1500m
- memory: 3Gi
- requests:
- cpu: "1"
- memory: 500MiNew format:
-apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: <cr_name>
- namespace: <namespace>
-spec:
- master:
- basePlugins:
- - name: kubernetes
- version: 1.15.7
- - name: workflow-job
- version: "2.32"
- - name: workflow-aggregator
- version: "2.6"
- - name: git
- version: 3.10.0
- - name: job-dsl
- version: "1.74"
- - name: configuration-as-code
- version: "1.19"
- - name: kubernetes-credentials-provider
- version: 0.12.1
- containers:
- - name: jenkins-master
- image: jenkins/jenkins:lts
- imagePullPolicy: Always
- livenessProbe:
- failureThreshold: 12
- httpGet:
- path: /login
- port: http
- scheme: HTTP
- initialDelaySeconds: 30
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 5
- readinessProbe:
- failureThreshold: 3
- httpGet:
- path: /login
- port: http
- scheme: HTTP
- initialDelaySeconds: 30
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 1
- resources:
- limits:
- cpu: 1500m
- memory: 3Gi
- requests:
- cpu: "1"
- memory: 500Mi
- plugins:
- - name: simple-theme-plugin
- version: 0.5.1
- - name: slack
- version: 2.24A new version of the Custom Resource Definition for the operator needs to be applied: --Jenkins CRD v1alpha2
- -To use the default CRD file:
-kubectl -n apply -f https://github.com/jenkinsci/kubernetes-operator/blob/master/deploy/crds/jenkins_v1alpha2_jenkins_crd.yaml A new operator version requires updated RBAC permissions:
- -To use the default Role file:
-$ kubectl -n apply -f https://raw.githubusercontent.com/jenkinsci/kubernetes-operator/master/deploy/role.yaml Replace your modified operator configuration file:
-$ kubectl -n <namespace> replace -f jenkins.yamlUpdate operator version in the deployment file to image: virtuslab/jenkins-operator:v0.1.0 and scale up,
-or use the default deployment manifest:
$ kubectl -n apply -f https://raw.githubusercontent.com/jenkinsci/kubernetes-operator/master/deploy/operator.yaml This document contains API scheme for jenkins-operator manifest
Packages:
--
Package v1alpha2 contains the API Schema definitions for the jenkins.io v1alpha2 API group
- -Resource Types: --
Jenkins is the Schema for the jenkins API
- -| Field | -Description | -||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
-apiVersion
-string |
-
-
-jenkins.io/v1alpha2
-
- |
-||||||||||||
-kind
-string
- |
-Jenkins |
-||||||||||||
-metadata
-
-
-Kubernetes meta/v1.ObjectMeta
-
-
- |
-
-Refer to the Kubernetes API documentation for the fields of the
-metadata field.
- |
-||||||||||||
-spec
-
-
-JenkinsSpec
-
-
- |
-
- Spec defines the desired state of the Jenkins -- -
|
-||||||||||||
-status
-
-
-JenkinsStatus
-
-
- |
-
- Status defines the observed state of Jenkins - |
-
-(Appears on: -JenkinsSpec) -
--
Backup defines the configuration of Jenkins backup
- -| Field | -Description | -
|---|---|
-containerName
-
-string
-
- |
-
- ContainerName is the container name responsible for backup operation - |
-
-action
-
-
-Handler
-
-
- |
-
- Action defines the action which performs the backup in the backup container sidecar - |
-
-interval
-
-uint64
-
- |
-
- Interval tells you how often the backup is made in seconds -Defaults to 30. - |
-
-makeBackupBeforePodDeletion
-
-bool
-
- |
-
- MakeBackupBeforePodDeletion tells the operator to make a backup before Jenkins master pod deletion - |
-
-(Appears on: -JenkinsStatus) -
--
Build defines the Jenkins Build status with corresponding metadata
- -| Field | -Description | -
|---|---|
-jobName
-
-string
-
- |
-
- JobName is the Jenkins job name - |
-
-hash
-
-string
-
- |
-
- Hash is the unique data identifier used in build - |
-
-number
-
-int64
-
- |
-
- Number is the Jenkins build number - |
-
-status
-
-
-BuildStatus
-
-
- |
-
- Status is the status of a Jenkins build - |
-
-retries
-
-int
-
- |
-
- Retires is the amount of times a Jenkins job build retries - |
-
-createTime
-
-
-Kubernetes meta/v1.Time
-
-
- |
-
- CreateTime is the time when the first build has been created - |
-
-lastUpdateTime
-
-
-Kubernetes meta/v1.Time
-
-
- |
-
- LastUpdateTime is the last update status time - |
-
string alias)-(Appears on: -Build) -
--
BuildStatus defines the type of Jenkins build job status
- --(Appears on: -JenkinsMaster) -
--
Container defines the Kubernetes container attributes
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-
- Name of the container specified as a DNS_LABEL. -Each container in a pod must have a unique name (DNS_LABEL). - |
-
-image
-
-string
-
- |
-
- Docker image name. -More info: https://kubernetes.io/docs/concepts/containers/images - |
-
-imagePullPolicy
-
-
-Kubernetes core/v1.PullPolicy
-
-
- |
-
- Image pull policy. -One of Always, Never, IfNotPresent. -Defaults to Always. - |
-
-resources
-
-
-Kubernetes core/v1.ResourceRequirements
-
-
- |
-
- Compute Resources required by this container. -More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - |
-
-command
-
-[]string
-
- |
-
-(Optional)
- Entrypoint array. Not executed within a shell. -The docker image’s ENTRYPOINT is used if this is not provided. -Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable -cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax -can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, -regardless of whether the variable exists or not. -More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - |
-
-args
-
-[]string
-
- |
-
-(Optional)
- Arguments to the entrypoint. -The docker image’s CMD is used if this is not provided. -Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable -cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax -can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, -regardless of whether the variable exists or not. -More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - |
-
-workingDir
-
-string
-
- |
-
-(Optional)
- Container’s working directory. -If not specified, the container runtime’s default will be used, which -might be configured in the container image. - |
-
-ports
-
-
-[]Kubernetes core/v1.ContainerPort
-
-
- |
-
-(Optional)
- List of ports to expose from the container. Exposing a port here gives -the system additional information about the network connections a -container uses, but is primarily informational. Not specifying a port here -DOES NOT prevent that port from being exposed. Any port which is -listening on the default “0.0.0.0” address inside a container will be -accessible from the network. - |
-
-envFrom
-
-
-[]Kubernetes core/v1.EnvFromSource
-
-
- |
-
-(Optional)
- List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple -sources, the value associated with the last source will take precedence. -Values defined by an Env with a duplicate key will take precedence. - |
-
-env
-
-
-[]Kubernetes core/v1.EnvVar
-
-
- |
-
-(Optional)
- List of environment variables to set in the container. - |
-
-volumeMounts
-
-
-[]Kubernetes core/v1.VolumeMount
-
-
- |
-
-(Optional)
- Pod volumes to mount into the container’s filesystem. - |
-
-livenessProbe
-
-
-Kubernetes core/v1.Probe
-
-
- |
-
-(Optional)
- Periodic probe of container liveness. -The container will be restarted if the probe fails. - |
-
-readinessProbe
-
-
-Kubernetes core/v1.Probe
-
-
- |
-
-(Optional)
- Periodic probe of container service readiness. -The container will be removed from service endpoints if the probe fails. - |
-
-lifecycle
-
-
-Kubernetes core/v1.Lifecycle
-
-
- |
-
-(Optional)
- Actions that the management system should take in response to container lifecycle events. - |
-
-securityContext
-
-
-Kubernetes core/v1.SecurityContext
-
-
- |
-
-(Optional)
- Security options the pod should run with. -More info: https://kubernetes.io/docs/concepts/policy/security-context/ -More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - |
-
-(Appears on: -Backup, -Restore) -
--
Handler defines a specific action that should be taken
- -| Field | -Description | -
|---|---|
-exec
-
-
-Kubernetes core/v1.ExecAction
-
-
- |
-
- Exec specifies the action to take. - |
-
string alias)-(Appears on: -SeedJob) -
--
JenkinsCredentialType defines type of Jenkins credential used in the seed job mechanism
- --(Appears on: -JenkinsSpec) -
--
JenkinsMaster defines the Jenkins master pod attributes and plugins, -every single change requires a Jenkins master pod restart
- -| Field | -Description | -
|---|---|
-masterAnnotations
-
-map[string]string
-
- |
-
-(Optional)
- Annotations is an unstructured key value map stored with a resource that may be -set by external tools to store and retrieve arbitrary metadata. They are not -queryable and should be preserved when modifying objects. -More info: http://kubernetes.io/docs/user-guide/annotations - |
-
-nodeSelector
-
-map[string]string
-
- |
-
-(Optional)
- NodeSelector is a selector which must be true for the pod to fit on a node. -Selector which must match a node’s labels for the pod to be scheduled on that node. -More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - |
-
-securityContext
-
-
-Kubernetes core/v1.PodSecurityContext
-
-
- |
-
-(Optional)
- SecurityContext that applies to all the containers of the Jenkins -Master. As per kubernetes specification, it can be overridden -for each container individually. -Defaults to: -runAsUser: 1000 -fsGroup: 1000 - |
-
-containers
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Container
-
-
- |
-
- List of containers belonging to the pod. -Containers cannot currently be added or removed. -There must be at least one container in a Pod. -Defaults to: -- image: jenkins/jenkins:lts -imagePullPolicy: Always -livenessProbe: -failureThreshold: 12 -httpGet: -path: /login -port: http -scheme: HTTP -initialDelaySeconds: 80 -periodSeconds: 10 -successThreshold: 1 -timeoutSeconds: 5 -name: jenkins-master -readinessProbe: -failureThreshold: 3 -httpGet: -path: /login -port: http -scheme: HTTP -initialDelaySeconds: 30 -periodSeconds: 10 -successThreshold: 1 -timeoutSeconds: 1 -resources: -limits: -cpu: 1500m -memory: 3Gi -requests: -cpu: “1” -memory: 600Mi - |
-
-volumes
-
-
-[]Kubernetes core/v1.Volume
-
-
- |
-
-(Optional)
- List of volumes that can be mounted by containers belonging to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes - |
-
-basePlugins
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Plugin
-
-
- |
-
- BasePlugins contains plugins required by operator -Defaults to : -- name: kubernetes -version: 1.15.7 -- name: workflow-job -version: “2.32” -- name: workflow-aggregator -version: “2.6” -- name: git -version: 3.10.0 -- name: job-dsl -version: “1.74” -- name: configuration-as-code -version: “1.19” -- name: kubernetes-credentials-provider -version: 0.12.1 - |
-
-plugins
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Plugin
-
-
- |
-
-(Optional)
- Plugins contains plugins required by user - |
-
-(Appears on: -Jenkins) -
--
JenkinsSpec defines the desired state of the Jenkins
- -| Field | -Description | -
|---|---|
-master
-
-
-JenkinsMaster
-
-
- |
-
- Master represents the Jenkins master pod properties and Jenkins plugins. -Every single change here requires a pod restart. - |
-
-seedJobs
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.SeedJob
-
-
- |
-
-(Optional)
- SeedJobs defines list of Jenkins Seed Job configurations -More info: https://github.com/jenkinsci/kubernetes-operator/blob/master/docs/getting-started.md#configure-seed-jobs-and-pipelines - |
-
-service
-
-
-Service
-
-
- |
-
-(Optional)
- Service is the Kubernetes service of the Jenkins master HTTP pod -Defaults to : -port: 8080 -type: ClusterIP - |
-
-slaveService
-
-
-Service
-
-
- |
-
-(Optional)
- Service is the Kubernetes service of the Jenkins slave pods -Defaults to : -port: 50000 -type: ClusterIP - |
-
-backup
-
-
-Backup
-
-
- |
-
-(Optional)
- Backup defines the configuration of the Jenkins backup -More info: https://github.com/jenkinsci/kubernetes-operator/blob/master/docs/getting-started.md#configure-backup-and-restore - |
-
-restore
-
-
-Restore
-
-
- |
-
-(Optional)
- Backup defines the configuration of the Jenkins backup restore -More info: https://github.com/jenkinsci/kubernetes-operator/blob/master/docs/getting-started.md#configure-backup-and-restore - |
-
-(Appears on: -Jenkins) -
--
JenkinsStatus defines the observed state of Jenkins
- -| Field | -Description | -
|---|---|
-operatorVersion
-
-string
-
- |
-
-(Optional)
- OperatorVersion is the operator version which manages this CR - |
-
-provisionStartTime
-
-
-Kubernetes meta/v1.Time
-
-
- |
-
-(Optional)
- ProvisionStartTime is a time when the Jenkins master pod has been created - |
-
-baseConfigurationCompletedTime
-
-
-Kubernetes meta/v1.Time
-
-
- |
-
-(Optional)
- BaseConfigurationCompletedTime is a time when Jenkins base configuration phase has been completed - |
-
-userConfigurationCompletedTime
-
-
-Kubernetes meta/v1.Time
-
-
- |
-
-(Optional)
- UserConfigurationCompletedTime is a time when Jenkins user configuration phase has been completed - |
-
-builds
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Build
-
-
- |
-
-(Optional)
- Builds contains the Jenkins builds statues - |
-
-restoredBackup
-
-uint64
-
- |
-
-(Optional)
- RestoredBackup is the restored backup number after the Jenkins master pod restart - |
-
-lastBackup
-
-uint64
-
- |
-
-(Optional)
- LastBackup is the latest backup number - |
-
-pendingBackup
-
-uint64
-
- |
-
-(Optional)
- PendingBackup is the pending backup number - |
-
-backupDoneBeforePodDeletion
-
-bool
-
- |
-
-(Optional)
- BackupDoneBeforePodDeletion tells if a backup before pod deletion has been made - |
-
-userAndPasswordHash
-
-string
-
- |
-
-(Optional)
- UserAndPasswordHash is a SHA256 hash made from the username and password - |
-
-createdSeedJobs
-
-[]string
-
- |
-
-(Optional)
- CreatedSeedJobs contains list of seed job ids already created in Jenkins - |
-
-(Appears on: -JenkinsMaster) -
--
Plugin defines Jenkins plugin
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-
- Name is the name of the Jenkins plugin - |
-
-version
-
-string
-
- |
-
- Version is the version of the Jenkins plugin - |
-
-(Appears on: -JenkinsSpec) -
--
Restore defines the configuration of a Jenkins backup restore operation
- -| Field | -Description | -
|---|---|
-containerName
-
-string
-
- |
-
- ContainerName is the container name responsible for the restore backup operation - |
-
-action
-
-
-Handler
-
-
- |
-
- Action defines action which performs the restore backup in a restore container sidecar - |
-
-recoveryOnce
-
-uint64
-
- |
-
-(Optional)
- RecoveryOnce if you want to restore a specific backup, set this field, and then Jenkins will be restarted and the desired backup will be restored - |
-
-(Appears on: -JenkinsSpec) -
--
SeedJob defines configuration for seed job -More info: https://github.com/jenkinsci/kubernetes-operator/blob/master/docs/getting-started.md#configure-seed-jobs-and-pipelines
- -| Field | -Description | -
|---|---|
-id
-
-string
-
- |
-
- ID is the unique seed job name - |
-
-credentialID
-
-string
-
- |
-
- CredentialID is the Kubernetes secret name which stores repository access credentials - |
-
-description
-
-string
-
- |
-
-(Optional)
- Description is the description of the seed job - |
-
-targets
-
-string
-
- |
-
- Targets is the repository path where the seed job definitions are - |
-
-repositoryBranch
-
-string
-
- |
-
- RepositoryBranch is the repository branch where the seed job definitions are - |
-
-repositoryUrl
-
-string
-
- |
-
- RepositoryURL is the repository access URL. Can be SSH or HTTPS. - |
-
-credentialType
-
-
-JenkinsCredentialType
-
-
- |
-
-(Optional)
- JenkinsCredentialType is the https://jenkinsci.github.io/kubernetes-credentials-provider-plugin/ credential type - |
-
-(Appears on: -JenkinsSpec) -
--
Service defines the Kubernetes service attributes
- -| Field | -Description | -
|---|---|
-annotations
-
-map[string]string
-
- |
-
-(Optional)
- Annotations is an unstructured key value map stored with a resource that may be -set by external tools to store and retrieve arbitrary metadata. They are not -queryable and should be preserved when modifying objects. -More info: http://kubernetes.io/docs/user-guide/annotations - |
-
-labels
-
-map[string]string
-
- |
-
- Route service traffic to pods with label keys and values matching this -selector. If empty or not present, the service is assumed to have an -external process managing its endpoints, which Kubernetes will not -modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. -Ignored if type is ExternalName. -More info: https://kubernetes.io/docs/concepts/services-networking/service/ - |
-
-type
-
-
-Kubernetes core/v1.ServiceType
-
-
- |
-
-(Optional)
- Type determines how the Service is exposed. Defaults to ClusterIP. Valid -options are ExternalName, ClusterIP, NodePort, and LoadBalancer. -“ExternalName” maps to the specified externalName. -“ClusterIP” allocates a cluster-internal IP address for load-balancing to -endpoints. Endpoints are determined by the selector or if that is not -specified, by manual construction of an Endpoints object. If clusterIP is -“None”, no virtual IP is allocated and the endpoints are published as a -set of endpoints rather than a stable IP. -“NodePort” builds on ClusterIP and allocates a port on every node which -routes to the clusterIP. -“LoadBalancer” builds on NodePort and creates an -external load-balancer (if supported in the current cloud) which routes -to the clusterIP. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services—service-types - |
-
-port
-
-int32
-
- |
-
- The port that is exposed by this service. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - |
-
-nodePort
-
-int32
-
- |
-
-(Optional)
- The port on each node on which this service is exposed when type=NodePort or LoadBalancer. -Usually assigned by the system. If specified, it will be allocated to the service, -if unused, or else creation of the service will fail. -Default is to auto-allocate a port if the ServiceType of this Service requires one. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - |
-
-loadBalancerSourceRanges
-
-[]string
-
- |
-
-(Optional)
- If specified and supported by the platform, this will restrict traffic through the cloud-provider. -The load-balancer will be restricted to the specified client IPs. This field will be ignored if the -cloud-provider does not support the feature.” -More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ - |
-
-loadBalancerIP
-
-string
-
- |
-
-(Optional)
- Only applies to Service Type: LoadBalancer -LoadBalancer will get created with the IP specified in this field. -This feature depends on whether the underlying cloud-provider supports specifying -the loadBalancerIP when a load balancer is created. -This field will be ignored if the cloud-provider does not support the feature. - |
-
-Generated with gen-crd-api-reference-docs
-on git commit 37e531a.
-
Azure AKS managed Kubernetes service adds to every pod the following environment variables:
-- name: KUBERNETES_PORT_443_TCP_ADDR
- value:
-- name: KUBERNETES_PORT
- value: tcp://
-- name: KUBERNETES_PORT_443_TCP
- value: tcp://
-- name: KUBERNETES_SERVICE_HOST
- value:The operator is aware of it and omits these environment variables when checking if a Jenkins pod environment has been changed. It prevents the -restart of a Jenkins pod over and over again.
- - - -Jenkins operator uses job-dsl and kubernetes-credentials-provider plugins for configuring jobs -and deploy keys.
- -First you have to prepare pipelines and job definition in your GitHub repository using the following structure:
-cicd/
-├── jobs
-│ └── build.jenkins
-└── pipelines
- └── build.jenkinscicd/jobs/build.jenkins is a job definition:
#!/usr/bin/env groovy
-
-pipelineJob('build-jenkins-operator') {
- displayName('Build jenkins-operator')
-
- definition {
- cpsScm {
- scm {
- git {
- remote {
- url('https://github.com/jenkinsci/kubernetes-operator.git')
- credentials('jenkins-operator')
- }
- branches('*/master')
- }
- }
- scriptPath('cicd/pipelines/build.jenkins')
- }
- }
-}cicd/pipelines/build.jenkins is an actual Jenkins pipeline:
#!/usr/bin/env groovy
-
-def label = "build-jenkins-operator-${UUID.randomUUID().toString()}"
-def home = "/home/jenkins"
-def workspace = "${home}/workspace/build-jenkins-operator"
-def workdir = "${workspace}/src/github.com/jenkinsci/kubernetes-operator/"
-
-podTemplate(label: label,
- containers: [
- containerTemplate(name: 'jnlp', image: 'jenkins/inbound-agent:alpine'),
- containerTemplate(name: 'go', image: 'golang:1-alpine', command: 'cat', ttyEnabled: true),
- ],
- envVars: [
- envVar(key: 'GOPATH', value: workspace),
- ],
- ) {
-
- node(label) {
- dir(workdir) {
- stage('Init') {
- timeout(time: 3, unit: 'MINUTES') {
- checkout scm
- }
- container('go') {
- sh 'apk --no-cache --update add make git gcc libc-dev'
- }
- }
-
- stage('Dep') {
- container('go') {
- sh 'make dep'
- }
- }
-
- stage('Test') {
- container('go') {
- sh 'make test'
- }
- }
-
- stage('Build') {
- container('go') {
- sh 'make build'
- }
- }
- }
- }
-}Jenkins Seed Jobs are configured using Jenkins.spec.seedJobs section from your custom resource manifest:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- seedJobs:
- - id: jenkins-operator
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.gitJenkins Operator will automatically discover and configure all the seed jobs.
- -You can verify if deploy keys were successfully configured in the Jenkins Credentials tab.
- -
You can verify if your pipelines were successfully configured in the Jenkins Seed Job console output.
- -
If your GitHub repository is private you have to configure SSH or username/password authentication.
- -There are two methods of SSH private key generation:
-$ openssl genrsa -out <filename> 2048or
-$ ssh-keygen -t rsa -b 2048
-$ ssh-keygen -p -f <filename> -m pemThen copy content from generated file.
- -If you want to upload your public key to your Git server you need to extract it.
- -If key was generated by openssl then you need to type this to extract public key:
$ openssl rsa -in <filename> -pubout > <filename>.pubIf key was generated by ssh-keygen the public key content is located in
Configure a seed job like this:
-apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- seedJobs:
- - id: jenkins-operator-ssh
- credentialType: basicSSHUserPrivateKey
- credentialID: k8s-ssh
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: git@github.com:jenkinsci/kubernetes-operator.gitand create a Kubernetes Secret (name of secret should be the same from credentialID field):
apiVersion: v1
-kind: Secret
-metadata:
- name: k8s-ssh
-stringData:
- privateKey: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIJKAIBAAKCAgEAxxDpleJjMCN5nusfW/AtBAZhx8UVVlhhhIKXvQ+dFODQIdzO
- oDXybs1zVHWOj31zqbbJnsfsVZ9Uf3p9k6xpJ3WFY9b85WasqTDN1xmSd6swD4N8
- ...
- username: github_user_nameConfigure the seed job like:
-apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- seedJobs:
- - id: jenkins-operator-user-pass
- credentialType: usernamePassword
- credentialID: k8s-user-pass
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.gitand create a Kubernetes Secret (name of secret should be the same from credentialID field):
apiVersion: v1
-kind: Secret
-metadata:
- name: k8s-user-pass
-stringData:
- username: github_user_name
- password: password_or_tokenTo use forwarding proxy with an operator to download plugins you need to add the following environment variable to Jenkins Custom Resource (CR), e.g.:
-spec:
- master:
- containers:
- - name: jenkins-master
- env:
- - name: CURL_OPTIONS
- value: -L -x <proxy_url>In CURL_OPTIONS var you can set additional arguments to curl command.
To pull a Docker Image from private repository you can use imagePullSecrets.
Please follow the instructions on creating a secret with a docker config.
- -To use Docker Hub additional steps are required.
- -Edit the previously created secret:
-kubectl -n <namespace> edit secret <name>The .dockerconfigjson key’s value needs to be replaced with a modified version.
After modifications, it needs to be encoded as a Base64 value before setting the .dockerconfigjson key.
Example config file to modify and use:
-{
- "auths":{
- "https://index.docker.io/v1/":{
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "auth.docker.io":{
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "registry.docker.io":{
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "docker.io":{
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "https://registry-1.docker.io/v2/": {
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "registry-1.docker.io/v2/": {
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "registry-1.docker.io": {
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "https://registry-1.docker.io": {
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- }
- }
-}Backup and restore is done by a container sidecar.
- -Save to the file named pvc.yaml:
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: <pvc_name>
- namespace: <namespace>
-spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 500GiRun the following command:
-$ kubectl -n <namespace> create -f pvc.yamlapiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: <cr_name>
- namespace: <namespace>
-spec:
- master:
- securityContext:
- runAsUser: 1000
- fsGroup: 1000
- containers:
- - name: jenkins-master
- image: jenkins/jenkins:lts
- - name: backup # container responsible for the backup and restore
- env:
- - name: BACKUP_DIR
- value: /backup
- - name: JENKINS_HOME
- value: /jenkins-home
- - name: BACKUP_COUNT
- value: "3" # keep only the 2 most recent backups
- image: virtuslab/jenkins-operator-backup-pvc:v0.0.8 # look at backup/pvc directory
- imagePullPolicy: IfNotPresent
- volumeMounts:
- - mountPath: /jenkins-home # Jenkins home volume
- name: jenkins-home
- - mountPath: /backup # backup volume
- name: backup
- volumes:
- - name: backup # PVC volume where backups will be stored
- persistentVolumeClaim:
- claimName: <pvc_name>
- backup:
- containerName: backup # container name is responsible for backup
- action:
- exec:
- command:
- - /home/user/bin/backup.sh # this command is invoked on "backup" container to make backup, for example /home/user/bin/backup.sh <backup_number>, <backup_number> is passed by operator
- interval: 30 # how often make backup in seconds
- makeBackupBeforePodDeletion: true # make a backup before pod deletion
- restore:
- containerName: backup # container name is responsible for restore backup
- action:
- exec:
- command:
- - /home/user/bin/restore.sh # this command is invoked on "backup" container to make restore backup, for example /home/user/bin/restore.sh <backup_number>, <backup_number> is passed by operator
- #recoveryOnce: <backup_number> # if want to restore specific backup configure this field and then Jenkins will be restarted and desired backup will be restoredWith enough effort one can create a custom backup and restore provider -for the Jenkins Operator.
- -Two commands (e.g. scripts) are required:
- -backup.sh that takes one argument, a backup numberbackup.sh that takes one argument, a backup numberBoth scripts need to return an exit code of 0 on success and 1 or greater for failure.
One of those scripts (or the entry point of the container) needs to be responsible -for backup cleanup or rotation if required, or an external system.
- -The mechanism relies on basic Kubernetes and UNIX functionalities.
- -The backup (and restore) container runs as a sidecar in the same -Kubernetes pod as the Jenkins master.
- -Name of the backup and restore containers can be set as necessary using
-spec.backup.containerName and spec.restore.containerName.
-In most cases it will be the same container, but we allow for less common use cases.
The operator will call a backup or restore commands inside a sidecar container when necessary:
- -spec.backup.action.exec.command)
-will be called every N seconds configurable in: spec.backup.interval
-and on pod shutdown (if enabled in spec.backup.makeBackupBeforePodDeletion)
-with an integer representing the current backup number as first and only argumentspec.restore.action.exec.command)
-will be called at Jenkins startup
-with an integer representing the backup number to restore as first and only argument
-(can be overridden using spec.restore.recoveryOnce)This example shows abbreviated version of a simple AWS S3 backup implementation
-using: aws-cli, bash and kube2iam.
In addition to your normal Jenkins CustomResource some additional settings
-for backup and restore are required, e.g.:
kind: Jenkins
-apiVersion: jenkins.io/v1alpha1
-metadata:
- name: example
- namespace: jenkins
-spec:
- master:
- masterAnnotations:
- iam.amazonaws.com/role: "my-example-backup-role" # tell kube2iam where the AWS IAM role is
- containers:
- - name: jenkins-master
- ...
- - name: backup # container responsible for backup and restore
- image: quay.io/virtuslab/aws-cli:1.16.263-2
- workingDir: /home/user/bin/
- command: # our container entry point
- - sleep
- - infinity
- env:
- - name: BACKUP_BUCKET
- value: my-example-bucket # the S3 bucket name to use
- - name: BACKUP_PATH
- value: my-backup-path # the S3 bucket path prefix to use
- - name: JENKINS_HOME
- value: /jenkins-home # the path to mount jenkins home dir in the backup container
- volumeMounts:
- - mountPath: /jenkins-home # Jenkins home volume
- name: jenkins-home
- - mountPath: /home/user/bin/backup.sh
- name: backup-scripts
- subPath: backup.sh
- readOnly: true
- - mountPath: /home/user/bin/restore.sh
- name: backup-scripts
- subPath: restore.sh
- readOnly: true
- volumes:
- - name: backup-scripts
- configMap:
- defaultMode: 0754
- name: jenkins-operator-backup-s3
- securityContext: # make sure both containers use the same UID and GUID
- runAsUser: 1000
- fsGroup: 1000
- ...
- backup:
- containerName: backup # container name responsible for backup
- interval: 3600 # how often make a backup in seconds
- makeBackupBeforePodDeletion: true # trigger backup just before deleting the pod
- action:
- exec:
- command:
- # this command is invoked on "backup" container to create a backup,
- # <backup_number> is passed by operator,
- # for example /home/user/bin/backup.sh <backup_number>
- - /home/user/bin/backup.sh
- restore:
- containerName: backup # container name is responsible for restore backup
- action:
- exec:
- command:
- # this command is invoked on "backup" container to restore a backup,
- # <backup_number> is passed by operator
- # for example /home/user/bin/restore.sh <backup_number>
- - /home/user/bin/restore.sh
-# recoveryOnce: <backup_number> # if want to restore specific backup configure this field and then Jenkins will be restarted and desired backup will be restoredThe actual backup and restore scripts will be provided in a ConfigMap:
kind: ConfigMap
-apiVersion: v1
-metadata:
- name: jenkins-operator-backup-s3
- namespace: jenkins
- labels:
- app: jenkins-operator
-data:
- backup.sh: |-
- #!/bin/bash -xeu
- [[ ! $# -eq 1 ]] && echo "Usage: $0 backup_number" && exit 1;
- [[ -z "${BACKUP_BUCKET}" ]] && echo "Required 'BACKUP_BUCKET' env not set" && exit 1;
- [[ -z "${BACKUP_PATH}" ]] && echo "Required 'BACKUP_PATH' env not set" && exit 1;
- [[ -z "${JENKINS_HOME}" ]] && echo "Required 'JENKINS_HOME' env not set" && exit 1;
-
- backup_number=$1
- echo "Running backup #${backup_number}"
-
- BACKUP_TMP_DIR=$(mktemp -d)
- tar -C ${JENKINS_HOME} -czf "${BACKUP_TMP_DIR}/${backup_number}.tar.gz" --exclude jobs/*/workspace* -c jobs && \
-
- aws s3 cp ${BACKUP_TMP_DIR}/${backup_number}.tar.gz s3://${BACKUP_BUCKET}/${BACKUP_PATH}/${backup_number}.tar.gz
- echo Done
-
- restore.sh: |-
- #!/bin/bash -xeu
- [[ ! $# -eq 1 ]] && echo "Usage: $0 backup_number" && exit 1
- [[ -z "${BACKUP_BUCKET}" ]] && echo "Required 'BACKUP_BUCKET' env not set" && exit 1;
- [[ -z "${BACKUP_PATH}" ]] && echo "Required 'BACKUP_PATH' env not set" && exit 1;
- [[ -z "${JENKINS_HOME}" ]] && echo "Required 'JENKINS_HOME' env not set" && exit 1;
-
- backup_number=$1
- echo "Running restore #${backup_number}"
-
- BACKUP_TMP_DIR=$(mktemp -d)
- aws s3 cp s3://${BACKUP_BUCKET}/${BACKUP_PATH}/${backup_number}.tar.gz ${BACKUP_TMP_DIR}/${backup_number}.tar.gz
-
- tar -C ${JENKINS_HOME} -zxf "${BACKUP_TMP_DIR}/${backup_number}.tar.gz"
- echo DoneIn our example we will use S3 bucket lifecycle policy to keep -the number of backups under control, e.g. Cloud Formation fragment:
- Type: AWS::S3::Bucket
- Properties:
- BucketName: my-example-bucket
- ...
- LifecycleConfiguration:
- Rules:
- - Id: BackupCleanup
- Status: Enabled
- Prefix: my-backup-path
- ExpirationInDays: 7
- NoncurrentVersionExpirationInDays: 14
- AbortIncompleteMultipartUpload:
- DaysAfterInitiation: 3Jenkins can be customized using groovy scripts or the configuration as code plugin.
-By using a ConfigMap you can create your own Jenkins customized configuration.
-Then you must reference the ConfigMap in the Jenkins pod customization file in spec.groovyScripts or spec.configurationAsCode
For example create a ConfigMap with name jenkins-operator-user-configuration. Then, modify the Jenkins manifest to look like this:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- configurationAsCode:
- configurations:
- - name: jenkins-operator-user-configuration
- groovyScripts:
- configurations:
- - name: jenkins-operator-user-configurationHere is an example of jenkins-operator-user-configuration:
apiVersion: v1
-kind: ConfigMap
-metadata:
- name: jenkins-operator-user-configuration
-data:
- 1-configure-theme.groovy: |
- import jenkins.*
- import jenkins.model.*
- import hudson.*
- import hudson.model.*
- import org.jenkinsci.plugins.simpletheme.ThemeElement
- import org.jenkinsci.plugins.simpletheme.CssTextThemeElement
- import org.jenkinsci.plugins.simpletheme.CssUrlThemeElement
-
- Jenkins jenkins = Jenkins.getInstance()
-
- def decorator = Jenkins.instance.getDescriptorByType(org.codefirst.SimpleThemeDecorator.class)
-
- List<ThemeElement> configElements = new ArrayList<>();
- configElements.add(new CssTextThemeElement("DEFAULT"));
- configElements.add(new CssUrlThemeElement("https://cdn.rawgit.com/afonsof/jenkins-material-theme/gh-pages/dist/material-light-green.css"));
- decorator.setElements(configElements);
- decorator.save();
-
- jenkins.save()
- 1-system-message.yaml: |
- jenkins:
- systemMessage: "Configuration as Code integration works!!!"*.groovy is Groovy script configuration*.yaml is configuration as codeIf you want to correct your configuration you can edit it while the Jenkins Operator is running. -Jenkins will reconcile and apply the new configuration.
- -If you configured spec.groovyScripts.secret.name, then this secret is available to use from map Groovy scripts.
-The secrets are loaded to secrets map.
Create a secret with for example the name jenkins-conf-secrets.
kind: Secret
-apiVersion: v1
-type: Opaque
-metadata:
- name: jenkins-conf-secrets
- namespace: default
-data:
- SYSTEM_MESSAGE: SGVsbG8gd29ybGQ=Then modify the Jenkins pod manifest by changing spec.groovyScripts.secret.name to jenkins-conf-secrets.
