| Giorgi Lekveishvili | 3598266 | 2024-04-05 13:05:40 +0400 | [diff] [blame^] | 1 | {{/* vim: set filetype=mustache: */}} |
| 2 | {{/* |
| 3 | Expand the name of the chart. |
| 4 | */}} |
| 5 | {{- define "jenkins.name" -}} |
| 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} |
| 7 | {{- end -}} |
| 8 | |
| 9 | {{/* |
| 10 | Expand the label of the chart. |
| 11 | */}} |
| 12 | {{- define "jenkins.label" -}} |
| 13 | {{- printf "%s-%s" (include "jenkins.name" .) .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} |
| 14 | {{- end -}} |
| 15 | |
| 16 | |
| 17 | {{/* |
| 18 | Allow the release namespace to be overridden for multi-namespace deployments in combined charts. |
| 19 | */}} |
| 20 | {{- define "jenkins.namespace" -}} |
| 21 | {{- if .Values.namespaceOverride -}} |
| 22 | {{- .Values.namespaceOverride -}} |
| 23 | {{- else -}} |
| 24 | {{- .Release.Namespace -}} |
| 25 | {{- end -}} |
| 26 | {{- end -}} |
| 27 | |
| 28 | {{- define "jenkins.agent.namespace" -}} |
| 29 | {{- if .Values.agent.namespace -}} |
| 30 | {{- tpl .Values.agent.namespace . -}} |
| 31 | {{- else -}} |
| 32 | {{- if .Values.namespaceOverride -}} |
| 33 | {{- .Values.namespaceOverride -}} |
| 34 | {{- else -}} |
| 35 | {{- .Release.Namespace -}} |
| 36 | {{- end -}} |
| 37 | {{- end -}} |
| 38 | {{- end -}} |
| 39 | |
| 40 | |
| 41 | {{/* |
| 42 | Create a default fully qualified app name. |
| 43 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). |
| 44 | If release name contains chart name it will be used as a full name. |
| 45 | */}} |
| 46 | {{- define "jenkins.fullname" -}} |
| 47 | {{- if .Values.fullnameOverride -}} |
| 48 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} |
| 49 | {{- else -}} |
| 50 | {{- $name := default .Chart.Name .Values.nameOverride -}} |
| 51 | {{- if contains $name .Release.Name -}} |
| 52 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} |
| 53 | {{- else -}} |
| 54 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} |
| 55 | {{- end -}} |
| 56 | {{- end -}} |
| 57 | {{- end -}} |
| 58 | |
| 59 | {{/* |
| 60 | Returns the admin password |
| 61 | https://github.com/helm/charts/issues/5167#issuecomment-619137759 |
| 62 | */}} |
| 63 | {{- define "jenkins.password" -}} |
| 64 | {{- if .Values.controller.admin.password -}} |
| 65 | {{- .Values.controller.admin.password | b64enc | quote }} |
| 66 | {{- else -}} |
| 67 | {{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "jenkins.fullname" .)).data -}} |
| 68 | {{- if $secret -}} |
| 69 | {{/* |
| 70 | Reusing current password since secret exists |
| 71 | */}} |
| 72 | {{- index $secret ( .Values.controller.admin.passwordKey | default "jenkins-admin-password" ) -}} |
| 73 | {{- else -}} |
| 74 | {{/* |
| 75 | Generate new password |
| 76 | */}} |
| 77 | {{- randAlphaNum 22 | b64enc | quote }} |
| 78 | {{- end -}} |
| 79 | {{- end -}} |
| 80 | {{- end -}} |
| 81 | |
| 82 | {{/* |
| 83 | Returns the Jenkins URL |
| 84 | */}} |
| 85 | {{- define "jenkins.url" -}} |
| 86 | {{- if .Values.controller.jenkinsUrl }} |
| 87 | {{- .Values.controller.jenkinsUrl }} |
| 88 | {{- else }} |
| 89 | {{- if .Values.controller.ingress.hostName }} |
| 90 | {{- if .Values.controller.ingress.tls }} |
| 91 | {{- default "https" .Values.controller.jenkinsUrlProtocol }}://{{ tpl .Values.controller.ingress.hostName $ }}{{ default "" .Values.controller.jenkinsUriPrefix }} |
| 92 | {{- else }} |
| 93 | {{- default "http" .Values.controller.jenkinsUrlProtocol }}://{{ tpl .Values.controller.ingress.hostName $ }}{{ default "" .Values.controller.jenkinsUriPrefix }} |
| 94 | {{- end }} |
| 95 | {{- else }} |
| 96 | {{- default "http" .Values.controller.jenkinsUrlProtocol }}://{{ template "jenkins.fullname" . }}:{{.Values.controller.servicePort}}{{ default "" .Values.controller.jenkinsUriPrefix }} |
| 97 | {{- end}} |
| 98 | {{- end}} |
| 99 | {{- end -}} |
| 100 | |
| 101 | {{/* |
| 102 | Returns configuration as code default config |
