From 9285e294ddd9ad5283deb0ab8f07c831359ba6d0 Mon Sep 17 00:00:00 2001
From: Akram Ben Aissi <akram.benaissi@gmail.com>
Date: Wed, 26 Jun 2019 03:15:52 -0400
Subject: [PATCH 1/3] Jenkins OpenShift image requirements

---
 openshit-jenkins.yaml                            | 16 ++++++++++++++++
 .../jenkins/configuration/base/reconcile.go      |  4 ++--
 .../jenkins/configuration/base/resources/pod.go  |  4 ++--
 3 files changed, 20 insertions(+), 4 deletions(-)
 create mode 100644 openshit-jenkins.yaml

diff --git a/openshit-jenkins.yaml b/openshit-jenkins.yaml
new file mode 100644
index 00000000..9fdca028
--- /dev/null
+++ b/openshit-jenkins.yaml
@@ -0,0 +1,16 @@
+apiVersion: jenkins.io/v1alpha2
+kind: Jenkins
+metadata:
+  name: jenkins
+spec:
+  master:
+    containers:
+    - name: jenkins-master
+      image: quay.io/openshift/origin-jenkins:latest
+      resources:
+        limits:
+          cpu: 1500m
+          memory: 3Gi
+        requests:
+          cpu: "1"
+          memory: 500Mi
diff --git a/pkg/controller/jenkins/configuration/base/reconcile.go b/pkg/controller/jenkins/configuration/base/reconcile.go
index 5be3e62f..2b68106c 100644
--- a/pkg/controller/jenkins/configuration/base/reconcile.go
+++ b/pkg/controller/jenkins/configuration/base/reconcile.go
@@ -546,10 +546,10 @@ func (r *ReconcileJenkinsBaseConfiguration) compareContainers(expected corev1.Co
 		r.logger.Info(fmt.Sprintf("Resources have changed to '%+v' in container '%s', recreating pod", expected.Resources, expected.Name))
 		return true
 	}
-	if !reflect.DeepEqual(expected.SecurityContext, actual.SecurityContext) {
+/*	if !reflect.DeepEqual(expected.SecurityContext, actual.SecurityContext) {
 		r.logger.Info(fmt.Sprintf("Security context has changed to '%+v' in container '%s', recreating pod", expected.SecurityContext, expected.Name))
 		return true
-	}
+	}*/
 	if !reflect.DeepEqual(expected.WorkingDir, actual.WorkingDir) {
 		r.logger.Info(fmt.Sprintf("Working directory has changed to '%+v' in container '%s', recreating pod", expected.WorkingDir, expected.Name))
 		return true
diff --git a/pkg/controller/jenkins/configuration/base/resources/pod.go b/pkg/controller/jenkins/configuration/base/resources/pod.go
index faadfcbc..889e4fd0 100644
--- a/pkg/controller/jenkins/configuration/base/resources/pod.go
+++ b/pkg/controller/jenkins/configuration/base/resources/pod.go
@@ -202,10 +202,10 @@ func NewJenkinsMasterContainer(jenkins *v1alpha2.Jenkins) corev1.Container {
 		Name:            JenkinsMasterContainerName,
 		Image:           jenkinsContainer.Image,
 		ImagePullPolicy: jenkinsContainer.ImagePullPolicy,
-		Command: []string{
+		/*Command: []string{
 			"bash",
 			fmt.Sprintf("%s/%s", jenkinsScriptsVolumePath, initScriptName),
-		},
+		},*/
 		LivenessProbe:  jenkinsContainer.LivenessProbe,
 		ReadinessProbe: jenkinsContainer.ReadinessProbe,
 		Ports: []corev1.ContainerPort{

From f17a4c5dcee863f0603e6d89e1d9139bb20faf4a Mon Sep 17 00:00:00 2001
From: Akram Ben Aissi <akram.benaissi@gmail.com>
Date: Wed, 26 Jun 2019 07:28:30 -0400
Subject: [PATCH 2/3] Externalise podSecurityContext.runAsUser and

---
 deploy/crds/jenkins_v1alpha2_jenkins_cr.yaml      |  5 +++++
 pkg/apis/jenkins/v1alpha2/jenkins_types.go        |  8 ++++++++
 .../jenkins/configuration/base/resources/pod.go   | 15 ++++-----------
 3 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/deploy/crds/jenkins_v1alpha2_jenkins_cr.yaml b/deploy/crds/jenkins_v1alpha2_jenkins_cr.yaml
index 51277624..8cfab62f 100644
--- a/deploy/crds/jenkins_v1alpha2_jenkins_cr.yaml
+++ b/deploy/crds/jenkins_v1alpha2_jenkins_cr.yaml
@@ -4,9 +4,14 @@ metadata:
   name: example
 spec:
   master:
+    securityContext:
+      runAsUser: 1001
     containers:
     - name: jenkins-master
       image: jenkins/jenkins:lts
+      command:
+      - bash
+      - "/var/jenkins/scripts/init.sh"
       imagePullPolicy: Always
       livenessProbe:
         failureThreshold: 12
diff --git a/pkg/apis/jenkins/v1alpha2/jenkins_types.go b/pkg/apis/jenkins/v1alpha2/jenkins_types.go
index a428c1f5..7f6dc21c 100644
--- a/pkg/apis/jenkins/v1alpha2/jenkins_types.go
+++ b/pkg/apis/jenkins/v1alpha2/jenkins_types.go
@@ -155,6 +155,14 @@ type JenkinsMaster struct {
 	// +optional
 	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
 