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- configurationAsCode:
- configurations:
- - name: jenkins-operator-user-configuration
- secret:
- name: jenkins-conf-secrets
- groovyScripts:
- configurations:
- - name: jenkins-operator-user-configuration
- secret:
- name: jenkins-conf-secretsNow you can test that the secret is mounted by applying this ConfigMap for Groovy script:
apiVersion: v1
-kind: ConfigMap
-metadata:
- name: jenkins-operator-user-configuration
-data:
- 1-system-message.groovy: |
- import jenkins.*
- import jenkins.model.*
- import hudson.*
- import hudson.model.*
- Jenkins jenkins = Jenkins.getInstance()
-
- jenkins.setSystemMessage(secrets["SYSTEM_MESSAGE"])
- jenkins.save()Or by applying this configuration as code:
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: jenkins-operator-user-configuration
-data:
- 1-system-message.yaml: |
- jenkins:
- systemMessage: ${SYSTEM_MESSAGE}After this, you should see the Hello world system message from the Jenkins homepage.
Edit Custom Resource under spec.master.plugins:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- master:
- plugins:
- - name: simple-theme-plugin
- version: 0.5.1Under spec.master.basePlugins you can find plugins for a valid Jenkins Operator:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- master:
- basePlugins:
- - name: kubernetes
- version: 1.18.3
- - name: workflow-job
- version: "2.34"
- - name: workflow-aggregator
- version: "2.6"
- - name: git
- version: 3.12.0
- - name: job-dsl
- version: "1.76"
- - name: configuration-as-code
- version: "1.29"
- - name: kubernetes-credentials-provider
- version: 0.12.1You can change their versions.
- -The Jenkins Operator will then automatically install plugins after the Jenkins master pod restarts.
- - - -Once Jenkins Operator is up and running let’s deploy actual Jenkins instance.
-Create manifest e.g. jenkins_instance.yaml with following data and save it on drive.
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- master:
- containers:
- - name: jenkins-master
- image: jenkins/jenkins:lts
- imagePullPolicy: Always
- livenessProbe:
- failureThreshold: 12
- httpGet:
- path: /login
- port: http
- scheme: HTTP
- initialDelaySeconds: 80
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 5
- readinessProbe:
- failureThreshold: 3
- httpGet:
- path: /login
- port: http
- scheme: HTTP
- initialDelaySeconds: 30
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 1
- resources:
- limits:
- cpu: 1500m
- memory: 3Gi
- requests:
- cpu: "1"
- memory: 500Mi
- seedJobs:
- - id: jenkins-operator
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.gitDeploy a Jenkins to Kubernetes:
-kubectl create -f jenkins_instance.yamlWatch the Jenkins instance being created:
-kubectl get pods -wGet the Jenkins credentials:
-kubectl get secret jenkins-operator-credentials-<cr_name> -o 'jsonpath={.data.user}' | base64 -d
-kubectl get secret jenkins-operator-credentials-<cr_name> -o 'jsonpath={.data.password}' | base64 -dConnect to the Jenkins instance (minikube):
-minikube service jenkins-operator-http-<cr_name> --urlConnect to the Jenkins instance (actual Kubernetes cluster):
-kubectl port-forward jenkins-<cr_name> 8080:8080Then open browser with address http://localhost:8080.
-
Turn on debug in Jenkins Operator deployment:
-sed -i 's|\(args:\).*|\1\ ["--debug"\]|' deploy/operator.yaml
-kubectl apply -f deploy/operator.yamlWatch Kubernetes events:
-kubectl get events --sort-by='{.lastTimestamp}'Verify Jenkins master logs:
-kubectl logs -f jenkins-<cr_name>Verify the jenkins-operator logs:
kubectl logs deployment/jenkins-operatorDelete the Jenkins master pod and wait for the new one to come up:
-kubectl delete pod jenkins-<cr_name>This document describes a getting started guide for Jenkins Operator v0.2.x and also additional configuration.
Prepare your Kubernetes cluster and set up your kubectl access.
Once you have running Kubernetes cluster you can focus on installing Jenkins Operator according to the Installation guide.
- -Deploy production ready Jenkins Operator manifest -
-How to configure Jenkins with Operator -
-How to customize Jenkins -
-Additional configuration for Azure Kubernetes Service -
-Prevent loss of job history -
-Custom backup and restore provider -
-How to migrate from v0.1.x to v0.2.x -
-How to deal with Jenkins Operator problems -
-API Schema definitions for Jenkins CRD -
-From version v0.2.0 seed jobs are not run by master executors, but by a dedicated agent deployed as a Kubernetes Pod.
We’ve had disabled master executors for security reasons.
- -In v0.1.x Jenkins Operator user configuration application was implemented using Jenkins jobs
-and this mechanism was replaced since v0.2.0 with Groovy scripts implementing the same functionality.
As a result, the Jenkins configuration jobs (“Configure Seed Jobs”, “jenkins-operator-base-configuration”, “jenkins-operator-user-configuration”) are no longer visible in Jenkins UI.
- -In v0.1.x you can see if any of the configuration jobs failed or succeeded in the Jenkins UI (job build logs).
-Instead, you can make sure the operator is running correctly by inspecting its logs, e.g.:
$ kubectl -n logs deployment/jenkins-operatorIn v0.1.x Jenkins Operator user configuration was stored in a ConfigMap and a Secret
-named jenkins-operator-user-configuration-<cr_name>, and its name was hardcoded in the operator.
Since v0.2.0 the user configuration can be stored in a multiple ConfigMap and Secret manifests
-and has to be explicitly pointed to with spec.configurationAsCode.configurations and spec.configurationAsCode.secret
-for the Configuration as Code plugin,
-and spec.groovyScripts.configurations and spec.groovyScripts.secret for the more advanced groovy scripts.
If you want to use v0.1.x operator configuration with v0.2.x you have to modify your Jenkins Custom Resource(s)
-and add explicit references to the existing ConfigMap and Secret, e.g.:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: <cr_name>
-spec:
- ...
- configurationAsCode:
- configurations:
- - name: jenkins-operator-user-configuration-<cr_name>
- secret:
- name: jenkins-operator-user-configuration-<cr_name>
- groovyScripts:
- configurations:
- - name: jenkins-operator-user-configuration-<cr_name>
- secret:
- name: jenkins-operator-user-configuration-<cr_name>
- ...This document contains API scheme for jenkins-operator Custom Resource Definition manifest
Packages:
--
Package v1alpha2 contains the API Schema definitions for the jenkins.io v1alpha2 API group
- -Resource Types: --
Jenkins is the Schema for the jenkins API
- -| Field | -Description | -||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
-apiVersion
-string |
-
-
-jenkins.io/v1alpha2
-
- |
-||||||||||||||||
-kind
-string
- |
-Jenkins |
-||||||||||||||||
-metadata
-
-
-Kubernetes meta/v1.ObjectMeta
-
-
- |
-
-Refer to the Kubernetes API documentation for the fields of the
-metadata field.
- |
-||||||||||||||||
-spec
-
-
-JenkinsSpec
-
-
- |
-
- Spec defines the desired state of the Jenkins -- -
|
-||||||||||||||||
-status
-
-
-JenkinsStatus
-
-
- |
-
- Status defines the observed state of Jenkins - |
-
-(Appears on: -JenkinsStatus) -
--
AppliedGroovyScript is the applied groovy script in Jenkins by the operator
- -| Field | -Description | -
|---|---|
-configurationType
-
-string
-
- |
-
- ConfigurationType is the name of the configuration type(base-groovy, user-groovy, user-casc) - |
-
-source
-
-string
-
- |
-
- Source is the name of source where is located groovy script - |
-
-name
-
-string
-
- |
-
- Name is the name of the groovy script - |
-
-Hash
-
-string
-
- |
-
- Hash is the hash of the groovy script and secrets which it uses - |
-
-(Appears on: -JenkinsSpec) -
--
Backup defines the configuration of a Jenkins backup
- -| Field | -Description | -
|---|---|
-containerName
-
-string
-
- |
-
- ContainerName is the container name responsible for backup operation - |
-
-action
-
-
-Handler
-
-
- |
-
- Action defines the action which performs the backup in the backup container sidecar - |
-
-interval
-
-uint64
-
- |
-
- Interval tells you how often the backup is made in seconds -Defaults to 30. - |
-
-makeBackupBeforePodDeletion
-
-bool
-
- |
-
- MakeBackupBeforePodDeletion tells the operator to make a backup before Jenkins master pod deletion - |
-
-(Appears on: -Customization) -
--
ConfigMapRef is the reference to Kubernetes ConfigMap
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-- | -
-(Appears on: -JenkinsSpec) -
--
ConfigurationAsCode defines configuration of Jenkins customization via the Configuration as Code Jenkins plugin
- -| Field | -Description | -
|---|---|
-Customization
-
-
-Customization
-
-
- |
-- | -
-(Appears on: -JenkinsMaster) -
--
Container defines the Kubernetes container attributes
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-
- Name of the container specified as a DNS_LABEL. -Each container in a pod must have a unique name (DNS_LABEL). - |
-
-image
-
-string
-
- |
-
- Docker image name. -More info: https://kubernetes.io/docs/concepts/containers/images - |
-
-imagePullPolicy
-
-
-Kubernetes core/v1.PullPolicy
-
-
- |
-
- Image pull policy. -One of Always, Never, IfNotPresent. -Defaults to Always. - |
-
-resources
-
-
-Kubernetes core/v1.ResourceRequirements
-
-
- |
-
- Compute Resources required by this container. -More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - |
-
-command
-
-[]string
-
- |
-
-(Optional)
- Entrypoint array. Not executed within a shell. -The docker image’s ENTRYPOINT is used if this is not provided. -Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable -cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax -can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, -regardless of whether the variable exists or not. -More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - |
-
-args
-
-[]string
-
- |
-
-(Optional)
- Arguments to the entrypoint. -The docker image’s CMD is used if this is not provided. -Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable -cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax -can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, -regardless of whether the variable exists or not. -More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - |
-
-workingDir
-
-string
-
- |
-
-(Optional)
- Container’s working directory. -If not specified, the container runtime’s default will be used, which -might be configured in the container image. - |
-
-ports
-
-
-[]Kubernetes core/v1.ContainerPort
-
-
- |
-
-(Optional)
- List of ports to expose from the container. Exposing a port here gives -the system additional information about the network connections a -container uses, but is primarily informational. Not specifying a port here -DOES NOT prevent that port from being exposed. Any port which is -listening on the default “0.0.0.0” address inside a container will be -accessible from the network. - |
-
-envFrom
-
-
-[]Kubernetes core/v1.EnvFromSource
-
-
- |
-
-(Optional)
- List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple -sources, the value associated with the last source will take precedence. -Values defined by an Env with a duplicate key will take precedence. - |
-
-env
-
-
-[]Kubernetes core/v1.EnvVar
-
-
- |
-
-(Optional)
- List of environment variables to set in the container. - |
-
-volumeMounts
-
-
-[]Kubernetes core/v1.VolumeMount
-
-
- |
-
-(Optional)
- Pod volumes to mount into the container’s filesystem. - |
-
-livenessProbe
-
-
-Kubernetes core/v1.Probe
-
-
- |
-
-(Optional)
- Periodic probe of container liveness. -Container will be restarted if the probe fails. - |
-
-readinessProbe
-
-
-Kubernetes core/v1.Probe
-
-
- |
-
-(Optional)
- Periodic probe of container service readiness. -Container will be removed from service endpoints if the probe fails. - |
-
-lifecycle
-
-
-Kubernetes core/v1.Lifecycle
-
-
- |
-
-(Optional)
- Actions that the management system should take in response to container lifecycle events. - |
-
-securityContext
-
-
-Kubernetes core/v1.SecurityContext
-
-
- |
-
-(Optional)
- Security options the pod should run with. -More info: https://kubernetes.io/docs/concepts/policy/security-context/ -More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - |
-
-(Appears on: -ConfigurationAsCode, -GroovyScripts) -
--
Customization defines configuration of Jenkins customization
- -| Field | -Description | -
|---|---|
-secret
-
-
-SecretRef
-
-
- |
-- | -
-configurations
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.ConfigMapRef
-
-
- |
-- | -
-(Appears on: -JenkinsSpec) -
--
GroovyScripts defines configuration of Jenkins customization via groovy scripts
- -| Field | -Description | -
|---|---|
-Customization
-
-
-Customization
-
-
- |
-- | -
-(Appears on: -Backup, -Restore) -
--
Handler defines a specific action that should be taken
- -| Field | -Description | -
|---|---|
-exec
-
-
-Kubernetes core/v1.ExecAction
-
-
- |
-
- Exec specifies the action to take. - |
-
string alias)-(Appears on: -SeedJob) -
--
JenkinsCredentialType defines the type of Jenkins credential used in the seed job mechanism
- --(Appears on: -JenkinsSpec) -
--
JenkinsMaster defines the Jenkins master pod attributes and plugins, -every single change requires a Jenkins master pod restart
- -| Field | -Description | -
|---|---|
-masterAnnotations
-
-map[string]string
-
- |
-
-(Optional)
- Annotations is an unstructured key value map stored with a resource that may be -set by external tools to store and retrieve arbitrary metadata. They are not -queryable and should be preserved when modifying objects. -More info: http://kubernetes.io/docs/user-guide/annotations - |
-
-nodeSelector
-
-map[string]string
-
- |
-
-(Optional)
- NodeSelector is a selector which must be true for the pod to fit on a node. -Selector which must match a node’s labels for the pod to be scheduled on that node. -More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - |
-
-securityContext
-
-
-Kubernetes core/v1.PodSecurityContext
-
-
- |
-
-(Optional)
- SecurityContext that applies to all the containers of the Jenkins -Master. As per kubernetes specification, it can be overridden -for each container individually. -Defaults to: -runAsUser: 1000 -fsGroup: 1000 - |
-
-containers
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Container
-
-
- |
-
- List of containers belonging to the pod. -Containers cannot currently be added or removed. -There must be at least one container in a Pod. -Defaults to: -- image: jenkins/jenkins:lts -imagePullPolicy: Always -livenessProbe: -failureThreshold: 12 -httpGet: -path: /login -port: http -scheme: HTTP -initialDelaySeconds: 80 -periodSeconds: 10 -successThreshold: 1 -timeoutSeconds: 5 -name: jenkins-master -readinessProbe: -failureThreshold: 3 -httpGet: -path: /login -port: http -scheme: HTTP -initialDelaySeconds: 30 -periodSeconds: 10 -successThreshold: 1 -timeoutSeconds: 1 -resources: -limits: -cpu: 1500m -memory: 3Gi -requests: -cpu: “1” -memory: 600Mi - |
-
-imagePullSecrets
-
-
-[]Kubernetes core/v1.LocalObjectReference
-
-
- |
-
-(Optional)
- ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. -If specified, these secrets will be passed to individual puller implementations for them to use. For example, -in the case of docker, only DockerConfig type secrets are honored. -More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod - |
-
-volumes
-
-
-[]Kubernetes core/v1.Volume
-
-
- |
-
-(Optional)
- List of volumes that can be mounted by containers belonging to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes - |
-
-basePlugins
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Plugin
-
-
- |
-
- BasePlugins contains plugins required by operator -Defaults to : -- name: kubernetes -version: 1.15.7 -- name: workflow-job -version: “2.32” -- name: workflow-aggregator -version: “2.6” -- name: git -version: 3.10.0 -- name: job-dsl -version: “1.74” -- name: configuration-as-code -version: “1.19” -- name: kubernetes-credentials-provider -version: 0.12.1 - |
-
-plugins
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Plugin
-
-
- |
-
-(Optional)
- Plugins contains plugins required by user - |
-
-(Appears on: -Jenkins) -
--
JenkinsSpec defines the desired state of the Jenkins
- -| Field | -Description | -
|---|---|
-master
-
-
-JenkinsMaster
-
-
- |
-
- Master represents Jenkins master pod properties and Jenkins plugins. -Every single change here requires a pod restart. - |
-
-seedJobs
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.SeedJob
-
-
- |
-
-(Optional)
- SeedJobs defines list of Jenkins Seed Job configurations -More info: https://github.com/jenkinsci/kubernetes-operator/blob/master/docs/getting-started.md#configure-seed-jobs-and-pipelines - |
-
-service
-
-
-Service
-
-
- |
-
-(Optional)
- Service is Kubernetes service of Jenkins master HTTP pod -Defaults to : -port: 8080 -type: ClusterIP - |
-
-slaveService
-
-
-Service
-
-
- |
-
-(Optional)
- Service is Kubernetes service of Jenkins slave pods -Defaults to : -port: 50000 -type: ClusterIP - |
-
-backup
-
-
-Backup
-
-
- |
-
-(Optional)
- Backup defines configuration of Jenkins backup -More info: https://github.com/jenkinsci/kubernetes-operator/blob/master/docs/getting-started.md#configure-backup-and-restore - |
-
-restore
-
-
-Restore
-
-
- |
-
-(Optional)
- Backup defines configuration of Jenkins backup restore -More info: https://github.com/jenkinsci/kubernetes-operator/blob/master/docs/getting-started.md#configure-backup-and-restore - |
-
-groovyScripts
-
-
-GroovyScripts
-
-
- |
-
-(Optional)
- GroovyScripts defines configuration of Jenkins customization via groovy scripts - |
-
-configurationAsCode
-
-
-ConfigurationAsCode
-
-
- |
-
-(Optional)
- ConfigurationAsCode defines configuration of Jenkins customization via Configuration as Code Jenkins plugin - |
-
-(Appears on: -Jenkins) -
--
JenkinsStatus defines the observed state of Jenkins
- -| Field | -Description | -
|---|---|
-operatorVersion
-
-string
-
- |
-
-(Optional)
- OperatorVersion is the operator version which manages this CR - |
-
-provisionStartTime
-
-
-Kubernetes meta/v1.Time
-
-
- |
-
-(Optional)
- ProvisionStartTime is a time when Jenkins master pod has been created - |
-
-baseConfigurationCompletedTime
-
-
-Kubernetes meta/v1.Time
-
-
- |
-
-(Optional)
- BaseConfigurationCompletedTime is a time when Jenkins base configuration phase has been completed - |
-
-userConfigurationCompletedTime
-
-
-Kubernetes meta/v1.Time
-
-
- |
-
-(Optional)
- UserConfigurationCompletedTime is a time when Jenkins user configuration phase has been completed - |
-
-restoredBackup
-
-uint64
-
- |
-
-(Optional)
- RestoredBackup is the restored backup number after Jenkins master pod restart - |
-
-lastBackup
-
-uint64
-
- |
-
-(Optional)
- LastBackup is the latest backup number - |
-
-pendingBackup
-
-uint64
-
- |
-
-(Optional)
- PendingBackup is the pending backup number - |
-
-backupDoneBeforePodDeletion
-
-bool
-
- |
-
-(Optional)
- BackupDoneBeforePodDeletion tells if backup before pod deletion has been made - |
-
-userAndPasswordHash
-
-string
-
- |
-
-(Optional)
- UserAndPasswordHash is a SHA256 hash made from the username and password - |
-
-createdSeedJobs
-
-[]string
-
- |
-
-(Optional)
- CreatedSeedJobs contains list of seed job ids already created in Jenkins - |
-
-appliedGroovyScripts
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.AppliedGroovyScript
-
-
- |
-
-(Optional)
- AppliedGroovyScripts is a list with all applied groovy scripts in Jenkins by the operator - |
-
-(Appears on: -Notification) -
--
Mailgun is handler for Mailgun email service notification channel
- -| Field | -Description | -
|---|---|
-domain
-
-string
-
- |
-- | -
-apiKeySecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-- | -
-recipient
-
-string
-
- |
-- | -
-from
-
-string
-
- |
-- | -
-(Appears on: -Notification) -
--
MicrosoftTeams is handler for Microsoft MicrosoftTeams notification channel
- -| Field | -Description | -
|---|---|
-webHookURLSecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-
- The web hook URL to MicrosoftTeams App - |
-
-
Notification is a service configuration used to send notifications about Jenkins status
- -| Field | -Description | -
|---|---|
-loggingLevel
-
-
-NotificationLogLevel
-
-
- |
-- | -
-verbose
-
-bool
-
- |
-- | -
-name
-
-string
-
- |
-- | -
-slack
-
-
-github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Slack
-
-
- |
-- | -
-teams
-
-
-github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.MicrosoftTeams
-
-
- |
-- | -
-mailgun
-
-
-github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Mailgun
-
-
- |
-- | -
string alias)-(Appears on: -Notification) -
--
NotificationLogLevel defines logging level of Notification
- --(Appears on: -JenkinsMaster) -
--
Plugin defines Jenkins plugin
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-
- Name is the name of Jenkins plugin - |
-
-version
-
-string
-
- |
-
- Version is the version of Jenkins plugin - |
-
-(Appears on: -JenkinsSpec) -
--
Restore defines configuration of Jenkins backup restore operation
- -| Field | -Description | -
|---|---|
-containerName
-
-string
-
- |
-
- ContainerName is the container name responsible for restore backup operation - |
-
-action
-
-
-Handler
-
-
- |
-
- Action defines action which performs restore backup in restore container sidecar - |
-
-recoveryOnce
-
-uint64
-
- |
-
-(Optional)
- RecoveryOnce if want to restore specific backup set this field and then Jenkins will be restarted and desired backup will be restored - |
-
-(Appears on: -Mailgun, -MicrosoftTeams, -Slack) -
--
SecretKeySelector selects a key of a Secret.
- -| Field | -Description | -
|---|---|
-secret
-
-
-Kubernetes core/v1.LocalObjectReference
-
-
- |
-
- The name of the secret in the pod’s namespace to select from. - |
-
-key
-
-string
-
- |
-
- The key of the secret to select from. Must be a valid secret key. - |
-
-(Appears on: -Customization) -
--
SecretRef is reference to Kubernetes secret
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-- | -
-(Appears on: -JenkinsSpec) -
--
SeedJob defines configuration for seed job -More info: https://github.com/jenkinsci/kubernetes-operator/blob/master/docs/getting-started.md#configure-seed-jobs-and-pipelines
- -| Field | -Description | -
|---|---|
-id
-
-string
-
- |
-
- ID is the unique seed job name - |
-
-credentialID
-
-string
-
- |
-
- CredentialID is the Kubernetes secret name which stores repository access credentials - |
-
-description
-
-string
-
- |
-
-(Optional)
- Description is the description of the seed job - |
-
-targets
-
-string
-
- |
-
- Targets is the repository path where the seed job definitions are - |
-
-repositoryBranch
-
-string
-
- |
-
- RepositoryBranch is the repository branch where the seed job definitions are - |
-
-repositoryUrl
-
-string
-
- |
-
- RepositoryURL is the repository access URL. Can be SSH or HTTPS. - |
-
-credentialType
-
-
-JenkinsCredentialType
-
-
- |
-
-(Optional)
- JenkinsCredentialType is the https://jenkinsci.github.io/kubernetes-credentials-provider-plugin/ credential type - |
-
-githubPushTrigger
-
-bool
-
- |
-
-(Optional)
- GitHubPushTrigger is used for GitHub web hooks - |
-
-buildPeriodically
-
-string
-
- |
-
-(Optional)
- BuildPeriodically is setting for scheduled trigger - |
-
-pollSCM
-
-string
-
- |
-
-(Optional)
- PollSCM is setting for polling changes in SCM - |
-
-ignoreMissingFiles
-
-bool
-
- |
-
-(Optional)
- IgnoreMissingFiles is setting for Job DSL API plugin to ignore files that miss - |
-
-additionalClasspath
-
-string
-
- |
-
-(Optional)
- AdditionalClasspath is setting for Job DSL API plugin to set Additional Classpath - |
-
-failOnMissingPlugin
-
-bool
-
- |
-
-(Optional)
- FailOnMissingPlugin is setting for Job DSL API plugin that fails job if required plugin is missing - |
-
-unstableOnDeprecation
-
-bool
-
- |
-
-(Optional)
- UnstableOnDeprecation is setting for Job DSL API plugin that sets build status as unstable if build using deprecated features - |
-
-(Appears on: -JenkinsSpec) -
--
Service defines Kubernetes service attributes
- -| Field | -Description | -
|---|---|
-annotations
-
-map[string]string
-
- |
-
-(Optional)
- Annotations is an unstructured key value map stored with a resource that may be -set by external tools to store and retrieve arbitrary metadata. They are not -queryable and should be preserved when modifying objects. -More info: http://kubernetes.io/docs/user-guide/annotations - |
-
-labels
-
-map[string]string
-
- |
-
- Route service traffic to pods with label keys and values matching this -selector. If empty or not present, the service is assumed to have an -external process managing its endpoints, which Kubernetes will not -modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. -Ignored if type is ExternalName. -More info: https://kubernetes.io/docs/concepts/services-networking/service/ - |
-
-type
-
-
-Kubernetes core/v1.ServiceType
-
-
- |
-
-(Optional)
- Type determines how the Service is exposed. Defaults to ClusterIP. Valid -options are ExternalName, ClusterIP, NodePort, and LoadBalancer. -“ExternalName” maps to the specified externalName. -“ClusterIP” allocates a cluster-internal IP address for load-balancing to -endpoints. Endpoints are determined by the selector or if that is not -specified, by manual construction of an Endpoints object. If clusterIP is -“None”, no virtual IP is allocated and the endpoints are published as a -set of endpoints rather than a stable IP. -“NodePort” builds on ClusterIP and allocates a port on every node which -routes to the clusterIP. -“LoadBalancer” builds on NodePort and creates an -external load-balancer (if supported in the current cloud) which routes -to the clusterIP. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services—service-types - |
-
-port
-
-int32
-
- |
-
- The port that is exposed by this service. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - |
-
-nodePort
-
-int32
-
- |
-
-(Optional)
- The port on each node on which this service is exposed when type=NodePort or LoadBalancer. -Usually assigned by the system. If specified, it will be allocated to the service -if unused, or else creation of the service will fail. -Default is to auto-allocate a port if the ServiceType of this Service requires one. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - |
-
-loadBalancerSourceRanges
-
-[]string
-
- |
-
-(Optional)
- If specified and supported by the platform, this will restrict traffic through the cloud-provider -the load-balancer will be restricted to the specified client IPs. This field will be ignored if the -cloud-provider does not support the feature.” -More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ - |
-
-loadBalancerIP
-
-string
-
- |
-
-(Optional)
- Only applies to Service Type: LoadBalancer -LoadBalancer will get created with the IP specified in this field. -This feature depends on whether the underlying cloud-provider supports specifying -the loadBalancerIP when a load balancer is created. -This field will be ignored if the cloud-provider does not support the feature. - |
-
-(Appears on: -Notification) -
--
Slack is handler for Slack notification channel
- -| Field | -Description | -
|---|---|
-webHookURLSecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-
- The web hook URL to Slack App - |
-
-Generated with gen-crd-api-reference-docs
-on git commit f4c4235.
-
Azure AKS managed Kubernetes service adds to every pod the following environment variables:
-- name: KUBERNETES_PORT_443_TCP_ADDR
- value:
-- name: KUBERNETES_PORT
- value: tcp://
-- name: KUBERNETES_PORT_443_TCP
- value: tcp://
-- name: KUBERNETES_SERVICE_HOST
- value:The operator is aware of it and omits these environment variables when checking if a Jenkins pod environment has been changed. It prevents the -restart of a Jenkins pod over and over again.
- - - -Jenkins operator uses job-dsl and kubernetes-credentials-provider plugins for configuring jobs -and deploy keys.
- -First you have to prepare pipelines and job definition in your GitHub repository using the following structure:
-cicd/
-├── jobs
-│ └── build.jenkins
-└── pipelines
- └── build.jenkinscicd/jobs/build.jenkins is a job definition:
#!/usr/bin/env groovy
-
-pipelineJob('build-jenkins-operator') {
- displayName('Build jenkins-operator')
-
- definition {
- cpsScm {
- scm {
- git {
- remote {
- url('https://github.com/jenkinsci/kubernetes-operator.git')
- credentials('jenkins-operator')
- }
- branches('*/master')
- }
- }
- scriptPath('cicd/pipelines/build.jenkins')
- }
- }
-}cicd/pipelines/build.jenkins is an actual Jenkins pipeline:
#!/usr/bin/env groovy
-
-def label = "build-jenkins-operator-${UUID.randomUUID().toString()}"
-def home = "/home/jenkins"
-def workspace = "${home}/workspace/build-jenkins-operator"
-def workdir = "${workspace}/src/github.com/jenkinsci/kubernetes-operator/"
-
-podTemplate(label: label,
- containers: [
- containerTemplate(name: 'jnlp', image: 'jenkins/inbound-agent:alpine'),
- containerTemplate(name: 'go', image: 'golang:1-alpine', command: 'cat', ttyEnabled: true),
- ],
- envVars: [
- envVar(key: 'GOPATH', value: workspace),
- ],
- ) {
-
- node(label) {
- dir(workdir) {
- stage('Init') {
- timeout(time: 3, unit: 'MINUTES') {
- checkout scm
- }
- container('go') {
- sh 'apk --no-cache --update add make git gcc libc-dev'
- }
- }
-
- stage('Dep') {
- container('go') {
- sh 'make dep'
- }
- }
-
- stage('Test') {
- container('go') {
- sh 'make test'
- }
- }
-
- stage('Build') {
- container('go') {
- sh 'make build'
- }
- }
- }
- }
-}Jenkins Seed Jobs are configured using Jenkins.spec.seedJobs section from your custom resource manifest:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- seedJobs:
- - id: jenkins-operator
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.gitJenkins Operator will automatically discover and configure all the seed jobs.
- -You can verify if deploy keys were successfully configured in the Jenkins Credentials tab.
- -
You can verify if your pipelines were successfully configured in the Jenkins Seed Job console output.
- -
If your GitHub repository is private you have to configure SSH or username/password authentication.
- -There are two methods of SSH private key generation:
-$ openssl genrsa -out <filename> 2048or
-$ ssh-keygen -t rsa -b 2048
-$ ssh-keygen -p -f <filename> -m pemThen copy content from generated file.
- -If you want to upload your public key to your Git server you need to extract it.
- -If key was generated by openssl then you need to type this to extract public key:
$ openssl rsa -in <filename> -pubout > <filename>.pubIf key was generated by ssh-keygen the public key content is located in
Configure a seed job like this:
-apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- seedJobs:
- - id: jenkins-operator-ssh
- credentialType: basicSSHUserPrivateKey
- credentialID: k8s-ssh
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: ssh://git@github.com:jenkinsci/kubernetes-operator.gitand create a Kubernetes Secret (name of secret should be the same from credentialID field):
apiVersion: v1
-kind: Secret
-metadata:
- name: k8s-ssh
-stringData:
- privateKey: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIJKAIBAAKCAgEAxxDpleJjMCN5nusfW/AtBAZhx8UVVlhhhIKXvQ+dFODQIdzO
- oDXybs1zVHWOj31zqbbJnsfsVZ9Uf3p9k6xpJ3WFY9b85WasqTDN1xmSd6swD4N8
- ...
- username: github_user_nameConfigure the seed job like:
-apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- seedJobs:
- - id: jenkins-operator-user-pass
- credentialType: usernamePassword
- credentialID: k8s-user-pass
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.gitand create a Kubernetes Secret (name of secret should be the same from credentialID field):
apiVersion: v1
-kind: Secret
-metadata:
- name: k8s-user-pass
-stringData:
- username: github_user_name
- password: password_or_tokenTo use forwarding proxy with an operator to download plugins you need to add the following environment variable to Jenkins Custom Resource (CR), e.g.:
-spec:
- master:
- containers:
- - name: jenkins-master
- env:
- - name: CURL_OPTIONS
- value: -L -x <proxy_url>In CURL_OPTIONS var you can set additional arguments to curl command.
To pull a Docker Image from private repository you can use imagePullSecrets.
Please follow the instructions on creating a secret with a docker config.
- -To use Docker Hub additional steps are required.
- -Edit the previously created secret:
-kubectl -n <namespace> edit secret <name>The .dockerconfigjson key’s value needs to be replaced with a modified version.
After modifications, it needs to be encoded as a Base64 value before setting the .dockerconfigjson key.
Example config file to modify and use:
-{
- "auths":{
- "https://index.docker.io/v1/":{
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "auth.docker.io":{
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "registry.docker.io":{
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "docker.io":{
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "https://registry-1.docker.io/v2/": {
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "registry-1.docker.io/v2/": {
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "registry-1.docker.io": {
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "https://registry-1.docker.io": {
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- }
- }
-}Backup and restore is done by a container sidecar.
- -Save to the file named pvc.yaml:
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: <pvc_name>
- namespace: <namespace>
-spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 500GiRun the following command:
-$ kubectl -n <namespace> create -f pvc.yamlapiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: <cr_name>
- namespace: <namespace>
-spec:
- master:
- securityContext:
- runAsUser: 1000
- fsGroup: 1000
- containers:
- - name: jenkins-master
- image: jenkins/jenkins:lts
- - name: backup # container responsible for the backup and restore
- env:
- - name: BACKUP_DIR
- value: /backup
- - name: JENKINS_HOME
- value: /jenkins-home
- - name: BACKUP_COUNT
- value: "3" # keep only the 2 most recent backups
- image: virtuslab/jenkins-operator-backup-pvc:v0.0.8 # look at backup/pvc directory
- imagePullPolicy: IfNotPresent
- volumeMounts:
- - mountPath: /jenkins-home # Jenkins home volume
- name: jenkins-home
- - mountPath: /backup # backup volume
- name: backup
- volumes:
- - name: backup # PVC volume where backups will be stored
- persistentVolumeClaim:
- claimName: <pvc_name>
- backup:
- containerName: backup # container name is responsible for backup
- action:
- exec:
- command:
- - /home/user/bin/backup.sh # this command is invoked on "backup" container to make backup, for example /home/user/bin/backup.sh <backup_number>, <backup_number> is passed by operator
- interval: 30 # how often make backup in seconds
- makeBackupBeforePodDeletion: true # make a backup before pod deletion
- restore:
- containerName: backup # container name is responsible for restore backup
- action:
- exec:
- command:
- - /home/user/bin/restore.sh # this command is invoked on "backup" container to make restore backup, for example /home/user/bin/restore.sh <backup_number>, <backup_number> is passed by operator
- #recoveryOnce: <backup_number> # if want to restore specific backup configure this field and then Jenkins will be restarted and desired backup will be restoredWith enough effort one can create a custom backup and restore provider -for the Jenkins Operator.
- -Two commands (e.g. scripts) are required:
- -backup.sh that takes one argument, a backup numberbackup.sh that takes one argument, a backup numberBoth scripts need to return an exit code of 0 on success and 1 or greater for failure.
One of those scripts (or the entry point of the container) needs to be responsible -for backup cleanup or rotation if required, or an external system.
- -The mechanism relies on basic Kubernetes and UNIX functionalities.
- -The backup (and restore) container runs as a sidecar in the same -Kubernetes pod as the Jenkins master.
