diff --git a/Days/CICD/Jenkins/jenkins-namespace.yml b/Days/CICD/Jenkins/jenkins-namespace.yml new file mode 100644 index 0000000..69a4099 --- /dev/null +++ b/Days/CICD/Jenkins/jenkins-namespace.yml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: jenkins diff --git a/Days/CICD/Jenkins/jenkins-sa.yml b/Days/CICD/Jenkins/jenkins-sa.yml new file mode 100644 index 0000000..e161dc3 --- /dev/null +++ b/Days/CICD/Jenkins/jenkins-sa.yml @@ -0,0 +1,76 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: jenkins + namespace: jenkins +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + labels: + kubernetes.io/bootstrapping: rbac-defaults + name: jenkins +rules: +- apiGroups: + - '*' + resources: + - statefulsets + - services + - replicationcontrollers + - replicasets + - podtemplates + - podsecuritypolicies + - pods + - pods/log + - pods/exec + - podpreset + - poddisruptionbudget + - persistentvolumes + - persistentvolumeclaims + - jobs + - endpoints + - deployments + - deployments/scale + - daemonsets + - cronjobs + - configmaps + - namespaces + - events + - secrets + verbs: + - create + - get + - watch + - delete + - list + - patch + - update +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + labels: + kubernetes.io/bootstrapping: rbac-defaults + name: jenkins +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: jenkins +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:serviceaccounts:jenkins diff --git a/Days/CICD/Jenkins/jenkins-values.yml b/Days/CICD/Jenkins/jenkins-values.yml new file mode 100644 index 0000000..0c5fff7 --- /dev/null +++ b/Days/CICD/Jenkins/jenkins-values.yml @@ -0,0 +1,893 @@ +# Default values for jenkins. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +## Overrides for generated resource names +# See templates/_helpers.tpl +# nameOverride: +# fullnameOverride: +# namespaceOverride: + +# For FQDN resolving of the controller service. Change this value to match your existing configuration. +# ref: https://github.com/kubernetes/dns/blob/master/docs/specification.md +clusterZone: "cluster.local" + +renderHelmLabels: true + +controller: + # Used for label app.kubernetes.io/component + componentName: "jenkins-controller" + image: "jenkins/jenkins" + # tag: "2.332.1-jdk11" + tagLabel: jdk11 + imagePullPolicy: "Always" + imagePullSecretName: + # Optionally configure lifetime for controller-container + lifecycle: + # postStart: + # exec: + # command: + # - "uname" + # - "-a" + disableRememberMe: false + numExecutors: 0 + # configures the executor mode of the Jenkins node. Possible values are: NORMAL or EXCLUSIVE + executorMode: "NORMAL" + # This is ignored if enableRawHtmlMarkupFormatter is true + markupFormatter: plainText + customJenkinsLabels: [] + # The default configuration uses this secret to configure an admin user + # If you don't need that user or use a different security realm then you can disable it + adminSecret: true + + hostNetworking: false + # When enabling LDAP or another non-Jenkins identity source, the built-in admin account will no longer exist. + # If you disable the non-Jenkins identity store and instead use the Jenkins internal one, + # you should revert controller.adminUser to your preferred admin user: + adminUser: "admin" + # adminPassword: + admin: + existingSecret: "" + userKey: jenkins-admin-user + passwordKey: jenkins-admin-password + # This values should not be changed unless you use your custom image of jenkins or any devired from. If you want to use + # Cloudbees Jenkins Distribution docker, you should set jenkinsHome: "/var/cloudbees-jenkins-distribution" + jenkinsHome: "/var/jenkins_home" + # This values should not be changed unless you use your custom image of jenkins or any devired from. If you want to use + # Cloudbees Jenkins Distribution docker, you should set jenkinsRef: "/usr/share/cloudbees-jenkins-distribution/ref" + jenkinsRef: "/usr/share/jenkins/ref" + # Path to the jenkins war file which is used by jenkins-plugin-cli. + jenkinsWar: "/usr/share/jenkins/jenkins.war" + # Overrides the default arguments passed to the war + # overrideArgs: + # - --httpPort=8080 + resources: + requests: + cpu: "50m" + memory: "256Mi" + limits: + cpu: "2000m" + memory: "4096Mi" + # Overrides the init container default values + # initContainerResources: + # requests: + # cpu: "50m" + # memory: "256Mi" + # limits: + # cpu: "2000m" + # memory: "4096Mi" + # Environment variables that get added to the init container (useful for e.g. http_proxy) + # initContainerEnv: + # - name: http_proxy + # value: "http://192.168.64.1:3128" + # containerEnv: + # - name: http_proxy + # value: "http://192.168.64.1:3128" + # Set min/max heap here if needed with: + # javaOpts: "-Xms512m -Xmx512m" + # jenkinsOpts: "" + # If you are using the ingress definitions provided by this chart via the `controller.ingress` block the configured hostname will be the ingress hostname starting with `https://` or `http://` depending on the `tls` configuration. + # The Protocol can be overwritten by specifying `controller.jenkinsUrlProtocol`. + # jenkinsUrlProtocol: "https" + # If you are not using the provided ingress you can specify `controller.jenkinsUrl` to change the url definition. + # jenkinsUrl: "" + # If you set this prefix and use ingress controller then you might want to set the ingress path below + # jenkinsUriPrefix: "/jenkins" + # Enable pod security context (must be `true` if podSecurityContextOverride, runAsUser or fsGroup are set) + usePodSecurityContext: true + # Note that `runAsUser`, `fsGroup`, and `securityContextCapabilities` are + # being deprecated and replaced by `podSecurityContextOverride`. + # Set runAsUser to 1000 to let Jenkins run as non-root user 'jenkins' which exists in 'jenkins/jenkins' docker image. + # When setting runAsUser to a different value than 0 also set fsGroup to the same value: + runAsUser: 1000 + fsGroup: 1000 + # If you have PodSecurityPolicies that require dropping of capabilities as suggested