├── .gitignore
├── README.md
├── basic-jenkins-in-docker
└── README.md
├── configuration-as-code-jenkins-k8s.pdf
├── jcasc
├── Dockerfile
├── README.md
├── advanced
│ ├── README.md
│ ├── demo
│ │ ├── README.md
│ │ ├── jenkins-bootstrap.yaml
│ │ ├── jenkins-extra.yaml
│ │ ├── run-extra.sh
│ │ └── run.sh
│ ├── docker
│ │ ├── Dockerfile
│ │ ├── build.sh
│ │ └── plugins.txt
│ ├── jenkins-bootstrap.yaml
│ ├── jenkins-extra.yaml
│ ├── run-extra.sh
│ └── run.sh
├── build.sh
├── jenkins.yaml
└── plugins.txt
├── jobdsl
├── README.md
├── example-config.xml
├── xml_to_jobdsl_solution.groovy
└── xml_to_jobdsl_template.groovy
├── k8s
├── README.md
├── _helm.sh
├── agent
│ ├── Dockerfile
│ └── build.sh
├── install.sh
├── uninstall.sh
└── values.yaml
└── resources
└── auth.json
/.gitignore:
--------------------------------------------------------------------------------
1 | resources/github_id_rsa*
2 | resources/github_id_ed25519*
3 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Configuration as Code of Jenkins (for Kubernetes)
2 |
3 | Demo resources for the Configuration as Code of Jenkins (for Kubernetes) talk on the 21st of April, for the Jenkins Online Meetup group
4 |
5 | ## Meetup Details
6 |
7 |
8 |
9 | ### Slides
10 |
11 | The slides from the presentation is available in handout format, in `configuration-as-code-jenkins-k8s.pdf` in this repository.
12 |
13 | ### Video
14 |
15 | You can find the recording on YouTube: https://youtu.be/KB7thPsG9VA
16 |
17 | ## Demo Resources
18 |
19 | ### Credentials
20 |
21 | 1. Generate an ssh-keypair called `github_id_rsa`.
22 | 1. Use the public key on your GitHub service account / bot user.
23 | See "Machine Users" on
24 | [Managing Deploy Keys](https://developer.github.com/v3/guides/managing-deploy-keys/#machine-users)
25 | for more information.
26 | 1. Put the private key in the `resources`-folder and use it when runnin the advanced jcasc examples or
27 | creating Jenkins with Helm.
28 |
29 | ### Folders
30 |
31 | #### basic-jenkins-in-docker
32 |
33 | How to run a basic Jenkins in Docker, for doing the JobDSL demo
34 |
35 | #### jcasc
36 |
37 | Files for running our JCasC in Docker
38 |
39 | #### jobdsl
40 |
41 | JobDSL demo files
42 |
43 | #### k8s (UPDATED 2022-04-29)
44 |
45 | Files for running our Jenkins in K8s
46 |
47 | #### resources
48 |
49 | Common configuration-files used by the examples
50 |
51 | ## Compainion Repositories
52 |
53 | JobDSL, Seed Job repository:
54 |
55 |
56 | Example Project repository:
57 |
58 |
--------------------------------------------------------------------------------
/basic-jenkins-in-docker/README.md:
--------------------------------------------------------------------------------
1 | # A Basic Jenkins in Docker
2 |
3 | I didn't install Jenkins on a server but I am running it vanilla,
4 | mounting the `JENKINS_HOME` folder to a Docker volume.
5 |
6 | # Steps
7 |
8 | 1. start a fresh jenkins
9 |
10 | ```bash
11 | docker run -p 8080:8080 -p 50000:50000 -v jenkins_home:/var/jenkins_home jenkins/jenkins:lts
12 | ```
13 |
14 | 1. get the initial password from the logs:
15 |
16 | ```bash
17 | Jenkins initial setup is required. An admin user has been created and a password generated.
18 | Please use the following password to proceed to installation:
19 |
20 | 8aefe53ad4a74d77a2d90cc25d839aec
21 |
22 | This may also be found at: /var/jenkins_home/secrets/initialAdminPassword
23 | ```
24 |
25 | 1. set up jenkins with the recommended plugins and install the "Job DSL" plugin afterwards.