- -Name of the backup and restore containers can be set as necessary using
-spec.backup.containerName and spec.restore.containerName.
-In most cases it will be the same container, but we allow for less common use cases.
The operator will call a backup or restore commands inside a sidecar container when necessary:
- -spec.backup.action.exec.command)
-will be called every N seconds configurable in: spec.backup.interval
-and on pod shutdown (if enabled in spec.backup.makeBackupBeforePodDeletion)
-with an integer representing the current backup number as first and only argumentspec.restore.action.exec.command)
-will be called at Jenkins startup
-with an integer representing the backup number to restore as first and only argument
-(can be overridden using spec.restore.recoveryOnce)This example shows abbreviated version of a simple AWS S3 backup implementation
-using: aws-cli, bash and kube2iam.
In addition to your normal Jenkins CustomResource some additional settings
-for backup and restore are required, e.g.:
kind: Jenkins
-apiVersion: jenkins.io/v1alpha1
-metadata:
- name: example
- namespace: jenkins
-spec:
- master:
- masterAnnotations:
- iam.amazonaws.com/role: "my-example-backup-role" # tell kube2iam where the AWS IAM role is
- containers:
- - name: jenkins-master
- ...
- - name: backup # container responsible for backup and restore
- image: quay.io/virtuslab/aws-cli:1.16.263-2
- workingDir: /home/user/bin/
- command: # our container entry point
- - sleep
- - infinity
- env:
- - name: BACKUP_BUCKET
- value: my-example-bucket # the S3 bucket name to use
- - name: BACKUP_PATH
- value: my-backup-path # the S3 bucket path prefix to use
- - name: JENKINS_HOME
- value: /jenkins-home # the path to mount jenkins home dir in the backup container
- volumeMounts:
- - mountPath: /jenkins-home # Jenkins home volume
- name: jenkins-home
- - mountPath: /home/user/bin/backup.sh
- name: backup-scripts
- subPath: backup.sh
- readOnly: true
- - mountPath: /home/user/bin/restore.sh
- name: backup-scripts
- subPath: restore.sh
- readOnly: true
- volumes:
- - name: backup-scripts
- configMap:
- defaultMode: 0754
- name: jenkins-operator-backup-s3
- securityContext: # make sure both containers use the same UID and GUID
- runAsUser: 1000
- fsGroup: 1000
- ...
- backup:
- containerName: backup # container name responsible for backup
- interval: 3600 # how often make a backup in seconds
- makeBackupBeforePodDeletion: true # trigger backup just before deleting the pod
- action:
- exec:
- command:
- # this command is invoked on "backup" container to create a backup,
- # <backup_number> is passed by operator,
- # for example /home/user/bin/backup.sh <backup_number>
- - /home/user/bin/backup.sh
- restore:
- containerName: backup # container name is responsible for restore backup
- action:
- exec:
- command:
- # this command is invoked on "backup" container to restore a backup,
- # <backup_number> is passed by operator
- # for example /home/user/bin/restore.sh <backup_number>
- - /home/user/bin/restore.sh
-# recoveryOnce: <backup_number> # if want to restore specific backup configure this field and then Jenkins will be restarted and desired backup will be restoredThe actual backup and restore scripts will be provided in a ConfigMap:
kind: ConfigMap
-apiVersion: v1
-metadata:
- name: jenkins-operator-backup-s3
- namespace: jenkins
- labels:
- app: jenkins-operator
-data:
- backup.sh: |-
- #!/bin/bash -xeu
- [[ ! $# -eq 1 ]] && echo "Usage: $0 backup_number" && exit 1;
- [[ -z "${BACKUP_BUCKET}" ]] && echo "Required 'BACKUP_BUCKET' env not set" && exit 1;
- [[ -z "${BACKUP_PATH}" ]] && echo "Required 'BACKUP_PATH' env not set" && exit 1;
- [[ -z "${JENKINS_HOME}" ]] && echo "Required 'JENKINS_HOME' env not set" && exit 1;
-
- backup_number=$1
- echo "Running backup #${backup_number}"
-
- BACKUP_TMP_DIR=$(mktemp -d)
- tar -C ${JENKINS_HOME} -czf "${BACKUP_TMP_DIR}/${backup_number}.tar.gz" --exclude jobs/*/workspace* -c jobs && \
-
- aws s3 cp ${BACKUP_TMP_DIR}/${backup_number}.tar.gz s3://${BACKUP_BUCKET}/${BACKUP_PATH}/${backup_number}.tar.gz
- echo Done
-
- restore.sh: |-
- #!/bin/bash -xeu
- [[ ! $# -eq 1 ]] && echo "Usage: $0 backup_number" && exit 1
- [[ -z "${BACKUP_BUCKET}" ]] && echo "Required 'BACKUP_BUCKET' env not set" && exit 1;
- [[ -z "${BACKUP_PATH}" ]] && echo "Required 'BACKUP_PATH' env not set" && exit 1;
- [[ -z "${JENKINS_HOME}" ]] && echo "Required 'JENKINS_HOME' env not set" && exit 1;
-
- backup_number=$1
- echo "Running restore #${backup_number}"
-
- BACKUP_TMP_DIR=$(mktemp -d)
- aws s3 cp s3://${BACKUP_BUCKET}/${BACKUP_PATH}/${backup_number}.tar.gz ${BACKUP_TMP_DIR}/${backup_number}.tar.gz
-
- tar -C ${JENKINS_HOME} -zxf "${BACKUP_TMP_DIR}/${backup_number}.tar.gz"
- echo DoneIn our example we will use S3 bucket lifecycle policy to keep -the number of backups under control, e.g. Cloud Formation fragment:
- Type: AWS::S3::Bucket
- Properties:
- BucketName: my-example-bucket
- ...
- LifecycleConfiguration:
- Rules:
- - Id: BackupCleanup
- Status: Enabled
- Prefix: my-backup-path
- ExpirationInDays: 7
- NoncurrentVersionExpirationInDays: 14
- AbortIncompleteMultipartUpload:
- DaysAfterInitiation: 3Jenkins can be customized using groovy scripts or the configuration as code plugin.
-By using a ConfigMap you can create your own Jenkins customized configuration.
-Then you must reference the ConfigMap in the Jenkins pod customization file in spec.groovyScripts or spec.configurationAsCode
For example create a ConfigMap with name jenkins-operator-user-configuration. Then, modify the Jenkins manifest to look like this:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- configurationAsCode:
- configurations:
- - name: jenkins-operator-user-configuration
- groovyScripts:
- configurations:
- - name: jenkins-operator-user-configurationHere is an example of jenkins-operator-user-configuration:
apiVersion: v1
-kind: ConfigMap
-metadata:
- name: jenkins-operator-user-configuration
-data:
- 1-configure-theme.groovy: |
- import jenkins.*
- import jenkins.model.*
- import hudson.*
- import hudson.model.*
- import org.jenkinsci.plugins.simpletheme.ThemeElement
- import org.jenkinsci.plugins.simpletheme.CssTextThemeElement
- import org.jenkinsci.plugins.simpletheme.CssUrlThemeElement
-
- Jenkins jenkins = Jenkins.getInstance()
-
- def decorator = Jenkins.instance.getDescriptorByType(org.codefirst.SimpleThemeDecorator.class)
-
- List<ThemeElement> configElements = new ArrayList<>();
- configElements.add(new CssTextThemeElement("DEFAULT"));
- configElements.add(new CssUrlThemeElement("https://cdn.rawgit.com/afonsof/jenkins-material-theme/gh-pages/dist/material-light-green.css"));
- decorator.setElements(configElements);
- decorator.save();
-
- jenkins.save()
- 1-system-message.yaml: |
- jenkins:
- systemMessage: "Configuration as Code integration works!!!"*.groovy is Groovy script configuration*.yaml is configuration as codeIf you want to correct your configuration you can edit it while the Jenkins Operator is running. -Jenkins will reconcile and apply the new configuration.
- -If you configured spec.groovyScripts.secret.name, then this secret is available to use from map Groovy scripts.
-The secrets are loaded to secrets map.
Create a secret with for example the name jenkins-conf-secrets.
kind: Secret
-apiVersion: v1
-type: Opaque
-metadata:
- name: jenkins-conf-secrets
- namespace: default
-data:
- SYSTEM_MESSAGE: SGVsbG8gd29ybGQ=Then modify the Jenkins pod manifest by changing spec.groovyScripts.secret.name to jenkins-conf-secrets.
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- configurationAsCode:
- configurations:
- - name: jenkins-operator-user-configuration
- secret:
- name: jenkins-conf-secrets
- groovyScripts:
- configurations:
- - name: jenkins-operator-user-configuration
- secret:
- name: jenkins-conf-secretsNow you can test that the secret is mounted by applying this ConfigMap for Groovy script:
apiVersion: v1
-kind: ConfigMap
-metadata:
- name: jenkins-operator-user-configuration
-data:
- 1-system-message.groovy: |
- import jenkins.*
- import jenkins.model.*
- import hudson.*
- import hudson.model.*
- Jenkins jenkins = Jenkins.getInstance()
-
- jenkins.setSystemMessage(secrets["SYSTEM_MESSAGE"])
- jenkins.save()Or by applying this configuration as code:
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: jenkins-operator-user-configuration
-data:
- 1-system-message.yaml: |
- jenkins:
- systemMessage: ${SYSTEM_MESSAGE}After this, you should see the Hello world system message from the Jenkins homepage.
Edit Custom Resource under spec.master.plugins:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- master:
- plugins:
- - name: simple-theme-plugin
- version: 0.5.1Under spec.master.basePlugins you can find plugins for a valid Jenkins Operator:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- master:
- basePlugins:
- - name: kubernetes
- version: 1.18.3
- - name: workflow-job
- version: "2.34"
- - name: workflow-aggregator
- version: "2.6"
- - name: git
- version: 3.12.0
- - name: job-dsl
- version: "1.76"
- - name: configuration-as-code
- version: "1.29"
- - name: kubernetes-credentials-provider
- version: 0.12.1You can change their versions.
- -The Jenkins Operator will then automatically install plugins after the Jenkins master pod restarts.
- - - -Once Jenkins Operator is up and running let’s deploy actual Jenkins instance.
-Create manifest e.g. jenkins_instance.yaml with following data and save it on drive.
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- master:
- containers:
- - name: jenkins-master
- image: jenkins/jenkins:lts
- imagePullPolicy: Always
- livenessProbe:
- failureThreshold: 12
- httpGet:
- path: /login
- port: http
- scheme: HTTP
- initialDelaySeconds: 80
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 5
- readinessProbe:
- failureThreshold: 3
- httpGet:
- path: /login
- port: http
- scheme: HTTP
- initialDelaySeconds: 30
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 1
- resources:
- limits:
- cpu: 1500m
- memory: 3Gi
- requests:
- cpu: "1"
- memory: 500Mi
- seedJobs:
- - id: jenkins-operator
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.gitDeploy a Jenkins to Kubernetes:
-kubectl create -f jenkins_instance.yamlWatch the Jenkins instance being created:
-kubectl get pods -wGet the Jenkins credentials:
-kubectl get secret jenkins-operator-credentials-<cr_name> -o 'jsonpath={.data.user}' | base64 -d
-kubectl get secret jenkins-operator-credentials-<cr_name> -o 'jsonpath={.data.password}' | base64 -dConnect to the Jenkins instance (minikube):
-minikube service jenkins-operator-http-<cr_name> --urlConnect to the Jenkins instance (actual Kubernetes cluster):
-kubectl port-forward jenkins-<cr_name> 8080:8080Then open browser with address http://localhost:8080.
Turn on debug in Jenkins Operator deployment:
-sed -i 's|\(args:\).*|\1\ ["--debug"\]|' deploy/operator.yaml
-kubectl apply -f deploy/operator.yamlWatch Kubernetes events:
-kubectl get events --sort-by='{.lastTimestamp}'Verify Jenkins master logs:
-kubectl logs -f jenkins-<cr_name>Verify the jenkins-operator logs:
kubectl logs deployment/jenkins-operatorDelete the Jenkins master pod and wait for the new one to come up:
-kubectl delete pod jenkins-<cr_name>This document describes a getting started guide for Jenkins Operator v0.3.x and also additional configuration.
Prepare your Kubernetes cluster and set up your kubectl access.
Once you have running Kubernetes cluster you can focus on installing Jenkins Operator according to the Installation guide.
- -Deploy production ready Jenkins Operator manifest -
-How to configure Jenkins with Operator -
-How to customize Jenkins -
-How to migrate from v0.2.x to v0.3.x -
-Additional configuration for Azure Kubernetes Service -
-Prevent loss of job history -
-Custom backup and restore provider -
-How to setup operator notifications. -
-How to deal with Jenkins Operator problems -
-API Schema definitions for Jenkins CRD -
-jenkins.io/v1alpha2:
-
-spec.master.masterAnnotations was deprecated, use spec.master.annotationsspec.notificationsspec.master.tolerations (in v0.3.1)spec.master.disableCSRFProtectionimage: virtuslab/jenkins-operator:v0.3.1apiVersion: jenkins.io/v1alpha2, adjust content if necessaryThe v0.3.x should work fine with jenkins.io/v1alpha1, but we recommend using jenkins.io/v1alpha2.
Please follow this instructions to get web hook URL.
- -Create web hook secret with name jenkins-operator-notification-data. Contains key url with provided web hook URL.
$ kubectl create secret generic jenkins-operator-notification-data --from-literal=url=<webhook_url>Example configuration for Slack:
-kind: Jenkins
-spec:
- master:
- notifications:
- - loggingLevel: info
- verbose: true
- name:
- slack:
- webHookURLSecretKeySelector:
- secret:
- name:
- key: Please follow this instructions to get web hook URL.
- -Example configuration for Microsoft Teams:
-kind: Jenkins
-spec:
- master:
- notifications:
- - loggingLevel: info
- verbose: true
- name:
- teams:
- webHookURLSecretKeySelector:
- secret:
- name:
- key: Example configuration for Mailgun:
-kind: Jenkins
-spec:
- master:
- notifications:
- - loggingLevel: info
- verbose: true
- name:
- mailgun:
- domain:
- apiKeySecretKeySelector:
- secret:
- name:
- key:
- recipient:
- from: As you see there is two debugging options:
- -loggingLevel (warning/info) - Set level of messages to send.
verbose - Print stacktrace and additional error messages
You can use multiple providers to send notification to another communication channels at the same time. -For example you will send notifications to Slack and Teams.
-kind: Jenkins
-spec:
- master:
- notifications:
- - loggingLevel: info
- verbose: true
- name: nslack
- slack:
- webHookURLSecretKeySelector:
- secret:
- name:
- key:
- - loggingLevel: info
- verbose: true
- name: nteams
- teams:
- webHookURLSecretKeySelector:
- secret:
- name:
- key: This document contains API scheme for jenkins-operator Custom Resource Definition manifest
Packages:
--
Package v1alpha2 contains API Schema definitions for the jenkins.io v1alpha2 API group
- -Resource Types: --
Jenkins is the Schema for the jenkins API
- -| Field | -Description | -||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
-apiVersion
-string |
-
-
-jenkins.io/v1alpha2
-
- |
-||||||||||||||||||
-kind
-string
- |
-Jenkins |
-||||||||||||||||||
-metadata
-
-
-Kubernetes meta/v1.ObjectMeta
-
-
- |
-
-Refer to the Kubernetes API documentation for the fields of the
-metadata field.
- |
-||||||||||||||||||
-spec
-
-
-JenkinsSpec
-
-
- |
-
- Spec defines the desired state of the Jenkins -- -
|
-||||||||||||||||||
-status
-
-
-JenkinsStatus
-
-
- |
-
- Status defines the observed state of Jenkins - |
-
-(Appears on: -JenkinsStatus) -
--
AppliedGroovyScript is the applied groovy script in Jenkins by the operator
- -| Field | -Description | -
|---|---|
-configurationType
-
-string
-
- |
-
- ConfigurationType is the name of the configuration type(base-groovy, user-groovy, user-casc) - |
-
-source
-
-string
-
- |
-
- Source is the name of source where is located groovy script - |
-
-name
-
-string
-
- |
-
- Name is the name of the groovy script - |
-
-Hash
-
-string
-
- |
-
- Hash is the hash of the groovy script and secrets which it uses - |
-
-(Appears on: -JenkinsSpec) -
--
Backup defines configuration of Jenkins backup
- -| Field | -Description | -
|---|---|
-containerName
-
-string
-
- |
-
- ContainerName is the container name responsible for backup operation - |
-
-action
-
-
-Handler
-
-
- |
-
- Action defines action which performs backup in backup container sidecar - |
-
-interval
-
-uint64
-
- |
-
- Interval tells how often make backup in seconds -Defaults to 30. - |
-
-makeBackupBeforePodDeletion
-
-bool
-
- |
-
- MakeBackupBeforePodDeletion tells operator to make backup before Jenkins master pod deletion - |
-
-(Appears on: -Customization) -
--
ConfigMapRef is reference to Kubernetes ConfigMap
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-- | -
-(Appears on: -JenkinsSpec) -
--
ConfigurationAsCode defines configuration of Jenkins customization via Configuration as Code Jenkins plugin
- -| Field | -Description | -
|---|---|
-Customization
-
-
-Customization
-
-
- |
-- | -
-(Appears on: -JenkinsMaster) -
--
Container defines Kubernetes container attributes
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-
- Name of the container specified as a DNS_LABEL. -Each container in a pod must have a unique name (DNS_LABEL). - |
-
-image
-
-string
-
- |
-
- Docker image name. -More info: https://kubernetes.io/docs/concepts/containers/images - |
-
-imagePullPolicy
-
-
-Kubernetes core/v1.PullPolicy
-
-
- |
-
- Image pull policy. -One of Always, Never, IfNotPresent. -Defaults to Always. - |
-
-resources
-
-
-Kubernetes core/v1.ResourceRequirements
-
-
- |
-
- Compute Resources required by this container. -More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - |
-
-command
-
-[]string
-
- |
-
-(Optional)
- Entrypoint array. Not executed within a shell. -The docker image’s ENTRYPOINT is used if this is not provided. -Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable -cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax -can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, -regardless of whether the variable exists or not. -More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - |
-
-args
-
-[]string
-
- |
-
-(Optional)
- Arguments to the entrypoint. -The docker image’s CMD is used if this is not provided. -Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable -cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax -can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, -regardless of whether the variable exists or not. -More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - |
-
-workingDir
-
-string
-
- |
-
-(Optional)
- Container’s working directory. -If not specified, the container runtime’s default will be used, which -might be configured in the container image. - |
-
-ports
-
-
-[]Kubernetes core/v1.ContainerPort
-
-
- |
-
-(Optional)
- List of ports to expose from the container. Exposing a port here gives -the system additional information about the network connections a -container uses, but is primarily informational. Not specifying a port here -DOES NOT prevent that port from being exposed. Any port which is -listening on the default “0.0.0.0” address inside a container will be -accessible from the network. - |
-
-envFrom
-
-
-[]Kubernetes core/v1.EnvFromSource
-
-
- |
-
-(Optional)
- List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple -sources, the value associated with the last source will take precedence. -Values defined by an Env with a duplicate key will take precedence. - |
-
-env
-
-
-[]Kubernetes core/v1.EnvVar
-
-
- |
-
-(Optional)
- List of environment variables to set in the container. - |
-
-volumeMounts
-
-
-[]Kubernetes core/v1.VolumeMount
-
-
- |
-
-(Optional)
- Pod volumes to mount into the container’s filesystem. - |
-
-livenessProbe
-
-
-Kubernetes core/v1.Probe
-
-
- |
-
-(Optional)
- Periodic probe of container liveness. -Container will be restarted if the probe fails. - |
-
-readinessProbe
-
-
-Kubernetes core/v1.Probe
-
-
- |
-
-(Optional)
- Periodic probe of container service readiness. -Container will be removed from service endpoints if the probe fails. - |
-
-lifecycle
-
-
-Kubernetes core/v1.Lifecycle
-
-
- |
-
-(Optional)
- Actions that the management system should take in response to container lifecycle events. - |
-
-securityContext
-
-
-Kubernetes core/v1.SecurityContext
-
-
- |
-
-(Optional)
- Security options the pod should run with. -More info: https://kubernetes.io/docs/concepts/policy/security-context/ -More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - |
-
-(Appears on: -ConfigurationAsCode, -GroovyScripts) -
--
Customization defines configuration of Jenkins customization
- -| Field | -Description | -
|---|---|
-secret
-
-
-SecretRef
-
-
- |
-- | -
-configurations
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.ConfigMapRef
-
-
- |
-- | -
-(Appears on: -JenkinsSpec) -
--
GroovyScripts defines configuration of Jenkins customization via groovy scripts
- -| Field | -Description | -
|---|---|
-Customization
-
-
-Customization
-
-
- |
-- | -
-(Appears on: -Backup, -Restore) -
--
Handler defines a specific action that should be taken
- -| Field | -Description | -
|---|---|
-exec
-
-
-Kubernetes core/v1.ExecAction
-
-
- |
-
- Exec specifies the action to take. - |
-
string alias)-(Appears on: -SeedJob) -
--
JenkinsCredentialType defines type of Jenkins credential used to seed job mechanism
- --(Appears on: -JenkinsSpec) -
--
JenkinsMaster defines the Jenkins master pod attributes and plugins, -every single change requires a Jenkins master pod restart
- -| Field | -Description | -
|---|---|
-annotations
-
-map[string]string
-
- |
-
-(Optional)
- Annotations is an unstructured key value map stored with a resource that may be -set by external tools to store and retrieve arbitrary metadata. They are not -queryable and should be preserved when modifying objects. -More info: http://kubernetes.io/docs/user-guide/annotations - |
-
-masterAnnotations
-
-map[string]string
-
- |
-
-(Optional)
- Annotations is an unstructured key value map stored with a resource that may be -set by external tools to store and retrieve arbitrary metadata. They are not -queryable and should be preserved when modifying objects. -More info: http://kubernetes.io/docs/user-guide/annotations -Deprecated: will be removed in the future, please use Annotations(annotations) - |
-
-labels
-
-map[string]string
-
- |
-
-(Optional)
- Map of string keys and values that can be used to organize and categorize -(scope and select) objects. May match selectors of replication controllers -and services. -More info: http://kubernetes.io/docs/user-guide/labels - |
-
-nodeSelector
-
-map[string]string
-
- |
-
-(Optional)
- NodeSelector is a selector which must be true for the pod to fit on a node. -Selector which must match a node’s labels for the pod to be scheduled on that node. -More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - |
-
-securityContext
-
-
-Kubernetes core/v1.PodSecurityContext
-
-
- |
-
-(Optional)
- SecurityContext that applies to all the containers of the Jenkins -Master. As per kubernetes specification, it can be overridden -for each container individually. -Defaults to: -runAsUser: 1000 -fsGroup: 1000 - |
-
-containers
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Container
-
-
- |
-
- List of containers belonging to the pod. -Containers cannot currently be added or removed. -There must be at least one container in a Pod. -Defaults to: -- image: jenkins/jenkins:lts -imagePullPolicy: Always -livenessProbe: -failureThreshold: 12 -httpGet: -path: /login -port: http -scheme: HTTP -initialDelaySeconds: 80 -periodSeconds: 10 -successThreshold: 1 -timeoutSeconds: 5 -name: jenkins-master -readinessProbe: -failureThreshold: 3 -httpGet: -path: /login -port: http -scheme: HTTP -initialDelaySeconds: 30 -periodSeconds: 10 -successThreshold: 1 -timeoutSeconds: 1 -resources: -limits: -cpu: 1500m -memory: 3Gi -requests: -cpu: “1” -memory: 600Mi - |
-
-imagePullSecrets
-
-
-[]Kubernetes core/v1.LocalObjectReference
-
-
- |
-
-(Optional)
- ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. -If specified, these secrets will be passed to individual puller implementations for them to use. For example, -in the case of docker, only DockerConfig type secrets are honored. -More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod - |
-
-volumes
-
-
-[]Kubernetes core/v1.Volume
-
-
- |
-
-(Optional)
- List of volumes that can be mounted by containers belonging to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes - |
-
-tolerations
-
-
-[]Kubernetes core/v1.Toleration
-
-
- |
-
-(Optional)
- If specified, the pod’s tolerations. - |
-
-basePlugins
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Plugin
-
-
- |
-
- BasePlugins contains plugins required by operator -Defaults to : -- name: kubernetes -version: 1.15.7 -- name: workflow-job -version: “2.32” -- name: workflow-aggregator -version: “2.6” -- name: git -version: 3.10.0 -- name: job-dsl -version: “1.74” -- name: configuration-as-code -version: “1.19” -- name: kubernetes-credentials-provider -version: 0.12.1 - |
-
-plugins
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Plugin
-
-
- |
-
-(Optional)
- Plugins contains plugins required by user - |
-
-disableCSRFProtection
-
-bool
-
- |
-
- DisableCSRFProtection allows you to toggle CSRF Protection on Jenkins - |
-
-(Appears on: -Jenkins) -
--
JenkinsSpec defines the desired state of the Jenkins
- -| Field | -Description | -
|---|---|
-master
-
-
-JenkinsMaster
-
-
- |
-
- Master represents Jenkins master pod properties and Jenkins plugins. -Every single change here requires a pod restart. - |
-
-seedJobs
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.SeedJob
-
-
- |
-
-(Optional)
- SeedJobs defines list of Jenkins Seed Job configurations -More info: https://github.com/jenkinsci/kubernetes-operator/blob/master/docs/getting-started.md#configure-seed-jobs-and-pipelines - |
-
-notifications
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Notification
-
-
- |
-
- Notifications defines list of a services which are used to inform about Jenkins status -Can be used to integrate chat services like Slack, Microsoft Teams or Mailgun - |
-
-service
-
-
-Service
-
-
- |
-
-(Optional)
- Service is Kubernetes service of Jenkins master HTTP pod -Defaults to : -port: 8080 -type: ClusterIP - |
-
-slaveService
-
-
-Service
-
-
- |
-
-(Optional)
- Service is Kubernetes service of Jenkins slave pods -Defaults to : -port: 50000 -type: ClusterIP - |
-
-backup
-
-
-Backup
-
-
- |
-
-(Optional)
- Backup defines configuration of Jenkins backup -More info: https://github.com/jenkinsci/kubernetes-operator/blob/master/docs/getting-started.md#configure-backup-and-restore - |
-
-restore
-
-
-Restore
-
-
- |
-
-(Optional)
- Backup defines configuration of Jenkins backup restore -More info: https://github.com/jenkinsci/kubernetes-operator/blob/master/docs/getting-started.md#configure-backup-and-restore - |
-
-groovyScripts
-
-
-GroovyScripts
-
-
- |
-
-(Optional)
- GroovyScripts defines configuration of Jenkins customization via groovy scripts - |
-
-configurationAsCode
-
-
-ConfigurationAsCode
-
-
- |
-
-(Optional)
- ConfigurationAsCode defines configuration of Jenkins customization via Configuration as Code Jenkins plugin - |
-
-(Appears on: -Jenkins) -
--
JenkinsStatus defines the observed state of Jenkins
- -| Field | -Description | -
|---|---|
-operatorVersion
-
-string
-
- |
-
-(Optional)
- OperatorVersion is the operator version which manages this CR - |
-
-provisionStartTime
-
-
-Kubernetes meta/v1.Time
-
-
- |
-
-(Optional)
- ProvisionStartTime is a time when Jenkins master pod has been created - |
-
-baseConfigurationCompletedTime
-
-
-Kubernetes meta/v1.Time
-
-
- |
-
-(Optional)
- BaseConfigurationCompletedTime is a time when Jenkins base configuration phase has been completed - |
-
-userConfigurationCompletedTime
-
-
-Kubernetes meta/v1.Time
-
-
- |
-
-(Optional)
- UserConfigurationCompletedTime is a time when Jenkins user configuration phase has been completed - |
-
-restoredBackup
-
-uint64
-
- |
-
-(Optional)
- RestoredBackup is the restored backup number after Jenkins master pod restart - |
-
-lastBackup
-
-uint64
-
- |
-
-(Optional)
- LastBackup is the latest backup number - |
-
-pendingBackup
-
-uint64
-
- |
-
-(Optional)
- PendingBackup is the pending backup number - |
-
-backupDoneBeforePodDeletion
-
-bool
-
- |
-
-(Optional)
- BackupDoneBeforePodDeletion tells if backup before pod deletion has been made - |
-
-userAndPasswordHash
-
-string
-
- |
-
-(Optional)
- UserAndPasswordHash is a SHA256 hash made from user and password - |
-
-createdSeedJobs
-
-[]string
-
- |
-
-(Optional)
- CreatedSeedJobs contains list of seed job id already created in Jenkins - |
-
-appliedGroovyScripts
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.AppliedGroovyScript
-
-
- |
-
-(Optional)
- AppliedGroovyScripts is a list with all applied groovy scripts in Jenkins by the operator - |
-
-(Appears on: -Notification) -
--
Mailgun is handler for Mailgun email service notification channel
- -| Field | -Description | -
|---|---|
-domain
-
-string
-
- |
-- | -
-apiKeySecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-- | -
-recipient
-
-string
-
- |
-- | -
-from
-
-string
-
- |
-- | -
-(Appears on: -Notification) -
--
MicrosoftTeams is handler for Microsoft MicrosoftTeams notification channel
- -| Field | -Description | -
|---|---|
-webHookURLSecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-
- The web hook URL to MicrosoftTeams App - |
-
-(Appears on: -JenkinsSpec) -
--
Notification is a service configuration used to send notifications about Jenkins status
- -| Field | -Description | -
|---|---|
-level
-
-
-NotificationLevel
-
-
- |
-- | -
-verbose
-
-bool
-
- |
-- | -
-name
-
-string
-
- |
-- | -
-slack
-
-
-github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Slack
-
-
- |
-- | -
-teams
-
-
-github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.MicrosoftTeams
-
-
- |
-- | -
-mailgun
-
-
-github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Mailgun
-
-
- |
-- | -
-smtp
-
-
-github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.SMTP
-
-
- |
-- | -
string alias)-(Appears on: -Notification) -
--
NotificationLevel defines the level of a Notification
- --(Appears on: -JenkinsMaster) -
--
Plugin defines Jenkins plugin
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-
- Name is the name of Jenkins plugin - |
-
-version
-
-string
-
- |
-
- Version is the version of Jenkins plugin - |
-
-(Appears on: -JenkinsSpec) -
--
Restore defines configuration of Jenkins backup restore operation
- -| Field | -Description | -
|---|---|
-containerName
-
-string
-
- |
-
- ContainerName is the container name responsible for restore backup operation - |
-
-action
-
-
-Handler
-
-
- |
-
- Action defines action which performs restore backup in restore container sidecar - |
-
-recoveryOnce
-
-uint64
-
- |
-
-(Optional)
- RecoveryOnce if want to restore specific backup set this field and then Jenkins will be restarted and desired backup will be restored - |
-
-(Appears on: -Notification) -
--
SMTP is handler for sending emails via this protocol
- -| Field | -Description | -
|---|---|
-usernameSecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-- | -
-passwordSecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-- | -
-port
-
-int
-
- |
-- | -
-server
-
-string
-
- |
-- | -
-tlsInsecureSkipVerify
-
-bool
-
- |
-- | -
-from
-
-string
-
- |
-- | -
-to
-
-string
-
- |
-- | -
-(Appears on: -Mailgun, -MicrosoftTeams, -SMTP, -Slack) -
--
SecretKeySelector selects a key of a Secret.
- -| Field | -Description | -
|---|---|
-secret
-
-
-Kubernetes core/v1.LocalObjectReference
-
-
- |
-
- The name of the secret in the pod’s namespace to select from. - |
-
-key
-
-string
-
- |
-
- The key of the secret to select from. Must be a valid secret key. - |
-
-(Appears on: -Customization) -
--
SecretRef is reference to Kubernetes secret
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-- | -
-(Appears on: -JenkinsSpec) -
--
SeedJob defines configuration for seed job -More info: https://github.com/jenkinsci/kubernetes-operator/blob/master/docs/getting-started.md#configure-seed-jobs-and-pipelines
- -| Field | -Description | -
|---|---|
-id
-
-string
-
- |
-
- ID is the unique seed job name - |
-
-credentialID
-
-string
-
- |
-
- CredentialID is the Kubernetes secret name which stores repository access credentials - |
-
-description
-
-string
-
- |
-
-(Optional)
- Description is the description of the seed job - |
-
-targets
-
-string
-
- |
-
- Targets is the repository path where are seed job definitions - |
-
-repositoryBranch
-
-string
-
- |
-
- RepositoryBranch is the repository branch where are seed job definitions - |
-
-repositoryUrl
-
-string
-
- |
-
- RepositoryURL is the repository access URL. Can be SSH or HTTPS. - |
-
-credentialType
-
-
-JenkinsCredentialType
-
-
- |
-
-(Optional)
- JenkinsCredentialType is the https://jenkinsci.github.io/kubernetes-credentials-provider-plugin/ credential type - |
-
-githubPushTrigger
-
-bool
-
- |
-
-(Optional)
- GitHubPushTrigger is used for GitHub web hooks - |
-
-buildPeriodically
-
-string
-
- |
-
-(Optional)
- BuildPeriodically is setting for scheduled trigger - |
-
-pollSCM
-
-string
-
- |
-
-(Optional)
- PollSCM is setting for polling changes in SCM - |
-
-ignoreMissingFiles
-
-bool
-
- |
-
-(Optional)
- IgnoreMissingFiles is setting for Job DSL API plugin to ignore files that miss - |
-
-additionalClasspath
-
-string
-
- |
-
-(Optional)
- AdditionalClasspath is setting for Job DSL API plugin to set Additional Classpath - |
-
-failOnMissingPlugin
-
-bool
-
- |
-
-(Optional)
- FailOnMissingPlugin is setting for Job DSL API plugin that fails job if required plugin is missing - |
-
-unstableOnDeprecation
-
-bool
-
- |
-
-(Optional)
- UnstableOnDeprecation is setting for Job DSL API plugin that sets build status as unstable if build using deprecated features - |
-
-(Appears on: -JenkinsSpec) -
--
Service defines Kubernetes service attributes
- -| Field | -Description | -
|---|---|
-annotations
-
-map[string]string
-
- |
-
-(Optional)
- Annotations is an unstructured key value map stored with a resource that may be -set by external tools to store and retrieve arbitrary metadata. They are not -queryable and should be preserved when modifying objects. -More info: http://kubernetes.io/docs/user-guide/annotations - |
-
-labels
-
-map[string]string
-
- |
-
- Route service traffic to pods with label keys and values matching this -selector. If empty or not present, the service is assumed to have an -external process managing its endpoints, which Kubernetes will not -modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. -Ignored if type is ExternalName. -More info: https://kubernetes.io/docs/concepts/services-networking/service/ - |
-
-type
-
-
-Kubernetes core/v1.ServiceType
-
-
- |
-
-(Optional)
- Type determines how the Service is exposed. Defaults to ClusterIP. Valid -options are ExternalName, ClusterIP, NodePort, and LoadBalancer. -“ExternalName” maps to the specified externalName. -“ClusterIP” allocates a cluster-internal IP address for load-balancing to -endpoints. Endpoints are determined by the selector or if that is not -specified, by manual construction of an Endpoints object. If clusterIP is -“None”, no virtual IP is allocated and the endpoints are published as a -set of endpoints rather than a stable IP. -“NodePort” builds on ClusterIP and allocates a port on every node which -routes to the clusterIP. -“LoadBalancer” builds on NodePort and creates an -external load-balancer (if supported in the current cloud) which routes -to the clusterIP. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services—service-types - |
-
-port
-
-int32
-
- |
-
- The port that are exposed by this service. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - |
-
-nodePort
-
-int32
-
- |
-
-(Optional)
- The port on each node on which this service is exposed when type=NodePort or LoadBalancer. -Usually assigned by the system. If specified, it will be allocated to the service -if unused or else creation of the service will fail. -Default is to auto-allocate a port if the ServiceType of this Service requires one. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - |
-
-loadBalancerSourceRanges
-
-[]string
-
- |
-
-(Optional)
- If specified and supported by the platform, this will restrict traffic through the cloud-provider -load-balancer will be restricted to the specified client IPs. This field will be ignored if the -cloud-provider does not support the feature.” -More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ - |
-
-loadBalancerIP
-
-string
-
- |
-
-(Optional)
- Only applies to Service Type: LoadBalancer -LoadBalancer will get created with the IP specified in this field. -This feature depends on whether the underlying cloud-provider supports specifying -the loadBalancerIP when a load balancer is created. -This field will be ignored if the cloud-provider does not support the feature. - |
-
-(Appears on: -Notification) -
--
Slack is handler for Slack notification channel
- -| Field | -Description | -
|---|---|
-webHookURLSecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-
- The web hook URL to Slack App - |
-
-Generated with gen-crd-api-reference-docs
-on git commit 4b89360.
