From 616e1bc723535d20228b361c81319bb83f2eb692 Mon Sep 17 00:00:00 2001 From: Rich Braun Date: Tue, 20 Jan 2026 14:28:44 -0800 Subject: [PATCH 1/7] SYS-671 version bumps - authelia, gitea, spamassassin, splunk, vaultwarden --- images/spamassassin/Dockerfile | 4 ++-- images/spamassassin/helm/Chart.yaml | 4 ++-- k8s/helm/authelia/Chart.yaml | 4 ++-- k8s/helm/gitea/Chart.yaml | 4 ++-- k8s/helm/splunk/Chart.yaml | 4 ++-- k8s/helm/vaultwarden/Chart.yaml | 2 +- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/images/spamassassin/Dockerfile b/images/spamassassin/Dockerfile index 2558fcfe..bb6935a1 100644 --- a/images/spamassassin/Dockerfile +++ b/images/spamassassin/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bookworm-slim +FROM debian:trixie-slim ARG BUILD_DATE ARG VCS_REF LABEL org.opencontainers.image.authors="Rich Braun docker@instantlinux.net" \ @@ -16,7 +16,7 @@ ENV DEBIAN_FRONTEND=noninteractive \ PYZOR_SITE=public.pyzor.org:24441 ARG DCC_VERSION=2.3.169 -ARG SPAMD_VERSION=4.0.1-1~deb12u1 +ARG SPAMD_VERSION=4.0.1-5 ARG DCC_SHA=3447e655476ac742942daf25fc217236da456dd0f82b7117661b9a70484b7bf6 ARG SPAMD_UID=2022 diff --git a/images/spamassassin/helm/Chart.yaml b/images/spamassassin/helm/Chart.yaml index 2f3e9160..d208e5b7 100644 --- a/images/spamassassin/helm/Chart.yaml +++ b/images/spamassassin/helm/Chart.yaml @@ -6,8 +6,8 @@ sources: - https://github.com/instantlinux/docker-tools - https://svn.apache.org/viewvc/spamassassin type: application -version: 0.1.3 -appVersion: "4.0.1-1" +version: 0.1.4 +appVersion: "4.0.1-5" dependencies: - name: chartlib version: 0.1.8 diff --git a/k8s/helm/authelia/Chart.yaml b/k8s/helm/authelia/Chart.yaml index 5240c707..c9a381b5 100644 --- a/k8s/helm/authelia/Chart.yaml +++ b/k8s/helm/authelia/Chart.yaml @@ -6,8 +6,8 @@ sources: - https://github.com/instantlinux/docker-tools - https://github.com/authelia/authelia type: application -version: 0.1.9 -appVersion: "4.39.4" +version: 0.1.10 +appVersion: "4.39.15" dependencies: - name: chartlib version: 0.1.8 diff --git a/k8s/helm/gitea/Chart.yaml b/k8s/helm/gitea/Chart.yaml index 6cbeb03e..c6399481 100644 --- a/k8s/helm/gitea/Chart.yaml +++ b/k8s/helm/gitea/Chart.yaml @@ -6,8 +6,8 @@ sources: - https://github.com/instantlinux/docker-tools - https://github.com/go-gitea/gitea type: application -version: 0.1.7 -appVersion: 1.25.2-rootless +version: 0.1.8 +appVersion: 1.25.3-rootless dependencies: - name: chartlib version: 0.1.8 diff --git a/k8s/helm/splunk/Chart.yaml b/k8s/helm/splunk/Chart.yaml index fa71dc61..1aec0c91 100644 --- a/k8s/helm/splunk/Chart.yaml +++ b/k8s/helm/splunk/Chart.yaml @@ -15,8 +15,8 @@ sources: - https://github.com/instantlinux/docker-tools - https://hub.docker.com/r/splunk/splunk type: application -version: 0.1.15 -appVersion: "9.4.7" +version: 0.1.16 +appVersion: "10.0.2" dependencies: - name: chartlib version: 0.1.8 diff --git a/k8s/helm/vaultwarden/Chart.yaml b/k8s/helm/vaultwarden/Chart.yaml index 22c23009..76908f80 100644 --- a/k8s/helm/vaultwarden/Chart.yaml +++ b/k8s/helm/vaultwarden/Chart.yaml @@ -6,7 +6,7 @@ sources: - https://github.com/instantlinux/docker-tools type: application version: 0.1.9 -appVersion: "1.34.3-alpine" +appVersion: "1.35.2-alpine" dependencies: - name: chartlib version: 0.1.8 From b62e1eb0ef101d5301cfb6bda2209b9f622753c5 Mon Sep 17 00:00:00 2001 From: Rich Braun Date: Tue, 20 Jan 2026 14:35:17 -0800 Subject: [PATCH 2/7] SYS-671 wip --- images/spamassassin/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/images/spamassassin/Dockerfile b/images/spamassassin/Dockerfile index bb6935a1..e4fd5949 100644 --- a/images/spamassassin/Dockerfile +++ b/images/spamassassin/Dockerfile @@ -48,4 +48,5 @@ RUN apt-get -yq update && apt-get -y upgrade && \ COPY entrypoint.sh /root/ VOLUME ["/var/lib/spamassassin", "/var/log"] EXPOSE 783 + ENTRYPOINT ["/root/entrypoint.sh"] From 7cdf863a990490c89d61e6690a3fda9a63f3450e Mon Sep 17 00:00:00 2001 From: Rich Braun Date: Tue, 20 Jan 2026 17:07:10 -0800 Subject: [PATCH 3/7] SYS-671 wip --- .image-gitlab-ci.yml | 7 ++++--- images/blacklist/Dockerfile | 8 ++++---- images/spamassassin/Dockerfile | 1 + k8s/Makefile.versions | 11 ++++++----- k8s/helm/etcd/Chart.yaml | 4 ++-- k8s/helm/nextcloud/Chart.yaml | 4 ++-- 6 files changed, 19 insertions(+), 16 deletions(-) diff --git a/.image-gitlab-ci.yml b/.image-gitlab-ci.yml index 66b3efd9..adf818b1 100644 --- a/.image-gitlab-ci.yml +++ b/.image-gitlab-ci.yml @@ -50,11 +50,12 @@ security_scan_trivy: TRIVY_FORMAT: json TRIVY_IGNORE: >- CVE-2023-31484,CVE-2023-45853, - CVE-2023-52425,CVE-2024-8176 + CVE-2023-52425,CVE-2024-8176, # These are for blacklist image, there's a won't-fix note for zlib1g # CVE-2023-31484,CVE-2023-45853 - # These are for spamassassin under debian bookworm - # CVE-2023-52425,CVE-2024-8176 + # These are for spamassassin under debian trixie + CVE-2026-0861, CVE-2025-8194, CVE-2025-13699, + CVE-2025-13836, CVE-2025-40914 TRIVY_OUTPUT: gl-container-scanning-report.json TRIVY_SEVERITY: HIGH,CRITICAL TRIVY_PKG_TYPES: os,library diff --git a/images/blacklist/Dockerfile b/images/blacklist/Dockerfile index 40b69369..9e7bd9ab 100644 --- a/images/blacklist/Dockerfile +++ b/images/blacklist/Dockerfile @@ -1,8 +1,8 @@ -FROM debian:bookworm-slim -MAINTAINER Rich Braun +FROM debian:trixie-slim ARG BUILD_DATE ARG VCS_REF -LABEL org.label-schema.build-date=$BUILD_DATE \ +LABEL org.opencontainers.image.authors="Rich Braun docker@instantlinux.net" \ + org.label-schema.build-date=$BUILD_DATE \ org.label-schema.license=Apache-2.0 \ org.label-schema.name=blacklist \ org.label-schema.vcs-ref=$VCS_REF \ @@ -17,7 +17,7 @@ ENV DEBIAN_FRONTEND=noninteractive \ DB_NAME=blacklist \ DB_HOST=dbhost -ARG RBLDNSD_VERSION=1.0~20210120-2 +ARG RBLDNSD_VERSION=1.0~20210120-3 COPY src/ /root/ RUN apt-get -yq update && apt-get -y upgrade && \ diff --git a/images/spamassassin/Dockerfile b/images/spamassassin/Dockerfile index e4fd5949..dbd8189c 100644 --- a/images/spamassassin/Dockerfile +++ b/images/spamassassin/Dockerfile @@ -16,6 +16,7 @@ ENV DEBIAN_FRONTEND=noninteractive \ PYZOR_SITE=public.pyzor.org:24441 ARG DCC_VERSION=2.3.169 +#ARG SPAMD_VERSION=4.0.1-5 ARG SPAMD_VERSION=4.0.1-5 ARG DCC_SHA=3447e655476ac742942daf25fc217236da456dd0f82b7117661b9a70484b7bf6 ARG SPAMD_UID=2022 diff --git a/k8s/Makefile.versions b/k8s/Makefile.versions index 274e22a7..488026bd 100644 --- a/k8s/Makefile.versions +++ b/k8s/Makefile.versions @@ -1,16 +1,17 @@ # Third-party versions - dockerhub export VERSION_DASHBOARD ?= 7.10.0 -export VERSION_LOGSPOUT ?= v3.2.14 export VERSION_NGINX ?= 1.29.3-alpine +# deprecated +export VERSION_LOGSPOUT ?= v3.2.14 # Third-party versions - other (quay.io, k8s.gcr.io, crunchydata.com) -export VERSION_CERT_MANAGER ?= 1.16.5 +export VERSION_CERT_MANAGER ?= 1.19.2 export VERSION_DEFAULTBACKEND ?= 1.5 -export VERSION_FLANNEL ?= 0.26.1 +export VERSION_FLANNEL ?= 0.28.0 export VERSION_HELM ?= 3.19.2 -export VERSION_INGRESS_NGINX ?= 1.13.1 +export VERSION_INGRESS_NGINX ?= 1.14.1 export VERSION_METRICS ?= 2.17.0 -export VERSION_NODE_LOCAL_DNS ?= 1.34.1 +export VERSION_NODE_LOCAL_DNS ?= 1.34.3 # Held back versions - more effort to upgrade export VERSION_CALICO ?= 3.16.5 diff --git a/k8s/helm/etcd/Chart.yaml b/k8s/helm/etcd/Chart.yaml index dce9f6fc..e89ed917 100644 --- a/k8s/helm/etcd/Chart.yaml +++ b/k8s/helm/etcd/Chart.yaml @@ -6,8 +6,8 @@ sources: - https://github.com/instantlinux/docker-tools - https://github.com/etcd-io/etcd type: application -version: 0.1.6 -appVersion: "v3.5.21" +version: 0.1.7 +appVersion: "v3.5.26" dependencies: - name: chartlib version: 0.1.8 diff --git a/k8s/helm/nextcloud/Chart.yaml b/k8s/helm/nextcloud/Chart.yaml index 00de975e..8835c717 100644 --- a/k8s/helm/nextcloud/Chart.yaml +++ b/k8s/helm/nextcloud/Chart.yaml @@ -5,9 +5,9 @@ home: https://github.com/instantlinux/docker-tools sources: - https://github.com/instantlinux/docker-tools type: application -version: 0.1.5 +version: 0.1.6 # Upon changes: override versionPrev (values.yaml) to the old value. -appVersion: "31.0.2" +appVersion: "32.0.5" dependencies: - name: chartlib version: 0.1.8 From 0340b314515b09993818c110e163eeb9f8714856 Mon Sep 17 00:00:00 2001 From: Rich Braun Date: Tue, 20 Jan 2026 18:29:14 -0800 Subject: [PATCH 4/7] SYS-671 wip --- .gitlab-ci.yml | 20 -------------------- .image-gitlab-ci.yml | 12 ++++++------ README.md | 8 +++++--- images/mariadb-galera/Dockerfile | 5 +++-- lib/build/Makefile.docker_image | 3 +++ 5 files changed, 17 insertions(+), 31 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 52a63772..1d496e81 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -12,7 +12,6 @@ stages: - git-pull - haproxy-keepalived - mariadb-galera - - mt-daapd - mysqldump - mythtv-backend - nagios @@ -29,7 +28,6 @@ stages: - udp-nginx-proxy - vsftpd - weewx - - wxcam-upload workflow: rules: - { if: $CI_COMMIT_TAG =~ /^chart-.*/, when: never } @@ -147,15 +145,6 @@ mariadb-galera: only: changes: [ images/mariadb-galera/**, lib/**, .image-gitlab-ci.yml ] -mt-daapd: - stage: mt-daapd - trigger: - include: - - artifact: .child-mt-daapd.yml - job: prepare - only: - changes: [ images/mt-daapd/**, lib/**, .image-gitlab-ci.yml ] - mysqldump: stage: mysqldump trigger: @@ -299,12 +288,3 @@ weewx: job: prepare only: changes: [ images/weewx/**, lib/**, .image-gitlab-ci.yml ] - -wxcam-upload: - stage: wxcam-upload - trigger: - include: - - artifact: .child-wxcam-upload.yml - job: prepare - only: - changes: [ images/wxcam-upload/**, lib/**, .image-gitlab-ci.yml ] diff --git a/.image-gitlab-ci.yml b/.image-gitlab-ci.yml index adf818b1..fba11413 100644 --- a/.image-gitlab-ci.yml +++ b/.image-gitlab-ci.yml @@ -4,7 +4,7 @@ variables: IMAGE: {{ IMAGE }} PLATFORMS: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 REGISTRY: $REGISTRY_URI/$CI_PROJECT_PATH - TRIVY_VERSION: 0.67.2 + TRIVY_VERSION: 0.68.2 stages: - Static Code Analysis @@ -13,7 +13,7 @@ stages: - Security Scan - Promote Image -image: docker:29.1.2 +image: docker:29.1.5 .registry_template: ®istry_login before_script: @@ -51,11 +51,11 @@ security_scan_trivy: TRIVY_IGNORE: >- CVE-2023-31484,CVE-2023-45853, CVE-2023-52425,CVE-2024-8176, - # These are for blacklist image, there's a won't-fix note for zlib1g + CVE-2026-0861,CVE-2025-8194,CVE-2025-13699, + CVE-2025-13836,CVE-2025-40914 + # Above two rows are for spamassassin under debian trixie + # Below were for blacklist image, there's a won't-fix note for zlib1g # CVE-2023-31484,CVE-2023-45853 - # These are for spamassassin under debian trixie - CVE-2026-0861, CVE-2025-8194, CVE-2025-13699, - CVE-2025-13836, CVE-2025-40914 TRIVY_OUTPUT: gl-container-scanning-report.json TRIVY_SEVERITY: HIGH,CRITICAL TRIVY_PKG_TYPES: os,library diff --git a/README.md b/README.md index 88b9f1eb..51723552 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,6 @@ The cluster-deployment tools here include helm charts and ansible playbooks to s * Minio object storage with prometheus metrics * Pod security policies * Automatic certificate issuing/renewal with Letsencrypt -* PostgreSQL-operator from CrunchyData * Grafana with prometheus-based alerting ### Resource definitions @@ -66,7 +65,6 @@ The cluster-deployment tools here include helm charts and ansible playbooks to s | authelia | ** | single-signon multi-factor auth | | cloud | ** | nextcloud, private sync like Apple iCloud | | data-sync | [![](https://img.shields.io/docker/v/instantlinux/data-sync?sort=date)](https://hub.docker.com/r/instantlinux/data-sync "Version badge") | poor-man's SAN for persistent storage | -| duplicati | [![](https://img.shields.io/docker/v/instantlinux/duplicati?sort=date)](https://hub.docker.com/r/instantlinux/duplicati "Version badge") | backups | | ez-ipupdate | [![](https://img.shields.io/docker/v/instantlinux/ez-ipupdate?sort=date)](https://hub.docker.com/r/instantlinux/ez-ipupdate "Version badge") | Dynamic DNS client | | haproxy-keepalived | [![](https://img.shields.io/docker/v/instantlinux/haproxy-keepalived?sort=date)](https://hub.docker.com/r/instantlinux/haproxy-keepalived "Version badge") | load balancer | | grafana | ** | monitoring dashboard with prometheus-based alerting | @@ -84,6 +82,7 @@ The cluster-deployment tools here include helm charts and ansible playbooks to s | samba-dc | [![](https://img.shields.io/docker/v/instantlinux/samba-dc?sort=date)](https://hub.docker.com/r/instantlinux/samba-dc "Version badge") | Active-Directory compatible domain controller | | [secondshot](https://github.com/instantlinux/secondshot) | [![](https://img.shields.io/docker/v/instantlinux/secondshot?sort=date)](https://hub.docker.com/r/instantlinux/secondshot "Version badge") | rsnapshot-based backups | | splunk | ** | the free version | +| vaultwarden | ** | BitWarden-compatible self-hosted backend | **Email** @@ -94,6 +93,7 @@ The cluster-deployment tools here include helm charts and ansible playbooks to s | postfix | [![](https://img.shields.io/docker/v/instantlinux/postfix?sort=date)](https://hub.docker.com/r/instantlinux/postfix "Version badge") | compact general-purpose image in 11MB | | postfix-python | [![](https://img.shields.io/docker/v/instantlinux/postfix-python?sort=date)](https://hub.docker.com/r/instantlinux/postfix-python "Version badge") | postfix with spam-control scripts | | rainloop | ** | webmail imapd-client server | +| snappymail | ** | webmail, forked from rainloop imapd-client server | | spamassassin | [![](https://img.shields.io/docker/v/instantlinux/spamassassin?sort=date)](https://hub.docker.com/r/instantlinux/spamassassin "Version badge") | spam control daemon | **Entertainment** @@ -103,8 +103,8 @@ The cluster-deployment tools here include helm charts and ansible playbooks to s | davite | [![](https://img.shields.io/docker/v/instantlinux/davite?sort=date)](https://hub.docker.com/r/instantlinux/davite "Version badge") | party-invites manager like eVite | | mt-daapd | [![](https://img.shields.io/docker/v/instantlinux/mt-daapd?sort=date)](https://hub.docker.com/r/instantlinux/mt-daapd "Version badge") | iTunes server | | mythtv-backend | [![](https://img.shields.io/docker/v/instantlinux/mythtv-backend?sort=date)](https://hub.docker.com/r/instantlinux/mythtv-backend "Version badge") | MythTV backend | +| owntone | ** | iTunes server (formerly forked-daapd) | | weewx | [![](https://img.shields.io/docker/v/instantlinux/weewx?sort=date)](https://hub.docker.com/r/instantlinux/weewx "Version badge") | Weather station software (Davis VantagePro2 etc.) | -| wxcam-upload | [![](https://img.shields.io/docker/v/instantlinux/wxcam-upload?sort=date)](https://hub.docker.com/r/instantlinux/wxcam-upload "Version badge") | Upload webcam images to Weather Underground | ### Credits @@ -120,5 +120,7 @@ Thank you to the following contributors! * [Daniel Muller](https://github.com/DanielMuller) * [Brian Hechinger](https://github.com/bhechinger) * [David Powers](https://github.com/dapowers87) +* [Alberto Galera](https://github.com/agalera) +* [Andrew Eacott](https://github.com/andreweacott) Contents created 2017-25 under [Apache 2.0 License](https://www.apache.org/licenses/LICENSE-2.0) by Rich Braun. diff --git a/images/mariadb-galera/Dockerfile b/images/mariadb-galera/Dockerfile index 255bd918..c5e0bc03 100644 --- a/images/mariadb-galera/Dockerfile +++ b/images/mariadb-galera/Dockerfile @@ -1,4 +1,4 @@ -FROM mariadb:12.0.2 +FROM mariadb:12.1.2 ARG BUILD_DATE ARG VCS_REF LABEL org.opencontainers.image.authors="Rich Braun docker@instantlinux.net" \ @@ -21,7 +21,8 @@ ARG GID=212 COPY requirements/ /root/ RUN groupmod -g $GID mysql && \ usermod -u $UID -s /bin/false -c "MariaDB" -d /none mysql && \ - apt -yq update && apt -yq install --no-install-recommends \ + apt -yq update && apt -yq upgrade && \ + apt -yq install --no-install-recommends \ curl iputils-ping jq net-tools netcat-openbsd procps \ python3 python3-pip python3-etcd3 && \ apt-get clean && rm -fr /var/log/* /var/lib/mysql/* \ diff --git a/lib/build/Makefile.docker_image b/lib/build/Makefile.docker_image index eaf5ea40..bebfc9cb 100644 --- a/lib/build/Makefile.docker_image +++ b/lib/build/Makefile.docker_image @@ -16,6 +16,9 @@ ifneq ($(CI_COMMIT_TAG),) endif # Exceptions +ifeq ($(IMAGE),blacklist) + PLATFORMS = linux/amd64,linux/aarch64,linux/arm/v7 +endif ifeq ($(IMAGE),data-sync) PLATFORMS = linux/amd64,linux/aarch64 endif From b219f9d0473dea395dd7addbf580b0131a5b16e3 Mon Sep 17 00:00:00 2001 From: Rich Braun Date: Wed, 21 Jan 2026 00:05:51 -0800 Subject: [PATCH 5/7] SYS-671 wip --- lib/build/Makefile.docker_image | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/build/Makefile.docker_image b/lib/build/Makefile.docker_image index bebfc9cb..61604a34 100644 --- a/lib/build/Makefile.docker_image +++ b/lib/build/Makefile.docker_image @@ -17,7 +17,7 @@ endif # Exceptions ifeq ($(IMAGE),blacklist) - PLATFORMS = linux/amd64,linux/aarch64,linux/arm/v7 + PLATFORMS = linux/amd64 endif ifeq ($(IMAGE),data-sync) PLATFORMS = linux/amd64,linux/aarch64 From 0c7da827f846b5e211a00f50793bccba46ee15a1 Mon Sep 17 00:00:00 2001 From: Rich Braun Date: Wed, 21 Jan 2026 00:07:25 -0800 Subject: [PATCH 6/7] SYS-671 wip --- images/blacklist/Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/images/blacklist/Dockerfile b/images/blacklist/Dockerfile index 9e7bd9ab..a76446af 100644 --- a/images/blacklist/Dockerfile +++ b/images/blacklist/Dockerfile @@ -16,7 +16,6 @@ ENV DEBIAN_FRONTEND=noninteractive \ DB_USER=blacklister \ DB_NAME=blacklist \ DB_HOST=dbhost - ARG RBLDNSD_VERSION=1.0~20210120-3 COPY src/ /root/ From 1ac461e43950a36d60a1cafc90c979cf47e9e969 Mon Sep 17 00:00:00 2001 From: Rich Braun Date: Wed, 21 Jan 2026 08:17:41 -0800 Subject: [PATCH 7/7] SYS-671 wip --- README.md | 3 + images/blacklist/Jenkinsfile | 61 --- images/blacklist/kubernetes.yaml | 65 --- images/data-sync/Jenkinsfile | 61 --- images/data-sync/kubernetes.yaml | 270 ----------- images/davite/Jenkinsfile | 61 --- images/davite/kubernetes.yaml | 72 --- images/ddclient/Jenkinsfile | 61 --- images/ddclient/kubernetes.yaml | 32 -- images/dhcpd-dns-pxe/Jenkinsfile | 61 --- images/dovecot/Jenkinsfile | 61 --- images/dovecot/kubernetes.yaml | 429 ------------------ images/ez-ipupdate/Jenkinsfile | 61 --- images/ez-ipupdate/kubernetes.yaml | 33 -- images/git-dump/Jenkinsfile | 61 --- images/git-dump/kubernetes.yaml | 53 --- images/git-pull/Jenkinsfile | 61 --- images/git-pull/kubernetes.yaml | 50 -- images/haproxy-keepalived/Jenkinsfile | 61 --- images/haproxy-keepalived/kubernetes.yaml | 89 ---- images/il-v1/Jenkinsfile | 61 --- images/il-v1/kubernetes.yaml | 130 ------ images/jenkins-master/.dockerignore | 1 - images/jenkins-master/Dockerfile | 81 ---- images/jenkins-master/Jenkinsfile | 61 --- images/jenkins-master/Makefile | 1 - images/jenkins-master/README.md | 59 --- images/jenkins-master/docker-compose.yml | 55 --- images/jenkins-master/entrypoint.sh | 54 --- images/jenkins-master/hooks/build | 1 - images/jenkins-master/hooks/post_push | 4 - images/jenkins-master/kubernetes.yaml | 172 ------- images/jenkins-master/plugins.sh | 17 - images/jenkins-master/plugins.txt | 78 ---- ...ins.emailext.ExtendedEmailPublisher.xml.j2 | 27 -- .../ref/init.groovy.d/init.groovy | 36 -- ...ugins.workflow.libs.GlobalLibraries.xml.j2 | 20 - ...org.jfrog.hudson.ArtifactoryBuilder.xml.j2 | 31 -- images/mariadb-galera/Jenkinsfile | 61 --- images/mariadb-galera/kubernetes.yaml | 194 -------- images/mt-daapd/Jenkinsfile | 61 --- images/mt-daapd/kubernetes.yaml | 49 -- images/mysqldump/Jenkinsfile | 61 --- images/mysqldump/kubernetes.yaml | 49 -- images/mythtv-backend/Jenkinsfile | 61 --- images/mythtv-backend/kubernetes.yaml | 197 -------- images/nagios/kubernetes.yaml | 207 --------- images/nagiosql/Jenkinsfile | 61 --- images/nut-upsd/Jenkinsfile | 61 --- images/nut-upsd/kubernetes.yaml | 55 --- images/postfix-python/Jenkinsfile | 61 --- images/postfix-python/kubernetes.yaml | 226 --------- images/postfix/Jenkinsfile | 61 --- images/proftpd/Jenkinsfile | 61 --- images/proftpd/kubernetes.yaml | 66 --- images/rsyslogd/Jenkinsfile | 61 --- images/rsyslogd/kubernetes.yaml | 109 ----- images/samba-dc/Jenkinsfile | 61 --- images/samba-dc/kubernetes.yaml | 68 --- images/samba/Jenkinsfile | 61 --- images/samba/kubernetes.yaml | 87 ---- images/spamassassin/Dockerfile | 2 - images/spamassassin/Jenkinsfile | 61 --- images/spamassassin/kubernetes.yaml | 72 --- images/squirrelmail/Jenkinsfile | 61 --- images/squirrelmail/kubernetes.yaml | 118 ----- images/udp-nginx-proxy/Jenkinsfile | 61 --- images/vsftpd/Jenkinsfile | 61 --- images/vsftpd/kubernetes.yaml | 66 --- images/weewx/Jenkinsfile | 61 --- images/weewx/kubernetes.yaml | 97 ---- images/wxcam-upload/Jenkinsfile | 61 --- images/wxcam-upload/kubernetes.yaml | 197 -------- k8s/helm/nextcloud/Chart.yaml | 1 - k8s/helm/nextcloud/values.yaml | 9 +- 75 files changed, 6 insertions(+), 5556 deletions(-) delete mode 100644 images/blacklist/Jenkinsfile delete mode 100644 images/blacklist/kubernetes.yaml delete mode 100644 images/data-sync/Jenkinsfile delete mode 100644 images/data-sync/kubernetes.yaml delete mode 100644 images/davite/Jenkinsfile delete mode 100644 images/davite/kubernetes.yaml delete mode 100644 images/ddclient/Jenkinsfile delete mode 100644 images/ddclient/kubernetes.yaml delete mode 100644 images/dhcpd-dns-pxe/Jenkinsfile delete mode 100644 images/dovecot/Jenkinsfile delete mode 100644 images/dovecot/kubernetes.yaml delete mode 100644 images/ez-ipupdate/Jenkinsfile delete mode 100644 images/ez-ipupdate/kubernetes.yaml delete mode 100644 images/git-dump/Jenkinsfile delete mode 100644 images/git-dump/kubernetes.yaml delete mode 100644 images/git-pull/Jenkinsfile delete mode 100644 images/git-pull/kubernetes.yaml delete mode 100644 images/haproxy-keepalived/Jenkinsfile delete mode 100644 images/haproxy-keepalived/kubernetes.yaml delete mode 100644 images/il-v1/Jenkinsfile delete mode 100644 images/il-v1/kubernetes.yaml delete mode 100644 images/jenkins-master/.dockerignore delete mode 100644 images/jenkins-master/Dockerfile delete mode 100644 images/jenkins-master/Jenkinsfile delete mode 100644 images/jenkins-master/Makefile delete mode 100644 images/jenkins-master/README.md delete mode 100644 images/jenkins-master/docker-compose.yml delete mode 100755 images/jenkins-master/entrypoint.sh delete mode 120000 images/jenkins-master/hooks/build delete mode 100755 images/jenkins-master/hooks/post_push delete mode 100644 images/jenkins-master/kubernetes.yaml delete mode 100755 images/jenkins-master/plugins.sh delete mode 100644 images/jenkins-master/plugins.txt delete mode 100644 images/jenkins-master/ref/hudson.plugins.emailext.ExtendedEmailPublisher.xml.j2 delete mode 100644 images/jenkins-master/ref/init.groovy.d/init.groovy delete mode 100644 images/jenkins-master/ref/org.jenkinsci.plugins.workflow.libs.GlobalLibraries.xml.j2 delete mode 100644 images/jenkins-master/ref/org.jfrog.hudson.ArtifactoryBuilder.xml.j2 delete mode 100644 images/mariadb-galera/Jenkinsfile delete mode 100644 images/mariadb-galera/kubernetes.yaml delete mode 100644 images/mt-daapd/Jenkinsfile delete mode 100644 images/mt-daapd/kubernetes.yaml delete mode 100644 images/mysqldump/Jenkinsfile delete mode 100644 images/mysqldump/kubernetes.yaml delete mode 100644 images/mythtv-backend/Jenkinsfile delete mode 100644 images/mythtv-backend/kubernetes.yaml delete mode 100644 images/nagios/kubernetes.yaml delete mode 100644 images/nagiosql/Jenkinsfile delete mode 100644 images/nut-upsd/Jenkinsfile delete mode 100644 images/nut-upsd/kubernetes.yaml delete mode 100644 images/postfix-python/Jenkinsfile delete mode 100644 images/postfix-python/kubernetes.yaml delete mode 100644 images/postfix/Jenkinsfile delete mode 100644 images/proftpd/Jenkinsfile delete mode 100644 images/proftpd/kubernetes.yaml delete mode 100644 images/rsyslogd/Jenkinsfile delete mode 100644 images/rsyslogd/kubernetes.yaml delete mode 100644 images/samba-dc/Jenkinsfile delete mode 100644 images/samba-dc/kubernetes.yaml delete mode 100644 images/samba/Jenkinsfile delete mode 100644 images/samba/kubernetes.yaml delete mode 100644 images/spamassassin/Jenkinsfile delete mode 100644 images/spamassassin/kubernetes.yaml delete mode 100644 images/squirrelmail/Jenkinsfile delete mode 100644 images/squirrelmail/kubernetes.yaml delete mode 100644 images/udp-nginx-proxy/Jenkinsfile delete mode 100644 images/vsftpd/Jenkinsfile delete mode 100644 images/vsftpd/kubernetes.yaml delete mode 100644 images/weewx/Jenkinsfile delete mode 100644 images/weewx/kubernetes.yaml delete mode 100644 images/wxcam-upload/Jenkinsfile delete mode 100644 images/wxcam-upload/kubernetes.yaml diff --git a/README.md b/README.md index 51723552..e84a0af6 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,7 @@ The cluster-deployment tools here include helm charts and ansible playbooks to s | artifactory | ** | binary repo | | gitea | ** | git repo | | admin-git | [![](https://img.shields.io/docker/v/instantlinux/git-pull?sort=date)](https://hub.docker.com/r/instantlinux/git-pull "Version badge") | sync git repo across swarm | +| gitea | ** | self-hosted git repo with many github features | | jira | ** | ticket tracking | | mariadb-galera | [![](https://img.shields.io/docker/v/instantlinux/mariadb-galera?sort=date)](https://hub.docker.com/r/instantlinux/mariadb-galera "Version badge") | automatic cluster setup| | nexus | ** | binary repo with docker registry | @@ -65,6 +66,7 @@ The cluster-deployment tools here include helm charts and ansible playbooks to s | authelia | ** | single-signon multi-factor auth | | cloud | ** | nextcloud, private sync like Apple iCloud | | data-sync | [![](https://img.shields.io/docker/v/instantlinux/data-sync?sort=date)](https://hub.docker.com/r/instantlinux/data-sync "Version badge") | poor-man's SAN for persistent storage | +| ddclient | [![](https://img.shields.io/docker/v/instantlinux/ddclient?sort=date)](https://hub.docker.com/r/instantlinux/ddclient "Version badge") | Dynamic DNS client | | ez-ipupdate | [![](https://img.shields.io/docker/v/instantlinux/ez-ipupdate?sort=date)](https://hub.docker.com/r/instantlinux/ez-ipupdate "Version badge") | Dynamic DNS client | | haproxy-keepalived | [![](https://img.shields.io/docker/v/instantlinux/haproxy-keepalived?sort=date)](https://hub.docker.com/r/instantlinux/haproxy-keepalived "Version badge") | load balancer | | grafana | ** | monitoring dashboard with prometheus-based alerting | @@ -76,6 +78,7 @@ The cluster-deployment tools here include helm charts and ansible playbooks to s | node-local-dns | ** | caching resolver for reliable pod DNS | | nut-upsd | [![](https://img.shields.io/docker/v/instantlinux/nut-upsd?sort=date)](https://hub.docker.com/r/instantlinux/nut-upsd "Version badge") | Network UPS Tools | | openldap | [![](https://img.shields.io/docker/v/instantlinux/openldap?sort=date)](https://hub.docker.com/r/instantlinux/openldap "Version badge") | OpenLDAP authentication server | +| proftpd | [![](https://img.shields.io/docker/v/instantlinux/proftpd?sort=date)](https://hub.docker.com/r/instantlinux/proftpd "Version badge") | FTP server | | restic | ** | backups | | rsyslogd | [![](https://img.shields.io/docker/v/instantlinux/rsyslogd?sort=date)](https://hub.docker.com/r/instantlinux/rsyslogd "Version badge") | logger in a 13MB image | | samba | [![](https://img.shields.io/docker/v/instantlinux/samba?sort=date)](https://hub.docker.com/r/instantlinux/samba "Version badge") | file server | diff --git a/images/blacklist/Jenkinsfile b/images/blacklist/Jenkinsfile deleted file mode 100644 index fe58a30f..00000000 --- a/images/blacklist/Jenkinsfile +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env groovy -// Pipeline for docker-image build -// created by richb@instantlinux.net 20-apr-2017 - -node('swarm') { - def buildDate = java.time.Instant.now().toString() - def maintainer = 'richb@instantlinux.net' - def registry = 'nexus.instantlinux.net' - def registryCreds = [credentialsId: 'docker-registry', - url: "https://${registry}"] - def service = env.JOB_NAME.split('/', 2)[0] - - try { - stage('Static Code Analysis') { - checkout scm - sh "env ; cd images/${service} && make analysis" - } - stage('Create Image') { - gitCommit = checkout(scm).GIT_COMMIT - imageTag = "dev_build_${env.BUILD_NUMBER}_${gitCommit.take(7)}" - img = docker.build("${registry}/${service}:${imageTag}", - "--build-arg=VCS_REF=${gitCommit} " + - "--build-arg=BUILD_DATE=${buildDate} " + - "images/${service}") - } - stage('Push Image') { - withDockerRegistry(registryCreds) { - img.push imageTag - } - } - stage('Functional Tests') { - withDockerRegistry(registryCreds) { - dir("images/${service}") { - sh 'make test_functional' - } - } - } - stage('Promote Image') { - withDockerRegistry(registryCreds) { - img.push 'latest' - } - } - } - catch (Exception ex) { - echo "Exception caught: ${ex.getMessage()}" - currentBuild.result = 'FAILURE' - } - finally { - currentBuild.result = currentBuild.result ?: 'SUCCESS' - emailext ( - to: maintainer, - subject: "Job ${env.JOB_NAME} #${env.BUILD_NUMBER} ${currentBuild.result}", - body: "Build URL: ${env.BUILD_URL}.\nDocker Image ${registry}/${service}\n", - attachLog: true - ) - stage('Clean') { - sh "docker rmi ${registry}/${service}:${imageTag}" - deleteDir() - } - } -} diff --git a/images/blacklist/kubernetes.yaml b/images/blacklist/kubernetes.yaml deleted file mode 100644 index 543349fc..00000000 --- a/images/blacklist/kubernetes.yaml +++ /dev/null @@ -1,65 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: $SERVICE_NAME - labels: - app.kubernetes.io/name: $SERVICE_NAME -spec: - clusterIP: $BLACKLIST_IP - ports: - - { port: 53, protocol: UDP, targetPort: 53 } - selector: - app.kubernetes.io/name: $SERVICE_NAME - release: "0.1" ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - release: "0.1" - name: $SERVICE_NAME -spec: - replicas: 2 - selector: - matchLabels: - app.kubernetes.io/name: $SERVICE_NAME - release: "0.1" - serviceName: $SERVICE_NAME - template: - metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - release: "0.1" - spec: - containers: - - name: $SERVICE_NAME - env: - - { name: DB_HOST, value: $DB_HOST } - - { name: NS_SERVERS, value: $RBLDNS_SERVERS } - - { name: RBL_DOMAIN, value: $RBL_DOMAIN } - - { name: TZ, value: $TZ } - image: $REGISTRY_URI/$SERVICE_NAME:$VERSION_BLACKLIST - ports: - - containerPort: 53 - protocol: UDP - volumeMounts: - - mountPath: /var/lib/rbldns - name: data - - name: mysql-blacklist-user - mountPath: /run/secrets/mysql-blacklist-user - subPath: mysql-blacklist-user - imagePullSecrets: [ $IMAGEPULL_SPEC ] - volumes: - - name: mysql-blacklist-user - secret: - secretName: mysql-blacklist-user - volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: [ ReadWriteOnce ] - resources: - requests: - storage: 500Mi diff --git a/images/data-sync/Jenkinsfile b/images/data-sync/Jenkinsfile deleted file mode 100644 index fe58a30f..00000000 --- a/images/data-sync/Jenkinsfile +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env groovy -// Pipeline for docker-image build -// created by richb@instantlinux.net 20-apr-2017 - -node('swarm') { - def buildDate = java.time.Instant.now().toString() - def maintainer = 'richb@instantlinux.net' - def registry = 'nexus.instantlinux.net' - def registryCreds = [credentialsId: 'docker-registry', - url: "https://${registry}"] - def service = env.JOB_NAME.split('/', 2)[0] - - try { - stage('Static Code Analysis') { - checkout scm - sh "env ; cd images/${service} && make analysis" - } - stage('Create Image') { - gitCommit = checkout(scm).GIT_COMMIT - imageTag = "dev_build_${env.BUILD_NUMBER}_${gitCommit.take(7)}" - img = docker.build("${registry}/${service}:${imageTag}", - "--build-arg=VCS_REF=${gitCommit} " + - "--build-arg=BUILD_DATE=${buildDate} " + - "images/${service}") - } - stage('Push Image') { - withDockerRegistry(registryCreds) { - img.push imageTag - } - } - stage('Functional Tests') { - withDockerRegistry(registryCreds) { - dir("images/${service}") { - sh 'make test_functional' - } - } - } - stage('Promote Image') { - withDockerRegistry(registryCreds) { - img.push 'latest' - } - } - } - catch (Exception ex) { - echo "Exception caught: ${ex.getMessage()}" - currentBuild.result = 'FAILURE' - } - finally { - currentBuild.result = currentBuild.result ?: 'SUCCESS' - emailext ( - to: maintainer, - subject: "Job ${env.JOB_NAME} #${env.BUILD_NUMBER} ${currentBuild.result}", - body: "Build URL: ${env.BUILD_URL}.