26 |
--------------------------------------------------------------------------------
/configuration-as-code-jenkins-k8s.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/figaw/configuration-as-code-jenkins-k8s/fb2f564556108d2b35235f9182b637d57a3c4a1b/configuration-as-code-jenkins-k8s.pdf
--------------------------------------------------------------------------------
/jcasc/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM jenkins/jenkins:2.222.1
2 | COPY plugins.txt /usr/share/jenkins/ref/plugins.txt
3 | RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt
4 |
5 | COPY jenkins.yaml /var/jenkins_home/casc_configs/
6 | ENV CASC_JENKINS_CONFIG=/var/jenkins_home/casc_configs/jenkins.yaml
7 |
8 | # skip setup wizard, see: https://github.com/jenkinsci/docker/blob/master/README.md#script-usage
9 | RUN echo 2.222.1 > /usr/share/jenkins/ref/jenkins.install.UpgradeWizard.state
10 |
--------------------------------------------------------------------------------
/jcasc/README.md:
--------------------------------------------------------------------------------
1 | # JCasC in Docker
2 |
3 | ## Build
4 |
5 | ```bash
6 | docker build -t figaw/jcasc-basic:2.222.1-1.39 .
7 | ```
8 |
9 | ## Run
10 |
11 | ```bash
12 | docker run -p 8080:8080 figaw/jcasc-basic:2.222.1-1.39
13 | ```
14 |
15 | Congratulations you now have a basic Jenkins configured as code!
16 | Notice the "Configured as Code!" text on the frontpage.
17 |
18 | > NB: To speed up the demos, we've added configuration to the `Dockerfile`,
19 | > to skip the setup wizard of Jenkins.
20 | > An admin user can be configured later under
21 | > `Configure Global Security, Security Realm, Jenkins’ own user database`.
22 |
23 | ## Versions
24 |
25 | Jenkins, `2.222.1` is chosen as the latest LTS version. See:
26 |
27 | Configuration as Code, `1.39` is the latest version today. See:
28 |
29 | ## advanced Folder
30 |
31 | Examples for bootstrapping jobs and using the "config file provider"-plugin
32 |
33 | ## advanced/demo Folder
34 |
35 | When I'm doing the demos I've created a service account / bot user for GitHub,
36 | and added it as a collaborator to the repositories.
37 | It allows me to add a single SSH key to the service account and
38 | checkout with SSH using the same SSH key for multiple repositories.
39 | See "Machine Users" on
40 | [Managing Deploy Keys](https://developer.github.com/v3/guides/managing-deploy-keys/#machine-users)
41 | for more information.
42 |
43 | To let you do it without SSH, the "advanced examples" simply use HTTP;
44 | but here's the code.
45 |
--------------------------------------------------------------------------------
/jcasc/advanced/README.md:
--------------------------------------------------------------------------------
1 | # Advanced Examples
2 |
3 | - `jenkins-bootstrap.yaml`
4 | is used for the bootstrapping,
5 | since we need to authorize for GitHub.
6 |
7 | > NB: Notice the `useScriptSecurity`-attribute.
8 | > It's a workaround so I don't have to allow the specifics of the seed job.
9 | > A better solution would be to ofcourse allow the specific groovy calls.
10 |
11 | 1. Build the Dockerfile in the `docker`-folder using the `build.sh`-script
12 | 1. Use `run.sh` to run this example.
13 | 1. After running the seed job, you can run the `basic` pipeline
14 |
15 | - `jenkins-extra.yaml`
16 | is an example of adding a configuration file,
17 | through the environment.
18 |
19 | 1. Build the Dockerfile in the `docker`-folder using the `build.sh`-script
20 | 1. Use `run-extra.sh` to run this example.
21 | 1. After running the seed job, you can run the `basic` and `auth` pipelines
22 |
23 | > NB: it's the same examples as the demo-examples,
24 | but HTTP is used for the git checkout
25 |
--------------------------------------------------------------------------------
/jcasc/advanced/demo/README.md:
--------------------------------------------------------------------------------
1 | # Demo code
2 |
3 | Provided for completeness.