-
Azure AKS managed Kubernetes service adds to every pod the following environment variables:
-- name: KUBERNETES_PORT_443_TCP_ADDR
- value:
-- name: KUBERNETES_PORT
- value: tcp://
-- name: KUBERNETES_PORT_443_TCP
- value: tcp://
-- name: KUBERNETES_SERVICE_HOST
- value:The operator is aware of it and omits these environment variables when checking if a Jenkins pod environment has been changed. It prevents the -restart of a Jenkins pod over and over again.
- - - -Jenkins operator uses job-dsl and kubernetes-credentials-provider plugins for configuring jobs -and deploy keys.
- -First you have to prepare pipelines and job definition in your GitHub repository using the following structure:
-cicd/
-├── jobs
-│ └── build.jenkins
-└── pipelines
- └── build.jenkinscicd/jobs/build.jenkins is a job definition:
#!/usr/bin/env groovy
-
-pipelineJob('build-jenkins-operator') {
- displayName('Build jenkins-operator')
-
- definition {
- cpsScm {
- scm {
- git {
- remote {
- url('https://github.com/jenkinsci/kubernetes-operator.git')
- credentials('jenkins-operator')
- }
- branches('*/master')
- }
- }
- scriptPath('cicd/pipelines/build.jenkins')
- }
- }
-}cicd/pipelines/build.jenkins is an actual Jenkins pipeline:
#!/usr/bin/env groovy
-
-def label = "build-jenkins-operator-${UUID.randomUUID().toString()}"
-def home = "/home/jenkins"
-def workspace = "${home}/workspace/build-jenkins-operator"
-def workdir = "${workspace}/src/github.com/jenkinsci/kubernetes-operator/"
-
-podTemplate(label: label,
- containers: [
- containerTemplate(name: 'jnlp', image: 'jenkins/inbound-agent:alpine'),
- containerTemplate(name: 'go', image: 'golang:1-alpine', command: 'cat', ttyEnabled: true),
- ],
- envVars: [
- envVar(key: 'GOPATH', value: workspace),
- ],
- ) {
-
- node(label) {
- dir(workdir) {
- stage('Init') {
- timeout(time: 3, unit: 'MINUTES') {
- checkout scm
- }
- container('go') {
- sh 'apk --no-cache --update add make git gcc libc-dev'
- }
- }
-
- stage('Dep') {
- container('go') {
- sh 'make dep'
- }
- }
-
- stage('Test') {
- container('go') {
- sh 'make test'
- }
- }
-
- stage('Build') {
- container('go') {
- sh 'make build'
- }
- }
- }
- }
-}Jenkins Seed Jobs are configured using Jenkins.spec.seedJobs section from your custom resource manifest:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- seedJobs:
- - id: jenkins-operator
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.gitJenkins Operator will automatically discover and configure all the seed jobs.
- -You can verify if deploy keys were successfully configured in the Jenkins Credentials tab.
- -
You can verify if your pipelines were successfully configured in the Jenkins Seed Job console output.
- -
If your GitHub repository is private you have to configure SSH or username/password authentication.
- -There are two methods of SSH private key generation:
-$ openssl genrsa -out <filename> 2048or
-$ ssh-keygen -t rsa -b 2048
-$ ssh-keygen -p -f <filename> -m pemThen copy content from generated file.
- -If you want to upload your public key to your Git server you need to extract it.
- -If key was generated by openssl then you need to type this to extract public key:
$ openssl rsa -in <filename> -pubout > <filename>.pubIf key was generated by ssh-keygen the public key content is located in
Configure a seed job like this:
-apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- seedJobs:
- - id: jenkins-operator-ssh
- credentialType: basicSSHUserPrivateKey
- credentialID: k8s-ssh
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: ssh://git@github.com:jenkinsci/kubernetes-operator.gitand create a Kubernetes Secret (name of secret should be the same from credentialID field):
apiVersion: v1
-kind: Secret
-metadata:
- name: k8s-ssh
- labels:
- "jenkins.io/credentials-type": "basicSSHUserPrivateKey"
- annotations:
- "jenkins.io/credentials-description" : "ssh github.com:jenkinsci/kubernetes-operator"
-stringData:
- privateKey: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIJKAIBAAKCAgEAxxDpleJjMCN5nusfW/AtBAZhx8UVVlhhhIKXvQ+dFODQIdzO
- oDXybs1zVHWOj31zqbbJnsfsVZ9Uf3p9k6xpJ3WFY9b85WasqTDN1xmSd6swD4N8
- ...
- username: github_user_nameConfigure the seed job like:
-apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- seedJobs:
- - id: jenkins-operator-user-pass
- credentialType: usernamePassword
- credentialID: k8s-user-pass
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.gitand create a Kubernetes Secret (name of secret should be the same from credentialID field):
apiVersion: v1
-kind: Secret
-metadata:
- name: k8s-user-pass
-stringData:
- username: github_user_name
- password: password_or_tokenYou can use external credential type if you want to configure authentication using Configuration As Code or Groovy Script.
To use forwarding proxy with an operator to download plugins you need to add the following environment variable to Jenkins Custom Resource (CR), e.g.:
-spec:
- master:
- containers:
- - name: jenkins-master
- env:
- - name: CURL_OPTIONS
- value: -L -x <proxy_url>In CURL_OPTIONS var you can set additional arguments to curl command.
To pull a Docker Image from private repository you can use imagePullSecrets.
Please follow the instructions on creating a secret with a docker config.
- -To use Docker Hub additional steps are required.
- -Edit the previously created secret:
-kubectl -n <namespace> edit secret <name>The .dockerconfigjson key’s value needs to be replaced with a modified version.
After modifications, it needs to be encoded as a Base64 value before setting the .dockerconfigjson key.
Example config file to modify and use:
-{
- "auths":{
- "https://index.docker.io/v1/":{
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "auth.docker.io":{
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "registry.docker.io":{
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "docker.io":{
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "https://registry-1.docker.io/v2/": {
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "registry-1.docker.io/v2/": {
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "registry-1.docker.io": {
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "https://registry-1.docker.io": {
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- }
- }
-}Backup and restore is done by a container sidecar.
- -Save to the file named pvc.yaml:
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: <pvc_name>
- namespace: <namespace>
-spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 500GiRun the following command:
-$ kubectl -n <namespace> create -f pvc.yamlapiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: <cr_name>
- namespace: <namespace>
-spec:
- master:
- securityContext:
- runAsUser: 1000
- fsGroup: 1000
- containers:
- - name: jenkins-master
- image: jenkins/jenkins:lts
- - name: backup # container responsible for the backup and restore
- env:
- - name: BACKUP_DIR
- value: /backup
- - name: JENKINS_HOME
- value: /jenkins-home
- - name: BACKUP_COUNT
- value: "3" # keep only the 2 most recent backups
- image: virtuslab/jenkins-operator-backup-pvc:v0.0.8 # look at backup/pvc directory
- imagePullPolicy: IfNotPresent
- volumeMounts:
- - mountPath: /jenkins-home # Jenkins home volume
- name: jenkins-home
- - mountPath: /backup # backup volume
- name: backup
- volumes:
- - name: backup # PVC volume where backups will be stored
- persistentVolumeClaim:
- claimName: <pvc_name>
- backup:
- containerName: backup # container name is responsible for backup
- action:
- exec:
- command:
- - /home/user/bin/backup.sh # this command is invoked on "backup" container to make backup, for example /home/user/bin/backup.sh <backup_number>, <backup_number> is passed by operator
- interval: 30 # how often make backup in seconds
- makeBackupBeforePodDeletion: true # make a backup before pod deletion
- restore:
- containerName: backup # container name is responsible for restore backup
- action:
- exec:
- command:
- - /home/user/bin/restore.sh # this command is invoked on "backup" container to make restore backup, for example /home/user/bin/restore.sh <backup_number>, <backup_number> is passed by operator
- #recoveryOnce: <backup_number> # if want to restore specific backup configure this field and then Jenkins will be restarted and desired backup will be restoredWith enough effort one can create a custom backup and restore provider -for the Jenkins Operator.
- -Two commands (e.g. scripts) are required:
- -backup.sh that takes one argument, a backup numberbackup.sh that takes one argument, a backup numberBoth scripts need to return an exit code of 0 on success and 1 or greater for failure.
One of those scripts (or the entry point of the container) needs to be responsible -for backup cleanup or rotation if required, or an external system.
- -The mechanism relies on basic Kubernetes and UNIX functionalities.
- -The backup (and restore) container runs as a sidecar in the same -Kubernetes pod as the Jenkins master.
- -Name of the backup and restore containers can be set as necessary using
-spec.backup.containerName and spec.restore.containerName.
-In most cases it will be the same container, but we allow for less common use cases.
The operator will call a backup or restore commands inside a sidecar container when necessary:
- -spec.backup.action.exec.command)
-will be called every N seconds configurable in: spec.backup.interval
-and on pod shutdown (if enabled in spec.backup.makeBackupBeforePodDeletion)
-with an integer representing the current backup number as first and only argumentspec.restore.action.exec.command)
-will be called at Jenkins startup
-with an integer representing the backup number to restore as first and only argument
-(can be overridden using spec.restore.recoveryOnce)This example shows abbreviated version of a simple AWS S3 backup implementation
-using: aws-cli, bash and kube2iam.
In addition to your normal Jenkins CustomResource some additional settings
-for backup and restore are required, e.g.:
kind: Jenkins
-apiVersion: jenkins.io/v1alpha1
-metadata:
- name: example
- namespace: jenkins
-spec:
- master:
- masterAnnotations:
- iam.amazonaws.com/role: "my-example-backup-role" # tell kube2iam where the AWS IAM role is
- containers:
- - name: jenkins-master
- ...
- - name: backup # container responsible for backup and restore
- image: quay.io/virtuslab/aws-cli:1.16.263-2
- workingDir: /home/user/bin/
- command: # our container entry point
- - sleep
- - infinity
- env:
- - name: BACKUP_BUCKET
- value: my-example-bucket # the S3 bucket name to use
- - name: BACKUP_PATH
- value: my-backup-path # the S3 bucket path prefix to use
- - name: JENKINS_HOME
- value: /jenkins-home # the path to mount jenkins home dir in the backup container
- volumeMounts:
- - mountPath: /jenkins-home # Jenkins home volume
- name: jenkins-home
- - mountPath: /home/user/bin/backup.sh
- name: backup-scripts
- subPath: backup.sh
- readOnly: true
- - mountPath: /home/user/bin/restore.sh
- name: backup-scripts
- subPath: restore.sh
- readOnly: true
- volumes:
- - name: backup-scripts
- configMap:
- defaultMode: 0754
- name: jenkins-operator-backup-s3
- securityContext: # make sure both containers use the same UID and GUID
- runAsUser: 1000
- fsGroup: 1000
- ...
- backup:
- containerName: backup # container name responsible for backup
- interval: 3600 # how often make a backup in seconds
- makeBackupBeforePodDeletion: true # trigger backup just before deleting the pod
- action:
- exec:
- command:
- # this command is invoked on "backup" container to create a backup,
- # <backup_number> is passed by operator,
- # for example /home/user/bin/backup.sh <backup_number>
- - /home/user/bin/backup.sh
- restore:
- containerName: backup # container name is responsible for restore backup
- action:
- exec:
- command:
- # this command is invoked on "backup" container to restore a backup,
- # <backup_number> is passed by operator
- # for example /home/user/bin/restore.sh <backup_number>
- - /home/user/bin/restore.sh
-# recoveryOnce: <backup_number> # if want to restore specific backup configure this field and then Jenkins will be restarted and desired backup will be restoredThe actual backup and restore scripts will be provided in a ConfigMap:
kind: ConfigMap
-apiVersion: v1
-metadata:
- name: jenkins-operator-backup-s3
- namespace: jenkins
- labels:
- app: jenkins-operator
-data:
- backup.sh: |-
- #!/bin/bash -xeu
- [[ ! $# -eq 1 ]] && echo "Usage: $0 backup_number" && exit 1;
- [[ -z "${BACKUP_BUCKET}" ]] && echo "Required 'BACKUP_BUCKET' env not set" && exit 1;
- [[ -z "${BACKUP_PATH}" ]] && echo "Required 'BACKUP_PATH' env not set" && exit 1;
- [[ -z "${JENKINS_HOME}" ]] && echo "Required 'JENKINS_HOME' env not set" && exit 1;
-
- backup_number=$1
- echo "Running backup #${backup_number}"
-
- BACKUP_TMP_DIR=$(mktemp -d)
- tar -C ${JENKINS_HOME} -czf "${BACKUP_TMP_DIR}/${backup_number}.tar.gz" --exclude jobs/*/workspace* -c jobs && \
-
- aws s3 cp ${BACKUP_TMP_DIR}/${backup_number}.tar.gz s3://${BACKUP_BUCKET}/${BACKUP_PATH}/${backup_number}.tar.gz
- echo Done
-
- restore.sh: |-
- #!/bin/bash -xeu
- [[ ! $# -eq 1 ]] && echo "Usage: $0 backup_number" && exit 1
- [[ -z "${BACKUP_BUCKET}" ]] && echo "Required 'BACKUP_BUCKET' env not set" && exit 1;
- [[ -z "${BACKUP_PATH}" ]] && echo "Required 'BACKUP_PATH' env not set" && exit 1;
- [[ -z "${JENKINS_HOME}" ]] && echo "Required 'JENKINS_HOME' env not set" && exit 1;
-
- backup_number=$1
- echo "Running restore #${backup_number}"
-
- BACKUP_TMP_DIR=$(mktemp -d)
- aws s3 cp s3://${BACKUP_BUCKET}/${BACKUP_PATH}/${backup_number}.tar.gz ${BACKUP_TMP_DIR}/${backup_number}.tar.gz
-
- tar -C ${JENKINS_HOME} -zxf "${BACKUP_TMP_DIR}/${backup_number}.tar.gz"
- echo DoneIn our example we will use S3 bucket lifecycle policy to keep -the number of backups under control, e.g. Cloud Formation fragment:
- Type: AWS::S3::Bucket
- Properties:
- BucketName: my-example-bucket
- ...
- LifecycleConfiguration:
- Rules:
- - Id: BackupCleanup
- Status: Enabled
- Prefix: my-backup-path
- ExpirationInDays: 7
- NoncurrentVersionExpirationInDays: 14
- AbortIncompleteMultipartUpload:
- DaysAfterInitiation: 3Jenkins can be customized with plugins. -Plugin’s configuration is applied as groovy scripts or the configuration as code plugin. -Any plugin working for Jenkins can be installed by the Jenkins Operator.
- -Pre-installed plugins: -* configuration-as-code v1.38 -* git v4.2.2 -* job-dsl v1.77 -* kubernetes-credentials-provider v0.13 -* kubernetes v1.25.2 -* workflow-aggregator v2.6 -* workflow-job v2.38
- -Rest of the plugins can be found in plugins repository.
- -Edit Custom Resource under spec.master.plugins:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- master:
- plugins:
- - name: simple-theme-plugin
- version: 0.5.1Under spec.master.basePlugins you can find plugins for a valid Jenkins Operator:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- master:
- basePlugins:
- - name: kubernetes
- version: 1.18.3
- - name: workflow-job
- version: "2.34"
- - name: workflow-aggregator
- version: "2.6"
- - name: git
- version: 3.12.0
- - name: job-dsl
- version: "1.76"
- - name: configuration-as-code
- version: "1.29"
- - name: kubernetes-credentials-provider
- version: 0.12.1You can change their versions.
- -The Jenkins Operator will then automatically install plugins after the Jenkins master pod restart.
- -By using a ConfigMap you can create your own Jenkins customized configuration.
-Then you must reference the ConfigMap in the Jenkins pod customization file in spec.groovyScripts or spec.configurationAsCode
Create a ConfigMap with specific name (eg. jenkins-operator-user-configuration). Then, modify the Jenkins manifest:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- configurationAsCode:
- configurations:
- - name: jenkins-operator-user-configuration
- groovyScripts:
- configurations:
- - name: jenkins-operator-user-configurationHere is an example of jenkins-operator-user-configuration:
apiVersion: v1
-kind: ConfigMap
-metadata:
- name: jenkins-operator-user-configuration
-data:
- 1-configure-theme.groovy: |
- import jenkins.*
- import jenkins.model.*
- import hudson.*
- import hudson.model.*
- import org.jenkinsci.plugins.simpletheme.ThemeElement
- import org.jenkinsci.plugins.simpletheme.CssTextThemeElement
- import org.jenkinsci.plugins.simpletheme.CssUrlThemeElement
-
- Jenkins jenkins = Jenkins.getInstance()
-
- def decorator = Jenkins.instance.getDescriptorByType(org.codefirst.SimpleThemeDecorator.class)
-
- List<ThemeElement> configElements = new ArrayList<>();
- configElements.add(new CssTextThemeElement("DEFAULT"));
- configElements.add(new CssUrlThemeElement("https://cdn.rawgit.com/afonsof/jenkins-material-theme/gh-pages/dist/material-light-green.css"));
- decorator.setElements(configElements);
- decorator.save();
-
- jenkins.save()
- 1-system-message.yaml: |
- jenkins:
- systemMessage: "Configuration as Code integration works!!!"*.groovy is Groovy script configuration*.yaml is configuration as codeIf you want to correct your configuration you can edit it while the Jenkins Operator is running. -Jenkins will reconcile and apply the new configuration.
- -If you configured spec.groovyScripts.secret.name, then this secret is available to use from map Groovy scripts.
-The secrets are loaded to secrets map.
Create a secret with for example the name jenkins-conf-secrets.
kind: Secret
-apiVersion: v1
-type: Opaque
-metadata:
- name: jenkins-conf-secrets
- namespace: default
-data:
- SYSTEM_MESSAGE: SGVsbG8gd29ybGQ=Then modify the Jenkins pod manifest by changing spec.groovyScripts.secret.name to jenkins-conf-secrets.
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- configurationAsCode:
- configurations:
- - name: jenkins-operator-user-configuration
- secret:
- name: jenkins-conf-secrets
- groovyScripts:
- configurations:
- - name: jenkins-operator-user-configuration
- secret:
- name: jenkins-conf-secretsNow you can test that the secret is mounted by applying this ConfigMap for Groovy script:
apiVersion: v1
-kind: ConfigMap
-metadata:
- name: jenkins-operator-user-configuration
-data:
- 1-system-message.groovy: |
- import jenkins.*
- import jenkins.model.*
- import hudson.*
- import hudson.model.*
- Jenkins jenkins = Jenkins.getInstance()
-
- jenkins.setSystemMessage(secrets["SYSTEM_MESSAGE"])
- jenkins.save()Or by applying this configuration as code:
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: jenkins-operator-user-configuration
-data:
- 1-system-message.yaml: |
- jenkins:
- systemMessage: ${SYSTEM_MESSAGE}After this, you should see the Hello world system message from the Jenkins homepage.
Once Jenkins Operator is up and running let’s deploy actual Jenkins instance.
-Create manifest e.g. jenkins_instance.yaml with following data and save it on drive.
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- master:
- containers:
- - name: jenkins-master
- image: jenkins/jenkins:lts
- imagePullPolicy: Always
- livenessProbe:
- failureThreshold: 12
- httpGet:
- path: /login
- port: http
- scheme: HTTP
- initialDelaySeconds: 80
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 5
- readinessProbe:
- failureThreshold: 3
- httpGet:
- path: /login
- port: http
- scheme: HTTP
- initialDelaySeconds: 30
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 1
- resources:
- limits:
- cpu: 1500m
- memory: 3Gi
- requests:
- cpu: "1"
- memory: 500Mi
- seedJobs:
- - id: jenkins-operator
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.gitDeploy a Jenkins to Kubernetes:
-kubectl create -f jenkins_instance.yamlWatch the Jenkins instance being created:
-kubectl get pods -wGet the Jenkins credentials:
-kubectl get secret jenkins-operator-credentials-<cr_name> -o 'jsonpath={.data.user}' | base64 -d
-kubectl get secret jenkins-operator-credentials-<cr_name> -o 'jsonpath={.data.password}' | base64 -dConnect to the Jenkins instance (minikube):
-minikube service jenkins-operator-http-<cr_name> --urlConnect to the Jenkins instance (actual Kubernetes cluster):
-kubectl port-forward jenkins-<cr_name> 8080:8080Then open browser with address http://localhost:8080.
Turn on debug in Jenkins Operator deployment:
-sed -i 's|\(args:\).*|\1\ ["--debug"\]|' deploy/operator.yaml
-kubectl apply -f deploy/operator.yamlWatch Kubernetes events:
-kubectl get events --sort-by='{.lastTimestamp}'Verify Jenkins master logs:
-kubectl logs -f jenkins-<cr_name>Verify the jenkins-operator logs:
kubectl logs deployment/jenkins-operatorDelete the Jenkins master pod and wait for the new one to come up:
-kubectl delete pod jenkins-<cr_name>This document describes a getting started guide for Jenkins Operator v0.4.x and also additional configuration.
Prepare your Kubernetes cluster and set up your kubectl access.
Once you have running Kubernetes cluster you can focus on installing Jenkins Operator according to the Installation guide.
- -Deploy production ready Jenkins Operator manifest -
-How to configure Jenkins with Operator -
-How to customize Jenkins -
-Additional configuration for Azure Kubernetes Service -
-Prevent loss of job history -
-Custom backup and restore provider -
-How to setup operator notifications. -
-Additional configuration for OpenShift -
-How to deal with Jenkins Operator problems -
-API Schema definitions for Jenkins CRD -
-Please follow this instructions to get web hook URL.
- -Create web hook secret with name jenkins-operator-notification-data. Contains key url with provided web hook URL.
$ kubectl create secret generic jenkins-operator-notification-data --from-literal=url=<webhook_url>Example configuration for Slack:
-kind: Jenkins
-spec:
- master:
- notifications:
- - level: info
- verbose: true
- name:
- slack:
- webHookURLSecretKeySelector:
- secret:
- name:
- key: Please follow this instructions to get web hook URL.
- -Example configuration for Microsoft Teams:
-kind: Jenkins
-spec:
- master:
- notifications:
- - level: info
- verbose: true
- name:
- teams:
- webHookURLSecretKeySelector:
- secret:
- name:
- key: Example configuration for Mailgun:
-kind: Jenkins
-spec:
- master:
- notifications:
- - level: info
- verbose: true
- name:
- mailgun:
- domain:
- apiKeySecretKeySelector:
- secret:
- name:
- key:
- recipient:
- from: As you see there is two debugging options:
- -level (warning/info) - Set level of messages to send.
verbose - Print stacktrace and additional error messages
You can use multiple providers to send notification to another communication channels at the same time. -For example you will send notifications to Slack and Teams.
-kind: Jenkins
-spec:
- master:
- notifications:
- - level: info
- verbose: true
- name: nslack
- slack:
- webHookURLSecretKeySelector:
- secret:
- name:
- key:
- - level: info
- verbose: true
- name: nteams
- teams:
- webHookURLSecretKeySelector:
- secret:
- name:
- key: OpenShift enforces Security Constraints Context (scc) when deploying an image. -By default, container images run in restricted scc which prevents from setting -a fixed user id to run with. You need to have ensure that you do not provide a -securityContext with a runAsUser and that your image does not use a hardcoded user.
-securityContext: {}OpenShift provides a pre-configured Jenkins image containing 3 openshift plugins for -jenkins (openshift-login-plugin, openshift-sync-plugin and openshift-client-plugin) -which allows better jenkins integration with kubernetes and OpenShift.
- -The OpenShift Jenkins image requires additional configuration to be fully enabled.
- -The following Custom Resource can be used to create a Jenkins instance using the
-OpenShift Jenkins image and sets values for:
-- `image: ‘quay.io/openshift/origin-jenkins:latest’ : This is the OpenShift Jenkins image.
serviceAccount: to allow oauth authentication to work, the service account needs
-a specific annotation pointing to the route exposing the jenkins service. Here,
-the route is named jenkins-route
OPENSHIFT_ENABLE_OAUTH environment variable for the master container is set to true.
Here is a complete Jenkins CR allowing the deployment of the Jenkins OpenShift image.
-apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- annotations:
- jenkins.io/openshift-mode: 'true'
- name: jenkins
-spec:
- serviceAccount:
- annotations:
- serviceaccounts.openshift.io/oauth-redirectreference.jenkins: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"jenkins-route"}}'
- master:
- containers:
- - name: jenkins-master
- image: 'quay.io/openshift/origin-jenkins:latest'
- command:
- - /usr/bin/go-init
- - '-main'
- - /usr/libexec/s2i/run
- env:
- - name: OPENSHIFT_ENABLE_OAUTH
- value: 'true'
- - name: OPENSHIFT_ENABLE_REDIRECT_PROMPT
- value: 'true'
- - name: DISABLE_ADMINISTRATIVE_MONITORS
- value: 'false'
- - name: KUBERNETES_MASTER
- value: 'https://kubernetes.default:443'
- - name: KUBERNETES_TRUST_CERTIFICATES
- value: 'true'
- - name: JENKINS_SERVICE_NAME
- value: jenkins-operator-http-jenkins
- - name: JNLP_SERVICE_NAME
- value: jenkins-operator-slave-jenkins
- - name: JENKINS_UC_INSECURE
- value: 'false'
- - name: JENKINS_HOME
- value: /var/lib/jenkins
- - name: JAVA_OPTS
- value: >-
- -XX:+UnlockExperimentalVMOptions -XX:+UnlockExperimentalVMOptions
- -XX:+UseCGroupMemoryLimitForHeap -XX:MaxRAMFraction=1
- -Djenkins.install.runSetupWizard=false -Djava.awt.headless=true
- imagePullPolicy: Always
- service:
- port: 8080
- type: ClusterIP
- slaveService:
- port: 50000
- type: ClusterIPThe creation of a Route is required for the integraiton of Jenkins with
-OpenShift oauth authentication. By default, the jenkins http service is named
-jenkins-operator-http-${jenkins-cr-name}
oc create route edge jenkins-route --service=jenkins-operator-http-jenkinsNote: the route name (jenkins-route) must match the pointed route on the serviceaccount annotation.
- -After the creation of the Route. It can be used to navigate to the Jenkins Login Page and login with your Openshift Credentials.
- - - -This document contains API scheme for jenkins-operator Custom Resource Definition manifest
Packages:
--
Package v1alpha2 contains API Schema definitions for the jenkins.io v1alpha2 API group
- -Resource Types: --
Jenkins is the Schema for the jenkins API
- -| Field | -Description | -||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
-apiVersion
-string |
-
-
-jenkins.io/v1alpha2
-
- |
-||||||||||||||||||||||||
-kind
-string
- |
-Jenkins |
-||||||||||||||||||||||||
-metadata
-
-
-Kubernetes meta/v1.ObjectMeta
-
-
- |
-
-Refer to the Kubernetes API documentation for the fields of the
-metadata field.
- |
-||||||||||||||||||||||||
-spec
-
-
-JenkinsSpec
-
-
- |
-
- Spec defines the desired state of the Jenkins -- -
|
-||||||||||||||||||||||||
-status
-
-
-JenkinsStatus
-
-
- |
-
- Status defines the observed state of Jenkins - |
-
-(Appears on: -JenkinsStatus) -
--
AppliedGroovyScript is the applied groovy script in Jenkins by the operator.
- -| Field | -Description | -
|---|---|
-configurationType
-
-string
-
- |
-
- ConfigurationType is the name of the configuration type(base-groovy, user-groovy, user-casc) - |
-
-source
-
-string
-
- |
-
- Source is the name of source where is located groovy script - |
-
-name
-
-string
-
- |
-
- Name is the name of the groovy script - |
-
-hash
-
-string
-
- |
-
- Hash is the hash of the groovy script and secrets which it uses - |
-
string alias)-(Appears on: -JenkinsAPISettings) -
--
AuthorizationStrategy defines authorization strategy of the operator for the Jenkins API
- --(Appears on: -JenkinsSpec) -
--
Backup defines configuration of Jenkins backup.
- -| Field | -Description | -
|---|---|
-containerName
-
-string
-
- |
-
- ContainerName is the container name responsible for backup operation - |
-
-action
-
-
-Handler
-
-
- |
-
- Action defines action which performs backup in backup container sidecar - |
-
-interval
-
-uint64
-
- |
-
- Interval tells how often make backup in seconds -Defaults to 30. - |
-
-makeBackupBeforePodDeletion
-
-bool
-
- |
-
- MakeBackupBeforePodDeletion tells operator to make backup before Jenkins master pod deletion - |
-
-(Appears on: -Customization) -
--
ConfigMapRef is reference to Kubernetes ConfigMap.
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-- | -
-(Appears on: -JenkinsSpec) -
--
ConfigurationAsCode defines configuration of Jenkins customization via Configuration as Code Jenkins plugin.
- -| Field | -Description | -
|---|---|
-Customization
-
-
-Customization
-
-
- |
-
-
-(Members of |
-
-(Appears on: -JenkinsMaster) -
--
Container defines Kubernetes container attributes.
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-
- Name of the container specified as a DNS_LABEL. -Each container in a pod must have a unique name (DNS_LABEL). - |
-
-image
-
-string
-
- |
-
- Docker image name. -More info: https://kubernetes.io/docs/concepts/containers/images - |
-
-imagePullPolicy
-
-
-Kubernetes core/v1.PullPolicy
-
-
- |
-
- Image pull policy. -One of Always, Never, IfNotPresent. -Defaults to Always. - |
-
-resources
-
-
-Kubernetes core/v1.ResourceRequirements
-
-
- |
-
- Compute Resources required by this container. -More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - |
-
-command
-
-[]string
-
- |
-
-(Optional)
- Entrypoint array. Not executed within a shell. -The docker image’s ENTRYPOINT is used if this is not provided. -Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable -cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax -can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, -regardless of whether the variable exists or not. -More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - |
-
-args
-
-[]string
-
- |
-
-(Optional)
- Arguments to the entrypoint. -The docker image’s CMD is used if this is not provided. -Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable -cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax -can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, -regardless of whether the variable exists or not. -More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - |
-
-workingDir
-
-string
-
- |
-
-(Optional)
- Container’s working directory. -If not specified, the container runtime’s default will be used, which -might be configured in the container image. - |
-
-ports
-
-
-[]Kubernetes core/v1.ContainerPort
-
-
- |
-
-(Optional)
- List of ports to expose from the container. Exposing a port here gives -the system additional information about the network connections a -container uses, but is primarily informational. Not specifying a port here -DOES NOT prevent that port from being exposed. Any port which is -listening on the default “0.0.0.0” address inside a container will be -accessible from the network. - |
-
-envFrom
-
-
-[]Kubernetes core/v1.EnvFromSource
-
-
- |
-
-(Optional)
- List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple -sources, the value associated with the last source will take precedence. -Values defined by an Env with a duplicate key will take precedence. - |
-
-env
-
-
-[]Kubernetes core/v1.EnvVar
-
-
- |
-
-(Optional)
- List of environment variables to set in the container. - |
-
-volumeMounts
-
-
-[]Kubernetes core/v1.VolumeMount
-
-
- |
-
-(Optional)
- Pod volumes to mount into the container’s filesystem. - |
-
-livenessProbe
-
-
-Kubernetes core/v1.Probe
-
-
- |
-
-(Optional)
- Periodic probe of container liveness. -Container will be restarted if the probe fails. - |
-
-readinessProbe
-
-
-Kubernetes core/v1.Probe
-
-
- |
-
-(Optional)
- Periodic probe of container service readiness. -Container will be removed from service endpoints if the probe fails. - |
-
-lifecycle
-
-
-Kubernetes core/v1.Lifecycle
-
-
- |
-
-(Optional)
- Actions that the management system should take in response to container lifecycle events. - |
-
-securityContext
-
-
-Kubernetes core/v1.SecurityContext
-
-
- |
-
-(Optional)
- Security options the pod should run with. -More info: https://kubernetes.io/docs/concepts/policy/security-context/ -More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - |
-
-(Appears on: -ConfigurationAsCode, -GroovyScripts) -
--
Customization defines configuration of Jenkins customization.
- -| Field | -Description | -
|---|---|
-secret
-
-
-SecretRef
-
-
- |
-- | -
-configurations
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.ConfigMapRef
-
-
- |
-- | -
-(Appears on: -JenkinsSpec) -
--
GroovyScripts defines configuration of Jenkins customization via groovy scripts.
- -| Field | -Description | -
|---|---|
-Customization
-
-
-Customization
-
-
- |
-
-
-(Members of |
-
-(Appears on: -Backup, -Restore) -
--
Handler defines a specific action that should be taken.
- -| Field | -Description | -
|---|---|
-exec
-
-
-Kubernetes core/v1.ExecAction
-
-
- |
-
- Exec specifies the action to take. - |
-
-(Appears on: -JenkinsImageSpec) -
--
Defines Jenkins Plugin structure
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-- | -
-version
-
-string
-
- |
-- | -
-(Appears on: -JenkinsSpec) -
--
JenkinsAPISettings defines configuration used by the operator to gain admin access to the Jenkins API
- -| Field | -Description | -
|---|---|
-authorizationStrategy
-
-
-AuthorizationStrategy
-
-
- |
-- | -
string alias)-(Appears on: -SeedJob) -
--
JenkinsCredentialType defines type of Jenkins credential used to seed job mechanism.
