public_git
/
kubernetes-operator
mirror of https://github.com/jenkinsci/kubernetes-operator.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Updated Helm Charts 

- Optimized the charts
- Made the webhook optional
- Added cert manager as dependency to be installed while running webhook
This commit is contained in:
sharmapulkit04 2021-08-16 04:24:24 +05:30
parent b11ca32d1a
commit 5ca4e0a90c
7 changed files with 55 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
chart/jenkins-operator/Chart.lock Normal file
View File

@ -0,0 +1,6 @@
dependencies:
- name: cert-manager
repository: https://charts.jetstack.io
version: v1.5.0
digest: sha256:9113e5b4333cbe0a9b9eb340cb8bc201f5c110a56058a637c18733e36711c513
generated: "2021-08-16T04:18:49.917544487+05:30"

6
chart/jenkins-operator/Chart.yaml
View File

@ -4,3 +4,9 @@ description: Kubernetes native operator which fully manages Jenkins on Kubernete
name: jenkins-operator name: jenkins-operator
version: 0.5.2 version: 0.5.2
icon: https://raw.githubusercontent.com/jenkinsci/kubernetes-operator/master/assets/jenkins-operator-icon.png icon: https://raw.githubusercontent.com/jenkinsci/kubernetes-operator/master/assets/jenkins-operator-icon.png
dependencies:
- name: cert-manager
version: "1.5.0"
condition: webhook.enabled
repository: "https://charts.jetstack.io"

BIN
chart/jenkins-operator/charts/cert-manager-v1.5.0.tgz Normal file
View File

Binary file not shown.

14
chart/jenkins-operator/templates/cert-manager.yaml
View File

@ -1,15 +1,16 @@
{{- if .Values.webhook.enabled }}
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1
kind: Certificate kind: Certificate
metadata: metadata:
name: webhook-certificate name: jenkins-{{ .Values.webhook.certificate.name }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
spec: spec:
duration: 2160h duration: {{ .Values.webhook.certificate.duration }}
renewBefore: 360h renewBefore: {{ .Values.webhook.certificate.renewbefore }}
secretName: webhook-server-cert secretName: jenkins-{{ .Values.webhook.certificate.name }}
dnsNames: dnsNames:
- webhook-service.{{ .Release.Namespace }}.svc - jenkins-webhook-service.{{ .Release.Namespace }}.svc
- webhook-service.{{ .Release.Namespace }}.svc.cluster.local - jenkins-webhook-service.{{ .Release.Namespace }}.svc.cluster.local
issuerRef: issuerRef:
kind: Issuer kind: Issuer
name: selfsigned name: selfsigned
@ -24,3 +25,4 @@ spec:
selfSigned: {} selfSigned: {}
--- ---
{{- end }}

17
chart/jenkins-operator/templates/operator.yaml
View File

@ -31,11 +31,16 @@ spec:
protocol: TCP protocol: TCP
command: command:
- /manager - /manager
args: [] args:
{{- if .Values.webhook.enabled }}
- --validate-security-warnings
{{- end }}
{{- if .Values.webhook.enabled }}
volumeMounts: volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs - mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert name: webhook-certs
readOnly: true readOnly: true
{{- end }}
env: env:
- name: WATCH_NAMESPACE - name: WATCH_NAMESPACE
value: {{ .Values.jenkins.namespace }} value: {{ .Values.jenkins.namespace }}
@ -59,9 +64,11 @@ spec:
tolerations: tolerations:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- if .Values.webhook.enabled }}
volumes: volumes:
- name: cert - name: webhook-certs
secret: secret:
defaultMode: 420 defaultMode: 420
secretName: webhook-server-cert secretName: jenkins-{{ .Values.webhook.certificate.name }}
terminationGracePeriodSeconds: 10 terminationGracePeriodSeconds: 10
{{- end }}

11
chart/jenkins-operator/templates/webhook.yaml
View File

@ -1,16 +1,17 @@
{{- if .Values.webhook.enabled }}
apiVersion: admissionregistration.k8s.io/v1 apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration kind: ValidatingWebhookConfiguration
metadata: metadata:
name: validating-webhook-configuration name: {{ .Release.Name }}-webhook
annotations: annotations:
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/webhook-certificate cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/jenkins-{{ .Values.webhook.certificate.name }}
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:
- v1 - v1
- v1beta1 - v1beta1
clientConfig: clientConfig:
service: service:
name: webhook-service name: jenkins-webhook-service
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
path: /validate-jenkins-io-v1alpha2-jenkins path: /validate-jenkins-io-v1alpha2-jenkins
failurePolicy: Fail failurePolicy: Fail
@ -25,13 +26,14 @@ webhooks:
- UPDATE - UPDATE
resources: resources:
- jenkins - jenkins
scope: "Namespaced"
sideEffects: None sideEffects: None
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: webhook-service name: jenkins-webhook-service
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
spec: spec:
ports: ports:
@ -41,3 +43,4 @@ spec:
app.kubernetes.io/name: {{ include "jenkins-operator.name" . }} app.kubernetes.io/name: {{ include "jenkins-operator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
--- ---
{{- end }}

16
chart/jenkins-operator/values.yaml
View File

@ -280,3 +280,19 @@ operator:
nodeSelector: {} nodeSelector: {}
tolerations: [] tolerations: []
affinity: {} affinity: {}
webhook:
# TLS certificates for webhook
certificate:
name: webhook-certificate
# validity of the certificate
duration: 2160h
# time after which the certificate will be automatically renewed
renewbefore: 360h
# enable or disable the validation webhook
enabled: false
cert-manager:
installCRDs: true