{{- if .Capabilities.APIVersions.Has "apps/v1" }} apiVersion: apps/v1 {{- else }} apiVersion: apps/v1beta1 {{- end }} kind: Deployment metadata: name: {{ template "jenkins.fullname" . }} namespace: {{ template "jenkins.namespace" . }} labels: "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" "app.kubernetes.io/managed-by": "{{ .Release.Service }}" "app.kubernetes.io/instance": "{{ .Release.Name }}" "app.kubernetes.io/component": "{{ .Values.master.componentName }}" {{- range $key, $val := .Values.master.deploymentLabels }} {{ $key }}: {{ $val | quote }} {{- end}} {{- if .Values.master.deploymentAnnotations }} annotations: {{ toYaml .Values.master.deploymentAnnotations | indent 4 }} {{- end }} spec: replicas: 1 strategy: type: {{ if .Values.persistence.enabled }}Recreate{{ else }}RollingUpdate rollingUpdate: {{ toYaml .Values.master.rollingUpdate | indent 6 }} {{- end }} selector: matchLabels: "app.kubernetes.io/component": "{{ .Values.master.componentName }}" "app.kubernetes.io/instance": "{{ .Release.Name }}" template: metadata: labels: "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}" "app.kubernetes.io/managed-by": "{{ .Release.Service }}" "app.kubernetes.io/instance": "{{ .Release.Name }}" "app.kubernetes.io/component": "{{ .Values.master.componentName }}" {{- range $key, $val := .Values.master.podLabels }} {{ $key }}: {{ $val | quote }} {{- end}} annotations: checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} {{- if .Values.master.podAnnotations }} {{ toYaml .Values.master.podAnnotations | indent 8 }} {{- end }} spec: {{- if .Values.master.schedulerName }} schedulerName: {{ .Values.master.schedulerName }} {{- end }} {{- if .Values.master.nodeSelector }} nodeSelector: {{ toYaml .Values.master.nodeSelector | indent 8 }} {{- end }} {{- if .Values.master.tolerations }} tolerations: {{ toYaml .Values.master.tolerations | indent 8 }} {{- end }} {{- if .Values.master.affinity }} affinity: {{ toYaml .Values.master.affinity | indent 8 }} {{- end }} {{- if quote .Values.master.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.master.terminationGracePeriodSeconds }} {{- end }} {{- if and (.Capabilities.APIVersions.Has "scheduling.k8s.io/v1beta1") (.Values.master.priorityClassName) }} priorityClassName: {{ .Values.master.priorityClassName }} {{- end }} {{- if .Values.master.usePodSecurityContext }} securityContext: runAsUser: {{ default 0 .Values.master.runAsUser }} {{- if and (.Values.master.runAsUser) (.Values.master.fsGroup) }} {{- if not (eq .Values.master.runAsUser 0.0) }} fsGroup: {{ .Values.master.fsGroup }} {{- end }} {{- end }} {{- end }} serviceAccountName: "{{ template "jenkins.serviceAccountName" . }}" {{- if .Values.master.hostNetworking }} hostNetwork: true dnsPolicy: ClusterFirstWithHostNet {{- end }} {{- if .Values.master.hostAliases }} hostAliases: {{- toYaml .Values.master.hostAliases | nindent 8 }} {{- end }} initContainers: {{- if .Values.master.customInitContainers }} {{ tpl (toYaml .Values.master.customInitContainers) . | indent 8 }} {{- end }} - name: "copy-default-config" {{- if .Values.master.imageTag }} image: "{{ .Values.master.image }}:{{ .Values.master.imageTag }}" {{- else }} image: "{{ .Values.master.image }}:{{ .Values.master.tag }}" {{- end }} imagePullPolicy: "{{ .Values.master.imagePullPolicy }}" command: [ "sh", "/var/jenkins_config/apply_config.sh" ] env: {{- if .Values.master.useSecurity }} - name: ADMIN_PASSWORD valueFrom: secretKeyRef: name: {{ template "jenkins.fullname" . }} key: jenkins-admin-password - name: ADMIN_USER valueFrom: secretKeyRef: name: {{ template "jenkins.fullname" . }} key: jenkins-admin-user {{- end }} {{- if .Values.master.initContainerEnv }} {{ toYaml .Values.master.initContainerEnv | indent 12 }} {{- end }} resources: {{ toYaml .Values.master.resources | indent 12 }} volumeMounts: - mountPath: /tmp name: tmp - mountPath: {{ .Values.master.jenkinsHome }} name: jenkins-home {{- if .Values.persistence.subPath }} subPath: {{ .Values.persistence.subPath }} {{- end }} - mountPath: /var/jenkins_config name: jenkins-config {{- if .Values.master.enableXmlConfig }} {{- if .Values.master.credentialsXmlSecret }} - mountPath: /var/jenkins_credentials name: jenkins-credentials readOnly: true {{- end }} {{- if .Values.master.jobs }} - mountPath: /var/jenkins_jobs name: jenkins-jobs readOnly: true {{- end }} - mountPath: {{ .Values.master.jenkinsRef }}/secrets/ name: secrets-dir {{- end }} {{- if .Values.master.secretsFilesSecret }} - mountPath: /var/jenkins_secrets name: jenkins-secrets readOnly: true {{- end }} {{- if .Values.master.installPlugins }} - mountPath: {{ .Values.master.jenkinsRef }}/plugins name: plugins - mountPath: /var/jenkins_plugins name: plugin-dir {{- end }} containers: - name: jenkins {{- if .Values.master.imageTag }} image: "{{ .Values.master.image }}:{{ .Values.master.imageTag }}" {{- else }} image: "{{ .Values.master.image }}:{{ .Values.master.tag }}" {{- end }} imagePullPolicy: "{{ .Values.master.imagePullPolicy }}" {{- if .Values.master.httpsKeyStore.enable }} {{- $httpsJKSFilePath := printf "%s/%s" .Values.master.httpsKeyStore.path .Values.master.httpsKeyStore.fileName -}} {{- if .Values.master.useSecurity }} args: [ "--argumentsRealm.passwd.$(ADMIN_USER)=$(ADMIN_PASSWORD)", "--argumentsRealm.roles.$(ADMIN_USER)=admin", "--httpPort={{.Values.master.httpsKeyStore.httpPort}}", "--httpsPort={{.Values.master.targetPort}}", '--httpsKeyStore={{ $httpsJKSFilePath }}', "--httpsKeyStorePassword=$(JENKINS_HTTPS_KEYSTORE_PASSWORD)" ] {{- else }} args: [ "--httpPort={{.Values.master.httpsKeyStore.httpPort}}", "--httpsPort={{.Values.master.targetPort}}", '--httpsKeyStore={{ $httpsJKSFilePath | quote }}', "--httpsKeyStorePassword=$(JENKINS_HTTPS_KEYSTORE_PASSWORD)" ] {{- end }} {{- else if .Values.master.useSecurity }} args: [ "--argumentsRealm.passwd.$(ADMIN_USER)=$(ADMIN_PASSWORD)", "--argumentsRealm.roles.$(ADMIN_USER)=admin", "--httpPort={{.Values.master.targetPort}}"] {{- end }} {{- if .Values.master.lifecycle }} lifecycle: {{ toYaml .Values.master.lifecycle | indent 12 }} {{- end }} env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: JAVA_OPTS value: > {{ default "" .Values.master.javaOpts }} {{ if .Values.master.sidecars.configAutoReload.enabled }} -Dcasc.reload.token=$(POD_NAME) {{ end }} - name: JENKINS_OPTS value: "{{ if .Values.master.jenkinsUriPrefix }}--prefix={{ .Values.master.jenkinsUriPrefix }} {{ end }}{{ default "" .Values.master.jenkinsOpts}}" - name: JENKINS_SLAVE_AGENT_PORT value: "{{ .Values.master.slaveListenerPort }}" {{- if .Values.master.useSecurity }} - name: ADMIN_PASSWORD valueFrom: secretKeyRef: name: {{ template "jenkins.fullname" . }} key: jenkins-admin-password - name: ADMIN_USER valueFrom: secretKeyRef: name: {{ template "jenkins.fullname" . }} key: jenkins-admin-user {{- end }} {{- if .Values.master.httpsKeyStore.enable }} - name: JENKINS_HTTPS_KEYSTORE_PASSWORD valueFrom: secretKeyRef: name: {{ if .Values.master.httpsKeyStore.jenkinsHttpsJksSecretName }} {{ .Values.master.httpsKeyStore.jenkinsHttpsJksSecretName }} {{ else }} {{ template "jenkins.fullname" . }}-https-jks {{ end }} key: {{ "https-jks-password" | quote }} {{- end }} {{- if .Values.master.containerEnv }} {{ toYaml .Values.master.containerEnv | indent 12 }} {{- end }} {{- if .Values.master.JCasC.enabled }} - name: CASC_JENKINS_CONFIG value: {{ .Values.master.sidecars.configAutoReload.folder | default (printf "%s/casc_configs" (.Values.master.jenkinsRef)) }} {{- end }} ports: {{- if .Values.master.httpsKeyStore.enable }} - containerPort: {{.Values.master.httpsKeyStore.httpPort}} {{- else }} - containerPort: {{.Values.master.targetPort}} {{- end }} name: http - containerPort: {{ .Values.master.slaveListenerPort }} name: slavelistener {{- if .Values.master.slaveHostPort }} hostPort: {{ .Values.master.slaveHostPort }} {{- end }} {{- if .Values.master.jmxPort }} - containerPort: {{ .Values.master.jmxPort }} name: jmx {{- end }} {{- range $index, $port := .Values.master.extraPorts }} - containerPort: {{ $port.port }} name: {{ $port.name }} {{- end }} {{- if .Values.master.healthProbes }} livenessProbe: httpGet: path: "{{ default "" .Values.master.jenkinsUriPrefix }}/login" port: http initialDelaySeconds: {{ .Values.master.healthProbeLivenessInitialDelay }} periodSeconds: {{ .Values.master.healthProbeLivenessPeriodSeconds }} timeoutSeconds: {{ .Values.master.healthProbesLivenessTimeout }} failureThreshold: {{ .Values.master.healthProbeLivenessFailureThreshold }} readinessProbe: httpGet: path: "{{ default "" .Values.master.jenkinsUriPrefix }}/login" port: http initialDelaySeconds: {{ .Values.master.healthProbeReadinessInitialDelay }} periodSeconds: {{ .Values.master.healthProbeReadinessPeriodSeconds }} timeoutSeconds: {{ .Values.master.healthProbesReadinessTimeout }} failureThreshold: {{ .Values.master.healthProbeReadinessFailureThreshold }} {{- end }} resources: {{ toYaml .Values.master.resources | indent 12 }} volumeMounts: {{- if .Values.persistence.mounts }} {{ toYaml .Values.persistence.mounts | indent 12 }} {{- end }} {{- if .Values.master.httpsKeyStore.enable }} - mountPath: {{ .Values.master.httpsKeyStore.path }} name: jenkins-https-keystore {{- end }} - mountPath: /tmp name: tmp - mountPath: {{ .Values.master.jenkinsHome }} name: jenkins-home readOnly: false {{- if .Values.persistence.subPath }} subPath: {{ .Values.persistence.subPath }} {{- end }} - mountPath: /var/jenkins_config name: jenkins-config readOnly: true {{- if .Values.master.enableXmlConfig }} {{- if .Values.master.credentialsXmlSecret }} - mountPath: /var/jenkins_credentials name: jenkins-credentials readOnly: true {{- end }} {{- if .Values.master.jobs }} - mountPath: /var/jenkins_jobs name: jenkins-jobs readOnly: true {{- end }} - mountPath: {{ .Values.master.jenkinsRef }}/secrets/ name: secrets-dir readOnly: false {{- end }} {{- if or .Values.master.secretsFilesSecret }} - mountPath: /var/jenkins_secrets name: jenkins-secrets readOnly: true {{- end }} {{- if .Values.master.installPlugins }} - mountPath: {{ .Values.master.jenkinsRef }}/plugins/ name: plugin-dir readOnly: false {{- end }} {{- if and (.Values.master.JCasC.enabled) (.Values.master.sidecars.configAutoReload.enabled) }} - name: sc-config-volume mountPath: {{ .Values.master.sidecars.configAutoReload.folder | default (printf "%s/casc_configs" (.Values.master.jenkinsRef)) }} {{- end }} {{- if and (.Values.master.JCasC.enabled) (.Values.master.sidecars.configAutoReload.enabled) }} - name: jenkins-sc-config image: "{{ .Values.master.sidecars.configAutoReload.image }}" imagePullPolicy: {{ .Values.master.sidecars.configAutoReload.imagePullPolicy }} env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: LABEL value: "{{ template "jenkins.fullname" . }}-jenkins-config" - name: FOLDER value: "{{ .Values.master.sidecars.configAutoReload.folder }}" - name: NAMESPACE value: "{{ .Values.master.sidecars.configAutoReload.searchNamespace | default .Release.Namespace }}" - name: REQ_URL value: "http://localhost:8080{{- .Values.master.jenkinsUriPrefix -}}/reload-configuration-as-code/?casc-reload-token=$(POD_NAME)" - name: REQ_METHOD value: "POST" resources: {{ toYaml .Values.master.sidecars.configAutoReload.resources | indent 12 }} volumeMounts: - name: sc-config-volume mountPath: {{ .Values.master.sidecars.configAutoReload.folder | quote }} - name: jenkins-home mountPath: {{ .Values.master.jenkinsHome }} {{- if .Values.persistence.subPath }} subPath: {{ .Values.persistence.subPath }} {{- end }} {{- end}} {{- if .Values.master.sidecars.other}} {{ tpl (toYaml .Values.master.sidecars.other | indent 8) .}} {{- end }} volumes: {{- if .Values.persistence.volumes }} {{ tpl (toYaml .Values.persistence.volumes | indent 6) . }} {{- end }} - name: plugins emptyDir: {} - name: tmp emptyDir: {} - name: jenkins-config configMap: name: {{ template "jenkins.fullname" . }} {{- if .Values.master.enableXmlConfig }} {{- if .Values.master.credentialsXmlSecret }} - name: jenkins-credentials secret: secretName: {{ .Values.master.credentialsXmlSecret }} {{- end }} {{- if .Values.master.jobs }} - name: jenkins-jobs configMap: name: {{ template "jenkins.fullname" . }}-jobs {{- end }} - name: secrets-dir emptyDir: {} {{- end }} {{- if .Values.master.secretsFilesSecret }} - name: jenkins-secrets secret: secretName: {{ .Values.master.secretsFilesSecret }} {{- end }} {{- if .Values.master.installPlugins }} - name: plugin-dir emptyDir: {} {{- end }} {{- if not (contains "jenkins-home" (quote .Values.persistence.volumes)) }} - name: jenkins-home {{- if .Values.persistence.enabled }} persistentVolumeClaim: claimName: {{ .Values.persistence.existingClaim | default (include "jenkins.fullname" .) }} {{- else }} emptyDir: {} {{- end -}} {{- end -}} {{- if .Values.master.JCasC.enabled }} - name: sc-config-volume emptyDir: {} {{- end }} {{- if .Values.master.httpsKeyStore.enable }} - name: jenkins-https-keystore secret: secretName: {{ if .Values.master.httpsKeyStore.jenkinsHttpsJksSecretName }} {{ .Values.master.httpsKeyStore.jenkinsHttpsJksSecretName }} {{ else }} {{ template "jenkins.fullname" . }}-https-jks {{ end }} items: - key: jenkins-jks-file path: {{ .Values.master.httpsKeyStore.fileName }} {{- end }} {{- if .Values.master.imagePullSecretName }} imagePullSecrets: - name: {{ .Values.master.imagePullSecretName }} {{- end -}}