- --
JenkinsImage is the Schema for the jenkinsimages API
- -| Field | -Description | -||||
|---|---|---|---|---|---|
-metadata
-
-
-Kubernetes meta/v1.ObjectMeta
-
-
- |
-
-Refer to the Kubernetes API documentation for the fields of the
-metadata field.
- |
-||||
-spec
-
-
-JenkinsImageSpec
-
-
- |
-
- - -
|
-||||
-status
-
-
-JenkinsImageStatus
-
-
- |
-- | -
-(Appears on: -JenkinsImage) -
--
JenkinsImageSpec defines the desired state of JenkinsImage
- -| Field | -Description | -
|---|---|
-image
-
-
-Image
-
-
- |
-- | -
-plugins
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.JenkinsPlugin
-
-
- |
-- | -
-(Appears on: -JenkinsImage) -
--
JenkinsImageStatus defines the observed state of JenkinsImage
- -| Field | -Description | -
|---|---|
-image
-
-string
-
- |
-- | -
-md5sum
-
-string
-
- |
-- | -
-installedPlugins
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.JenkinsPlugin
-
-
- |
-- | -
-(Appears on: -JenkinsSpec) -
--
JenkinsMaster defines the Jenkins master pod attributes and plugins, -every single change requires a Jenkins master pod restart.
- -| Field | -Description | -
|---|---|
-annotations
-
-map[string]string
-
- |
-
-(Optional)
- Annotations is an unstructured key value map stored with a resource that may be -set by external tools to store and retrieve arbitrary metadata. They are not -queryable and should be preserved when modifying objects. -More info: http://kubernetes.io/docs/user-guide/annotations - |
-
-masterAnnotations
-
-map[string]string
-
- |
-
-(Optional)
- Annotations is an unstructured key value map stored with a resource that may be -set by external tools to store and retrieve arbitrary metadata. They are not -queryable and should be preserved when modifying objects. -More info: http://kubernetes.io/docs/user-guide/annotations -Deprecated: will be removed in the future, please use Annotations(annotations) - |
-
-labels
-
-map[string]string
-
- |
-
-(Optional)
- Map of string keys and values that can be used to organize and categorize -(scope and select) objects. May match selectors of replication controllers -and services. -More info: http://kubernetes.io/docs/user-guide/labels - |
-
-nodeSelector
-
-map[string]string
-
- |
-
-(Optional)
- NodeSelector is a selector which must be true for the pod to fit on a node. -Selector which must match a node’s labels for the pod to be scheduled on that node. -More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - |
-
-securityContext
-
-
-Kubernetes core/v1.PodSecurityContext
-
-
- |
-
-(Optional)
- SecurityContext that applies to all the containers of the Jenkins -Master. As per kubernetes specification, it can be overridden -for each container individually. -Defaults to: -runAsUser: 1000 -fsGroup: 1000 - |
-
-containers
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Container
-
-
- |
-
-(Optional)
- List of containers belonging to the pod. -Containers cannot currently be added or removed. -There must be at least one container in a Pod. -Defaults to: -- image: jenkins/jenkins:lts -imagePullPolicy: Always -livenessProbe: -failureThreshold: 12 -httpGet: -path: /login -port: http -scheme: HTTP -initialDelaySeconds: 80 -periodSeconds: 10 -successThreshold: 1 -timeoutSeconds: 5 -name: jenkins-master -readinessProbe: -failureThreshold: 3 -httpGet: -path: /login -port: http -scheme: HTTP -initialDelaySeconds: 30 -periodSeconds: 10 -successThreshold: 1 -timeoutSeconds: 1 -resources: -limits: -cpu: 1500m -memory: 3Gi -requests: -cpu: “1” -memory: 600Mi - |
-
-imagePullSecrets
-
-
-[]Kubernetes core/v1.LocalObjectReference
-
-
- |
-
-(Optional)
- ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. -If specified, these secrets will be passed to individual puller implementations for them to use. For example, -in the case of docker, only DockerConfig type secrets are honored. -More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod - |
-
-volumes
-
-
-[]Kubernetes core/v1.Volume
-
-
- |
-
-(Optional)
- List of volumes that can be mounted by containers belonging to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes - |
-
-tolerations
-
-
-[]Kubernetes core/v1.Toleration
-
-
- |
-
-(Optional)
- If specified, the pod’s tolerations. - |
-
-basePlugins
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Plugin
-
-
- |
-
-(Optional)
- BasePlugins contains plugins required by operator -Defaults to : -- name: kubernetes -version: 1.25.2 -- name: workflow-job -version: “2.39” -- name: workflow-aggregator -version: “2.6” -- name: git -version: 4.2.2 -- name: job-dsl -version: “1.77” -- name: configuration-as-code -version: “1.38” -- name: kubernetes-credentials-provider -version: 0.13 - |
-
-plugins
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Plugin
-
-
- |
-
-(Optional)
- Plugins contains plugins required by user - |
-
-disableCSRFProtection
-
-bool
-
- |
-
- DisableCSRFProtection allows you to toggle CSRF Protection on Jenkins - |
-
-priorityClassName
-
-string
-
- |
-
-(Optional)
- PriorityClassName for Jenkins master pod - |
-
-(Appears on: -JenkinsImageSpec, -JenkinsImageStatus) -
--
Defines Jenkins Plugin structure
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-- | -
-version
-
-string
-
- |
-- | -
-(Appears on: -Jenkins) -
--
JenkinsSpec defines the desired state of the Jenkins.
- -| Field | -Description | -
|---|---|
-master
-
-
-JenkinsMaster
-
-
- |
-
- Master represents Jenkins master pod properties and Jenkins plugins. -Every single change here requires a pod restart. - |
-
-seedJobs
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.SeedJob
-
-
- |
-
-(Optional)
- SeedJobs defines list of Jenkins Seed Job configurations -More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configuration#configure-seed-jobs-and-pipelines - |
-
-notifications
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Notification
-
-
- |
-
-(Optional)
- Notifications defines list of a services which are used to inform about Jenkins status -Can be used to integrate chat services like Slack, Microsoft Teams or Mailgun - |
-
-service
-
-
-Service
-
-
- |
-
-(Optional)
- Service is Kubernetes service of Jenkins master HTTP pod -Defaults to : -port: 8080 -type: ClusterIP - |
-
-slaveService
-
-
-Service
-
-
- |
-
-(Optional)
- Service is Kubernetes service of Jenkins slave pods -Defaults to : -port: 50000 -type: ClusterIP - |
-
-backup
-
-
-Backup
-
-
- |
-
-(Optional)
- Backup defines configuration of Jenkins backup -More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configure-backup-and-restore/ - |
-
-restore
-
-
-Restore
-
-
- |
-
-(Optional)
- Backup defines configuration of Jenkins backup restore -More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configure-backup-and-restore/ - |
-
-groovyScripts
-
-
-GroovyScripts
-
-
- |
-
-(Optional)
- GroovyScripts defines configuration of Jenkins customization via groovy scripts - |
-
-configurationAsCode
-
-
-ConfigurationAsCode
-
-
- |
-
-(Optional)
- ConfigurationAsCode defines configuration of Jenkins customization via Configuration as Code Jenkins plugin - |
-
-roles
-
-
-[]Kubernetes rbac/v1.RoleRef
-
-
- |
-
-(Optional)
- Roles defines list of extra RBAC roles for the Jenkins Master pod service account - |
-
-serviceAccount
-
-
-ServiceAccount
-
-
- |
-
-(Optional)
- ServiceAccount defines Jenkins master service account attributes - |
-
-jenkinsAPISettings
-
-
-JenkinsAPISettings
-
-
- |
-
- JenkinsAPISettings defines configuration used by the operator to gain admin access to the Jenkins API - |
-
-(Appears on: -Jenkins) -
--
JenkinsStatus defines the observed state of Jenkins
- -| Field | -Description | -
|---|---|
-operatorVersion
-
-string
-
- |
-
-(Optional)
- OperatorVersion is the operator version which manages this CR - |
-
-provisionStartTime
-
-
-Kubernetes meta/v1.Time
-
-
- |
-
-(Optional)
- ProvisionStartTime is a time when Jenkins master pod has been created - |
-
-baseConfigurationCompletedTime
-
-
-Kubernetes meta/v1.Time
-
-
- |
-
-(Optional)
- BaseConfigurationCompletedTime is a time when Jenkins base configuration phase has been completed - |
-
-userConfigurationCompletedTime
-
-
-Kubernetes meta/v1.Time
-
-
- |
-
-(Optional)
- UserConfigurationCompletedTime is a time when Jenkins user configuration phase has been completed - |
-
-restoredBackup
-
-uint64
-
- |
-
-(Optional)
- RestoredBackup is the restored backup number after Jenkins master pod restart - |
-
-lastBackup
-
-uint64
-
- |
-
-(Optional)
- LastBackup is the latest backup number - |
-
-pendingBackup
-
-uint64
-
- |
-
-(Optional)
- PendingBackup is the pending backup number - |
-
-backupDoneBeforePodDeletion
-
-bool
-
- |
-
-(Optional)
- BackupDoneBeforePodDeletion tells if backup before pod deletion has been made - |
-
-userAndPasswordHash
-
-string
-
- |
-
-(Optional)
- UserAndPasswordHash is a SHA256 hash made from user and password - |
-
-createdSeedJobs
-
-[]string
-
- |
-
-(Optional)
- CreatedSeedJobs contains list of seed job id already created in Jenkins - |
-
-appliedGroovyScripts
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.AppliedGroovyScript
-
-
- |
-
-(Optional)
- AppliedGroovyScripts is a list with all applied groovy scripts in Jenkins by the operator - |
-
-(Appears on: -Notification) -
--
Mailgun is handler for Mailgun email service notification channel.
- -| Field | -Description | -
|---|---|
-domain
-
-string
-
- |
-- | -
-apiKeySecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-- | -
-recipient
-
-string
-
- |
-- | -
-from
-
-string
-
- |
-- | -
-(Appears on: -Notification) -
--
MicrosoftTeams is handler for Microsoft MicrosoftTeams notification channel.
- -| Field | -Description | -
|---|---|
-webHookURLSecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-
- The web hook URL to MicrosoftTeams App - |
-
-(Appears on: -JenkinsSpec) -
--
Notification is a service configuration used to send notifications about Jenkins status.
- -| Field | -Description | -
|---|---|
-level
-
-
-NotificationLevel
-
-
- |
-- | -
-verbose
-
-bool
-
- |
-- | -
-name
-
-string
-
- |
-- | -
-slack
-
-
-github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Slack
-
-
- |
-- | -
-teams
-
-
-github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.MicrosoftTeams
-
-
- |
-- | -
-mailgun
-
-
-github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Mailgun
-
-
- |
-- | -
-smtp
-
-
-github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.SMTP
-
-
- |
-- | -
string alias)-(Appears on: -Notification) -
--
NotificationLevel defines the level of a Notification.
- --(Appears on: -JenkinsMaster) -
--
Plugin defines Jenkins plugin.
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-
- Name is the name of Jenkins plugin - |
-
-version
-
-string
-
- |
-
- Version is the version of Jenkins plugin - |
-
-downloadURL
-
-string
-
- |
-
- DownloadURL is the custom url from where plugin has to be downloaded. - |
-
-(Appears on: -JenkinsSpec) -
--
Restore defines configuration of Jenkins backup restore operation.
- -| Field | -Description | -
|---|---|
-containerName
-
-string
-
- |
-
- ContainerName is the container name responsible for restore backup operation - |
-
-action
-
-
-Handler
-
-
- |
-
- Action defines action which performs restore backup in restore container sidecar - |
-
-recoveryOnce
-
-uint64
-
- |
-
-(Optional)
- RecoveryOnce if want to restore specific backup set this field and then Jenkins will be restarted and desired backup will be restored - |
-
-(Appears on: -Notification) -
--
SMTP is handler for sending emails via this protocol.
- -| Field | -Description | -
|---|---|
-usernameSecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-- | -
-passwordSecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-- | -
-port
-
-int
-
- |
-- | -
-server
-
-string
-
- |
-- | -
-tlsInsecureSkipVerify
-
-bool
-
- |
-- | -
-from
-
-string
-
- |
-- | -
-to
-
-string
-
- |
-- | -
-(Appears on: -Mailgun, -MicrosoftTeams, -SMTP, -Slack) -
--
SecretKeySelector selects a key of a Secret.
- -| Field | -Description | -
|---|---|
-secret
-
-
-Kubernetes core/v1.LocalObjectReference
-
-
- |
-
- The name of the secret in the pod’s namespace to select from. - |
-
-key
-
-string
-
- |
-
- The key of the secret to select from. Must be a valid secret key. - |
-
-(Appears on: -Customization) -
--
SecretRef is reference to Kubernetes secret.
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-- | -
-(Appears on: -JenkinsSpec) -
--
SeedJob defines configuration for seed job -More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configuration/#configure-seed-jobs-and-pipelines.
- -| Field | -Description | -
|---|---|
-id
-
-string
-
- |
-
- ID is the unique seed job name - |
-
-credentialID
-
-string
-
- |
-
- CredentialID is the Kubernetes secret name which stores repository access credentials - |
-
-description
-
-string
-
- |
-
-(Optional)
- Description is the description of the seed job - |
-
-targets
-
-string
-
- |
-
- Targets is the repository path where are seed job definitions - |
-
-repositoryBranch
-
-string
-
- |
-
- RepositoryBranch is the repository branch where are seed job definitions - |
-
-repositoryUrl
-
-string
-
- |
-
- RepositoryURL is the repository access URL. Can be SSH or HTTPS. - |
-
-credentialType
-
-
-JenkinsCredentialType
-
-
- |
-
-(Optional)
- JenkinsCredentialType is the https://jenkinsci.github.io/kubernetes-credentials-provider-plugin/ credential type - |
-
-bitbucketPushTrigger
-
-bool
-
- |
-
-(Optional)
- BitbucketPushTrigger is used for Bitbucket web hooks - |
-
-githubPushTrigger
-
-bool
-
- |
-
-(Optional)
- GitHubPushTrigger is used for GitHub web hooks - |
-
-buildPeriodically
-
-string
-
- |
-
-(Optional)
- BuildPeriodically is setting for scheduled trigger - |
-
-pollSCM
-
-string
-
- |
-
-(Optional)
- PollSCM is setting for polling changes in SCM - |
-
-ignoreMissingFiles
-
-bool
-
- |
-
-(Optional)
- IgnoreMissingFiles is setting for Job DSL API plugin to ignore files that miss - |
-
-additionalClasspath
-
-string
-
- |
-
-(Optional)
- AdditionalClasspath is setting for Job DSL API plugin to set Additional Classpath - |
-
-failOnMissingPlugin
-
-bool
-
- |
-
-(Optional)
- FailOnMissingPlugin is setting for Job DSL API plugin that fails job if required plugin is missing - |
-
-unstableOnDeprecation
-
-bool
-
- |
-
-(Optional)
- UnstableOnDeprecation is setting for Job DSL API plugin that sets build status as unstable if build using deprecated features - |
-
-(Appears on: -JenkinsSpec) -
--
Service defines Kubernetes service attributes
- -| Field | -Description | -
|---|---|
-annotations
-
-map[string]string
-
- |
-
-(Optional)
- Annotations is an unstructured key value map stored with a resource that may be -set by external tools to store and retrieve arbitrary metadata. They are not -queryable and should be preserved when modifying objects. -More info: http://kubernetes.io/docs/user-guide/annotations - |
-
-labels
-
-map[string]string
-
- |
-
-(Optional)
- Route service traffic to pods with label keys and values matching this -selector. If empty or not present, the service is assumed to have an -external process managing its endpoints, which Kubernetes will not -modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. -Ignored if type is ExternalName. -More info: https://kubernetes.io/docs/concepts/services-networking/service/ - |
-
-type
-
-
-Kubernetes core/v1.ServiceType
-
-
- |
-
-(Optional)
- Type determines how the Service is exposed. Defaults to ClusterIP. Valid -options are ExternalName, ClusterIP, NodePort, and LoadBalancer. -“ExternalName” maps to the specified externalName. -“ClusterIP” allocates a cluster-internal IP address for load-balancing to -endpoints. Endpoints are determined by the selector or if that is not -specified, by manual construction of an Endpoints object. If clusterIP is -“None”, no virtual IP is allocated and the endpoints are published as a -set of endpoints rather than a stable IP. -“NodePort” builds on ClusterIP and allocates a port on every node which -routes to the clusterIP. -“LoadBalancer” builds on NodePort and creates an -external load-balancer (if supported in the current cloud) which routes -to the clusterIP. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services—service-types - |
-
-port
-
-int32
-
- |
-
- The port that are exposed by this service. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - |
-
-nodePort
-
-int32
-
- |
-
-(Optional)
- The port on each node on which this service is exposed when type=NodePort or LoadBalancer. -Usually assigned by the system. If specified, it will be allocated to the service -if unused or else creation of the service will fail. -Default is to auto-allocate a port if the ServiceType of this Service requires one. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - |
-
-loadBalancerSourceRanges
-
-[]string
-
- |
-
-(Optional)
- If specified and supported by the platform, this will restrict traffic through the cloud-provider -load-balancer will be restricted to the specified client IPs. This field will be ignored if the -cloud-provider does not support the feature.” -More info: https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/#restricting-cloud-metadata-api-access - |
-
-loadBalancerIP
-
-string
-
- |
-
-(Optional)
- Only applies to Service Type: LoadBalancer -LoadBalancer will get created with the IP specified in this field. -This feature depends on whether the underlying cloud-provider supports specifying -the loadBalancerIP when a load balancer is created. -This field will be ignored if the cloud-provider does not support the feature. - |
-
-(Appears on: -JenkinsSpec) -
--
ServiceAccount defines Kubernetes service account attributes
- -| Field | -Description | -
|---|---|
-annotations
-
-map[string]string
-
- |
-
-(Optional)
- Annotations is an unstructured key value map stored with a resource that may be -set by external tools to store and retrieve arbitrary metadata. They are not -queryable and should be preserved when modifying objects. -More info: http://kubernetes.io/docs/user-guide/annotations - |
-
-(Appears on: -Notification) -
--
Slack is handler for Slack notification channel.
- -| Field | -Description | -
|---|---|
-webHookURLSecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-
- The web hook URL to Slack App - |
-
-Generated with gen-crd-api-reference-docs
-on git commit 1c853e69.
-
Azure AKS managed Kubernetes service adds to every pod the following environment variables:
-- name: KUBERNETES_PORT_443_TCP_ADDR
- value:
-- name: KUBERNETES_PORT
- value: tcp://
-- name: KUBERNETES_PORT_443_TCP
- value: tcp://
-- name: KUBERNETES_SERVICE_HOST
- value:The operator is aware of it and omits these environment variables when checking if a Jenkins pod environment has been changed. It prevents the -restart of a Jenkins pod over and over again.
- - - -Jenkins operator uses job-dsl and kubernetes-credentials-provider plugins for configuring jobs -and deploy keys.
- -First you have to prepare pipelines and job definition in your GitHub repository using the following structure:
-cicd/
-├── jobs
-│ └── k8s.jenkins
-└── pipelines
- └── k8s.jenkinscicd/jobs/k8s.jenkins is a job definition:
#!/usr/bin/env groovy
-
-pipelineJob('k8s-e2e') {
- displayName('Kubernetes Plugin E2E Test')
-
- logRotator {
- numToKeep(10)
- daysToKeep(30)
- }
-
- configure { project ->
- project / 'properties' / 'org.jenkinsci.plugins.workflow.job.properties.DurabilityHintJobProperty' {
- hint('PERFORMANCE_OPTIMIZED')
- }
- }
-
- definition {
- cpsScm {
- scm {
- git {
- remote {
- url('https://github.com/jenkinsci/kubernetes-operator.git')
- credentials('jenkins-operator')
- }
- branches('*/master')
- }
- }
- scriptPath('cicd/pipelines/k8s.jenkins')
- }
- }
-}cicd/pipelines/k8s.jenkins is an actual Jenkins pipeline:
#!/usr/bin/env groovy
-
-def label = "k8s-${UUID.randomUUID().toString()}"
-def home = "/home/jenkins"
-def workspace = "${home}/workspace/build-jenkins-operator"
-def workdir = "${workspace}/src/github.com/jenkinsci/kubernetes-operator/"
-
-podTemplate(label: label,
- containers: [
- containerTemplate(name: 'alpine', image: 'alpine:3.11', ttyEnabled: true, command: 'cat'),
- ],
- ) {
- node(label) {
- stage('Run shell') {
- container('alpine') {
- sh 'echo "hello world"'
- }
- }
- }
-}Jenkins Seed Jobs are configured using Jenkins.spec.seedJobs section from your custom resource manifest:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- seedJobs:
- - id: jenkins-operator
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.gitJenkins Operator will automatically discover and configure all the seed jobs.
- -You can verify if deploy keys were successfully configured in the Jenkins Credentials tab.
- -
You can verify if your pipelines were successfully configured in the Jenkins Seed Job console output.
- -
If your GitHub repository is private you have to configure SSH or username/password authentication.
- -There are two methods of SSH private key generation:
-$ openssl genrsa -out <filename> 2048or
-$ ssh-keygen -t rsa -b 2048
-$ ssh-keygen -p -f <filename> -m pemThen copy content from generated file.
- -If you want to upload your public key to your Git server you need to extract it.
- -If key was generated by openssl then you need to type this to extract public key:
$ openssl rsa -in <filename> -pubout > <filename>.pubIf key was generated by ssh-keygen the public key content is located in
Configure a seed job like this:
-apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- seedJobs:
- - id: jenkins-operator-ssh
- credentialType: basicSSHUserPrivateKey
- credentialID: k8s-ssh
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: git@github.com:jenkinsci/kubernetes-operator.gitand create a Kubernetes Secret (name of secret should be the same from credentialID field):
apiVersion: v1
-kind: Secret
-metadata:
- name: k8s-ssh
- labels:
- "jenkins.io/credentials-type": "basicSSHUserPrivateKey"
- annotations:
- "jenkins.io/credentials-description" : "ssh github.com:jenkinsci/kubernetes-operator"
-stringData:
- privateKey: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIJKAIBAAKCAgEAxxDpleJjMCN5nusfW/AtBAZhx8UVVlhhhIKXvQ+dFODQIdzO
- oDXybs1zVHWOj31zqbbJnsfsVZ9Uf3p9k6xpJ3WFY9b85WasqTDN1xmSd6swD4N8
- ...
- username: github_user_nameConfigure the seed job like:
-apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- seedJobs:
- - id: jenkins-operator-user-pass
- credentialType: usernamePassword
- credentialID: k8s-user-pass
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.gitand create a Kubernetes Secret (name of secret should be the same from credentialID field):
apiVersion: v1
-kind: Secret
-metadata:
- name: k8s-user-pass
-stringData:
- username: github_user_name
- password: password_or_tokenYou can use external credential type if you want to configure authentication using Configuration As Code or Groovy Script.
Example:
-apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- seedJobs:
- - id: jenkins-operator-external
- credentialType: external
- credentialID: k8s-external
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.gitRemember that credentialID must match the id of the credentials configured in Jenkins. Consult the
-Jenkins docs for using credentials for details.
To use forwarding proxy with an operator to download plugins you need to add the following environment variable to Jenkins Custom Resource (CR), e.g.:
-spec:
- master:
- containers:
- - name: jenkins-master
- env:
- - name: CURL_OPTIONS
- value: -L -x <proxy_url>In CURL_OPTIONS var you can set additional arguments to curl command.
To pull a Docker Image from private repository you can use imagePullSecrets.
Please follow the instructions on creating a secret with a docker config.
- -To use Docker Hub additional steps are required.
- -Edit the previously created secret:
-kubectl -n <namespace> edit secret <name>The .dockerconfigjson key’s value needs to be replaced with a modified version.
After modifications, it needs to be encoded as a Base64 value before setting the .dockerconfigjson key.
Example config file to modify and use:
-{
- "auths":{
- "https://index.docker.io/v1/":{
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "auth.docker.io":{
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "registry.docker.io":{
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "docker.io":{
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "https://registry-1.docker.io/v2/": {
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "registry-1.docker.io/v2/": {
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "registry-1.docker.io": {
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "https://registry-1.docker.io": {
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- }
- }
-}Backup and restore is done by a container sidecar.
- -Save to the file named pvc.yaml:
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: <pvc_name>
- namespace: <namespace>
-spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 500GiRun the following command:
-$ kubectl -n <namespace> create -f pvc.yamlapiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: <cr_name>
- namespace: <namespace>
-spec:
- master:
- securityContext:
- runAsUser: 1000
- fsGroup: 1000
- containers:
- - name: jenkins-master
- image: jenkins/jenkins:2.263.2-lts-alpine
- - name: backup # container responsible for the backup and restore
- env:
- - name: BACKUP_DIR
- value: /backup
- - name: JENKINS_HOME
- value: /jenkins-home
- - name: BACKUP_COUNT
- value: "3" # keep only the 2 most recent backups
- image: virtuslab/jenkins-operator-backup-pvc:v0.1.0 # look at backup/pvc directory
- imagePullPolicy: IfNotPresent
- volumeMounts:
- - mountPath: /jenkins-home # Jenkins home volume
- name: jenkins-home
- - mountPath: /backup # backup volume
- name: backup
- volumes:
- - name: backup # PVC volume where backups will be stored
- persistentVolumeClaim:
- claimName: <pvc_name>
- backup:
- containerName: backup # container name is responsible for backup
- action:
- exec:
- command:
- - /home/user/bin/backup.sh # this command is invoked on "backup" container to make backup, for example /home/user/bin/backup.sh <backup_number>, <backup_number> is passed by operator
- interval: 30 # how often make backup in seconds
- makeBackupBeforePodDeletion: true # make a backup before pod deletion
- restore:
- containerName: backup # container name is responsible for restore backup
- action:
- exec:
- command:
- - /home/user/bin/restore.sh # this command is invoked on "backup" container to make restore backup, for example /home/user/bin/restore.sh <backup_number>, <backup_number> is passed by operator
- getLatestAction:
- exec:
- command:
- - /home/user/bin/get-latest.sh # this command is invoked on "backup" container to get last backup number before pod deletion; not having it in the CR may cause loss of data
- #recoveryOnce: <backup_number> # if want to restore specific backup configure this field and then Jenkins will be restarted and desired backup will be restoredWith enough effort one can create a custom backup and restore provider -for the Jenkins Operator.
- -Two commands (e.g. scripts) are required:
- -backup.sh that takes one argument, a backup numberbackup.sh that takes one argument, a backup numberBoth scripts need to return an exit code of 0 on success and 1 or greater for failure.
One of those scripts (or the entry point of the container) needs to be responsible -for backup cleanup or rotation if required, or an external system.
- -The mechanism relies on basic Kubernetes and UNIX functionalities.
- -The backup (and restore) container runs as a sidecar in the same -Kubernetes pod as the Jenkins master.
- -Name of the backup and restore containers can be set as necessary using
-spec.backup.containerName and spec.restore.containerName.
-In most cases it will be the same container, but we allow for less common use cases.
The operator will call a backup or restore commands inside a sidecar container when necessary:
- -spec.backup.action.exec.command)
-will be called every N seconds configurable in: spec.backup.interval
-and on pod shutdown (if enabled in spec.backup.makeBackupBeforePodDeletion)
-with an integer representing the current backup number as first and only argumentspec.restore.action.exec.command)
-will be called at Jenkins startup
-with an integer representing the backup number to restore as first and only argument
-(can be overridden using spec.restore.recoveryOnce)This example shows abbreviated version of a simple AWS S3 backup implementation
-using: aws-cli, bash and kube2iam.
In addition to your normal Jenkins CustomResource some additional settings
-for backup and restore are required, e.g.:
kind: Jenkins
-apiVersion: jenkins.io/v1alpha1
-metadata:
- name: example
- namespace: jenkins
-spec:
- master:
- masterAnnotations:
- iam.amazonaws.com/role: "my-example-backup-role" # tell kube2iam where the AWS IAM role is
- containers:
- - name: jenkins-master
- ...
- - name: backup # container responsible for backup and restore
- image: quay.io/virtuslab/aws-cli:1.16.263-2
- workingDir: /home/user/bin/
- command: # our container entry point
- - sleep
- - infinity
- env:
- - name: BACKUP_BUCKET
- value: my-example-bucket # the S3 bucket name to use
- - name: BACKUP_PATH
- value: my-backup-path # the S3 bucket path prefix to use
- - name: JENKINS_HOME
- value: /jenkins-home # the path to mount jenkins home dir in the backup container
- volumeMounts:
- - mountPath: /jenkins-home # Jenkins home volume
- name: jenkins-home
- - mountPath: /home/user/bin/backup.sh
- name: backup-scripts
- subPath: backup.sh
- readOnly: true
- - mountPath: /home/user/bin/restore.sh
- name: backup-scripts
- subPath: restore.sh
- readOnly: true
- volumes:
- - name: backup-scripts
- configMap:
- defaultMode: 0754
- name: jenkins-operator-backup-s3
- securityContext: # make sure both containers use the same UID and GUID
- runAsUser: 1000
- fsGroup: 1000
- ...
- backup:
- containerName: backup # container name responsible for backup
- interval: 3600 # how often make a backup in seconds
- makeBackupBeforePodDeletion: true # trigger backup just before deleting the pod
- action:
- exec:
- command:
- # this command is invoked on "backup" container to create a backup,
- # <backup_number> is passed by operator,
- # for example /home/user/bin/backup.sh <backup_number>
- - /home/user/bin/backup.sh
- restore:
- containerName: backup # container name is responsible for restore backup
- action:
- exec:
- command:
- # this command is invoked on "backup" container to restore a backup,
- # <backup_number> is passed by operator
- # for example /home/user/bin/restore.sh <backup_number>
- - /home/user/bin/restore.sh
-# recoveryOnce: <backup_number> # if want to restore specific backup configure this field and then Jenkins will be restarted and desired backup will be restoredThe actual backup and restore scripts will be provided in a ConfigMap:
kind: ConfigMap
-apiVersion: v1
-metadata:
- name: jenkins-operator-backup-s3
- namespace: jenkins
- labels:
- app: jenkins-operator
-data:
- backup.sh: |-
- #!/bin/bash -xeu
- [[ ! $# -eq 1 ]] && echo "Usage: $0 backup_number" && exit 1;
- [[ -z "${BACKUP_BUCKET}" ]] && echo "Required 'BACKUP_BUCKET' env not set" && exit 1;
- [[ -z "${BACKUP_PATH}" ]] && echo "Required 'BACKUP_PATH' env not set" && exit 1;
- [[ -z "${JENKINS_HOME}" ]] && echo "Required 'JENKINS_HOME' env not set" && exit 1;
-
- backup_number=$1
- echo "Running backup #${backup_number}"
-
- BACKUP_TMP_DIR=$(mktemp -d)
- tar -C ${JENKINS_HOME} -czf "${BACKUP_TMP_DIR}/${backup_number}.tar.gz" --exclude jobs/*/workspace* -c jobs && \
-
- aws s3 cp ${BACKUP_TMP_DIR}/${backup_number}.tar.gz s3://${BACKUP_BUCKET}/${BACKUP_PATH}/${backup_number}.tar.gz
- echo Done
-
- restore.sh: |-
- #!/bin/bash -xeu
- [[ ! $# -eq 1 ]] && echo "Usage: $0 backup_number" && exit 1
- [[ -z "${BACKUP_BUCKET}" ]] && echo "Required 'BACKUP_BUCKET' env not set" && exit 1;
- [[ -z "${BACKUP_PATH}" ]] && echo "Required 'BACKUP_PATH' env not set" && exit 1;
- [[ -z "${JENKINS_HOME}" ]] && echo "Required 'JENKINS_HOME' env not set" && exit 1;
-
- backup_number=$1
- echo "Running restore #${backup_number}"
-
- BACKUP_TMP_DIR=$(mktemp -d)
- aws s3 cp s3://${BACKUP_BUCKET}/${BACKUP_PATH}/${backup_number}.tar.gz ${BACKUP_TMP_DIR}/${backup_number}.tar.gz
-
- tar -C ${JENKINS_HOME} -zxf "${BACKUP_TMP_DIR}/${backup_number}.tar.gz"
- echo DoneIn our example we will use S3 bucket lifecycle policy to keep -the number of backups under control, e.g. Cloud Formation fragment:
- Type: AWS::S3::Bucket
- Properties:
- BucketName: my-example-bucket
- ...
- LifecycleConfiguration:
- Rules:
- - Id: BackupCleanup
- Status: Enabled
- Prefix: my-backup-path
- ExpirationInDays: 7
- NoncurrentVersionExpirationInDays: 14
- AbortIncompleteMultipartUpload:
- DaysAfterInitiation: 3Jenkins can be customized with plugins. -Plugin’s configuration is applied as groovy scripts or the configuration as code plugin. -Any plugin working for Jenkins can be installed by the Jenkins Operator.
- -Pre-installed plugins:
- -Rest of the plugins can be found in plugins repository.
- -Edit Custom Resource under spec.master.plugins:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- master:
- plugins:
- - name: simple-theme-plugin
- version: "0.6"Under spec.master.basePlugins you can find plugins for a valid Jenkins Operator:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- master:
- basePlugins:
- - name: kubernetes
- version: "1.30.0"
- - name: workflow-job
- version: "2.40"
- - name: workflow-aggregator
- version: "2.6"
- - name: git
- version: "4.7.2"
- - name: job-dsl
- version: "1.77"
- - name: configuration-as-code
- version: "1.51"
- - name: kubernetes-credentials-provider
- version: "0.18-1"You can change their versions.
- -The Jenkins Operator will then automatically install plugins after the Jenkins master pod restart.
- -By using a ConfigMap you can create your own Jenkins customized configuration.