by CIS K8s benchmark, put them here + securityContextCapabilities: {} + # drop: + # - NET_RAW + # Completely overwrites the contents of the `securityContext`, ignoring the + # values provided for the deprecated fields: `runAsUser`, `fsGroup`, and + # `securityContextCapabilities`. In the case of mounting an ext4 filesystem, + # it might be desirable to use `supplementalGroups` instead of `fsGroup` in + # the `securityContext` block: https://github.com/kubernetes/kubernetes/issues/67014#issuecomment-589915496 + # podSecurityContextOverride: + # runAsUser: 1000 + # runAsNonRoot: true + # supplementalGroups: [1000] + # # capabilities: {} + # Container securityContext + containerSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + servicePort: 8080 + targetPort: 8080 + # For minikube, set this to NodePort, elsewhere use LoadBalancer + # Use ClusterIP if your setup includes ingress controller + serviceType: ClusterIP + # Use Local to preserve the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, + # but risks potentially imbalanced traffic spreading. + serviceExternalTrafficPolicy: + # Jenkins controller service annotations + serviceAnnotations: {} + # Jenkins controller custom labels + statefulSetLabels: {} + # foo: bar + # bar: foo + # Jenkins controller service labels + serviceLabels: {} + # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https + # Put labels on Jenkins controller pod + podLabels: {} + # Used to create Ingress record (should used with ServiceType: ClusterIP) + # nodePort: + # -Dcom.sun.management.jmxremote.port=4000 + # -Dcom.sun.management.jmxremote.authenticate=false + # -Dcom.sun.management.jmxremote.ssl=false + # jmxPort: 4000 + # Optionally configure other ports to expose in the controller container + extraPorts: [] + # - name: BuildInfoProxy + # port: 9000 + + # List of plugins to be install during Jenkins controller start + installPlugins: + - kubernetes:1.31.3 + - workflow-aggregator:2.6 + - git:4.10.2 + - configuration-as-code:1.55.1 + + # Set to false to download the minimum required version of all dependencies. + installLatestPlugins: true + + # Set to true to download latest dependencies of any plugin that is requested to have the latest version. + installLatestSpecifiedPlugins: false + + # List of plugins to install in addition to those listed in controller.installPlugins + additionalPlugins: [] + + # Enable to initialize the Jenkins controller only once on initial installation. + # Without this, whenever the controller gets restarted (Evicted, etc.) it will fetch plugin updates which has the potential to cause breakage. + # Note that for this to work, `persistence.enabled` needs to be set to `true` + initializeOnce: false + + # Enable to always override the installed plugins with the values of 'controller.installPlugins' on upgrade or redeployment. + # overwritePlugins: true + + # Configures if plugins bundled with `controller.image` should be overwritten with the values of 'controller.installPlugins' on upgrade or redeployment. + overwritePluginsFromImage: true + + # Enable HTML parsing using OWASP Markup Formatter Plugin (antisamy-markup-formatter), useful with ghprb plugin. + # The plugin is not installed by default, please update controller.installPlugins. + enableRawHtmlMarkupFormatter: false + # Used to approve a list of groovy functions in pipelines used the script-security plugin. Can be viewed under /scriptApproval + scriptApproval: [] + # - "method groovy.json.JsonSlurperClassic parseText java.lang.String" + # - "new groovy.json.JsonSlurperClassic" + # List of groovy init scripts to be executed during Jenkins controller start + initScripts: [] + # - | + # print 'adding global pipeline libraries, register properties, bootstrap jobs...' + + # 'name' is a name of an existing secret in same namespace as jenkins, + # 'keyName' is the name of one of the keys inside current secret. + # the 'name' and 'keyName' are concatenated with a '-' in between, so for example: + # an existing secret "secret-credentials" and a key inside it named "github-password" should be used in Jcasc as ${secret-credentials-github-password} + # 'name' and 'keyName' must be lowercase RFC 1123 label must consist of lower case alphanumeric characters or '-', + # and must start and end with an alphanumeric character (e.g. 'my-name', or '123-abc') + additionalExistingSecrets: [] + # - name: secret-name-1 + # keyName: username + # - name: secret-name-1 + # keyName: password + + additionalSecrets: [] + # - name: nameOfSecret + # value: secretText + + # Generate SecretClaim resources in order to create Kubernetes secrets from HashiCorp Vault using kube-vault-controller. + # 'name' is name of the secret that will be created in Kubernetes. The Jenkins fullname is prepended to this value. + # 'path' is the fully qualified path to the secret in Vault + # 'type' is an optional Kubernetes secret type. Defaults to 'Opaque' + # 'renew' is an optional secret renewal time in seconds + secretClaims: [] + # - name: secretName # required + # path: testPath # required + # type: kubernetes.io/tls # optional + # renew: 60 # optional + + # Name of default cloud configuration. + cloudName: "kubernetes" + + # Below is the implementation of Jenkins Configuration as Code. Add a key under configScripts for each configuration area, + # where each corresponds to a plugin or section of the UI. Each key (prior to | character) is just a label, and can be any value. + # Keys are only used to give the section a meaningful name. The only restriction is they may only contain RFC 1123 \ DNS label + # characters: lowercase letters, numbers, and hyphens. The keys become the name of a configuration yaml file on the controller in + # /var/jenkins_home/casc_configs (by default) and will be processed by the Configuration as Code Plugin. The lines after each | + # become the content of the configuration yaml file. The first line after this is a JCasC root element, eg jenkins, credentials, + # etc. Best