JenkinsKaniko es la buena

3 months ago · aa944f7bd5
--- a/Jenkins/jenkins-deployment.yaml
+++ b/Jenkins/jenkins-deployment.yaml
@ -1,3 +1,16 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: jenkins-rbac
 subjects:
  - kind: ServiceAccount
    name: default
    namespace: default
 roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@ -23,21 +36,21 @@ spec:
      labels:
        io.kompose.service: jenkins
    spec:
      securityContext:
          fsGroup: 0
          runAsUser: 0
      #securityContext:
          #fsGroup: 0
          #runAsUser: 0
      containers:
        #- image: jenkins/jenkins:2.484
        - image: jenkins/jenkins:2.484
        #- image: cirolini/jenkins-docker-kubectl
        - image: localhost:30400/jenkins-cicd
        #- image: localhost:30400/jenkins-cicd
          name: jenkins
          ports:
            - containerPort: 8080
              protocol: TCP
            - containerPort: 50000
              protocol: TCP
          securityContext:
            privileged: true
          #securityContext:
            #privileged: true
          volumeMounts:
            - mountPath: /var/jenkins_home
              name: jenkins-claim0
--- a/JenkinsK8S/config.json
+++ b/JenkinsK8S/config.json
@ -0,0 +1,7 @@
 {
   "auths": {
     "https://registry.reymota.es": {
       "auth": "Y3JleWxvcGV6OlJleS0xMTc2"
     }
   }
 }
--- a/JenkinsK8S/creaNS.sh
+++ b/JenkinsK8S/creaNS.sh
@ -0,0 +1 @@
 kubectl create namespace devops-tools
--- a/JenkinsK8S/deployment.yaml
+++ b/JenkinsK8S/deployment.yaml
@ -0,0 +1,58 @@
 # Deployment Config
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: jenkins-deployment
  namespace: devops-tools
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: jenkins
  template:
    metadata:
      labels:
        app: jenkins
    spec:
      serviceAccountName: jenkins-admin
      securityContext:
            fsGroup: 1000 
            runAsUser: 1000
      containers:
        - name: jenkins
          image: jenkins/jenkins:lts
          resources:
            limits:
              memory: "2Gi"
              cpu: "1000m"
            requests:
              memory: "500Mi"
              cpu: "500m"
          ports:
            - name: httpport
              containerPort: 8080
            - name: jnlpport
              containerPort: 50000
          livenessProbe:
            httpGet:
              path: "/login"
              port: 8080
            initialDelaySeconds: 90
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 5
          readinessProbe:
            httpGet:
              path: "/login"
              port: 8080
            initialDelaySeconds: 60
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 3
          volumeMounts:
            - name: jenkins-data
              mountPath: /var/jenkins_home         
      volumes:
        - name: jenkins-data
          persistentVolumeClaim:
              claimName: jenkins-pv-claim
--- a/JenkinsK8S/pvc-jenkins.yaml
+++ b/JenkinsK8S/pvc-jenkins.yaml
@ -0,0 +1,13 @@
 # Persistent Volume Claim
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: jenkins-pv-claim
  namespace: devops-tools
 spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 50Gi
  storageClassName: local-path
--- a/JenkinsK8S/secret.yaml
+++ b/JenkinsK8S/secret.yaml
@ -0,0 +1,8 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: sa-token-secret
  namespace: devops-tools
  annotations:
    kubernetes.io/service-account.name: jenkins-admin
 type: kubernetes.io/service-account-token
--- a/JenkinsK8S/service-account.yaml
+++ b/JenkinsK8S/service-account.yaml
@ -0,0 +1,40 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: jenkins-admin
  namespace: devops-tools
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: jenkins
  namespace: devops-tools
  labels:
    "app.kubernetes.io/name": 'jenkins'
 rules:
 - apiGroups: [""]
  resources: ["pods"]
  verbs: ["create","delete","get","list","patch","update","watch"]
 - apiGroups: [""]
  resources: ["pods/exec"]
  verbs: ["create","delete","get","list","patch","update","watch"]
 - apiGroups: [""]
  resources: ["pods/log"]
  verbs: ["get","list","watch"]
 - apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: jenkins-role-binding
  namespace: devops-tools
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: jenkins
 subjects:
 - kind: ServiceAccount
  name: jenkins-admin
  namespace: devops-tools
--- a/JenkinsK8S/service.yaml
+++ b/JenkinsK8S/service.yaml
@ -0,0 +1,23 @@
 # Service Config
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: jenkins-service
  namespace: devops-tools
  annotations:
      prometheus.io/scrape: 'true'
      prometheus.io/path:   /
      prometheus.io/port:   '8080'
 spec:
  selector: 
    app: jenkins
  type: NodePort  
  ports:
    - name: httpport
      port: 8080
      targetPort: 8080
      nodePort: 32000
    - name: jnlpport
      port: 50000
      targetPort: 50000
--- a/JenkinsKaniko/Jenkinsfile
+++ b/JenkinsKaniko/Jenkinsfile
@ -0,0 +1,41 @@
 pipeline {

