apps/jenkins/jenkins.yaml

apiVersion: v1
kind: Template
labels:
  template: jenkins-ephemeral-template
message: A Jenkins service has been created in your project.  Log into Jenkins with
  your OpenShift account.  The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md
  contains more information about using this template.
metadata:
  annotations:
    description: |-
      Jenkins service, without persistent storage.

      WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.
    iconClass: icon-jenkins
    openshift.io/display-name: Jenkins (Ephemeral)
    openshift.io/documentation-url: https://docs.openshift.org/latest/using_images/other_images/jenkins.html
    openshift.io/long-description: This template deploys a Jenkins server capable
      of managing OpenShift Pipeline builds and supporting OpenShift-based oauth login.  The
      Jenkins configuration is stored in non-persistent storage, so this configuration
      should be used for experimental purposes only.
    openshift.io/provider-display-name: Red Hat, Inc.
    openshift.io/support-url: https://access.redhat.com
    tags: instant-app,jenkins
  creationTimestamp: null
  name: jenkins-ephemeral
objects:
  - apiVersion: v1
    kind: Route
    metadata:
      annotations:
        template.openshift.io/expose-uri: http://{.spec.host}{.spec.path}
      name: ${JENKINS_SERVICE_NAME}
    spec:
      tls:
        insecureEdgeTerminationPolicy: Redirect
        termination: edge
      to:
        kind: Service
        name: ${JENKINS_SERVICE_NAME}
  - apiVersion: v1
    kind: DeploymentConfig
    metadata:
      annotations:
        template.alpha.openshift.io/wait-for-ready: "true"
      name: ${JENKINS_SERVICE_NAME}
    spec:
      replicas: 1
      selector:
        name: ${JENKINS_SERVICE_NAME}
      strategy:
        type: Recreate
      template:
        metadata:
          labels:
            name: ${JENKINS_SERVICE_NAME}
        spec:
          containers:
            - capabilities: {}
              env:
                - name: OPENSHIFT_ENABLE_OAUTH
                  value: ${ENABLE_OAUTH}
                - name: OPENSHIFT_ENABLE_REDIRECT_PROMPT
                  value: "true"
                - name: KUBERNETES_MASTER
                  value: https://kubernetes.default:443
                - name: KUBERNETES_TRUST_CERTIFICATES
                  value: "true"
                - name: JENKINS_SERVICE_NAME
                  value: ${JENKINS_SERVICE_NAME}
                - name: JNLP_SERVICE_NAME
                  value: ${JNLP_SERVICE_NAME}
                - name: "CASC_JENKINS_CONFIG"
                  value: "/jenkins-conf"
                - name: "SECRETS"
                  value: "/secrets"
                - name: POD_NAME
                  valueFrom:
                    fieldRef:
                      fieldPath: metadata.labels['name']
                - name: POD_NAMESPACE
                  valueFrom:
                    fieldRef:
                      fieldPath: metadata.namespace
              image: ' '
              imagePullPolicy: IfNotPresent
              livenessProbe:
                failureThreshold: 30
                httpGet:
                  path: /login
                  port: 8080
                initialDelaySeconds: 420
                timeoutSeconds: 3
              name: jenkins
              readinessProbe:
                httpGet:
                  path: /login
                  port: 8080
                initialDelaySeconds: 3
                timeoutSeconds: 3
              resources:
                limits:
                  memory: ${MEMORY_LIMIT}
              securityContext:
                capabilities: {}
                privileged: false
              terminationMessagePath: /dev/termination-log
              volumeMounts:
                - mountPath: /var/lib/jenkins
                  name: ${JENKINS_SERVICE_NAME}-data
                - name: "${JENKINS_SERVICE_NAME}-conf"
                  mountPath: "/jenkins-conf"
                  readOnly: true
                - name: "${JENKINS_SERVICE_NAME}-secrets"
                  mountPath: "/secrets"
                  readOnly: true
                - name: "mega-backups"
                  mountPath: "/mega-backups"
          dnsPolicy: ClusterFirst
          restartPolicy: Always
          serviceAccountName: ${JENKINS_SERVICE_NAME}
          volumes:
            - name: ${JENKINS_SERVICE_NAME}-data
              emptyDir:
                medium: ""
            #            persistentVolumeClaim:
            #              claimName: ${JENKINS_PVC_NAME}
            - name: "${JENKINS_SERVICE_NAME}-conf"
              configMap:
                name: "${JENKINS_SERVICE_NAME}-config"
            - name: "${JENKINS_SERVICE_NAME}-secrets"
              secret:
                secretName: "${JENKINS_SERVICE_NAME}"
            - name: mega-backups
              persistentVolumeClaim:
                claimName: ${MEGA_BACKUP_PVC}
      triggers:
        - imageChangeParams:
            automatic: true
            containerNames:
              - jenkins
            from:
              kind: ImageStreamTag
              name: ${JENKINS_IMAGE_STREAM_TAG}
            lastTriggeredImage: ""
          type: ImageChange
        - type: ConfigChange
  - apiVersion: v1
    kind: ServiceAccount
    metadata:
      annotations:
        serviceaccounts.openshift.io/oauth-redirectreference.jenkins: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"${JENKINS_SERVICE_NAME}"}}'
      name: ${JENKINS_SERVICE_NAME}
  - apiVersion: v1
    kind: Service
    metadata:
      name: ${JNLP_SERVICE_NAME}
    spec:
      ports:
        - name: agent
          nodePort: 0
          port: 50000
          protocol: TCP
          targetPort: 50000
      selector:
        name: ${JENKINS_SERVICE_NAME}
      sessionAffinity: None
      type: ClusterIP
  - apiVersion: v1
    kind: Service
    metadata:
      annotations:
        service.alpha.openshift.io/dependencies: '[{"name": "${JNLP_SERVICE_NAME}",
        "namespace": "", "kind": "Service"}]'
        service.openshift.io/infrastructure: "true"
      name: ${JENKINS_SERVICE_NAME}
    spec:
      ports:
        - name: web
          nodePort: 0
          port: 80
          protocol: TCP
          targetPort: 8080
      selector:
        name: ${JENKINS_SERVICE_NAME}
      sessionAffinity: None
      type: ClusterIP
parameters:
  - description: The name of the OpenShift Service exposed for the Jenkins container.
    displayName: Jenkins Service Name
    name: JENKINS_SERVICE_NAME
    value: jenkins
  - name: "JENKINS_PVC_NAME"
    value: "jenkins"
  - description: The name of the service used for master/slave communication.
    displayName: Jenkins JNLP Service Name
    name: JNLP_SERVICE_NAME
    value: jenkins-jnlp
  - description: Whether to enable OAuth OpenShift integration. If false, the static
      account 'admin' will be initialized with the password 'password'.
    displayName: Enable OAuth in Jenkins
    name: ENABLE_OAUTH
    value: "true"
  - description: Maximum amount of memory the container can use.
    displayName: Memory Limit
    name: MEMORY_LIMIT
    value: 512Mi
  - description: Name of the ImageStreamTag to be used for the Jenkins image.
    displayName: Jenkins ImageStreamTag
    name: JENKINS_IMAGE_STREAM_TAG
    value: jenkins:2
  - description: Name of the PVC for the mega backups
    displayName: Mega Backup PVC
    name: MEGA_BACKUP_PVC
    required: true