[stage-5] add jenkins helm chart

k8s/helm/jenkins/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

k8s/helm/jenkins/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: jenkins
+description: jenkins ci helm chart
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "lts-jdk11"

k8s/helm/jenkins/templates/NOTES.txt

@@ -0,0 +1,6 @@
+---------------------------------------------------------
+
+Jenkins CI/CD main instance.
+Deployed version {{ .Values.image.tag | default .Chart.AppVersion }}.
+
+---------------------------------------------------------

k8s/helm/jenkins/templates/deployment.yaml

@@ -0,0 +1,50 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: {{ .Chart.Name }}-{{ .Values.environment }}-main
+    service: jenkins
+  name: {{ .Chart.Name }}-{{ .Values.environment }}-main
+  namespace: devops-tools
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ .Chart.Name }}-{{ .Values.environment }}-main
+      service: jenkins
+  template:
+    metadata:
+      labels:
+        app: {{ .Chart.Name }}-{{ .Values.environment }}-main
+        service: jenkins
+    spec:
+      serviceAccountName: jenkins-admin
+      initContainers:
+        - name: volume-mount-hack
+          image: busybox:latest
+          command: [ "sh", "-c", "chown -R 1000:1000 /var/jenkins_home" ]
+          volumeMounts:
+            - name: jenkins-data
+              mountPath: /var/jenkins_home
+      containers:
+        - image: {{ .Values.image.name }}:{{ .Values.image.tag | default .Chart.AppVersion }}
+          imagePullPolicy: Always
+          name: jenkins-main
+          ports:
+            - name: web
+              containerPort: 8080
+            - name: jnlp
+              containerPort: 50000
+          env:
+            - name: JENKINS_OPTS
+              value: "--prefix=/jenkins"
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - name: jenkins-data
+              mountPath: /var/jenkins_home
+      volumes:
+        - name: jenkins-data
+          persistentVolumeClaim:
+            claimName: jenkins-pv-claim

k8s/helm/jenkins/templates/ingress.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ .Chart.Name }}-{{ .Values.environment }}-ingress
+  namespace: devops-tools
+  annotations:
+    kubernetes.io/ingress.class: nginx
+spec:
+  rules:
+    - http:
+        paths:
+          - path: /jenkins
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ .Chart.Name }}-{{ .Values.environment }}-main
+                port:
+                  name: web

k8s/helm/jenkins/templates/namespace.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: devops-tools

k8s/helm/jenkins/templates/service-account.yaml

@@ -0,0 +1,30 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: jenkins-admin
+rules:
+  - apiGroups: [""]
+    resources: ["*"]
+    verbs: ["*"]
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: jenkins-admin
+  namespace: devops-tools
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: jenkins-admin
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: jenkins-admin
+subjects:
+  - kind: ServiceAccount
+    name: jenkins-admin
+    namespace: devops-tools

k8s/helm/jenkins/templates/service.yaml

@@ -0,0 +1,28 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Chart.Name }}-{{ .Values.environment }}-main
+  namespace: devops-tools
+spec:
+  ports:
+    - name: web
+      port: 8080
+  selector:
+    app: {{ .Chart.Name }}-{{ .Values.environment }}-main
+    service: jenkins
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Chart.Name }}-{{ .Values.environment }}-main-np
+  namespace: devops-tools
+spec:
+  type: NodePort
+  ports:
+    - name: jnlp
+      port: 30000
+      nodePort: 30000
+  selector:
+    app: {{ .Chart.Name }}-{{ .Values.environment }}-main
+    service: jenkins

k8s/helm/jenkins/templates/volume.yaml

@@ -0,0 +1,41 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: jenkins-pv-volume
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  claimRef:
+    name: jenkins-pv-claim
+    namespace: devops-tools
+  capacity:
+    storage: 10Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: /mnt/jenkins
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/hostname
+              operator: In
+              values:
+                - node1
+                - node2
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: jenkins-pv-claim
+  namespace: devops-tools
+spec:
+  storageClassName: local-storage
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 3Gi

k8s/helm/jenkins/values.yaml

@@ -0,0 +1,13 @@
+environment: production
+
+image:
+  name: jenkins/jenkins
+  tag:
+
+resources:
+  limits:
+    cpu: 500m
+    memory: 2Gi
+  requests:
+    cpu: 500m
+    memory: 500Mi

readme.md

@@ -89,3 +89,9 @@ ansible-playbook -i ansible/kubectl_init kubectl_init.yml
   
     где `<access_token>`, `<token_secret>` - это данные персонального access-токена, созданного на github,
     а `<webhook_secret>` - строка, которая должна совпадать в конфигурации webhook и atlantis.
+
+* [jenkins](https://www.jenkins.io/)
+
+    ```shell
+    helm isntall jenkins k8s/helm/jenkins
+    ```