Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / f9f0beec8492e05a459bd7080ad095b4cf9292bc / . / charts / jenkins / templates / jenkins-controller-statefulset.yaml
blob: ca0edc6511a9b78a558cd848e5f2416e9f69b20a [file] [log] [blame]
Giorgi Lekveishvili35982662024-04-05 13:05:40 +0400[diff] [blame]1{{- if .Capabilities.APIVersions.Has "apps/v1" }}
2apiVersion: apps/v1
3{{- else }}
4apiVersion: apps/v1beta1
5{{- end }}
6kind: StatefulSet
7metadata:
8 name: {{ template "jenkins.fullname" . }}
9 namespace: {{ template "jenkins.namespace" . }}
10 labels:
11 "app.kubernetes.io/name": '{{ template "jenkins.name" .}}'
12 {{- if .Values.renderHelmLabels }}
13 "helm.sh/chart": "{{ template "jenkins.label" .}}"
14 {{- end }}
15 "app.kubernetes.io/managed-by": "{{ .Release.Service }}"
16 "app.kubernetes.io/instance": "{{ .Release.Name }}"
17 "app.kubernetes.io/component": "{{ .Values.controller.componentName }}"
18 {{- range $key, $val := .Values.controller.statefulSetLabels }}
19 {{ $key }}: {{ $val | quote }}
20 {{- end}}
21 {{- if .Values.controller.statefulSetAnnotations }}
22 annotations:
23{{ toYaml .Values.controller.statefulSetAnnotations | indent 4 }}
24 {{- end }}
25spec:
26 serviceName: {{ template "jenkins.fullname" . }}
27 replicas: 1
28 selector:
29 matchLabels:
30 "app.kubernetes.io/component": "{{ .Values.controller.componentName }}"
31 "app.kubernetes.io/instance": "{{ .Release.Name }}"
32 {{- if .Values.controller.updateStrategy }}
33 updateStrategy:
34{{ toYaml .Values.controller.updateStrategy | indent 4 }}
35 {{- end }}
36 template:
37 metadata:
38 labels:
39 "app.kubernetes.io/name": '{{ template "jenkins.name" .}}'
40 "app.kubernetes.io/managed-by": "{{ .Release.Service }}"
41 "app.kubernetes.io/instance": "{{ .Release.Name }}"
42 "app.kubernetes.io/component": "{{ .Values.controller.componentName }}"
43 {{- range $key, $val := .Values.controller.podLabels }}
44 {{ $key }}: {{ $val | quote }}
45 {{- end}}
46 annotations:
47 checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
48 {{- if .Values.controller.initScripts }}
49 checksum/config-init-scripts: {{ include (print $.Template.BasePath "/config-init-scripts.yaml") . | sha256sum }}
50 {{- end }}
51 {{- if .Values.controller.podAnnotations }}
52{{ tpl (toYaml .Values.controller.podAnnotations | indent 8) . }}
53 {{- end }}
54 spec:
55 {{- if .Values.controller.schedulerName }}
56 schedulerName: {{ .Values.controller.schedulerName }}
57 {{- end }}
58 {{- if .Values.controller.nodeSelector }}
59 nodeSelector:
60{{ toYaml .Values.controller.nodeSelector | indent 8 }}
61 {{- end }}
62 {{- if .Values.controller.tolerations }}
63 tolerations:
64{{ toYaml .Values.controller.tolerations | indent 8 }}
65 {{- end }}
66 {{- if .Values.controller.affinity }}
67 affinity:
68{{ toYaml .Values.controller.affinity | indent 8 }}
69 {{- end }}
70 {{- if quote .Values.controller.terminationGracePeriodSeconds }}
71 terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
72 {{- end }}
73 {{- if .Values.controller.priorityClassName }}
74 priorityClassName: {{ .Values.controller.priorityClassName }}
75 {{- end }}
76 {{- if .Values.controller.shareProcessNamespace }}
77 shareProcessNamespace: true
78 {{- end }}
79{{- if .Values.controller.usePodSecurityContext }}
80 securityContext:
81 {{- if kindIs "map" .Values.controller.podSecurityContextOverride }}
82 {{- tpl (toYaml .Values.controller.podSecurityContextOverride | nindent 8) . -}}
83 {{- else }}
