feat: Configure inherit yaml merge strategy (#1128)

jenkinsci · Jun 11, 2024 · a360087 · a360087
1 parent ff24ae3
commit a360087
Show file tree

Hide file tree

Showing 6 changed files with 132 additions and 85 deletions.
diff --git a/charts/jenkins/CHANGELOG.md b/charts/jenkins/CHANGELOG.md
@@ -12,6 +12,10 @@ Use the following links to reference issues, PRs, and commits prior to v2.6.0.
 The changelog until v1.5.7 was auto-generated based on git commits.
 Those entries include a reference to the git commit to be able to get more details.
 
+## 5.2.0
+
+Add `agent.inheritYamlMergeStrategy` to allow configuring this setting on the default agent pod template.
+
 ## 5.1.31
 
 Update `kubernetes` to version `4245.vf5b_83f1fee6e`

diff --git a/charts/jenkins/Chart.yaml b/charts/jenkins/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: jenkins
 type: application
 home: https://www.jenkins.io/
-version: 5.1.31
+version: 5.2.0
 appVersion: 2.452.1
 description: >
   Jenkins - Build great things at any scale! As the leading open source automation server, Jenkins provides over 1800 plugins to support building, deploying and automating any project.

diff --git a/charts/jenkins/VALUES.md b/charts/jenkins/VALUES.md
@@ -8,28 +8,29 @@ The following tables list the configurable parameters of the Jenkins chart and t
 