| 103 | */}} |
| 104 | {{- define "jenkins.casc.defaults" -}} |
| 105 | jenkins: |
| 106 | {{- $configScripts := toYaml .Values.controller.JCasC.configScripts }} |
| 107 | {{- if and (.Values.controller.JCasC.authorizationStrategy) (not (contains "authorizationStrategy:" $configScripts)) }} |
| 108 | authorizationStrategy: |
| 109 | {{- tpl .Values.controller.JCasC.authorizationStrategy . | nindent 4 }} |
| 110 | {{- end }} |
| 111 | {{- if and (.Values.controller.JCasC.securityRealm) (not (contains "securityRealm:" $configScripts)) }} |
| 112 | securityRealm: |
| 113 | {{- tpl .Values.controller.JCasC.securityRealm . | nindent 4 }} |
| 114 | {{- end }} |
| 115 | disableRememberMe: {{ .Values.controller.disableRememberMe }} |
| 116 | {{- if .Values.controller.legacyRemotingSecurityEnabled }} |
| 117 | remotingSecurity: |
| 118 | enabled: true |
| 119 | {{- end }} |
| 120 | mode: {{ .Values.controller.executorMode }} |
| 121 | numExecutors: {{ .Values.controller.numExecutors }} |
| 122 | {{- if not (kindIs "invalid" .Values.controller.customJenkinsLabels) }} |
| 123 | labelString: "{{ join " " .Values.controller.customJenkinsLabels }}" |
| 124 | {{- end }} |
| 125 | {{- if .Values.controller.projectNamingStrategy }} |
| 126 | {{- if kindIs "string" .Values.controller.projectNamingStrategy }} |
| 127 | projectNamingStrategy: "{{ .Values.controller.projectNamingStrategy }}" |
| 128 | {{- else }} |
| 129 | projectNamingStrategy: |
| 130 | {{- toYaml .Values.controller.projectNamingStrategy | nindent 4 }} |
| 131 | {{- end }} |
| 132 | {{- end }} |
| 133 | markupFormatter: |
| 134 | {{- if .Values.controller.enableRawHtmlMarkupFormatter }} |
| 135 | rawHtml: |
| 136 | disableSyntaxHighlighting: true |
| 137 | {{- else }} |
| 138 | {{- toYaml .Values.controller.markupFormatter | nindent 4 }} |
| 139 | {{- end }} |
| 140 | clouds: |
| 141 | - kubernetes: |
| 142 | containerCapStr: "{{ .Values.agent.containerCap }}" |
| 143 | {{- if .Values.agent.jnlpregistry }} |
| 144 | jnlpregistry: "{{ .Values.agent.jnlpregistry }}" |
| 145 | {{- end }} |
| 146 | defaultsProviderTemplate: "{{ .Values.agent.defaultsProviderTemplate }}" |
| 147 | connectTimeout: "{{ .Values.agent.kubernetesConnectTimeout }}" |
| 148 | readTimeout: "{{ .Values.agent.kubernetesReadTimeout }}" |
| 149 | {{- if .Values.agent.directConnection }} |
| 150 | directConnection: true |
| 151 | {{- else }} |
| 152 | {{- if .Values.agent.jenkinsUrl }} |
| 153 | jenkinsUrl: "{{ tpl .Values.agent.jenkinsUrl . }}" |
| 154 | {{- else }} |
| 155 | jenkinsUrl: "http://{{ template "jenkins.fullname" . }}.{{ template "jenkins.namespace" . }}.svc.{{.Values.clusterZone}}:{{.Values.controller.servicePort}}{{ default "" .Values.controller.jenkinsUriPrefix }}" |
| 156 | {{- end }} |
| 157 | {{- if not .Values.agent.websocket }} |
| 158 | {{- if .Values.agent.jenkinsTunnel }} |
| 159 | jenkinsTunnel: "{{ tpl .Values.agent.jenkinsTunnel . }}" |
| 160 | {{- else }} |
| 161 | jenkinsTunnel: "{{ template "jenkins.fullname" . }}-agent.{{ template "jenkins.namespace" . }}.svc.{{.Values.clusterZone}}:{{ .Values.controller.agentListenerPort }}" |
| 162 | {{- end }} |
| 163 | {{- else }} |
| 164 | webSocket: true |
| 165 | {{- end }} |
| 166 | {{- end }} |
| 167 | maxRequestsPerHostStr: {{ .Values.agent.maxRequestsPerHostStr | quote }} |
| 168 | retentionTimeout: {{ .Values.agent.retentionTimeout | quote }} |
| 169 | waitForPodSec: {{ .Values.agent.waitForPodSec | quote }} |
| 170 | name: "{{ .Values.controller.cloudName }}" |
| 171 | namespace: "{{ template "jenkins.agent.namespace" . }}" |
| 172 | restrictedPssSecurityContext: {{ .Values.agent.restrictedPssSecurityContext }} |
| 173 | serverUrl: "{{ .Values.kubernetesURL }}" |
| 174 | credentialsId: "{{ .Values.credentialsId }}" |
| 175 | {{- if .Values.agent.enabled }} |
| 176 | podLabels: |
| 177 | - key: "jenkins/{{ .Release.Name }}-{{ .Values.agent.componentName }}" |
| 178 | value: "true" |
