使用的是rancher的版本是2.3.5,函数定义deployment相关的配置,所以无法更新jenkins的配置,及时更新了也会回滚。
同样代码中同时定义了Registry和minio的deployment。
/rancher-2.3.5/pkg/controllers/user/pipeline/controller/pipelineexecution/deploy.go
// jenkins
func GetJenkinsDeployment(ns string) *appsv1.Deployment {
replicas := int32(1)
return &appsv1.Deployment{
ObjectMeta: metav1.ObjectMeta{
Namespace: ns,
Name: utils.JenkinsName,
},
Spec: appsv1.DeploymentSpec{
Replicas: &replicas,
Selector: &metav1.LabelSelector{
MatchLabels: map[string]string{utils.LabelKeyApp: utils.JenkinsName},
},
Template: corev1.PodTemplateSpec{
ObjectMeta: metav1.ObjectMeta{
Labels: map[string]string{
utils.LabelKeyApp: utils.JenkinsName,
utils.LabelKeyJenkins: utils.JenkinsMaster,
},
Name: utils.JenkinsName,
},
Spec: corev1.PodSpec{
ServiceAccountName: utils.JenkinsName,
Containers: []corev1.Container{
{
Name: utils.JenkinsName,
Image: images.Resolve(mv3.ToolsSystemImages.PipelineSystemImages.Jenkins),
Env: []corev1.EnvVar{
{
Name: "ADMIN_PASSWORD",
ValueFrom: &corev1.EnvVarSource{
SecretKeyRef: &corev1.SecretKeySelector{
LocalObjectReference: corev1.LocalObjectReference{
Name: utils.PipelineSecretName,
},
Key: utils.PipelineSecretTokenKey,
}},
}, {
Name: "ADMIN_USER",
ValueFrom: &corev1.EnvVarSource{
SecretKeyRef: &corev1.SecretKeySelector{
LocalObjectReference: corev1.LocalObjectReference{
Name: utils.PipelineSecretName,
},
Key: utils.PipelineSecretUserKey,
}},
}, {
Name: "JAVA_OPTS",
Value: "-Xmx300m -Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85 -Dhudson.model.LoadStatistics.clock=2000 -Dhudson.slaves.NodeProvisioner.recurrencePeriod=2000 -Dhudson.model.UpdateCenter.never=true",
}, {
Name: "NAMESPACE",
Value: ns,
}, {
Name: "JENKINS_POD_IP",
ValueFrom: &corev1.EnvVarSource{
FieldRef: &corev1.ObjectFieldSelector{
FieldPath: "status.podIP",
},
},
},
},
Ports: []corev1.ContainerPort{
{
Name: "http",
ContainerPort: utils.JenkinsPort,
},
{
Name: "agent",
ContainerPort: utils.JenkinsJNLPPort,
},
},
ReadinessProbe: &corev1.Probe{
Handler: corev1.Handler{
HTTPGet: &corev1.HTTPGetAction{
Path: "/login",
Port: intstr.FromInt(utils.JenkinsPort),
},
},
},
Resources: corev1.ResourceRequirements{
Limits: corev1.ResourceList{
corev1.ResourceCPU: *resource.NewQuantity(1, resource.DecimalSI),
corev1.ResourceMemory: *resource.NewQuantity(1024E6, resource.BinarySI),
},
Requests: corev1.ResourceList{
corev1.ResourceCPU: *resource.NewMilliQuantity(500, resource.DecimalSI),
corev1.ResourceMemory: *resource.NewQuantity(300E6, resource.BinarySI),
},
},
},
},
},
},
},
}
}
// registry
func GetRegistryDeployment(ns string) *appsv1.Deployment {
replicas := int32(1)
return &appsv1.Deployment{
ObjectMeta: metav1.ObjectMeta{
Namespace: ns,
Name: utils.RegistryName,
},
Spec: appsv1.DeploymentSpec{
Replicas: &replicas,
Selector: &metav1.LabelSelector{
MatchLabels: map[string]string{utils.LabelKeyApp: utils.RegistryName},
},
Template: corev1.PodTemplateSpec{
ObjectMeta: metav1.ObjectMeta{
Labels: map[string]string{utils.LabelKeyApp: utils.RegistryName},
Name: utils.RegistryName,
},
Spec: corev1.PodSpec{
Containers: []corev1.Container{
{
Name: utils.RegistryName,
Image: images.Resolve(mv3.ToolsSystemImages.PipelineSystemImages.Registry),
ImagePullPolicy: corev1.PullAlways,
Ports: []corev1.ContainerPort{
{
Name: utils.RegistryName,