\nDocker Image ${registry}/${service}\n", - attachLog: true - ) - stage('Clean') { - sh "docker rmi ${registry}/${service}:${imageTag}" - deleteDir() - } - } -} diff --git a/images/data-sync/kubernetes.yaml b/images/data-sync/kubernetes.yaml deleted file mode 100644 index 7890daa5..00000000 --- a/images/data-sync/kubernetes.yaml +++ /dev/null @@ -1,270 +0,0 @@ ---- -# Usage: -# Create the ssh keypair using Makefile found in images/data-sync: -# cd ../images/data-sync -# make data-sync -# -# Edit this file to mount your desired volumes -# Then launch this here with 'make data-sync' -# If you want more than 2 nodes kept in sync, add the service.data-sync -# label to more nodes and invoke kubectl scale. - -apiVersion: v1 -kind: Service -metadata: - name: $SERVICE_NAME - labels: - app.kubernetes.io/name: $SERVICE_NAME -spec: - clusterIP: None - ports: - - { port: 22, targetPort: 22 } - selector: - app.kubernetes.io/name: $SERVICE_NAME - release: "0.1" ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - release: "0.1" - name: $SERVICE_NAME -spec: - replicas: $DATA_SYNC_CLUSTER_SIZE - selector: - matchLabels: - app.kubernetes.io/name: $SERVICE_NAME - release: "0.1" - serviceName: $SERVICE_NAME - template: - metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - release: "0.1" - spec: - containers: - - name: $SERVICE_NAME - env: - - name: PUBKEY1 - valueFrom: - secretKeyRef: - name: $DATA_SYNC_SECRET - key: pubkey1 - - name: PUBKEY2 - valueFrom: - secretKeyRef: - name: $DATA_SYNC_SECRET - key: pubkey2 - - { name: SYNC_INTERVAL, value: "2" } - - { name: TZ, value: $TZ } - image: $REGISTRY_URI/$SERVICE_NAME:$VERSION_DATA_SYNC - ports: - - containerPort: 22 - resources: - limits: - memory: 4096Mi - requests: - memory: 256Mi - volumeMounts: - - name: archive - mountPath: /root/.unison - - name: config - mountPath: /etc/unison.d/common.prf - subPath: common.prf - - mountPath: /etc/ssh - name: etc - - mountPath: /var/log/unison - name: logs - - mountPath: /var/data-sync/share - name: share - # Customize your list of mounted volumes here - - mountPath: /var/data-sync/cloud - name: cloud - - mountPath: /var/data-sync/dos - name: dos - - mountPath: /var/data-sync/gitlab - name: gitlab - - mountPath: /var/data-sync/home - name: home - - mountPath: /var/data-sync/household - name: household - - mountPath: /var/data-sync/jira - name: jira - - mountPath: /var/data-sync/nexus - name: nexus - - mountPath: /run/secrets/data-sync-sshkey1 - name: sshkeys - subPath: sshkey1 - - mountPath: /run/secrets/data-sync-sshkey2 - name: sshkeys - subPath: sshkey2 - imagePullSecrets: [ $IMAGEPULL_SPEC ] - nodeSelector: - service.$SERVICE_NAME: allow - volumes: - - name: config - configMap: - name: $SERVICE_NAME - - name: sshkeys - secret: - secretName: $DATA_SYNC_SECRET - - name: logs - hostPath: { path: $K8S_VOLUMES_PATH/sync-logs/$SERVICE_NAME } - volumeClaimTemplates: - - metadata: - name: archive - spec: - accessModes: [ ReadWriteOnce ] - resources: - requests: - storage: 500Mi - - metadata: - name: etc - spec: - accessModes: [ ReadWriteOnce ] - resources: - requests: - storage: 500Mi - - metadata: - name: share - spec: - accessModes: [ ReadWriteMany ] - resources: - requests: - storage: 8Gi - selector: - matchLabels: - volume.group: share - - metadata: - name: cloud - spec: - accessModes: [ ReadWriteMany ] - resources: - requests: - storage: 8Gi - selector: - matchLabels: - volume.group: cloud - - metadata: - name: dos - spec: - accessModes: [ ReadWriteMany ] - resources: - requests: - storage: 8Gi - selector: - matchLabels: - volume.group: dos - - metadata: - name: gitlab - spec: - accessModes: [ ReadWriteMany ] - resources: - requests: - storage: 8Gi - selector: - matchLabels: - volume.group: gitlab - - metadata: - name: home - spec: - accessModes: [ ReadWriteMany ] - resources: - requests: - storage: 8Gi - selector: - matchLabels: - volume.group: home - - metadata: - name: household - spec: - accessModes: [ ReadWriteMany ] - resources: - requests: - storage: 8Gi - selector: - matchLabels: - volume.group: household - - metadata: - name: jira - spec: - accessModes: [ ReadWriteMany ] - resources: - requests: - storage: 8Gi - selector: - matchLabels: - volume.group: jira - - metadata: - name: nexus - spec: - accessModes: [ ReadWriteMany ] - resources: - requests: - storage: 8Gi - selector: - matchLabels: - volume.group: nexus ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: $SERVICE_NAME -data: - common.prf: | - # Directives for unison - ignore = Name .Xauthority - ignore = Name atlassian-jira-security.log - ignore = Name DVRWorkDirectory - ignore = Name ldapi - ignore = Name lost+found - ignore = Name msg.sock - # jenkins - ignore = Name *KubernetesClients.log - ignore = Name *socket - ignore = Name .s.PGSQL.5432 - ignore = Name pgstat.stat - ignore = Path data-sync/share/artifactory/data/data/derby/log - ignore = Path data-sync/share/artifactory/data/logs/request.log - ignore = Path data-sync/share/nagios/var/rw - ignore = Path data-sync/dos - ignore = Path data-sync/duplicati/config - ignore = Path data-sync/gitlab/data/postgresql/data/pg_stat_tmp - ignore = Path data-sync/gitlab/data/prometheus/data - ignore = Path data-sync/gitlab/data/redis/dump.rdb - ignore = Path data-sync/gitlab/data/gitaly - ignore = Path data-sync/gitlab/logs/sshd/current - ignore = Path data-sync/jira/home/analytics-logs - ignore = Path data-sync/jira/home/log/atlassian-jira.log - ignore = Path data-sync/jira/home/log/atlassian-jira-perf.log - ignore = Path data-sync/jira/home/monitor/ConnectionPoolGraph.rrd4j - ignore = Path data-sync/jira/home/monitor/DatabaseReadWritesGraph.rrd4j - ignore = Path data-sync/jira/home/plugins/.osgi-plugins/felix/felix-cache - ignore = Path data-sync/jira/logs - ignore = Path data-sync/nexus/db/accesslog - ignore = Path redis/current - ignore = Path data-sync/samba-dc/var/lib/winbindd_privileged/pipe - ignore = Path data-sync/syslog/log/messages - ignore = Path data-sync/syslog/log/secure - ignore = Path data-sync/nexus/elasticsearch - ignore = Path data-sync/nexus/log/nexus.log - ignore = Path data-sync/nexus/log/request.log - - auto = true - batch = true - confirmbigdel = true - copythreshold = 10000 - copyquoterem = false - # SYS-400 overall performance is absolutely awful without this - fastercheckUNSAFE = true - - group = true - owner = true - times = true - - prefer = newer - silent = true - - sshargs = -i /root/.ssh/data-sync.rsa - logfile = /var/log/unison/unison.log diff --git a/images/davite/Jenkinsfile b/images/davite/Jenkinsfile deleted file mode 100644 index fe58a30f..00000000 --- a/images/davite/Jenkinsfile +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env groovy -// Pipeline for docker-image build -// created by richb@instantlinux.net 20-apr-2017 - -node('swarm') { - def buildDate = java.time.Instant.now().toString() - def maintainer = 'richb@instantlinux.net' - def registry = 'nexus.instantlinux.net' - def registryCreds = [credentialsId: 'docker-registry', - url: "https://${registry}"] - def service = env.JOB_NAME.split('/', 2)[0] - - try { - stage('Static Code Analysis') { - checkout scm - sh "env ; cd images/${service} && make analysis" - } - stage('Create Image') { - gitCommit = checkout(scm).GIT_COMMIT - imageTag = "dev_build_${env.BUILD_NUMBER}_${gitCommit.take(7)}" - img = docker.build("${registry}/${service}:${imageTag}", - "--build-arg=VCS_REF=${gitCommit} " + - "--build-arg=BUILD_DATE=${buildDate} " + - "images/${service}") - } - stage('Push Image') { - withDockerRegistry(registryCreds) { - img.push imageTag - } - } - stage('Functional Tests') { - withDockerRegistry(registryCreds) { - dir("images/${service}") { - sh 'make test_functional' - } - } - } - stage('Promote Image') { - withDockerRegistry(registryCreds) { - img.push 'latest' - } - } - } - catch (Exception ex) { - echo "Exception caught: ${ex.getMessage()}" - currentBuild.result = 'FAILURE' - } - finally { - currentBuild.result = currentBuild.result ?: 'SUCCESS' - emailext ( - to: maintainer, - subject: "Job ${env.JOB_NAME} #${env.BUILD_NUMBER} ${currentBuild.result}", - body: "Build URL: ${env.BUILD_URL}.\nDocker Image ${registry}/${service}\n", - attachLog: true - ) - stage('Clean') { - sh "docker rmi ${registry}/${service}:${imageTag}" - deleteDir() - } - } -} diff --git a/images/davite/kubernetes.yaml b/images/davite/kubernetes.yaml deleted file mode 100644 index e30cb9a0..00000000 --- a/images/davite/kubernetes.yaml +++ /dev/null @@ -1,72 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: $SERVICE_NAME -spec: - clusterIP: None - ports: - - { port: 80, targetPort: 80 } - selector: - app.kubernetes.io/name: $SERVICE_NAME ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - name: $SERVICE_NAME -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: $SERVICE_NAME - template: - metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - spec: - containers: - - name: $SERVICE_NAME - env: - - { name: HOSTNAME, value: davite.$DOMAIN } - - { name: SCHEME, value: https } - - { name: SMTP_PORT, value: "25" } - - { name: SMTP_SMARTHOST, value: smtp.$DOMAIN } - - { name: TCP_PORT, value: "" } - - { name: TZ, value: $TZ } - image: $REGISTRY_URI/$SERVICE_NAME:$VERSION_DAVITE - ports: - - containerPort: 80 - volumeMounts: - - name: share - mountPath: /var/adm/DaVite_Data - subPath: $SERVICE_NAME - imagePullSecrets: [ $IMAGEPULL_SPEC ] - volumes: - - name: share - hostPath: { path: $PATH_SHR } ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: $SERVICE_NAME-ingress - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - kubernetes.io/ingress.class: nginx -spec: - tls: - - secretName: tls-$SERVICE_NAME - hosts: - - $SERVICE_NAME.$DOMAIN - rules: - - host: $SERVICE_NAME.$DOMAIN - http: - paths: - - path: / - backend: - service: - name: $SERVICE_NAME - port: - number: 80 - pathType: Prefix diff --git a/images/ddclient/Jenkinsfile b/images/ddclient/Jenkinsfile deleted file mode 100644 index fe58a30f..00000000 --- a/images/ddclient/Jenkinsfile +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env groovy -// Pipeline for docker-image build -// created by richb@instantlinux.net 20-apr-2017 - -node('swarm') { - def buildDate = java.time.Instant.now().toString() - def maintainer = 'richb@instantlinux.net' - def registry = 'nexus.instantlinux.net' - def registryCreds = [credentialsId: 'docker-registry', - url: "https://${registry}"] - def service = env.JOB_NAME.split('/', 2)[0] - - try { - stage('Static Code Analysis') { - checkout scm - sh "env ; cd images/${service} && make analysis" - } - stage('Create Image') { - gitCommit = checkout(scm).GIT_COMMIT - imageTag = "dev_build_${env.BUILD_NUMBER}_${gitCommit.take(7)}" - img = docker.build("${registry}/${service}:${imageTag}", - "--build-arg=VCS_REF=${gitCommit} " + - "--build-arg=BUILD_DATE=${buildDate} " + - "images/${service}") - } - stage('Push Image') { - withDockerRegistry(registryCreds) { - img.push imageTag - } - } - stage('Functional Tests') { - withDockerRegistry(registryCreds) { - dir("images/${service}") { - sh 'make test_functional' - } - } - } - stage('Promote Image') { - withDockerRegistry(registryCreds) { - img.push 'latest' - } - } - } - catch (Exception ex) { - echo "Exception caught: ${ex.getMessage()}" - currentBuild.result = 'FAILURE' - } - finally { - currentBuild.result = currentBuild.result ?: 'SUCCESS' - emailext ( - to: maintainer, - subject: "Job ${env.JOB_NAME} #${env.BUILD_NUMBER} ${currentBuild.result}", - body: "Build URL: ${env.BUILD_URL}.\nDocker Image ${registry}/${service}\n", - attachLog: true - ) - stage('Clean') { - sh "docker rmi ${registry}/${service}:${imageTag}" - deleteDir() - } - } -} diff --git a/images/ddclient/kubernetes.yaml b/images/ddclient/kubernetes.yaml deleted file mode 100644 index faf4c8c8..00000000 --- a/images/ddclient/kubernetes.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - name: $SERVICE_NAME -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: $SERVICE_NAME - template: - metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - spec: - containers: - - name: $SERVICE_NAME - env: - - { name: HOST, value: $DYNAMIC_HOSTNAME } - - { name: USER_LOGIN, value: $USER_LOGIN } - image: $REGISTRY_URI/$SERVICE_NAME:$VERSION_DDCLIENT - volumeMounts: - - name: secret - mountPath: /run/secrets/ddclient-user - subPath: ddclient-user - imagePullSecrets: [ $IMAGEPULL_SPEC ] - volumes: - - name: secret - secret: - secretName: ddclient-user diff --git a/images/dhcpd-dns-pxe/Jenkinsfile b/images/dhcpd-dns-pxe/Jenkinsfile deleted file mode 100644 index fe58a30f..00000000 --- a/images/dhcpd-dns-pxe/Jenkinsfile +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env groovy -// Pipeline for docker-image build -// created by richb@instantlinux.net 20-apr-2017 - -node('swarm') { - def buildDate = java.time.Instant.now().toString() - def maintainer = 'richb@instantlinux.net' - def registry = 'nexus.instantlinux.net' - def registryCreds = [credentialsId: 'docker-registry', - url: "https://${registry}"] - def service = env.JOB_NAME.split('/', 2)[0] - - try { - stage('Static Code Analysis') { - checkout scm - sh "env ; cd images/${service} && make analysis" - } - stage('Create Image') { - gitCommit = checkout(scm).GIT_COMMIT - imageTag = "dev_build_${env.BUILD_NUMBER}_${gitCommit.take(7)}" - img = docker.build("${registry}/${service}:${imageTag}", - "--build-arg=VCS_REF=${gitCommit} " + - "--build-arg=BUILD_DATE=${buildDate} " + - "images/${service}") - } - stage('Push Image') { - withDockerRegistry(registryCreds) { - img.push imageTag - } - } - stage('Functional Tests') { - withDockerRegistry(registryCreds) { - dir("images/${service}") { - sh 'make test_functional' - } - } - } - stage('Promote Image') { - withDockerRegistry(registryCreds) { - img.push 'latest' - } - } - } - catch (Exception ex) { - echo "Exception caught: ${ex.getMessage()}" - currentBuild.result = 'FAILURE' - } - finally { - currentBuild.result = currentBuild.result ?: 'SUCCESS' - emailext ( - to: maintainer, - subject: "Job ${env.JOB_NAME} #${env.BUILD_NUMBER} ${currentBuild.result}", - body: "Build URL: ${env.BUILD_URL}.\nDocker Image ${registry}/${service}\n", - attachLog: true - ) - stage('Clean') { - sh "docker rmi ${registry}/${service}:${imageTag}" - deleteDir() - } - } -} diff --git a/images/dovecot/Jenkinsfile b/images/dovecot/Jenkinsfile deleted file mode 100644 index fe58a30f..00000000 --- a/images/dovecot/Jenkinsfile +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env groovy -// Pipeline for docker-image build -// created by richb@instantlinux.net 20-apr-2017 - -node('swarm') { - def buildDate = java.time.Instant.now().toString() - def maintainer = 'richb@instantlinux.net' - def registry = 'nexus.instantlinux.net' - def registryCreds = [credentialsId: 'docker-registry', - url: "https://${registry}"] - def service = env.JOB_NAME.split('/', 2)[0] - - try { - stage('Static Code Analysis') { - checkout scm - sh "env ; cd images/${service} && make analysis" - } - stage('Create Image') { - gitCommit = checkout(scm).GIT_COMMIT - imageTag = "dev_build_${env.BUILD_NUMBER}_${gitCommit.take(7)}" - img = docker.build("${registry}/${service}:${imageTag}", - "--build-arg=VCS_REF=${gitCommit} " + - "--build-arg=BUILD_DATE=${buildDate} " + - "images/${service}") - } - stage('Push Image') { - withDockerRegistry(registryCreds) { - img.push imageTag - } - } - stage('Functional Tests') { - withDockerRegistry(registryCreds) { - dir("images/${service}") { - sh 'make test_functional' - } - } - } - stage('Promote Image') { - withDockerRegistry(registryCreds) { - img.push 'latest' - } - } - } - catch (Exception ex) { - echo "Exception caught: ${ex.getMessage()}" - currentBuild.result = 'FAILURE' - } - finally { - currentBuild.result = currentBuild.result ?: 'SUCCESS' - emailext ( - to: maintainer, - subject: "Job ${env.JOB_NAME} #${env.BUILD_NUMBER} ${currentBuild.result}", - body: "Build URL: ${env.BUILD_URL}.