reference is https:///configuration-as-code/reference. The example below creates a welcome message: + JCasC: + defaultConfig: true + configScripts: {} + # welcome-message: | + # jenkins: + # systemMessage: Welcome to our CI\CD server. This Jenkins is configured and managed 'as code'. + # Ignored if securityRealm is defined in controller.JCasC.configScripts and + # ignored if controller.enableXmlConfig=true as controller.securityRealm takes precedence + securityRealm: |- + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + # Ignored if authorizationStrategy is defined in controller.JCasC.configScripts + authorizationStrategy: |- + loggedInUsersCanDoAnything: + allowAnonymousRead: false + # Optionally specify additional init-containers + customInitContainers: [] + # - name: custom-init + # image: "alpine:3.7" + # imagePullPolicy: Always + # command: [ "uname", "-a" ] + + sidecars: + configAutoReload: + # If enabled: true, Jenkins Configuration as Code will be reloaded on-the-fly without a reboot. If false or not-specified, + # jcasc changes will cause a reboot and will only be applied at the subsequent start-up. Auto-reload uses the + # http:///reload-configuration-as-code endpoint to reapply config when changes to the configScripts are detected. + enabled: true + image: kiwigrid/k8s-sidecar:1.15.0 + imagePullPolicy: IfNotPresent + resources: {} + # limits: + # cpu: 100m + # memory: 100Mi + # requests: + # cpu: 50m + # memory: 50Mi + # How many connection-related errors to retry on + reqRetryConnect: 10 + # env: + # - name: REQ_TIMEOUT + # value: "30" + # SSH port value can be set to any unused TCP port. The default, 1044, is a non-standard SSH port that has been chosen at random. + # Is only used to reload jcasc config from the sidecar container running in the Jenkins controller pod. + # This TCP port will not be open in the pod (unless you specifically configure this), so Jenkins will not be + # accessible via SSH from outside of the pod. Note if you use non-root pod privileges (runAsUser & fsGroup), + # this must be > 1024: + sshTcpPort: 1044 + # folder in the pod that should hold the collected dashboards: + folder: "/var/jenkins_home/casc_configs" + # If specified, the sidecar will search for JCasC config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces: + # searchNamespace: + containerSecurityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + + # Allows you to inject additional/other sidecars + other: [] + ## The example below runs the client for https://smee.io as sidecar container next to Jenkins, + ## that allows to trigger build behind a secure firewall. + ## https://jenkins.io/blog/2019/01/07/webhook-firewalls/#triggering-builds-with-webhooks-behind-a-secure-firewall + ## + ## Note: To use it you should go to https://smee.io/new and update the url to the generete one. + # - name: smee + # image: docker.io/twalter/smee-client:1.0.2 + # args: ["--port", "{{ .Values.controller.servicePort }}", "--path", "/github-webhook/", "--url", "https://smee.io/new"] + # resources: + # limits: + # cpu: 50m + # memory: 128Mi + # requests: + # cpu: 10m + # memory: 32Mi + # Name of the Kubernetes scheduler to use + schedulerName: "" + # Node labels and tolerations for pod assignment + # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + nodeSelector: {} + + terminationGracePeriodSeconds: + + terminationMessagePath: + terminationMessagePolicy: + + tolerations: [] + + affinity: {} + # Leverage a priorityClass to ensure your pods survive resource shortages + # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + priorityClassName: + + podAnnotations: {} + # Add StatefulSet annotations + statefulSetAnnotations: {} + + # StatefulSet updateStrategy + # ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + updateStrategy: {} + + ingress: + enabled: false + # Override for the default paths that map requests to the backend + paths: [] + # - backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + # - backend: + # serviceName: >- + # {{ template "jenkins.fullname" . }} + # # Don't use string here, use only integer value! + # servicePort: 8080 + # For Kubernetes v1.14+, use 'networking.k8s.io/v1beta1' + # For Kubernetes v1.19+, use 'networking.k8s.io/v1' + apiVersion: "extensions/v1beta1" + labels: {} + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + # Set this path to jenkinsUriPrefix above or use annotations to rewrite path + # path: "/jenkins" + # configures the hostname e.g. jenkins.example.com + hostName: + tls: + # - secretName: jenkins.cluster.local + # hosts: + # - jenkins.cluster.local + + # often you want to have your controller all locked down and private + # but you still want to get webhooks from your SCM + # A secondary ingress will let you expose different urls + # with a differnt configuration + secondaryingress: + enabled: false + # paths you want forwarded to the backend + # ex /github-webhook + paths: [] + # For Kubernetes v1.14+, use 'networking.k8s.io/v1beta1' + # For Kubernetes v1.19+, use 'networking.k8s.io/v1' + apiVersion: "extensions/v1beta1" + labels: {} + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + # configures the hostname e.g. jenkins-external.example.com + hostName: + tls: + # - secretName: jenkins-external.example.com + # hosts: + # - jenkins-external.example.com + + # If you're running on GKE and need to configure a backendconfig + # to finish ingress setup, use the following values. + # Docs: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig + backendconfig: + enabled: false + apiVersion: "extensions/v1beta1" + name: + labels: {} + annotations: {} + spec: {} + + # Openshift route + route: + enabled: false + labels: {} + annotations: {} + # path: "/jenkins" + + # controller.hostAliases allows for adding entries to Pod /etc/hosts: + # https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + hostAliases: [] + # - ip: 192.168.50.50 + # hostnames: + # - something.local + # - ip: 10.0.50.50 + # hostnames: + # - other.local + + # Expose Prometheus metrics + prometheus: + # If enabled, add the prometheus plugin to the list of plugins to install + # https://plugins.jenkins.io/prometheus + enabled: false + # Additional labels to add to the ServiceMonitor object + serviceMonitorAdditionalLabels: {} + # Set a custom namespace where to deploy ServiceMonitor resource + # serviceMonitorNamespace: monitoring + scrapeInterval: 60s + # This is the default endpoint used by the prometheus plugin + scrapeEndpoint: /prometheus + # Additional labels to add to the PrometheusRule object + alertingRulesAdditionalLabels: {} + # An array of prometheus alerting rules + # See here: https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/ + # The `groups` root object is added by default, simply add the rule entries + alertingrules: [] + # Set a custom namespace where to deploy PrometheusRule resource + prometheusRuleNamespace: "" + + # Can be used to disable rendering controller test resources when using helm template + testEnabled: true + + httpsKeyStore: + jenkinsHttpsJksSecretName: '' + enable: false + httpPort: 8081 + path: "/var/jenkins_keystore" + fileName: "keystore.jks" + password: "password" + # Convert keystore.jks files content to base64 ( cat keystore.jks | base64 ) and put the output here + jenkinsKeyStoreBase64Encoded: | + /u3+7QAAAAIAAAABAAAAAQANamVua2luc2NpLmNvbQAAAW2r/b1ZAAAFATCCBP0wDgYKKwYBBAEq + AhEBAQUABIIE6QbCqasvoHS0pSwYqSvdydMCB9t+VNfwhFIiiuAelJfO5sSe2SebJbtwHgLcRz1Z + gMtWgOSFdl3bWSzA7vrW2LED52h+jXLYSWvZzuDuh8hYO85m10ikF6QR+dTi4jra0whIFDvq3pxe + TnESxEsN+DvbZM3jA3qsjQJSeISNpDjO099dqQvHpnCn18lyk7J4TWJ8sOQQb1EM2zDAfAOSqA/x + QuPEFl74DlY+5DIk6EBvpmWhaMSvXzWZACGA0sYqa157dq7O0AqmuLG/EI5EkHETO4CrtBW+yLcy + 2dUCXOMA+j+NjM1BjrQkYE5vtSfNO6lFZcISyKo5pTFlcA7ut0Fx2nZ8GhHTn32CpeWwNcZBn1gR + pZVt6DxVVkhTAkMLhR4rL2wGIi/1WRs23ZOLGKtyDNvDHnQyDiQEoJGy9nAthA8aNHa3cfdF10vB + Drb19vtpFHmpvKEEhpk2EBRF4fTi644Fuhu2Ied6118AlaPvEea+n6G4vBz+8RWuVCmZjLU+7h8l + Hy3/WdUPoIL5eW7Kz+hS+sRTFzfu9C48dMkQH3a6f3wSY+mufizNF9U298r98TnYy+PfDJK0bstG + Ph6yPWx8DGXKQBwrhWJWXI6JwZDeC5Ny+l8p1SypTmAjpIaSW3ge+KgcL6Wtt1R5hUV1ajVwVSUi + HF/FachKqPqyLJFZTGjNrxnmNYpt8P1d5JTvJfmfr55Su/P9n7kcyWp7zMcb2Q5nlXt4tWogOHLI + OzEWKCacbFfVHE+PpdrcvCVZMDzFogIq5EqGTOZe2poPpBVE+1y9mf5+TXBegy5HToLWvmfmJNTO + NCDuBjgLs2tdw2yMPm4YEr57PnMX5gGTC3f2ZihXCIJDCRCdQ9sVBOjIQbOCzxFXkVITo0BAZhCi + Yz61wt3Ud8e//zhXWCkCsSV+IZCxxPzhEFd+RFVjW0Nm9hsb2FgAhkXCjsGROgoleYgaZJWvQaAg + UyBzMmKDPKTllBHyE3Gy1ehBNGPgEBChf17/9M+j8pcm1OmlM434ctWQ4qW7RU56//yq1soFY0Te + fu2ei03a6m68fYuW6s7XEEK58QisJWRAvEbpwu/eyqfs7PsQ+zSgJHyk2rO95IxdMtEESb2GRuoi + Bs+AHNdYFTAi+GBWw9dvEgqQ0Mpv0//6bBE/Fb4d7b7f56uUNnnE7mFnjGmGQN+MvC62pfwfvJTT + EkT1iZ9kjM9FprTFWXT4UmO3XTvesGeE50sV9YPm71X4DCQwc4KE8vyuwj0s6oMNAUACW2ClU9QQ + y0tRpaF1tzs4N42Q5zl0TzWxbCCjAtC3u6xf+c8MCGrr7DzNhm42LOQiHTa4MwX4x96q7235oiAU + iQqSI/hyF5yLpWw4etyUvsx2/0/0wkuTU1FozbLoCWJEWcPS7QadMrRRISxHf0YobIeQyz34regl + t1qSQ3dCU9D6AHLgX6kqllx4X0fnFq7LtfN7fA2itW26v+kAT2QFZ3qZhINGfofCja/pITC1uNAZ + gsJaTMcQ600krj/ynoxnjT+n1gmeqThac6/Mi3YlVeRtaxI2InL82ZuD+w/dfY9OpPssQjy3xiQa + jPuaMWXRxz/sS9syOoGVH7XBwKrWpQcpchozWJt40QV5DslJkclcr8aC2AGlzuJMTdEgz1eqV0+H + bAXG9HRHN/0eJTn1/QAAAAEABVguNTA5AAADjzCCA4swggJzAhRGqVxH4HTLYPGO4rzHcCPeGDKn + xTANBgkqhkiG9w0BAQsFADCBgTELMAkGA1UEBhMCY2ExEDAOBgNVBAgMB29udGFyaW8xEDAOBgNV + BAcMB3Rvcm9udG8xFDASBgNVBAoMC2plbmtpbnN0ZXN0MRkwFwYDVQQDDBBqZW5raW5zdGVzdC5p + bmZvMR0wGwYJKoZIhvcNAQkBFg50ZXN0QHRlc3QuaW5mbzAeFw0xOTEwMDgxNTI5NTVaFw0xOTEx + MDcxNTI5NTVaMIGBMQswCQYDVQQGEwJjYTEQMA4GA1UECAwHb250YXJpbzEQMA4GA1UEBwwHdG9y + b250bzEUMBIGA1UECgwLamVua2luc3Rlc3QxGTAXBgNVBAMMEGplbmtpbnN0ZXN0LmluZm8xHTAb + BgkqhkiG9w0BCQEWDnRlc3RAdGVzdC5pbmZvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC + AQEA02q352JTHGvROMBhSHvSv+vnoOTDKSTz2aLQn0tYrIRqRo+8bfmMjXuhkwZPSnCpvUGNAJ+w + Jrt/dqMoYUjCBkjylD/qHmnXN5EwS1cMg1Djh65gi5JJLFJ7eNcoSsr/0AJ+TweIal1jJSP3t3PF + 9Uv21gm6xdm7HnNK66WpUUXLDTKaIs/jtagVY1bLOo9oEVeLN4nT2CYWztpMvdCyEDUzgEdDbmrP + F5nKUPK5hrFqo1Dc5rUI4ZshL3Lpv398aMxv6n2adQvuL++URMEbXXBhxOrT6rCtYzbcR5fkwS9i + d3Br45CoWOQro02JAepoU0MQKY5+xQ4Bq9Q7tB9BAwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAe + 4xc+mSvKkrKBHg9/zpkWgZUiOp4ENJCi8H4tea/PCM439v6y/kfjT/okOokFvX8N5aa1OSz2Vsrl + m8kjIc6hiA7bKzT6lb0EyjUShFFZ5jmGVP4S7/hviDvgB5yEQxOPpumkdRP513YnEGj/o9Pazi5h + /MwpRxxazoda9r45kqQpyG+XoM4pB+Fd3JzMc4FUGxfVPxJU4jLawnJJiZ3vqiSyaB0YyUL+Er1Q + 6NnqtR4gEBF0ZVlQmkycFvD4EC2boP943dLqNUvop+4R3SM1QMM6P5u8iTXtHd/VN4MwMyy1wtog + hYAzODo1Jt59pcqqKJEas0C/lFJEB3frw4ImNx5fNlJYOpx+ijfQs9m39CevDq0= + +agent: + enabled: true + defaultsProviderTemplate: "" + # URL for connecting to the Jenkins contoller + jenkinsUrl: + # connect to the specified host and port, instead of connecting directly to the Jenkins controller + jenkinsTunnel: + kubernetesConnectTimeout: 5 + kubernetesReadTimeout: 15 + maxRequestsPerHostStr: "32" + namespace: + image: "jenkins/inbound-agent" + tag: "4.11.2-4" + workingDir: "/home/jenkins/agent" + nodeUsageMode: "NORMAL" + customJenkinsLabels: [] + # name of the secret to be used for image pulling + imagePullSecretName: + componentName: "jenkins-agent" + websocket: false + privileged: false + runAsUser: + runAsGroup: + resources: + requests: + cpu: "512m" + memory: "512Mi" + limits: + cpu: "512m" + memory: "512Mi" + # You may want to change this to true while testing a new image + alwaysPullImage: false + # Controls how agent pods are retained after the Jenkins build completes + # Possible values: Always, Never, OnFailure + podRetention: "Never" + # Disable if you do not want the Yaml the agent pod template to show up + # in the job Console Output. This can be helpful for either security reasons + # or simply to clean up the output to make it easier to read. + showRawYaml: true + # You can define the volumes that you want to mount for this container + # Allowed types are: ConfigMap, EmptyDir, HostPath, Nfs, PVC, Secret + # Configure the attributes as they appear in the corresponding Java