 | Key | Type | Description | Default |
 |:----|:-----|:---------|:------------|
-| [additionalAgents](./values.yaml#L1142) | object | Configure additional | `{}` |
-| [additionalClouds](./values.yaml#L1167) | object |  | `{}` |
+| [additionalAgents](./values.yaml#L1144) | object | Configure additional | `{}` |
+| [additionalClouds](./values.yaml#L1169) | object |  | `{}` |
 | [agent.TTYEnabled](./values.yaml#L1062) | bool | Allocate pseudo tty to the side container | `false` |
-| [agent.additionalContainers](./values.yaml#L1095) | list | Add additional containers to the agents | `[]` |
+| [agent.additionalContainers](./values.yaml#L1097) | list | Add additional containers to the agents | `[]` |
 | [agent.alwaysPullImage](./values.yaml#L955) | bool | Always pull agent container image before build | `false` |
-| [agent.annotations](./values.yaml#L1091) | object | Annotations to apply to the pod | `{}` |
+| [agent.annotations](./values.yaml#L1093) | object | Annotations to apply to the pod | `{}` |
 | [agent.args](./values.yaml#L1056) | string | Arguments passed to command to execute | `"${computer.jnlpmac} ${computer.name}"` |
 | [agent.command](./values.yaml#L1054) | string | Command to execute when side container starts | `nil` |
 | [agent.componentName](./values.yaml#L923) | string |  | `"jenkins-agent"` |
-| [agent.connectTimeout](./values.yaml#L1089) | int | Timeout in seconds for an agent to be online | `100` |
+| [agent.connectTimeout](./values.yaml#L1091) | int | Timeout in seconds for an agent to be online | `100` |
 | [agent.containerCap](./values.yaml#L1064) | int | Max number of agents to launch | `10` |
 | [agent.customJenkinsLabels](./values.yaml#L920) | list | Append Jenkins labels to the agent | `[]` |
 | [agent.defaultsProviderTemplate](./values.yaml#L886) | string | The name of the pod template to use for providing default values | `""` |
 | [agent.directConnection](./values.yaml#L926) | bool |  | `false` |
-| [agent.disableDefaultAgent](./values.yaml#L1113) | bool | Disable the default Jenkins Agent configuration | `false` |
+| [agent.disableDefaultAgent](./values.yaml#L1115) | bool | Disable the default Jenkins Agent configuration | `false` |
 | [agent.enabled](./values.yaml#L884) | bool | Enable Kubernetes plugin jnlp-agent podTemplate | `true` |
 | [agent.envVars](./values.yaml#L1037) | list | Environment variables for the agent Pod | `[]` |
 | [agent.hostNetworking](./values.yaml#L934) | bool | Enables the agent to use the host network | `false` |
 | [agent.idleMinutes](./values.yaml#L1069) | int | Allows the Pod to remain active for reuse until the configured number of minutes has passed since the last step was executed on it | `0` |
 | [agent.image.repository](./values.yaml#L913) | string | Repository to pull the agent jnlp image from | `"jenkins/inbound-agent"` |
 | [agent.image.tag](./values.yaml#L915) | string | Tag of the image to pull | `"3248.v65ecb_254c298-1"` |
 | [agent.imagePullSecretName](./values.yaml#L922) | string | Name of the secret to be used to pull the image | `nil` |
+| [agent.inheritYamlMergeStrategy](./values.yaml#L1089) | bool | Controls whether the defined yaml merge strategy will be inherited if another defined pod template is configured to inherit from the current one | `false` |
 | [agent.jenkinsTunnel](./values.yaml#L894) | string | Overrides the Kubernetes Jenkins tunnel | `nil` |
 | [agent.jenkinsUrl](./values.yaml#L890) | string | Overrides the Kubernetes Jenkins URL | `nil` |
 | [agent.jnlpregistry](./values.yaml#L910) | string | Custom registry used to pull the agent jnlp image from | `nil` |
@@ -43,7 +44,7 @@ The following tables list the configurable parameters of the Jenkins chart and t
 | [agent.podLabels](./values.yaml#L908) | object | Custom Pod labels (an object with `label-key: label-value` pairs) | `{}` |
 | [agent.podName](./values.yaml#L1066) | string | Agent Pod base name | `"default"` |
 | [agent.podRetention](./values.yaml#L964) | string |  | `"Never"` |
-| [agent.podTemplates](./values.yaml#L1123) | object | Configures extra pod templates for the default kubernetes cloud | `{}` |
+| [agent.podTemplates](./values.yaml#L1125) | object | Configures extra pod templates for the default kubernetes cloud | `{}` |
 | [agent.privileged](./values.yaml#L928) | bool | Agent privileged container | `false` |
 | [agent.resources](./values.yaml#L936) | object | Resources allocation (Requests and Limits) | `{"limits":{"cpu":"512m","memory":"512Mi"},"requests":{"cpu":"512m","memory":"512Mi"}}` |
 | [agent.restrictedPssSecurityContext](./values.yaml#L961) | bool | Set a restricted securityContext on jnlp containers | `false` |
@@ -60,11 +61,11 @@ The following tables list the configurable parameters of the Jenkins chart and t
 | [agent.workspaceVolume](./values.yaml#L1010) | object | Workspace volume (defaults to EmptyDir) | `{}` |
 | [agent.yamlMergeStrategy](./values.yaml#L1087) | string | Defines how the raw yaml field gets merged with yaml definitions from inherited pod templates. Possible values: "merge" or "override" | `"override"` |
 | [agent.yamlTemplate](./values.yaml#L1076) | string | The raw yaml of a Pod API Object to merge into the agent spec | `""` |
-| [awsSecurityGroupPolicies.enabled](./values.yaml#L1293) | bool |  | `false` |
-| [awsSecurityGroupPolicies.policies[0].name](./values.yaml#L1295) | string |  | `""` |