4 |
5 | > NB: it's the same examples as the advanced-examples,
6 | but SSH is used for the git checkout
7 |
--------------------------------------------------------------------------------
/jcasc/advanced/demo/jenkins-bootstrap.yaml:
--------------------------------------------------------------------------------
1 |
2 | jenkins:
3 | systemMessage: "Configured as Code"
4 |
5 | credentials:
6 | system:
7 | domainCredentials:
8 | - credentials:
9 | - basicSSHUserPrivateKey:
10 | scope: GLOBAL
11 | id: jenkins-github-ssh
12 | username:
13 | passphrase:
14 | description: "SSH key for GitHub"
15 | privateKeySource:
16 | directEntry:
17 | privateKey: ${JENKINS_GITHUB_SSH}
18 |
19 | jobs:
20 | - script: >
21 | job('super-seed') {
22 | scm {
23 | git {
24 | remote {
25 | url ('git@github.com:figaw/configuration-as-code-jenkins-k8s-jobdsl.git')
26 | credentials('jenkins-github-ssh')
27 | }
28 | }
29 | }
30 | steps {
31 | dsl {
32 | external('jobdsl/**/*.groovy')
33 | removeAction('DELETE')
34 | }
35 | }
36 | }
37 |
38 | security:
39 | globaljobdslsecurityconfiguration:
40 | useScriptSecurity: false
41 |
--------------------------------------------------------------------------------
/jcasc/advanced/demo/jenkins-extra.yaml:
--------------------------------------------------------------------------------
1 |
2 | jenkins:
3 | systemMessage: "Configured as Code"
4 |
5 | credentials:
6 | system:
7 | domainCredentials:
8 | - credentials:
9 | - basicSSHUserPrivateKey:
10 | scope: GLOBAL
11 | id: jenkins-github-ssh
12 | username:
13 | passphrase:
14 | description: "SSH key for GitHub"
15 | privateKeySource:
16 | directEntry:
17 | privateKey: ${JENKINS_GITHUB_SSH}
18 |
19 | unclassified:
20 | globalConfigFiles:
21 | configs:
22 | - json:
23 | id: auth-json
24 | name: auth.json
25 | comment: from jcasc
26 | content: ${JENKINS_AUTH_JSON}
27 |
28 | jobs:
29 | - script: >
30 | job('super-seed') {
31 | scm {
32 | git {
33 | remote {
34 | url ('git@github.com:figaw/configuration-as-code-jenkins-k8s-jobdsl.git')
35 | credentials('jenkins-github-ssh')
36 | }
37 | }
38 | }
39 | steps {
40 | dsl {
41 | external('jobdsl/**/*.groovy')
42 | removeAction('DELETE')
43 | }
44 | }
45 | }
46 |
47 | security:
48 | globaljobdslsecurityconfiguration:
49 | useScriptSecurity: false
50 |
--------------------------------------------------------------------------------
/jcasc/advanced/demo/run-extra.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | docker run \
4 | -p 8080:8080 \
5 | -v $PWD/jenkins-extra.yaml:/var/jenkins_home/casc_configs/jenkins.yaml \
6 | -e JENKINS_GITHUB_SSH="$(cat ../../../resources/github_id_rsa)" \
7 | -e JENKINS_AUTH_JSON="$(cat ../../../resources/auth.json)" \
8 | figaw/jcasc-job:2.222.1-1.39
9 |
--------------------------------------------------------------------------------
/jcasc/advanced/demo/run.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | docker run \
4 | -p 8080:8080 \
5 | -v $PWD/jenkins-bootstrap.yaml:/var/jenkins_home/casc_configs/jenkins.yaml \
6 | -e JENKINS_GITHUB_SSH="$(cat ../../../resources/github_id_rsa)" \
7 | figaw/jcasc-job:2.222.1-1.39
8 |
--------------------------------------------------------------------------------
/jcasc/advanced/docker/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM jenkins/jenkins:2.222.1
2 | COPY plugins.txt /usr/share/jenkins/ref/plugins.txt
3 | RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt
4 |
5 | # notice that the jenkins.yml is provided on runtime rather than at docker build
6 |
7 | # skip setup wizard, see: https://github.com/jenkinsci/docker/blob/master/README.md#script-usage
8 | RUN echo 2.222.1 > /usr/share/jenkins/ref/jenkins.install.UpgradeWizard.state
9 |
--------------------------------------------------------------------------------
/jcasc/advanced/docker/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | docker build -t figaw/jcasc-job:2.222.1-1.39 .