| 179 | {{- range $key, $val := .Values.agent.podLabels }} |
| 180 | - key: {{ $key | quote }} |
| 181 | value: {{ $val | quote }} |
| 182 | {{- end }} |
| 183 | templates: |
| 184 | {{- if not .Values.agent.disableDefaultAgent }} |
| 185 | {{- include "jenkins.casc.podTemplate" . | nindent 8 }} |
| 186 | {{- end }} |
| 187 | {{- if .Values.additionalAgents }} |
| 188 | {{- /* save .Values.agent */}} |
| 189 | {{- $agent := .Values.agent }} |
| 190 | {{- range $name, $additionalAgent := .Values.additionalAgents }} |
| 191 | {{- $additionalContainersEmpty := and (hasKey $additionalAgent "additionalContainers") (empty $additionalAgent.additionalContainers) }} |
| 192 | {{- /* merge original .Values.agent into additional agent to ensure it at least has the default values */}} |
| 193 | {{- $additionalAgent := merge $additionalAgent $agent }} |
| 194 | {{- /* clear list of additional containers in case it is configured empty for this agent (merge might have overwritten that) */}} |
| 195 | {{- if $additionalContainersEmpty }} |
| 196 | {{- $_ := set $additionalAgent "additionalContainers" list }} |
| 197 | {{- end }} |
| 198 | {{- /* set .Values.agent to $additionalAgent */}} |
| 199 | {{- $_ := set $.Values "agent" $additionalAgent }} |
| 200 | {{- include "jenkins.casc.podTemplate" $ | nindent 8 }} |
| 201 | {{- end }} |
| 202 | {{- /* restore .Values.agent */}} |
| 203 | {{- $_ := set .Values "agent" $agent }} |
| 204 | {{- end }} |
| 205 | {{- if .Values.agent.podTemplates }} |
| 206 | {{- range $key, $val := .Values.agent.podTemplates }} |
| 207 | {{- tpl $val $ | nindent 8 }} |
| 208 | {{- end }} |
| 209 | {{- end }} |
| 210 | {{- end }} |
| 211 | {{- if .Values.additionalClouds }} |
| 212 | {{- /* save root */}} |
| 213 | {{- $oldRoot := deepCopy $ }} |
| 214 | {{- range $name, $additionalCloud := .Values.additionalClouds }} |
| 215 | {{- $newRoot := deepCopy $ }} |
| 216 | {{- /* clear additionalAgents from the copy if override set to `true` */}} |
| 217 | {{- if .additionalAgentsOverride }} |
| 218 | {{- $_ := set $newRoot.Values "additionalAgents" list}} |
| 219 | {{- end}} |
| 220 | {{- $newValues := merge $additionalCloud $newRoot.Values }} |
| 221 | {{- $_ := set $newRoot "Values" $newValues }} |
| 222 | {{- /* clear additionalClouds from the copy */}} |
| 223 | {{- $_ := set $newRoot.Values "additionalClouds" list }} |
| 224 | {{- with $newRoot}} |
| 225 | - kubernetes: |
| 226 | containerCapStr: "{{ .Values.agent.containerCap }}" |
| 227 | {{- if .Values.agent.jnlpregistry }} |
| 228 | jnlpregistry: "{{ .Values.agent.jnlpregistry }}" |
| 229 | {{- end }} |
| 230 | defaultsProviderTemplate: "{{ .Values.agent.defaultsProviderTemplate }}" |
| 231 | connectTimeout: "{{ .Values.agent.kubernetesConnectTimeout }}" |
| 232 | readTimeout: "{{ .Values.agent.kubernetesReadTimeout }}" |
| 233 | {{- if .Values.agent.directConnection }} |
| 234 | directConnection: true |
| 235 | {{- else }} |
| 236 | {{- if .Values.agent.jenkinsUrl }} |
| 237 | jenkinsUrl: "{{ tpl .Values.agent.jenkinsUrl . }}" |
| 238 | {{- else }} |
| 239 | jenkinsUrl: "http://{{ template "jenkins.fullname" . }}.{{ template "jenkins.namespace" . }}.svc.{{.Values.clusterZone}}:{{.Values.controller.servicePort}}{{ default "" .Values.controller.jenkinsUriPrefix }}" |
| 240 | {{- end }} |
| 241 | {{- if not .Values.agent.websocket }} |
| 242 | {{- if .Values.agent.jenkinsTunnel }} |
| 243 | jenkinsTunnel: "{{ tpl .Values.agent.jenkinsTunnel . }}" |
| 244 | {{- else }} |
| 245 | jenkinsTunnel: "{{ template "jenkins.fullname" . }}-agent.{{ template "jenkins.namespace" . }}.svc.{{.Values.clusterZone}}:{{ .Values.controller.agentListenerPort }}" |
| 246 | {{- end }} |
| 247 | {{- else }} |
| 248 | webSocket: true |
| 249 | {{- end }} |
| 250 | {{- end }} |
| 251 | maxRequestsPerHostStr: {{ .Values.agent.maxRequestsPerHostStr | quote }} |
| 252 | retentionTimeout: {{ .Values.agent.retentionTimeout | quote }} |
