Initial Commit

gudpick · Dec 16, 2019 · fcc856b · fcc856b
commit fcc856b
Show file tree

Hide file tree

Showing 12 changed files with 1,054 additions and 0 deletions.
diff --git a/.DS_Store b/.DS_Store
diff --git a/jenkins-ci/Dockerfile b/jenkins-ci/Dockerfile
@@ -0,0 +1,70 @@
+FROM  jenkins/jenkins:lts
+USER root 
+# Pipeline 
+RUN /usr/local/bin/install-plugins.sh workflow-aggregator && \ 
+/usr/local/bin/install-plugins.sh github && \ 
+/usr/local/bin/install-plugins.sh ws-cleanup && \ 
+/usr/local/bin/install-plugins.sh greenballs && \ 
+/usr/local/bin/install-plugins.sh simple-theme-plugin && \ 
+/usr/local/bin/install-plugins.sh kubernetes && \ 
+/usr/local/bin/install-plugins.sh docker-workflow && \ 
+/usr/local/bin/install-plugins.sh kubernetes-cli && \ 
+/usr/local/bin/install-plugins.sh github-branch-source 
+
+# install Maven, Java, Docker, AWS 
+RUN apt-get update && \
+apt-get -y install apt-transport-https \
+ca-certificates \
+curl \
+gnupg2 \
+software-properties-common && \
+curl -fsSL https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg > /tmp/dkey; apt-key add /tmp/dkey && \
+add-apt-repository \
+"deb [arch=amd64] https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") \
+$(lsb_release -cs) \
+stable" && \
+apt-get update && \
+apt-get -y install docker-ce
+RUN apt-get update && \
+apt-get install -yq --no-install-recommends wget pwgen ca-certificates && \
+apt-get clean && \
+rm -rf /var/lib/apt/lists/*
+
+RUN apt-get update && \
+apt-get install -y openjdk-8-jdk && \
+apt-get install -y ant && \
+apt-get clean
+RUN apt-get update && \
+apt-get install ca-certificates-java && \
+apt-get clean && \
+update-ca-certificates -f;
+ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64/
+
+RUN export JAVA_HOME
+
+RUN wget http://mirrors.gigenet.com/apache/maven/maven-3/3.6.2/binaries/apache-maven-3.6.2-bin.tar.gz
+RUN apt-get update -y && apt-get install maven -y
+
+
+
+
+
+# Kubectl 
+
+RUN wget https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && chmod +x ./kubectl && mv ./kubectl /usr/local/bin/kubectl 
+
+
+
+# Need to ensure the gid here matches the gid on the host node. We ASSUME (hah!) this 
+
+# will be stable....keep an eye out for unable to connect to docker.sock in the builds 
+
+# RUN delgroup ping && delgroup docker && addgroup -g 999 docker && addgroup jenkins docker 
+
+
+
+# See https://github.com/kubernetes/minikube/issues/956. 
+
+# THIS IS FOR MINIKUBE TESTING ONLY - it is not production standard (we're running as root!) 
+
+RUN chown -R root "$JENKINS_HOME" /usr/share/jenkins/ref 
diff --git a/jenkins-ci/jenkins.yaml b/jenkins-ci/jenkins.yaml
@@ -0,0 +1,142 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: jenkins
+  namespace: default
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: jenkins
+  namespace: default
+rules:
+- apiGroups: [""]
+  resources: ["pods","services"]
+  verbs: ["create","delete","get","list","patch","update","watch"]
+- apiGroups: ["apps"]
+  resources: ["deployments"]
+  verbs: ["create","delete","get","list","patch","update","watch"]
+- apiGroups: [""]
+  resources: ["pods/exec"]
+  verbs: ["create","delete","get","list","patch","update","watch"]
+- apiGroups: [""]
+  resources: ["pods/log"]
+  verbs: ["get","list","watch"]
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get"]
+- apiGroups: [""]
+  resources: ["persistentvolumeclaims"]
+  verbs: ["create","delete","get","list","patch","update","watch"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  name: jenkins
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: jenkins
+subjects:
+- kind: ServiceAccount
+  name: jenkins
+---
+# Allows jenkins to create persistent volumes
+# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace.
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: jenkins-crb
+subjects:
+- kind: ServiceAccount
+  namespace: default
+  name: jenkins
+roleRef:
+  kind: ClusterRole
+  name: jenkinsclusterrole
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  # "namespace" omitted since ClusterRoles are not namespaced
+  name: jenkinsclusterrole
+rules:
+- apiGroups: [""]
+  resources: ["persistentvolumes"]
+  verbs: ["create","delete","get","list","patch","update","watch"]
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jenkins
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      app: jenkins
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: jenkins
+    spec:
+      containers:
+        - name: jenkins
+          image: myjenkins:latest
+          env:
+            - name: JAVA_OPTS
+              value: -Djenkins.install.runSetupWizard=false
+          ports:
+            - name: http-port
+              containerPort: 8080
+            - name: jnlp-port
+              containerPort: 50000
+          volumeMounts:
+            - name: jenkins-home
+              mountPath: /data/pv0001/
+            - name: docker-sock-volume
+              mountPath: "/var/run/docker.sock"
+          imagePullPolicy: "IfNotPresent"
+      volumes:
+        # This allows jenkins to use the docker daemon on the host, for running builds
+        # see https://stackoverflow.com/questions/27879713/is-it-ok-to-run-docker-from-inside-docker
+        - name: docker-sock-volume
+          hostPath:
+            path: /var/run/docker.sock
+        - name: jenkins-home
+          hostPath:
+            path: /data/pv0001/
+      serviceAccountName: jenkins
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: jenkins
+  namespace: default
+spec:
+  type: NodePort
+  ports:
+    - name: ui
+      port: 8080
+      targetPort: 8080
+      nodePort: 31000
+    - name: jnlp
+      port: 50000
+      targetPort: 50000
+  selector:
+    app: jenkins
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: pv0001
+spec:
+  accessModes:
+    - ReadWriteOnce
+  capacity:
+    storage: 5Gi
+  hostPath:
+    path: /data/pv0001/
diff --git a/logging/elastic-stack.yaml b/logging/elastic-stack.yaml
@@ -0,0 +1,46 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: elasticsearch
+spec:
+  selector:
+    matchLabels:
+      component: elasticsearch
+  template:
+    metadata:
+      labels:
+        component: elasticsearch
+    spec:
+      containers:
+      - name: elasticsearch
+        image: elasticsearch:7.3.2
+        env:
+        - name: discovery.type
+          value: single-node
+        ports:
+        - containerPort: 9200
+          name: http
+          protocol: TCP
+        resources:
+          limits:
+            cpu: 500m
+            memory: 4Gi
+          requests:
+            cpu: 500m
+            memory: 4Gi
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: elasticsearch
+  labels:
+    service: elasticsearch
+spec:
+  type: NodePort
+  selector:
+    component: elasticsearch
+  ports:
+  - port: 9200
+    targetPort: 9200