4 |
--------------------------------------------------------------------------------
/jcasc/advanced/docker/plugins.txt:
--------------------------------------------------------------------------------
1 | configuration-as-code:1.39
2 |
3 | credentials-binding:1.21
4 | job-dsl:1.77
5 | git:4.2.2
6 | ssh:2.6.1
7 | workflow-aggregator:2.6
8 |
9 | # for "extras"
10 |
11 | config-file-provider:3.6.3
12 |
--------------------------------------------------------------------------------
/jcasc/advanced/jenkins-bootstrap.yaml:
--------------------------------------------------------------------------------
1 |
2 | jenkins:
3 | systemMessage: "Configured as Code"
4 |
5 | credentials:
6 | system:
7 | domainCredentials:
8 | - credentials:
9 | - basicSSHUserPrivateKey:
10 | scope: GLOBAL
11 | id: jenkins-github-ssh
12 | username:
13 | passphrase:
14 | description: "SSH key for GitHub"
15 | privateKeySource:
16 | directEntry:
17 | privateKey: ${JENKINS_GITHUB_SSH}
18 |
19 | jobs:
20 | - script: >
21 | job('super-seed') {
22 | scm {
23 | git {
24 | remote {
25 | url ('https://github.com/figaw/configuration-as-code-jenkins-k8s-jobdsl.git')
26 | credentials('jenkins-github-ssh')
27 | }
28 | }
29 | }
30 | steps {
31 | dsl {
32 | external('jobdsl/**/*.groovy')
33 | removeAction('DELETE')
34 | }
35 | }
36 | }
37 |
38 | security:
39 | globaljobdslsecurityconfiguration:
40 | useScriptSecurity: false
41 |
--------------------------------------------------------------------------------
/jcasc/advanced/jenkins-extra.yaml:
--------------------------------------------------------------------------------
1 |
2 | jenkins:
3 | systemMessage: "Configured as Code"
4 |
5 | credentials:
6 | system:
7 | domainCredentials:
8 | - credentials:
9 | - basicSSHUserPrivateKey:
10 | scope: GLOBAL
11 | id: jenkins-github-ssh
12 | username:
13 | passphrase:
14 | description: "SSH key for GitHub"
15 | privateKeySource:
16 | directEntry:
17 | privateKey: ${JENKINS_GITHUB_SSH}
18 |
19 | unclassified:
20 | globalConfigFiles:
21 | configs:
22 | - json:
23 | id: auth-json
24 | name: auth.json
25 | comment: from jcasc
26 | content: ${JENKINS_AUTH_JSON}
27 |
28 | jobs:
29 | - script: >
30 | job('super-seed') {
31 | scm {
32 | git {
33 | remote {
34 | url ('https://github.com/figaw/configuration-as-code-jenkins-k8s-jobdsl.git')
35 | credentials('jenkins-github-ssh')
36 | }
37 | }
38 | }
39 | steps {
40 | dsl {
41 | external('jobdsl/**/*.groovy')
42 | removeAction('DELETE')
43 | }
44 | }
45 | }
46 |
47 | security:
48 | globaljobdslsecurityconfiguration:
49 | useScriptSecurity: false
50 |
--------------------------------------------------------------------------------
/jcasc/advanced/run-extra.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | docker run \
4 | -p 8080:8080 \
5 | -v $PWD/jenkins-extra.yaml:/var/jenkins_home/casc_configs/jenkins.yaml \
6 | -e JENKINS_GITHUB_SSH="$(cat ../../resources/github_id_rsa)" \
7 | -e JENKINS_AUTH_JSON="$(cat ../../resources/auth.json)" \
8 | figaw/jcasc-job:2.222.1-1.39
9 |
--------------------------------------------------------------------------------
/jcasc/advanced/run.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | docker run \
4 | -p 8080:8080 \
5 | -v $PWD/jenkins-bootstrap.yaml:/var/jenkins_home/casc_configs/jenkins.yaml \
6 | -e JENKINS_GITHUB_SSH="$(cat ../../resources/github_id_rsa)" \
7 | figaw/jcasc-job:2.222.1-1.39
8 |
--------------------------------------------------------------------------------
/jcasc/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | docker build -t figaw/jcasc-basic:2.222.1-1.39 .
