jenkins.yaml.tmpl (5997B)
1 credentials: 2 system: 3 domainCredentials: 4 - credentials: 5 - vaultAppRoleCredential: 6 description: "Jenkins approle on vault.in0rdr.ch" 7 id: "vault.in0rdr.ch" 8 path: "approle" 9 roleId: "f22e8fa1-600b-8b3f-8d1f-5e1dbb7ffc76" 10 scope: GLOBAL 11 secretId: "{AQAAABAAAAAwkvKMbKxXt32PvPfvk1uKGiUy4Ah/+ns+/VBls3heRBJb0l2TtJ+e63J+CKf6hXtcbPPi44W+UCIR2DElovaIKA==}" 12 usePolicies: false 13 unclassified: 14 location: 15 adminAddress: "{{ if nomadVarExists "nomad/jobs/jenkins" -}} 16 {{ with nomadVar "nomad/jobs/jenkins" }}{{ .admin_address }}{{ end -}} 17 {{ else }}address not configured yet <nobody@nowhere>{{ end}}" 18 url: "https://jenkins.in0rdr.ch" 19 hashicorpVault: 20 configuration: 21 vaultCredentialId: "vault.in0rdr.ch" 22 vaultUrl: "https://vault.in0rdr.ch" 23 globalLibraries: 24 libraries: 25 - name: "in0rdr-jenkins-lib" 26 retriever: 27 modernSCM: 28 scm: 29 git: 30 remote: "https://git.in0rdr.ch/jenkins-lib.git" 31 scmGit: 32 globalConfigEmail: "jenkins@jenkins.in0rdr.ch" 33 globalConfigName: "jenkins" 34 jenkins: 35 # https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/demos/jenkins/jenkins.yaml 36 systemMessage: | 37 {\__/} 38 ( • . •) 39 / >💾 Jenkins configured with Jenkins Configuration as Code plugin 40 # Building on the built-in node can be a security issue. You should set the 41 # number of executors on the built-in node to 0: 42 # https://www.jenkins.io/doc/book/security/controller-isolation/#not-building-on-the-built-in-node 43 numExecutors: 0 44 slaveAgentPort: 50000 45 agentProtocols: 46 - "JNLP4-connect" 47 - "Ping" 48 authorizationStrategy: 49 loggedInUsersCanDoAnything: 50 allowAnonymousRead: false 51 securityRealm: 52 # https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos/embedded-userdatabase 53 local: 54 allowsSignup: false 55 users: 56 - id: in0rdr 57 password: "{{with secret "kv/jenkins/users"}}{{index .Data.data.in0rdr}}{{end}}" 58 globalNodeProperties: 59 - envVars: 60 env: 61 - key: "GIT_AUTHOR_EMAIL" 62 value: "jenkins@jenkins.in0rdr.ch" 63 - key: "GIT_AUTHOR_NAME" 64 value: "jenkins" 65 clouds: 66 - nomad: 67 name: "nomad" 68 nomadUrl: "https://{{env "attr.unique.network.ip-address"}}:4646" 69 tlsEnabled: true 70 serverCertificate: "/etc/ssl/certs/nomad-agent-ca.p12" 71 # the truststore only contains public certificates, password is irrelevant here 72 serverPassword: "123456" 73 clientPassword: 74 prune: true 75 templates: 76 - idleTerminationInMinutes: 10 77 jobTemplate: |- 78 { 79 "Job": { 80 "Region": "global", 81 "ID": "%WORKER_NAME%", 82 "Namespace": "default", 83 "Type": "batch", 84 "Datacenters": [ 85 "dc1" 86 ], 87 "TaskGroups": [ 88 { 89 "Name": "jenkins-podman-worker-taskgroup", 90 "Count": 1, 91 "RestartPolicy": { 92 "Attempts": 0, 93 "Interval": 10000000000, 94 "Mode": "fail", 95 "Delay": 1000000000 96 }, 97 "Tasks": [ 98 { 99 "Name": "jenkins-podman-worker", 100 "Driver": "podman", 101 "User": "1312", 102 "Config": { 103 "volumes": [ 104 "/run/user/1312/podman/podman.sock:/home/jenkins/agent/podman.sock", 105 "/home/jenkins/workspace:/home/jenkins/workspace" 106 ], 107 "devices": [ 108 "/dev/fuse" 109 ], 110 "force_pull": true, 111 "image": "127.0.0.1:5000/jenkins-inbound-agent:latest" 112 }, 113 "Env": { 114 "JENKINS_URL": "http://{{ env "NOMAD_ADDR_jenkins" }}", 115 "JENKINS_AGENT_NAME": "%WORKER_NAME%", 116 "JENKINS_SECRET": "%WORKER_SECRET%", 117 "JENKINS_TUNNEL": "{{ env "NOMAD_ADDR_jnlp" }}", 118 "DOCKER_HOST": "unix:///home/jenkins/agent/podman.sock", 119 "DOCKER_OPTS": "--insecure-registry=\"haproxy.lan:5000\"" 120 }, 121 "Resources": { 122 "CPU": 500, 123 "MemoryMB": 512, 124 "MemoryMaxMB": 1024 125 } 126 } 127 ], 128 "EphemeralDisk": { 129 "SizeMB": 300 130 } 131 } 132 ] 133 } 134 } 135 labels: "nomad podman" # use the 'podman' label in the Jenkins pipeline spec 136 numExecutors: 1 137 prefix: "jenkins-podman" 138 reusable: true 139 workerTimeout: 1 140 # Configuration example for the Docker cloud to spawn Jenkins agents directly 141 # in Docker containers without intermediary Nomad jobs: 142 # - https://plugins.jenkins.io/docker-plugin/#plugin-content-jcasc-plugin 143 #- docker: 144 # name: "docker" 145 # containerCap: 3 146 # dockerApi: 147 # connectTimeout: 23 148 # dockerHost: 149 # uri: "unix:///home/jenkins/agent/podman.sock" 150 # readTimeout: 43 151 # errorDuration: 313 152 # templates: 153 # - connector: 154 # jnlp: 155 # jenkinsUrl: "http://{{ env "NOMAD_ADDR_jenkins" }}" 156 # user: "1312" 157 # dockerTemplateBase: 158 # image: "127.0.0.1:5000/jenkins-inbound-agent:latest" 159 # environment: 160 # - JENKINS_TUNNEL={{ env "NOMAD_ADDR_jnlp" }} 161 # - DOCKER_HOST=unix:///home/jenkins/agent/podman.sock 162 # labelString: "podman" 163 # name: "alpine-jdk21" 164 # pullTimeout: 171 165 # remoteFs: "/home/jenkins/agent"