\nDocker Image ${registry}/${service}\n", - attachLog: true - ) - stage('Clean') { - sh "docker rmi ${registry}/${service}:${imageTag}" - deleteDir() - } - } -} diff --git a/images/dovecot/kubernetes.yaml b/images/dovecot/kubernetes.yaml deleted file mode 100644 index b05ebec8..00000000 --- a/images/dovecot/kubernetes.yaml +++ /dev/null @@ -1,429 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: $SERVICE_NAME - labels: - app.kubernetes.io/name: $SERVICE_NAME -spec: - clusterIP: None - ports: - - { port: $PORT_DOVECOT_SMTP, targetPort: 25, name: smtp } - - { port: $PORT_DOVECOT_IMAPD, targetPort: 143, name: imapd } - - { port: $PORT_DOVECOT_IMAPS, targetPort: 993, name: imaps } - selector: - app.kubernetes.io/name: $SERVICE_NAME ---- -apiVersion: v1 -kind: Service -metadata: - name: $SERVICE_NAME-external -spec: - type: NodePort - ports: - - { port: 25, nodePort: $NODEPORT_DOVECOT_INT, name: dovecot-smtp } - - { port: 143, nodePort: $NODEPORT_IMAPD, name: dovecot-imapd } - - { port: 993, nodePort: $NODEPORT_IMAPS, name: dovecot-imaps } - selector: - app.kubernetes.io/name: $SERVICE_NAME ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - name: $SERVICE_NAME -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: $SERVICE_NAME - template: - metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - spec: - containers: - - name: $SERVICE_NAME - image: $REGISTRY_URI/$SERVICE_NAME:$VERSION_DOVECOT - command: [/bin/sh] - args: - - -c - - > - cp -r /etc/postfix.d /etc/postfix && - newaliases && - sh /etc/postfix.d/users.sh && - exec /usr/local/bin/entrypoint-dovecot.sh - # Force reload of certs at least every 30 days - livenessProbe: - exec: - command: [ 'false' ] - initialDelaySeconds: 2592000 - ports: - - containerPort: 25 - - containerPort: 143 - - containerPort: 993 - volumeMounts: - - mountPath: /etc/dovecot/conf.local - name: etc - - mountPath: /etc/postfix.d - name: postfix-etc - - mountPath: /etc/postfix/aliases - name: admin - readOnly: true - subPath: services/$SERVICE_NAME/postfix/etc/aliases - - mountPath: /var/spool/mail - name: inbox - - mountPath: /var/spool/postfix - name: spool - - mountPath: /home - name: webmail - - mountPath: /run/secrets/ldap-ro-password - name: ldap-ro-password - subPath: ldap-ro-password - - mountPath: /run/secrets/postfix-sasl-passwd - name: postfix-sasl-passwd - subPath: postfix-sasl-passwd - - mountPath: /etc/ssl/certs/smtpd-cert.pem - name: ssl-cert - subPath: tls.crt - - mountPath: /run/secrets/smtpd-key.pem - name: ssl-cert - subPath: tls.key - dnsConfig: - nameservers: [ $DNS_SERVERS ] - options: - - name: use-vc - - name: ndots - imagePullSecrets: [ $IMAGEPULL_SPEC ] - nodeSelector: - service.$SERVICE_NAME: allow - volumes: - - name: admin - hostPath: { path: $PATH_ADM } - - name: etc - configMap: - name: $SERVICE_NAME-etc - - name: postfix-etc - configMap: - name: $SERVICE_NAME-postfix - - name: inbox - hostPath: { path: $K8S_VOLUMES_PATH/inbox } - - name: spool - hostPath: { path: $K8S_VOLUMES_PATH/postfix_spool } - - name: webmail - hostPath: { path: $K8S_VOLUMES_PATH/webmail } - - name: ldap-ro-password - secret: - secretName: ldap-ro-password - - name: postfix-sasl-passwd - secret: - secretName: postfix-sasl-passwd - - name: ssl-cert - secret: - secretName: $POSTFIX_TLS_SECRET ---- -apiVersion: v1 -kind: Service -metadata: - name: $SERVICE_NAME-sync - labels: - app.kubernetes.io/name: $SERVICE_NAME-sync -spec: - clusterIP: None - ports: - - { port: 22, targetPort: 22 } - selector: - app.kubernetes.io/name: $SERVICE_NAME-sync - release: "0.1" ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME-sync - release: "0.1" - name: $SERVICE_NAME-sync -spec: - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/name: $SERVICE_NAME-sync - release: "0.1" - serviceName: $SERVICE_NAME-sync - template: - metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME-sync - release: "0.1" - spec: - containers: - - name: $SERVICE_NAME-sync - env: - - name: PUBKEY1 - valueFrom: - secretKeyRef: - name: $DATA_SYNC_SECRET - key: pubkey1 - - name: PUBKEY2 - valueFrom: - secretKeyRef: - name: $DATA_SYNC_SECRET - key: pubkey2 - - { name: SYNC_INTERVAL, value: "2" } - - { name: TZ, value: $TZ } - image: $REGISTRY_URI/data-sync:$VERSION_DATA_SYNC - ports: - - containerPort: 22 - resources: - limits: - memory: 1536Mi - requests: - cpu: 100m - memory: 256Mi - volumeMounts: - - name: archive - mountPath: /root/.unison - - name: config-sync - mountPath: /etc/unison.d/common.prf - subPath: common.prf - - mountPath: /etc/ssh - name: etc - - mountPath: /var/log/unison - name: logs - - mountPath: /var/data-sync/inbox - name: inbox - - mountPath: /var/data-sync/webmail - name: webmail - - mountPath: /run/secrets/data-sync-sshkey1 - name: sshkeys - subPath: sshkey1 - - mountPath: /run/secrets/data-sync-sshkey2 - name: sshkeys - subPath: sshkey2 - dnsConfig: - options: - - { name: ndots } - imagePullSecrets: - - name: regcred - nodeSelector: - service.$SERVICE_NAME: allow - volumes: - - name: config-sync - configMap: - name: data-sync - - name: sshkeys - secret: - secretName: $DATA_SYNC_SECRET - - name: logs - hostPath: { path: $K8S_VOLUMES_PATH/sync-logs/$SERVICE_NAME } - - name: inbox - hostPath: { path: $K8S_VOLUMES_PATH/inbox } - - name: webmail - hostPath: { path: $K8S_VOLUMES_PATH/webmail } - volumeClaimTemplates: - - metadata: - name: archive - spec: - accessModes: [ ReadWriteOnce ] - resources: - requests: - storage: 500Mi - - metadata: - name: etc - spec: - accessModes: [ ReadWriteOnce ] - resources: - requests: - storage: 500Mi ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: $SERVICE_NAME-etc -data: - dovecot.conf: | - auth_mechanisms = plain login - disable_plaintext_auth = yes - mail_access_groups = mail - protocols = imap - mail_location = mbox:~/Mail:INBOX=/var/spool/mail/%u - mail_debug = no - - first_valid_uid = 300 - passdb { - driver = ldap - args = /etc/dovecot/dovecot-ldap.conf - } - userdb { - driver = passwd - } - service auth { - user = root - unix_listener /var/spool/postfix/private/auth { - mode = 0660 - user = postfix - group = postfix - } - } - service imap-login { - inet_listener imaps { - address = 0.0.0.0 - port = $PORT_DOVECOT_IMAPS - ssl = yes - } - } - ssl_cert = /tmp/checksums && \ - echo "$COMPOSE_SHA /usr/local/bin/docker-compose" >> /tmp/checksums && \ - echo "$JENKINS_SHA /usr/share/jenkins/jenkins.war" >> /tmp/checksums && \ - sha256sum -c /tmp/checksums && \ - chmod +x /bin/tini /usr/local/bin/docker-compose && \ - mkdir /var/log/jenkins /var/cache/jenkins && \ - chown -R jenkins:jenkins /var/log/jenkins /var/cache/jenkins \ - /etc/timezone /etc/localtime && \ - rm -f /var/cache/apk/* - -# Configuration: -# Put groovy scripts under ref/init.groovy.d/; plugins in ref/plugins/ -# Put configuration xml files at ref/ top-level -COPY ref/ $JENKINS_REF -COPY plugins.sh plugins.txt /tmp/ -RUN /tmp/plugins.sh /tmp/plugins.txt && rm /tmp/* -COPY entrypoint.sh /usr/local/bin/ -RUN chmod -R g+rX,o+rX $JENKINS_REF /usr/local/bin/entrypoint.sh - -EXPOSE 8080 50000 -VOLUME $JENKINS_HOME -USER jenkins -ENTRYPOINT ["/bin/tini", "--", "/usr/local/bin/entrypoint.sh"] diff --git a/images/jenkins-master/Jenkinsfile b/images/jenkins-master/Jenkinsfile deleted file mode 100644 index fe58a30f..00000000 --- a/images/jenkins-master/Jenkinsfile +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env groovy -// Pipeline for docker-image build -// created by richb@instantlinux.net 20-apr-2017 - -node('swarm') { - def buildDate = java.time.Instant.now().toString() - def maintainer = 'richb@instantlinux.net' - def registry = 'nexus.instantlinux.net' - def registryCreds = [credentialsId: 'docker-registry', - url: "https://${registry}"] - def service = env.JOB_NAME.split('/', 2)[0] - - try { - stage('Static Code Analysis') { - checkout scm - sh "env ; cd images/${service} && make analysis" - } - stage('Create Image') { - gitCommit = checkout(scm).GIT_COMMIT - imageTag = "dev_build_${env.BUILD_NUMBER}_${gitCommit.take(7)}" - img = docker.build("${registry}/${service}:${imageTag}", - "--build-arg=VCS_REF=${gitCommit} " + - "--build-arg=BUILD_DATE=${buildDate} " + - "images/${service}") - } - stage('Push Image') { - withDockerRegistry(registryCreds) { - img.push imageTag - } - } - stage('Functional Tests') { - withDockerRegistry(registryCreds) { - dir("images/${service}") { - sh 'make test_functional' - } - } - } - stage('Promote Image') { - withDockerRegistry(registryCreds) { - img.push 'latest' - } - } - } - catch (Exception ex) { - echo "Exception caught: ${ex.getMessage()}" - currentBuild.result = 'FAILURE' - } - finally { - currentBuild.result = currentBuild.result ?: 'SUCCESS' - emailext ( - to: maintainer, - subject: "Job ${env.JOB_NAME} #${env.BUILD_NUMBER} ${currentBuild.result}", - body: "Build URL: ${env.BUILD_URL}.\nDocker Image ${registry}/${service}\n", - attachLog: true - ) - stage('Clean') { - sh "docker rmi ${registry}/${service}:${imageTag}" - deleteDir() - } - } -} diff --git a/images/jenkins-master/Makefile b/images/jenkins-master/Makefile deleted file mode 100644 index ae6ab3bf..00000000 --- a/images/jenkins-master/Makefile +++ /dev/null @@ -1 +0,0 @@ -include ../../lib/build/Makefile.docker_image diff --git a/images/jenkins-master/README.md b/images/jenkins-master/README.md deleted file mode 100644 index 5049aba4..00000000 --- a/images/jenkins-master/README.md +++ /dev/null @@ -1,59 +0,0 @@ -## jenkins-master -[![](https://img.shields.io/docker/v/instantlinux/jenkins-master?sort=date)](https://microbadger.com/images/instantlinux/jenkins-master "Version badge") [![](https://images.microbadger.com/badges/image/instantlinux/jenkins-master.svg)](https://microbadger.com/images/instantlinux/jenkins-master "Image badge") [![](https://images.microbadger.com/badges/commit/instantlinux/jenkins-master.svg)](https://microbadger.com/images/instantlinux/jenkins-master "Commit badge") - -*Status: DEPRECATED* - -Builds a current (2.x) version of Jenkins, with the list of plugins -shown in plugins.txt along with configuration settings defined in the ref -directory. - -This is a companion to the jenkins-slave image, which can be auto- -configured via the (installed) swarm plugin or can be launched on -demand via the docker-slaves plugin. - -_Deprecated due to extreme difficulty keeping this up-to-date over -the years; switched to gitlab-ci some time ago._ - -### Usage -Set the variables as defined below, and run the docker-compose stack. This repo has complete instructions for -[building a kubernetes cluster](https://github.com/instantlinux/docker-tools/blob/master/k8s/README.md) where you can deploy [kubernetes.yaml](https://github.com/instantlinux/docker-tools/blob/master/images/jenkins-master/kubernetes.yaml) using _make_ and customizing [Makefile.vars](https://github.com/instantlinux/docker-tools/blob/master/k8s/Makefile.vars) after cloning this repo: -~~~ -git clone https://github.com/instantlinux/docker-tools.git -cd docker-tools/k8s -make jenkins -~~~ - -### Variables - -These variables can be passed to the image from kubernetes.yaml or docker-compose.yml as needed: - -Variable | Default | Description --------- | ------- | ----------- -ARTIFACTORY_URI | artifactory.domain.com | URI to local repo -ARTIFACTORY_USER | artifactory | username for artifactory access -ARTIFACTORY_USER_SECRET | artifactory-user-password | name of secret, see below -CA_CERTIFICATES_JAVA_VERSION | 20140324 | Java version for CA -COPY_REFERENCE_FILE_LOG | /var/jenkins_home/copy_reference_file.log | log file seen after ref copy -JAVA_OPTS | -Xmx8192m -Djenkins.install.runSetupWizard=false | Java options -JENKINS_ADMIN_USER | admin | Jenkins admin -JENKINS_ADMIN_SECRET | jenkins-admin-password | name of secret -JENKINS_DOWNLOADS | https://updates.jenkins-ci.org/download | URL of plugins site -JENKINS_HOME | /var/jenkins_home | Jenkins home directory -JENKINS_LIBRARY | git@git.domain.com:user/jenkinslib | Groovy library -JENKINS_OPTS | --logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war | Jenkins command line options -JENKINS_REF | /usr/share/jenkins/ref | Reference dir (configs/plugins) -JENKINS_SLAVE_AGENT_PORT | 50000 | Slave TCP comm port -JENKINS_URL | http://jenkins.domain.com | External Jenkins URL -MASTER_EXECUTORS | 2 | Executor slots on master -SMTP_ADMIN_ADDRESS | "Jenkins " | From: address for notices -SMTP_SMARTHOST | mail.domain.com | Smarthost for sending messages -TZ | UTC | time zone - -### Secrets -Name | Description ----- | ----------- -artifactory-user-password | password for artifactory repo access -jenkins-admin-password | password for new Jenkins admin user -jenkins-agent-password | password for agents - -[![](https://img.shields.io/badge/license-MIT-red.svg)](https://choosealicense.com/licenses/mit/ "License badge") [![](https://img.shields.io/badge/code-jenkinsci%2Fjenkins-blue.svg)](https://github.com/jenkinsci/jenkins "Code repo") diff --git a/images/jenkins-master/docker-compose.yml b/images/jenkins-master/docker-compose.yml deleted file mode 100644 index 44296d60..00000000 --- a/images/jenkins-master/docker-compose.yml +++ /dev/null @@ -1,55 +0,0 @@ -version: "3.1" - -services: - jenkins-master: - image: ${REGISTRY_URI:-instantlinux}/jenkins-master:${VERSION_JENKINS:-latest} - environment: - ARTIFACTORY_URI: https://repo.${DOMAIN}/artifactory - ARTIFACTORY_USER: jenkins - JENKINS_URL: https://jenkins.${DOMAIN} - SMTP_ADMIN_ADDRESS: "Jenkins " - SMTP_SMARTHOST: smtp.${DOMAIN} - TZ: ${TZ:-UTC} - ports: - - ${PORT_JENKINS:-8080}:8080 - volumes: - - ${SHARE_PATH:-/opt}/jenkins_home:/var/jenkins_home - - jenkinsbackup:/var/jenkins_backup - # TODO: don't mount /var/run/docker.sock - - /var/run/docker.sock:/var/run/docker.sock - deploy: - placement: - constraints: - - ${LABEL_WORKER:-node.role == worker} - secrets: - - artifactory-user-password - - jenkins-admin-password - - jenkins-slave: - image: ${REGISTRY_URI:-instantlinux}/jenkins-slave:${VERSION_JENKINS:-latest} - environment: - SWARM_JENKINS_SECRET: jenkins-agent-password - SWARM_JENKINS_USER: svc_jenkins - SWARM_MASTER_URL: http://jenkins-master:8080/ - TZ: ${TZ:-UTC} - volumes: - - /var/run/docker.sock:/var/run/docker.sock - deploy: - mode: replicated - replicas: 2 - placement: - constraints: - - ${LABEL_WORKER:-node.role == worker} - secrets: - - jenkins-agent-password - -volumes: - jenkinsbackup: - external: true -secrets: - artifactory-user-password: - external: true - jenkins-admin-password: - external: true - jenkins-agent-password: - external: true diff --git a/images/jenkins-master/entrypoint.sh b/images/jenkins-master/entrypoint.sh deleted file mode 100755 index 617dba09..00000000 --- a/images/jenkins-master/entrypoint.