class for that type + # https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes + volumes: [] + # - type: ConfigMap + # configMapName: myconfigmap + # mountPath: /var/myapp/myconfigmap + # - type: EmptyDir + # mountPath: /var/myapp/myemptydir + # memory: false + # - type: HostPath + # hostPath: /var/lib/containers + # mountPath: /var/myapp/myhostpath + # - type: Nfs + # mountPath: /var/myapp/mynfs + # readOnly: false + # serverAddress: "192.0.2.0" + # serverPath: /var/lib/containers + # - type: PVC + # claimName: mypvc + # mountPath: /var/myapp/mypvc + # readOnly: false + # - type: Secret + # defaultMode: "600" + # mountPath: /var/myapp/mysecret + # secretName: mysecret + # Pod-wide environment, these vars are visible to any container in the agent pod + + # You can define the workspaceVolume that you want to mount for this container + # Allowed types are: DynamicPVC, EmptyDir, HostPath, Nfs, PVC + # Configure the attributes as they appear in the corresponding Java class for that type + # https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes/workspace + workspaceVolume: {} + ## DynamicPVC example + # type: DynamicPVC + # configMapName: myconfigmap + ## EmptyDir example + # type: EmptyDir + # memory: false + ## HostPath example + # type: HostPath + # hostPath: /var/lib/containers + ## NFS example + # type: Nfs + # readOnly: false + # serverAddress: "192.0.2.0" + # serverPath: /var/lib/containers + ## PVC example + # type: PVC + # claimName: mypvc + # readOnly: false + # + # Pod-wide environment, these vars are visible to any container in the agent pod + envVars: [] + # - name: PATH + # value: /usr/local/bin + nodeSelector: {} + # Key Value selectors. Ex: + # jenkins-agent: v1 + + # Executed command when side container gets started + command: + args: "${computer.jnlpmac} ${computer.name}" + # Side container name + sideContainerName: "jnlp" + # Doesn't allocate pseudo TTY by default + TTYEnabled: false + # Max number of spawned agent + containerCap: 10 + # Pod name + podName: "default" + # Allows the Pod to remain active for reuse until the configured number of + # minutes has passed since the last step was executed on it. + idleMinutes: 0 + # Raw yaml template for the Pod. For example this allows usage of toleration for agent pods. + # https://github.com/jenkinsci/kubernetes-plugin#using-yaml-to-define-pod-templates + # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + yamlTemplate: "" + # yamlTemplate: |- + # apiVersion: v1 + # kind: Pod + # spec: + # tolerations: + # - key: "key" + # operator: "Equal" + # value: "value" + # Defines how the raw yaml field gets merged with yaml definitions from inherited pod templates: merge or override + yamlMergeStrategy: "override" + # Timeout in seconds for an agent to be online + connectTimeout: 100 + # Annotations to apply to the pod. + annotations: {} + + # Below is the implementation of custom pod templates for the default configured kubernetes cloud. + # Add a key under podTemplates for each pod template. Each key (prior to | character) is just a label, and can be any value. + # Keys are only used to give the pod template a meaningful name. The only restriction is they may only contain RFC 1123 \ DNS label + # characters: lowercase letters, numbers, and hyphens. Each pod template can contain multiple containers. + # For this pod templates configuration to be loaded the following values must be set: + # controller.JCasC.defaultConfig: true + # Best reference is https:///configuration-as-code/reference#Cloud-kubernetes. The example below creates a python pod template. + podTemplates: {} + # python: | + # - name: python + # label: jenkins-python + # serviceAccount: jenkins + # containers: + # - name: python + # image: python:3 + # command: "/bin/sh -c" + # args: "cat" + # ttyEnabled: true + # privileged: true + # resourceRequestCpu: "400m" + # resourceRequestMemory: "512Mi" + # resourceLimitCpu: "1" + # resourceLimitMemory: "1024Mi" + +# Here you can add additional agents +# They inherit all values from `agent` so you only need to specify values which differ +additionalAgents: {} +# maven: +# podName: maven +# customJenkinsLabels: maven +# # An example of overriding the jnlp container +# # sideContainerName: jnlp +# image: jenkins/jnlp-agent-maven +# tag: latest +# python: +# podName: python +# customJenkinsLabels: python +# sideContainerName: python +# image: python +# tag: "3" +# command: "/bin/sh -c" +# args: "cat" +# TTYEnabled: true + +persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + existingClaim: + ## jenkins data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: jenkins-pv + annotations: {} + labels: {} + accessMode: "ReadWriteOnce" + size: "8Gi" + volumes: + # - name: nothing + # emptyDir: {} + mounts: + # - mountPath: /var/nothing + # name: nothing + # readOnly: true + +networkPolicy: + # Enable creation of NetworkPolicy resources. + enabled: false + # For Kubernetes v1.4, v1.5 and v1.6, use 'extensions/v1beta1' + # For Kubernetes v1.7, use 'networking.k8s.io/v1' + apiVersion: networking.k8s.io/v1 + # You can allow agents to connect from both within the cluster (from within specific/all namespaces) AND/OR from a given external IP range + internalAgents: + allowed: true + podLabels: {} + namespaceLabels: {} + # project: myproject + externalAgents: {} + # ipCIDR: 172.17.0.0/16 + # except: + # - 172.17.1.0/24 + +## Install Default RBAC roles and bindings +rbac: + create: true + readSecrets: false + +serviceAccount: + create: false + # The name of the service account is autogenerated by default + name: jenkins + annotations: {} + imagePullSecretName: + + +serviceAccountAgent: + # Specifies whether a ServiceAccount should be created + create: false + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + annotations: {} + imagePullSecretName: + +## Backup cronjob configuration +## Ref: https://github.com/maorfr/kube-tasks +backup: + # Backup must use RBAC + # So by enabling backup you are