  options {
    ansiColor('xterm')
  }

  agent {
    kubernetes {
      yamlFile 'builder.yaml'
    }
  }

  stages {

    stage('Kaniko Build & Push Image') {
      steps {
        container('kaniko') {
          script {
            sh '''
            /kaniko/executor --dockerfile `pwd`/Dockerfile \
                             --context `pwd` \
                             --destination=registry.reymota.es/nginx_kaniko:${BUILD_NUMBER}
            '''
          }
        }
      }
    }

    stage('Deploy App to Kubernetes') {     
      steps {
        container('kubectl') {
          withCredentials([file(credentialsId: 'mykubeconfig', variable: 'KUBECONFIG')]) {
            sh 'sed -i "s/<TAG>/${BUILD_NUMBER}/" myweb.yaml'
            sh 'kubectl apply -f myweb.yaml'
          }
        }
      }
    }
  
  }
 }
--- a/JenkinsKaniko/builder.yaml
+++ b/JenkinsKaniko/builder.yaml
@ -0,0 +1,27 @@
 apiVersion: v1
 kind: Pod
 metadata:
  name: kaniko
  namespace: jenkins
 spec:
  containers:
  - name: kubectl
    image: joshendriks/alpine-k8s
    command:
    - /bin/cat
    tty: true    
  - name: kaniko
    image: gcr.io/kaniko-project/executor:debug
    command:
    - /busybox/cat
    tty: true
    volumeMounts:
      - name: kaniko-secret
        mountPath: /kaniko/.docker
  volumes:
    - name: kaniko-secret
      secret:
        secretName: regcred
        items:
          - key: .dockerconfigjson
            path: config.json
--- a/JenkinsKaniko/creaSecretoRegistry.sh
+++ b/JenkinsKaniko/creaSecretoRegistry.sh
@ -0,0 +1 @@
 kubectl create secret docker-registry regcred --docker-server=registry.reymota.es --docker-username=creylopez --docker-password=Rey-1176 --docker-email=creylopez@yahoo.es --namespace jenkins
--- a/JenkinsKaniko/jenkins.yaml
+++ b/JenkinsKaniko/jenkins.yaml
--- a/JenkinsKaniko/kubeconfig
+++ b/JenkinsKaniko/kubeconfig
@ -0,0 +1,35 @@
 apiVersion: v1
 kind: Config
 clusters:
  - name: default
    cluster:
      server: https://10.39.125.172:6443
      certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUzTkRVME1UazVPRFl3SGhjTk1qVXdOREl6TVRRMU16QTJXaGNOTXpVd05ESXhNVFExTXpBMgpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUzTkRVME1UazVPRFl3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFRSzVGWDh3NmwxOVh1WUNOQ2I5Ym5PMGVTcVNmdzRuQ0xFZmlXdVMvaWEKVEIxdDU4UlFmS243Mm0rOHhyTW9RQnpvUDNRSHg3N0szWUZpbDF2cUw3eHJvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVXNkakhTbzgrZUdVbUJMTytEVk96Cnl2WENuNUV3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQUp0ZXhxVkRKV0UrckdHcnR5WDJ0bTNvbEN2UnFuc3AKZ2xMTmtlWVNhVmF2QWlBOXl6ZkNyMDdlUFFGc1hnUHRvTzZ2SzlqZy83Q2NmU2hkYUJxMkwyUVVZUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