-| [awsSecurityGroupPolicies.policies[0].podSelector](./values.yaml#L1297) | object |  | `{}` |
-| [awsSecurityGroupPolicies.policies[0].securityGroupIds](./values.yaml#L1296) | list |  | `[]` |
-| [checkDeprecation](./values.yaml#L1290) | bool | Checks if any deprecated values are used | `true` |
+| [awsSecurityGroupPolicies.enabled](./values.yaml#L1295) | bool |  | `false` |
+| [awsSecurityGroupPolicies.policies[0].name](./values.yaml#L1297) | string |  | `""` |
+| [awsSecurityGroupPolicies.policies[0].podSelector](./values.yaml#L1299) | object |  | `{}` |
+| [awsSecurityGroupPolicies.policies[0].securityGroupIds](./values.yaml#L1298) | list |  | `[]` |
+| [checkDeprecation](./values.yaml#L1292) | bool | Checks if any deprecated values are used | `true` |
 | [clusterZone](./values.yaml#L21) | string | Override the cluster name for FQDN resolving | `"cluster.local"` |
 | [controller.JCasC.authorizationStrategy](./values.yaml#L533) | string | Jenkins Config as Code Authorization Strategy-section | `"loggedInUsersCanDoAnything:\n  allowAnonymousRead: false"` |
 | [controller.JCasC.configMapAnnotations](./values.yaml#L538) | object | Annotations for the JCasC ConfigMap | `{}` |
@@ -265,40 +266,40 @@ The following tables list the configurable parameters of the Jenkins chart and t
 | [controller.usePodSecurityContext](./values.yaml#L176) | bool | Enable pod security context (must be `true` if podSecurityContextOverride, runAsUser or fsGroup are set) | `true` |
 | [credentialsId](./values.yaml#L27) | string | The Jenkins credentials to access the Kubernetes API server. For the default cluster it is not needed. | `nil` |
 | [fullnameOverride](./values.yaml#L13) | string | Override the full resource names | `jenkins-(release-name)` or `jenkins` if the release-name is `jenkins` |
-| [helmtest.bats.image.registry](./values.yaml#L1306) | string | Registry of the image used to test the framework | `"docker.io"` |
-| [helmtest.bats.image.repository](./values.yaml#L1308) | string | Repository of the image used to test the framework | `"bats/bats"` |
-| [helmtest.bats.image.tag](./values.yaml#L1310) | string | Tag of the image to test the framework | `"1.11.0"` |
+| [helmtest.bats.image.registry](./values.yaml#L1308) | string | Registry of the image used to test the framework | `"docker.io"` |
+| [helmtest.bats.image.repository](./values.yaml#L1310) | string | Repository of the image used to test the framework | `"bats/bats"` |
+| [helmtest.bats.image.tag](./values.yaml#L1312) | string | Tag of the image to test the framework | `"1.11.0"` |
 | [kubernetesURL](./values.yaml#L24) | string | The URL of the Kubernetes API server | `"https://kubernetes.default"` |
 | [nameOverride](./values.yaml#L10) | string | Override the resource name prefix | `Chart.Name` |
 | [namespaceOverride](./values.yaml#L16) | string | Override the deployment namespace | `Release.Namespace` |
-| [networkPolicy.apiVersion](./values.yaml#L1236) | string | NetworkPolicy ApiVersion | `"networking.k8s.io/v1"` |
-| [networkPolicy.enabled](./values.yaml#L1231) | bool | Enable the creation of NetworkPolicy resources | `false` |
-| [networkPolicy.externalAgents.except](./values.yaml#L1250) | list | A list of IP sub-ranges to be excluded from the allowlisted IP range | `[]` |
-| [networkPolicy.externalAgents.ipCIDR](./values.yaml#L1248) | string | The IP range from which external agents are allowed to connect to controller, i.e., 172.17.0.0/16 | `nil` |
-| [networkPolicy.internalAgents.allowed](./values.yaml#L1240) | bool | Allow internal agents (from the same cluster) to connect to controller. Agent pods will be filtered based on PodLabels | `true` |
-| [networkPolicy.internalAgents.namespaceLabels](./values.yaml#L1244) | object | A map of labels (keys/values) that agents namespaces must have to be able to connect to controller | `{}` |
-| [networkPolicy.internalAgents.podLabels](./values.yaml#L1242) | object | A map of labels (keys/values) that agent pods must have to be able to connect to controller | `{}` |
-| [persistence.accessMode](./values.yaml#L1206) | string | The PVC access mode | `"ReadWriteOnce"` |
-| [persistence.annotations](./values.yaml#L1202) | object | Annotations for the PVC | `{}` |
-| [persistence.dataSource](./values.yaml#L1212) | object | Existing data source to clone PVC from | `{}` |
-| [persistence.enabled](./values.yaml#L1186) | bool | Enable the use of a Jenkins PVC | `true` |
-| [persistence.existingClaim](./values.yaml#L1192) | string | Provide the name of a PVC | `nil` |
-| [persistence.labels](./values.yaml#L1204) | object | Labels for the PVC | `{}` |
-| [persistence.mounts](./values.yaml#L1224) | list | Additional mounts | `[]` |
-| [persistence.size](./values.yaml#L1208) | string | The size of the PVC | `"8Gi"` |
-| [persistence.storageClass](./values.yaml#L1200) | string | Storage class for the PVC | `nil` |
-| [persistence.subPath](./values.yaml#L1217) | string | SubPath for jenkins-home mount | `nil` |
-| [persistence.volumes](./values.yaml#L1219) | list | Additional volumes | `[]` |
-| [rbac.create](./values.yaml#L1256) | bool | Whether RBAC resources are created | `true` |
-| [rbac.readSecrets](./values.yaml#L1258) | bool | Whether the Jenkins service account should be able to read Kubernetes secrets | `false` |
