Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
143 lines (138 sloc) 3.19 KB
apiVersion: v1
kind: ServiceAccount
metadata:
name: cjd
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: cjd
rules:
- apiGroups: [""]
resources: ["pods","configmaps","services","serviceaccounts"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
- apiGroups: ["apps"]
resources: ["statefulsets"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["roles","rolebindings"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: ["extensions"]
resources: ["ingresses"]
verbs: ["create","delete","get","list","patch","update","watch"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: cjd
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: cjd
# namespace: cjd
subjects:
- kind: ServiceAccount
name: cjd
---
apiVersion: v1
kind: Service
metadata:
name: cjd
spec:
selector:
app: cjd
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
- name: agent
port: 50000
protocol: TCP
targetPort: 50000
type: ClusterIP
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: cjd
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
cert-manager.io/cluster-issuer: "letsencrypt-prod" # add after cert-manager deploy
spec:
tls: # cert-manager
- hosts: # cert-manager
- cjd.cloudbees.elgin.io # cert-manager
secretName: cjd-tls # cert-manager
rules:
- host: cjd.cloudbees.elgin.io
http:
paths:
- path: /
backend:
serviceName: cjd
servicePort: 80
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: cjd
spec:
selector:
matchLabels:
app: cjd
serviceName: "cjd"
template:
metadata:
labels:
app: cjd
spec:
containers:
- name: cjd
image: gcr.io/melgin/cjd-casc:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
- containerPort: 50000
env:
- name: CASC_JENKINS_CONFIG
value: /var/jenkins_config/jenkins-casc.yaml
- name: JAVA_OPTS
value: >-
-Dcom.cloudbees.jenkins.cjp.installmanager.CJPPluginManager.allRequired=true
-Djenkins.install.runSetupWizard=false
envFrom:
- secretRef:
name: github
- secretRef:
name: github-oauth
volumeMounts:
- name: jenkins-home
mountPath: /var/jenkins_home/
- name: jenkins-casc
mountPath: /var/jenkins_config/
securityContext:
fsGroup: 1000
serviceAccountName: cjd
volumes:
- name: jenkins-casc
configMap:
name: jenkins-casc
volumeClaimTemplates:
- metadata:
name: jenkins-home
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 5Gi
You can’t perform that action at this time.