      insecure-skip-tls-verify: false
  - name: rancher-desktop
    cluster:
      server: https://10.39.125.172:6443
      certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUzTkRVME1UazVPRFl3SGhjTk1qVXdOREl6TVRRMU16QTJXaGNOTXpVd05ESXhNVFExTXpBMgpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUzTkRVME1UazVPRFl3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFRSzVGWDh3NmwxOVh1WUNOQ2I5Ym5PMGVTcVNmdzRuQ0xFZmlXdVMvaWEKVEIxdDU4UlFmS243Mm0rOHhyTW9RQnpvUDNRSHg3N0szWUZpbDF2cUw3eHJvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVXNkakhTbzgrZUdVbUJMTytEVk96Cnl2WENuNUV3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQUp0ZXhxVkRKV0UrckdHcnR5WDJ0bTNvbEN2UnFuc3AKZ2xMTmtlWVNhVmF2QWlBOXl6ZkNyMDdlUFFGc1hnUHRvTzZ2SzlqZy83Q2NmU2hkYUJxMkwyUVVZUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
      insecure-skip-tls-verify: false
 users:
  - name: default
    user:
      client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJrVENDQVRlZ0F3SUJBZ0lJVmVxTnYzNXVrbHd3Q2dZSUtvWkl6ajBFQXdJd0l6RWhNQjhHQTFVRUF3d1kKYXpOekxXTnNhV1Z1ZEMxallVQXhOelExTkRFNU9UZzJNQjRYRFRJMU1EUXlNekUwTlRNd05sb1hEVEkyTURReQpNekUwTlRNd05sb3dNREVYTUJVR0ExVUVDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGVEFUQmdOVkJBTVRESE41CmMzUmxiVHBoWkcxcGJqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJQTU55M0pyQVVqSG5DWGEKRUR0bDJJbDFrVWdEUm90VUhiVzUrR2FtSUtpNk9RbXVCWVplZkdEeXR1MmxSUlJCdEozZTVXS01nUW1KeDB6eQpBcUx6Rm9halNEQkdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFmCkJnTlZIU01FR0RBV2dCUlNtRCtYd2VmOExCZkpKc21MVUFOSG01QW5JakFLQmdncWhrak9QUVFEQWdOSUFEQkYKQWlBNjA0MlZEREZGdVV4cSthbGpZUHI3RDV6SllMYUhmWXhFM2k4eUp4VEpjUUloQU1pTndaakdWeEI4THZkRgpicVQyTkVHMXlkeHhmbXpaeTdwTmFjS0lqbWdxCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkakNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdFkyeHAKWlc1MExXTmhRREUzTkRVME1UazVPRFl3SGhjTk1qVXdOREl6TVRRMU16QTJXaGNOTXpVd05ESXhNVFExTXpBMgpXakFqTVNFd0h3WURWUVFEREJock0zTXRZMnhwWlc1MExXTmhRREUzTkRVME1UazVPRFl3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFUMFBEb2F6a0dOaUFFMXVUbUU2cTNKbWg5d2YyZDBSRklreUJacER3QlQKQjBxZ2RLSnJLcFFhazNRb28vVnluVWRNMlc0NG1TbFZqazNSTTVwbFhGeXFvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVVVwZy9sOEhuL0N3WHlTYkppMUFEClI1dVFKeUl3Q2dZSUtvWkl6ajBFQXdJRFJ3QXdSQUlnVjhLNllTcjhvZDJOem5VekkzUERlRjM3ZXVuYUN2RjQKVW5RYWpwRUNTWHdDSUFFdk1DMHpOR2lkMHpnTW8rbnRzS2tkVkloVHNKcVVURFl2VkNlbk5FcDUKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
      client-key-data: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSU9MZ3NSK1dHSVlEKzZ0Y1J1VENlU09PcEtPNnJwTmNXVENUd0JDQWhnZHlvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFOHczTGNtc0JTTWVjSmRvUU8yWFlpWFdSU0FOR2kxUWR0Ym40WnFZZ3FMbzVDYTRGaGw1OApZUEsyN2FWRkZFRzBuZDdsWW95QkNZbkhUUElDb3ZNV2hnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