| 253 | waitForPodSec: {{ .Values.agent.waitForPodSec | quote }} |
| 254 | name: {{ $name | quote }} |
| 255 | namespace: "{{ template "jenkins.agent.namespace" . }}" |
| 256 | restrictedPssSecurityContext: {{ .Values.agent.restrictedPssSecurityContext }} |
| 257 | serverUrl: "{{ .Values.kubernetesURL }}" |
| 258 | credentialsId: "{{ .Values.credentialsId }}" |
| 259 | {{- if .Values.agent.enabled }} |
| 260 | podLabels: |
| 261 | - key: "jenkins/{{ .Release.Name }}-{{ .Values.agent.componentName }}" |
| 262 | value: "true" |
| 263 | {{- range $key, $val := .Values.agent.podLabels }} |
| 264 | - key: {{ $key | quote }} |
| 265 | value: {{ $val | quote }} |
| 266 | {{- end }} |
| 267 | templates: |
| 268 | {{- if not .Values.agent.disableDefaultAgent }} |
| 269 | {{- include "jenkins.casc.podTemplate" . | nindent 8 }} |
| 270 | {{- end }} |
| 271 | {{- if .Values.additionalAgents }} |
| 272 | {{- /* save .Values.agent */}} |
| 273 | {{- $agent := .Values.agent }} |
| 274 | {{- range $name, $additionalAgent := .Values.additionalAgents }} |
| 275 | {{- $additionalContainersEmpty := and (hasKey $additionalAgent "additionalContainers") (empty $additionalAgent.additionalContainers) }} |
| 276 | {{- /* merge original .Values.agent into additional agent to ensure it at least has the default values */}} |
| 277 | {{- $additionalAgent := merge $additionalAgent $agent }} |
| 278 | {{- /* clear list of additional containers in case it is configured empty for this agent (merge might have overwritten that) */}} |
| 279 | {{- if $additionalContainersEmpty }} |
| 280 | {{- $_ := set $additionalAgent "additionalContainers" list }} |
| 281 | {{- end }} |
| 282 | {{- /* set .Values.agent to $additionalAgent */}} |
| 283 | {{- $_ := set $.Values "agent" $additionalAgent }} |
| 284 | {{- include "jenkins.casc.podTemplate" $ | nindent 8 }} |
| 285 | {{- end }} |
| 286 | {{- /* restore .Values.agent */}} |
| 287 | {{- $_ := set .Values "agent" $agent }} |
| 288 | {{- end }} |
| 289 | {{- with .Values.agent.podTemplates }} |
| 290 | {{- range $key, $val := . }} |
| 291 | {{- tpl $val $ | nindent 8 }} |
| 292 | {{- end }} |
| 293 | {{- end }} |
| 294 | {{- end }} |
| 295 | {{- end }} |
| 296 | {{- end }} |
| 297 | {{- /* restore root */}} |
| 298 | {{- $_ := set $ "Values" $oldRoot.Values }} |
| 299 | {{- end }} |
| 300 | {{- if .Values.controller.csrf.defaultCrumbIssuer.enabled }} |
| 301 | crumbIssuer: |
| 302 | standard: |
| 303 | excludeClientIPFromCrumb: {{ if .Values.controller.csrf.defaultCrumbIssuer.proxyCompatability }}true{{ else }}false{{- end }} |
| 304 | {{- end }} |
| 305 | {{- include "jenkins.casc.security" . }} |
| 306 | {{- with .Values.controller.scriptApproval }} |
| 307 | scriptApproval: |
| 308 | approvedSignatures: |
| 309 | {{- range $key, $val := . }} |
| 310 | - "{{ $val }}" |
| 311 | {{- end }} |
| 312 | {{- end }} |
| 313 | unclassified: |
| 314 | location: |
| 315 | {{- with .Values.controller.jenkinsAdminEmail }} |
| 316 | adminAddress: {{ . }} |
| 317 | {{- end }} |
| 318 | url: {{ template "jenkins.url" . }} |
| 319 | {{- end -}} |
| 320 | |
| 321 | {{/* |
| 322 | Returns a name template to be used for jcasc configmaps, using |
| 323 | suffix passed in at call as index 0 |
| 324 | */}} |
| 325 | {{- define "jenkins.casc.configName" -}} |
| 326 | {{- $name := index . 0 -}} |
| 327 | {{- $root := index . 1 -}} |
| 328 | "{{- include "jenkins.fullname" $root -}}-jenkins-{{ $name }}" |
| 329 | {{- end -}} |
| 330 | |
| 331 | {{/* |
| 332 | Returns kubernetes pod template configuration as code |
| 333 | */}} |
| 334 | {{- define "jenkins.casc.podTemplate" -}} |
| 335 | - name: "{{ .Values.agent.podName }}" |
| 336 | namespace: "{{ template "jenkins.agent.namespace" . }}" |
| 337 | {{- if .Values.agent.annotations }} |
| 338 | annotations: |
| 339 | {{- range $key, $value := .Values.agent.annotations }} |
| 340 | - key: {{ $key }} |
| 341 | value: {{ $value | quote }} |
| 342 | {{- end }} |
| 343 | {{- end }} |