84 {{/* The rest of this section should be replaced with the contents of this comment one the runAsUser, fsGroup, and securityContextCapabilities Helm chart values have been removed:
85 runAsUser: 1000
86 fsGroup: 1000
87 runAsNonRoot: true
88 */}}
89 runAsUser: {{ default 0 .Values.controller.runAsUser }}
90 {{- if and (.Values.controller.runAsUser) (.Values.controller.fsGroup) }}
91 {{- if not (eq (int .Values.controller.runAsUser) 0) }}
92 fsGroup: {{ .Values.controller.fsGroup }}
93 runAsNonRoot: true
94 {{- end }}
95 {{- if .Values.controller.securityContextCapabilities }}
96 capabilities:
97 {{- toYaml .Values.controller.securityContextCapabilities | nindent 10 }}
98 {{- end }}
99 {{- end }}
100 {{- end }}
101{{- end }}
102 serviceAccountName: "{{ template "jenkins.serviceAccountName" . }}"
103{{- if .Values.controller.hostNetworking }}
104 hostNetwork: true
105 dnsPolicy: ClusterFirstWithHostNet
106{{- end }}
107 {{- if .Values.controller.hostAliases }}
108 hostAliases:
109 {{- toYaml .Values.controller.hostAliases | nindent 8 }}
110 {{- end }}
111 initContainers:
112{{- if .Values.controller.customInitContainers }}
113{{ tpl (toYaml .Values.controller.customInitContainers) . | indent 8 }}
114{{- end }}
115
116{{- if .Values.controller.sidecars.configAutoReload.enabled }}
117{{- include "jenkins.configReloadContainer" (list $ "config-reload-init" "init") | nindent 8 }}
118{{- end}}
119
120 - name: "init"
121 image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{- include "controller.image.tag" . -}}"
122 imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
123 {{- if .Values.controller.containerSecurityContext }}
124 securityContext: {{- toYaml .Values.controller.containerSecurityContext | nindent 12 }}
125 {{- end }}
126 command: [ "sh", "/var/jenkins_config/apply_config.sh" ]
127 {{- if .Values.controller.initContainerEnvFrom }}
128 envFrom:
129{{ (tpl (toYaml .Values.controller.initContainerEnvFrom) .) | indent 12 }}
130 {{- end }}
131 {{- if .Values.controller.initContainerEnv }}
132 env:
133{{ (tpl (toYaml .Values.controller.initContainerEnv) .) | indent 12 }}
134 {{- end }}
135 resources:
136{{- if .Values.controller.initContainerResources }}
137{{ toYaml .Values.controller.initContainerResources | indent 12 }}
138{{- else }}
139{{ toYaml .Values.controller.resources | indent 12 }}
140{{- end }}
141 volumeMounts:
142 {{- if .Values.persistence.mounts }}
143{{ toYaml .Values.persistence.mounts | indent 12 }}
144 {{- end }}
145 - mountPath: {{ .Values.controller.jenkinsHome }}
146 name: jenkins-home
147 {{- if .Values.persistence.subPath }}
148 subPath: {{ .Values.persistence.subPath }}
149 {{- end }}
150 - mountPath: /var/jenkins_config
151 name: jenkins-config
152 {{- if .Values.controller.installPlugins }}
153 {{- if .Values.controller.overwritePluginsFromImage }}
154 - mountPath: {{ .Values.controller.jenkinsRef }}/plugins
155 name: plugins
156 {{- end }}
157 - mountPath: /var/jenkins_plugins
158 name: plugin-dir
159 - mountPath: /tmp
160 name: tmp-volume
161 {{- end }}
162 {{- if or .Values.controller.initScripts .Values.controller.initConfigMap }}
163 - mountPath: {{ .Values.controller.jenkinsHome }}/init.groovy.d
164 name: init-scripts
165 {{- end }}
166 {{- if and .Values.controller.httpsKeyStore.enable (not .Values.controller.httpsKeyStore.disableSecretMount) }}
167 {{- $httpsJKSDirPath := printf "%s" .Values.controller.httpsKeyStore.path }}
168 - mountPath: {{ $httpsJKSDirPath }}
169 name: jenkins-https-keystore