  - name: rancher-desktop
    user:
      client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJrVENDQVRlZ0F3SUJBZ0lJVmVxTnYzNXVrbHd3Q2dZSUtvWkl6ajBFQXdJd0l6RWhNQjhHQTFVRUF3d1kKYXpOekxXTnNhV1Z1ZEMxallVQXhOelExTkRFNU9UZzJNQjRYRFRJMU1EUXlNekUwTlRNd05sb1hEVEkyTURReQpNekUwTlRNd05sb3dNREVYTUJVR0ExVUVDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGVEFUQmdOVkJBTVRESE41CmMzUmxiVHBoWkcxcGJqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJQTU55M0pyQVVqSG5DWGEKRUR0bDJJbDFrVWdEUm90VUhiVzUrR2FtSUtpNk9RbXVCWVplZkdEeXR1MmxSUlJCdEozZTVXS01nUW1KeDB6eQpBcUx6Rm9halNEQkdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFmCkJnTlZIU01FR0RBV2dCUlNtRCtYd2VmOExCZkpKc21MVUFOSG01QW5JakFLQmdncWhrak9QUVFEQWdOSUFEQkYKQWlBNjA0MlZEREZGdVV4cSthbGpZUHI3RDV6SllMYUhmWXhFM2k4eUp4VEpjUUloQU1pTndaakdWeEI4THZkRgpicVQyTkVHMXlkeHhmbXpaeTdwTmFjS0lqbWdxCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkakNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdFkyeHAKWlc1MExXTmhRREUzTkRVME1UazVPRFl3SGhjTk1qVXdOREl6TVRRMU16QTJXaGNOTXpVd05ESXhNVFExTXpBMgpXakFqTVNFd0h3WURWUVFEREJock0zTXRZMnhwWlc1MExXTmhRREUzTkRVME1UazVPRFl3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFUMFBEb2F6a0dOaUFFMXVUbUU2cTNKbWg5d2YyZDBSRklreUJacER3QlQKQjBxZ2RLSnJLcFFhazNRb28vVnluVWRNMlc0NG1TbFZqazNSTTVwbFhGeXFvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVVVwZy9sOEhuL0N3WHlTYkppMUFEClI1dVFKeUl3Q2dZSUtvWkl6ajBFQXdJRFJ3QXdSQUlnVjhLNllTcjhvZDJOem5VekkzUERlRjM3ZXVuYUN2RjQKVW5RYWpwRUNTWHdDSUFFdk1DMHpOR2lkMHpnTW8rbnRzS2tkVkloVHNKcVVURFl2VkNlbk5FcDUKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
      client-key-data: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSU9MZ3NSK1dHSVlEKzZ0Y1J1VENlU09PcEtPNnJwTmNXVENUd0JDQWhnZHlvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFOHczTGNtc0JTTWVjSmRvUU8yWFlpWFdSU0FOR2kxUWR0Ym40WnFZZ3FMbzVDYTRGaGw1OApZUEsyN2FWRkZFRzBuZDdsWW95QkNZbkhUUElDb3ZNV2hnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
 contexts:
  - name: default
    context:
      cluster: default
      name: default
      user: default
  - name: rancher-desktop
    context:
      cluster: rancher-desktop
      name: rancher-desktop
      user: rancher-desktop
 preferences: {}
 current-context: default
--- a/JenkinsKaniko/pvc-jenkins.yaml
+++ b/JenkinsKaniko/pvc-jenkins.yaml
@ -0,0 +1,13 @@
 # Persistent Volume Claim
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: jenkins-pv-claim
  namespace: jenkins
 spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 50Gi
  storageClassName: local-path