enabling RBAC specific for backup + enabled: false + # Used for label app.kubernetes.io/component + componentName: "backup" + # Schedule to run jobs. Must be in cron time format + # Ref: https://crontab.guru/ + schedule: "0 2 * * *" + labels: {} + serviceAccount: + create: true + name: + annotations: {} + # Example for authorization to AWS S3 using kube2iam or IRSA + # Can also be done using environment variables + # iam.amazonaws.com/role: "jenkins" + # "eks.amazonaws.com/role-arn": "arn:aws:iam::123456789012:role/jenkins-backup" + # Set this to terminate the job that is running/failing continously and set the job status to "Failed" + activeDeadlineSeconds: "" + image: + repository: "maorfr/kube-tasks" + tag: "0.2.0" + # Additional arguments for kube-tasks + # Ref: https://github.com/maorfr/kube-tasks#simple-backup + extraArgs: [] + # Add existingSecret for AWS credentials + existingSecret: {} + ## Example for using an existing secret + # jenkinsaws: + ## Use this key for AWS access key ID + # awsaccesskey: jenkins_aws_access_key + ## Use this key for AWS secret access key + # awssecretkey: jenkins_aws_secret_key + # Add additional environment variables + # jenkinsgcp: + ## Use this key for GCP credentials + # gcpcredentials: credentials.json + env: [] + # Example environment variable required for AWS credentials chain + # - name: "AWS_REGION" + # value: "us-east-1" + resources: + requests: + memory: 1Gi + cpu: 1 + limits: + memory: 1Gi + cpu: 1 + # Destination to store the backup artifacts + # Supported cloud storage services: AWS S3, Minio S3, Azure Blob Storage, Google Cloud Storage + # Additional support can added. Visit this repository for details + # Ref: https://github.com/maorfr/skbn + destination: "s3://jenkins-data/backup" + # By enabling only the jenkins_home/jobs folder gets backed up, not the whole jenkins instance + onlyJobs: false + # Enable backup pod security context (must be `true` if runAsUser or fsGroup are set) + usePodSecurityContext: true + # When setting runAsUser to a different value than 0 also set fsGroup to the same value: + runAsUser: 1000 + fsGroup: 1000 + securityContextCapabilities: {} + # drop: + # - NET_RAW +checkDeprecation: true + +awsSecurityGroupPolicies: + enabled: false + policies: + - name: "" + securityGroupIds: [] + podSelector: {} diff --git a/Days/CICD/Jenkins/jenkins-volume.yml b/Days/CICD/Jenkins/jenkins-volume.yml new file mode 100644 index 0000000..fc60626 --- /dev/null +++ b/Days/CICD/Jenkins/jenkins-volume.yml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: jenkins-pv + namespace: jenkins +spec: + storageClassName: jenkins-pv + accessModes: + - ReadWriteOnce + capacity: + storage: 20Gi + persistentVolumeReclaimPolicy: Retain + hostPath: + path: /data/jenkins-volume/ diff --git a/Days/CICD/Jenkins/steps.md b/Days/CICD/Jenkins/steps.md new file mode 100644 index 0000000..55e3c4b --- /dev/null +++ b/Days/CICD/Jenkins/steps.md @@ -0,0 +1,37 @@ +## Steps taken to deploy Jenkins + +minikube start + +kubectl create namespace jenkins or kubectl create -f jenkins-namespace.yml + +kubectl get namespaces + +helm repo list + +helm repo add jenkinsci https://charts.jenkins.io + +helm repo update + +kubectl apply -f jenkins-volume.yml + +kubectl apply -f jenkins-sa.yml + +chart=jenkinsci/jenkins +helm install jenkins -n jenkins -f jenkins-values.yml $chart + +minikube ssh +sudo chown -R 1000:1000 /data/jenkins-volume + +kubectl delete pod jenkins-0 -n jenkins + +kubectl get pods -n jenkins -w + +kubectl exec --namespace jenkins -it svc/jenkins -c jenkins -- /bin/cat /run/secrets/chart-admin-password && echo + +kubectl --namespace jenkins port-forward svc/jenkins 8080:8080 + +open browser and login to http://localhost:8080 + +perform plugin updates + + diff --git a/Days/Images/Day71_CICD4.png b/Days/Images/Day71_CICD4.png index 0b79855..bad15fd 100644 Binary files a/Days/Images/Day71_CICD4.png and b/Days/Images/Day71_CICD4.png differ diff --git a/Days/Images/Day72_CICD1.png b/Days/Images/Day72_CICD1.png new file mode 100644 index 0000000..b9df7c0 Binary files /dev/null and b/Days/Images/Day72_CICD1.png differ diff --git a/Days/Images/Day72_CICD10.png b/Days/Images/Day72_CICD10.png new file mode 100644 index 0000000..f01d728 Binary files /dev/null and b/Days/Images/Day72_CICD10.png differ diff --git a/Days/Images/Day72_CICD11.png b/Days/Images/Day72_CICD11.png new file mode 100644 index 0000000..459aa40 Binary files /dev/null and b/Days/Images/Day72_CICD11.png differ diff --git a/Days/Images/Day72_CICD12.png b/Days/Images/Day72_CICD12.png new file mode 100644 index 0000000..358a7e0 Binary files /dev/null and b/Days/Images/Day72_CICD12.png differ diff --git a/Days/Images/Day72_CICD13.png b/Days/Images/Day72_CICD13.png new file mode 100644 index 0000000..e2992c4 Binary files /dev/null and b/Days/Images/Day72_CICD13.png differ diff --git a/Days/Images/Day72_CICD14.png b/Days/Images/Day72_CICD14.png new file mode 100644 index 0000000..99515fd Binary files /dev/null and b/Days/Images/Day72_CICD14.png differ diff --git a/Days/Images/Day72_CICD15.png b/Days/Images/Day72_CICD15.png new file mode 100644 index 0000000..3132a1f Binary files /dev/null and b/Days/Images/Day72_CICD15.png differ diff --git a/Days/Images/Day72_CICD16.png b/Days/Images/Day72_CICD16.png new file mode 100644 index 0000000..bef6f2e Binary files /dev/null and b/Days/Images/Day72_CICD16.png differ diff --git a/Days/Images/Day72_CICD17.png b/Days/Images/Day72_CICD17.png new file mode 100644 index 0000000..c1b716f Binary files /dev/null and b/Days/Images/Day72_CICD17.png differ diff --git a/Days/Images/Day72_CICD18.png b/Days/Images/Day72_CICD18.png new file mode 100644 index 0000000..9656c9b Binary files /dev/null and b/Days/Images/Day72_CICD18.png differ diff --git a/Days/Images/Day72_CICD2.png b/Days/Images/Day72_CICD2.png new file mode 100644 index 0000000..629c90d Binary files /dev/null and b/Days/Images/Day72_CICD2.png differ diff --git