DevOpsTools/K3S
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
aae79414161ef907512005a43ea4d61e3bdb2cfa
K3S/addons/jenkins
History
Sergey Antropoff eccc1c2a01 docs: полная документация проекта — docs/ и README.md для каждого аддона 
- README.md: перепиcан как компактный обзор (98 строк) с навигацией по docs/
- docs/: 13 файлов — getting-started, architecture, configuration, addons,
  storage, security, cicd, observability, networking, operations,
  make-reference, molecule-testing, troubleshooting
- addons/*/README.md: 31 новый файл — описание, параметры, примеры кода
  для каждого из 34 аддонов (vault и external-secrets уже существовали)
2026-04-26 00:22:06 +03:00
..
role
feat: расширен список Jenkins plugins — Vault, RBAC, уведомления, quality
2026-04-25 18:53:46 +03:00
playbook.yml
feat: добавлены аддоны Jenkins, Gitea Actions, NetBird VPN
2026-04-25 18:41:54 +03:00
README.md
docs: полная документация проекта — docs/ и README.md для каждого аддона
2026-04-26 00:22:06 +03:00

README.md

Jenkins

CI/CD сервер с динамическими Kubernetes Pod агентами, JCasC (Configuration as Code), 43 предустановленных плагина. При addon_vault: true автоматически настраивается интеграция с HashiCorp Vault.

Быстрый старт

# group_vars/all/addons.yml
addon_jenkins: true
jenkins_ingress_host: "jenkins.example.com"
jenkins_ingress_tls: true

Секрет в vault.yml:

vault_jenkins_admin_password: "secure-password"

make addon-jenkins

Параметры

Переменная Умолч. Описание
jenkins_admin_user admin Логин администратора
jenkins_ingress_host jenkins.example.com Hostname
jenkins_ingress_tls true TLS через cert-manager
jenkins_storage_size 20Gi PVC для Jenkins Home
jenkins_agent_enabled true Dynamic k8s pod agents
jenkins_metrics_enabled true Prometheus metrics endpoint

Предустановленные плагины (43)

Core/Pipeline: kubernetes, workflow-aggregator, pipeline-stage-view, pipeline-utility-steps, job-dsl, configuration-as-code

SCM: git, github, gitlab-plugin, gitea-plugin, bitbucket, ssh-agent

Secrets: credentials-binding, hashicorp-vault-plugin, kubernetes-credentials

Security: matrix-auth, role-strategy, ldap

Docker: docker-workflow, docker-plugin

Build: maven-plugin, gradle, nodejs, ansible

Quality: junit, htmlpublisher, sonar, warnings-ng, jacoco, cobertura

Artifacts: nexus-artifact-uploader, artifactory, publish-over-ssh

Notifications: email-ext, slack, telegram-notifications, mattermost

Utils: ws-cleanup, copyartifact, build-name-setter, throttle-concurrents, build-timeout, parameterized-trigger

UI: blueocean, ansicolor, timestamper

Declarative Pipeline

pipeline {
    agent {
        kubernetes {
            yaml """
apiVersion: v1
kind: Pod
spec:
  containers:
    - name: maven
      image: maven:3.9-eclipse-temurin-17
      command: ['cat']
      tty: true
    - name: docker
      image: docker:dind
      securityContext:
        privileged: true
"""
        }
    }
    stages {
        stage('Build') {
            steps {
                container('maven') {
                    sh 'mvn clean package -DskipTests'
                }
            }
        }
        stage('Docker Build') {
            steps {
                container('docker') {
                    sh 'docker build -t myapp:${BUILD_NUMBER} .'
                    sh 'docker push harbor.example.com/library/myapp:${BUILD_NUMBER}'
                }
            }
        }
        stage('Test') {
            steps {
                container('maven') {
                    sh 'mvn test'
                }
                post {
                    always {
                        junit 'target/surefire-reports/*.xml'
                    }
                }
            }
        }
    }
}

HashiCorp Vault интеграция

При addon_vault: true JCasC автоматически настраивает Vault URL в Jenkins.

Создай AppRole Credentials вручную: Jenkins → Manage Credentials → Add → Vault App Role Credential

  • ID: vault-approle
  • Role ID + Secret ID из Vault

Использование в Pipeline:

withVault(configuration: [
    vaultUrl: 'http://vault.vault.svc.cluster.local:8200',
    vaultCredentialId: 'vault-approle'
], vaultSecrets: [
    [path: 'secret/myapp', secretValues: [
        [envVar: 'DB_PASSWORD', vaultKey: 'db_password'],
        [envVar: 'API_KEY', vaultKey: 'api_key']
    ]]
]) {
    sh 'echo "DB: $DB_PASSWORD"'
}

Kubernetes Credentials

withKubeConfig([credentialsId: 'k8s-sa-token']) {
    sh 'kubectl get pods'
}

Gitea webhook

В настройках репозитория Gitea → Webhooks:

  • URL: https://jenkins.example.com/gitea-webhook/post
  • Secret: токен из Jenkins Credentials

Настройка email уведомлений через SMTP Relay

post {
    failure {
        emailext(
            subject: "Build FAILED: ${env.JOB_NAME} #${env.BUILD_NUMBER}",
            body: "${env.BUILD_URL}",
            to: "team@example.com"
        )
    }
}

SMTP настройки: Jenkins → Manage → Configure System → Extended E-mail Notification:

  • SMTP server: smtp-relay.smtp-relay.svc.cluster.local
  • Port: 25

Диагностика

kubectl logs -n jenkins statefulset/jenkins -f
kubectl get pods -n jenkins