[DO-1239] add pod templates (#44)

Co-authored-by: Rustam Tagaev <rustam.tagaev@avroid.tech> Reviewed-on: https://git.avroid.tech/DevOps/jenkins-shared-lib/pulls/44 Reviewed-by: Denis Patrakeev <denis.patrakeev@avroid.team> Co-authored-by: Rustam Tagaev <rustam.tagaev@avroid.team> Co-committed-by: Rustam Tagaev <rustam.tagaev@avroid.team>
2024-11-15 13:28:03 +03:00
parent 4b6b2d25f4
commit 47a42636db
2 changed files with 135 additions and 1 deletions
--- a/src/tech/avroid/kube/PodTemplates.groovy
+++ b/src/tech/avroid/kube/PodTemplates.groovy
@@ -0,0 +1,134 @@
 package tech.avroid.kube
 class PodTemplates implements Serializable {
    String registry
    Object script
    List dockerCreds
    public PodTemplates(script, String registry, List dockerCreds) {
        this.script = script
        this.registry = registry
        this.dockerCreds = dockerCreds
    }
    protected rawYaml() {
        return """spec:
        tolerations:
        - key: node-role.kubernetes.io/build-node
        effect: NoSchedule
    """
    }
    public void jnlp(body) {
        this.script.podTemplate(
            containers: [
                this.script.containerTemplate(
                    alwaysPullImage: true,
                    name: 'jnlp',
                    image: "${this.registry}/docker-hub-proxy/jenkins/inbound-agent:jdk17",
                    envVars: [
                        this.script.containerEnvVar(key: 'HOME', value: '/home/jenkins'),
                    ],
                    resourceRequestCpu: '50m',
                    resourceRequestMemory: '256Mi',
                    resourceLimitCpu: '2',
                    resourceLimitMemory: '4Gi',
                    workingDir: '/jenkins',
                ),
            ],
            instanceCap: 2,
            showRawYaml: false,
            volumes: [
                this.script.emptyDirVolume(memory: false, mountPath: '/tmp'),
                this.script.emptyDirVolume(memory: false, mountPath: '/home/jenkins/.cache'),
                this.script.emptyDirVolume(memory: false, mountPath: '/home/jenkins/.npm'),
                this.script.emptyDirVolume(memory: false, mountPath: '/home/jenkins/.config'),
                this.script.emptyDirVolume(memory: false, mountPath: '/home/jenkins/.composer'),
                this.script.emptyDirVolume(memory: false, mountPath: '/home/jenkins/.local'),
            ],
            workspaceVolume: this.script.emptyDirWorkspaceVolume(false),
            yaml: this.rawYaml(),
        )
        {
            body.call()
        }
    }
    public void poetry(body) {
        this.script.podTemplate(
            imagePullSecrets: this.dockerCreds,
            containers: [
                this.script.containerTemplate(
                    alwaysPullImage: true,
                    name: 'poetry',
                    image: "${this.registry}/devops/poetry:1.8.4",
                    envVars: [
                        this.script.containerEnvVar(key: 'HOME', value: '/home/jenkins'),
                    ],
                    shell: '/bin/sh',
                    ttyEnabled: true,
                    command: 'cat',
                    resourceRequestCpu: '100m',
                    resourceRequestMemory: '64Mi',
                    resourceLimitCpu: '100m',
                    resourceLimitMemory: '64Gi',
                    workingDir: '/jenkins',
                ),
            ],
            instanceCap: 1,
            showRawYaml: false,
            volumes: [
                this.script.emptyDirVolume(memory: false, mountPath: '/tmp'),
            ],
            workspaceVolume: this.script.emptyDirWorkspaceVolume(false),
            yaml: this.rawYaml(),
        )
        {
            body.call()
        }
    }
    public void docker(body) {
        this.script.podTemplate(
            // serviceAccount: 'jenkins-privileged',
            imagePullSecrets: this.dockerCreds,
            containers: [
                this.script.containerTemplate(
                    alwaysPullImage: true,
                    name: 'docker',
                    image: "${registry}/docker-hub-proxy/docker:27.3.1-dind",
                    envVars: [
                        this.script.containerEnvVar(key: 'HOME', value: '/home/jenkins'),
                    ],
                    ttyEnabled: true,
                    command: '/usr/local/bin/dockerd-entrypoint.sh',
                    // args: """--insecure-registry=${registry} \
                    //          --bip=192.168.222.1/24 \
                    //          --storage-driver=overlay""",
                    privileged: true,
                    resourceRequestCpu: '500m',
                    resourceLimitCpu: '4',
                    resourceRequestMemory: '512Mi',
                    resourceLimitMemory: '3Gi',
                    workingDir: '/jenkins',
                ),
            ],
            instanceCap: 1,
            showRawYaml: false,
            volumes: [
                // this.script.secretVolume(secretName: 'docker-config', mountPath: '/home/jenkins/.docker'),
                this.script.emptyDirVolume(memory: false, mountPath: '/var/lib/docker'),
                this.script.emptyDirVolume(memory: false, mountPath: '/home/jenkins/.local'),
                this.script.emptyDirVolume(memory: false, mountPath: '/home/jenkins/.cache'),
            ],
            workspaceVolume: this.script.emptyDirWorkspaceVolume(false),
        )
        {
            body.call()
        }
    }
 }
--- a/vars/getPodTemplate.groovy
+++ b/vars/getPodTemplate.groovy
@@ -329,7 +329,7 @@ Object pythonBuildTemplate = """
            memory: 512Mi
          imagePullPolicy: Always
      imagePullSecrets:
-      - name: harbor-registry-secret
+      - name: ${env.JENKINS_K8S_HARBOR_SECRET}
 """
    switch (podTemplateName) {