k8s

k8s/environments/jenkins/ingress.yaml

@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: jenkins-ingress
+  labels:
+    env: production
+    tier: cicd
+    app: jenkins
+    name: jenkins-ingress
+spec:
+  rules:
+    - host: <젠킨스 도메인> # TODO
+      http:
+        paths:
+          - path: /
+            backend:
+              serviceName: jenkins
+              servicePort: 8080

k8s/environments/jenkins/pvc.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: jenkins-pvc
+  labels:
+    env: production
+    tier: cicd
+    app: jenkins
+    name: jenkins-pvc
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 5Gi
+  storageClassName: nfs

k8s/environments/jenkins/sa.yaml

@@ -0,0 +1,55 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: jenkins
+  labels:
+    env: production
+    tier: cicd
+    app: jenkins
+    name: jenkins-sa
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: jenkins
+  labels:
+    env: production
+    tier: cicd
+    app: jenkins
+    name: jenkins-r
+rules:
+- apiGroups: ["extensions","apps"]
+  resources: ["deployments"]
+  verbs: ["get","list","watch","create","update","patch","delete"]
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["create","delete","get","list","patch","update","watch"]
+- apiGroups: [""]
+  resources: ["pods/exec"]
+  verbs: ["create","delete","get","list","patch","update","watch"]
+- apiGroups: [""]
+  resources: ["pods/log"]
+  verbs: ["get","list","watch"]
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get"]
+- apiGroups: [""]
+  resources: ["events"]
+  verbs: ["get", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: jenkins
+  labels:
+    env: production
+    tier: cicd
+    app: jenkins
+    name: jenkins-rb
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: jenkins
+subjects:
+- kind: ServiceAccount
+  name: jenkins

k8s/environments/jenkins/service.yaml

@@ -0,0 +1,37 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: jenkins
+  labels:
+    env: production
+    tier: cicd
+    app: jenkins
+    name: jenkins-service
+spec:
+  ports:
+    - port: 8080
+      targetPort: 8080
+  selector:
+    env: production
+    tier: cicd
+    app: jenkins
+    name: jenkins-pod
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: jenkins-jnlp
+  labels:
+    env: production
+    tier: cicd
+    app: jenkins
+    name: jenkins-jnlp-service
+spec:
+  ports:
+    - port: 50000
+      targetPort: 50000
+  selector:
+    env: production
+    tier: cicd
+    app: jenkins
+    name: jenkins-pod

k8s/environments/jenkins/statefulset.yaml

@@ -0,0 +1,43 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: jenkins-statefulset
+  labels:
+    env: production
+    tier: cicd
+    app: jenkins
+    name: jenkins-statefulset
+spec:
+  serviceName: jenkins
+  replicas: 1
+  selector:
+    matchLabels:
+      env: production
+      tier: cicd
+      app: jenkins
+      name: jenkins-pod
+  template:
+    metadata:
+      labels:
+        env: production
+        tier: cicd
+        app: jenkins
+        name: jenkins-pod
+    spec:
+      serviceAccountName: jenkins
+      containers:
+        - name: jenkins
+          image: jenkins/jenkins:lts
+          imagePullPolicy: Always
+          ports:
+            - name: http-port
+              containerPort: 8080
+            - name: jnlp-port
+              containerPort: 50000
+          volumeMounts:
+            - name: jenkins-volume
+              mountPath: /var/jenkins_home
+      volumes:
+        - name: jenkins-volume
+          persistentVolumeClaim:
+            claimName: jenkins-pvc