4 |
--------------------------------------------------------------------------------
/jcasc/jenkins.yaml:
--------------------------------------------------------------------------------
1 |
2 | jenkins:
3 | systemMessage: "Configured as Code!"
4 |
--------------------------------------------------------------------------------
/jcasc/plugins.txt:
--------------------------------------------------------------------------------
1 | configuration-as-code:1.39
2 |
--------------------------------------------------------------------------------
/jobdsl/README.md:
--------------------------------------------------------------------------------
1 | # Convert Jenkins XML Job to JobDSL
2 |
3 | If you wrap an entire config.xml in a configure block from JobDSL. You can very easily "convert" an oldschool Jenkins Job to JobDSL.
4 |
5 | For a detailed guide, please see:
6 |
7 |
8 | # How to do the demo
9 |
10 | 1. Get the `config.xml` from a job,
11 | or use the provided `example- config.xml` as the example job.
12 | 1. Follow the steps in the `xml_to_jobdsl_template.groovy`.
13 | 1. Seed the job in Jenkins.
14 | 1. Create new Freestyle Job in Jenkins.
15 | 1. Give it a name.
16 | 1. Add a "Process Job DSLs" build step.
17 | 1. Select "Use the provided DSL script."
18 | 1. Paste your edited `.groovy`-file.
19 | 1. Save and Run it.
20 |
21 | Congratulations! A new job has been added to Jenkins
22 | with the name you specified.
23 |
24 |
25 | A `xml_to_jobdsl_solution.groovy`-file is provided for completeness.
26 |
--------------------------------------------------------------------------------
/jobdsl/example-config.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | false
6 |
7 |
8 | true
9 | false
10 | false
11 | false
12 |
13 |
14 | H 2 * * *
15 |
16 |
17 | false
18 |
19 |
20 | echo "hello world"
21 |
22 |
23 |
24 |
25 |
26 |
--------------------------------------------------------------------------------
/jobdsl/xml_to_jobdsl_solution.groovy:
--------------------------------------------------------------------------------
1 | // Provided for completeness
2 |
3 | def jobconfig = """
4 |
5 |
6 |
7 | false
8 |
9 |
10 | true
11 | false
12 | false
13 | false
14 |
15 |
16 | H 2 * * *
17 |
18 |
19 | false
20 |
21 |
22 | echo "hello world"
23 |
24 |
25 |
26 |
27 |
28 |
29 | """
30 |
31 | /*
32 |
33 | 1. Make a copy (X) of the `xml_to_jobdsl_template.groovy` template file.
34 | > NB: A "JobDSL .groovy file" must be named with letters and underscores.
35 | 2. Replace the `XML JOB HERE`-part with the contents of your `config.xml` file.
36 | > Go to the `/config.xml` endpoint in your browser, and use the "view-source"
37 | 3. Copy the contents of the `config.xml` and paste it into X.
38 | 4. Remove ``.
39 | 5. Escape all `\` and `$` with backslashes.
40 | 6. Give the job a name other than `replace-me-jobdsl`. NB: don't use whitespaces.
41 | > Congratulations! You've now converted your job to JobDSL.
