fix(jenkins) jenkins add configmap (#5953)

* fix(jenkins) jenkins add configmap * fix PLUGINS_FORCE_UPGRADE * some initial changes * update * lint * rootless * bump * so many opts Co-authored-by: Stavros kois <s.kois@outlook.com>
2023-01-07 05:58:38 -05:00 · 2023-01-07 05:58:38 -05:00 · 66bd35759e
parent 48b22ae3cf
commit 66bd35759e
5 changed files with 140 additions and 26 deletions
--- a/charts/incubator/jenkins/Chart.yaml
+++ b/charts/incubator/jenkins/Chart.yaml
@ -1,11 +1,11 @@
 apiVersion: v2
-appVersion: "2.362"
+appVersion: "2.384"
 dependencies:
  - name: common
    repository: https://library-charts.truecharts.org
    version: 11.1.2
 deprecated: false
-description: "Jenkins is the gold standard in devops tools for running CI/CD pipelines"
+description: The gold standard in devops tools for running CI/CD pipelines.
 home: https://truecharts.org/charts/incubator/jenkins
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/jenkins.png
 keywords:
@ -21,8 +21,9 @@ sources:
  - https://github.com/truecharts/charts/tree/master/charts/incubator/jenkins
  - https://hub.docker.com/r/jenkins/jenkins
 type: application
-version: 2.0.8
+version: 3.0.0
 annotations:
-  truecharts.org/SCALE-support: "true"
  truecharts.org/catagories: |
    - productivity
+  truecharts.org/SCALE-support: "true"
+  truecharts.org/grade: U
--- a/charts/incubator/jenkins/questions.yaml
+++ b/charts/incubator/jenkins/questions.yaml
@ -8,19 +8,67 @@ questions:
 # Include{replicas}
 # Include{replica1}
 # Include{controllerExpertExtraArgs}
-  - variable: env
+  - variable: jenkins
    group: App Configuration
-    label: Image Environment
+    label: Jenkins Configuration
    schema:
      additional_attrs: true
      type: dict
      attrs:
-        - variable: JENKINS_JAVA_OPTS
-          label: JENKINS_JAVA_OPTS
-          description: You might need to customize the JVM running Jenkins, typically to adjust system properties or tweak heap memory settings.
+        - variable: jenkins_java_opts
+          label: Jenkins Java Opts
+          description: Add the Jenkins Java Opts parameters, one per entry.
          schema:
-            type: string
-            default: ""
+            type: list
+            default: []
+            items:
+              - variable: jenkins_java_opts_entry
+                label: Jenkins Java Opts Entry
+                description: Single Jenkins Java Opt per entry.
+                schema:
+                  type: string
+                  default: ""
+                  required: true
+        - variable: jenkins_opts
+          label: Jenkins Opts
+          description: Add the Jenkins Opts parameters, one per entry.
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: jenkins_opts_entry
+                label: Jenkins Opts Entry
+                description: Single Jenkins Opt per entry.
+                schema:
+                  type: string
+                  default: ""
+                  required: true
+        - variable: java_opts
+          label: Java Opts
+          description: Add the JVM parameters, one per entry.
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: java_opts_entry
+                label: Java Opts Entry
+                description: Single Java Opt per entry.
+                schema:
+                  type: string
+                  default: ""
+                  required: true
+        - variable: plugins_force_upgrade
+          label: Plugins Force Upgrade
+          description: Set to true to force upgrades of plugins that have been manually upgraded.
+          schema:
+            type: boolean
+            default: false
+        - variable: upgrade_if_no_marker
+          label: Upgrade If No Marker
+          description: Set to true to upgrade existing plugins without marker.
+          schema:
+            type: boolean
+            default: false
 # Include{containerConfig}
 # Include{serviceRoot}
        - variable: main