+| [networkPolicy.apiVersion](./values.yaml#L1238) | string | NetworkPolicy ApiVersion | `"networking.k8s.io/v1"` |
+| [networkPolicy.enabled](./values.yaml#L1233) | bool | Enable the creation of NetworkPolicy resources | `false` |
+| [networkPolicy.externalAgents.except](./values.yaml#L1252) | list | A list of IP sub-ranges to be excluded from the allowlisted IP range | `[]` |
+| [networkPolicy.externalAgents.ipCIDR](./values.yaml#L1250) | string | The IP range from which external agents are allowed to connect to controller, i.e., 172.17.0.0/16 | `nil` |
+| [networkPolicy.internalAgents.allowed](./values.yaml#L1242) | bool | Allow internal agents (from the same cluster) to connect to controller. Agent pods will be filtered based on PodLabels | `true` |
+| [networkPolicy.internalAgents.namespaceLabels](./values.yaml#L1246) | object | A map of labels (keys/values) that agents namespaces must have to be able to connect to controller | `{}` |
+| [networkPolicy.internalAgents.podLabels](./values.yaml#L1244) | object | A map of labels (keys/values) that agent pods must have to be able to connect to controller | `{}` |
+| [persistence.accessMode](./values.yaml#L1208) | string | The PVC access mode | `"ReadWriteOnce"` |
+| [persistence.annotations](./values.yaml#L1204) | object | Annotations for the PVC | `{}` |
+| [persistence.dataSource](./values.yaml#L1214) | object | Existing data source to clone PVC from | `{}` |
+| [persistence.enabled](./values.yaml#L1188) | bool | Enable the use of a Jenkins PVC | `true` |
+| [persistence.existingClaim](./values.yaml#L1194) | string | Provide the name of a PVC | `nil` |
+| [persistence.labels](./values.yaml#L1206) | object | Labels for the PVC | `{}` |
+| [persistence.mounts](./values.yaml#L1226) | list | Additional mounts | `[]` |
+| [persistence.size](./values.yaml#L1210) | string | The size of the PVC | `"8Gi"` |
+| [persistence.storageClass](./values.yaml#L1202) | string | Storage class for the PVC | `nil` |
+| [persistence.subPath](./values.yaml#L1219) | string | SubPath for jenkins-home mount | `nil` |
+| [persistence.volumes](./values.yaml#L1221) | list | Additional volumes | `[]` |
+| [rbac.create](./values.yaml#L1258) | bool | Whether RBAC resources are created | `true` |
+| [rbac.readSecrets](./values.yaml#L1260) | bool | Whether the Jenkins service account should be able to read Kubernetes secrets | `false` |
 | [renderHelmLabels](./values.yaml#L30) | bool | Enables rendering of the helm.sh/chart label to the annotations | `true` |
-| [serviceAccount.annotations](./values.yaml#L1268) | object | Configures annotations for the ServiceAccount | `{}` |
-| [serviceAccount.create](./values.yaml#L1262) | bool | Configures if a ServiceAccount with this name should be created | `true` |
-| [serviceAccount.extraLabels](./values.yaml#L1270) | object | Configures extra labels for the ServiceAccount | `{}` |
-| [serviceAccount.imagePullSecretName](./values.yaml#L1272) | string | Controller ServiceAccount image pull secret | `nil` |
-| [serviceAccount.name](./values.yaml#L1266) | string |  | `nil` |
-| [serviceAccountAgent.annotations](./values.yaml#L1283) | object | Configures annotations for the agent ServiceAccount | `{}` |
-| [serviceAccountAgent.create](./values.yaml#L1277) | bool | Configures if an agent ServiceAccount should be created | `false` |
-| [serviceAccountAgent.extraLabels](./values.yaml#L1285) | object | Configures extra labels for the agent ServiceAccount | `{}` |
-| [serviceAccountAgent.imagePullSecretName](./values.yaml#L1287) | string | Agent ServiceAccount image pull secret | `nil` |
-| [serviceAccountAgent.name](./values.yaml#L1281) | string | The name of the agent ServiceAccount to be used by access-controlled resources | `nil` |
+| [serviceAccount.annotations](./values.yaml#L1270) | object | Configures annotations for the ServiceAccount | `{}` |
+| [serviceAccount.create](./values.yaml#L1264) | bool | Configures if a ServiceAccount with this name should be created | `true` |
+| [serviceAccount.extraLabels](./values.yaml#L1272) | object | Configures extra labels for the ServiceAccount | `{}` |
+| [serviceAccount.imagePullSecretName](./values.yaml#L1274) | string | Controller ServiceAccount image pull secret | `nil` |
+| [serviceAccount.name](./values.yaml#L1268) | string |  | `nil` |
+| [serviceAccountAgent.annotations](./values.yaml#L1285) | object | Configures annotations for the agent ServiceAccount | `{}` |
+| [serviceAccountAgent.create](./values.yaml#L1279) | bool | Configures if an agent ServiceAccount should be created | `false` |
+| [serviceAccountAgent.extraLabels](./values.yaml#L1287) | object | Configures extra labels for the agent ServiceAccount | `{}` |
+| [serviceAccountAgent.imagePullSecretName](./values.yaml#L1289) | string | Agent ServiceAccount image pull secret | `nil` |
+| [serviceAccountAgent.name](./values.yaml#L1283) | string | The name of the agent ServiceAccount to be used by access-controlled resources | `nil` |
diff --git a/charts/jenkins/templates/_helpers.tpl b/charts/jenkins/templates/_helpers.tpl
@@ -520,6 +520,7 @@ Returns kubernetes pod template configuration as code
     {{- tpl (trim .Values.agent.yamlTemplate) . | nindent 4 }}
 {{- end }}
   yamlMergeStrategy: {{ .Values.agent.yamlMergeStrategy }}
+  inheritYamlMergeStrategy: {{ .Values.agent.inheritYamlMergeStrategy }}
 {{- end -}}
 
 {{- define "jenkins.kubernetes-version" -}}