ContainerPort: utils.RegistryPort,
},
},
Env: []corev1.EnvVar{
{
Name: "REGISTRY_HTTP_ADDR",
Value: "0.0.0.0:443",
},
{
Name: "REGISTRY_HTTP_TLS_CERTIFICATE",
Value: utils.RegistryCrtPath + utils.RegistryCrt,
},
{
Name: "REGISTRY_HTTP_TLS_KEY",
Value: utils.RegistryCrtPath + utils.RegistryKey,
},
{
Name: "REGISTRY_AUTH",
Value: "htpasswd",
},
{
Name: "REGISTRY_AUTH_HTPASSWD_REALM",
Value: "Registry Realm",
},
{
Name: "REGISTRY_AUTH_HTPASSWD_PATH",
Value: utils.RegistryAuthPath + utils.PipelineSecretRegistryTokenKey,
},
},
Resources: corev1.ResourceRequirements{
Limits: corev1.ResourceList{
corev1.ResourceCPU: *resource.NewMilliQuantity(200, resource.DecimalSI),
corev1.ResourceMemory: *resource.NewQuantity(200E6, resource.BinarySI),
},
Requests: corev1.ResourceList{
corev1.ResourceCPU: *resource.NewMilliQuantity(100, resource.DecimalSI),
corev1.ResourceMemory: *resource.NewQuantity(100E6, resource.BinarySI),
},
},
VolumeMounts: []corev1.VolumeMount{
{
Name: utils.RegistryCrtVolumeName,
MountPath: utils.RegistryCrtPath,
ReadOnly: true,
},
{
Name: utils.RegistryAuthVolumeName,
MountPath: utils.RegistryAuthPath,
ReadOnly: true,
},
},
},
},
Volumes: []corev1.Volume{
{
Name: utils.RegistryCrtVolumeName,
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: utils.RegistryCrtSecretName,
},
},
},
{
Name: utils.RegistryAuthVolumeName,
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: utils.PipelineSecretName,
Items: []corev1.KeyToPath{
{
Key: utils.PipelineSecretRegistryTokenKey,
Path: utils.PipelineSecretRegistryTokenKey,
},
},
},
},
},
},
},
},
},
}
}
// minio
func GetMinioDeployment(ns string) *appsv1.Deployment {
replicas := int32(1)
return &appsv1.Deployment{
ObjectMeta: metav1.ObjectMeta{
Namespace: ns,
Name: utils.MinioName,
},
Spec: appsv1.DeploymentSpec{
Replicas: &replicas,
Selector: &metav1.LabelSelector{
MatchLabels: map[string]string{utils.LabelKeyApp: utils.MinioName},
},
Template: corev1.PodTemplateSpec{
ObjectMeta: metav1.ObjectMeta{
Labels: map[string]string{utils.LabelKeyApp: utils.MinioName},
Name: utils.MinioName,
},
Spec: corev1.PodSpec{
Containers: []corev1.Container{
{
Name: utils.MinioName,
Image: images.Resolve(mv3.ToolsSystemImages.PipelineSystemImages.Minio),
ImagePullPolicy: corev1.PullAlways,
Args: []string{"server", "/data"},
Env: []corev1.EnvVar{
{
Name: "MINIO_SECRET_KEY",
ValueFrom: &corev1.EnvVarSource{
SecretKeyRef: &corev1.SecretKeySelector{
LocalObjectReference: corev1.LocalObjectReference{
Name: utils.PipelineSecretName,
},
Key: utils.PipelineSecretTokenKey,
}},
}, {
Name: "MINIO_ACCESS_KEY",
ValueFrom: &corev1.EnvVarSource{
SecretKeyRef: &corev1.SecretKeySelector{
LocalObjectReference: corev1.LocalObjectReference{
Name: utils.PipelineSecretName,
},
Key: utils.PipelineSecretUserKey,
}},
},
},
Ports: []corev1.ContainerPort{
{
Name: utils.MinioName,
ContainerPort: utils.MinioPort,
},
},
Resources: corev1.ResourceRequirements{
Limits: corev1.ResourceList{
corev1.ResourceCPU: *resource.NewMilliQuantity(200, resource.DecimalSI),
corev1.ResourceMemory: *resource.NewQuantity(200E6, resource.BinarySI),
},
Requests: corev1.ResourceList{
corev1.ResourceCPU: *resource.NewMilliQuantity(100, resource.DecimalSI),
corev1.ResourceMemory: *resource.NewQuantity(100E6, resource.BinarySI),
},
},
},
},
},
},
},
}
}