42 |
43 | */
44 |
45 | def jobconfignode = new XmlParser().parseText(jobconfig)
46 |
47 | job('solution') {
48 | configure { node ->
49 | // node represents
50 | jobconfignode.each { child ->
51 |
52 | def name = child.name()
53 |
54 | def existingChild = node.get(name)
55 | if(existingChild){
56 | node.remove(existingChild)
57 | }
58 |
59 | node << child
60 | }
61 | }
62 | }
63 |
--------------------------------------------------------------------------------
/jobdsl/xml_to_jobdsl_template.groovy:
--------------------------------------------------------------------------------
1 | def jobconfig = """
2 | XML JOB HERE
3 | """
4 |
5 | /*
6 |
7 | 1. Make a copy (X) of the `xml_to_jobdsl_template.groovy` template file.
8 | > NB: A "JobDSL .groovy file" must be named with letters and underscores.
9 | 2. Replace the `XML JOB HERE`-part with the contents of your `config.xml` file.
10 | > Go to the `/config.xml` endpoint in your browser, and use the "view-source"
11 | 3. Copy the contents of the `config.xml` and paste it into X.
12 | 4. Remove ``.
13 | 5. Escape all `\` and `$` with backslashes.
14 | 6. Give the job a name other than `replace-me-jobdsl`. NB: don't use whitespaces.
15 | > Congratulations! You've now converted your job to JobDSL.
16 |
17 | */
18 |
19 | def jobconfignode = new XmlParser().parseText(jobconfig)
20 |
21 | job('replace-me-jobdsl') {
22 | configure { node ->
23 | // node represents
24 | jobconfignode.each { child ->
25 |
26 | def name = child.name()
27 |
28 | def existingChild = node.get(name)
29 | if(existingChild){
30 | node.remove(existingChild)
31 | }
32 |
33 | node << child
34 | }
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/k8s/README.md:
--------------------------------------------------------------------------------
1 | # JCasC in K8s with Helm3
2 |
3 | ## Prerequisites
4 |
5 | See: https://helm.sh/docs/intro/quickstart/
6 |
7 | 1. Add the stable repo to Helm
8 |
9 | ```bash
10 | helm repo add jenkins https://charts.jenkins.io
11 | ```
12 |
13 | 1. Search for Jenkins
14 |
15 | ```bash
16 | helm search repo jenkins/jenkins
17 | ```
18 |
19 | ## Scripts
20 |
21 | - `_helm.sh`: helper script for helm install
22 | - `install.sh`: creates secrets, installs with helm
23 | - `uninstall.sh`: deletes secrets, uninstalls with helm
24 |
25 | ## Why set on the commandline
26 |
27 | Using `--set` for configuring the secrets,
28 | means I can do it arbitrarily on the commandline,
29 | rather than having to edit in a `values.yaml` file.
30 |
31 | You could also have different `values-a.yaml`, `values-b.yaml`-files.
32 | Now you know how to do, and can choose the right way
33 | when you need it.
34 |
--------------------------------------------------------------------------------
/k8s/_helm.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | helm upgrade --install jenkins jenkins/jenkins --values ./values.yaml \
4 | --set controller.containerEnv[0].name="JENKINS_GITHUB_SSH" \
5 | --set controller.containerEnv[0].valueFrom.secretKeyRef.name="jenkins-github-ssh" \
6 | --set controller.containerEnv[0].valueFrom.secretKeyRef.key="github_id_ed25519" \
7 | --set controller.containerEnv[1].name="JENKINS_AUTH_JSON" \
8 | --set controller.containerEnv[1].valueFrom.secretKeyRef.name="jenkins-auth-json" \
9 | --set controller.containerEnv[1].valueFrom.secretKeyRef.key="auth.json"
10 |
--------------------------------------------------------------------------------
/k8s/agent/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM alpine:latest as APT_KEY
2 |
3 | RUN apk update && apk add curl
4 |
5 | RUN curl https://packages.cloud.google.com/apt/doc/apt-key.gpg > /tmp/apt-key.gpg
6 |
7 | FROM jenkins/inbound-agent:4.10-3
8 |
9 | # Using the Google Cloud SDK from Shell in some jobs
10 | ## Must install as root
11 | USER root
12 |
13 | RUN apt-get update && apt-get install -y \
14 | gnupg \
15 | && rm -rf /var/lib/apt/lists/*
16 |
17 | # Google Cloud SDK Installing with apt-get (Debian and Ubuntu only), translated to Dockerfile
18 | # See: https://cloud.google.com/sdk/docs/downloads-apt-get
19 | RUN echo "deb https://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
20 | COPY --from=APT_KEY /tmp/apt-key.gpg /tmp/apt-key.gpg
21 | RUN cat /tmp/apt-key.gpg | apt-key add -
22 | RUN apt-get update && apt-get install -y \
23 | google-cloud-sdk \
24 | && rm -rf /var/lib/apt/lists/*
25 |
26 | RUN gcloud version
27 |
28 | ## Descalate privileges after installs
29 | USER jenkins
30 |
--------------------------------------------------------------------------------
/k8s/agent/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | docker build -t figaw/jenkins-inbound-agent-gcloud:4.10-3 -f Dockerfile .