+
+	// SecurityContext that applies to all the containers of the Jenkins 
+	// Master. As per kubernetes specification, it can be overidden
+	// for each container individually.
+	// +optional
+	// Defaults to: nil
+        SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"`
+
 	// List of containers belonging to the pod.
 	// Containers cannot currently be added or removed.
 	// There must be at least one container in a Pod.
diff --git a/pkg/controller/jenkins/configuration/base/resources/pod.go b/pkg/controller/jenkins/configuration/base/resources/pod.go
index 889e4fd0..6fa87d22 100644
--- a/pkg/controller/jenkins/configuration/base/resources/pod.go
+++ b/pkg/controller/jenkins/configuration/base/resources/pod.go
@@ -202,12 +202,9 @@ func NewJenkinsMasterContainer(jenkins *v1alpha2.Jenkins) corev1.Container {
 		Name:            JenkinsMasterContainerName,
 		Image:           jenkinsContainer.Image,
 		ImagePullPolicy: jenkinsContainer.ImagePullPolicy,
-		/*Command: []string{
-			"bash",
-			fmt.Sprintf("%s/%s", jenkinsScriptsVolumePath, initScriptName),
-		},*/
-		LivenessProbe:  jenkinsContainer.LivenessProbe,
-		ReadinessProbe: jenkinsContainer.ReadinessProbe,
+		Command:         jenkinsContainer.Command,
+		LivenessProbe:   jenkinsContainer.LivenessProbe,
+		ReadinessProbe:  jenkinsContainer.ReadinessProbe,
 		Ports: []corev1.ContainerPort{
 			{
 				Name:          httpPortName,
@@ -264,7 +261,6 @@ func GetJenkinsMasterPodName(jenkins v1alpha2.Jenkins) string {
 
 // NewJenkinsMasterPod builds Jenkins Master Kubernetes Pod resource
 func NewJenkinsMasterPod(objectMeta metav1.ObjectMeta, jenkins *v1alpha2.Jenkins) *corev1.Pod {
-	runAsUser := jenkinsUserUID
 
 	serviceAccountName := objectMeta.Name
 	objectMeta.Annotations = jenkins.Spec.Master.Annotations
@@ -276,10 +272,7 @@ func NewJenkinsMasterPod(objectMeta metav1.ObjectMeta, jenkins *v1alpha2.Jenkins
 		Spec: corev1.PodSpec{
 			ServiceAccountName: serviceAccountName,
 			RestartPolicy:      corev1.RestartPolicyNever,
-			SecurityContext: &corev1.PodSecurityContext{
-				RunAsUser:  &runAsUser,
-				RunAsGroup: &runAsUser,
-			},
+			SecurityContext: jenkins.Spec.Master.SecurityContext,
 			NodeSelector: jenkins.Spec.Master.NodeSelector,
 			Containers:   newContainers(jenkins),
 			Volumes:      append(GetJenkinsMasterPodBaseVolumes(jenkins), jenkins.Spec.Master.Volumes...),

From 4150b6c7670f7b727fd7d8606c48cc66b6f0386d Mon Sep 17 00:00:00 2001
From: Akram Ben Aissi <akram.benaissi@gmail.com>
Date: Wed, 26 Jun 2019 09:07:09 -0400
Subject: [PATCH 3/3] fixing staticcheck

---
 pkg/apis/jenkins/v1alpha2/jenkins_types.go             |  5 ++---
 .../jenkins/configuration/base/resources/pod.go        | 10 ++++------
 2 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/pkg/apis/jenkins/v1alpha2/jenkins_types.go b/pkg/apis/jenkins/v1alpha2/jenkins_types.go
index 7f6dc21c..e2975358 100644
--- a/pkg/apis/jenkins/v1alpha2/jenkins_types.go
+++ b/pkg/apis/jenkins/v1alpha2/jenkins_types.go
@@ -155,13 +155,12 @@ type JenkinsMaster struct {
 	// +optional
 	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
 
-
-	// SecurityContext that applies to all the containers of the Jenkins 
+	// SecurityContext that applies to all the containers of the Jenkins
 	// Master. As per kubernetes specification, it can be overidden
 	// for each container individually.
 	// +optional
 	// Defaults to: nil
-        SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"`
+	SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"`
 
 	// List of containers belonging to the pod.
 	// Containers cannot currently be added or removed.
diff --git a/pkg/controller/jenkins/configuration/base/resources/pod.go b/pkg/controller/jenkins/configuration/base/resources/pod.go
index 6fa87d22..403b7509 100644
--- a/pkg/controller/jenkins/configuration/base/resources/pod.go
+++ b/pkg/controller/jenkins/configuration/base/resources/pod.go
@@ -46,8 +46,6 @@ const (
 	slavePortName = "slavelistener"
 	// HTTPPortInt defines Jenkins master HTTP port
 	HTTPPortInt = 8080
-
-	jenkinsUserUID = int64(1000) // build in Docker image jenkins user UID
 )
 
 func buildPodTypeMeta() metav1.TypeMeta {
@@ -272,10 +270,10 @@ func NewJenkinsMasterPod(objectMeta metav1.ObjectMeta, jenkins *v1alpha2.Jenkins
 		Spec: corev1.PodSpec{
 			ServiceAccountName: serviceAccountName,
 			RestartPolicy:      corev1.RestartPolicyNever,
-			SecurityContext: jenkins.Spec.Master.SecurityContext,
-			NodeSelector: jenkins.Spec.Master.NodeSelector,
-			Containers:   newContainers(jenkins),
-			Volumes:      append(GetJenkinsMasterPodBaseVolumes(jenkins), jenkins.Spec.Master.Volumes...),
+			SecurityContext:    jenkins.Spec.Master.SecurityContext,
+			NodeSelector:       jenkins.Spec.Master.NodeSelector,
+			Containers:         newContainers(jenkins),
+			Volumes:            append(GetJenkinsMasterPodBaseVolumes(jenkins), jenkins.Spec.Master.Volumes...),
 		},
 	}
 }