From 47a42636db31fd34696bd9d99286b8bc23559b1e Mon Sep 17 00:00:00 2001 From: Rustam Tagaev Date: Fri, 15 Nov 2024 13:28:03 +0300 Subject: [PATCH] [DO-1239] add pod templates (#44) Co-authored-by: Rustam Tagaev Reviewed-on: https://git.avroid.tech/DevOps/jenkins-shared-lib/pulls/44 Reviewed-by: Denis Patrakeev Co-authored-by: Rustam Tagaev Co-committed-by: Rustam Tagaev --- src/tech/avroid/kube/PodTemplates.groovy | 134 +++++++++++++++++++++++ vars/getPodTemplate.groovy | 2 +- 2 files changed, 135 insertions(+), 1 deletion(-) create mode 100644 src/tech/avroid/kube/PodTemplates.groovy diff --git a/src/tech/avroid/kube/PodTemplates.groovy b/src/tech/avroid/kube/PodTemplates.groovy new file mode 100644 index 0000000..ae2f850 --- /dev/null +++ b/src/tech/avroid/kube/PodTemplates.groovy @@ -0,0 +1,134 @@ +package tech.avroid.kube + + +class PodTemplates implements Serializable { + String registry + Object script + List dockerCreds + + public PodTemplates(script, String registry, List dockerCreds) { + this.script = script + this.registry = registry + this.dockerCreds = dockerCreds + } + + protected rawYaml() { + return """spec: + tolerations: + - key: node-role.kubernetes.io/build-node + effect: NoSchedule + """ + } + public void jnlp(body) { + this.script.podTemplate( + containers: [ + this.script.containerTemplate( + alwaysPullImage: true, + name: 'jnlp', + image: "${this.registry}/docker-hub-proxy/jenkins/inbound-agent:jdk17", + envVars: [ + this.script.containerEnvVar(key: 'HOME', value: '/home/jenkins'), + ], + resourceRequestCpu: '50m', + resourceRequestMemory: '256Mi', + resourceLimitCpu: '2', + resourceLimitMemory: '4Gi', + workingDir: '/jenkins', + ), + ], + instanceCap: 2, + showRawYaml: false, + volumes: [ + this.script.emptyDirVolume(memory: false, mountPath: '/tmp'), + this.script.emptyDirVolume(memory: false, mountPath: '/home/jenkins/.cache'), + this.script.emptyDirVolume(memory: false, mountPath: '/home/jenkins/.npm'), + this.script.emptyDirVolume(memory: false, mountPath: '/home/jenkins/.config'), + this.script.emptyDirVolume(memory: false, mountPath: '/home/jenkins/.composer'), + this.script.emptyDirVolume(memory: false, mountPath: '/home/jenkins/.local'), + ], + workspaceVolume: this.script.emptyDirWorkspaceVolume(false), + yaml: this.rawYaml(), + ) + + { + body.call() + } + } + + public void poetry(body) { + this.script.podTemplate( + imagePullSecrets: this.dockerCreds, + containers: [ + this.script.containerTemplate( + alwaysPullImage: true, + name: 'poetry', + image: "${this.registry}/devops/poetry:1.8.4", + envVars: [ + this.script.containerEnvVar(key: 'HOME', value: '/home/jenkins'), + ], + shell: '/bin/sh', + ttyEnabled: true, + command: 'cat', + resourceRequestCpu: '100m', + resourceRequestMemory: '64Mi', + resourceLimitCpu: '100m', + resourceLimitMemory: '64Gi', + workingDir: '/jenkins', + ), + ], + instanceCap: 1, + showRawYaml: false, + volumes: [ + this.script.emptyDirVolume(memory: false, mountPath: '/tmp'), + ], + workspaceVolume: this.script.emptyDirWorkspaceVolume(false), + yaml: this.rawYaml(), + ) + + { + body.call() + } + } + + public void docker(body) { + this.script.podTemplate( + // serviceAccount: 'jenkins-privileged', + imagePullSecrets: this.dockerCreds, + containers: [ + this.script.containerTemplate( + alwaysPullImage: true, + name: 'docker', + image: "${registry}/docker-hub-proxy/docker:27.3.1-dind", + envVars: [ + this.script.containerEnvVar(key: 'HOME', value: '/home/jenkins'), + ], + ttyEnabled: true, + command: '/usr/local/bin/dockerd-entrypoint.sh', + // args: """--insecure-registry=${registry} \ + // --bip=192.168.222.1/24 \ + // --storage-driver=overlay""", + privileged: true, + resourceRequestCpu: '500m', + resourceLimitCpu: '4', + resourceRequestMemory: '512Mi', + resourceLimitMemory: '3Gi', + workingDir: '/jenkins', + ), + ], + instanceCap: 1, + showRawYaml: false, + volumes: [ + // this.script.secretVolume(secretName: 'docker-config', mountPath: '/home/jenkins/.docker'), + this.script.emptyDirVolume(memory: false, mountPath: '/var/lib/docker'), + this.script.emptyDirVolume(memory: false, mountPath: '/home/jenkins/.local'), + this.script.emptyDirVolume(memory: false, mountPath: '/home/jenkins/.cache'), + ], + workspaceVolume: this.script.emptyDirWorkspaceVolume(false), + ) + + { + body.call() + } + } + +} diff --git a/vars/getPodTemplate.groovy b/vars/getPodTemplate.groovy index 2b30e73..5e7e908 100644 --- a/vars/getPodTemplate.groovy +++ b/vars/getPodTemplate.groovy @@ -329,7 +329,7 @@ Object pythonBuildTemplate = """ memory: 512Mi imagePullPolicy: Always imagePullSecrets: - - name: harbor-registry-secret + - name: ${env.JENKINS_K8S_HARBOR_SECRET} """ switch (podTemplateName) {