a/Days/Images/Day72_CICD3.png b/Days/Images/Day72_CICD3.png new file mode 100644 index 0000000..3fad279 Binary files /dev/null and b/Days/Images/Day72_CICD3.png differ diff --git a/Days/Images/Day72_CICD4.png b/Days/Images/Day72_CICD4.png new file mode 100644 index 0000000..02ba06b Binary files /dev/null and b/Days/Images/Day72_CICD4.png differ diff --git a/Days/Images/Day72_CICD5.png b/Days/Images/Day72_CICD5.png new file mode 100644 index 0000000..54d593e Binary files /dev/null and b/Days/Images/Day72_CICD5.png differ diff --git a/Days/Images/Day72_CICD6.png b/Days/Images/Day72_CICD6.png new file mode 100644 index 0000000..10522a1 Binary files /dev/null and b/Days/Images/Day72_CICD6.png differ diff --git a/Days/Images/Day72_CICD7.png b/Days/Images/Day72_CICD7.png new file mode 100644 index 0000000..4d79895 Binary files /dev/null and b/Days/Images/Day72_CICD7.png differ diff --git a/Days/Images/Day72_CICD8.png b/Days/Images/Day72_CICD8.png new file mode 100644 index 0000000..e81d623 Binary files /dev/null and b/Days/Images/Day72_CICD8.png differ diff --git a/Days/Images/Day72_CICD9.png b/Days/Images/Day72_CICD9.png new file mode 100644 index 0000000..72ab6ce Binary files /dev/null and b/Days/Images/Day72_CICD9.png differ diff --git a/Days/day72.md b/Days/day72.md index 39f9cad..d784c0f 100644 --- a/Days/day72.md +++ b/Days/day72.md @@ -1,25 +1,153 @@ ## Getting hands on with Jenkins +The plan today is to get some hands on with Jenkins and make something happen as part of our CI pipeline, looking at some example code bases that we can use. + ### What is a pipeline? -https://www.jenkins.io/doc/book/pipeline/#ji-toolbar +Before we start we need to know what is a pipeline when it comes to CI, and we already covered this in the session yesterday with the following image. +![](Images/Day71_CICD4.png) + +We want to take the processes or steps above and we want to automate them to get an outcome eventually meaning that we have a deployed application that we can then ship to our customers, end users etc. + +This automated process enables us to have a version control through to our users and customers. Every change, feature enhancement, bug fix etc goes through this automated process confirming that everything is fine without too much manual intervention to ensure our code is good. + +This process involves building the software in a reliable and repeatable manner, as well as progressing the built software (called a "build") through multiple stages of testing and deployment. + +A jenkins pipeline, is written into a text file called a Jenkinsfile. Which itself should be committed to a source control repository. This is also known as Pipeline as code, we could also very much liken this to Infrastructure as code which we covered a few weeks back. + +[Jenkins Pipeline Definition](https://www.jenkins.io/doc/book/pipeline/#ji-toolbar) ### Deploying Jenkins -https://www.jenkins.io/doc/book/installing/kubernetes/ +I had some fun deploying Jenkins, You will notice from the [documentation](https://www.jenkins.io/doc/book/installing/) that there are many options on where you can install Jenkins. + +Given that I have minikube on hand and we have used this a number of times I wanted to use this for this task also. (also it is free!) Although the steps given in the [Kubernetes Installation](https://www.jenkins.io/doc/book/installing/kubernetes/) had me hitting a wall and not getting things up and running, you can compare the two when I document my steps here. + +The first step is to get our minikube cluster up and running, we can simply do this with the `minikube start` command. + +![](Images/Day72_CICD1.png) + +I have added a folder with all the YAML configuration and values that can be found [here](days/CICD/Jenkins) Now that we have our cluster we can run the following to create our jenkins namespace. `kubectl create -f jenkins-namespace.yml` + +![](Images/Day72_CICD2.png) + +We will be using Helm to deploy jenkins into our cluster, we covered helm in the Kubernetes section. We firstly need to add the jenkinsci helm repository `helm repo add jenkinsci https://charts.jenkins.io` then update our charts `helm repo update`. + +![](Images/Day72_CICD3.png) + +The idea behind Jenkins is that it is going to save state for its pipelines, you can run the above helm installation without persistence but if those pods are rebooted, changed or modified then any pipeline or configuration you have made will be lost. We will create a volume for persistence using the jenkins-volume.yml file with the `kubectl apply -f jenkins-volume.yml` command. + +![](Images/Day72_CICD4.png) + +We also need a service account which we can create using this yaml file and command. `kubectl apply -f jenkins-sa.yml` + +![](Images/Day72_CICD5.png) + +At this stage we are good to deploy using the helm chart, we will firstly define our chart using `chart=jenkinsci/jenkins` and then we will deploy using this command where the jenkins-values.yml contain the persistence and service accounts that we previously deployed to our cluster. `helm install jenkins -n jenkins -f jenkins-values.yml $chart` + +![](Images/Day72_CICD6.png) + +At this stage our pods will be pulling the image but the pod will not have access to the storage so no configuration can be started in terms of getting Jenkins up and running. + +This is where the documentation did not help me massively understand what needed to happen. But we can see that we have no permission to start our jenkins install. + +![](Images/Day72_CICD7.png) + +In order to fix the above or resolve, we need to make sure we provide access or the right permission in order for our jenkins pods to be able to write to this location that we have suggested. We can do this by using the `minikube ssh` which will put us into the minikube docker container we are running on, and then using `sudo chown -R 1000:1000 /data/jenkins-volume` we can ensure we have permissions set on our data volume. + +![](Images/Day72_CICD8.png) + +The