# Jenkins CI/CD сервер с динамическими Kubernetes Pod агентами, JCasC (Configuration as Code), 43 предустановленных плагина. При `addon_vault: true` автоматически настраивается интеграция с HashiCorp Vault. ## Быстрый старт ```yaml # group_vars/all/addons.yml addon_jenkins: true jenkins_ingress_host: "jenkins.example.com" jenkins_ingress_tls: true ``` Секрет в `vault.yml`: ```yaml vault_jenkins_admin_password: "secure-password" ``` ```bash make addon-jenkins ``` ## Параметры | Переменная | Умолч. | Описание | |---|---|---| | `jenkins_admin_user` | `admin` | Логин администратора | | `jenkins_ingress_host` | `jenkins.example.com` | Hostname | | `jenkins_ingress_tls` | `true` | TLS через cert-manager | | `jenkins_storage_size` | `20Gi` | PVC для Jenkins Home | | `jenkins_agent_enabled` | `true` | Dynamic k8s pod agents | | `jenkins_metrics_enabled` | `true` | Prometheus metrics endpoint | ## Предустановленные плагины (43) **Core/Pipeline:** kubernetes, workflow-aggregator, pipeline-stage-view, pipeline-utility-steps, job-dsl, configuration-as-code **SCM:** git, github, gitlab-plugin, gitea-plugin, bitbucket, ssh-agent **Secrets:** credentials-binding, **hashicorp-vault-plugin**, kubernetes-credentials **Security:** matrix-auth, role-strategy, ldap **Docker:** docker-workflow, docker-plugin **Build:** maven-plugin, gradle, nodejs, ansible **Quality:** junit, htmlpublisher, sonar, warnings-ng, jacoco, cobertura **Artifacts:** nexus-artifact-uploader, artifactory, publish-over-ssh **Notifications:** email-ext, slack, telegram-notifications, mattermost **Utils:** ws-cleanup, copyartifact, build-name-setter, throttle-concurrents, build-timeout, parameterized-trigger **UI:** blueocean, ansicolor, timestamper ## Declarative Pipeline ```groovy pipeline { agent { kubernetes { yaml """ apiVersion: v1 kind: Pod spec: containers: - name: maven image: maven:3.9-eclipse-temurin-17 command: ['cat'] tty: true - name: docker image: docker:dind securityContext: privileged: true """ } } stages { stage('Build') { steps { container('maven') { sh 'mvn clean package -DskipTests' } } } stage('Docker Build') { steps { container('docker') { sh 'docker build -t myapp:${BUILD_NUMBER} .' sh 'docker push harbor.example.com/library/myapp:${BUILD_NUMBER}' } } } stage('Test') { steps { container('maven') { sh 'mvn test' } post { always { junit 'target/surefire-reports/*.xml' } } } } } } ``` ## HashiCorp Vault интеграция При `addon_vault: true` JCasC автоматически настраивает Vault URL в Jenkins. Создай AppRole Credentials вручную: Jenkins → Manage Credentials → Add → Vault App Role Credential - ID: `vault-approle` - Role ID + Secret ID из Vault Использование в Pipeline: ```groovy withVault(configuration: [ vaultUrl: 'http://vault.vault.svc.cluster.local:8200', vaultCredentialId: 'vault-approle' ], vaultSecrets: [ [path: 'secret/myapp', secretValues: [ [envVar: 'DB_PASSWORD', vaultKey: 'db_password'], [envVar: 'API_KEY', vaultKey: 'api_key'] ]] ]) { sh 'echo "DB: $DB_PASSWORD"' } ``` ## Kubernetes Credentials ```groovy withKubeConfig([credentialsId: 'k8s-sa-token']) { sh 'kubectl get pods' } ``` ## Gitea webhook В настройках репозитория Gitea → Webhooks: - URL: `https://jenkins.example.com/gitea-webhook/post` - Secret: токен из Jenkins Credentials ## Настройка email уведомлений через SMTP Relay ```groovy post { failure { emailext( subject: "Build FAILED: ${env.JOB_NAME} #${env.BUILD_NUMBER}", body: "${env.BUILD_URL}", to: "team@example.com" ) } } ``` SMTP настройки: Jenkins → Manage → Configure System → Extended E-mail Notification: - SMTP server: `smtp-relay.smtp-relay.svc.cluster.local` - Port: `25` ## Диагностика ```bash kubectl logs -n jenkins statefulset/jenkins -f kubectl get pods -n jenkins ``` ## Официальные ресурсы - Официальный сайт: [https://www.jenkins.io/](https://www.jenkins.io/) - Официальная документация: [https://www.jenkins.io/doc/](https://www.jenkins.io/doc/) - Версии Helm chart / ПО: [https://artifacthub.io/packages/helm/jenkinsci/jenkins](https://artifacthub.io/packages/helm/jenkinsci/jenkins)