From 86c4957620d0a2c9f237949b4162b01e32783105 Mon Sep 17 00:00:00 2001
From: Jim Nicholson <thejimnicholson@gmail.com>
Date: Sun, 31 Oct 2021 22:40:40 -0700
Subject: [PATCH] Initial Commit

---
 README.md            |  4 +++
 credentials.yaml     | 76 ++++++++++++++++++++++++++++++++++++++++++++
 jenkins-ingress.yaml | 22 +++++++++++++
 jenkins-service.yaml | 26 +++++++++++++++
 jenkins-volume.yaml  | 28 ++++++++++++++++
 jenkins.yaml         | 30 +++++++++++++++++
 kustomize.yaml       |  6 ++++
 7 files changed, 192 insertions(+)
 create mode 100644 README.md
 create mode 100644 credentials.yaml
 create mode 100644 jenkins-ingress.yaml
 create mode 100644 jenkins-service.yaml
 create mode 100644 jenkins-volume.yaml
 create mode 100644 jenkins.yaml
 create mode 100644 kustomize.yaml

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..315f570
--- /dev/null
+++ b/README.md
@@ -0,0 +1,4 @@
+# Jenkins under Kubernetes
+
+Deploys Jenkins to a kubernetes cluster.
+Uses NFS for persistent storage.
diff --git a/credentials.yaml b/credentials.yaml
new file mode 100644
index 0000000..893834c
--- /dev/null
+++ b/credentials.yaml
@@ -0,0 +1,76 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: jenkins
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  labels:
+    kubernetes.io/bootstrapping: rbac-defaults
+  name: jenkins
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - statefulsets
+  - services
+  - replicationcontrollers
+  - replicasets
+  - podtemplates
+  - podsecuritypolicies
+  - pods
+  - pods/log
+  - pods/exec
+  - podpreset
+  - poddisruptionbudget
+  - persistentvolumes
+  - persistentvolumeclaims
+  - jobs
+  - endpoints
+  - deployments
+  - deployments/scale
+  - daemonsets
+  - cronjobs
+  - configmaps
+  - namespaces
+  - events
+  - secrets
+  verbs:
+  - create
+  - get
+  - watch
+  - delete
+  - list
+  - patch
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  labels:
+    kubernetes.io/bootstrapping: rbac-defaults
+  name: jenkins
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: jenkins
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: system:serviceaccounts:jenkins
+
diff --git a/jenkins-ingress.yaml b/jenkins-ingress.yaml
new file mode 100644
index 0000000..03eaf6d
--- /dev/null
+++ b/jenkins-ingress.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: jenkins-ingress
+  namespace: jenkins
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    cert-manager.io/cluster-issuer: http-clusterissuer
+spec:
+  rules:
+  - host: jenkins.thejimnicholson.com
+    http:
+      paths:
+      - backend:
+          serviceName: jenkins
+          servicePort: 8080
+  tls:
+  - hosts:
+    - jenkins.thejimnicholson.com
+    secretName: jenkins.thejimnicholson.com
\ No newline at end of file
diff --git a/jenkins-service.yaml b/jenkins-service.yaml
new file mode 100644
index 0000000..88612e5
--- /dev/null
+++ b/jenkins-service.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: jenkins
+  namespace: jenkins
+spec:
+  type: ClusterIP
+  ports:
+    - port: 8080
+      targetPort: 8080
+  selector:
+    app: jenkins
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: jenkins-jnlp
+  namespace: jenkins
+spec:
+  type: ClusterIP
+  ports:
+    - port: 50000
+      targetPort: 50000
+  selector:
+    app: jenkins
\ No newline at end of file
diff --git a/jenkins-volume.yaml b/jenkins-volume.yaml
new file mode 100644
index 0000000..c21a3a1
--- /dev/null
+++ b/jenkins-volume.yaml
@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: jenkins-pv
+  namespace: jenkins
+spec:
+  accessModes:
+    - ReadWriteOnce
+  capacity:
+    storage: 20Gi
+  persistentVolumeReclaimPolicy: Retain
+  mountOptions:
+    - nolock
+  nfs:
+    server: 10.0.97.2
+    path: /volume1/storage/jenkins
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: jenkins-pvc
+  namespace: jenkins
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
diff --git a/jenkins.yaml b/jenkins.yaml
new file mode 100644
index 0000000..eec54ed
--- /dev/null
+++ b/jenkins.yaml
@@ -0,0 +1,30 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jenkins
+  namespace: jenkins
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: jenkins
+  template:
+    metadata:
+      labels:
+        app: jenkins
+    spec:
+      containers:
+      - name: jenkins
+        image: jenkins/jenkins:jdk11
+        ports:
+          - name: http-port
+            containerPort: 8080
+          - name: jnlp-port
+            containerPort: 50000
+        volumeMounts:
+          - name: jenkins-vol
+            mountPath: /var/jenkins_home
+      volumes:
+        - name: jenkins-vol
+          persistentVolumeClaim:
+            claimName: jenkins-pvc
diff --git a/kustomize.yaml b/kustomize.yaml
new file mode 100644
index 0000000..5584925
--- /dev/null
+++ b/kustomize.yaml
@@ -0,0 +1,6 @@
+resources:
+- credentials.yaml
+- jenkins-volume.yaml
+- jenkins.yaml
+- jenkins-service.yaml
+- jenkins-ingress.yaml