nomad

HCL and Docker files for Nomad deployments
git clone https://git.in0rdr.ch/nomad.git
Log | Files | Refs | Pull requests |Archive

jenkins.yaml.tmpl (5948B)

      1 credentials:
      2   system:
      3     domainCredentials:
      4     - credentials:
      5       - vaultAppRoleCredential:
      6           description: "Jenkins approle on vault.in0rdr.ch"
      7           id: "vault.in0rdr.ch"
      8           path: "approle"
      9           roleId: "f22e8fa1-600b-8b3f-8d1f-5e1dbb7ffc76"
     10           scope: GLOBAL
     11           secretId: "{AQAAABAAAAAwkvKMbKxXt32PvPfvk1uKGiUy4Ah/+ns+/VBls3heRBJb0l2TtJ+e63J+CKf6hXtcbPPi44W+UCIR2DElovaIKA==}"
     12           usePolicies: false
     13 unclassified:
     14   location:
     15     adminAddress: "{{ if nomadVarExists "nomad/jobs/jenkins" -}}
     16     {{ with nomadVar "nomad/jobs/jenkins" }}{{ .admin_address }}{{ end -}}
     17     {{ else }}address not configured yet <nobody@nowhere>{{ end}}"
     18     url: "https://jenkins.in0rdr.ch"
     19   hashicorpVault:
     20     configuration:
     21       vaultCredentialId: "vault.in0rdr.ch"
     22       vaultUrl: "https://vault.in0rdr.ch"
     23   globalLibraries:
     24     libraries:
     25       - name: "in0rdr-jenkins-lib"
     26         retriever:
     27           modernSCM:
     28             scm:
     29               git:
     30                 remote: "https://git.in0rdr.ch/jenkins-lib.git"
     31   scmGit:
     32     globalConfigEmail: "jenkins@jenkins.in0rdr.ch"
     33     globalConfigName: "jenkins"
     34 jenkins:
     35   # https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/demos/jenkins/jenkins.yaml
     36   systemMessage: |
     37     {\__/}
     38     ( • . •)
     39     / >💾 Jenkins configured with Jenkins Configuration as Code plugin
     40   # Building on the built-in node can be a security issue. You should set the
     41   # number of executors on the built-in node to 0:
     42   # https://www.jenkins.io/doc/book/security/controller-isolation/#not-building-on-the-built-in-node
     43   numExecutors: 0
     44   slaveAgentPort: 50000
     45   authorizationStrategy:
     46     loggedInUsersCanDoAnything:
     47       allowAnonymousRead: false
     48   securityRealm:
     49     # https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos/embedded-userdatabase
     50     local:
     51       allowsSignup: false
     52       users:
     53         - id: in0rdr
     54           password: "{{with secret "kv/jenkins/users"}}{{index .Data.data.in0rdr}}{{end}}"
     55   globalNodeProperties:
     56   - envVars:
     57       env:
     58       - key: "GIT_AUTHOR_EMAIL"
     59         value: "jenkins@jenkins.in0rdr.ch"
     60       - key: "GIT_AUTHOR_NAME"
     61         value: "jenkins"
     62   clouds:
     63   - nomad:
     64       name: "nomad"
     65       nomadUrl: "https://{{env "attr.unique.network.ip-address"}}:4646"
     66       tlsEnabled: true
     67       serverCertificate: "/etc/ssl/certs/nomad-agent-ca.p12"
     68       # the truststore only contains public certificates, password is irrelevant here
     69       serverPassword: "123456"
     70       clientPassword:
     71       prune: true
     72       templates:
     73       - idleTerminationInMinutes: 10
     74         jobTemplate: |-
     75           {
     76             "Job": {
     77               "Region": "global",
     78               "ID": "%WORKER_NAME%",
     79               "Namespace": "default",
     80               "Type": "batch",
     81               "Datacenters": [
     82                 "dc1"
     83               ],
     84               "TaskGroups": [
     85                 {
     86                   "Name": "jenkins-podman-worker-taskgroup",
     87                   "Count": 1,
     88                   "RestartPolicy": {
     89                     "Attempts": 0,
     90                     "Interval": 10000000000,
     91                     "Mode": "fail",
     92                     "Delay": 1000000000
     93                   },
     94                   "Tasks": [
     95                     {
     96                       "Name": "jenkins-podman-worker",
     97                       "Driver": "podman",
     98                       "User": "1312",
     99                       "Config": {
    100                         "volumes": [
    101                           "/run/user/1312/podman/podman.sock:/home/jenkins/agent/podman.sock",
    102                           "/home/jenkins/workspace:/home/jenkins/workspace"
    103                         ],
    104                         "devices": [
    105                           "/dev/fuse"
    106                         ],
    107                         "force_pull": true,
    108                         "image": "127.0.0.1:5000/jenkins-inbound-agent:latest"
    109                       },
    110                       "Env": {
    111                         "JENKINS_URL": "http://{{ env "NOMAD_ADDR_jenkins" }}",
    112                         "JENKINS_AGENT_NAME": "%WORKER_NAME%",
    113                         "JENKINS_SECRET": "%WORKER_SECRET%",
    114                         "JENKINS_TUNNEL": "{{ env "NOMAD_ADDR_jnlp" }}",
    115                         "DOCKER_HOST": "unix:///home/jenkins/agent/podman.sock",
    116                         "DOCKER_OPTS": "--insecure-registry=\"haproxy.lan:5000\""
    117                       },
    118                       "Resources": {
    119                         "CPU": 500,
    120                         "MemoryMB": 512,
    121                         "MemoryMaxMB": 1024
    122                       }
    123                     }
    124                   ],
    125                   "EphemeralDisk": {
    126                     "SizeMB": 300
    127                   }
    128                 }
    129               ]
    130             }
    131           }
    132         labels: "nomad podman" # use the 'podman' label in the Jenkins pipeline spec
    133         numExecutors: 1
    134         prefix: "jenkins-podman"
    135         reusable: true
    136       workerTimeout: 1
    137   # Configuration example for the Docker cloud to spawn Jenkins agents directly
    138   # in Docker containers without intermediary Nomad jobs:
    139   # - https://plugins.jenkins.io/docker-plugin/#plugin-content-jcasc-plugin
    140   #- docker:
    141   #    name: "docker"
    142   #    containerCap: 3
    143   #    dockerApi:
    144   #      connectTimeout: 23
    145   #      dockerHost:
    146   #        uri: "unix:///home/jenkins/agent/podman.sock"
    147   #      readTimeout: 43
    148   #    errorDuration: 313
    149   #    templates:
    150   #    - connector:
    151   #        jnlp:
    152   #          jenkinsUrl: "http://{{ env "NOMAD_ADDR_jenkins" }}"
    153   #          user: "1312"
    154   #      dockerTemplateBase:
    155   #        image: "127.0.0.1:5000/jenkins-inbound-agent:latest"
    156   #        environment:
    157   #        - JENKINS_TUNNEL={{ env "NOMAD_ADDR_jnlp" }}
    158   #        - DOCKER_HOST=unix:///home/jenkins/agent/podman.sock
    159   #      labelString: "podman"
    160   #      name: "alpine-jdk21"
    161   #      pullTimeout: 171
    162   #      remoteFs: "/home/jenkins/agent"