nomad

HCL and Docker files for Nomad deployments
git clone https://git.in0rdr.ch/nomad.git
Log | Files | Refs | Pull requests |Archive

jenkins.yaml.tmpl (6104B)

      1 credentials:
      2   system:
      3     domainCredentials:
      4     - credentials:
      5       - vaultAppRoleCredential:
      6           description: "Jenkins approle on vault.in0rdr.ch"
      7           id: "vault.in0rdr.ch"
      8           path: "approle"
      9           roleId: "f22e8fa1-600b-8b3f-8d1f-5e1dbb7ffc76"
     10           scope: GLOBAL
     11           secretId: "{AQAAABAAAAAwkvKMbKxXt32PvPfvk1uKGiUy4Ah/+ns+/VBls3heRBJb0l2TtJ+e63J+CKf6hXtcbPPi44W+UCIR2DElovaIKA==}"
     12           usePolicies: false
     13 unclassified:
     14   location:
     15     adminAddress: "{{ if nomadVarExists "nomad/jobs/jenkins" -}}
     16     {{ with nomadVar "nomad/jobs/jenkins" }}{{ .admin_address }}{{ end -}}
     17     {{ else }}address not configured yet <nobody@nowhere>{{ end}}"
     18     url: "https://jenkins.in0rdr.ch"
     19   hashicorpVault:
     20     configuration:
     21       vaultCredentialId: "vault.in0rdr.ch"
     22       vaultUrl: "https://vault.in0rdr.ch"
     23   globalLibraries:
     24     libraries:
     25       - name: "in0rdr-jenkins-lib"
     26         retriever:
     27           modernSCM:
     28             scm:
     29               git:
     30                 remote: "https://git.in0rdr.ch/jenkins-lib.git"
     31   scmGit:
     32     globalConfigEmail: "jenkins@jenkins.in0rdr.ch"
     33     globalConfigName: "jenkins"
     34 jenkins:
     35   # https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/demos/jenkins/jenkins.yaml
     36   systemMessage: |
     37     {\__/}
     38     ( • . •)
     39     / >💾 Jenkins configured with Jenkins Configuration as Code plugin
     40   # Building on the built-in node can be a security issue. You should set the
     41   # number of executors on the built-in node to 0:
     42   # https://www.jenkins.io/doc/book/security/controller-isolation/#not-building-on-the-built-in-node
     43   numExecutors: 0
     44   slaveAgentPort: 50000
     45   authorizationStrategy:
     46     loggedInUsersCanDoAnything:
     47       allowAnonymousRead: false
     48   securityRealm:
     49     # https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos/embedded-userdatabase
     50     local:
     51       allowsSignup: false
     52       users:
     53         - id: in0rdr
     54           password: "{{with secret "kv/jenkins/users"}}{{index .Data.data.in0rdr}}{{end}}"
     55   globalNodeProperties:
     56   - envVars:
     57       env:
     58       - key: "GIT_AUTHOR_EMAIL"
     59         value: "jenkins@jenkins.in0rdr.ch"
     60       - key: "GIT_AUTHOR_NAME"
     61         value: "jenkins"
     62   clouds:
     63   - nomad:
     64       name: "nomad"
     65       nomadUrl: "https://{{env "attr.unique.network.ip-address"}}:4646"
     66       tlsEnabled: true
     67       serverCertificate: "/etc/ssl/certs/nomad-agent-ca.p12"
     68       # the truststore only contains public certificates, password is irrelevant here
     69       serverPassword: "123456"
     70       clientPassword:
     71       prune: true
     72       templates:
     73       - idleTerminationInMinutes: 10
     74         jobTemplate: |-
     75           {
     76             "Job": {
     77               "Region": "global",
     78               "ID": "%WORKER_NAME%",
     79               "Namespace": "default",
     80               "Type": "batch",
     81               "Datacenters": [
     82                 "dc1"
     83               ],
     84               "TaskGroups": [
     85                 {
     86                   "Name": "jenkins-podman-worker-taskgroup",
     87                   "Count": 1,
     88                   "RestartPolicy": {
     89                     "Attempts": 0,
     90                     "Interval": 10000000000,
     91                     "Mode": "fail",
     92                     "Delay": 1000000000
     93                   },
     94                   "Tasks": [
     95                     {
     96                       "Name": "jenkins-podman-worker",
     97                       "Driver": "podman",
     98                       "User": "1312",
     99                       "Config": {
    100                         "volumes": [
    101                           "/run/user/1312/podman/podman.sock:/home/jenkins/agent/podman.sock",
    102                           "/etc/containers/registries.conf:/etc/containers/registries.conf",
    103                           "/home/jenkins/workspace:/home/jenkins/workspace"
    104                         ],
    105                         "force_pull": true,
    106                         "image": "127.0.0.1:5000/jenkins-inbound-agent:3327.v868139a_d00e0-v9"
    107                       },
    108                       "Env": {
    109                         "REMOTING_OPTS": "-url http://{{ env "NOMAD_ADDR_jenkins" }} -name %WORKER_NAME% -secret %WORKER_SECRET% -tunnel {{ env "NOMAD_ADDR_jnlp" }}",
    110                         "DOCKER_HOST": "unix:///home/jenkins/agent/podman.sock"
    111                       },
    112                       "Resources": {
    113                         "CPU": 500,
    114                         "MemoryMB": 512,
    115                         "MemoryMaxMB": 1024
    116                       }
    117                     }
    118                   ],
    119                   "EphemeralDisk": {
    120                     "SizeMB": 300
    121                   }
    122                 }
    123               ]
    124             }
    125           }
    126         labels: "nomad podman" # use the 'podman' label in the Jenkins pipeline spec
    127         numExecutors: 1
    128         prefix: "jenkins-podman"
    129         reusable: true
    130       workerTimeout: 1
    131   # Configuration example for the Docker cloud to spawn Jenkins agents directly
    132   # in Docker containers without intermediary Nomad jobs:
    133   # - https://plugins.jenkins.io/docker-plugin/#plugin-content-jcasc-plugin
    134   #- docker:
    135   #    name: "docker"
    136   #    containerCap: 3
    137   #    dockerApi:
    138   #      connectTimeout: 23
    139   #      dockerHost:
    140   #        uri: "unix:///home/jenkins/agent/podman.sock"
    141   #      readTimeout: 43
    142   #    errorDuration: 313
    143   #    templates:
    144   #    - connector:
    145   #        jnlp:
    146   #          jenkinsUrl: "http://{{ env "NOMAD_ADDR_jenkins" }}"
    147   #          user: "1312"
    148   #      dockerTemplateBase:
    149   #        image: "127.0.0.1:5000/jenkins-inbound-agent:latest"
    150   #        environment:
    151   #        - JENKINS_TUNNEL={{ env "NOMAD_ADDR_jnlp" }}
    152   #        - DOCKER_HOST=unix:///home/jenkins/agent/podman.sock
    153   #      labelString: "podman"
    154   #      name: "alpine-jdk21"
    155   #      pullTimeout: 171
    156   #      remoteFs: "/home/jenkins/agent"
    157 
    158 # https://github.com/jenkinsci/theme-manager-plugin
    159 appearance:
    160   themeManager:
    161     disableUserThemes: false
    162     theme: "dark"
    163   customHeader:
    164     enabled: true
    165     logo:
    166       image:
    167         logoUrl: "https://www.jenkins.io/images/logos/kongfu/kongfu.png"
    168   loginTheme:
    169     branding: "https://www.jenkins.io/images/logos/kongfu/kongfu.png"