above process should fix the pods, however if not you can force the pods to be refreshed with the `kubectl delete pod jenkins-0 -n jenkins` command. At this point you should have 2/2 running pods called jenkins-0. + +![](Images/Day72_CICD9.png) + +We now need our admin password and we can this using the following command. `kubectl exec --namespace jenkins -it svc/jenkins -c jenkins -- /bin/cat /run/secrets/chart-admin-password && echo` + +![](Images/Day72_CICD10.png) + +Now open a new terminal as we are going to use the `port-forward` command to allow us to gain access from our workstation. `kubectl --namespace jenkins port-forward svc/jenkins 8080:8080` + +![](Images/Day72_CICD11.png) + +We should now be able to open a browser and login to http://localhost:8080 and authenticate with the username: admin and password we gathered in a previous step. + +![](Images/Day72_CICD12.png) + +When we have authenticated, our Jenkins welcome page should look something like this: + +![](Images/Day72_CICD13.png) + +From here, I would suggest heading to "Manage Jenkins" and you will see "Manage Plugins" which will have some updates available. Select all of those plugins and choose "Download now and install after restart" + +![](Images/Day72_CICD14.png) + +If you want to go even further and automate the deployment of Jenkins using a shell script this great repository was shared with me on twitter [mehyedes/nodejs-k8s](https://github.com/mehyedes/nodejs-k8s/blob/main/docs/automated-setup.md) + ### Jenkinsfile -What is a Jenkinsfile +Now we have Jenkins deployed in our Kubernetes cluster, we can now go back and think about this Jenkinsfile. +Every Jenkinsfile will likely start like this, Which is firstly where you would define your steps of your pipeline, in this instance you have Build > Test > Deploy. But we are not really doing anything other than using the `echo` command to call out the specific stages. +``` -### Building a Jenkins pipeline -Job creation -Building the pipeline +Jenkinsfile (Declarative Pipeline) +pipeline { + agent any + stages { + stage('Build') { + steps { + echo 'Building..' + } + } + stage('Test') { + steps { + echo 'Testing..' + } + } + stage('Deploy') { + steps { + echo 'Deploying....' + } + } + } +} +``` +In our Jenkins dashboard, select "New Item" give the item a name, I am going to "echo1" I am going to suggest that this is a Pipeline. -https://github.com/MichaelCade/jenkins-example +![](Images/Day72_CICD15.png) +Hit Ok and you will then have the tabs (General, Build Triggers, Advanced Project Options and Pipeline) for a simple test we are only interested in Pipeline. Under Pipeline you have the ability to add a script, we can copy and paste the above script into the box. + +As we said above this is not going to do much but it will show us the stages of our Build > Test > Deploy + +![](Images/Day72_CICD16.png) + +Click Save, We can now run our build using the build now highlighted below. + +![](Images/Day72_CICD17.png) + +We should also open a terminal and run the `kubectl get pods -n jenkins` to see what happens there. + +![](Images/Day72_CICD18.png) + +Ok, very simple stuff but we can now see that our Jenkins deployment and installation is working correctly and we can start to see the building blocks of the CI pipeline here. + +In the next section we will be building a Jenkins Pipeline. + +## Resources + +- [Jenkins is the way to build, test, deploy](https://youtu.be/_MXtbjwsz3A) +- [Jenkins.io](https://www.jenkins.io/) +- [ArgoCD](https://argo-cd.readthedocs.io/en/stable/) +- [ArgoCD Tutorial for Beginners](https://www.youtube.com/watch?v=MeU5_k9ssrs) +- [What is Jenkins?](https://www.youtube.com/watch?v=LFDrDnKPOTg) +- [Complete Jenkins Tutorial](https://www.youtube.com/watch?v=nCKxl7Q_20I&t=3s) +- [GitHub Actions](https://www.youtube.com/watch?v=R8_veQiYBjI) +- [GitHub Actions CI/CD](https://www.youtube.com/watch?v=mFFXuXjVgkU) + +See you on [Day 73](day73.md) \ No newline at end of file diff --git a/Days/day73.md b/Days/day73.md index fd9f386..29ddd01 100644 --- a/Days/day73.md +++ b/Days/day73.md @@ -1,9 +1,10 @@ -## GitHub Actions Overview +## Building a Jenkins pipeline +Job creation +Building the pipeline -Ideas and it might be an overview and then additional day on demo ideas. -https://github.blog/2022-02-02-build-ci-cd-pipeline-github-actions-four-steps/ -GitHub Actions - Send tweet when a git push is performed - https://www.daveabrock.com/2020/04/19/posting-to-twitter-from-gh-actions/ -GitHub Actions - Publish posts to dev.to - https://github.com/marketplace/actions/publish-to-dev-to \ No newline at end of file +https://github.com/MichaelCade/jenkins-example + + diff --git a/Days/day74.md b/Days/day74.md index e69de29..7b867bf 100644 --- a/Days/day74.md +++ b/Days/day74.md @@ -0,0 +1,10 @@ + +## GitHub Actions Overview + +Ideas and it might be an overview and then additional day on demo ideas. + +https://github.blog/2022-02-02-build-ci-cd-pipeline-github-actions-four-steps/ + +GitHub Actions - Send tweet when a git push is performed - https://www.daveabrock.com/2020/04/19/posting-to-twitter-from-gh-actions/ + +GitHub Actions - Publish posts to dev.to - https://github.com/marketplace/actions/publish-to-dev-to \ No newline at end of file diff --git a/README.md b/README.md index f3bad73..b2ebc2e 100644 --- a/README.md +++ b/README.md @@ -114,9 +114,9 @@ This will not cover all things DevOps but it will cover the areas that I feel wi - [✔️] 🔄 70 > [The Big Picture: CI/CD Pipelines](Days/day70.md) - [✔️] 🔄 71 > [What is Jenkins?](Days/day71.md) -- [🚧] 🔄 72 > [Getting hands on with Jenkins](Days/day72.md) -- [] 🔄 73 > [GitHub Actions Overview](Days/day73.md) -- [] 🔄 74 > [](Days/day74.md) +- [✔️] 🔄 72 > [Getting hands on with Jenkins](Days/day72.md) +- [🚧] 🔄 73 > [Building a Jenkins pipeline](Days/day73.md) +- [] 🔄 74 > [GitHub Actions Overview](Days/day74.md) - [] 🔄 75 > [](Days/day75.md) - [] 🔄 76 > [](Days/day76.md)