| 344 | id: {{ sha256sum (toYaml .Values.agent) }} |
| 345 | containers: |
| 346 | - name: "{{ .Values.agent.sideContainerName }}" |
| 347 | alwaysPullImage: {{ .Values.agent.alwaysPullImage }} |
| 348 | args: "{{ .Values.agent.args | replace "$" "^$" }}" |
| 349 | {{- with .Values.agent.command }} |
| 350 | command: {{ . }} |
| 351 | {{- end }} |
| 352 | envVars: |
| 353 | - envVar: |
| 354 | {{- if .Values.agent.directConnection }} |
| 355 | key: "JENKINS_DIRECT_CONNECTION" |
| 356 | {{- if .Values.agent.jenkinsTunnel }} |
| 357 | value: "{{ tpl .Values.agent.jenkinsTunnel . }}" |
| 358 | {{- else }} |
| 359 | value: "{{ template "jenkins.fullname" . }}-agent.{{ template "jenkins.namespace" . }}.svc.{{.Values.clusterZone}}:{{ .Values.controller.agentListenerPort }}" |
| 360 | {{- end }} |
| 361 | {{- else }} |
| 362 | key: "JENKINS_URL" |
| 363 | {{- if .Values.agent.jenkinsUrl }} |
| 364 | value: {{ tpl .Values.agent.jenkinsUrl . }} |
| 365 | {{- else }} |
| 366 | value: "http://{{ template "jenkins.fullname" . }}.{{ template "jenkins.namespace" . }}.svc.{{.Values.clusterZone}}:{{.Values.controller.servicePort}}{{ default "/" .Values.controller.jenkinsUriPrefix }}" |
| 367 | {{- end }} |
| 368 | {{- end }} |
| 369 | image: "{{ .Values.agent.image.repository }}:{{ .Values.agent.image.tag }}" |
| 370 | {{- if .Values.agent.livenessProbe }} |
| 371 | livenessProbe: |
| 372 | execArgs: {{.Values.agent.livenessProbe.execArgs | quote}} |
| 373 | failureThreshold: {{.Values.agent.livenessProbe.failureThreshold}} |
| 374 | initialDelaySeconds: {{.Values.agent.livenessProbe.initialDelaySeconds}} |
| 375 | periodSeconds: {{.Values.agent.livenessProbe.periodSeconds}} |
| 376 | successThreshold: {{.Values.agent.livenessProbe.successThreshold}} |
| 377 | timeoutSeconds: {{.Values.agent.livenessProbe.timeoutSeconds}} |
| 378 | {{- end }} |
| 379 | privileged: "{{- if .Values.agent.privileged }}true{{- else }}false{{- end }}" |
| 380 | resourceLimitCpu: {{.Values.agent.resources.limits.cpu}} |
| 381 | resourceLimitMemory: {{.Values.agent.resources.limits.memory}} |
| 382 | {{- with .Values.agent.resources.limits.ephemeralStorage }} |
| 383 | resourceLimitEphemeralStorage: {{.}} |
| 384 | {{- end }} |
| 385 | resourceRequestCpu: {{.Values.agent.resources.requests.cpu}} |
| 386 | resourceRequestMemory: {{.Values.agent.resources.requests.memory}} |
| 387 | {{- with .Values.agent.resources.requests.ephemeralStorage }} |
| 388 | resourceRequestEphemeralStorage: {{.}} |
| 389 | {{- end }} |
| 390 | {{- with .Values.agent.runAsUser }} |
| 391 | runAsUser: {{ . }} |
| 392 | {{- end }} |
| 393 | {{- with .Values.agent.runAsGroup }} |
| 394 | runAsGroup: {{ . }} |
| 395 | {{- end }} |
| 396 | ttyEnabled: {{ .Values.agent.TTYEnabled }} |
| 397 | workingDir: {{ .Values.agent.workingDir }} |
| 398 | {{- range $additionalContainers := .Values.agent.additionalContainers }} |
| 399 | - name: "{{ $additionalContainers.sideContainerName }}" |
| 400 | alwaysPullImage: {{ $additionalContainers.alwaysPullImage | default $.Values.agent.alwaysPullImage }} |
| 401 | args: "{{ $additionalContainers.args | replace "$" "^$" }}" |
| 402 | {{- with $additionalContainers.command }} |
| 403 | command: {{ . }} |
| 404 | {{- end }} |
| 405 | envVars: |
| 406 | - envVar: |
| 407 | key: "JENKINS_URL" |
| 408 | {{- if $additionalContainers.jenkinsUrl }} |
| 409 | value: {{ tpl ($additionalContainers.jenkinsUrl) . }} |
| 410 | {{- else }} |
| 411 | value: "http://{{ template "jenkins.fullname" $ }}.{{ template "jenkins.namespace" $ }}.svc.{{ $.Values.clusterZone }}:{{ $.Values.controller.servicePort }}{{ default "/" $.Values.controller.jenkinsUriPrefix }}" |
| 412 | {{- end }} |
| 413 | image: "{{ $additionalContainers.image.repository }}:{{ $additionalContainers.image.tag }}" |
| 414 | {{- if $additionalContainers.livenessProbe }} |
| 415 | livenessProbe: |
| 416 | execArgs: {{$additionalContainers.livenessProbe.execArgs | quote}} |
