nomad

HCL and Docker files for Nomad deployments
git clone https://git.in0rdr.ch/nomad.git
Log | Files | Refs | Pull requests |Archive

jenkins.yaml.tmpl (5997B)

      1 credentials:
      2   system:
      3     domainCredentials:
      4     - credentials:
      5       - vaultAppRoleCredential:
      6           description: "Jenkins approle on vault.in0rdr.ch"
      7           id: "vault.in0rdr.ch"
      8           path: "approle"
      9           roleId: "f22e8fa1-600b-8b3f-8d1f-5e1dbb7ffc76"
     10           scope: GLOBAL
     11           secretId: "{AQAAABAAAAAwkvKMbKxXt32PvPfvk1uKGiUy4Ah/+ns+/VBls3heRBJb0l2TtJ+e63J+CKf6hXtcbPPi44W+UCIR2DElovaIKA==}"
     12           usePolicies: false
     13 unclassified:
     14   location:
     15     adminAddress: "{{ if nomadVarExists "nomad/jobs/jenkins" -}}
     16     {{ with nomadVar "nomad/jobs/jenkins" }}{{ .admin_address }}{{ end -}}
     17     {{ else }}address not configured yet <nobody@nowhere>{{ end}}"
     18     url: "https://jenkins.in0rdr.ch"
     19   hashicorpVault:
     20     configuration:
     21       vaultCredentialId: "vault.in0rdr.ch"
     22       vaultUrl: "https://vault.in0rdr.ch"
     23   globalLibraries:
     24     libraries:
     25       - name: "in0rdr-jenkins-lib"
     26         retriever:
     27           modernSCM:
     28             scm:
     29               git:
     30                 remote: "https://git.in0rdr.ch/jenkins-lib.git"
     31   scmGit:
     32     globalConfigEmail: "jenkins@jenkins.in0rdr.ch"
     33     globalConfigName: "jenkins"
     34 jenkins:
     35   # https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/demos/jenkins/jenkins.yaml
     36   systemMessage: |
     37     {\__/}
     38     ( • . •)
     39     / >💾 Jenkins configured with Jenkins Configuration as Code plugin
     40   # Building on the built-in node can be a security issue. You should set the
     41   # number of executors on the built-in node to 0:
     42   # https://www.jenkins.io/doc/book/security/controller-isolation/#not-building-on-the-built-in-node
     43   numExecutors: 0
     44   slaveAgentPort: 50000
     45   agentProtocols:
     46   - "JNLP4-connect"
     47   - "Ping"
     48   authorizationStrategy:
     49     loggedInUsersCanDoAnything:
     50       allowAnonymousRead: false
     51   securityRealm:
     52     # https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos/embedded-userdatabase
     53     local:
     54       allowsSignup: false
     55       users:
     56         - id: in0rdr
     57           password: "{{with secret "kv/jenkins/users"}}{{index .Data.data.in0rdr}}{{end}}"
     58   globalNodeProperties:
     59   - envVars:
     60       env:
     61       - key: "GIT_AUTHOR_EMAIL"
     62         value: "jenkins@jenkins.in0rdr.ch"
     63       - key: "GIT_AUTHOR_NAME"
     64         value: "jenkins"
     65   clouds:
     66   - nomad:
     67       name: "nomad"
     68       nomadUrl: "https://{{env "attr.unique.network.ip-address"}}:4646"
     69       tlsEnabled: true
     70       serverCertificate: "/etc/ssl/certs/nomad-agent-ca.p12"
     71       # the truststore only contains public certificates, password is irrelevant here
     72       serverPassword: "123456"
     73       clientPassword:
     74       prune: true
     75       templates:
     76       - idleTerminationInMinutes: 10
     77         jobTemplate: |-
     78           {
     79             "Job": {
     80               "Region": "global",
     81               "ID": "%WORKER_NAME%",
     82               "Namespace": "default",
     83               "Type": "batch",
     84               "Datacenters": [
     85                 "dc1"
     86               ],
     87               "TaskGroups": [
     88                 {
     89                   "Name": "jenkins-podman-worker-taskgroup",
     90                   "Count": 1,
     91                   "RestartPolicy": {
     92                     "Attempts": 0,
     93                     "Interval": 10000000000,
     94                     "Mode": "fail",
     95                     "Delay": 1000000000
     96                   },
     97                   "Tasks": [
     98                     {
     99                       "Name": "jenkins-podman-worker",
    100                       "Driver": "podman",
    101                       "User": "1312",
    102                       "Config": {
    103                         "volumes": [
    104                           "/run/user/1312/podman/podman.sock:/home/jenkins/agent/podman.sock",
    105                           "/home/jenkins/workspace:/home/jenkins/workspace"
    106                         ],
    107                         "devices": [
    108                           "/dev/fuse"
    109                         ],
    110                         "force_pull": true,
    111                         "image": "127.0.0.1:5000/jenkins-inbound-agent:latest"
    112                       },
    113                       "Env": {
    114                         "JENKINS_URL": "http://{{ env "NOMAD_ADDR_jenkins" }}",
    115                         "JENKINS_AGENT_NAME": "%WORKER_NAME%",
    116                         "JENKINS_SECRET": "%WORKER_SECRET%",
    117                         "JENKINS_TUNNEL": "{{ env "NOMAD_ADDR_jnlp" }}",
    118                         "DOCKER_HOST": "unix:///home/jenkins/agent/podman.sock",
    119                         "DOCKER_OPTS": "--insecure-registry=\"haproxy.lan:5000\""
    120                       },
    121                       "Resources": {
    122                         "CPU": 500,
    123                         "MemoryMB": 512,
    124                         "MemoryMaxMB": 1024
    125                       }
    126                     }
    127                   ],
    128                   "EphemeralDisk": {
    129                     "SizeMB": 300
    130                   }
    131                 }
    132               ]
    133             }
    134           }
    135         labels: "nomad podman" # use the 'podman' label in the Jenkins pipeline spec
    136         numExecutors: 1
    137         prefix: "jenkins-podman"
    138         reusable: true
    139       workerTimeout: 1
    140   # Configuration example for the Docker cloud to spawn Jenkins agents directly
    141   # in Docker containers without intermediary Nomad jobs:
    142   # - https://plugins.jenkins.io/docker-plugin/#plugin-content-jcasc-plugin
    143   #- docker:
    144   #    name: "docker"
    145   #    containerCap: 3
    146   #    dockerApi:
    147   #      connectTimeout: 23
    148   #      dockerHost:
    149   #        uri: "unix:///home/jenkins/agent/podman.sock"
    150   #      readTimeout: 43
    151   #    errorDuration: 313
    152   #    templates:
    153   #    - connector:
    154   #        jnlp:
    155   #          jenkinsUrl: "http://{{ env "NOMAD_ADDR_jenkins" }}"
    156   #          user: "1312"
    157   #      dockerTemplateBase:
    158   #        image: "127.0.0.1:5000/jenkins-inbound-agent:latest"
    159   #        environment:
    160   #        - JENKINS_TUNNEL={{ env "NOMAD_ADDR_jnlp" }}
    161   #        - DOCKER_HOST=unix:///home/jenkins/agent/podman.sock
    162   #      labelString: "podman"
    163   #      name: "alpine-jdk21"
    164   #      pullTimeout: 171
    165   #      remoteFs: "/home/jenkins/agent"