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -e - -if [ ! -s /etc/timezone ] && [ ! -z "$TZ" ]; then - # At first startup, set timezone - cat /usr/share/zoneinfo/$TZ >/etc/localtime - echo $TZ >/etc/timezone -fi -if [ -e /run/secrets/$JENKINS_ADMIN_SECRET ]; then - export JENKINS_ADMIN_PASS=$(cat /run/secrets/$JENKINS_ADMIN_SECRET) -fi - -# Process templates in /usr/share/jenkins/ref -cd $JENKINS_REF -for file in $(find . -name '*.j2'); do - dest=$JENKINS_HOME/$(echo $file | sed -e 's/[.]j2$//') - [ -f $dest ] && continue - sed -e "s+{{ ARTIFACTORY_PASS }}+$ARTIFACTORY_PASS+" \ - -e "s+{{ ARTIFACTORY_URI }}+$ARTIFACTORY_URI+" \ - -e "s+{{ ARTIFACTORY_USER }}+$ARTIFACTORY_USER+" \ - -e "s+{{ JENKINS_LIBRARY }}+$JENKINS_LIBRARY+" \ - -e "s+{{ SMTP_SMARTHOST }}+$SMTP_SMARTHOST+" \ - $file > $dest -done - -# Copy files from $JENKINS_REF into $JENKINS_HOME that aren't already there -# This is a reference config, to enable UI to make changes that persist -# beyond container restart. -copy_reference_file() { - file=${1%/} - rel=${file:23} - dir=$(dirname ${file}) - if [ ! -e $JENKINS_HOME/${rel} ]; then - echo " $file: copied" >> $COPY_REFERENCE_FILE_LOG - mkdir -p $JENKINS_HOME/${dir:23} - cp -r $JENKINS_REF/${rel} $JENKINS_HOME/${rel} - # pin plugins on initial copy - # TODO what's this?? - # [ ${rel} == plugins/*.jpi ] && - touch $JENKINS_HOME/${rel}.pinned - else - echo " $file skipped" >> $COPY_REFERENCE_FILE_LOG - fi -} - -export -f copy_reference_file -echo "--- Copying files at $(date)" >> $COPY_REFERENCE_FILE_LOG -find $JENKINS_REF/ -type f -exec bash -c "copy_reference_file '{}'" \; - -# if first argument is `--`: start jenkins with launcher args -if [ $# -lt 1 ] || [ "$1" == "--"* ]; then - exec java $JAVA_OPTS -jar /usr/share/jenkins/jenkins.war $JENKINS_OPTS "$@" -else - exec "$@" -fi diff --git a/images/jenkins-master/hooks/build b/images/jenkins-master/hooks/build deleted file mode 120000 index acded15a..00000000 --- a/images/jenkins-master/hooks/build +++ /dev/null @@ -1 +0,0 @@ -../../../lib/build/dockerhub-hook \ No newline at end of file diff --git a/images/jenkins-master/hooks/post_push b/images/jenkins-master/hooks/post_push deleted file mode 100755 index ec9a3445..00000000 --- a/images/jenkins-master/hooks/post_push +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -TAG=$(grep "ARG _JENKINS_VERSION" Dockerfile | cut -d= -f 2) -docker tag $IMAGE_NAME $DOCKER_REPO:$TAG -docker push $DOCKER_REPO:$TAG diff --git a/images/jenkins-master/kubernetes.yaml b/images/jenkins-master/kubernetes.yaml deleted file mode 100644 index f6e362a1..00000000 --- a/images/jenkins-master/kubernetes.yaml +++ /dev/null @@ -1,172 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: $SERVICE_NAME -spec: - clusterIP: None - ports: - - { port: 80, targetPort: 8080 } - selector: - app.kubernetes.io/name: $SERVICE_NAME ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - name: $SERVICE_NAME -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: $SERVICE_NAME - template: - metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - spec: - containers: - - name: $SERVICE_NAME - env: - - { name: ARTIFACTORY_URI, value: "https://repo.$DOMAIN/artifactory" } - - { name: ARTIFACTORY_USER, value: jenkins } - - { name: JAVA_OPTS, value: -Xmx2048m -Djenkins.install.runSetupWizard=false } - - { name: JENKINS_URL, value: "https://jenkins.$DOMAIN" } - - { name: SMTP_ADMIN_ADDRESS, value: "Jenkins " } - - { name: SMTP_SMARTHOST, value: smtp.$DOMAIN } - - { name: TZ, value: $TZ } - image: $REGISTRY_URI/jenkins-master:$VERSION_JENKINS_MASTER - ports: - - containerPort: 8080 - resources: - limits: - memory: 6144Mi - requests: - cpu: 100m - memory: 2048Mi - volumeMounts: - - mountPath: /var/jenkins_home - name: share - subPath: jenkins_home - - mountPath: /var/jenkins_backup - name: backup - subPath: $SERVICE_NAME - - mountPath: /run/secrets/artifactory-user-password - name: artifactory-user-password - subPath: artifactory-user-password - - mountPath: /run/secrets/jenkins-admin-password - name: jenkins-admin-password - subPath: jenkins-admin-password - dnsConfig: - options: [ name: ndots ] - imagePullSecrets: [ $IMAGEPULL_SPEC ] - volumes: - - name: share - hostPath: { path: $PATH_SHR } - - name: backup - hostPath: { path: $PATH_BKP } - - name: artifactory-user-password - secret: - secretName: artifactory-user-password - - name: jenkins-admin-password - secret: - secretName: jenkins-admin-password ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME-slave - name: $SERVICE_NAME-slave -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: $SERVICE_NAME-slave - template: - metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME-slave - spec: - containers: - - name: $SERVICE_NAME-slave - env: - - { name: SWARM_JENKINS_SECRET, value: jenkins-agent-password } - - { name: SWARM_JENKINS_USER, value: svc_jenkins } - - { name: SWARM_MASTER_URL, value: "http://$(JENKINS_SERVICE_HOST)" } - - { name: TZ, value: $TZ } - image: $REGISTRY_URI/jenkins-slave:$VERSION_JENKINS_SLAVE - volumeMounts: -# - mountPath: /var/run/docker.sock -# name: docker-socket - - mountPath: /run/secrets/jenkins-agent-password - name: jenkins-agent-password - subPath: jenkins-agent-password - dnsConfig: - nameservers: [ $DNS_SERVERS ] - options: - - name: use-vc - - name: ndots - imagePullSecrets: - - name: regcred - nodeSelector: - service.jenkins-slave: allow -# serviceAccountName: $K8S_NAMESPACE-privileged - volumes: -# - name: docker-socket -# hostPath: { path: /var/run/docker.sock } - - name: jenkins-agent-password - secret: - secretName: jenkins-agent-password ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: $SERVICE_NAME-ingress - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/enable-access-log: "false" -spec: - tls: - - secretName: tls-$SERVICE_NAME - hosts: - - $SERVICE_NAME.$DOMAIN - rules: - - host: $SERVICE_NAME.$DOMAIN - http: - paths: - - path: / - backend: - service: - name: $SERVICE_NAME - port: - number: 80 - pathType: Prefix ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: $SERVICE_NAME-totp - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/auth-url: http://$AUTHELIA_IP/api/verify - nginx.ingress.kubernetes.io/auth-signin: https://authtotp.$DOMAIN -spec: - tls: - - secretName: tls-$SERVICE_NAME - hosts: - - $SERVICE_NAME.$DOMAIN - rules: - - host: $SERVICE_NAME.$DOMAIN - http: - paths: - - path: /login - backend: - service: - name: $SERVICE_NAME - port: - number: 80 - pathType: Prefix diff --git a/images/jenkins-master/plugins.sh b/images/jenkins-master/plugins.sh deleted file mode 100755 index 987285b3..00000000 --- a/images/jenkins-master/plugins.sh +++ /dev/null @@ -1,17 +0,0 @@ -#! /bin/bash -set -e - -REF=/usr/share/jenkins/ref/plugins -mkdir -p $REF -umask 022 - -echo "downloading plugins specified in plugins.txt" -while read spec || [ -n "$spec" ]; do - plugin=(${spec//:/ }); - [[ ${plugin[0]} =~ ^# ]] && continue - [[ ${plugin[0]} =~ ^\s*$ ]] && continue - [[ -z ${plugin[1]} ]] && plugin[1]="latest" - echo " -- ${plugin[0]}:`basename ${plugin[1]}`" - curl -sSL -f ${JENKINS_DOWNLOADS}/plugins/${plugin[0]}/${plugin[1]}/${plugin[0]}.hpi -o $REF/${plugin[0]}.jpi - unzip -qqt $REF/${plugin[0]}.jpi -done < $1 diff --git a/images/jenkins-master/plugins.txt b/images/jenkins-master/plugins.txt deleted file mode 100644 index fc66becf..00000000 --- a/images/jenkins-master/plugins.txt +++ /dev/null @@ -1,78 +0,0 @@ -artifactory:3.2.1 -bouncycastle-api:2.17 -cobertura:1.13 -durable-task:1.29 -docker-slaves:1.0.7 -email-ext:2.63 -git:3.9.3 -greenballs:1.15 -htmlpublisher:1.18 -kubernetes:1.14.5 -ldap:1.20 -mailer:1.23 -pipeline-stage-view:2.10 -rebuild:1.29 -swarm:3.15 -timestamper:1.9 -workflow-aggregator:2.6 - -# dependencies -ant:1.9 -branch-api:2.1.2 -cloudbees-folder:6.7 -code-coverage-api:1.0.7 -credentials:2.1.18 -git-client:2.7.6 -gradle:1.30 -handlebars:1.1.1 -ivy:1.28 -jackson2-api:2.9.8 -jquery-detached:1.2.1 -junit:1.27 -kubernetes-credentials:0.4.0 -lockable-resources:2.4 -maven-plugin:3.2 -momentjs:1.1.1 -pipeline-input-step:2.9 -pipeline-rest-api:2.10 -scm-api:2.3.0 -script-security:1.53 -ssh-credentials:1.14 -structs:1.17 -variant:1.2 -workflow-api:2.33 -workflow-basic-steps:2.14 -workflow-cps:2.63 -workflow-cps-global-lib:2.13 -workflow-durable-task-step:2.29 -workflow-job:2.31 -workflow-multibranch:2.20 -workflow-scm-step:2.7 -workflow-step-api:2.19 -workflow-support:3.2 - -# second-level dependencies -ace-editor:1.1 -apache-httpcomponents-client-4-api:4.5.5-3.0 -authentication-tokens:1.3 -config-file-provider:3.5 -credentials-binding:1.17 -display-url-api:2.3.0 -docker-commons:1.13 -docker-workflow:1.17 -git-server:1.7 -icon-shim:2.0.3 -javadoc:1.4 -jsch:0.1.55 -matrix-project:1.13 -pipeline-build-step:2.7 -pipeline-graph-analysis:1.9 -pipeline-milestone-step:1.3.1 -pipeline-model-api:1.3.4.1 -pipeline-model-declarative-agent:1.1.1 -pipeline-model-definition:1.3.4.1 -pipeline-model-extensions:1.3.4.1 -pipeline-stage-step:2.3 -pipeline-stage-tags-metadata:1.3.4.1 -plain-credentials:1.5 -token-macro:2.6 diff --git a/images/jenkins-master/ref/hudson.plugins.emailext.ExtendedEmailPublisher.xml.j2 b/images/jenkins-master/ref/hudson.plugins.emailext.ExtendedEmailPublisher.xml.j2 deleted file mode 100644 index 366f9d3c..00000000 --- a/images/jenkins-master/ref/hudson.plugins.emailext.ExtendedEmailPublisher.xml.j2 +++ /dev/null @@ -1,27 +0,0 @@ - - - - {{ SMTP_SMARTHOST }} - false - UTF-8 - text/plain - $PROJECT_NAME - Build # $BUILD_NUMBER - $BUILD_STATUS! - $PROJECT_NAME - Build # $BUILD_NUMBER - $BUILD_STATUS: - -Check console output at $BUILD_URL to view the results. - - - - - hudson.plugins.emailext.plugins.trigger.FailureTrigger - - -1 - - - - true - false - false - false - false - diff --git a/images/jenkins-master/ref/init.groovy.d/init.groovy b/images/jenkins-master/ref/init.groovy.d/init.groovy deleted file mode 100644 index 92101d0b..00000000 --- a/images/jenkins-master/ref/init.groovy.d/init.groovy +++ /dev/null @@ -1,36 +0,0 @@ -import jenkins.model.* -import hudson.model.* -import hudson.security.* - -def env = System.getenv() -def jenkins = Jenkins.getInstance() -def EXCLUSIVE = Node.Mode.valueOf('EXCLUSIVE') - -// Allocate executors on master. -jenkins.setNumExecutors(env.MASTER_EXECUTORS as int) - -// Only run tasks when node('master') is specifically requested -jenkins.setMode(EXCLUSIVE) - -// Don't wait 5 seconds between stages (Quiet Period) -jenkins.setQuietPeriod(0) - -// Mail setup -jenkins_loc = JenkinsLocationConfiguration.get() -jenkins_loc.setAdminAddress(env.SMTP_ADMIN_ADDRESS) -jenkins_loc.setUrl(env.JENKINS_URL) -jenkins_loc.save() -jenkins_mail = jenkins.getDescriptor('hudson.tasks.Mailer') -jenkins_mail.setSmtpHost(env.SMTP_SMARTHOST) -jenkins_mail.setDefaultSuffix('@' + \ - env.SMTP_SMARTHOST.tokenize('.').drop(1).join('.')) - -// Users setup -jenkins.setSecurityRealm(new HudsonPrivateSecurityRealm(false)) -jenkins.setAuthorizationStrategy(new FullControlOnceLoggedInAuthorizationStrategy()) - -def realm = jenkins.getSecurityRealm() -realm.createAccount(env.JENKINS_ADMIN_USER, env.JENKINS_ADMIN_PASS).save() -realm.createAccount('jenkins', 'jenkins').save() - -jenkins.save() diff --git a/images/jenkins-master/ref/org.jenkinsci.plugins.workflow.libs.GlobalLibraries.xml.j2 b/images/jenkins-master/ref/org.jenkinsci.plugins.workflow.libs.GlobalLibraries.xml.j2 deleted file mode 100644 index de7c215c..00000000 --- a/images/jenkins-master/ref/org.jenkinsci.plugins.workflow.libs.GlobalLibraries.xml.j2 +++ /dev/null @@ -1,20 +0,0 @@ - - - - - jenkinstools - - - d6ce9233-0314-49b4-a551-576b622d8f3c - {{ JENKINS_LIBRARY }} - - - - - - - false - true - - - diff --git a/images/jenkins-master/ref/org.jfrog.hudson.ArtifactoryBuilder.xml.j2 b/images/jenkins-master/ref/org.jfrog.hudson.ArtifactoryBuilder.xml.j2 deleted file mode 100644 index 0d9fec8b..00000000 --- a/images/jenkins-master/ref/org.jfrog.hudson.ArtifactoryBuilder.xml.j2 +++ /dev/null @@ -1,31 +0,0 @@ - - - false - - - {{ ARTIFACTORY_URI }} - repo - 300 - false - 3 - - - {{ ARTIFACTORY_USER }} - {{ ARTIFACTORY_PASS }} - - - false - false - - - - {{ ARTIFACTORY_USER }} - {{ ARTIFACTORY_PASS }} - - - false - false - - - - diff --git a/images/mariadb-galera/Jenkinsfile b/images/mariadb-galera/Jenkinsfile deleted file mode 100644 index 69c55a5d..00000000 --- a/images/mariadb-galera/Jenkinsfile +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env groovy -// Pipeline for docker-image build -// created by richb@instantlinux.net 20-apr-2017 - -node('swarm') { - def buildDate = java.time.Instant.now().toString() - def maintainer = 'richb@instantlinux.net' - def registry = 'nexus.instantlinux.net' - def registryCreds = [credentialsId: 'docker-registry', - url: "https://${registry}"] - def service = env.JOB_NAME.split('/', 2)[0] - - try { - stage('Static Code Analysis') { - checkout scm - sh "env ; cd images/${service} && VDIR=/tmp/venv make analysis" - } - stage('Create Image') { - gitCommit = checkout(scm).GIT_COMMIT - imageTag = "dev_build_${env.BUILD_NUMBER}_${gitCommit.take(7)}" - img = docker.build("${registry}/${service}:${imageTag}", - "--build-arg=VCS_REF=${gitCommit} " + - "--build-arg=BUILD_DATE=${buildDate} " + - "images/${service}") - } - stage('Push Image') { - withDockerRegistry(registryCreds) { - img.push imageTag - } - } - stage('Functional Tests') { - withDockerRegistry(registryCreds) { - dir("images/${service}") { - sh 'make test_functional' - } - } - } - stage('Promote Image') { - withDockerRegistry(registryCreds) { - img.push 'latest' - } - } - } - catch (Exception ex) { - echo "Exception caught: ${ex.getMessage()}" - currentBuild.result = 'FAILURE' - } - finally { - currentBuild.result = currentBuild.result ?: 'SUCCESS' - emailext ( - to: maintainer, - subject: "Job ${env.JOB_NAME} #${env.BUILD_NUMBER} ${currentBuild.result}", - body: "Build URL: ${env.BUILD_URL}.\nDocker Image ${registry}/${service}\n", - attachLog: true - ) - stage('Clean') { - sh "docker rmi ${registry}/${service}:${imageTag}" - deleteDir() - } - } -} diff --git a/images/mariadb-galera/kubernetes.yaml b/images/mariadb-galera/kubernetes.yaml deleted file mode 100644 index 84e0752d..00000000 --- a/images/mariadb-galera/kubernetes.yaml +++ /dev/null @@ -1,194 +0,0 @@ ---- -# Primary NodePort is safe for reading and writing. -# -apiVersion: v1 -kind: Service -metadata: - name: $SERVICE_NAME-primary - labels: - app.kubernetes.io/name: $SERVICE_NAME-primary -spec: - type: NodePort - ports: - - { port: 3306, nodePort: $DB_NODEPORT, name: db } - selector: - app.kubernetes.io/name: $SERVICE_NAME - release: "0.1" - sessionAffinity: ClientIP ---- -# Secondary IP is served directly by k8s service here; splits -# across cluster. Use for horizontal-scaling read-only db access. -# If your applications write to this IP, beware of multi-master -# (MDL) conflicts that cause severe performance and stability -# problems. -# -apiVersion: v1 -kind: Service -metadata: - name: $SERVICE_NAME-readonly - labels: - app.kubernetes.io/name: $SERVICE_NAME-readonly - release: "0.1" -spec: - clusterIP: $DB_IP_RO - ports: - - port: 3306 - selector: - app.kubernetes.io/name: $SERVICE_NAME - release: "0.1" - sessionAffinity: ClientIP ---- -apiVersion: v1 -kind: Service -metadata: - name: $SERVICE_NAME - labels: - app.kubernetes.io/name: $SERVICE_NAME-headless -spec: - clusterIP: None - selector: - app.kubernetes.io/name: $SERVICE_NAME - release: "0.1" ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - release: "0.1" - name: $SERVICE_NAME -spec: - replicas: $DB_CLUSTER_SIZE - selector: - matchLabels: - app.kubernetes.io/name: $SERVICE_NAME - release: "0.1" - serviceName: $SERVICE_NAME - template: - metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - release: "0.1" - spec: - containers: - - name: $SERVICE_NAME - env: - - { name: CLUSTER_NAME, value: $SERVICE_NAME } - - { name: DISCOVERY_SERVICE, value: "$ETCD_IP:2379" } - - { name: CLUSTER_SIZE, value: "$DB_CLUSTER_SIZE" } - image: $REGISTRY_URI/mariadb-galera:$VERSION_MARIADB_GALERA - ports: - - containerPort: 3306 - resources: - limits: - memory: 8192Mi - requests: - cpu: 300m - memory: 128Mi - volumeMounts: - - mountPath: /etc/mysql/my.cnf.d - name: etc - - mountPath: /var/log/mysql - name: logs - - mountPath: /var/lib/mysql - name: data - - name: mysql-root-password - mountPath: /run/secrets/mysql-root-password - subPath: mysql-root-password - - name: sst-auth-password - mountPath: /run/secrets/sst-auth-password - subPath: sst-auth-password - dnsConfig: - options: [ name: ndots ] - imagePullSecrets: [ $IMAGEPULL_SPEC ] - volumes: - - name: etc - configMap: - name: $SERVICE_NAME-etc - - name: mysql-root-password - secret: - secretName: mysql-root-password - - name: sst-auth-password - secret: - secretName: sst-auth-password - volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: [ ReadWriteOnce ] - resources: - requests: - storage: 8Gi - - metadata: - name: logs - spec: - accessModes: [ ReadWriteOnce ] - resources: - requests: - storage: 500Mi ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: $SERVICE_NAME-etc -data: - my.cnf: | - # --- Deployed from kubernetes configmap --- - # - # For documentation see - # https://mariadb.com/kb/en/library/server-system-variables - - [mysqld] - # - # * Basic Settings - # - basedir = /usr - tmpdir = /tmp - skip-external-locking - character_set_server = utf8 - ignore_db_dirs = lost+found - - # - # * Fine Tuning - # - ft_min_word_len = 3 - join_buffer_size = 131072 - key_buffer_size = 16M - max_allowed_packet = 256M - #max_connections = 100 - max_heap_table_size = 16M - query_cache_type = OFF - query_cache_size = 0 - read_buffer_size = 131072 - read_rnd_buffer_size = 262144 - table_open_cache = 4096 - thread_stack = 192K - thread_cache_size = 8 - #thread_concurrency = 12 - tmp_table_size = 16M - - interactive_timeout = 28800 - net_read_timeout = $DB_NET_READ_TIMEOUT - net_write_timeout = 60 - wait_timeout = 3600 - - # - # * Slow query log - # - slow_query_log_file = /var/log/mysql/mysql-slow.log - slow_query_log = 1 - long_query_time = 4 - #log_queries_not_using_indexes - - # - # * InnoDB - # - innodb_data_file_path = ibdata1:10M:autoextend - innodb_buffer_pool_instances = 1 - innodb_buffer_pool_size = $DB_INNODB_POOL_SIZE - innodb_log_file_size = $DB_INNODB_LOG_SIZE - - [mysqldump] - quick - quote-names - max_allowed_packet = 16M diff --git a/images/mt-daapd/Jenkinsfile b/images/mt-daapd/Jenkinsfile deleted file mode 100644 index fe58a30f..00000000 --- a/images/mt-daapd/Jenkinsfile +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env groovy -// Pipeline for docker-image build -// created by richb@instantlinux.net 20-apr-2017 - -node('swarm') { - def buildDate = java.time.Instant.now().toString() - def maintainer = 'richb@instantlinux.net' - def registry = 'nexus.instantlinux.net' - def registryCreds = [credentialsId: 'docker-registry', - url: "https://${registry}"] - def service = env.JOB_NAME.split('/', 2)[0] - - try { - stage('Static Code Analysis') { - checkout scm - sh "env ; cd images/${service} && make analysis" - } - stage('Create Image') { - gitCommit = checkout(scm).GIT_COMMIT - imageTag = "dev_build_${env.BUILD_NUMBER}_${gitCommit.take(7)}" - img = docker.build("${registry}/${service}:${imageTag}", - "--build-arg=VCS_REF=${gitCommit} " + - "--build-arg=BUILD_DATE=${buildDate} " + - "images/${service}") - } - stage('Push Image') { - withDockerRegistry(registryCreds) { - img.push imageTag - } - } - stage('Functional Tests') { - withDockerRegistry(registryCreds) { - dir("images/${service}") { - sh 'make test_functional' - } - } - } - stage('Promote Image') { - withDockerRegistry(registryCreds) { - img.push 'latest' - } - } - } - catch (Exception ex) { - echo "Exception caught: ${ex.getMessage()}" - currentBuild.result = 'FAILURE' - } - finally { - currentBuild.result = currentBuild.result ?: 'SUCCESS' - emailext ( - to: maintainer, - subject: "Job ${env.JOB_NAME} #${env.BUILD_NUMBER} ${currentBuild.result}", - body: "Build URL: ${env.BUILD_URL}.\nDocker Image ${registry}/${service}\n", - attachLog: true - ) - stage('Clean') { - sh "docker rmi ${registry}/${service}:${imageTag}" - deleteDir() - } - } -} diff --git a/images/mt-daapd/kubernetes.yaml b/images/mt-daapd/kubernetes.yaml deleted file mode 100644 index b9faf55f..00000000 --- a/images/mt-daapd/kubernetes.yaml +++ /dev/null @@ -1,49 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - name: $SERVICE_NAME -spec: - replicas: 2 - selector: - matchLabels: - app.kubernetes.io/name: $SERVICE_NAME - template: - metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - $SERVICE_NAME - topologyKey: "kubernetes.io/hostname" - containers: - - name: $SERVICE_NAME - env: - - { name: SERVER_BANNER, value: '%h Firefly MP3 via Docker' } - image: $REGISTRY_URI/$SERVICE_NAME:$VERSION_MT_DAAPD - volumeMounts: - - name: cache - mountPath: /var/cache/forked-daapd - - name: music - mountPath: /srv/music - readOnly: true - hostNetwork: true - imagePullSecrets: [ $IMAGEPULL_SPEC ] - nodeSelector: - service.$SERVICE_NAME: allow - serviceAccountName: $K8S_NAMESPACE-privileged - volumes: - - name: cache - emptyDir: {} - - name: music - persistentVolumeClaim: - claimName: mp3 diff --git a/images/mysqldump/Jenkinsfile b/images/mysqldump/Jenkinsfile deleted file mode 100644 index fe58a30f..00000000 --- a/images/mysqldump/Jenkinsfile +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env groovy -// Pipeline for docker-image build -// created by richb@instantlinux.net 20-apr-2017 - -node('swarm') { - def buildDate = java.time.Instant.now().toString() - def maintainer = 'richb@instantlinux.net' - def registry = 'nexus.instantlinux.net' - def registryCreds = [credentialsId: 'docker-registry', - url: "https://${registry}"] - def service = env.JOB_NAME.split('/', 2)[0] - - try { - stage('Static Code Analysis') { - checkout scm - sh "env ; cd images/${service} && make analysis" - } - stage('Create Image') { - gitCommit = checkout(scm).GIT_COMMIT - imageTag = "dev_build_${env.BUILD_NUMBER}_${gitCommit.take(7)}" - img = docker.build("${registry}/${service}:${imageTag}", - "--build-arg=VCS_REF=${gitCommit} " + - "--build-arg=BUILD_DATE=${buildDate} " + - "images/${service}") - } - stage('Push Image') { - withDockerRegistry(registryCreds) { - img.push imageTag - } - } - stage('Functional Tests') { - withDockerRegistry(registryCreds) { - dir("images/${service}") { - sh 'make test_functional' - } - } - } - stage('Promote Image') { - withDockerRegistry(registryCreds) { - img.push 'latest' - } - } - } - catch (Exception ex) { - echo "Exception caught: ${ex.getMessage()}" - currentBuild.result = 'FAILURE' - } - finally { - currentBuild.result = currentBuild.result ?: 'SUCCESS' - emailext ( - to: maintainer, - subject: "Job ${env.JOB_NAME} #${env.BUILD_NUMBER} ${currentBuild.result}", - body: "Build URL: ${env.BUILD_URL}.\nDocker Image ${registry}/${service}\n", - attachLog: true - ) - stage('Clean') { - sh "docker rmi ${registry}/${service}:${imageTag}" - deleteDir() - } - } -} diff --git a/images/mysqldump/kubernetes.yaml b/images/mysqldump/kubernetes.yaml deleted file mode 100644 index 3f4349b6..00000000 --- a/images/mysqldump/kubernetes.yaml +++ /dev/null @@ -1,49 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - name: $SERVICE_NAME -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: $SERVICE_NAME - template: - metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - spec: - containers: - - name: $SERVICE_NAME - env: - - { name: HOUR, value: "5" } - - { name: SERVERS, value: "$DB_SERVERS" } - - { name: SKEW_SECONDS, value: "30" } - - { name: TZ, value: $TZ } - image: $REGISTRY_URI/$SERVICE_NAME:$VERSION_MYSQLDUMP - ports: - - containerPort: 80 - volumeMounts: - - mountPath: /var/backup - name: backup - subPath: $SERVICE_NAME - - mountPath: /var/log - name: logs - - name: mysql-backup-creds - mountPath: /run/secrets/mysql-backup-creds - subPath: mysql-backup-creds - dnsConfig: - options: [ name: ndots ] - imagePullSecrets: [ $IMAGEPULL_SPEC ] - nodeSelector: - service.$SERVICE_NAME: allow - volumes: - - name: backup - hostPath: { path: $PATH_BKP } - - name: logs - hostPath: { path: $K8S_VOLUMES_PATH/sync-logs/$SERVICE_NAME } - - name: mysql-backup-creds - secret: - secretName: mysql-backup-creds diff --git a/images/mythtv-backend/Jenkinsfile b/images/mythtv-backend/Jenkinsfile deleted file mode 100644 index fe58a30f..00000000 --- a/images/mythtv-backend/Jenkinsfile +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env groovy -// Pipeline for docker-image build -// created by richb@instantlinux.net 20-apr-2017 - -node('swarm') { - def buildDate = java.time.Instant.now().toString() - def maintainer = 'richb@instantlinux.net' - def registry = 'nexus.instantlinux.net' - def registryCreds = [credentialsId: 'docker-registry', - url: "https://${registry}"] - def service = env.JOB_NAME.split('/', 2)[0] - - try { - stage('Static Code Analysis') { - checkout scm - sh "env ; cd images/${service} && make analysis" - } - stage('Create Image') { - gitCommit = checkout(scm).GIT_COMMIT - imageTag = "dev_build_${env.BUILD_NUMBER}_${gitCommit.take(7)}" - img = docker.build("${registry}/${service}:${imageTag}", - "--build-arg=VCS_REF=${gitCommit} " + - "--build-arg=BUILD_DATE=${buildDate} " + - "images/${service}") - } - stage('Push Image') { - withDockerRegistry(registryCreds) { - img.push imageTag - } - } - stage('Functional Tests') { - withDockerRegistry(registryCreds) { - dir("images/${service}") { - sh 'make test_functional' - } - } - } - stage('Promote Image') { - withDockerRegistry(registryCreds) { - img.push 'latest' - } - } - } - catch (Exception ex) { - echo "Exception caught: ${ex.getMessage()}" - currentBuild.result = 'FAILURE' - } - finally { - currentBuild.result = currentBuild.result ?: 'SUCCESS' - emailext ( - to: maintainer, - subject: "Job ${env.JOB_NAME} #${env.BUILD_NUMBER} ${currentBuild.result}", - body: "Build URL: ${env.BUILD_URL}.\nDocker Image ${registry}/${service}\n", - attachLog: true - ) - stage('Clean') { - sh "docker rmi ${registry}/${service}:${imageTag}" - deleteDir() - } - } -} diff --git a/images/mythtv-backend/kubernetes.yaml b/images/mythtv-backend/kubernetes.yaml deleted file mode 100644 index d5b7e223..00000000 --- a/images/mythtv-backend/kubernetes.yaml +++ /dev/null @@ -1,197 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - name: $SERVICE_NAME -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: $SERVICE_NAME - template: - metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - spec: - containers: - - name: $SERVICE_NAME - env: - - { name: DBNAME, value: $DB_MYTHTV } - - { name: DBSERVER, value: $DB_HOST } - - { name: LOCALHOSTNAME, value: $HOSTNAME_MYTHTV } - - { name: TZ, value: $TZ } - image: $REGISTRY_URI/$SERVICE_NAME:$VERSION_MYTHTV_BACKEND - ports: - - { containerPort: 1900, protocol: UDP } - - containerPort: 6543 - - containerPort: 6544 - - containerPort: 6549 - - containerPort: 6760 - resources: - limits: - memory: 2048Mi - requests: - cpu: 500m - memory: 512Mi - volumeMounts: - - name: apache-log - mountPath: /var/log/apache2 - - name: data - mountPath: /var/mythdata - - name: share - mountPath: /home/mythtv - subPath: $SERVICE_NAME/home - - name: videos - mountPath: /var/mythtv/videos - readOnly: true - - name: mythposters - mountPath: /var/mythtv/posters - - name: mytharch1 - mountPath: /var/mythtv/arch1 - readOnly: true - - name: mytharch2 - mountPath: /var/mythtv/arch2 - readOnly: true - - name: mytharch3 - mountPath: /var/mythtv/arch3 - readOnly: true - - name: mytharch4 - mountPath: /var/mythtv/arch4 - readOnly: true - - name: mytharch5 - mountPath: /var/mythtv/arch5 - readOnly: true - - name: mytharch6 - mountPath: /var/mythtv/arch6 - readOnly: true - - name: mytharch0 - mountPath: /var/mythtv/pvr02myth - readOnly: true - - name: mythtv-db-password - mountPath: /run/secrets/mythtv-db-password - readOnly: true - subPath: mythtv-db-password - - name: mythtv-user-password - mountPath: /run/secrets/mythtv-user-password - readOnly: true - subPath: mythtv-user-password - hostAliases: - - ip: 127.0.1.1 - hostnames: [ $HOSTNAME_MYTHTV ] - hostNetwork: true - imagePullSecrets: [ $IMAGEPULL_SPEC ] - nodeSelector: - service.$SERVICE_NAME: allow - serviceAccountName: $K8S_NAMESPACE-privileged - volumes: - - name: apache-log - emptyDir: {} - - name: data - hostPath: { path: $MYTHTV_VOL_PATH } - - name: videos - persistentVolumeClaim: - claimName: videos - - name: mythposters - persistentVolumeClaim: - claimName: mythposters - - name: mytharch1 - persistentVolumeClaim: - claimName: mytharch1 - - name: mytharch2 - persistentVolumeClaim: - claimName: mytharch2 - - name: mytharch3 - persistentVolumeClaim: - claimName: mytharch3 - - name: mytharch4 - persistentVolumeClaim: - claimName: mytharch4 - - name: mytharch5 - persistentVolumeClaim: - claimName: mytharch5 - - name: mytharch6 - persistentVolumeClaim: - claimName: mytharch6 - - name: mytharch0 - persistentVolumeClaim: - claimName: mytharch0 - - name: share - hostPath: { path: $PATH_SHR } - - name: mythtv-db-password - secret: - secretName: mythtv-db-password - - name: mythtv-user-password - secret: - secretName: mythtv-user-password ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - name: $SERVICE_NAME -spec: - clusterIP: None - ports: - - name: mythweb - port: 6760 - targetPort: 6760 - - name: status - port: 6544 - targetPort: 6544 - selector: - app.kubernetes.io/name: $SERVICE_NAME ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: $SERVICE_NAME-ingress - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/auth-type: basic - nginx.ingress.kubernetes.io/auth-secret: mythweb-auth -spec: - tls: - - secretName: tls-$SERVICE_NAME - hosts: - - mythweb.$DOMAIN - rules: - - host: mythweb.$DOMAIN - http: - paths: - - path: / - backend: - service: - name: $SERVICE_NAME - port: - number: 6760 - pathType: Prefix ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: $SERVICE_NAME-totp - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/auth-url: http://$AUTHELIA_IP/api/verify - nginx.ingress.kubernetes.io/auth-signin: https://authtotp.$DOMAIN -spec: - tls: - - secretName: tls-$SERVICE_NAME - hosts: - - mythweb.$DOMAIN - rules: - - host: mythweb.$DOMAIN - http: - paths: - - path: /settings - backend: - service: - name: $SERVICE_NAME - port: - number: 6760 - pathType: Prefix diff --git a/images/nagios/kubernetes.yaml b/images/nagios/kubernetes.yaml deleted file mode 100644 index fefbbc21..00000000 --- a/images/nagios/kubernetes.yaml +++ /dev/null @@ -1,207 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - name: $SERVICE_NAME -spec: - clusterIP: None - ports: - - name: nagios - port: 8080 - - name: nagiosql - port: 80 - selector: - app.kubernetes.io/name: $SERVICE_NAME ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - name: $SERVICE_NAME -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: $SERVICE_NAME - template: - metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - spec: - containers: - - name: $SERVICE_NAME - env: - - { name: AUTHORIZED_USERS, value: $NAGIOS_AUTH_USERS } - - { name: MAIL_AUTH_USER, value: "$MAIL_AUTH_USER" } - - { name: MAIL_RELAY_HOST, value: "$NAGIOS_MAIL_RELAY" } - - { name: NAGIOS_FQDN, value: $NAGIOS_FQDN } - - { name: NGINX_PORT, value: "8080" } - - { name: TZ, value: $TZ } - image: instantlinux/$SERVICE_NAME:$VERSION_NAGIOS - ports: - - containerPort: 8080 - resources: - limits: - memory: 1024Mi - requests: - cpu: 200m - memory: 128Mi - volumeMounts: - - mountPath: /etc/nagios - name: share - subPath: $SERVICE_NAME/etc - - mountPath: /var/nagios - name: share - subPath: $SERVICE_NAME/var - - mountPath: /opt/nagios/plugins - name: admin - readOnly: true - subPath: services/$SERVICE_NAME/plugins - - mountPath: /run/secrets/nagios-htpasswd - name: nagios-htpasswd - subPath: nagios-htpasswd - - mountPath: /run/secrets/nagios-mail-secret - name: nagios-mail-secret - subPath: nagios-mail-secret - - name: nagiosql - env: - - { name: DB_HOST, value: $DB_HOST } - - { name: NAGIOS_ETC, value: /etc/nagios } - - { name: TZ, value: $TZ } - image: instantlinux/nagiosql:$VERSION_NAGIOSQL - ports: - - containerPort: 80 - resources: - limits: - memory: 256Mi - requests: - cpu: 200m - memory: 64Mi - volumeMounts: - - mountPath: /etc/nagios - name: share - subPath: $SERVICE_NAME/etc - - mountPath: /var/nagios - name: share - subPath: $SERVICE_NAME/var - - mountPath: /var/www/nagiosql/config - name: share - subPath: $SERVICE_NAME/nagiosql_config - - mountPath: /run/secrets/nagiosql-db-password - name: nagiosql-db-password - subPath: nagiosql-db-password - hostNetwork: $NAGIOS_HOSTNETWORK - imagePullSecrets: [ $IMAGEPULL_SPEC ] - initContainers: - - name: init-nagios - image: instantlinux/nagios:$VERSION_NAGIOS - command: [/bin/sh] - args: - - -xec - - > - [ -e /tmp/etc/nagios.cfg ] || cp -a /etc/nagios/*.cfg* /tmp/etc; - [ -e /tmp/var/rw ] || cp -a /var/nagios/. /tmp/var - volumeMounts: - - mountPath: /tmp/etc - name: share - subPath: $SERVICE_NAME/etc - - mountPath: /tmp/var - name: share - subPath: $SERVICE_NAME/var - - name: init-nagiosql - image: instantlinux/nagiosql:$VERSION_NAGIOSQL - command: [/bin/sh] - args: - - -xec - - > - [ -e /tmp/main.css ] || cp -a /var/www/nagiosql/config/. /tmp; - if [ ! -d /etc/nagios/objects ]; then - mkdir /etc/nagios/objects && chown www-data /etc/nagios/objects - fi - volumeMounts: - - mountPath: /tmp - name: share - subPath: $SERVICE_NAME/nagiosql_config - volumes: - - name: admin - hostPath: { path: $PATH_ADM } - - name: share - hostPath: { path: $PATH_SHR } - - name: nagios-htpasswd - secret: - secretName: nagios-htpasswd - - name: nagios-mail-secret - secret: - secretName: nagios-mail-secret - - name: nagiosql-db-password - secret: - secretName: nagiosql-db-password ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: $SERVICE_NAME-ingress - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/auth-type: basic - nginx.ingress.kubernetes.io/auth-secret: nagios-htpasswd -spec: - tls: - - secretName: tls-$SERVICE_NAME - hosts: - - $SERVICE_NAME.