170 {{- end }}
171 containers:
172 - name: jenkins
173 image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{- include "controller.image.tag" . -}}"
174 imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
175 {{- if .Values.controller.containerSecurityContext }}
176 securityContext: {{- toYaml .Values.controller.containerSecurityContext | nindent 12 }}
177 {{- end }}
178 {{- if .Values.controller.overrideArgs }}
179 args: [
180 {{- range $overrideArg := .Values.controller.overrideArgs }}
181 "{{- tpl $overrideArg $ }}",
182 {{- end }}
183 ]
184 {{- else if .Values.controller.httpsKeyStore.enable }}
185 {{- $httpsJKSFilePath := printf "%s/%s" .Values.controller.httpsKeyStore.path .Values.controller.httpsKeyStore.fileName }}
186 args: [ "--httpPort={{.Values.controller.httpsKeyStore.httpPort}}", "--httpsPort={{.Values.controller.targetPort}}", '--httpsKeyStore={{ $httpsJKSFilePath }}', "--httpsKeyStorePassword=$(JENKINS_HTTPS_KEYSTORE_PASSWORD)" ]
187 {{- else }}
188 args: [ "--httpPort={{.Values.controller.targetPort}}"]
189 {{- end }}
190 {{- if .Values.controller.lifecycle }}
191 lifecycle:
192{{ toYaml .Values.controller.lifecycle | indent 12 }}
193 {{- end }}
194{{- if .Values.controller.terminationMessagePath }}
195 terminationMessagePath: {{ .Values.controller.terminationMessagePath }}
196{{- end }}
197{{- if .Values.controller.terminationMessagePolicy }}
198 terminationMessagePolicy: {{ .Values.controller.terminationMessagePolicy }}
199{{- end }}
200 {{- if .Values.controller.containerEnvFrom }}
201 envFrom:
202{{ (tpl ( toYaml .Values.controller.containerEnvFrom) .) | indent 12 }}
203 {{- end }}
204 env:
205 {{- if .Values.controller.containerEnv }}
206{{ (tpl ( toYaml .Values.controller.containerEnv) .) | indent 12 }}
207 {{- end }}
208 {{- if or .Values.controller.additionalSecrets .Values.controller.existingSecret .Values.controller.additionalExistingSecrets .Values.controller.admin.createSecret }}
209 - name: SECRETS
210 value: /run/secrets/additional
211 {{- end }}
212 - name: POD_NAME
213 valueFrom:
214 fieldRef:
215 fieldPath: metadata.name
216 - name: JAVA_OPTS
217 value: >-
218 {{ if .Values.controller.sidecars.configAutoReload.enabled }} -Dcasc.reload.token=$(POD_NAME) {{ end }}{{ default "" .Values.controller.javaOpts }}
219 - name: JENKINS_OPTS
220 value: >-
221 {{ if .Values.controller.jenkinsUriPrefix }}--prefix={{ .Values.controller.jenkinsUriPrefix }} {{ end }} --webroot=/var/jenkins_cache/war {{ default "" .Values.controller.jenkinsOpts}}
222 - name: JENKINS_SLAVE_AGENT_PORT
223 value: "{{ .Values.controller.agentListenerPort }}"
224 {{- if .Values.controller.httpsKeyStore.enable }}
225 - name: JENKINS_HTTPS_KEYSTORE_PASSWORD
226 {{- if not .Values.controller.httpsKeyStore.disableSecretMount }}
227 valueFrom:
228 secretKeyRef:
229 name: {{ if .Values.controller.httpsKeyStore.jenkinsHttpsJksPasswordSecretName }} {{ .Values.controller.httpsKeyStore.jenkinsHttpsJksPasswordSecretName }} {{ else if .Values.controller.httpsKeyStore.jenkinsHttpsJksSecretName }} {{ .Values.controller.httpsKeyStore.jenkinsHttpsJksSecretName }} {{ else }} {{ template "jenkins.fullname" . }}-https-jks {{ end }}
230 key: "{{ .Values.controller.httpsKeyStore.jenkinsHttpsJksPasswordSecretKey }}"
231 {{- else }}
232 value: {{ .Values.controller.httpsKeyStore.password }}
233 {{- end }}
234 {{- end }}
235
236 - name: CASC_JENKINS_CONFIG