4 |
--------------------------------------------------------------------------------
/k8s/install.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | kubectl create secret generic jenkins-github-ssh --from-file=../resources/github_id_ed25519
4 | kubectl create secret generic jenkins-auth-json --from-file=../resources/auth.json
5 |
6 | ./_helm.sh
7 |
--------------------------------------------------------------------------------
/k8s/uninstall.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | kubectl delete secret jenkins-github-ssh
4 | kubectl delete secret jenkins-auth-json
5 |
6 | helm uninstall jenkins
7 |
--------------------------------------------------------------------------------
/k8s/values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | installPlugins:
3 | - configuration-as-code:1414.v878271fc496f
4 | - credentials-binding:1.27.1
5 | - branch-api:2.1044.v2c007e51b_87f
6 | - config-file-provider:3.9.0
7 | - ssh:2.6.1
8 | - envinject:2.4.0
9 | - environment-script:1.2.6
10 | - jobConfigHistory:2.30
11 | - rebuild:1.33.1
12 | - git:4.11.1
13 | - timestamper:1.17
14 | - job-dsl:1.79
15 | - workflow-aggregator:2.6
16 | - kubernetes:1.31.3
17 | - bouncycastle-api:2.26
18 |
19 | tag: 2.332.2
20 |
21 | JCasC:
22 | enabled: true
23 | configScripts:
24 | base-config: |
25 | jenkins:
26 | systemMessage: "Configured as Code"
27 |
28 | credentials:
29 | system:
30 | domainCredentials:
31 | - credentials:
32 | - basicSSHUserPrivateKey:
33 | scope: GLOBAL
34 | id: jenkins-github-ssh
35 | username:
36 | passphrase:
37 | description: "SSH key for GitHub"
38 | privateKeySource:
39 | directEntry:
40 | privateKey: ${JENKINS_GITHUB_SSH}
41 |
42 | unclassified:
43 | globalConfigFiles:
44 | configs:
45 | - json:
46 | id: auth-json
47 | name: auth.json
48 | comment: from jcasc
49 | content: ${JENKINS_AUTH_JSON}
50 |
51 | jobs:
52 | - script: >
53 | job('super-seed') {
54 | triggers {
55 | // This trigger will be overwritten, it's just here to auto-trigger _one_ build.
56 | cron('H/2 * * * *')
57 | }
58 | scm {
59 | git {
60 | remote {
61 | url ('git@github.com:figaw/configuration-as-code-jenkins-k8s-jobdsl.git')
62 | credentials('jenkins-github-ssh')
63 | }
64 | }
65 | }
66 | steps {
67 | dsl {
68 | external('jobdsl/**/*.groovy')
69 | removeAction('DELETE')
70 | }
71 | }
72 | }
73 |
74 | security:
75 | globaljobdslsecurityconfiguration:
76 | useScriptSecurity: false
77 |
78 | agent:
79 | image: figaw/jenkins-inbound-agent-gcloud
80 | tag: 4.10-3
81 |
--------------------------------------------------------------------------------
/resources/auth.json:
--------------------------------------------------------------------------------
1 | {
2 | "secret": "I'm a password file!"
3 | }
4 |
--------------------------------------------------------------------------------