$DOMAIN - rules: - - host: $SERVICE_NAME.$DOMAIN - http: - paths: - - path: / - backend: - service: - name: $SERVICE_NAME - port: - number: 8080 - pathType: Prefix - - path: /NagiosQL - backend: - service: - name: $SERVICE_NAME - port: - number: 80 - pathType: Prefix ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: $SERVICE_NAME-totp - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/auth-url: http://$AUTHELIA_IP/api/verify - nginx.ingress.kubernetes.io/auth-signin: https://authtotp.$DOMAIN -spec: - tls: - - secretName: tls-$SERVICE_NAME - hosts: - - $SERVICE_NAME.$DOMAIN - rules: - - host: $SERVICE_NAME.$DOMAIN - http: - paths: - - path: /nagios/cgi-bin/cmd.cgi - backend: - service: - name: $SERVICE_NAME - port: - number: 8080 - pathType: Prefix - - path: /nagios/cgi-bin/cmd.cgi - backend: - service: - name: $SERVICE_NAME - port: - number: 8080 - pathType: Prefix diff --git a/images/nagiosql/Jenkinsfile b/images/nagiosql/Jenkinsfile deleted file mode 100644 index fe58a30f..00000000 --- a/images/nagiosql/Jenkinsfile +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env groovy -// Pipeline for docker-image build -// created by richb@instantlinux.net 20-apr-2017 - -node('swarm') { - def buildDate = java.time.Instant.now().toString() - def maintainer = 'richb@instantlinux.net' - def registry = 'nexus.instantlinux.net' - def registryCreds = [credentialsId: 'docker-registry', - url: "https://${registry}"] - def service = env.JOB_NAME.split('/', 2)[0] - - try { - stage('Static Code Analysis') { - checkout scm - sh "env ; cd images/${service} && make analysis" - } - stage('Create Image') { - gitCommit = checkout(scm).GIT_COMMIT - imageTag = "dev_build_${env.BUILD_NUMBER}_${gitCommit.take(7)}" - img = docker.build("${registry}/${service}:${imageTag}", - "--build-arg=VCS_REF=${gitCommit} " + - "--build-arg=BUILD_DATE=${buildDate} " + - "images/${service}") - } - stage('Push Image') { - withDockerRegistry(registryCreds) { - img.push imageTag - } - } - stage('Functional Tests') { - withDockerRegistry(registryCreds) { - dir("images/${service}") { - sh 'make test_functional' - } - } - } - stage('Promote Image') { - withDockerRegistry(registryCreds) { - img.push 'latest' - } - } - } - catch (Exception ex) { - echo "Exception caught: ${ex.getMessage()}" - currentBuild.result = 'FAILURE' - } - finally { - currentBuild.result = currentBuild.result ?: 'SUCCESS' - emailext ( - to: maintainer, - subject: "Job ${env.JOB_NAME} #${env.BUILD_NUMBER} ${currentBuild.result}", - body: "Build URL: ${env.BUILD_URL}.\nDocker Image ${registry}/${service}\n", - attachLog: true - ) - stage('Clean') { - sh "docker rmi ${registry}/${service}:${imageTag}" - deleteDir() - } - } -} diff --git a/images/nut-upsd/Jenkinsfile b/images/nut-upsd/Jenkinsfile deleted file mode 100644 index fe58a30f..00000000 --- a/images/nut-upsd/Jenkinsfile +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env groovy -// Pipeline for docker-image build -// created by richb@instantlinux.net 20-apr-2017 - -node('swarm') { - def buildDate = java.time.Instant.now().toString() - def maintainer = 'richb@instantlinux.net' - def registry = 'nexus.instantlinux.net' - def registryCreds = [credentialsId: 'docker-registry', - url: "https://${registry}"] - def service = env.JOB_NAME.split('/', 2)[0] - - try { - stage('Static Code Analysis') { - checkout scm - sh "env ; cd images/${service} && make analysis" - } - stage('Create Image') { - gitCommit = checkout(scm).GIT_COMMIT - imageTag = "dev_build_${env.BUILD_NUMBER}_${gitCommit.take(7)}" - img = docker.build("${registry}/${service}:${imageTag}", - "--build-arg=VCS_REF=${gitCommit} " + - "--build-arg=BUILD_DATE=${buildDate} " + - "images/${service}") - } - stage('Push Image') { - withDockerRegistry(registryCreds) { - img.push imageTag - } - } - stage('Functional Tests') { - withDockerRegistry(registryCreds) { - dir("images/${service}") { - sh 'make test_functional' - } - } - } - stage('Promote Image') { - withDockerRegistry(registryCreds) { - img.push 'latest' - } - } - } - catch (Exception ex) { - echo "Exception caught: ${ex.getMessage()}" - currentBuild.result = 'FAILURE' - } - finally { - currentBuild.result = currentBuild.result ?: 'SUCCESS' - emailext ( - to: maintainer, - subject: "Job ${env.JOB_NAME} #${env.BUILD_NUMBER} ${currentBuild.result}", - body: "Build URL: ${env.BUILD_URL}.\nDocker Image ${registry}/${service}\n", - attachLog: true - ) - stage('Clean') { - sh "docker rmi ${registry}/${service}:${imageTag}" - deleteDir() - } - } -} diff --git a/images/nut-upsd/kubernetes.yaml b/images/nut-upsd/kubernetes.yaml deleted file mode 100644 index 406f2f2d..00000000 --- a/images/nut-upsd/kubernetes.yaml +++ /dev/null @@ -1,55 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: $SERVICE_NAME -spec: - ports: - - { port: $PORT_UPSD_1, nodePort: $NODEPORT_UPSD, targetPort: 3493 } - selector: - app.kubernetes.io/name: $SERVICE_NAME - type: NodePort ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - name: $SERVICE_NAME -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: $SERVICE_NAME - template: - metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - spec: - containers: - - name: $SERVICE_NAME - env: - - { name: SERIAL, value: $UPS_1_SERIAL } - image: $REGISTRY_URI/nut-upsd:$VERSION_NUT_UPSD - # TODO this does not work with pod security policies yet - # uncomment the usb volume mount when it does - securityContext: - privileged: true - volumeMounts: -# - name: usb -# mountPath: /dev/ttyUSB0 - - name: secret - mountPath: /run/secrets/nut-upsd-password - readOnly: true - subPath: nut-upsd-password - imagePullSecrets: - - name: regcred - nodeSelector: - service.$SERVICE_NAME: allow - serviceAccountName: $K8S_NAMESPACE-privileged - volumes: -# - name: usb -# hostPath: { path: /dev/ttyUSB0 } - - name: secret - secret: - secretName: nut-upsd-password diff --git a/images/postfix-python/Jenkinsfile b/images/postfix-python/Jenkinsfile deleted file mode 100644 index fe58a30f..00000000 --- a/images/postfix-python/Jenkinsfile +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env groovy -// Pipeline for docker-image build -// created by richb@instantlinux.net 20-apr-2017 - -node('swarm') { - def buildDate = java.time.Instant.now().toString() - def maintainer = 'richb@instantlinux.net' - def registry = 'nexus.instantlinux.net' - def registryCreds = [credentialsId: 'docker-registry', - url: "https://${registry}"] - def service = env.JOB_NAME.split('/', 2)[0] - - try { - stage('Static Code Analysis') { - checkout scm - sh "env ; cd images/${service} && make analysis" - } - stage('Create Image') { - gitCommit = checkout(scm).GIT_COMMIT - imageTag = "dev_build_${env.BUILD_NUMBER}_${gitCommit.take(7)}" - img = docker.build("${registry}/${service}:${imageTag}", - "--build-arg=VCS_REF=${gitCommit} " + - "--build-arg=BUILD_DATE=${buildDate} " + - "images/${service}") - } - stage('Push Image') { - withDockerRegistry(registryCreds) { - img.push imageTag - } - } - stage('Functional Tests') { - withDockerRegistry(registryCreds) { - dir("images/${service}") { - sh 'make test_functional' - } - } - } - stage('Promote Image') { - withDockerRegistry(registryCreds) { - img.push 'latest' - } - } - } - catch (Exception ex) { - echo "Exception caught: ${ex.getMessage()}" - currentBuild.result = 'FAILURE' - } - finally { - currentBuild.result = currentBuild.result ?: 'SUCCESS' - emailext ( - to: maintainer, - subject: "Job ${env.JOB_NAME} #${env.BUILD_NUMBER} ${currentBuild.result}", - body: "Build URL: ${env.BUILD_URL}.\nDocker Image ${registry}/${service}\n", - attachLog: true - ) - stage('Clean') { - sh "docker rmi ${registry}/${service}:${imageTag}" - deleteDir() - } - } -} diff --git a/images/postfix-python/kubernetes.yaml b/images/postfix-python/kubernetes.yaml deleted file mode 100644 index d811a6c1..00000000 --- a/images/postfix-python/kubernetes.yaml +++ /dev/null @@ -1,226 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - name: $SERVICE_NAME -spec: - ports: - - { port: $PORT_POSTFIX_INTERNAL, targetPort: 25, name: $SERVICE_NAME } - - { port: 3525, targetPort: 3525, name: external } - selector: - app.kubernetes.io/name: $SERVICE_NAME ---- -apiVersion: v1 -kind: Service -metadata: - name: $SERVICE_NAME-external -spec: - type: NodePort - ports: - - { port: 25, nodePort: $NODEPORT_POSTFIX_INT, name: postfix-int } - - { port: 3525, nodePort: $NODEPORT_POSTFIX_EXT, name: postfix-ext } - selector: - app.kubernetes.io/name: $SERVICE_NAME ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - release: "0.1" - name: $SERVICE_NAME -spec: - replicas: 2 - selector: - matchLabels: - app.kubernetes.io/name: $SERVICE_NAME - release: "0.1" - serviceName: $SERVICE_NAME - template: - metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - release: "0.1" - spec: - containers: - - name: $SERVICE_NAME - env: - - { name: DB_HOST, value: $DB_HOST } - - { name: CIDR_MIN_SIZE, value: "$CIDR_MIN_SIZE" } - - { name: HONEYPOT_ADDRS, value: $HONEYPOT_ADDRS } - - name: INBOUND_RELAY - value: by mx-caprica.?\.easydns\.com - - { name: SPAMC_HOST, value: $SPAMC_HOST } - - { name: TZ, value: $TZ } - image: $REGISTRY_URI/postfix-python:$VERSION_POSTFIX_PYTHON - # Force reload of certs at least every 30 days - livenessProbe: - exec: - command: [ 'false' ] - initialDelaySeconds: 2592000 - ports: - - containerPort: 25 - - containerPort: 3525 - volumeMounts: - - mountPath: /etc/postfix/postfix.d - name: admin - readOnly: true - subPath: services/$SERVICE_NAME/etc - - mountPath: /var/spool/postfix - name: spool - - mountPath: /run/secrets/mysql-blacklist-user - name: mysql-blacklist-user - subPath: mysql-blacklist-user - - mountPath: /run/secrets/postfix-sasl-passwd - name: postfix-sasl-passwd - subPath: postfix-sasl-passwd - - mountPath: /etc/ssl/certs/smtpd-cert.pem - name: ssl-cert - subPath: tls.crt - - mountPath: /run/secrets/smtpd-key.pem - name: ssl-cert - subPath: tls.key - dnsConfig: - nameservers: [ $DNS_SERVERS ] - options: - - name: use-vc - - name: ndots - imagePullSecrets: [ $IMAGEPULL_SPEC ] - volumes: - - name: admin - hostPath: { path: $PATH_ADM } - - name: mysql-blacklist-user - secret: - secretName: mysql-blacklist-user - - name: postfix-sasl-passwd - secret: - secretName: postfix-sasl-passwd - - name: ssl-cert - secret: - secretName: $POSTFIX_TLS_SECRET - volumeClaimTemplates: - - metadata: - name: spool - spec: - accessModes: [ ReadWriteOnce ] - resources: - requests: - storage: 8Gi ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: $SERVICE_NAME -data: - master.cf: | - # Postfix master process configuration file. For details on the format - # of the file, see the master(5) manual page (command: "man 5 master"). - # - # ========================================================================== - # service type private unpriv chroot wakeup maxproc command + args - # (yes) (yes) (yes) (never) (100) - # ========================================================================== - smtp inet n - n - - smtpd - $PORT_POSTFIX_EXTERNAL inet n - n - - smtpd - -o content_filter=spamfilter:dummy - -o mynetworks=127.0.0.0/24 - - pickup fifo n - n 60 1 pickup - cleanup unix n - n - 0 cleanup - qmgr fifo n - n 300 1 qmgr - tlsmgr unix - - n 1000? 1 tlsmgr - rewrite unix - - n - - trivial-rewrite - bounce unix - - n - 0 bounce - defer unix - - n - 0 bounce - trace unix - - n - 0 bounce - verify unix - - n - 1 verify - flush unix n - n 1000? 0 flush - proxymap unix - - n - - proxymap - smtp unix - - n - - smtp - # When relaying mail as backup MX, disable fallback_relay to avoid MX loops - relay unix - - n - - smtp - -o fallback_relay= - # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 - showq unix n - n - - showq - error unix - - n - - error - discard unix - - n - - discard - local unix - n n - - local - virtual unix - n n - - virtual - lmtp unix - - n - - lmtp - anvil unix - - n - 1 anvil - scache unix - - n - 1 scache - # - # ==================================================================== - # Interfaces to non-Postfix software. Be sure to examine the manual - # pages of the non-Postfix software to find out what options it wants. - # - # Many of the following services use the Postfix pipe(8) delivery - # agent. See the pipe(8) man page for information about $DOL{recipient} - # and other message envelope options. - # ==================================================================== - # - # maildrop. See the Postfix MAILDROP_README file for details. - # Also specify in main.cf: maildrop_destination_recipient_limit=1 - # - maildrop unix - n n - - pipe - flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d $DOL{recipient} - # - # See the Postfix UUCP_README file for configuration details. - # - uucp unix - n n - - pipe - flags=Fqhu user=uucp argv=uux -r -n -z -a${DOL}sender - ${DOL}nexthop!rmail (${DOL}recipient) - - # - # local additions - bigdest unix - - n - 25 smtp - spamfilter unix - n n - - pipe - flags=Rq user=spamfilter argv=/usr/local/bin/spamfilter.sh -f ${DOL}{sender} -- ${DOL}{recipient} - postfix.cf: | - # Local modifications - # See postfix documentation at http://www.postfix.org/postconf.5.html - # Any values placed here will be inserted to the container's /etc/postfix/main.cf - alias_database = lmdb:/etc/postfix/aliases - alias_maps = lmdb:/etc/postfix/aliases - bigdest_destination_concurrency_failed_cohort_limit = 100 - bigdest_destination_concurrency_limit = 25 - bounce_queue_lifetime = 8h - data_directory = /var/run/postfix - default_destination_concurrency_limit = 4 - delay_warning_time = 4h - in_flow_delay = 0 - mailbox_size_limit = 0 - maximal_queue_lifetime = 8h - message_size_limit = 30720000 - mydestination = ${DOL}myhostname, localhost.${DOL}mydomain, localhost - mydomain = $DOMAIN - myorigin = $HOSTNAME_EMAIL - mynetworks = $DHCP_SUBNET1/24, 10.255.0.0/16, 10.244.0.0/16, 127.0.0.0/24 - mynetworks_style = subnet - relay_domains = $POSTFIX_RELAY_DOMAINS - relayhost = $POSTFIX_RELAYHOST - smtp_sasl_auth_enable = yes - smtp_sasl_password_maps = lmdb:/etc/postfix/sasl_passwd - smtp_sasl_security_options = noanonymous - smtp_sasl_tls_security_options = noanonymous - smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 - smtp_tls_note_starttls_offer = yes - smtp_tls_protocols =!SSLv2,!SSLv3 - smtp_tls_session_cache_database = lmdb:${DOL}data_directory/smtp_tls_session_cache - smtpd_tls_cert_file = /etc/ssl/certs/smtpd-cert.pem - smtpd_tls_ciphers = high - smtpd_tls_key_file = /run/secrets/smtpd-key.pem - smtpd_tls_mandatory_ciphers = high - smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 - smtpd_tls_protocols = !SSLv2, !SSLv3 - smtpd_tls_received_header = yes - smtpd_tls_security_level = may - smtpd_tls_session_cache_timeout = 3600s - smtputf8_enable = no - tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA - tls_preempt_cipherlist = yes - tls_random_source = dev:/dev/urandom - transport_maps = lmdb:/etc/postfix/transport - virtual_alias_maps = lmdb:/etc/postfix/virtusertable - diff --git a/images/postfix/Jenkinsfile b/images/postfix/Jenkinsfile deleted file mode 100644 index fe58a30f..00000000 --- a/images/postfix/Jenkinsfile +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env groovy -// Pipeline for docker-image build -// created by richb@instantlinux.net 20-apr-2017 - -node('swarm') { - def buildDate = java.time.Instant.now().toString() - def maintainer = 'richb@instantlinux.net' - def registry = 'nexus.instantlinux.net' - def registryCreds = [credentialsId: 'docker-registry', - url: "https://${registry}"] - def service = env.JOB_NAME.split('/', 2)[0] - - try { - stage('Static Code Analysis') { - checkout scm - sh "env ; cd images/${service} && make analysis" - } - stage('Create Image') { - gitCommit = checkout(scm).GIT_COMMIT - imageTag = "dev_build_${env.BUILD_NUMBER}_${gitCommit.take(7)}" - img = docker.build("${registry}/${service}:${imageTag}", - "--build-arg=VCS_REF=${gitCommit} " + - "--build-arg=BUILD_DATE=${buildDate} " + - "images/${service}") - } - stage('Push Image') { - withDockerRegistry(registryCreds) { - img.push imageTag - } - } - stage('Functional Tests') { - withDockerRegistry(registryCreds) { - dir("images/${service}") { - sh 'make test_functional' - } - } - } - stage('Promote Image') { - withDockerRegistry(registryCreds) { - img.push 'latest' - } - } - } - catch (Exception ex) { - echo "Exception caught: ${ex.getMessage()}" - currentBuild.result = 'FAILURE' - } - finally { - currentBuild.result = currentBuild.result ?: 'SUCCESS' - emailext ( - to: maintainer, - subject: "Job ${env.JOB_NAME} #${env.BUILD_NUMBER} ${currentBuild.result}", - body: "Build URL: ${env.BUILD_URL}.