237 value: {{ .Values.controller.sidecars.configAutoReload.folder | default (printf "%s/casc_configs" (.Values.controller.jenkinsRef)) }}{{- if .Values.controller.JCasC.configUrls }},{{ join "," .Values.controller.JCasC.configUrls }}{{- end }}
238 ports:
239 {{- if .Values.controller.httpsKeyStore.enable }}
240 - containerPort: {{.Values.controller.httpsKeyStore.httpPort}}
241 {{- else }}
242 - containerPort: {{.Values.controller.targetPort}}
243 {{- end }}
244 name: http
245 - containerPort: {{ .Values.controller.agentListenerPort }}
246 name: agent-listener
247 {{- if .Values.controller.agentListenerHostPort }}
248 hostPort: {{ .Values.controller.agentListenerHostPort }}
249 {{- end }}
250 {{- if .Values.controller.jmxPort }}
251 - containerPort: {{ .Values.controller.jmxPort }}
252 name: jmx
253 {{- end }}
254{{- range $index, $port := .Values.controller.extraPorts }}
255 - containerPort: {{ $port.port }}
256 name: {{ $port.name }}
257{{- end }}
258{{- if and .Values.controller.healthProbes .Values.controller.probes}}
259 {{- if semverCompare ">=1.16-0" .Capabilities.KubeVersion.GitVersion }}
260 startupProbe:
261{{ tpl (toYaml .Values.controller.probes.startupProbe | indent 12) .}}
262 {{- end }}
263 livenessProbe:
264{{ tpl (toYaml .Values.controller.probes.livenessProbe | indent 12) .}}
265 readinessProbe:
266{{ tpl (toYaml .Values.controller.probes.readinessProbe | indent 12) .}}
267{{- end }}
268 resources:
269{{ toYaml .Values.controller.resources | indent 12 }}
270 volumeMounts:
271{{- if .Values.persistence.mounts }}
272{{ toYaml .Values.persistence.mounts | indent 12 }}
273{{- end }}
274 {{- if and .Values.controller.httpsKeyStore.enable (not .Values.controller.httpsKeyStore.disableSecretMount) }}
275 {{- $httpsJKSDirPath := printf "%s" .Values.controller.httpsKeyStore.path }}
276 - mountPath: {{ $httpsJKSDirPath }}
277 name: jenkins-https-keystore
278 {{- end }}
279 - mountPath: {{ .Values.controller.jenkinsHome }}
280 name: jenkins-home
281 readOnly: false
282 {{- if .Values.persistence.subPath }}
283 subPath: {{ .Values.persistence.subPath }}
284 {{- end }}
285 - mountPath: /var/jenkins_config
286 name: jenkins-config
287 readOnly: true
288 {{- if .Values.controller.installPlugins }}
289 - mountPath: {{ .Values.controller.jenkinsRef }}/plugins/
290 name: plugin-dir
291 readOnly: false
292 {{- end }}
293 {{- if or .Values.controller.initScripts .Values.controller.initConfigMap }}
294 - mountPath: {{ .Values.controller.jenkinsHome }}/init.groovy.d
295 name: init-scripts
296 {{- end }}
297 {{- if .Values.controller.sidecars.configAutoReload.enabled }}
298 - name: sc-config-volume
299 mountPath: {{ .Values.controller.sidecars.configAutoReload.folder | default (printf "%s/casc_configs" (.Values.controller.jenkinsRef)) }}
300 {{- end }}
301 {{- if or .Values.controller.additionalSecrets .Values.controller.existingSecret .Values.controller.additionalExistingSecrets .Values.controller.admin.createSecret }}
302 - name: jenkins-secrets
303 mountPath: /run/secrets/additional
304 readOnly: true
305 {{- end }}
306 - name: jenkins-cache
307 mountPath: /var/jenkins_cache
308 - mountPath: /tmp
309 name: tmp-volume
310
311{{- if .Values.controller.sidecars.configAutoReload.enabled }}
312{{- include "jenkins.configReloadContainer" (list $ "config-reload" "sidecar") | nindent 8 }}
313{{- end}}
314
315
316{{- if .Values.controller.sidecars.additionalSidecarContainers}}
317{{ tpl (toYaml .Values.controller.sidecars.additionalSidecarContainers | indent 8) .}}
318{{- end }}
319
320 volumes:
