DevOpsTools/K3S
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
38aaadbfb17b9c8ca7b8786a6865212ac9b44ef7
K3S/addons/jenkins/README.md
Sergey Antropoff 38aaadbfb1 docs: sync addon docs with explicit external/internal service modes 
Обновлена документация под новые аддоны (gitlab, redis, mongodb, kafka, kafka-ui, rabbitmq) и новую модель явного выбора зависимостей. Добавлены и унифицированы описания переключателей *_database_mode и *_redis_mode, обновлена таблица зависимостей аддонов, примеры конфигурации и список vault-секретов.
2026-04-29 23:21:04 +03:00

178 lines
5.0 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Jenkins
CI/CD сервер с динамическими Kubernetes Pod агентами, JCasC (Configuration as Code), 43 предустановленных плагина. При `addon_vault: true` автоматически настраивается интеграция с HashiCorp Vault.
## Быстрый старт
```yaml
# group_vars/all/addons.yml
addon_jenkins: true
jenkins_ingress_host: "jenkins.example.com"
jenkins_ingress_tls: true
```
Секрет в `vault.yml`:
```yaml
vault_jenkins_admin_password: "secure-password"
```
```bash
make addon-jenkins
```
## Параметры
| Переменная | Умолч. | Описание |
|---|---|---|
| `jenkins_admin_user` | `admin` | Логин администратора |
| `jenkins_ingress_host` | `jenkins.example.com` | Hostname |
| `jenkins_ingress_tls` | `true` | TLS через cert-manager |
| `jenkins_storage_size` | `20Gi` | PVC для Jenkins Home |
| `jenkins_agent_enabled` | `true` | Dynamic k8s pod agents |
| `jenkins_metrics_enabled` | `true` | Prometheus metrics endpoint |
## Предустановленные плагины (43)
**Core/Pipeline:** kubernetes, workflow-aggregator, pipeline-stage-view, pipeline-utility-steps, job-dsl, configuration-as-code
**SCM:** git, github, gitlab-plugin, gitea-plugin, bitbucket, ssh-agent
**Secrets:** credentials-binding, **hashicorp-vault-plugin**, kubernetes-credentials
**Security:** matrix-auth, role-strategy, ldap
**Docker:** docker-workflow, docker-plugin
**Build:** maven-plugin, gradle, nodejs, ansible
**Quality:** junit, htmlpublisher, sonar, warnings-ng, jacoco, cobertura
**Artifacts:** nexus-artifact-uploader, artifactory, publish-over-ssh
**Notifications:** email-ext, slack, telegram-notifications, mattermost
**Utils:** ws-cleanup, copyartifact, build-name-setter, throttle-concurrents, build-timeout, parameterized-trigger
**UI:** blueocean, ansicolor, timestamper
## Declarative Pipeline
```groovy
pipeline {
agent {
kubernetes {
yaml """
apiVersion: v1
kind: Pod
spec:
containers:
- name: maven
image: maven:3.9-eclipse-temurin-17
command: ['cat']
tty: true
- name: docker
image: docker:dind
securityContext:
privileged: true
"""
}
}
stages {
stage('Build') {
steps {
container('maven') {
sh 'mvn clean package -DskipTests'
}
}
}
stage('Docker Build') {
steps {
container('docker') {
sh 'docker build -t myapp:${BUILD_NUMBER} .'
sh 'docker push harbor.example.com/library/myapp:${BUILD_NUMBER}'
}
}
}
stage('Test') {
steps {
container('maven') {
sh 'mvn test'
}
post {
always {
junit 'target/surefire-reports/*.xml'
}
}
}
}
}
}
```
## HashiCorp Vault интеграция
При `addon_vault: true` JCasC автоматически настраивает Vault URL в Jenkins.
Создай AppRole Credentials вручную: Jenkins → Manage Credentials → Add → Vault App Role Credential
- ID: `vault-approle`
- Role ID + Secret ID из Vault
Использование в Pipeline:
```groovy
withVault(configuration: [
vaultUrl: 'http://vault.vault.svc.cluster.local:8200',
vaultCredentialId: 'vault-approle'
], vaultSecrets: [
[path: 'secret/myapp', secretValues: [
[envVar: 'DB_PASSWORD', vaultKey: 'db_password'],
[envVar: 'API_KEY', vaultKey: 'api_key']
]]
]) {
sh 'echo "DB: $DB_PASSWORD"'
}
```
## Kubernetes Credentials
```groovy
withKubeConfig([credentialsId: 'k8s-sa-token']) {
sh 'kubectl get pods'
}
```
## Gitea webhook
В настройках репозитория Gitea → Webhooks:
- URL: `https://jenkins.example.com/gitea-webhook/post`
- Secret: токен из Jenkins Credentials
## Настройка email уведомлений через SMTP Relay
```groovy
post {
failure {
emailext(
subject: "Build FAILED: ${env.JOB_NAME} #${env.BUILD_NUMBER}",
body: "${env.BUILD_URL}",
to: "team@example.com"
)
}
}
```
SMTP настройки: Jenkins → Manage → Configure System → Extended E-mail Notification:
- SMTP server: `smtp-relay.smtp-relay.svc.cluster.local`
- Port: `25`
## Диагностика
```bash
kubectl logs -n jenkins statefulset/jenkins -f
kubectl get pods -n jenkins
```
## Официальные ресурсы
- Официальный сайт: [https://www.jenkins.io/](https://www.jenkins.io/)
- Официальная документация: [https://www.jenkins.io/doc/](https://www.jenkins.io/doc/)
- Версии Helm chart / ПО: [https://artifacthub.io/packages/helm/jenkinsci/jenkins](https://artifacthub.io/packages/helm/jenkinsci/jenkins)
Reference in New Issue View Git Blame Copy Permalink