@ -113,20 +161,20 @@ questions:
                label: runAsNonRoot
                schema:
                  type: boolean
-                  default: false
+                  default: true
 # Include{podSecurityContextRoot}
        - variable: runAsUser
          label: runAsUser
          description: The UserID of the user running the application
          schema:
            type: int
-            default: 0
+            default: 1000
        - variable: runAsGroup
          label: runAsGroup
          description: The groupID this App of the user running the application
          schema:
            type: int
-            default: 0
+            default: 1000
        - variable: fsGroup
          label: fsGroup
          description: The group that should own ALL storage.
--- a/charts/incubator/jenkins/templates/_secret.tpl
+++ b/charts/incubator/jenkins/templates/_secret.tpl
@ -0,0 +1,42 @@
+{{/* Define the secret */}}
+{{- define "jenkins.secret" -}}
+
+{{- $secretName := printf "%s-secret" (include "tc.common.names.fullname" .) -}}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $secretName }}
+  labels:
+    {{- include "tc.common.labels" . | nindent 4 }}
+stringData:
+  JAVA_OPTS: {{ join " " (include "java.opts" . | fromYaml).opts | quote }}
+  JENKINS_OPTS: {{ join " " (include "jenkins.opts" . | fromYaml).opts | quote }}
+  JENKINS_JAVA_OPTS: {{ join " " (include "jenkins.java.opts" . | fromYaml).opts | quote }}
+  PLUGINS_FORCE_UPGRADE: {{ .Values.jenkins.plugins_force_upgrade | quote }}
+  TRY_UPGRADE_IF_NO_MARKER: {{ .Values.jenkins.upgrade_if_no_marker | quote }}
+{{- end -}}
+
+{{- define "jenkins.java.opts" -}}
+opts:
+  - -Djenkins.model.Jenkins.slaveAgentPort={{ .Values.service.agent.ports.agent.port }}
+  - -Djenkins.model.Jenkins.slaveAgentPortEnforce=true
+  {{- range $opt := .Values.jenkins.jenkins_java_opts }}
+  - {{ $opt }}
+  {{- end }}
+{{- end -}}
+
+{{- define "jenkins.opts" -}}
+opts:
+  - --httpPort={{ .Values.service.main.ports.main.port }}
+  {{- range $opt := .Values.jenkins.jenkins_opts }}
+  - {{ $opt }}
+  {{- end }}
+{{- end -}}
+
+{{- define "java.opts" -}}
+opts:
+  {{- range $opt := .Values.jenkins.java_opts }}
+  - {{ $opt }}
+  {{- end }}
+{{- end -}}
--- a/charts/incubator/jenkins/templates/common.yaml
+++ b/charts/incubator/jenkins/templates/common.yaml
@ -1,2 +1,8 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "tc.common.loader.init" . }}
+
+{{/* Render secret */}}
+{{- include "jenkins.secret" . }}
+
 {{/* Render the templates */}}
-{{ include "tc.common.loader.all" . }}
+{{ include "tc.common.loader.apply" . }}
--- a/charts/incubator/jenkins/values.yaml
+++ b/charts/incubator/jenkins/values.yaml
@ -1,33 +1,50 @@
 image:
-  repository: tccr.io/truecharts/jenkins
+  repository: jenkins/jenkins
  pullPolicy: IfNotPresent
-  tag: v2.362@sha256:6ead1a1da8711e3da9bbdbe95dc8c4cf72389a5c22ddaba13b94028fdbf5f425
+  tag: 2.384-jdk17@sha256:7b28e73870aad9d6f62be09772b2b9ff8599f7348ad4cc66a918511aac08bdc9

 podSecurityContext:
-  runAsGroup: 0
-  runAsUser: 0
+  runAsGroup: 1000
+  runAsUser: 1000
  fsGroup: 1000

-securityContext:
-  readOnlyRootFilesystem: false
-  runAsNonRoot: false
+# securityContext:
+#   readOnlyRootFilesystem: false

-env:
-  JENKINS_JAVA_OPTS: ""
+jenkins:
+  java_opts: []
+  jenkins_opts: []
+  jenkins_java_opts: []
+  plugins_force_upgrade: false
+  upgrade_if_no_marker: false
+
+envFrom:
+  - secretRef:
+      name: '{{ include "tc.common.names.fullname" . }}-secret'
+
+probes:
+  liveness:
+    type: HTTP
+    path: /login
+  readiness:
+    type: HTTP
+    path: /login
+  startup:
+    type: HTTP
+    path: /login

 service:
  main:
    ports:
      main:
+        protocol: HTTP
        port: 10280
-        targetPort: 8080
  agent:
    enabled: true
    ports:
      agent:
        enabled: true
        port: 50000
-        targetPort: 50000

 persistence:
  data: