jenkins.yaml.tmpl (6104B)
1 credentials: 2 system: 3 domainCredentials: 4 - credentials: 5 - vaultAppRoleCredential: 6 description: "Jenkins approle on vault.in0rdr.ch" 7 id: "vault.in0rdr.ch" 8 path: "approle" 9 roleId: "f22e8fa1-600b-8b3f-8d1f-5e1dbb7ffc76" 10 scope: GLOBAL 11 secretId: "{AQAAABAAAAAwkvKMbKxXt32PvPfvk1uKGiUy4Ah/+ns+/VBls3heRBJb0l2TtJ+e63J+CKf6hXtcbPPi44W+UCIR2DElovaIKA==}" 12 usePolicies: false 13 unclassified: 14 location: 15 adminAddress: "{{ if nomadVarExists "nomad/jobs/jenkins" -}} 16 {{ with nomadVar "nomad/jobs/jenkins" }}{{ .admin_address }}{{ end -}} 17 {{ else }}address not configured yet <nobody@nowhere>{{ end}}" 18 url: "https://jenkins.in0rdr.ch" 19 hashicorpVault: 20 configuration: 21 vaultCredentialId: "vault.in0rdr.ch" 22 vaultUrl: "https://vault.in0rdr.ch" 23 globalLibraries: 24 libraries: 25 - name: "in0rdr-jenkins-lib" 26 retriever: 27 modernSCM: 28 scm: 29 git: 30 remote: "https://git.in0rdr.ch/jenkins-lib.git" 31 scmGit: 32 globalConfigEmail: "jenkins@jenkins.in0rdr.ch" 33 globalConfigName: "jenkins" 34 jenkins: 35 # https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/demos/jenkins/jenkins.yaml 36 systemMessage: | 37 {\__/} 38 ( • . •) 39 / >💾 Jenkins configured with Jenkins Configuration as Code plugin 40 # Building on the built-in node can be a security issue. You should set the 41 # number of executors on the built-in node to 0: 42 # https://www.jenkins.io/doc/book/security/controller-isolation/#not-building-on-the-built-in-node 43 numExecutors: 0 44 slaveAgentPort: 50000 45 authorizationStrategy: 46 loggedInUsersCanDoAnything: 47 allowAnonymousRead: false 48 securityRealm: 49 # https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos/embedded-userdatabase 50 local: 51 allowsSignup: false 52 users: 53 - id: in0rdr 54 password: "{{with secret "kv/jenkins/users"}}{{index .Data.data.in0rdr}}{{end}}" 55 globalNodeProperties: 56 - envVars: 57 env: 58 - key: "GIT_AUTHOR_EMAIL" 59 value: "jenkins@jenkins.in0rdr.ch" 60 - key: "GIT_AUTHOR_NAME" 61 value: "jenkins" 62 clouds: 63 - nomad: 64 name: "nomad" 65 nomadUrl: "https://{{env "attr.unique.network.ip-address"}}:4646" 66 tlsEnabled: true 67 serverCertificate: "/etc/ssl/certs/nomad-agent-ca.p12" 68 # the truststore only contains public certificates, password is irrelevant here 69 serverPassword: "123456" 70 clientPassword: 71 prune: true 72 templates: 73 - idleTerminationInMinutes: 10 74 jobTemplate: |- 75 { 76 "Job": { 77 "Region": "global", 78 "ID": "%WORKER_NAME%", 79 "Namespace": "default", 80 "Type": "batch", 81 "Datacenters": [ 82 "dc1" 83 ], 84 "TaskGroups": [ 85 { 86 "Name": "jenkins-podman-worker-taskgroup", 87 "Count": 1, 88 "RestartPolicy": { 89 "Attempts": 0, 90 "Interval": 10000000000, 91 "Mode": "fail", 92 "Delay": 1000000000 93 }, 94 "Tasks": [ 95 { 96 "Name": "jenkins-podman-worker", 97 "Driver": "podman", 98 "User": "1312", 99 "Config": { 100 "volumes": [ 101 "/run/user/1312/podman/podman.sock:/home/jenkins/agent/podman.sock", 102 "/etc/containers/registries.conf:/etc/containers/registries.conf", 103 "/home/jenkins/workspace:/home/jenkins/workspace" 104 ], 105 "force_pull": true, 106 "image": "127.0.0.1:5000/jenkins-inbound-agent:3327.v868139a_d00e0-v9" 107 }, 108 "Env": { 109 "REMOTING_OPTS": "-url http://{{ env "NOMAD_ADDR_jenkins" }} -name %WORKER_NAME% -secret %WORKER_SECRET% -tunnel {{ env "NOMAD_ADDR_jnlp" }}", 110 "DOCKER_HOST": "unix:///home/jenkins/agent/podman.sock" 111 }, 112 "Resources": { 113 "CPU": 500, 114 "MemoryMB": 512, 115 "MemoryMaxMB": 1024 116 } 117 } 118 ], 119 "EphemeralDisk": { 120 "SizeMB": 300 121 } 122 } 123 ] 124 } 125 } 126 labels: "nomad podman" # use the 'podman' label in the Jenkins pipeline spec 127 numExecutors: 1 128 prefix: "jenkins-podman" 129 reusable: true 130 workerTimeout: 1 131 # Configuration example for the Docker cloud to spawn Jenkins agents directly 132 # in Docker containers without intermediary Nomad jobs: 133 # - https://plugins.jenkins.io/docker-plugin/#plugin-content-jcasc-plugin 134 #- docker: 135 # name: "docker" 136 # containerCap: 3 137 # dockerApi: 138 # connectTimeout: 23 139 # dockerHost: 140 # uri: "unix:///home/jenkins/agent/podman.sock" 141 # readTimeout: 43 142 # errorDuration: 313 143 # templates: 144 # - connector: 145 # jnlp: 146 # jenkinsUrl: "http://{{ env "NOMAD_ADDR_jenkins" }}" 147 # user: "1312" 148 # dockerTemplateBase: 149 # image: "127.0.0.1:5000/jenkins-inbound-agent:latest" 150 # environment: 151 # - JENKINS_TUNNEL={{ env "NOMAD_ADDR_jnlp" }} 152 # - DOCKER_HOST=unix:///home/jenkins/agent/podman.sock 153 # labelString: "podman" 154 # name: "alpine-jdk21" 155 # pullTimeout: 171 156 # remoteFs: "/home/jenkins/agent" 157 158 # https://github.com/jenkinsci/theme-manager-plugin 159 appearance: 160 themeManager: 161 disableUserThemes: false 162 theme: "dark" 163 customHeader: 164 enabled: true 165 logo: 166 image: 167 logoUrl: "https://www.jenkins.io/images/logos/kongfu/kongfu.png" 168 loginTheme: 169 branding: "https://www.jenkins.io/images/logos/kongfu/kongfu.png"