-Then you must reference the ConfigMap in the Jenkins pod customization file in spec.groovyScripts or spec.configurationAsCode
Create a ConfigMap with specific name (eg. jenkins-operator-user-configuration). Then, modify the Jenkins manifest:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- configurationAsCode:
- configurations:
- - name: jenkins-operator-user-configuration
- groovyScripts:
- configurations:
- - name: jenkins-operator-user-configurationHere is an example of jenkins-operator-user-configuration:
apiVersion: v1
-kind: ConfigMap
-metadata:
- name: jenkins-operator-user-configuration
-data:
- 1-configure-theme.groovy: |
- import jenkins.*
- import jenkins.model.*
- import hudson.*
- import hudson.model.*
- import org.jenkinsci.plugins.simpletheme.ThemeElement
- import org.jenkinsci.plugins.simpletheme.CssTextThemeElement
- import org.jenkinsci.plugins.simpletheme.CssUrlThemeElement
-
- Jenkins jenkins = Jenkins.getInstance()
-
- def decorator = Jenkins.instance.getDescriptorByType(org.codefirst.SimpleThemeDecorator.class)
-
- List<ThemeElement> configElements = new ArrayList<>();
- configElements.add(new CssTextThemeElement("DEFAULT"));
- configElements.add(new CssUrlThemeElement("https://cdn.rawgit.com/afonsof/jenkins-material-theme/gh-pages/dist/material-light-green.css"));
- decorator.setElements(configElements);
- decorator.save();
-
- jenkins.save()
- 1-system-message.yaml: |
- jenkins:
- systemMessage: "Configuration as Code integration works!!!"*.groovy is Groovy script configuration*.yaml is configuration as codeIf you want to correct your configuration you can edit it while the Jenkins Operator is running. -Jenkins will reconcile and apply the new configuration.
- -If you configured spec.groovyScripts.secret.name, then this secret is available to use from map Groovy scripts.
-The secrets are loaded to secrets map.
Create a secret with for example the name jenkins-conf-secrets.
kind: Secret
-apiVersion: v1
-type: Opaque
-metadata:
- name: jenkins-conf-secrets
- namespace: default
-data:
- SYSTEM_MESSAGE: SGVsbG8gd29ybGQ=Then modify the Jenkins pod manifest by changing spec.groovyScripts.secret.name to jenkins-conf-secrets.
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- configurationAsCode:
- configurations:
- - name: jenkins-operator-user-configuration
- secret:
- name: jenkins-conf-secrets
- groovyScripts:
- configurations:
- - name: jenkins-operator-user-configuration
- secret:
- name: jenkins-conf-secretsNow you can test that the secret is mounted by applying this ConfigMap for Groovy script:
apiVersion: v1
-kind: ConfigMap
-metadata:
- name: jenkins-operator-user-configuration
-data:
- 1-system-message.groovy: |
- import jenkins.*
- import jenkins.model.*
- import hudson.*
- import hudson.model.*
- Jenkins jenkins = Jenkins.getInstance()
-
- jenkins.setSystemMessage(secrets["SYSTEM_MESSAGE"])
- jenkins.save()Or by applying this configuration as code:
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: jenkins-operator-user-configuration
-data:
- 1-system-message.yaml: |
- jenkins:
- systemMessage: ${SYSTEM_MESSAGE}After this, you should see the Hello world system message from the Jenkins homepage.
Once Jenkins Operator is up and running let’s deploy actual Jenkins instance.
-Create manifest e.g. jenkins_instance.yaml with following data and save it on drive.
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- master:
- containers:
- - name: jenkins-master
- image: jenkins/jenkins:2.277.4-lts-alpine
- imagePullPolicy: Always
- livenessProbe:
- failureThreshold: 12
- httpGet:
- path: /login
- port: http
- scheme: HTTP
- initialDelaySeconds: 80
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 5
- readinessProbe:
- failureThreshold: 3
- httpGet:
- path: /login
- port: http
- scheme: HTTP
- initialDelaySeconds: 30
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 1
- resources:
- limits:
- cpu: 1500m
- memory: 3Gi
- requests:
- cpu: "1"
- memory: 500Mi
- seedJobs:
- - id: jenkins-operator
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.gitDeploy a Jenkins to Kubernetes:
-kubectl create -f jenkins_instance.yamlWatch the Jenkins instance being created:
-kubectl get pods -wGet the Jenkins credentials:
-kubectl get secret jenkins-operator-credentials-<cr_name> -o 'jsonpath={.data.user}' | base64 -d
-kubectl get secret jenkins-operator-credentials-<cr_name> -o 'jsonpath={.data.password}' | base64 -dConnect to the Jenkins instance (minikube):
-minikube service jenkins-operator-http-<cr_name> --urlConnect to the Jenkins instance (actual Kubernetes cluster):
-kubectl port-forward jenkins-<cr_name> 8080:8080Then open browser with address http://localhost:8080.
Turn on debug in Jenkins Operator deployment:
-sed -i 's|\(args:\).*|\1\ ["--debug"\]|' deploy/operator.yaml
-kubectl apply -f deploy/operator.yamlWatch Kubernetes events:
-kubectl get events --sort-by='{.lastTimestamp}'Verify Jenkins master logs:
-kubectl logs -f jenkins-<cr_name>Verify the jenkins-operator logs:
kubectl logs deployment/jenkins-operatorDelete the Jenkins master pod and wait for the new one to come up:
-kubectl delete pod jenkins-<cr_name>This document describes a getting started guide for Jenkins Operator v0.5.x and also additional configuration.
Prepare your Kubernetes cluster and set up your kubectl access.
Once you have running Kubernetes cluster you can focus on installing Jenkins Operator according to the Installation guide.
- -Deploy production ready Jenkins Operator manifest -
-How to configure Jenkins with Operator -
-How to customize Jenkins -
-Prevent loss of job history -
-Additional configuration for Azure Kubernetes Service -
-Custom backup and restore provider -
-How to setup operator notifications. -
-Additional configuration for OpenShift -
-How to deal with Jenkins Operator problems -
-API Schema definitions for Jenkins CRD -
-Please follow this instructions to get web hook URL.
- -Create web hook secret with name jenkins-operator-notification-data. Contains key url with provided web hook URL.
$ kubectl create secret generic jenkins-operator-notification-data --from-literal=url=<webhook_url>Example configuration for Slack:
-kind: Jenkins
-spec:
- master:
- notifications:
- - level: info
- verbose: true
- name:
- slack:
- webHookURLSecretKeySelector:
- secret:
- name:
- key: Please follow this instructions to get web hook URL.
- -Example configuration for Microsoft Teams:
-kind: Jenkins
-spec:
- master:
- notifications:
- - level: info
- verbose: true
- name:
- teams:
- webHookURLSecretKeySelector:
- secret:
- name:
- key: Example configuration for Mailgun:
-kind: Jenkins
-spec:
- master:
- notifications:
- - level: info
- verbose: true
- name:
- mailgun:
- domain:
- apiKeySecretKeySelector:
- secret:
- name:
- key:
- recipient:
- from: As you see there is two debugging options:
- -level (warning/info) - Set level of messages to send.
verbose - Print stacktrace and additional error messages
You can use multiple providers to send notification to another communication channels at the same time. -For example you will send notifications to Slack and Teams.
-kind: Jenkins
-spec:
- master:
- notifications:
- - level: info
- verbose: true
- name: nslack
- slack:
- webHookURLSecretKeySelector:
- secret:
- name:
- key:
- - level: info
- verbose: true
- name: nteams
- teams:
- webHookURLSecretKeySelector:
- secret:
- name:
- key: OpenShift enforces Security Constraints Context (scc) when deploying an image. -By default, container images run in restricted scc which prevents from setting -a fixed user id to run with. You need to have ensure that you do not provide a -securityContext with a runAsUser and that your image does not use a hardcoded user.
-securityContext: {}OpenShift provides a pre-configured Jenkins image containing 3 openshift plugins for -jenkins (openshift-login-plugin, openshift-sync-plugin and openshift-client-plugin) -which allows better jenkins integration with kubernetes and OpenShift.
- -The OpenShift Jenkins image requires additional configuration to be fully enabled.
- -The following Custom Resource can be used to create a Jenkins instance using the
-OpenShift Jenkins image and sets values for:
-- `image: ‘quay.io/openshift/origin-jenkins:latest’ : This is the OpenShift Jenkins image.
serviceAccount: to allow oauth authentication to work, the service account needs
-a specific annotation pointing to the route exposing the jenkins service. Here,
-the route is named jenkins-route
OPENSHIFT_ENABLE_OAUTH environment variable for the master container is set to true.
Here is a complete Jenkins CR allowing the deployment of the Jenkins OpenShift image.
-apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- annotations:
- jenkins.io/openshift-mode: 'true'
- name: jenkins
-spec:
- serviceAccount:
- annotations:
- serviceaccounts.openshift.io/oauth-redirectreference.jenkins: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"jenkins-route"}}'
- master:
- containers:
- - name: jenkins-master
- image: 'quay.io/openshift/origin-jenkins:latest'
- command:
- - /usr/bin/go-init
- - '-main'
- - /usr/libexec/s2i/run
- env:
- - name: OPENSHIFT_ENABLE_OAUTH
- value: 'true'
- - name: OPENSHIFT_ENABLE_REDIRECT_PROMPT
- value: 'true'
- - name: DISABLE_ADMINISTRATIVE_MONITORS
- value: 'false'
- - name: KUBERNETES_MASTER
- value: 'https://kubernetes.default:443'
- - name: KUBERNETES_TRUST_CERTIFICATES
- value: 'true'
- - name: JENKINS_SERVICE_NAME
- value: jenkins-operator-http-jenkins
- - name: JNLP_SERVICE_NAME
- value: jenkins-operator-slave-jenkins
- - name: JENKINS_UC_INSECURE
- value: 'false'
- - name: JENKINS_HOME
- value: /var/lib/jenkins
- - name: JAVA_OPTS
- value: >-
- -XX:+UnlockExperimentalVMOptions -XX:+UnlockExperimentalVMOptions
- -XX:+UseCGroupMemoryLimitForHeap -XX:MaxRAMFraction=1
- -Djenkins.install.runSetupWizard=false -Djava.awt.headless=true
- imagePullPolicy: Always
- service:
- port: 8080
- type: ClusterIP
- slaveService:
- port: 50000
- type: ClusterIPThe creation of a Route is required for the integraiton of Jenkins with
-OpenShift oauth authentication. By default, the jenkins http service is named
-jenkins-operator-http-${jenkins-cr-name}
oc create route edge jenkins-route --service=jenkins-operator-http-jenkinsNote: the route name (jenkins-route) must match the pointed route on the serviceaccount annotation.
- -After the creation of the Route. It can be used to navigate to the Jenkins Login Page and login with your Openshift Credentials.
- - - -This document contains API scheme for jenkins-operator Custom Resource Definition manifest
Packages:
--
Package v1alpha2 contains API Schema definitions for the jenkins.io v1alpha2 API group
- -Resource Types: --
Jenkins is the Schema for the jenkins API
- -| Field | -Description | -||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
-apiVersion
-string |
-
-
-jenkins.io/v1alpha2
-
- |
-||||||||||||||||||||||||
-kind
-string
- |
-Jenkins |
-||||||||||||||||||||||||
-metadata
-
-
-Kubernetes meta/v1.ObjectMeta
-
-
- |
-
-Refer to the Kubernetes API documentation for the fields of the
-metadata field.
- |
-||||||||||||||||||||||||
-spec
-
-
-JenkinsSpec
-
-
- |
-
- Spec defines the desired state of the Jenkins -- -
|
-||||||||||||||||||||||||
-status
-
-
-JenkinsStatus
-
-
- |
-
- Status defines the observed state of Jenkins - |
-
-(Appears on: -JenkinsStatus) -
--
AppliedGroovyScript is the applied groovy script in Jenkins by the operator.
- -| Field | -Description | -
|---|---|
-configurationType
-
-string
-
- |
-
- ConfigurationType is the name of the configuration type(base-groovy, user-groovy, user-casc) - |
-
-source
-
-string
-
- |
-
- Source is the name of source where is located groovy script - |
-
-name
-
-string
-
- |
-
- Name is the name of the groovy script - |
-
-hash
-
-string
-
- |
-
- Hash is the hash of the groovy script and secrets which it uses - |
-
string alias)-(Appears on: -JenkinsAPISettings) -
--
AuthorizationStrategy defines authorization strategy of the operator for the Jenkins API
- --(Appears on: -JenkinsSpec) -
--
Backup defines configuration of Jenkins backup.
- -| Field | -Description | -
|---|---|
-containerName
-
-string
-
- |
-
- ContainerName is the container name responsible for backup operation - |
-
-action
-
-
-Handler
-
-
- |
-
- Action defines action which performs backup in backup container sidecar - |
-
-interval
-
-uint64
-
- |
-
- Interval tells how often make backup in seconds -Defaults to 30. - |
-
-makeBackupBeforePodDeletion
-
-bool
-
- |
-
- MakeBackupBeforePodDeletion tells operator to make backup before Jenkins master pod deletion - |
-
-(Appears on: -Customization) -
--
ConfigMapRef is reference to Kubernetes ConfigMap.
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-- | -
-(Appears on: -JenkinsSpec) -
--
ConfigurationAsCode defines configuration of Jenkins customization via Configuration as Code Jenkins plugin.
- -| Field | -Description | -
|---|---|
-Customization
-
-
-Customization
-
-
- |
-
-
-(Members of |
-
-(Appears on: -JenkinsMaster) -
--
Container defines Kubernetes container attributes.
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-
- Name of the container specified as a DNS_LABEL. -Each container in a pod must have a unique name (DNS_LABEL). - |
-
-image
-
-string
-
- |
-
- Docker image name. -More info: https://kubernetes.io/docs/concepts/containers/images - |
-
-imagePullPolicy
-
-
-Kubernetes core/v1.PullPolicy
-
-
- |
-
- Image pull policy. -One of Always, Never, IfNotPresent. -Defaults to Always. - |
-
-resources
-
-
-Kubernetes core/v1.ResourceRequirements
-
-
- |
-
- Compute Resources required by this container. -More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - |
-
-command
-
-[]string
-
- |
-
-(Optional)
- Entrypoint array. Not executed within a shell. -The docker image’s ENTRYPOINT is used if this is not provided. -Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable -cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax -can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, -regardless of whether the variable exists or not. -More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - |
-
-args
-
-[]string
-
- |
-
-(Optional)
- Arguments to the entrypoint. -The docker image’s CMD is used if this is not provided. -Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable -cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax -can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, -regardless of whether the variable exists or not. -More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - |
-
-workingDir
-
-string
-
- |
-
-(Optional)
- Container’s working directory. -If not specified, the container runtime’s default will be used, which -might be configured in the container image. - |
-
-ports
-
-
-[]Kubernetes core/v1.ContainerPort
-
-
- |
-
-(Optional)
- List of ports to expose from the container. Exposing a port here gives -the system additional information about the network connections a -container uses, but is primarily informational. Not specifying a port here -DOES NOT prevent that port from being exposed. Any port which is -listening on the default “0.0.0.0” address inside a container will be -accessible from the network. - |
-
-envFrom
-
-
-[]Kubernetes core/v1.EnvFromSource
-
-
- |
-
-(Optional)
- List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple -sources, the value associated with the last source will take precedence. -Values defined by an Env with a duplicate key will take precedence. - |
-
-env
-
-
-[]Kubernetes core/v1.EnvVar
-
-
- |
-
-(Optional)
- List of environment variables to set in the container. - |
-
-volumeMounts
-
-
-[]Kubernetes core/v1.VolumeMount
-
-
- |
-
-(Optional)
- Pod volumes to mount into the container’s filesystem. - |
-
-livenessProbe
-
-
-Kubernetes core/v1.Probe
-
-
- |
-
-(Optional)
- Periodic probe of container liveness. -Container will be restarted if the probe fails. - |
-
-readinessProbe
-
-
-Kubernetes core/v1.Probe
-
-
- |
-
-(Optional)
- Periodic probe of container service readiness. -Container will be removed from service endpoints if the probe fails. - |
-
-lifecycle
-
-
-Kubernetes core/v1.Lifecycle
-
-
- |
-
-(Optional)
- Actions that the management system should take in response to container lifecycle events. - |
-
-securityContext
-
-
-Kubernetes core/v1.SecurityContext
-
-
- |
-
-(Optional)
- Security options the pod should run with. -More info: https://kubernetes.io/docs/concepts/policy/security-context/ -More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - |
-
-(Appears on: -ConfigurationAsCode, -GroovyScripts) -
--
Customization defines configuration of Jenkins customization.
- -| Field | -Description | -
|---|---|
-secret
-
-
-SecretRef
-
-
- |
-- | -
-configurations
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.ConfigMapRef
-
-
- |
-- | -
-(Appears on: -JenkinsSpec) -
--
GroovyScripts defines configuration of Jenkins customization via groovy scripts.
- -| Field | -Description | -
|---|---|
-Customization
-
-
-Customization
-
-
- |
-
-
-(Members of |
-
-(Appears on: -Backup, -Restore) -
--
Handler defines a specific action that should be taken.
- -| Field | -Description | -
|---|---|
-exec
-
-
-Kubernetes core/v1.ExecAction
-
-
- |
-
- Exec specifies the action to take. - |
-
-(Appears on: -JenkinsImageSpec) -
--
Defines Jenkins Plugin structure
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-- | -
-version
-
-string
-
- |
-- | -
-(Appears on: -JenkinsSpec) -
--
JenkinsAPISettings defines configuration used by the operator to gain admin access to the Jenkins API
- -| Field | -Description | -
|---|---|
-authorizationStrategy
-
-
-AuthorizationStrategy
-
-
- |
-- | -
string alias)-(Appears on: -SeedJob) -
--
JenkinsCredentialType defines type of Jenkins credential used to seed job mechanism.
- --
JenkinsImage is the Schema for the jenkinsimages API
- -| Field | -Description | -||||
|---|---|---|---|---|---|
-metadata
-
-
-Kubernetes meta/v1.ObjectMeta
-
-
- |
-
-Refer to the Kubernetes API documentation for the fields of the
-metadata field.
- |
-||||
-spec
-
-
-JenkinsImageSpec
-
-
- |
-
- - -
|
-||||
-status
-
-
-JenkinsImageStatus
-
-
- |
-- | -
-(Appears on: -JenkinsImage) -
--
JenkinsImageSpec defines the desired state of JenkinsImage
- -| Field | -Description | -
|---|---|
-image
-
-
-Image
-
-
- |
-- | -
-plugins
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.JenkinsPlugin
-
-
- |
-- | -
-(Appears on: -JenkinsImage) -
--
JenkinsImageStatus defines the observed state of JenkinsImage
- -| Field | -Description | -
|---|---|
-image
-
-string
-
- |
-- | -
-md5sum
-
-string
-
- |
-- | -
-installedPlugins
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.JenkinsPlugin
-
-
- |
-- | -
-(Appears on: -JenkinsSpec) -
--
JenkinsMaster defines the Jenkins master pod attributes and plugins, -every single change requires a Jenkins master pod restart.
- -| Field | -Description | -
|---|---|
-annotations
-
-map[string]string
-
- |
-
-(Optional)
- Annotations is an unstructured key value map stored with a resource that may be -set by external tools to store and retrieve arbitrary metadata. They are not -queryable and should be preserved when modifying objects. -More info: http://kubernetes.io/docs/user-guide/annotations - |
-
-masterAnnotations
-
-map[string]string
-
- |
-
-(Optional)
- Annotations is an unstructured key value map stored with a resource that may be -set by external tools to store and retrieve arbitrary metadata. They are not -queryable and should be preserved when modifying objects. -More info: http://kubernetes.io/docs/user-guide/annotations -Deprecated: will be removed in the future, please use Annotations(annotations) - |
-
-labels
-
-map[string]string
-
- |
-
-(Optional)
- Map of string keys and values that can be used to organize and categorize -(scope and select) objects. May match selectors of replication controllers -and services. -More info: http://kubernetes.io/docs/user-guide/labels - |
-
-nodeSelector
-
-map[string]string
-
- |
-
-(Optional)
- NodeSelector is a selector which must be true for the pod to fit on a node. -Selector which must match a node’s labels for the pod to be scheduled on that node. -More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - |
-
-securityContext
-
-
-Kubernetes core/v1.PodSecurityContext
-
-
- |
-
-(Optional)
- SecurityContext that applies to all the containers of the Jenkins -Master. As per kubernetes specification, it can be overridden -for each container individually. -Defaults to: -runAsUser: 1000 -fsGroup: 1000 - |
-
-containers
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Container
-
-
- |
-
-(Optional)
- List of containers belonging to the pod. -Containers cannot currently be added or removed. -There must be at least one container in a Pod. -Defaults to: -- image: jenkins/jenkins:lts -imagePullPolicy: Always -livenessProbe: -failureThreshold: 12 -httpGet: -path: /login -port: http -scheme: HTTP -initialDelaySeconds: 80 -periodSeconds: 10 -successThreshold: 1 -timeoutSeconds: 5 -name: jenkins-master -readinessProbe: -failureThreshold: 3 -httpGet: -path: /login -port: http -scheme: HTTP -initialDelaySeconds: 30 -periodSeconds: 10 -successThreshold: 1 -timeoutSeconds: 1 -resources: -limits: -cpu: 1500m -memory: 3Gi -requests: -cpu: “1” -memory: 600Mi - |
-
-imagePullSecrets
-
-
-[]Kubernetes core/v1.LocalObjectReference
-
-
- |
-
-(Optional)
- ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. -If specified, these secrets will be passed to individual puller implementations for them to use. For example, -in the case of docker, only DockerConfig type secrets are honored. -More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod - |
-
-volumes
-
-
-[]Kubernetes core/v1.Volume
-
-
- |
-
-(Optional)
- List of volumes that can be mounted by containers belonging to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes - |
-
-tolerations
-
-
-[]Kubernetes core/v1.Toleration
-
-
- |
-
-(Optional)
- If specified, the pod’s tolerations. - |
-
-basePlugins
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Plugin
-
-
- |
-
-(Optional)
- BasePlugins contains plugins required by operator -Defaults to : -- name: kubernetes -version: “1.28.6” -- name: workflow-job -version: “2.40” -- name: workflow-aggregator -version: “2.6” -- name: git -version: “4.5.0” -- name: job-dsl -version: “1.77” -- name: configuration-as-code -version: “1.46” -- name: kubernetes-credentials-provider -version: “0.15” - |
-
-plugins
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Plugin
-
-
- |
-
-(Optional)
- Plugins contains plugins required by user - |
-
-disableCSRFProtection
-
-bool
-
- |
-
- DisableCSRFProtection allows you to toggle CSRF Protection on Jenkins - |
-
-priorityClassName
-
-string
-
- |
-
-(Optional)
- PriorityClassName for Jenkins master pod - |
-
-(Appears on: -JenkinsImageSpec, -JenkinsImageStatus) -
--
Defines Jenkins Plugin structure
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-- | -
-version
-
-string
-
- |
-- | -
-(Appears on: -Jenkins) -
--
JenkinsSpec defines the desired state of the Jenkins.
- -| Field | -Description | -
|---|---|
-master
-
-
-JenkinsMaster
-
-
- |
-
- Master represents Jenkins master pod properties and Jenkins plugins. -Every single change here requires a pod restart. - |
-
-seedJobs
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.SeedJob
-
-
- |
-
-(Optional)
- SeedJobs defines list of Jenkins Seed Job configurations -More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configuration#configure-seed-jobs-and-pipelines - |
-
-notifications
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Notification
-
-
- |
-
-(Optional)
- Notifications defines list of a services which are used to inform about Jenkins status -Can be used to integrate chat services like Slack, Microsoft Teams or Mailgun - |
-
-service
-
-
-Service
-
-
- |
-
-(Optional)
- Service is Kubernetes service of Jenkins master HTTP pod -Defaults to : -port: 8080 -type: ClusterIP - |
-
-slaveService
-
-
-Service
-
-
- |
-
-(Optional)
- Service is Kubernetes service of Jenkins slave pods -Defaults to : -port: 50000 -type: ClusterIP - |
-
-backup
-
-
-Backup
-
-
- |
-
-(Optional)
- Backup defines configuration of Jenkins backup -More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configure-backup-and-restore/ - |
-
-restore
-
-
-Restore
-
-
- |
-
-(Optional)
- Backup defines configuration of Jenkins backup restore -More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configure-backup-and-restore/ - |
-
-groovyScripts
-
-
-GroovyScripts
-
-
- |
-
-(Optional)
- GroovyScripts defines configuration of Jenkins customization via groovy scripts - |
-
-configurationAsCode
-
-
-ConfigurationAsCode
-
-
- |
-
-(Optional)
- ConfigurationAsCode defines configuration of Jenkins customization via Configuration as Code Jenkins plugin - |
-
-roles
-
-
-[]Kubernetes rbac/v1.RoleRef
-
-
- |
-
-(Optional)
- Roles defines list of extra RBAC roles for the Jenkins Master pod service account - |
-
-serviceAccount
-
-
-ServiceAccount
-
-
- |
-
-(Optional)
- ServiceAccount defines Jenkins master service account attributes - |
-
-jenkinsAPISettings
-
-
-JenkinsAPISettings
-
-
- |
-
- JenkinsAPISettings defines configuration used by the operator to gain admin access to the Jenkins API - |
-
-(Appears on: -Jenkins) -
--
JenkinsStatus defines the observed state of Jenkins
- -| Field | -Description | -
|---|---|
-operatorVersion
-
-string
-
- |
-
-(Optional)
- OperatorVersion is the operator version which manages this CR - |
-
-provisionStartTime
-
-
-Kubernetes meta/v1.Time
-
-
- |
-
-(Optional)
- ProvisionStartTime is a time when Jenkins master pod has been created - |
-
-baseConfigurationCompletedTime
-
-
-Kubernetes meta/v1.Time
-
-
- |
-
-(Optional)
- BaseConfigurationCompletedTime is a time when Jenkins base configuration phase has been completed - |
-
-userConfigurationCompletedTime
-
-
-Kubernetes meta/v1.Time
-
-
- |
-
-(Optional)
- UserConfigurationCompletedTime is a time when Jenkins user configuration phase has been completed - |
-
-restoredBackup
-
-uint64
-
- |
-
-(Optional)
- RestoredBackup is the restored backup number after Jenkins master pod restart - |
-
-lastBackup
-
-uint64
-
- |
-
-(Optional)
- LastBackup is the latest backup number - |
-
-pendingBackup
-
-uint64
-
- |
-
-(Optional)
- PendingBackup is the pending backup number - |
-
-backupDoneBeforePodDeletion
-
-bool
-
- |
-
-(Optional)
- BackupDoneBeforePodDeletion tells if backup before pod deletion has been made - |
-
-userAndPasswordHash
-
-string
-
- |
-
-(Optional)
- UserAndPasswordHash is a SHA256 hash made from user and password - |
-
-createdSeedJobs
-
-[]string
-
- |
-
-(Optional)
- CreatedSeedJobs contains list of seed job id already created in Jenkins - |
-
-appliedGroovyScripts
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.AppliedGroovyScript
-
-
- |
-
-(Optional)
- AppliedGroovyScripts is a list with all applied groovy scripts in Jenkins by the operator - |
-
-(Appears on: -Notification) -
--
Mailgun is handler for Mailgun email service notification channel.
- -| Field | -Description | -
|---|---|
-domain
-
-string
-
- |
-- | -
-apiKeySecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-- | -
-recipient
-
-string
-
- |
-- | -
-from
-
-string
-
- |
-- | -
-(Appears on: -Notification) -
--
MicrosoftTeams is handler for Microsoft MicrosoftTeams notification channel.
- -| Field | -Description | -
|---|---|
-webHookURLSecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-
- The web hook URL to MicrosoftTeams App - |
-
-(Appears on: -JenkinsSpec) -
--
Notification is a service configuration used to send notifications about Jenkins status.
- -| Field | -Description | -
|---|---|
-level
-
-
-NotificationLevel
-
-
- |
-- | -
-verbose
-
-bool
-
- |
-- | -
-name
-
-string
-
- |
-- | -
-slack
-
-
-github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Slack
-
-
- |
-- | -
-teams
-
-
-github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.MicrosoftTeams
-
-
- |
-- | -
-mailgun
-
-
-github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Mailgun
-
-
- |
-- | -
-smtp
-
-
-github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.SMTP
-
-
- |
-- | -
string alias)-(Appears on: -Notification) -
--
NotificationLevel defines the level of a Notification.
- --(Appears on: -JenkinsMaster) -
--
Plugin defines Jenkins plugin.
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-
- Name is the name of Jenkins plugin - |
-
-version
-
-string
-
- |
-
- Version is the version of Jenkins plugin - |
-
-downloadURL
-
-string
-
- |
-
- DownloadURL is the custom url from where plugin has to be downloaded. - |
-
-(Appears on: -JenkinsSpec) -
--
Restore defines configuration of Jenkins backup restore operation.
- -| Field | -Description | -
|---|---|
-containerName
-
-string
-
- |
-
- ContainerName is the container name responsible for restore backup operation - |
-
-action
-
-
-Handler
-
-
- |
-
- Action defines action which performs restore backup in restore container sidecar - |
-
-getLatestAction
-
-
-Handler
-
-
- |
-
-(Optional)
- GetLatestAction defines action which returns the latest backup number. If there is no backup “-1” should be -returned. - |
-
-recoveryOnce
-
-uint64
-
- |
-
-(Optional)
- RecoveryOnce if want to restore specific backup set this field and then Jenkins will be restarted and desired backup will be restored - |
-
-(Appears on: -Notification) -
--
SMTP is handler for sending emails via this protocol.
- -| Field | -Description | -
|---|---|
-usernameSecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-- | -
-passwordSecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-- | -
-port
-
-int
-
- |
-- | -
-server
-
-string
-
- |
-- | -
-tlsInsecureSkipVerify
-
-bool
-
- |
-- | -
-from
-
-string
-
- |
-- | -
-to
-
-string
-
- |
-- | -
-(Appears on: -Mailgun, -MicrosoftTeams, -SMTP, -Slack) -
--
SecretKeySelector selects a key of a Secret.
- -| Field | -Description | -
|---|---|
-secret
-
-
-Kubernetes core/v1.LocalObjectReference
-
-
- |
-
- The name of the secret in the pod’s namespace to select from. - |
-
-key
-
-string
-
- |
-
- The key of the secret to select from. Must be a valid secret key. - |
-
-(Appears on: -Customization) -
--
SecretRef is reference to Kubernetes secret.
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-- | -
-(Appears on: -JenkinsSpec) -
--
SeedJob defines configuration for seed job -More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configuration/#configure-seed-jobs-and-pipelines.
- -| Field | -Description | -
|---|---|
-id
-
-string
-
- |
-
- ID is the unique seed job name - |
-
-credentialID
-
-string
-
- |
-
- CredentialID is the Kubernetes secret name which stores repository access credentials - |
-
-description
-
-string
-
- |
-
-(Optional)
- Description is the description of the seed job - |
-
-targets
-
-string
-
- |
-
- Targets is the repository path where are seed job definitions - |
-
-repositoryBranch
-
-string
-
- |
-
- RepositoryBranch is the repository branch where are seed job definitions - |
-
-repositoryUrl
-
-string
-
- |
-
- RepositoryURL is the repository access URL. Can be SSH or HTTPS. - |
-
-credentialType
-
-
-JenkinsCredentialType
-
-
- |
-
-(Optional)
- JenkinsCredentialType is the https://jenkinsci.github.io/kubernetes-credentials-provider-plugin/ credential type - |
-
-bitbucketPushTrigger
-
-bool
-
- |
-
-(Optional)
- BitbucketPushTrigger is used for Bitbucket web hooks - |
-
-githubPushTrigger
-
-bool
-
- |
-
-(Optional)
- GitHubPushTrigger is used for GitHub web hooks - |
-
-buildPeriodically
-
-string
-
- |
-
-(Optional)
- BuildPeriodically is setting for scheduled trigger - |
-
-pollSCM
-
-string
-
- |
-
-(Optional)
- PollSCM is setting for polling changes in SCM - |
-
-ignoreMissingFiles
-
-bool
-
- |
-
-(Optional)
- IgnoreMissingFiles is setting for Job DSL API plugin to ignore files that miss - |
-
-additionalClasspath
-
-string
-
- |
-
-(Optional)
- AdditionalClasspath is setting for Job DSL API plugin to set Additional Classpath - |
-
-failOnMissingPlugin
-
-bool
-
- |
-
-(Optional)
- FailOnMissingPlugin is setting for Job DSL API plugin that fails job if required plugin is missing - |
-
-unstableOnDeprecation
-
-bool
-
- |
-
-(Optional)
- UnstableOnDeprecation is setting for Job DSL API plugin that sets build status as unstable if build using deprecated features - |
-
-(Appears on: -JenkinsSpec) -
--
Service defines Kubernetes service attributes
- -| Field | -Description | -
|---|---|
-annotations
-
-map[string]string
-
- |
-
-(Optional)
- Annotations is an unstructured key value map stored with a resource that may be -set by external tools to store and retrieve arbitrary metadata. They are not -queryable and should be preserved when modifying objects. -More info: http://kubernetes.io/docs/user-guide/annotations - |
-
-labels
-
-map[string]string
-
- |
-
-(Optional)
- Route service traffic to pods with label keys and values matching this -selector. If empty or not present, the service is assumed to have an -external process managing its endpoints, which Kubernetes will not -modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. -Ignored if type is ExternalName. -More info: https://kubernetes.io/docs/concepts/services-networking/service/ - |
-
-type
-
-
-Kubernetes core/v1.ServiceType
-
-
- |
-
-(Optional)
- Type determines how the Service is exposed. Defaults to ClusterIP. Valid -options are ExternalName, ClusterIP, NodePort, and LoadBalancer. -“ExternalName” maps to the specified externalName. -“ClusterIP” allocates a cluster-internal IP address for load-balancing to -endpoints. Endpoints are determined by the selector or if that is not -specified, by manual construction of an Endpoints object. If clusterIP is -“None”, no virtual IP is allocated and the endpoints are published as a -set of endpoints rather than a stable IP. -“NodePort” builds on ClusterIP and allocates a port on every node which -routes to the clusterIP. -“LoadBalancer” builds on NodePort and creates an -external load-balancer (if supported in the current cloud) which routes -to the clusterIP. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services—service-types - |
-
-port
-
-int32
-
- |
-
- The port that are exposed by this service. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - |
-
-nodePort
-
-int32
-
- |
-
-(Optional)
- The port on each node on which this service is exposed when type=NodePort or LoadBalancer. -Usually assigned by the system. If specified, it will be allocated to the service -if unused or else creation of the service will fail. -Default is to auto-allocate a port if the ServiceType of this Service requires one. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - |
-
-loadBalancerSourceRanges
-
-[]string
-
- |
-
-(Optional)
- If specified and supported by the platform, this will restrict traffic through the cloud-provider -load-balancer will be restricted to the specified client IPs. This field will be ignored if the -cloud-provider does not support the feature.” -More info: https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/#restricting-cloud-metadata-api-access - |
-
-loadBalancerIP
-
-string
-
- |
-
-(Optional)
- Only applies to Service Type: LoadBalancer -LoadBalancer will get created with the IP specified in this field. -This feature depends on whether the underlying cloud-provider supports specifying -the loadBalancerIP when a load balancer is created. -This field will be ignored if the cloud-provider does not support the feature. - |
-
-(Appears on: -JenkinsSpec) -
--
ServiceAccount defines Kubernetes service account attributes
- -| Field | -Description | -
|---|---|
-annotations
-
-map[string]string
-
- |
-
-(Optional)
- Annotations is an unstructured key value map stored with a resource that may be -set by external tools to store and retrieve arbitrary metadata. They are not -queryable and should be preserved when modifying objects. -More info: http://kubernetes.io/docs/user-guide/annotations - |
-
-(Appears on: -Notification) -
--
Slack is handler for Slack notification channel.
