jenkins.nomad (3905B)
1 job "jenkins" { 2 datacenters = ["dc1"] 3 4 vault {} 5 6 group "server" { 7 count = 1 8 9 volume "tls" { 10 type = "csi" 11 source = "certbot" 12 access_mode = "multi-node-multi-writer" 13 attachment_mode = "file-system" 14 } 15 volume "jenkins" { 16 type = "csi" 17 source = "jenkins" 18 access_mode = "multi-node-multi-writer" 19 attachment_mode = "file-system" 20 } 21 22 network { 23 port "jenkins" { 24 to = 8080 25 } 26 port "jnlp" { 27 to = 50000 28 } 29 port "https" { 30 static = 44401 31 } 32 } 33 34 # Install jenkins plugins 35 # https://www.jenkins.io/doc/book/installing/docker 36 task "install-jenkins-plugins" { 37 driver = "podman" 38 39 volume_mount { 40 volume = "jenkins" 41 destination = "/var/jenkins_home" 42 } 43 44 config { 45 image = "docker.io/jenkins/jenkins:lts-jdk21" 46 force_pull = true 47 command = "jenkins-plugin-cli" 48 args = [ 49 "--plugins", 50 "blueocean", 51 "configuration-as-code", 52 "git", 53 # https://issues.jenkins.io/browse/JENKINS-75542 54 "eddsa-api", 55 "hashicorp-vault-plugin", 56 "nomad", 57 "pipeline-utility-steps", 58 "docker-workflow", # spawn Jenkins agents in Nomad jobs 59 #"docker-plugin", # spawn Jenkins agents in Docker containers 60 "--plugin-download-directory", 61 "/var/jenkins_home/plugins", 62 ] 63 } 64 65 resources { 66 memory = 512 67 memory_max = 1024 68 cpu = 300 69 } 70 71 lifecycle { 72 hook = "prestart" 73 sidecar = false 74 } 75 } 76 77 task "jenkins" { 78 driver = "podman" 79 80 template { 81 # https://github.com/GastroGee/jenkins-nomad/blob/main/jenkins-controller/nomad.yaml 82 destination = "${NOMAD_TASK_DIR}/jenkins.yaml" 83 data = file("./templates/jenkins.yaml.tmpl") 84 } 85 86 env { 87 JAVA_OPTS = "-Djava.awt.headless=true -Djenkins.install.runSetupWizard=false -Dorg.apache.commons.jelly.tags.fmt.timeZone=Europe/Zurich -Dhudson.model.UsageStatistics.disabled=true -Dorg.jenkinsci.plugins.durabletask.BourneShellScript.LAUNCH_DIAGNOSTICS=true" 88 } 89 90 config { 91 image = "docker.io/jenkins/jenkins:lts-jdk21" 92 force_pull = true 93 ports = ["jenkins", "jnlp"] 94 volumes = [ 95 # mount the templated config from the task directory to the container 96 "local/jenkins.yaml:/var/jenkins_home/jenkins.yaml", 97 # mount the Nomad server truststore 98 "/home/jenkins/nomad-agent-ca.p12:/etc/ssl/certs/nomad-agent-ca.p12", 99 # Required to test the functionality of the socket in the settings on 100 # the Jenkins controller (only for Docker cloud, docker-plugin) 101 # https://jenkins.in0rdr.ch/manage/cloud/docker/configure 102 #"/run/user/1312/podman/podman.sock:/home/jenkins/agent/podman.sock" 103 ] 104 } 105 106 volume_mount { 107 volume = "jenkins" 108 destination = "/var/jenkins_home" 109 } 110 111 resources { 112 # https://www.jenkins.io/doc/book/installing/docker/#prerequisites 113 memory = 1024 114 memory_max = 2048 115 cpu = 500 116 } 117 } 118 119 task "nginx" { 120 driver = "podman" 121 122 config { 123 image = "docker.io/library/nginx:stable-alpine" 124 force_pull = true 125 ports = ["https"] 126 volumes = [ 127 # mount the templated config from the task directory to the container 128 "local/jenkins.conf:/etc/nginx/conf.d/jenkins.conf", 129 ] 130 } 131 132 volume_mount { 133 volume = "tls" 134 destination = "/etc/letsencrypt" 135 } 136 137 template { 138 destination = "${NOMAD_TASK_DIR}/jenkins.conf" 139 data = file("./templates/nginx.conf.tmpl") 140 } 141 142 resources { 143 memory = 50 144 memory_max = 256 145 cpu = 200 146 } 147 } 148 } 149 }