| 417 | failureThreshold: {{$additionalContainers.livenessProbe.failureThreshold}} |
| 418 | initialDelaySeconds: {{$additionalContainers.livenessProbe.initialDelaySeconds}} |
| 419 | periodSeconds: {{$additionalContainers.livenessProbe.periodSeconds}} |
| 420 | successThreshold: {{$additionalContainers.livenessProbe.successThreshold}} |
| 421 | timeoutSeconds: {{$additionalContainers.livenessProbe.timeoutSeconds}} |
| 422 | {{- end }} |
| 423 | privileged: "{{- if $additionalContainers.privileged }}true{{- else }}false{{- end }}" |
| 424 | resourceLimitCpu: {{ if $additionalContainers.resources }}{{ $additionalContainers.resources.limits.cpu }}{{ else }}{{ $.Values.agent.resources.limits.cpu }}{{ end }} |
| 425 | resourceLimitMemory: {{ if $additionalContainers.resources }}{{ $additionalContainers.resources.limits.memory }}{{ else }}{{ $.Values.agent.resources.limits.memory }}{{ end }} |
| 426 | resourceRequestCpu: {{ if $additionalContainers.resources }}{{ $additionalContainers.resources.requests.cpu }}{{ else }}{{ $.Values.agent.resources.requests.cpu }}{{ end }} |
| 427 | resourceRequestMemory: {{ if $additionalContainers.resources }}{{ $additionalContainers.resources.requests.memory }}{{ else }}{{ $.Values.agent.resources.requests.memory }}{{ end }} |
| 428 | {{- if or $additionalContainers.runAsUser $.Values.agent.runAsUser }} |
| 429 | runAsUser: {{ $additionalContainers.runAsUser | default $.Values.agent.runAsUser }} |
| 430 | {{- end }} |
| 431 | {{- if or $additionalContainers.runAsGroup $.Values.agent.runAsGroup }} |
| 432 | runAsGroup: {{ $additionalContainers.runAsGroup | default $.Values.agent.runAsGroup }} |
| 433 | {{- end }} |
| 434 | ttyEnabled: {{ $additionalContainers.TTYEnabled | default $.Values.agent.TTYEnabled }} |
| 435 | workingDir: {{ $additionalContainers.workingDir | default $.Values.agent.workingDir }} |
| 436 | {{- end }} |
| 437 | {{- if or .Values.agent.envVars .Values.agent.secretEnvVars }} |
| 438 | envVars: |
| 439 | {{- range $index, $var := .Values.agent.envVars }} |
| 440 | - envVar: |
| 441 | key: {{ $var.name }} |
| 442 | value: {{ tpl $var.value $ }} |
| 443 | {{- end }} |
| 444 | {{- range $index, $var := .Values.agent.secretEnvVars }} |
| 445 | - secretEnvVar: |
| 446 | key: {{ $var.key }} |
| 447 | secretName: {{ $var.secretName }} |
| 448 | secretKey: {{ $var.secretKey }} |
| 449 | optional: {{ $var.optional | default false }} |
| 450 | {{- end }} |
| 451 | {{- end }} |
| 452 | idleMinutes: {{ .Values.agent.idleMinutes }} |
| 453 | instanceCap: 2147483647 |
| 454 | {{- if .Values.agent.hostNetworking }} |
| 455 | hostNetwork: {{ .Values.agent.hostNetworking }} |
| 456 | {{- end }} |
| 457 | {{- if .Values.agent.imagePullSecretName }} |
| 458 | imagePullSecrets: |
| 459 | - name: {{ .Values.agent.imagePullSecretName }} |
| 460 | {{- end }} |
| 461 | label: "{{ .Release.Name }}-{{ .Values.agent.componentName }} {{ .Values.agent.customJenkinsLabels | join " " }}" |
| 462 | {{- if .Values.agent.nodeSelector }} |
| 463 | nodeSelector: |
| 464 | {{- $local := dict "first" true }} |
| 465 | {{- range $key, $value := .Values.agent.nodeSelector }} |
| 466 | {{- if $local.first }} {{ else }},{{ end }} |
| 467 | {{- $key }}={{ tpl $value $ }} |
| 468 | {{- $_ := set $local "first" false }} |
| 469 | {{- end }} |
| 470 | {{- end }} |
| 471 | nodeUsageMode: {{ quote .Values.agent.nodeUsageMode }} |
| 472 | podRetention: {{ .Values.agent.podRetention }} |
| 473 | showRawYaml: {{ .Values.agent.showRawYaml }} |
| 474 | serviceAccount: "{{ include "jenkins.serviceAccountAgentName" . }}" |
| 475 | slaveConnectTimeoutStr: "{{ .Values.agent.connectTimeout }}" |
| 476 | {{- if .Values.agent.volumes }} |
| 477 | volumes: |
| 478 | {{- range $index, $volume := .Values.agent.volumes }} |
| 479 | -{{- if (eq $volume.type "ConfigMap") }} configMapVolume: |
| 480 | {{- else if (eq $volume.type "EmptyDir") }} emptyDirVolume: |
| 481 | {{- else if (eq $volume.type "EphemeralVolume") }} genericEphemeralVolume: |
| 482 | {{- else if (eq $volume.type "HostPath") }} hostPathVolume: |
| 483 | {{- else if (eq $volume.type "Nfs") }} nfsVolume: |
| 484 | {{- else if (eq $volume.type "PVC") }} persistentVolumeClaim: |
| 485 | {{- else if (eq $volume.type "Secret") }} secretVolume: |
| 486 | {{- else }} {{ $volume.type }}: |
| 487 | {{- end }} |
| 488 | {{- range $key, $value := $volume }} |
| 489 | {{- if not (eq $key "type") }} |
| 490 | {{ $key }}: {{ if kindIs "string" $value }}{{ tpl $value $ | quote }}{{ else }}{{ $value }}{{ end }} |
| 491 | {{- end }} |
| 492 | {{- end }} |
| 493 | {{- end }} |
| 494 | {{- end }} |
| 495 | {{- if .Values.agent.workspaceVolume }} |
| 496 | workspaceVolume: |
| 497 | {{- if (eq .Values.agent.workspaceVolume.type "DynamicPVC") }} |
| 498 | dynamicPVC: |
| 499 | {{- else if (eq .Values.agent.workspaceVolume.type "EmptyDir") }} |
| 500 | emptyDirWorkspaceVolume: |
| 501 | {{- else if (eq .Values.agent.workspaceVolume.type "EphemeralVolume") }} |
| 502 | genericEphemeralVolume: |
| 503 | {{- else if (eq .Values.agent.workspaceVolume.type "HostPath") }} |
| 504 | hostPathWorkspaceVolume: |
| 505 | {{- else if (eq .Values.agent.workspaceVolume.type "Nfs") }} |
| 506 | nfsWorkspaceVolume: |
| 507 | {{- else if (eq .Values.agent.workspaceVolume.type "PVC") }} |
| 508 | persistentVolumeClaimWorkspaceVolume: |
| 509 | {{- else }} |
| 510 | {{ .Values.agent.workspaceVolume.type }}: |
| 511 | {{- end }} |
| 512 | {{- range $key, $value := .Values.agent.workspaceVolume }} |
| 513 | {{- if not (eq $key "type") }} |
| 514 | {{ $key }}: {{ if kindIs "string" $value }}{{ tpl $value $ | quote }}{{ else }}{{ $value }}{{ end }} |
| 515 | {{- end }} |
| 516 | {{- end }} |
| 517 | {{- end }} |
| 518 | {{- if .Values.agent.yamlTemplate }} |
| 519 | yaml: |- |
| 520 | {{- tpl (trim .Values.agent.yamlTemplate) . | nindent 4 }} |
| 521 | {{- end }} |
| 522 | yamlMergeStrategy: {{ .Values.agent.yamlMergeStrategy }} |
| 523 | {{- end -}} |
| 524 | |
| 525 | {{- define "jenkins.kubernetes-version" -}} |
| 526 | {{- if .Values.controller.installPlugins -}} |
| 527 | {{- range .Values.controller.installPlugins -}} |
| 528 | {{- if hasPrefix "kubernetes:" . }} |
| 529 | {{- $split := splitList ":" . }} |
| 530 | {{- printf "%s" (index $split 1 ) -}} |
| 531 | {{- end -}} |
| 532 | {{- end -}} |
| 533 | {{- end -}} |
| 534 | {{- end -}} |
| 535 | |
| 536 | {{- define "jenkins.casc.security" }} |
| 537 | security: |
| 538 | {{- with .Values.controller.JCasC }} |
| 539 | {{- if .security }} |
| 540 | {{- .security | toYaml | nindent 2 }} |
| 541 | {{- end }} |
| 542 | {{- end }} |
| 543 | {{- end -}} |
| 544 | |
| 545 | {{/* |
| 546 | Create the name of the service account to use |
| 547 | */}} |
| 548 | {{- define "jenkins.serviceAccountName" -}} |
| 549 | {{- if .Values.serviceAccount.create -}} |
| 550 | {{ default (include "jenkins.fullname" .) .Values.serviceAccount.name }} |
| 551 | {{- else -}} |
| 552 | {{ default "default" .Values.serviceAccount.name }} |
| 553 | {{- end -}} |
| 554 | {{- end -}} |
| 555 | |
| 556 | {{/* |
| 557 | Create the name of the service account for Jenkins agents to use |
| 558 | */}} |
| 559 | {{- define "jenkins.serviceAccountAgentName" -}} |
| 560 | {{- if .Values.serviceAccountAgent.create -}} |
| 561 | {{ default (printf "%s-%s" (include "jenkins.fullname" .) "agent") .Values.serviceAccountAgent.name }} |
| 562 | {{- else -}} |
| 563 | {{ default "default" .Values.serviceAccountAgent.name }} |
| 564 | {{- end -}} |
| 565 | {{- end -}} |
| 566 | |
| 567 | {{/* |
| 568 | Create a full tag name for controller image |
| 569 | */}} |
| 570 | {{- define "controller.image.tag" -}} |
| 571 | {{- if .Values.controller.image.tagLabel -}} |
| 572 | {{- default (printf "%s-%s" .Chart.AppVersion .Values.controller.image.tagLabel) .Values.controller.image.tag -}} |
| 573 | {{- else -}} |
| 574 | {{- default .Chart.AppVersion .Values.controller.image.tag -}} |
| 575 | {{- end -}} |
| 576 | {{- end -}} |
| 577 | |
| 578 | {{/* |
| 579 | Create the HTTP port for interacting with the controller |
| 580 | */}} |
| 581 | {{- define "controller.httpPort" -}} |
| 582 | {{- if .Values.controller.httpsKeyStore.enable -}} |
| 583 | {{- .Values.controller.httpsKeyStore.httpPort -}} |
| 584 | {{- else -}} |
| 585 | {{- .Values.controller.targetPort -}} |
| 586 | {{- end -}} |
| 587 | {{- end -}} |
| 588 | |
| 589 | {{- define "jenkins.configReloadContainer" -}} |
| 590 | {{- $root := index . 0 -}} |
| 591 | {{- $containerName := index . 1 -}} |
| 592 | {{- $containerType := index . 2 -}} |
| 593 | - name: {{ $containerName }} |
| 594 | image: "{{ $root.Values.controller.sidecars.configAutoReload.image.registry }}/{{ $root.Values.controller.sidecars.configAutoReload.image.repository }}:{{ $root.Values.controller.sidecars.configAutoReload.image.tag }}" |
| 595 | imagePullPolicy: {{ $root.Values.controller.sidecars.configAutoReload.imagePullPolicy }} |
| 596 | {{- if $root.Values.controller.sidecars.configAutoReload.containerSecurityContext }} |
| 597 | securityContext: {{- toYaml $root.Values.controller.sidecars.configAutoReload.containerSecurityContext | nindent 4 }} |
| 598 | {{- end }} |
| 599 | {{- if $root.Values.controller.sidecars.configAutoReload.envFrom }} |
| 600 | envFrom: |
| 601 | {{ (tpl (toYaml $root.Values.controller.sidecars.configAutoReload.envFrom) $root) | indent 4 }} |
| 602 | {{- end }} |
| 603 | env: |
| 604 | - name: POD_NAME |
| 605 | valueFrom: |
| 606 | fieldRef: |
| 607 | fieldPath: metadata.name |
| 608 | - name: LABEL |
| 609 | value: "{{ template "jenkins.fullname" $root }}-jenkins-config" |
| 610 | - name: FOLDER |
| 611 | value: "{{ $root.Values.controller.sidecars.configAutoReload.folder }}" |
| 612 | - name: NAMESPACE |
| 613 | value: '{{ $root.Values.controller.sidecars.configAutoReload.searchNamespace | default (include "jenkins.namespace" $root) }}' |
| 614 | {{- if eq $containerType "init" }} |
| 615 | - name: METHOD |
| 616 | value: "LIST" |
| 617 | {{- else if $root.Values.controller.sidecars.configAutoReload.sleepTime }} |
| 618 | - name: METHOD |
| 619 | value: "SLEEP" |
| 620 | - name: SLEEP_TIME |
| 621 | value: "{{ $root.Values.controller.sidecars.configAutoReload.sleepTime }}" |
| 622 | {{- end }} |
| 623 | {{- if eq $containerType "sidecar" }} |
| 624 | - name: REQ_URL |
| 625 | value: "{{- default "http" $root.Values.controller.sidecars.configAutoReload.scheme }}://localhost:{{- include "controller.httpPort" $root -}}{{- $root.Values.controller.jenkinsUriPrefix -}}/reload-configuration-as-code/?casc-reload-token=$(POD_NAME)" |
| 626 | - name: REQ_METHOD |
| 627 | value: "POST" |
| 628 | - name: REQ_RETRY_CONNECT |
| 629 | value: "{{ $root.Values.controller.sidecars.configAutoReload.reqRetryConnect }}" |
| 630 | {{- if $root.Values.controller.sidecars.configAutoReload.skipTlsVerify }} |
| 631 | - name: REQ_SKIP_TLS_VERIFY |
| 632 | value: "true" |
| 633 | {{- end }} |
| 634 | {{- end }} |
| 635 | |
| 636 | {{- if $root.Values.controller.sidecars.configAutoReload.env }} |
| 637 | {{- range $envVarItem := $root.Values.controller.sidecars.configAutoReload.env -}} |
| 638 | {{- if or (ne $containerType "init") (ne .name "METHOD") }} |
| 639 | {{- (tpl (toYaml (list $envVarItem)) $root) | nindent 4 }} |
| 640 | {{- end -}} |
| 641 | {{- end -}} |
| 642 | {{- end }} |
| 643 | |
| 644 | resources: |
| 645 | {{ toYaml $root.Values.controller.sidecars.configAutoReload.resources | indent 4 }} |
| 646 | volumeMounts: |
| 647 | - name: sc-config-volume |
| 648 | mountPath: {{ $root.Values.controller.sidecars.configAutoReload.folder | quote }} |
| 649 | - name: jenkins-home |
| 650 | mountPath: {{ $root.Values.controller.jenkinsHome }} |
| 651 | {{- if $root.Values.persistence.subPath }} |
| 652 | subPath: {{ $root.Values.persistence.subPath }} |
| 653 | {{- end }} |
| 654 | |
| 655 | {{- end -}} |