- -| Field | -Description | -
|---|---|
-webHookURLSecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-
- The web hook URL to Slack App - |
-
-Generated with gen-crd-api-reference-docs
-on git commit fe81e5a.
-
Azure AKS managed Kubernetes service adds to every pod the following environment variables:
-- name: KUBERNETES_PORT_443_TCP_ADDR
- value:
-- name: KUBERNETES_PORT
- value: tcp://
-- name: KUBERNETES_PORT_443_TCP
- value: tcp://
-- name: KUBERNETES_SERVICE_HOST
- value:The operator is aware of it and omits these environment variables when checking if a Jenkins pod environment has been changed. It prevents the -restart of a Jenkins pod over and over again.
- - - --- -Because of Jenkins Operator’s architecture, the configuration of Jenkins should be done using ConfigurationAsCode -or GroovyScripts and jobs should be defined as SeedJobs. It means that there is no point in backing up any job configuration -up. Therefore, the backup script makes a copy of jobs history only.
-
Backup and restore is done by a container sidecar.
- -Save to the file named pvc.yaml:
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: <pvc_name>
- namespace: <namespace>
-spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 500GiRun the following command:
-$ kubectl -n <namespace> create -f pvc.yamlapiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: <cr_name>
- namespace: <namespace>
-spec:
- master:
- securityContext:
- runAsUser: 1000
- fsGroup: 1000
- containers:
- - name: jenkins-master
- image: jenkins/jenkins:2.277.4-lts-alpine
- - name: backup # container responsible for the backup and restore
- env:
- - name: BACKUP_DIR
- value: /backup
- - name: JENKINS_HOME
- value: /jenkins-home
- - name: BACKUP_COUNT
- value: "3" # keep only the 2 most recent backups
- image: virtuslab/jenkins-operator-backup-pvc:v0.1.0 # look at backup/pvc directory
- imagePullPolicy: IfNotPresent
- volumeMounts:
- - mountPath: /jenkins-home # Jenkins home volume
- name: jenkins-home
- - mountPath: /backup # backup volume
- name: backup
- volumes:
- - name: backup # PVC volume where backups will be stored
- persistentVolumeClaim:
- claimName: <pvc_name>
- backup:
- containerName: backup # container name is responsible for backup
- action:
- exec:
- command:
- - /home/user/bin/backup.sh # this command is invoked on "backup" container to make backup, for example /home/user/bin/backup.sh <backup_number>, <backup_number> is passed by operator
- getLatestAction:
- exec:
- command:
- - /home/user/bin/get-latest.sh # this command is invoked on "backup" container to get last backup number before pod deletion; not having it in the CR may cause loss of data
- interval: 30 # how often make backup in seconds
- makeBackupBeforePodDeletion: true # make a backup before pod deletion
- restore:
- containerName: backup # container name is responsible for restore backup
- action:
- exec:
- command:
- - /home/user/bin/restore.sh # this command is invoked on "backup" container to make restore backup, for example /home/user/bin/restore.sh <backup_number>, <backup_number> is passed by operator
- #recoveryOnce: <backup_number> # if want to restore specific backup configure this field and then Jenkins will be restarted and desired backup will be restoredJenkins operator uses job-dsl and kubernetes-credentials-provider plugins for configuring jobs -and deploy keys.
- -First you have to prepare pipelines and job definition in your GitHub repository using the following structure:
-cicd/
-├── jobs
-│ └── k8s.jenkins
-└── pipelines
- └── k8s.jenkinscicd/jobs/k8s.jenkins is a job definition:
#!/usr/bin/env groovy
-
-pipelineJob('k8s-e2e') {
- displayName('Kubernetes Plugin E2E Test')
-
- logRotator {
- numToKeep(10)
- daysToKeep(30)
- }
-
- configure { project ->
- project / 'properties' / 'org.jenkinsci.plugins.workflow.job.properties.DurabilityHintJobProperty' {
- hint('PERFORMANCE_OPTIMIZED')
- }
- }
-
- definition {
- cpsScm {
- scm {
- git {
- remote {
- url('https://github.com/jenkinsci/kubernetes-operator.git')
- credentials('jenkins-operator')
- }
- branches('*/master')
- }
- }
- scriptPath('cicd/pipelines/k8s.jenkins')
- }
- }
-}cicd/pipelines/k8s.jenkins is an actual Jenkins pipeline:
#!/usr/bin/env groovy
-
-def label = "k8s-${UUID.randomUUID().toString()}"
-def home = "/home/jenkins"
-def workspace = "${home}/workspace/build-jenkins-operator"
-def workdir = "${workspace}/src/github.com/jenkinsci/kubernetes-operator/"
-
-podTemplate(label: label,
- containers: [
- containerTemplate(name: 'alpine', image: 'alpine:3.11', ttyEnabled: true, command: 'cat'),
- ],
- ) {
- node(label) {
- stage('Run shell') {
- container('alpine') {
- sh 'echo "hello world"'
- }
- }
- }
-}Jenkins Seed Jobs are configured using Jenkins.spec.seedJobs section from your custom resource manifest:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- seedJobs:
- - id: jenkins-operator
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.gitJenkins Operator will automatically discover and configure all the seed jobs.
- -You can verify if deploy keys were successfully configured in the Jenkins Credentials tab.
- -
You can verify if your pipelines were successfully configured in the Jenkins Seed Job console output.
- -
If your GitHub repository is private you have to configure SSH or username/password authentication.
- -There are two methods of SSH private key generation:
-$ openssl genrsa -out <filename> 2048or
-$ ssh-keygen -t rsa -b 2048
-$ ssh-keygen -p -f <filename> -m pemThen copy content from generated file.
- -If you want to upload your public key to your Git server you need to extract it.
- -If key was generated by openssl then you need to type this to extract public key:
$ openssl rsa -in <filename> -pubout > <filename>.pubIf key was generated by ssh-keygen the public key content is located in
Configure a seed job like this:
-apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- seedJobs:
- - id: jenkins-operator-ssh
- credentialType: basicSSHUserPrivateKey
- credentialID: k8s-ssh
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: git@github.com:jenkinsci/kubernetes-operator.gitand create a Kubernetes Secret (name of secret should be the same from credentialID field):
apiVersion: v1
-kind: Secret
-metadata:
- name: k8s-ssh
- labels:
- "jenkins.io/credentials-type": "basicSSHUserPrivateKey"
- annotations:
- "jenkins.io/credentials-description" : "ssh github.com:jenkinsci/kubernetes-operator"
-stringData:
- privateKey: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIJKAIBAAKCAgEAxxDpleJjMCN5nusfW/AtBAZhx8UVVlhhhIKXvQ+dFODQIdzO
- oDXybs1zVHWOj31zqbbJnsfsVZ9Uf3p9k6xpJ3WFY9b85WasqTDN1xmSd6swD4N8
- ...
- username: github_user_nameConfigure the seed job like:
-apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- seedJobs:
- - id: jenkins-operator-user-pass
- credentialType: usernamePassword
- credentialID: k8s-user-pass
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.gitand create a Kubernetes Secret (name of secret should be the same from credentialID field):
apiVersion: v1
-kind: Secret
-metadata:
- name: k8s-user-pass
-stringData:
- username: github_user_name
- password: password_or_tokenYou can use external credential type if you want to configure authentication using Configuration As Code or Groovy Script.
Example:
-apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- seedJobs:
- - id: jenkins-operator-external
- credentialType: external
- credentialID: k8s-external
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.gitRemember that credentialID must match the id of the credentials configured in Jenkins. Consult the
-Jenkins docs for using credentials for details.
To use forwarding proxy with an operator to download plugins you need to add the following environment variable to Jenkins Custom Resource (CR), e.g.:
-spec:
- master:
- containers:
- - name: jenkins-master
- env:
- - name: CURL_OPTIONS
- value: -L -x <proxy_url>In CURL_OPTIONS var you can set additional arguments to curl command.
To pull a Docker Image from private repository you can use imagePullSecrets.
Please follow the instructions on creating a secret with a docker config.
- -To use Docker Hub additional steps are required.
- -Edit the previously created secret:
-kubectl -n <namespace> edit secret <name>The .dockerconfigjson key’s value needs to be replaced with a modified version.
After modifications, it needs to be encoded as a Base64 value before setting the .dockerconfigjson key.
Example config file to modify and use:
-{
- "auths":{
- "https://index.docker.io/v1/":{
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "auth.docker.io":{
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "registry.docker.io":{
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "docker.io":{
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "https://registry-1.docker.io/v2/": {
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "registry-1.docker.io/v2/": {
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "registry-1.docker.io": {
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- },
- "https://registry-1.docker.io": {
- "username":"user",
- "password":"password",
- "email":"yourdockeremail@gmail.com",
- "auth":"base64 of string user:password"
- }
- }
-}With enough effort one can create a custom backup and restore provider -for the Jenkins Operator.
- -Two commands (e.g. scripts) are required:
- -backup.sh that takes one argument, a backup numberbackup.sh that takes one argument, a backup numberBoth scripts need to return an exit code of 0 on success and 1 or greater for failure.
One of those scripts (or the entry point of the container) needs to be responsible -for backup cleanup or rotation if required, or an external system.
- -The mechanism relies on basic Kubernetes and UNIX functionalities.
- -The backup (and restore) container runs as a sidecar in the same -Kubernetes pod as the Jenkins master.
- -Name of the backup and restore containers can be set as necessary using
-spec.backup.containerName and spec.restore.containerName.
-In most cases it will be the same container, but we allow for less common use cases.
The operator will call a backup or restore commands inside a sidecar container when necessary:
- -spec.backup.action.exec.command)
-will be called every N seconds configurable in: spec.backup.interval
-and on pod shutdown (if enabled in spec.backup.makeBackupBeforePodDeletion)
-with an integer representing the current backup number as first and only argumentspec.restore.action.exec.command)
-will be called at Jenkins startup
-with an integer representing the backup number to restore as first and only argument
-(can be overridden using spec.restore.recoveryOnce)This example shows abbreviated version of a simple AWS S3 backup implementation
-using: aws-cli, bash and kube2iam.
In addition to your normal Jenkins CustomResource some additional settings
-for backup and restore are required, e.g.:
kind: Jenkins
-apiVersion: jenkins.io/v1alpha1
-metadata:
- name: example
- namespace: jenkins
-spec:
- master:
- masterAnnotations:
- iam.amazonaws.com/role: "my-example-backup-role" # tell kube2iam where the AWS IAM role is
- containers:
- - name: jenkins-master
- ...
- - name: backup # container responsible for backup and restore
- image: quay.io/virtuslab/aws-cli:1.16.263-2
- workingDir: /home/user/bin/
- command: # our container entry point
- - sleep
- - infinity
- env:
- - name: BACKUP_BUCKET
- value: my-example-bucket # the S3 bucket name to use
- - name: BACKUP_PATH
- value: my-backup-path # the S3 bucket path prefix to use
- - name: JENKINS_HOME
- value: /jenkins-home # the path to mount jenkins home dir in the backup container
- volumeMounts:
- - mountPath: /jenkins-home # Jenkins home volume
- name: jenkins-home
- - mountPath: /home/user/bin/backup.sh
- name: backup-scripts
- subPath: backup.sh
- readOnly: true
- - mountPath: /home/user/bin/restore.sh
- name: backup-scripts
- subPath: restore.sh
- readOnly: true
- volumes:
- - name: backup-scripts
- configMap:
- defaultMode: 0754
- name: jenkins-operator-backup-s3
- securityContext: # make sure both containers use the same UID and GUID
- runAsUser: 1000
- fsGroup: 1000
- ...
- backup:
- containerName: backup # container name responsible for backup
- interval: 3600 # how often make a backup in seconds
- makeBackupBeforePodDeletion: true # trigger backup just before deleting the pod
- action:
- exec:
- command:
- # this command is invoked on "backup" container to create a backup,
- # <backup_number> is passed by operator,
- # for example /home/user/bin/backup.sh <backup_number>
- - /home/user/bin/backup.sh
- restore:
- containerName: backup # container name is responsible for restore backup
- action:
- exec:
- command:
- # this command is invoked on "backup" container to restore a backup,
- # <backup_number> is passed by operator
- # for example /home/user/bin/restore.sh <backup_number>
- - /home/user/bin/restore.sh
-# recoveryOnce: <backup_number> # if want to restore specific backup configure this field and then Jenkins will be restarted and desired backup will be restoredThe actual backup and restore scripts will be provided in a ConfigMap:
kind: ConfigMap
-apiVersion: v1
-metadata:
- name: jenkins-operator-backup-s3
- namespace: jenkins
- labels:
- app: jenkins-operator
-data:
- backup.sh: |-
- #!/bin/bash -xeu
- [[ ! $# -eq 1 ]] && echo "Usage: $0 backup_number" && exit 1;
- [[ -z "${BACKUP_BUCKET}" ]] && echo "Required 'BACKUP_BUCKET' env not set" && exit 1;
- [[ -z "${BACKUP_PATH}" ]] && echo "Required 'BACKUP_PATH' env not set" && exit 1;
- [[ -z "${JENKINS_HOME}" ]] && echo "Required 'JENKINS_HOME' env not set" && exit 1;
-
- backup_number=$1
- echo "Running backup #${backup_number}"
-
- BACKUP_TMP_DIR=$(mktemp -d)
- tar -C ${JENKINS_HOME} -czf "${BACKUP_TMP_DIR}/${backup_number}.tar.gz" --exclude jobs/*/workspace* -c jobs && \
-
- aws s3 cp ${BACKUP_TMP_DIR}/${backup_number}.tar.gz s3://${BACKUP_BUCKET}/${BACKUP_PATH}/${backup_number}.tar.gz
- echo Done
-
- restore.sh: |-
- #!/bin/bash -xeu
- [[ ! $# -eq 1 ]] && echo "Usage: $0 backup_number" && exit 1
- [[ -z "${BACKUP_BUCKET}" ]] && echo "Required 'BACKUP_BUCKET' env not set" && exit 1;
- [[ -z "${BACKUP_PATH}" ]] && echo "Required 'BACKUP_PATH' env not set" && exit 1;
- [[ -z "${JENKINS_HOME}" ]] && echo "Required 'JENKINS_HOME' env not set" && exit 1;
-
- backup_number=$1
- echo "Running restore #${backup_number}"
-
- BACKUP_TMP_DIR=$(mktemp -d)
- aws s3 cp s3://${BACKUP_BUCKET}/${BACKUP_PATH}/${backup_number}.tar.gz ${BACKUP_TMP_DIR}/${backup_number}.tar.gz
-
- tar -C ${JENKINS_HOME} -zxf "${BACKUP_TMP_DIR}/${backup_number}.tar.gz"
- echo DoneIn our example we will use S3 bucket lifecycle policy to keep -the number of backups under control, e.g. Cloud Formation fragment:
- Type: AWS::S3::Bucket
- Properties:
- BucketName: my-example-bucket
- ...
- LifecycleConfiguration:
- Rules:
- - Id: BackupCleanup
- Status: Enabled
- Prefix: my-backup-path
- ExpirationInDays: 7
- NoncurrentVersionExpirationInDays: 14
- AbortIncompleteMultipartUpload:
- DaysAfterInitiation: 3Jenkins can be customized with plugins. -Plugin’s configuration is applied as groovy scripts or the configuration as code plugin. -Any plugin working for Jenkins can be installed by the Jenkins Operator.
- -Pre-installed plugins:
- -Rest of the plugins can be found in plugins repository.
- -Edit Custom Resource under spec.master.plugins:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- master:
- plugins:
- - name: simple-theme-plugin
- version: "0.6"Under spec.master.basePlugins you can find plugins for a valid Jenkins Operator:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- master:
- basePlugins:
- - name: kubernetes
- version: "1.30.04"
- - name: workflow-job
- version: "2.42"
- - name: workflow-aggregator
- version: "2.6"
- - name: git
- version: "4.9.0"
- - name: job-dsl
- version: "1.77"
- - name: configuration-as-code
- version: "1.54"
- - name: kubernetes-credentials-provider
- version: "0.20"You can change their versions.
- -The Jenkins Operator will then automatically install plugins after the Jenkins master pod restart.
- -By using a ConfigMap you can create your own Jenkins customized configuration.
-Then you must reference the ConfigMap in the Jenkins pod customization file in spec.groovyScripts or spec.configurationAsCode
Create a ConfigMap with specific name (eg. jenkins-operator-user-configuration). Then, modify the Jenkins manifest:
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- configurationAsCode:
- configurations:
- - name: jenkins-operator-user-configuration
- groovyScripts:
- configurations:
- - name: jenkins-operator-user-configurationHere is an example of jenkins-operator-user-configuration:
apiVersion: v1
-kind: ConfigMap
-metadata:
- name: jenkins-operator-user-configuration
-data:
- 1-configure-theme.groovy: |
- import jenkins.*
- import jenkins.model.*
- import hudson.*
- import hudson.model.*
- import org.jenkinsci.plugins.simpletheme.ThemeElement
- import org.jenkinsci.plugins.simpletheme.CssTextThemeElement
- import org.jenkinsci.plugins.simpletheme.CssUrlThemeElement
-
- Jenkins jenkins = Jenkins.getInstance()
-
- def decorator = Jenkins.instance.getDescriptorByType(org.codefirst.SimpleThemeDecorator.class)
-
- List<ThemeElement> configElements = new ArrayList<>();
- configElements.add(new CssTextThemeElement("DEFAULT"));
- configElements.add(new CssUrlThemeElement("https://cdn.rawgit.com/afonsof/jenkins-material-theme/gh-pages/dist/material-light-green.css"));
- decorator.setElements(configElements);
- decorator.save();
-
- jenkins.save()
- 1-system-message.yaml: |
- jenkins:
- systemMessage: "Configuration as Code integration works!!!"*.groovy is Groovy script configuration*.yaml is configuration as codeIf you want to correct your configuration you can edit it while the Jenkins Operator is running. -Jenkins will reconcile and apply the new configuration.
- -If you configured spec.groovyScripts.secret.name, then this secret is available to use from map Groovy scripts.
-The secrets are loaded to secrets map.
Create a secret with for example the name jenkins-conf-secrets.
kind: Secret
-apiVersion: v1
-type: Opaque
-metadata:
- name: jenkins-conf-secrets
- namespace: default
-data:
- SYSTEM_MESSAGE: SGVsbG8gd29ybGQ=Then modify the Jenkins pod manifest by changing spec.groovyScripts.secret.name to jenkins-conf-secrets.
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- configurationAsCode:
- configurations:
- - name: jenkins-operator-user-configuration
- secret:
- name: jenkins-conf-secrets
- groovyScripts:
- configurations:
- - name: jenkins-operator-user-configuration
- secret:
- name: jenkins-conf-secretsNow you can test that the secret is mounted by applying this ConfigMap for Groovy script:
apiVersion: v1
-kind: ConfigMap
-metadata:
- name: jenkins-operator-user-configuration
-data:
- 1-system-message.groovy: |
- import jenkins.*
- import jenkins.model.*
- import hudson.*
- import hudson.model.*
- Jenkins jenkins = Jenkins.getInstance()
-
- jenkins.setSystemMessage(secrets["SYSTEM_MESSAGE"])
- jenkins.save()Or by applying this configuration as code:
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: jenkins-operator-user-configuration
-data:
- 1-system-message.yaml: |
- jenkins:
- systemMessage: ${SYSTEM_MESSAGE}After this, you should see the Hello world system message from the Jenkins homepage.
This document describes the procedure for deploying Jenkins.
- -The Operator needs to have been deployed beforehand. The procedure for deploying Jenkins described here doesn’t apply to
-installation of Operator via Helm chart unless jenkins.enabled was set to false.
-That’s because by default, installation via Helm chart also covers deploying Jenkins.
Once Jenkins Operator is up and running let’s deploy actual Jenkins instance.
-Create manifest e.g. jenkins_instance.yaml with following data and save it on drive.
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
- namespace: default
-spec:
- configurationAsCode:
- configurations: []
- secret:
- name: ""
- groovyScripts:
- configurations: []
- secret:
- name: ""
- jenkinsAPISettings:
- authorizationStrategy: createUser
- master:
- disableCSRFProtection: false
- containers:
- - name: jenkins-master
- image: jenkins/jenkins:2.277.4-lts-alpine
- imagePullPolicy: Always
- livenessProbe:
- failureThreshold: 12
- httpGet:
- path: /login
- port: http
- scheme: HTTP
- initialDelaySeconds: 100
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 5
- readinessProbe:
- failureThreshold: 10
- httpGet:
- path: /login
- port: http
- scheme: HTTP
- initialDelaySeconds: 80
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 1
- resources:
- limits:
- cpu: 1500m
- memory: 3Gi
- requests:
- cpu: "1"
- memory: 500Mi
- seedJobs:
- - id: jenkins-operator
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.gitDeploy a Jenkins to Kubernetes:
-kubectl create -f jenkins_instance.yamlWatch the Jenkins instance being created:
-kubectl get pods -wGet the Jenkins credentials:
-kubectl get secret jenkins-operator-credentials-<cr_name> -o 'jsonpath={.data.user}' | base64 -d
-kubectl get secret jenkins-operator-credentials-<cr_name> -o 'jsonpath={.data.password}' | base64 -dConnect to the Jenkins instance (minikube):
-minikube service jenkins-operator-http-<cr_name> --urlConnect to the Jenkins instance (actual Kubernetes cluster):
-kubectl port-forward jenkins-<cr_name> 8080:8080Then open browser with address http://localhost:8080.
This document describes a getting started guide for Jenkins Operator v0.6.x and also additional configuration.
Prepare your Kubernetes cluster and set up your kubectl access.
Once you have a running Kubernetes cluster you can focus on installing Jenkins Operator according to the -Installation guide.
- -How to install Jenkins Operator -
-Deploy production ready Jenkins manifest -
-How to customize Jenkins -
-How to configure Jenkins with Operator -
-Prevent loss of job history -
-How to install Jenkins and Jenkins Operator in separate namespaces -
-Custom backup and restore provider -
-Additional configuration for Azure Kubernetes Service -
-Additional configuration for LDAP -
-Additional configuration for OpenShift -
-API Schema definitions for Jenkins CRD -
-This document describes installation procedure for Jenkins Operator. -All container images can be found at virtuslab/jenkins-operator Docker Hub repository.
- -To run Jenkins Operator, you will need:
- -1.17+kubectl version 1.17+Listed below are the two ways to deploy Jenkins Operator.
- -First, install Jenkins Custom Resource Definition:
-kubectl apply -f https://raw.githubusercontent.com/jenkinsci/kubernetes-operator/master/config/crd/bases/jenkins.io_jenkins.yaml Then, install the Operator and other required resources:
-kubectl apply -f https://raw.githubusercontent.com/jenkinsci/kubernetes-operator/master/deploy/all-in-one-v1alpha2.yamlWatch Jenkins Operator instance being created:
-kubectl get pods -wNow Jenkins Operator should be up and running in the default namespace.
-For deploying Jenkins, refer to Deploy Jenkins section.
Alternatively, you can also use Helm to install the Operator (and optionally, by default, Jenkins). It requires the Helm 3+ for deployment.
- -Create a namespace for the operator:
-$ kubectl create namespace <your-namespace>To install, you need only to type these commands:
-$ helm repo add jenkins https://raw.githubusercontent.com/jenkinsci/kubernetes-operator/master/chart
-$ helm install <name> jenkins/jenkins-operator -n <your-namespace>To add custom labels and annotations, you can use values.yaml file or pass them into helm install command, e.g.:
$ helm install <name> jenkins/jenkins-operator -n <your-namespace> --set jenkins.labels.LabelKey=LabelValue,jenkins.annotations.AnnotationKey=AnnotationValueYou can further customize Jenkins using values.yaml:
-
| - | Field | -Default value | -Description | -||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
-jenkins
- |
-
- operator is section for configuring operator deployment -
|
-||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| - | Field | -Default value | -Description | -||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
- operator
- |
-
- operator is section for configuring operator deployment -
|
- ||||||||||||||||||||||||||||||||
-(Appears on: -JenkinsConfiguration) -
--Backup defines configuration of Jenkins backup. -
- -| Field | -Default value | -Description | -||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
- enabled
- |
- - true - | -- Enabled is enable/disable switch for backup feature. - | -||||||||||||
- image
- |
- - virtuslab/jenkins-operator-backup-pvc:v0.0.8 - | -- Image used by backup feature. - | -||||||||||||
- containerName
- |
- - backup - | -- Backup container name. - | -||||||||||||
- interval
- |
- - 30 - | -- Defines how often make backup in seconds. - | -||||||||||||
- makeBackupBeforePodDeletion
- |
- - true - | -- When enabled will make backup before pod deletion. - | -||||||||||||
- backupCommand
- |
- - /home/user/bin/backup.sh - | -- Backup container command. - | -||||||||||||
- restoreCommand
- |
- - /home/user/bin/restore.sh - | -- Backup restore command. - | -||||||||||||
- pvc
- |
-
- Persistent Volume Claim Kubernetes resource --
|
- |||||||||||||
- env
- |
-
--- name: BACKUP_DIR - value: /backup -- name: JENKINS_HOME - value: /jenkins-home -- name: BACKUP_COUNT - value: "3" -- |
-
- Contains container environment variables.
- PVC backup provider handles these variables: - BACKUP_DIR - path for storing backup files (default: "/backup") - JENKINS_HOME - path to jenkins home (default: "/jenkins-home") - BACKUP_COUNT - define how much recent backups will be kept - |
-
- ||||||||||||
- volumeMounts
- |
-
--- name: jenkins-home - mountPath: /jenkins-home -- mountPath: /backup - name: backup -- |
- - Holds the mount points for volumes. - | -||||||||||||
- (Appears on: - Jenkins instance configuration) -
- -| Field | -Default value | -Description | -
|---|---|---|
- configurationAsCode
- |
- - {} - | -
- ConfigurationAsCode defines configuration of Jenkins customization via Configuration as Code Jenkins plugin.
-Example: -
-- configMapName: jenkins-casc
- content: {}
-
- |
-
- groovyScripts
- |
- - {} - | -
- GroovyScripts defines configuration of Jenkins customization via groovy scripts.
- Example: -
-- configMapName: jenkins-gs
- content: {}
-
- |
-
- secretRefName
- |
- - “” - | -- secretRefName of existing secret (previously created). - | -
- secretData
- |
- - {} - | -- If secretRefName is empty, secretData creates new secret and fills with data provided in secretData. - | -
If you wish to use the newest, not yet released version of the Operator, you can use one of nightly built snapshot images, however the maintainers of this project cannot guarantee their stability.
- -You can find nightly built images by heading to virtuslab/jenkins-operator Docker Hub repository and looking for images with tag in the form of {git-hash}, {git-hash} being the hash of master branch commit that you want to use snapshot of.
Current design of the Operator puts an emphasis on creating a full GitOps flow of work for Jenkins users. -One of the key points of this design is maintaining an immutable state of Jenkins.
- -One of the prerequisites of this is an ephemeral Jenkins home directory. To achieve that, Operator mounts emptyDir Volume -(jenkins-home) as Jenkins home directory. -It is not possible to overwrite volumeMount and specify any other Volume for Jenkins home directory, -as attempting to do so will result in Operator error.
- -jenkins-home is not the only Jenkins controller pod volumeMount that is non-configurable and managed by Operator, -below is the full list of those volumeMounts:
- -Configuring LDAP is not supported out of the box, but can be achieved through -plugins and some well tuned configurations.
- -The plugin we will use is: https://plugins.jenkins.io/ldap/
- --- -Note: This is an example of how LDAP authentication can be achieved. The LDAP -plugin is from a third-party, and there may be other alternatives that suits -your use case better. Use this guide with a grain of salt.
-
LDAP server accessible from the Kubernetes cluster where your Jenkins -instance will live.
Credentials to a manager account in your AD. Jenkins Operator will use -this account to authenticate with Jenkins for health checks, seed jobs, etc.
In your Jenkins configuration, add the following plugin:
-plugins:
- # Check https://plugins.jenkins.io/ldap/ to find the latest version.
- - name: ldap
- version: "2.7"Easiest step is to then start up Jenkins then navigate to your instance’s -“Configure Global Security” page and configure it accordingly.
- -http://jenkins.example.com/configureSecurity/
Once it’s set up and tested, you can navigate to your JCasC page and export -the LDAP settings.
- -https://jenkins.example.com/configuration-as-code/
Feed the relevant new settings into your Kubernetes ConfigMap for your JCasC -settings.
- -Here’s a snippet of the LDAP-related configurations:
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: jenkins-casc
-data:
- ldap.yaml: |
- jenkins:
- securityRealm:
- ldap:
- configurations:
- - displayNameAttributeName: "name"
- groupSearchBase: "OU=Groups,OU=MyCompany"
- groupSearchFilter: "(& (cn={0}) (objectclass=group) )"
- inhibitInferRootDN: false
- managerDN: "CN=Jenkins Admin,OU=UsersSystem,OU=UsersOther,OU=MyCompany,DC=mycompany,DC=local"
- managerPasswordSecret: "${LDAP_MANAGER_PASSWORD}"
- rootDN: "DC=mycompany,DC=local"
- server: "MyCompany.local"
- userSearch: "SamAccountName={0}"
- userSearchBase: "OU=MyCompany"
- disableMailAddressResolver: false
- disableRolePrefixing: true
- groupIdStrategy: "caseInsensitive"
- userIdStrategy: "caseInsensitive"-- - - -Note the use of
-${LDAP_MANAGER_PASSWORD}above. You can reference -Kubernetes secrets in your JCasC ConfigMaps by adding the following to your -Jenkins object:-> kind: Jenkins -> spec: -> configurationAsCode: -> configurations: -> - name: jenkins-casc -> secret: -> # This here -> name: jenkins-casc-secrets -> ``` -> -> ```yaml -> apiVersion: v1 -> kind: Secret -> metadata: -> name: jenkins-cred-conf-secrets -> stringData: -> LDAP_MANAGER_PASSWORD: <password-for-manager-created-in-ldap> -> ``` -> -> Schema reference: [v1alpha2.ConfigurationAsCode](./schema/#github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.ConfigurationAsCode) - -Finally you must configure the Jenkins operator to use the manager's -credentials from the AD. - -This is because this procedure will disable Jenkins' own user database, and the -Jenkins operator still needs to be able to talk to Jenkins in an authorized -manner. - -Create the following Kubernetes secret:yaml -apiVersion: v1 -kind: Secret -metadata: - name: jenkins-operator-credentials-
- -- namespace: -stringData: - user: - password: -``` Note: Values in stringData do not need to be base64 encoded. They are -encoded by Kubernetes when the manifest is applied.
-
This document contains API scheme for jenkins-operator Custom Resource Definition manifest
Packages:
--
Package v1alpha2 contains API Schema definitions for the jenkins.io v1alpha2 API group
- -Resource Types: --
Jenkins is the Schema for the jenkins API
- -| Field | -Description | -||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
-apiVersion
-string |
-
-
-jenkins.io/v1alpha2
-
- |
-||||||||||||||||||||||||
-kind
-string
- |
-Jenkins |
-||||||||||||||||||||||||
-metadata
-
-
-Kubernetes meta/v1.ObjectMeta
-
-
- |
-
-Refer to the Kubernetes API documentation for the fields of the
-metadata field.
- |
-||||||||||||||||||||||||
-spec
-
-
-JenkinsSpec
-
-
- |
-
- Spec defines the desired state of the Jenkins -- -
|
-||||||||||||||||||||||||
-status
-
-
-JenkinsStatus
-
-
- |
-
- Status defines the observed state of Jenkins - |
-
-(Appears on: -JenkinsStatus) -
--
AppliedGroovyScript is the applied groovy script in Jenkins by the operator.
- -| Field | -Description | -
|---|---|
-configurationType
-
-string
-
- |
-
- ConfigurationType is the name of the configuration type(base-groovy, user-groovy, user-casc) - |
-
-source
-
-string
-
- |
-
- Source is the name of source where is located groovy script - |
-
-name
-
-string
-
- |
-
- Name is the name of the groovy script - |
-
-hash
-
-string
-
- |
-
- Hash is the hash of the groovy script and secrets which it uses - |
-
string alias)-(Appears on: -JenkinsAPISettings) -
--
AuthorizationStrategy defines authorization strategy of the operator for the Jenkins API
- --(Appears on: -JenkinsSpec) -
--
Backup defines configuration of Jenkins backup.
- -| Field | -Description | -
|---|---|
-containerName
-
-string
-
- |
-
- ContainerName is the container name responsible for backup operation - |
-
-action
-
-
-Handler
-
-
- |
-
- Action defines action which performs backup in backup container sidecar - |
-
-interval
-
-uint64
-
- |
-
- Interval tells how often make backup in seconds -Defaults to 30. - |
-
-makeBackupBeforePodDeletion
-
-bool
-
- |
-
- MakeBackupBeforePodDeletion tells operator to make backup before Jenkins master pod deletion - |
-
-(Appears on: -Customization) -
--
ConfigMapRef is reference to Kubernetes ConfigMap.
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-- | -
-(Appears on: -JenkinsSpec) -
--
ConfigurationAsCode defines configuration of Jenkins customization via Configuration as Code Jenkins plugin.
- -| Field | -Description | -
|---|---|
-Customization
-
-
-Customization
-
-
- |
-
-
-(Members of |
-
-(Appears on: -JenkinsMaster) -
--
Container defines Kubernetes container attributes.