321{{- if .Values.persistence.volumes }}
322{{ tpl (toYaml .Values.persistence.volumes | indent 6) . }}
323{{- end }}
324 {{- if .Values.controller.installPlugins }}
325 {{- if .Values.controller.overwritePluginsFromImage }}
326 - name: plugins
327 emptyDir: {}
328 {{- end }}
329 {{- end }}
330 {{- if and .Values.controller.initScripts .Values.controller.initConfigMap }}
331 - name: init-scripts
332 projected:
333 sources:
334 - configMap:
335 name: {{ template "jenkins.fullname" . }}-init-scripts
336 - configMap:
337 name: {{ .Values.controller.initConfigMap }}
338 {{- else if .Values.controller.initConfigMap }}
339 - name: init-scripts
340 configMap:
341 name: {{ .Values.controller.initConfigMap }}
342 {{- else if .Values.controller.initScripts }}
343 - name: init-scripts
344 configMap:
345 name: {{ template "jenkins.fullname" . }}-init-scripts
346 {{- end }}
347 - name: jenkins-config
348 configMap:
349 name: {{ template "jenkins.fullname" . }}
350 {{- if .Values.controller.installPlugins }}
351 - name: plugin-dir
352 emptyDir: {}
353 {{- end }}
354 {{- if or .Values.controller.additionalSecrets .Values.controller.existingSecret .Values.controller.additionalExistingSecrets .Values.controller.admin.createSecret }}
355 - name: jenkins-secrets
356 projected:
357 sources:
358 {{- if .Values.controller.additionalSecrets }}
359 - secret:
360 name: {{ template "jenkins.fullname" . }}-additional-secrets
361 {{- end }}
362 {{- if .Values.controller.additionalExistingSecrets }}
363 {{- range $key, $value := .Values.controller.additionalExistingSecrets }}
364 - secret:
365 name: {{ tpl $value.name $ }}
366 items:
367 - key: {{ tpl $value.keyName $ }}
368 path: {{ tpl $value.name $ }}-{{ tpl $value.keyName $ }}
369 {{- end }}
370 {{- end }}
371 {{- if .Values.controller.admin.createSecret }}
372 - secret:
373 name: {{ .Values.controller.admin.existingSecret | default (include "jenkins.fullname" .) }}
374 items:
375 - key: {{ .Values.controller.admin.userKey | default "jenkins-admin-user" }}
376 path: chart-admin-username
377 - key: {{ .Values.controller.admin.passwordKey | default "jenkins-admin-password" }}
378 path: chart-admin-password
379 {{- end }}
380 {{- if .Values.controller.existingSecret }}
381 - secret:
382 name: {{ .Values.controller.existingSecret }}
383 {{- end }}
384 {{- end }}
385 - name: jenkins-cache
386 emptyDir: {}
387 {{- if not (contains "jenkins-home" (quote .Values.persistence.volumes)) }}
388 - name: jenkins-home
389 {{- if .Values.persistence.enabled }}
390 persistentVolumeClaim:
391 claimName: {{ .Values.persistence.existingClaim | default (include "jenkins.fullname" .) }}
392 {{- else }}
393 emptyDir: {}
394 {{- end -}}
395 {{- end }}
396 - name: sc-config-volume
397 emptyDir: {}
398 - name: tmp-volume
399 emptyDir: {}
400
401 {{- if and .Values.controller.httpsKeyStore.enable (not .Values.controller.httpsKeyStore.disableSecretMount) }}
402 - name: jenkins-https-keystore
403 secret:
404 secretName: {{ if .Values.controller.httpsKeyStore.jenkinsHttpsJksSecretName }} {{ .Values.controller.httpsKeyStore.jenkinsHttpsJksSecretName }} {{ else }} {{ template "jenkins.fullname" . }}-https-jks {{ end }}
405 items:
406 - key: {{ .Values.controller.httpsKeyStore.jenkinsHttpsJksSecretKey }}
407 path: {{ .Values.controller.httpsKeyStore.fileName }}
408 {{- end }}
409
410{{- if .Values.controller.imagePullSecretName }}
411 imagePullSecrets:
412 - name: {{ .Values.controller.imagePullSecretName }}
413{{- end -}}