e57e676392
Jenkins: - Helm chart jenkins/jenkins, dynamic k8s Pod agents, JCasC конфигурация - 14 предустановленных плагинов (k8s, pipeline, git, blueocean, github/gitlab/gitea) - Prometheus ServiceMonitor, Ingress с TLS Gitea Actions: - Флаг gitea_actions_enabled (default: false) в gitea Helm values - act_runner Deployment с Docker-in-Docker sidecar (gitea_actions_runner_enabled) - Job автоматически по��учает registration token через Gitea API и сохраняет в Secret - Настраиваемые labels, replicas, DinD on/off NetBird VPN (self-hosted WireGuard mesh): - Management server (Helm netbirdio/management) — gRPC API + peer management - Signal server (Helm netbirdio/signal) — WebRTC peer discovery - Coturn — STUN/TURN с hostNetwork (корректный внешний IP) - Все компоненты через kube-vip LoadBalancer (авто-назначение IP из pool) - Subnet Router Deployment (hostNetwork + NET_ADMIN + ip_forward) — VPN-клиенты получают ��оступ к подсетям кластера - Exit Node Deployment (hostNetwork + MASQUERADE iptables) — весь интернет-трафик VPN-клиентов через ноду кластера - Static LB IPs через kube-vip annotation (опционально)
83 lines
2.8 KiB
YAML
83 lines
2.8 KiB
YAML
---
|
|
- name: Add Jenkins Helm repo
|
|
kubernetes.core.helm_repository:
|
|
name: jenkins
|
|
repo_url: "{{ jenkins_chart_repo }}"
|
|
environment:
|
|
KUBECONFIG: "{{ k3s_kubeconfig_path }}"
|
|
|
|
- name: Get latest Jenkins chart version
|
|
ansible.builtin.shell: |
|
|
helm search repo jenkins/jenkins --output json | \
|
|
python3 -c "import sys,json; print(json.load(sys.stdin)[0]['version'])"
|
|
register: _jenkins_latest_version
|
|
changed_when: false
|
|
when: jenkins_version == ""
|
|
environment:
|
|
KUBECONFIG: "{{ k3s_kubeconfig_path }}"
|
|
|
|
- name: Set Jenkins chart version
|
|
ansible.builtin.set_fact:
|
|
_jenkins_version: "{{ jenkins_version if jenkins_version != '' else _jenkins_latest_version.stdout | trim }}"
|
|
|
|
- name: Template Jenkins values
|
|
ansible.builtin.template:
|
|
src: jenkins-values.yaml.j2
|
|
dest: /tmp/jenkins-values.yaml
|
|
mode: '0600'
|
|
|
|
- name: Install Jenkins via Helm
|
|
kubernetes.core.helm:
|
|
name: jenkins
|
|
chart_ref: jenkins/jenkins
|
|
chart_version: "{{ _jenkins_version }}"
|
|
release_namespace: "{{ jenkins_namespace }}"
|
|
create_namespace: true
|
|
wait: true
|
|
timeout: "10m0s"
|
|
values_files:
|
|
- /tmp/jenkins-values.yaml
|
|
environment:
|
|
KUBECONFIG: "{{ k3s_kubeconfig_path }}"
|
|
|
|
- name: Wait for Jenkins to be ready
|
|
ansible.builtin.command: >
|
|
k3s kubectl -n {{ jenkins_namespace }}
|
|
rollout status statefulset/jenkins --timeout=300s
|
|
changed_when: false
|
|
retries: 3
|
|
delay: 15
|
|
|
|
- name: Create Prometheus ServiceMonitor for Jenkins
|
|
kubernetes.core.k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: monitoring.coreos.com/v1
|
|
kind: ServiceMonitor
|
|
metadata:
|
|
name: jenkins
|
|
namespace: "{{ jenkins_namespace }}"
|
|
labels:
|
|
release: kube-prometheus-stack
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/component: jenkins-controller
|
|
endpoints:
|
|
- port: http
|
|
path: /prometheus
|
|
interval: 30s
|
|
when: jenkins_metrics_enabled | bool and addon_prometheus_stack | default(false) | bool
|
|
|
|
- name: Show Jenkins access info
|
|
ansible.builtin.debug:
|
|
msg:
|
|
- "Jenkins установлен в namespace: {{ jenkins_namespace }}"
|
|
- "{% if jenkins_ingress_enabled %}URL: http{{ 's' if jenkins_ingress_tls else '' }}://{{ jenkins_ingress_host }}{% else %}Port-forward: kubectl port-forward -n {{ jenkins_namespace }} svc/jenkins 8080:8080{% endif %}"
|
|
- "Логин: {{ jenkins_admin_user }} / {{ jenkins_admin_password }}"
|
|
- "Kubernetes agents: {{ 'включены' if jenkins_agent_enabled else 'отключены' }}"
|
|
- "Plugins ({{ jenkins_plugins | length }}): {{ jenkins_plugins | join(', ') }}"
|
|
- ""
|
|
- "Первый запуск займёт 3-5 мин (установка plugins). Следи за логами:"
|
|
- " kubectl logs -n {{ jenkins_namespace }} jenkins-0 -c jenkins -f"
|