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-
- Name of the container specified as a DNS_LABEL. -Each container in a pod must have a unique name (DNS_LABEL). - |
-
-image
-
-string
-
- |
-
- Docker image name. -More info: https://kubernetes.io/docs/concepts/containers/images - |
-
-imagePullPolicy
-
-
-Kubernetes core/v1.PullPolicy
-
-
- |
-
- Image pull policy. -One of Always, Never, IfNotPresent. -Defaults to Always. - |
-
-resources
-
-
-Kubernetes core/v1.ResourceRequirements
-
-
- |
-
- Compute Resources required by this container. -More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - |
-
-command
-
-[]string
-
- |
-
-(Optional)
- Entrypoint array. Not executed within a shell. -The docker image’s ENTRYPOINT is used if this is not provided. -Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable -cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax -can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, -regardless of whether the variable exists or not. -More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - |
-
-args
-
-[]string
-
- |
-
-(Optional)
- Arguments to the entrypoint. -The docker image’s CMD is used if this is not provided. -Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable -cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax -can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, -regardless of whether the variable exists or not. -More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - |
-
-workingDir
-
-string
-
- |
-
-(Optional)
- Container’s working directory. -If not specified, the container runtime’s default will be used, which -might be configured in the container image. - |
-
-ports
-
-
-[]Kubernetes core/v1.ContainerPort
-
-
- |
-
-(Optional)
- List of ports to expose from the container. Exposing a port here gives -the system additional information about the network connections a -container uses, but is primarily informational. Not specifying a port here -DOES NOT prevent that port from being exposed. Any port which is -listening on the default “0.0.0.0” address inside a container will be -accessible from the network. - |
-
-envFrom
-
-
-[]Kubernetes core/v1.EnvFromSource
-
-
- |
-
-(Optional)
- List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple -sources, the value associated with the last source will take precedence. -Values defined by an Env with a duplicate key will take precedence. - |
-
-env
-
-
-[]Kubernetes core/v1.EnvVar
-
-
- |
-
-(Optional)
- List of environment variables to set in the container. - |
-
-volumeMounts
-
-
-[]Kubernetes core/v1.VolumeMount
-
-
- |
-
-(Optional)
- -Pod volumes to mount into the container’s filesystem. More info: - -https://jenkinsci.github.io/kubernetes-operator/docs/installation/#note-on-restricted-jenkins-controller-pod-volumemounts - - - |
-
-livenessProbe
-
-
-Kubernetes core/v1.Probe
-
-
- |
-
-(Optional)
- Periodic probe of container liveness. -Container will be restarted if the probe fails. - |
-
-readinessProbe
-
-
-Kubernetes core/v1.Probe
-
-
- |
-
-(Optional)
- Periodic probe of container service readiness. -Container will be removed from service endpoints if the probe fails. - |
-
-lifecycle
-
-
-Kubernetes core/v1.Lifecycle
-
-
- |
-
-(Optional)
- Actions that the management system should take in response to container lifecycle events. - |
-
-securityContext
-
-
-Kubernetes core/v1.SecurityContext
-
-
- |
-
-(Optional)
- Security options the pod should run with. -More info: https://kubernetes.io/docs/concepts/policy/security-context/ -More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - |
-
-(Appears on: -ConfigurationAsCode, -GroovyScripts) -
--
Customization defines configuration of Jenkins customization.
- -| Field | -Description | -
|---|---|
-secret
-
-
-SecretRef
-
-
- |
-- | -
-configurations
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.ConfigMapRef
-
-
- |
-- | -
-(Appears on: -JenkinsSpec) -
--
GroovyScripts defines configuration of Jenkins customization via groovy scripts.
- -| Field | -Description | -
|---|---|
-Customization
-
-
-Customization
-
-
- |
-
-
-(Members of |
-
-(Appears on: -Backup, -Restore) -
--
Handler defines a specific action that should be taken.
- -| Field | -Description | -
|---|---|
-exec
-
-
-Kubernetes core/v1.ExecAction
-
-
- |
-
- Exec specifies the action to take. - |
-
-(Appears on: -JenkinsImageSpec) -
--
Defines Jenkins Plugin structure
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-- | -
-version
-
-string
-
- |
-- | -
-(Appears on: -JenkinsSpec) -
--
JenkinsAPISettings defines configuration used by the operator to gain admin access to the Jenkins API
- -| Field | -Description | -
|---|---|
-authorizationStrategy
-
-
-AuthorizationStrategy
-
-
- |
-- | -
string alias)-(Appears on: -SeedJob) -
--
JenkinsCredentialType defines type of Jenkins credential used to seed job mechanism.
- --
JenkinsImage is the Schema for the jenkinsimages API
- -| Field | -Description | -||||
|---|---|---|---|---|---|
-metadata
-
-
-Kubernetes meta/v1.ObjectMeta
-
-
- |
-
-Refer to the Kubernetes API documentation for the fields of the
-metadata field.
- |
-||||
-spec
-
-
-JenkinsImageSpec
-
-
- |
-
- - -
|
-||||
-status
-
-
-JenkinsImageStatus
-
-
- |
-- | -
-(Appears on: -JenkinsImage) -
--
JenkinsImageSpec defines the desired state of JenkinsImage
- -| Field | -Description | -
|---|---|
-image
-
-
-Image
-
-
- |
-- | -
-plugins
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.JenkinsPlugin
-
-
- |
-- | -
-(Appears on: -JenkinsImage) -
--
JenkinsImageStatus defines the observed state of JenkinsImage
- -| Field | -Description | -
|---|---|
-image
-
-string
-
- |
-- | -
-md5sum
-
-string
-
- |
-- | -
-installedPlugins
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.JenkinsPlugin
-
-
- |
-- | -
-(Appears on: -JenkinsSpec) -
--
JenkinsMaster defines the Jenkins master pod attributes and plugins, -every single change requires a Jenkins master pod restart.
- -| Field | -Description | -
|---|---|
-annotations
-
-map[string]string
-
- |
-
-(Optional)
- Annotations is an unstructured key value map stored with a resource that may be -set by external tools to store and retrieve arbitrary metadata. They are not -queryable and should be preserved when modifying objects. -More info: http://kubernetes.io/docs/user-guide/annotations - |
-
-masterAnnotations
-
-map[string]string
-
- |
-
-(Optional)
- Annotations is an unstructured key value map stored with a resource that may be -set by external tools to store and retrieve arbitrary metadata. They are not -queryable and should be preserved when modifying objects. -More info: http://kubernetes.io/docs/user-guide/annotations -Deprecated: will be removed in the future, please use Annotations(annotations) - |
-
-labels
-
-map[string]string
-
- |
-
-(Optional)
- Map of string keys and values that can be used to organize and categorize -(scope and select) objects. May match selectors of replication controllers -and services. -More info: http://kubernetes.io/docs/user-guide/labels - |
-
-nodeSelector
-
-map[string]string
-
- |
-
-(Optional)
- NodeSelector is a selector which must be true for the pod to fit on a node. -Selector which must match a node’s labels for the pod to be scheduled on that node. -More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - |
-
-securityContext
-
-
-Kubernetes core/v1.PodSecurityContext
-
-
- |
-
-(Optional)
- SecurityContext that applies to all the containers of the Jenkins -Master. As per kubernetes specification, it can be overridden -for each container individually. -Defaults to: -runAsUser: 1000 -fsGroup: 1000 - |
-
-containers
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Container
-
-
- |
-
-(Optional)
- List of containers belonging to the pod. -Containers cannot currently be added or removed. -There must be at least one container in a Pod. -Defaults to: -- image: jenkins/jenkins:lts -imagePullPolicy: Always -livenessProbe: -failureThreshold: 12 -httpGet: -path: /login -port: http -scheme: HTTP -initialDelaySeconds: 80 -periodSeconds: 10 -successThreshold: 1 -timeoutSeconds: 5 -name: jenkins-master -readinessProbe: -failureThreshold: 3 -httpGet: -path: /login -port: http -scheme: HTTP -initialDelaySeconds: 30 -periodSeconds: 10 -successThreshold: 1 -timeoutSeconds: 1 -resources: -limits: -cpu: 1500m -memory: 3Gi -requests: -cpu: “1” -memory: 600Mi - |
-
-imagePullSecrets
-
-
-[]Kubernetes core/v1.LocalObjectReference
-
-
- |
-
-(Optional)
- ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. -If specified, these secrets will be passed to individual puller implementations for them to use. For example, -in the case of docker, only DockerConfig type secrets are honored. -More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod - |
-
-volumes
-
-
-[]Kubernetes core/v1.Volume
-
-
- |
-
-(Optional)
- List of volumes that can be mounted by containers belonging to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes - |
-
-tolerations
-
-
-[]Kubernetes core/v1.Toleration
-
-
- |
-
-(Optional)
- If specified, the pod’s tolerations. - |
-
-basePlugins
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Plugin
-
-
- |
-
-(Optional)
- BasePlugins contains plugins required by operator -Defaults to : -- name: kubernetes -version: “1.28.6” -- name: workflow-job -version: “2.40” -- name: workflow-aggregator -version: “2.6” -- name: git -version: “4.5.0” -- name: job-dsl -version: “1.77” -- name: configuration-as-code -version: “1.46” -- name: kubernetes-credentials-provider -version: “0.15” - |
-
-plugins
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Plugin
-
-
- |
-
-(Optional)
- Plugins contains plugins required by user - |
-
-disableCSRFProtection
-
-bool
-
- |
-
- DisableCSRFProtection allows you to toggle CSRF Protection on Jenkins - |
-
-priorityClassName
-
-string
-
- |
-
-(Optional)
- PriorityClassName for Jenkins master pod - |
-
-(Appears on: -JenkinsImageSpec, -JenkinsImageStatus) -
--
Defines Jenkins Plugin structure
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-- | -
-version
-
-string
-
- |
-- | -
-(Appears on: -Jenkins) -
--
JenkinsSpec defines the desired state of the Jenkins.
- -| Field | -Description | -
|---|---|
-master
-
-
-JenkinsMaster
-
-
- |
-
- Master represents Jenkins master pod properties and Jenkins plugins. -Every single change here requires a pod restart. - |
-
-seedJobs
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.SeedJob
-
-
- |
-
-(Optional)
- SeedJobs defines list of Jenkins Seed Job configurations -More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configuration#configure-seed-jobs-and-pipelines - |
-
-notifications
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Notification
-
-
- |
-
-(Optional)
- Notifications defines list of a services which are used to inform about Jenkins status -Can be used to integrate chat services like Slack, Microsoft Teams or Mailgun - |
-
-service
-
-
-Service
-
-
- |
-
-(Optional)
- Service is Kubernetes service of Jenkins master HTTP pod -Defaults to : -port: 8080 -type: ClusterIP - |
-
-slaveService
-
-
-Service
-
-
- |
-
-(Optional)
- Service is Kubernetes service of Jenkins slave pods -Defaults to : -port: 50000 -type: ClusterIP - |
-
-backup
-
-
-Backup
-
-
- |
-
-(Optional)
- Backup defines configuration of Jenkins backup -More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configure-backup-and-restore/ - |
-
-restore
-
-
-Restore
-
-
- |
-
-(Optional)
- Backup defines configuration of Jenkins backup restore -More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configure-backup-and-restore/ - |
-
-groovyScripts
-
-
-GroovyScripts
-
-
- |
-
-(Optional)
- GroovyScripts defines configuration of Jenkins customization via groovy scripts - |
-
-configurationAsCode
-
-
-ConfigurationAsCode
-
-
- |
-
-(Optional)
- ConfigurationAsCode defines configuration of Jenkins customization via Configuration as Code Jenkins plugin - |
-
-roles
-
-
-[]Kubernetes rbac/v1.RoleRef
-
-
- |
-
-(Optional)
- Roles defines list of extra RBAC roles for the Jenkins Master pod service account - |
-
-serviceAccount
-
-
-ServiceAccount
-
-
- |
-
-(Optional)
- ServiceAccount defines Jenkins master service account attributes - |
-
-jenkinsAPISettings
-
-
-JenkinsAPISettings
-
-
- |
-
- JenkinsAPISettings defines configuration used by the operator to gain admin access to the Jenkins API - |
-
-(Appears on: -Jenkins) -
--
JenkinsStatus defines the observed state of Jenkins
- -| Field | -Description | -
|---|---|
-operatorVersion
-
-string
-
- |
-
-(Optional)
- OperatorVersion is the operator version which manages this CR - |
-
-provisionStartTime
-
-
-Kubernetes meta/v1.Time
-
-
- |
-
-(Optional)
- ProvisionStartTime is a time when Jenkins master pod has been created - |
-
-baseConfigurationCompletedTime
-
-
-Kubernetes meta/v1.Time
-
-
- |
-
-(Optional)
- BaseConfigurationCompletedTime is a time when Jenkins base configuration phase has been completed - |
-
-userConfigurationCompletedTime
-
-
-Kubernetes meta/v1.Time
-
-
- |
-
-(Optional)
- UserConfigurationCompletedTime is a time when Jenkins user configuration phase has been completed - |
-
-restoredBackup
-
-uint64
-
- |
-
-(Optional)
- RestoredBackup is the restored backup number after Jenkins master pod restart - |
-
-lastBackup
-
-uint64
-
- |
-
-(Optional)
- LastBackup is the latest backup number - |
-
-pendingBackup
-
-uint64
-
- |
-
-(Optional)
- PendingBackup is the pending backup number - |
-
-backupDoneBeforePodDeletion
-
-bool
-
- |
-
-(Optional)
- BackupDoneBeforePodDeletion tells if backup before pod deletion has been made - |
-
-userAndPasswordHash
-
-string
-
- |
-
-(Optional)
- UserAndPasswordHash is a SHA256 hash made from user and password - |
-
-createdSeedJobs
-
-[]string
-
- |
-
-(Optional)
- CreatedSeedJobs contains list of seed job id already created in Jenkins - |
-
-appliedGroovyScripts
-
-
-[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.AppliedGroovyScript
-
-
- |
-
-(Optional)
- AppliedGroovyScripts is a list with all applied groovy scripts in Jenkins by the operator - |
-
-(Appears on: -Notification) -
--
Mailgun is handler for Mailgun email service notification channel.
- -| Field | -Description | -
|---|---|
-domain
-
-string
-
- |
-- | -
-apiKeySecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-- | -
-recipient
-
-string
-
- |
-- | -
-from
-
-string
-
- |
-- | -
-(Appears on: -Notification) -
--
MicrosoftTeams is handler for Microsoft MicrosoftTeams notification channel.
- -| Field | -Description | -
|---|---|
-webHookURLSecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-
- The web hook URL to MicrosoftTeams App - |
-
-(Appears on: -JenkinsSpec) -
--
Notification is a service configuration used to send notifications about Jenkins status.
- -| Field | -Description | -
|---|---|
-level
-
-
-NotificationLevel
-
-
- |
-- | -
-verbose
-
-bool
-
- |
-- | -
-name
-
-string
-
- |
-- | -
-slack
-
-
-github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Slack
-
-
- |
-- | -
-teams
-
-
-github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.MicrosoftTeams
-
-
- |
-- | -
-mailgun
-
-
-github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Mailgun
-
-
- |
-- | -
-smtp
-
-
-github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.SMTP
-
-
- |
-- | -
string alias)-(Appears on: -Notification) -
--
NotificationLevel defines the level of a Notification.
- --(Appears on: -JenkinsMaster) -
--
Plugin defines Jenkins plugin.
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-
- Name is the name of Jenkins plugin - |
-
-version
-
-string
-
- |
-
- Version is the version of Jenkins plugin - |
-
-downloadURL
-
-string
-
- |
-
- DownloadURL is the custom url from where plugin has to be downloaded. - |
-
-(Appears on: -JenkinsSpec) -
--
Restore defines configuration of Jenkins backup restore operation.
- -| Field | -Description | -
|---|---|
-containerName
-
-string
-
- |
-
- ContainerName is the container name responsible for restore backup operation - |
-
-action
-
-
-Handler
-
-
- |
-
- Action defines action which performs restore backup in restore container sidecar - |
-
-getLatestAction
-
-
-Handler
-
-
- |
-
-(Optional)
- GetLatestAction defines action which returns the latest backup number. If there is no backup “-1” should be -returned. - |
-
-recoveryOnce
-
-uint64
-
- |
-
-(Optional)
- RecoveryOnce if want to restore specific backup set this field and then Jenkins will be restarted and desired backup will be restored - |
-
-(Appears on: -Notification) -
--
SMTP is handler for sending emails via this protocol.
- -| Field | -Description | -
|---|---|
-usernameSecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-- | -
-passwordSecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-- | -
-port
-
-int
-
- |
-- | -
-server
-
-string
-
- |
-- | -
-tlsInsecureSkipVerify
-
-bool
-
- |
-- | -
-from
-
-string
-
- |
-- | -
-to
-
-string
-
- |
-- | -
-(Appears on: -Mailgun, -MicrosoftTeams, -SMTP, -Slack) -
--
SecretKeySelector selects a key of a Secret.
- -| Field | -Description | -
|---|---|
-secret
-
-
-Kubernetes core/v1.LocalObjectReference
-
-
- |
-
- The name of the secret in the pod’s namespace to select from. - |
-
-key
-
-string
-
- |
-
- The key of the secret to select from. Must be a valid secret key. - |
-
-(Appears on: -Customization) -
--
SecretRef is reference to Kubernetes secret.
- -| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-- | -
-(Appears on: -JenkinsSpec) -
--
SeedJob defines configuration for seed job -More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configuration/#configure-seed-jobs-and-pipelines.
- -| Field | -Description | -
|---|---|
-id
-
-string
-
- |
-
- ID is the unique seed job name - |
-
-credentialID
-
-string
-
- |
-
- CredentialID is the Kubernetes secret name which stores repository access credentials - |
-
-description
-
-string
-
- |
-
-(Optional)
- Description is the description of the seed job - |
-
-targets
-
-string
-
- |
-
- Targets is the repository path where are seed job definitions - |
-
-repositoryBranch
-
-string
-
- |
-
- RepositoryBranch is the repository branch where are seed job definitions - |
-
-repositoryUrl
-
-string
-
- |
-
- RepositoryURL is the repository access URL. Can be SSH or HTTPS. - |
-
-credentialType
-
-
-JenkinsCredentialType
-
-
- |
-
-(Optional)
- JenkinsCredentialType is the https://jenkinsci.github.io/kubernetes-credentials-provider-plugin/ credential type - |
-
-bitbucketPushTrigger
-
-bool
-
- |
-
-(Optional)
- BitbucketPushTrigger is used for Bitbucket web hooks - |
-
-githubPushTrigger
-
-bool
-
- |
-
-(Optional)
- GitHubPushTrigger is used for GitHub web hooks - |
-
-buildPeriodically
-
-string
-
- |
-
-(Optional)
- BuildPeriodically is setting for scheduled trigger - |
-
-pollSCM
-
-string
-
- |
-
-(Optional)
- PollSCM is setting for polling changes in SCM - |
-
-ignoreMissingFiles
-
-bool
-
- |
-
-(Optional)
- IgnoreMissingFiles is setting for Job DSL API plugin to ignore files that miss - |
-
-additionalClasspath
-
-string
-
- |
-
-(Optional)
- AdditionalClasspath is setting for Job DSL API plugin to set Additional Classpath - |
-
-failOnMissingPlugin
-
-bool
-
- |
-
-(Optional)
- FailOnMissingPlugin is setting for Job DSL API plugin that fails job if required plugin is missing - |
-
-unstableOnDeprecation
-
-bool
-
- |
-
-(Optional)
- UnstableOnDeprecation is setting for Job DSL API plugin that sets build status as unstable if build using deprecated features - |
-
-(Appears on: -JenkinsSpec) -
--
Service defines Kubernetes service attributes
- -| Field | -Description | -
|---|---|
-annotations
-
-map[string]string
-
- |
-
-(Optional)
- Annotations is an unstructured key value map stored with a resource that may be -set by external tools to store and retrieve arbitrary metadata. They are not -queryable and should be preserved when modifying objects. -More info: http://kubernetes.io/docs/user-guide/annotations - |
-
-labels
-
-map[string]string
-
- |
-
-(Optional)
- Route service traffic to pods with label keys and values matching this -selector. If empty or not present, the service is assumed to have an -external process managing its endpoints, which Kubernetes will not -modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. -Ignored if type is ExternalName. -More info: https://kubernetes.io/docs/concepts/services-networking/service/ - |
-
-type
-
-
-Kubernetes core/v1.ServiceType
-
-
- |
-
-(Optional)
- Type determines how the Service is exposed. Defaults to ClusterIP. Valid -options are ExternalName, ClusterIP, NodePort, and LoadBalancer. -“ExternalName” maps to the specified externalName. -“ClusterIP” allocates a cluster-internal IP address for load-balancing to -endpoints. Endpoints are determined by the selector or if that is not -specified, by manual construction of an Endpoints object. If clusterIP is -“None”, no virtual IP is allocated and the endpoints are published as a -set of endpoints rather than a stable IP. -“NodePort” builds on ClusterIP and allocates a port on every node which -routes to the clusterIP. -“LoadBalancer” builds on NodePort and creates an -external load-balancer (if supported in the current cloud) which routes -to the clusterIP. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services—service-types - |
-
-port
-
-int32
-
- |
-
- The port that are exposed by this service. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - |
-
-nodePort
-
-int32
-
- |
-
-(Optional)
- The port on each node on which this service is exposed when type=NodePort or LoadBalancer. -Usually assigned by the system. If specified, it will be allocated to the service -if unused or else creation of the service will fail. -Default is to auto-allocate a port if the ServiceType of this Service requires one. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - |
-
-loadBalancerSourceRanges
-
-[]string
-
- |
-
-(Optional)
- If specified and supported by the platform, this will restrict traffic through the cloud-provider -load-balancer will be restricted to the specified client IPs. This field will be ignored if the -cloud-provider does not support the feature.” -More info: https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/#restricting-cloud-metadata-api-access - |
-
-loadBalancerIP
-
-string
-
- |
-
-(Optional)
- Only applies to Service Type: LoadBalancer -LoadBalancer will get created with the IP specified in this field. -This feature depends on whether the underlying cloud-provider supports specifying -the loadBalancerIP when a load balancer is created. -This field will be ignored if the cloud-provider does not support the feature. - |
-
-(Appears on: -JenkinsSpec) -
--
ServiceAccount defines Kubernetes service account attributes
- -| Field | -Description | -
|---|---|
-annotations
-
-map[string]string
-
- |
-
-(Optional)
- Annotations is an unstructured key value map stored with a resource that may be -set by external tools to store and retrieve arbitrary metadata. They are not -queryable and should be preserved when modifying objects. -More info: http://kubernetes.io/docs/user-guide/annotations - |
-
-(Appears on: -Notification) -
--
Slack is handler for Slack notification channel.
- -| Field | -Description | -
|---|---|
-webHookURLSecretKeySelector
-
-
-SecretKeySelector
-
-
- |
-
- The web hook URL to Slack App - |
-
-Generated with gen-crd-api-reference-docs
-on git commit fe81e5a.
-
You need to create two namespaces, for example we’ll call them jenkins for Jenkins and jenkins-operator for Jenkins Operator.
-$ kubectl create ns jenkins-operator
-$ kubectl create ns jenkinsNext, you need to install resources necessary for the Operator to work in the jenkins-operator namespace. To do that,
-copy the manifest you see below to jenkins-operator-rbac.yamlfile.
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: jenkins-operator
----
-# permissions to do leader election.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: leader-election-role
-rules:
-- apiGroups:
- - ""
- - coordination.k8s.io
- resources:
- - configmaps
- - leases
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - patch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: leader-election-rolebinding
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: leader-election-role
-subjects:
-- kind: ServiceAccount
- name: jenkins-operator
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: jenkins-operator
-rules:
-- apiGroups:
- - apps
- resources:
- - daemonsets
- - deployments
- - replicasets
- - statefulsets
- verbs:
- - '*'
-- apiGroups:
- - apps
- - jenkins-operator
- resources:
- - deployments/finalizers
- verbs:
- - update
-- apiGroups:
- - build.openshift.io
- resources:
- - buildconfigs
- - builds
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - ""
- resources:
- - configmaps
- - secrets
- - services
- verbs:
- - create
- - get
- - list
- - update
- - watch
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - get
- - list
- - patch
- - watch
-- apiGroups:
- - ""
- resources:
- - persistentvolumeclaims
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - ""
- resources:
- - pods
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - ""
- resources:
- - pods
- - pods/exec
- verbs:
- - '*'
-- apiGroups:
- - ""
- resources:
- - pods/log
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - ""
- resources:
- - pods/portforward
- verbs:
- - create
-- apiGroups:
- - ""
- resources:
- - serviceaccounts
- verbs:
- - create
- - get
- - list
- - update
- - watch
-- apiGroups:
- - image.openshift.io
- resources:
- - imagestreams
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - jenkins.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - jenkins.io
- resources:
- - jenkins
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - jenkins.io
- resources:
- - jenkins/finalizers
- verbs:
- - update
-- apiGroups:
- - jenkins.io
- resources:
- - jenkins/status
- verbs:
- - get
- - patch
- - update
-- apiGroups:
- - rbac.authorization.k8s.io
- resources:
- - rolebindings
- - roles
- verbs:
- - create
- - get
- - list
- - update
- - watch
-- apiGroups:
- - route.openshift.io
- resources:
- - routes
- verbs:
- - create
- - get
- - list
- - update
- - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: jenkins-operator
-subjects:
- - kind: ServiceAccount
- name: jenkins-operator
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: jenkins-operatorNow install the required resources in jenkins-operator namespace with:
kubectl apply -n jenkins-operator -f jenkins-operator-rbac.yamlThere’s only one thing left to install in jenkins-operator namespace, and that is the Operator itself. The manifest
-below contains the Operator as defined in all-in-one manifest found in Installing the Operator
-page, the only difference is that the one here sets WATCH_NAMESPACE to the jenkins namespace we created.
Copy its content to jenkins-operator.yaml file.
apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: jenkins-operator
- labels:
- control-plane: controller-manager
-spec:
- selector:
- matchLabels:
- control-plane: controller-manager
- replicas: 1
- template:
- metadata:
- labels:
- control-plane: controller-manager
- spec:
- serviceAccountName: jenkins-operator
- securityContext:
- runAsUser: 65532
- containers:
- - command:
- - /manager
- args:
- - --leader-elect
- image: virtuslab/jenkins-operator:v0.6.0
- name: jenkins-operator
- imagePullPolicy: IfNotPresent
- securityContext:
- allowPrivilegeEscalation: false
- livenessProbe:
- httpGet:
- path: /healthz
- port: 8081
- initialDelaySeconds: 15
- periodSeconds: 20
- readinessProbe:
- httpGet:
- path: /readyz
- port: 8081
- initialDelaySeconds: 5
- periodSeconds: 10
- resources:
- limits:
- cpu: 100m
- memory: 30Mi
- requests:
- cpu: 100m
- memory: 20Mi
- env:
- - name: WATCH_NAMESPACE
- value: jenkins
- terminationGracePeriodSeconds: 10Install the Operator in jenkins-operator namespace with:
kubectl apply -n jenkins-operator -f jenkins-operator.yamlYou have installed the Operator in jenkins-operator namespace, watching for Jenkins in jenkins namespace. Now
-there are two things left to do: creating necessary Role and RoleBinding for the Operator in jenkins namespace, and
-deploying actual Jenkins instance there.
Below you can find manifest with RBAC that needs to be created in jenkins namespace. Copy its content to jenkins-ns-rbac.yaml file.
apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: jenkins-operator
-rules:
- - apiGroups:
- - apps
- resources:
- - daemonsets
- - deployments
- - replicasets
- - statefulsets
- verbs:
- - '*'
- - apiGroups:
- - apps
- - jenkins-operator
- resources:
- - deployments/finalizers
- verbs:
- - update
- - apiGroups:
- - build.openshift.io
- resources:
- - buildconfigs
- - builds
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - ""
- resources:
- - configmaps
- - secrets
- - services
- verbs:
- - create
- - get
- - list
- - update
- - watch
- - apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - get
- - list
- - patch
- - watch
- - apiGroups:
- - ""
- resources:
- - persistentvolumeclaims
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - ""
- resources:
- - pods
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
- - apiGroups:
- - ""
- resources:
- - pods
- - pods/exec
- verbs:
- - '*'
- - apiGroups:
- - ""
- resources:
- - pods/log
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - ""
- resources:
- - pods/portforward
- verbs:
- - create
- - apiGroups:
- - ""
- resources:
- - serviceaccounts
- verbs:
- - create
- - get
- - list
- - update
- - watch
- - apiGroups:
- - image.openshift.io
- resources:
- - imagestreams
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - jenkins.io
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - jenkins.io
- resources:
- - jenkins
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
- - apiGroups:
- - jenkins.io
- resources:
- - jenkins/finalizers
- verbs:
- - update
- - apiGroups:
- - jenkins.io
- resources:
- - jenkins/status
- verbs:
- - get
- - patch
- - update
- - apiGroups:
- - rbac.authorization.k8s.io
- resources:
- - rolebindings
- - roles
- verbs:
- - create
- - get
- - list
- - update
- - watch
- - apiGroups:
- - route.openshift.io
- resources:
- - routes
- verbs:
- - create
- - get
- - list
- - update
- - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: jenkins-operator
-subjects:
- - kind: ServiceAccount
- name: jenkins-operator
- namespace: jenkins-operator
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: jenkins-operatorNow apply it with:
-kubectl apply -n jenkins -f jenkins-ns-rbac.yamlThe last thing to do is to deploy Jenkins. Below you can find an example Jenkins resource manifest.
-It’s the same as one used in Deploying Jenkins.
-Copy it to jenkins-instance.yaml
apiVersion: jenkins.io/v1alpha2
-kind: Jenkins
-metadata:
- name: example
-spec:
- configurationAsCode:
- configurations: []
- secret:
- name: ""
- groovyScripts:
- configurations: []
- secret:
- name: ""
- jenkinsAPISettings:
- authorizationStrategy: createUser
- master:
- disableCSRFProtection: false
- containers:
- - name: jenkins-master
- image: jenkins/jenkins:2.277.4-lts-alpine
- imagePullPolicy: Always
- livenessProbe:
- failureThreshold: 12
- httpGet:
- path: /login
- port: http
- scheme: HTTP
- initialDelaySeconds: 100
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 5
- readinessProbe:
- failureThreshold: 10
- httpGet:
- path: /login
- port: http
- scheme: HTTP
- initialDelaySeconds: 80
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 1
- resources:
- limits:
- cpu: 1500m
- memory: 3Gi
- requests:
- cpu: "1"
- memory: 500Mi
- seedJobs:
- - id: jenkins-operator
- targets: "cicd/jobs/*.jenkins"
- description: "Jenkins Operator repository"
- repositoryBranch: master
- repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.gitNow you can deploy it with:
-kubectl apply -n jenkins -f jenkins-instance.yamlWith this, you have just set up Jenkins Operator and Jenkins in separate namespaces. Now the Operator will run in
-its own namespace (jenkins-operator), watch for CRs in jenkins namespace, and deploy Jenkins there.
The Jenkins Operator design incorporates the following concepts:
- -
Base reconciliation loop takes care of reconciling base Jenkins configuration, which consists of:
- -User reconciliation loop takes care of reconciling user provided configuration, which consists of:
- -
Operator state is kept in the custom resource status section, which is used for storing any configuration events or job statuses managed by the operator.
- -It helps to maintain or recover the desired state even after the operator or Jenkins restarts.
- -It rejects/accepts admission requests based on potential security warnings in plugins present in the Jenkins Custom Resource.
- - - -This document describes a high level overview of how Jenkins Operator works.
- -Jenkins Operator fundamentals -
-Jenkins default image details -
-Jenkins Operator is fully compatible with jenkins:lts Docker image and does not introduce any hidden changes
-to the upstream Jenkins. However due to problems with plugins and images version compatibility we are using specific tags
-in the exemplary Custom Resource, so you know a working configuration.
If needed, the Docker image can be easily changed in custom resource manifest as long as it supports standard Jenkins file system structure.
- - - -This project was originally developed by VirtusLab and the following CONTRIBUTORS.
- -How Jenkins Operator works -
-How to work with Jenkins Operator -
-Jenkins security and hardening out of the box -
-Troubleshooting Jenkins Operator -
-Jenkins Operator for developers -
-Frequently Asked Questions about running Jenkins Operator -
-By default Jenkins Operator performs an initial security hardening of Jenkins instance -via groovy scripts to prevent any security gaps.
- -Currently Jenkins Operator generates a username and random password and stores them in a Kubernetes Secret. -However any other authorization mechanisms are possible and can be done via groovy scripts or configuration as code plugin. -For more information take a look at the section on customizing Jenkins.
- -Any change to Security Realm or Authorization requires that user called jenkins-operator must have admin rights
-because Jenkins Operator calls Jenkins API.
The list below describes all the default security setting configured by the Jenkins Operator:
- -Mode.EXCLUSIVE - Jobs must specify that they want to run on master nodeJNLP3-connect, JNLP2-connect and JNLP-connect are disabled/cli URL is disabledIf you would like to dig a little bit into the code, take a look here.
- -The Jenkins Operator generates and configures Basic Authentication token for Jenkins Go client -and stores it in a Kubernetes Secret.
- -Kubernetes API permissions are limited by the following roles:
- - - -Since Jenkins Operator must be able to grant permission for its deployed Jenkins masters
-to spawn pods (the Jenkins Master role above),
-the operator itself requires permission to create RBAC resources (the jenkins-operator role above).
Deployed this way, any subject which may create a Pod (including a Jenkins job) may
-assume the jenkins-operator role by using its’ ServiceAccount, create RBAC rules, and thus escape its granted permissions.
-Any namespace to which the jenkins-operator is deployed must be considered to implicitly grant all
-possible permissions to any subject which can create a Pod in that namespace.
To mitigate this issue, Jenkins Operator should be deployed in one namespace, and the Jenkins CR should be created in -a separate namespace. For instructions on how to deploy Jenkins Operator and Jenkins in separate namespaces, head over -to the Separate namespaces section of Getting Started -guide.
- -If you find a vulnerability or any misconfiguration in Jenkins, please report it in the issues.
- -This document helps you to state the reason for an error in the Jenkins Operator, which is the first step in solving it.
- -Jenkins Operator can provide some useful logs. To get them, run:
-$ kubectl logs <controller-manager-pod-name> -f In the logs look for WARNING, ERROR and SEVERE keywords.
If the container is in a CrashLoopBackOff, the fault is in the Jenkins itself. -If the Operator is constantly terminating the pod with ‘missing-plugins’ messages that means the plugins lost compatibility -with the Jenkins image and their version need to be updated. -To learn more about the possible error, check the state of the pod:
-$ kubectl -n <namespace-name> get po <name-of-the-jenkins-pod> -wor
-$ kubectl -n <namespace-name> describe po <name-of-the-jenkins-pod>and check the logs from the Jenkins container:
-$ kubectl -n <namespace-name> logs <jenkins-pod> <jenkins-master> -f Sometimes Events provide a great dose of information, especially in the case some Kubernetes resource doesn’t want to become Ready. -To obtain the events in your Cluster run:
-$ kubectl -n <namespace> get events --sort-by='{.lastTimestamp}'You can always kill the Jenkins pod and wait for it to come up again. All the version-controlled configurations will be downloaded again -and the rest will be discarded. Chances are the buggy part will be gone.
-$ kubectl delete pod <jenkins-pod>If you need to access additional logs from the Operator, you can run it in debug mode. To do that, add "--debug"
-argument to jenkins-operator container args in your Operator deployment.
-Deploy Jenkins Operator and configure your Jenkins instances in Kubernetes -
- -Use groovy scripts or JCasC to configure your Jenkins instance
- - -Enable CSRF, disable usage stats, enable master access control and more by default
- - -Less chance to lose data
- - -Improve user experience by informing what has been done
- - -We do a Pull Request contributions workflow on GitHub. New users are always welcome!
- - -Learning the usage of Jenkins Operator will make your life easier. After that, you can easily contribute to the project.
- - -Ask questions, discuss best practices and talk to other users about Jenkins Operator on a dedicated Discourse category.
- - - - -