\nDocker Image ${registry}/${service}\n", - attachLog: true - ) - stage('Clean') { - sh "docker rmi ${registry}/${service}:${imageTag}" - deleteDir() - } - } -} diff --git a/images/proftpd/Jenkinsfile b/images/proftpd/Jenkinsfile deleted file mode 100644 index fe58a30f..00000000 --- a/images/proftpd/Jenkinsfile +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env groovy -// Pipeline for docker-image build -// created by richb@instantlinux.net 20-apr-2017 - -node('swarm') { - def buildDate = java.time.Instant.now().toString() - def maintainer = 'richb@instantlinux.net' - def registry = 'nexus.instantlinux.net' - def registryCreds = [credentialsId: 'docker-registry', - url: "https://${registry}"] - def service = env.JOB_NAME.split('/', 2)[0] - - try { - stage('Static Code Analysis') { - checkout scm - sh "env ; cd images/${service} && make analysis" - } - stage('Create Image') { - gitCommit = checkout(scm).GIT_COMMIT - imageTag = "dev_build_${env.BUILD_NUMBER}_${gitCommit.take(7)}" - img = docker.build("${registry}/${service}:${imageTag}", - "--build-arg=VCS_REF=${gitCommit} " + - "--build-arg=BUILD_DATE=${buildDate} " + - "images/${service}") - } - stage('Push Image') { - withDockerRegistry(registryCreds) { - img.push imageTag - } - } - stage('Functional Tests') { - withDockerRegistry(registryCreds) { - dir("images/${service}") { - sh 'make test_functional' - } - } - } - stage('Promote Image') { - withDockerRegistry(registryCreds) { - img.push 'latest' - } - } - } - catch (Exception ex) { - echo "Exception caught: ${ex.getMessage()}" - currentBuild.result = 'FAILURE' - } - finally { - currentBuild.result = currentBuild.result ?: 'SUCCESS' - emailext ( - to: maintainer, - subject: "Job ${env.JOB_NAME} #${env.BUILD_NUMBER} ${currentBuild.result}", - body: "Build URL: ${env.BUILD_URL}.\nDocker Image ${registry}/${service}\n", - attachLog: true - ) - stage('Clean') { - sh "docker rmi ${registry}/${service}:${imageTag}" - deleteDir() - } - } -} diff --git a/images/proftpd/kubernetes.yaml b/images/proftpd/kubernetes.yaml deleted file mode 100644 index cb1334ba..00000000 --- a/images/proftpd/kubernetes.yaml +++ /dev/null @@ -1,66 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - name: $SERVICE_NAME -spec: - clusterIP: $PROFTPD_IP - ports: - - { port: 21, targetPort: 21, name: ftp } - - { port: 30091, targetPort: 30091, name: pasv1 } - - { port: 30092, targetPort: 30092, name: pasv2 } - - { port: 30093, targetPort: 30093, name: pasv3 } - - { port: 30094, targetPort: 30094, name: pasv4 } - - { port: 30095, targetPort: 30095, name: pasv5 } - - { port: 30096, targetPort: 30096, name: pasv6 } - - { port: 30097, targetPort: 30097, name: pasv7 } - - { port: 30098, targetPort: 30098, name: pasv8 } - - { port: 30099, targetPort: 30099, name: pasv9 } - - { port: 30100, targetPort: 30100, name: pasv10 } - selector: - app.kubernetes.io/name: $SERVICE_NAME ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - name: $SERVICE_NAME -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: $SERVICE_NAME - template: - metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - spec: - containers: - - name: $SERVICE_NAME - env: - - { name: PASV_ADDRESS, value: $PROFTPD_IP } - - { name: TZ, value: $TZ } - image: $REGISTRY_URI/$SERVICE_NAME:$VERSION_PROFTPD - ports: - - containerPort: 21 - - containerPort: 30091 - - containerPort: 30092 - - containerPort: 30093 - - containerPort: 30094 - - containerPort: 30095 - - containerPort: 30096 - - containerPort: 30097 - - containerPort: 30098 - - containerPort: 30099 - - containerPort: 30100 - volumeMounts: - - name: ftp - mountPath: /var/lib/ftp - imagePullSecrets: [ $IMAGEPULL_SPEC ] - volumes: - - name: ftp - persistentVolumeClaim: - claimName: ftp diff --git a/images/rsyslogd/Jenkinsfile b/images/rsyslogd/Jenkinsfile deleted file mode 100644 index fe58a30f..00000000 --- a/images/rsyslogd/Jenkinsfile +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env groovy -// Pipeline for docker-image build -// created by richb@instantlinux.net 20-apr-2017 - -node('swarm') { - def buildDate = java.time.Instant.now().toString() - def maintainer = 'richb@instantlinux.net' - def registry = 'nexus.instantlinux.net' - def registryCreds = [credentialsId: 'docker-registry', - url: "https://${registry}"] - def service = env.JOB_NAME.split('/', 2)[0] - - try { - stage('Static Code Analysis') { - checkout scm - sh "env ; cd images/${service} && make analysis" - } - stage('Create Image') { - gitCommit = checkout(scm).GIT_COMMIT - imageTag = "dev_build_${env.BUILD_NUMBER}_${gitCommit.take(7)}" - img = docker.build("${registry}/${service}:${imageTag}", - "--build-arg=VCS_REF=${gitCommit} " + - "--build-arg=BUILD_DATE=${buildDate} " + - "images/${service}") - } - stage('Push Image') { - withDockerRegistry(registryCreds) { - img.push imageTag - } - } - stage('Functional Tests') { - withDockerRegistry(registryCreds) { - dir("images/${service}") { - sh 'make test_functional' - } - } - } - stage('Promote Image') { - withDockerRegistry(registryCreds) { - img.push 'latest' - } - } - } - catch (Exception ex) { - echo "Exception caught: ${ex.getMessage()}" - currentBuild.result = 'FAILURE' - } - finally { - currentBuild.result = currentBuild.result ?: 'SUCCESS' - emailext ( - to: maintainer, - subject: "Job ${env.JOB_NAME} #${env.BUILD_NUMBER} ${currentBuild.result}", - body: "Build URL: ${env.BUILD_URL}.\nDocker Image ${registry}/${service}\n", - attachLog: true - ) - stage('Clean') { - sh "docker rmi ${registry}/${service}:${imageTag}" - deleteDir() - } - } -} diff --git a/images/rsyslogd/kubernetes.yaml b/images/rsyslogd/kubernetes.yaml deleted file mode 100644 index 311199b9..00000000 --- a/images/rsyslogd/kubernetes.yaml +++ /dev/null @@ -1,109 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - name: $SERVICE_NAME -spec: - clusterIP: $RSYSLOGD_IP - ports: - - name: $SERVICE_NAME - port: 514 - targetPort: 514 - selector: - app.kubernetes.io/name: $SERVICE_NAME ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - name: $SERVICE_NAME -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: $SERVICE_NAME - template: - metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - spec: - containers: - - name: $SERVICE_NAME - env: - - { name: TZ, value: UTC } - image: $REGISTRY_URI/$SERVICE_NAME:$VERSION_RSYSLOGD - # Force reload every week; TODO better way to manage - # storage both inside the container and in host's docker log - livenessProbe: - exec: - command: [ 'false' ] - initialDelaySeconds: 604800 - ports: - - containerPort: 514 - volumeMounts: - - mountPath: /etc/logrotate.d - name: logrotate - - mountPath: /etc/rsyslog.d - name: config - dnsConfig: - options: [ name: ndots ] - imagePullSecrets: [ $IMAGEPULL_SPEC ] - volumes: - - name: config - configMap: - name: $SERVICE_NAME - - name: logrotate - configMap: - name: $SERVICE_NAME-logrotate - - name: logs - emptyDir: {} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: $SERVICE_NAME -data: - custom.conf: | - # This file created from k8s configmap - module(load="imtcp") - ${DOL}InputTCPServerRun 514 - ${DOL}RepeatedMsgReduction on - - :msg, regex, "Connection closed by 192.168.2.[0-9]\\{1,3\\} \\[preauth\\]" stop - :msg, contains, "Error: Request packet type/version was invalid" stop - :msg, contains, "Client request was invalid, bailing out..." stop - :msg, contains, "required revision has been compacted" stop - :msg, contains, "connect from unknown[10.244" stop - - *.*;local1.!=info;cron.!=info;local2.!=notice @@splunk:$PORT_SPLUNK_SYSLOG ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: $SERVICE_NAME-logrotate -data: - syslog: | - # This file created from k8s configmap - # the mail log files are used by all syslog daemons - # the news log files are used by all syslog daemons - /var/log/warn /var/log/messages /var/log/allmessages /var/log/localmessages - /var/log/mail /var/log/mail.info /var/log/mail.warn /var/log/mail.err - /var/log/news/news.crit /var/log/news/news.err /var/log/news/news.notice - /var/log/cron /var/log/secure - { - compress - dateext - maxage 365 - rotate 45 - missingok - notifempty - size +4096k - create 640 root root - sharedscripts - postrotate - /usr/bin/killall -HUP rsyslogd - endscript - } diff --git a/images/samba-dc/Jenkinsfile b/images/samba-dc/Jenkinsfile deleted file mode 100644 index fe58a30f..00000000 --- a/images/samba-dc/Jenkinsfile +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env groovy -// Pipeline for docker-image build -// created by richb@instantlinux.net 20-apr-2017 - -node('swarm') { - def buildDate = java.time.Instant.now().toString() - def maintainer = 'richb@instantlinux.net' - def registry = 'nexus.instantlinux.net' - def registryCreds = [credentialsId: 'docker-registry', - url: "https://${registry}"] - def service = env.JOB_NAME.split('/', 2)[0] - - try { - stage('Static Code Analysis') { - checkout scm - sh "env ; cd images/${service} && make analysis" - } - stage('Create Image') { - gitCommit = checkout(scm).GIT_COMMIT - imageTag = "dev_build_${env.BUILD_NUMBER}_${gitCommit.take(7)}" - img = docker.build("${registry}/${service}:${imageTag}", - "--build-arg=VCS_REF=${gitCommit} " + - "--build-arg=BUILD_DATE=${buildDate} " + - "images/${service}") - } - stage('Push Image') { - withDockerRegistry(registryCreds) { - img.push imageTag - } - } - stage('Functional Tests') { - withDockerRegistry(registryCreds) { - dir("images/${service}") { - sh 'make test_functional' - } - } - } - stage('Promote Image') { - withDockerRegistry(registryCreds) { - img.push 'latest' - } - } - } - catch (Exception ex) { - echo "Exception caught: ${ex.getMessage()}" - currentBuild.result = 'FAILURE' - } - finally { - currentBuild.result = currentBuild.result ?: 'SUCCESS' - emailext ( - to: maintainer, - subject: "Job ${env.JOB_NAME} #${env.BUILD_NUMBER} ${currentBuild.result}", - body: "Build URL: ${env.BUILD_URL}.\nDocker Image ${registry}/${service}\n", - attachLog: true - ) - stage('Clean') { - sh "docker rmi ${registry}/${service}:${imageTag}" - deleteDir() - } - } -} diff --git a/images/samba-dc/kubernetes.yaml b/images/samba-dc/kubernetes.yaml deleted file mode 100644 index b5091b54..00000000 --- a/images/samba-dc/kubernetes.yaml +++ /dev/null @@ -1,68 +0,0 @@ ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - release: "0.1" - name: $SERVICE_NAME - namespace: $K8S_NAMESPACE -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: $SERVICE_NAME - release: "0.1" - serviceName: $SERVICE_NAME - template: - metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - release: "0.1" - spec: - containers: - - name: $SERVICE_NAME - env: - - { name: DOMAIN_ACTION, value: join } - - { name: INTERFACES, value: $SAMBADC_INTERFACES } - - { name: NETBIOS_NAME, value: $SERVICE_NAME } - - { name: REALM, value: $SAMBA_REALM } - - { name: TZ, value: $TZ } - - { name: WORKGROUP, value: $SAMBA_WORKGROUP } - image: $REGISTRY_URI/samba-dc:$VERSION_SAMBA_DC - resources: - limits: - cpu: 500m - memory: 2560Mi - requests: - cpu: 100m - memory: 512Mi - volumeMounts: - - mountPath: /var/lib/samba - name: var - - mountPath: /run/secrets/samba-admin-password - name: samba-admin-password - subPath: samba-admin-password - dnsConfig: - nameservers: [ $BIND_IP ] - # TODO: this will join with incorrect hostname until the following - # directive is actually implemented when hostNetwork=true. - # See issue https://github.com/kubernetes/kubernetes/issues/67019 - hostname: $SERVICE_NAME.$SAMBA_REALM - hostNetwork: true - imagePullSecrets: [ $IMAGEPULL_SPEC ] - nodeSelector: - service.$SERVICE_NAME: allow - serviceAccountName: $K8S_NAMESPACE-privileged - volumes: - - name: samba-admin-password - secret: - secretName: samba-admin-password - volumeClaimTemplates: - - metadata: - name: var - spec: - accessModes: [ ReadWriteMany ] - resources: - requests: - storage: 500Mi diff --git a/images/samba/Jenkinsfile b/images/samba/Jenkinsfile deleted file mode 100644 index fe58a30f..00000000 --- a/images/samba/Jenkinsfile +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env groovy -// Pipeline for docker-image build -// created by richb@instantlinux.net 20-apr-2017 - -node('swarm') { - def buildDate = java.time.Instant.now().toString() - def maintainer = 'richb@instantlinux.net' - def registry = 'nexus.instantlinux.net' - def registryCreds = [credentialsId: 'docker-registry', - url: "https://${registry}"] - def service = env.JOB_NAME.split('/', 2)[0] - - try { - stage('Static Code Analysis') { - checkout scm - sh "env ; cd images/${service} && make analysis" - } - stage('Create Image') { - gitCommit = checkout(scm).GIT_COMMIT - imageTag = "dev_build_${env.BUILD_NUMBER}_${gitCommit.take(7)}" - img = docker.build("${registry}/${service}:${imageTag}", - "--build-arg=VCS_REF=${gitCommit} " + - "--build-arg=BUILD_DATE=${buildDate} " + - "images/${service}") - } - stage('Push Image') { - withDockerRegistry(registryCreds) { - img.push imageTag - } - } - stage('Functional Tests') { - withDockerRegistry(registryCreds) { - dir("images/${service}") { - sh 'make test_functional' - } - } - } - stage('Promote Image') { - withDockerRegistry(registryCreds) { - img.push 'latest' - } - } - } - catch (Exception ex) { - echo "Exception caught: ${ex.getMessage()}" - currentBuild.result = 'FAILURE' - } - finally { - currentBuild.result = currentBuild.result ?: 'SUCCESS' - emailext ( - to: maintainer, - subject: "Job ${env.JOB_NAME} #${env.BUILD_NUMBER} ${currentBuild.result}", - body: "Build URL: ${env.BUILD_URL}.\nDocker Image ${registry}/${service}\n", - attachLog: true - ) - stage('Clean') { - sh "docker rmi ${registry}/${service}:${imageTag}" - deleteDir() - } - } -} diff --git a/images/samba/kubernetes.yaml b/images/samba/kubernetes.yaml deleted file mode 100644 index fb897ef5..00000000 --- a/images/samba/kubernetes.yaml +++ /dev/null @@ -1,87 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - name: $SERVICE_NAME -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: $SERVICE_NAME - template: - metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - spec: - containers: - - name: $SERVICE_NAME - env: - - { name: LOG_LEVEL, value: "3" } - - { name: NETBIOS_NAME, value: $SAMBA_NETBIOS_NAME } - - { name: SERVER_STRING, value: $SAMBA_SERVER_STRING } - - { name: TZ, value: $TZ } - - { name: WORKGROUP, value: $SAMBA_WORKGROUP } - image: $REGISTRY_URI/$SERVICE_NAME:$VERSION_SAMBA - resources: - limits: - memory: 2048Mi - requests: - cpu: 100m - memory: 384Mi - volumeMounts: - - mountPath: /etc/samba/conf.d - name: admin - readOnly: true - subPath: services/$SERVICE_NAME/etc - - mountPath: /var/lib/samba - name: share - subPath: $SERVICE_NAME/var/lib - - mountPath: /var/log/samba - name: log - - mountPath: /pc/dos - name: dos - readOnly: true - - mountPath: /var/ftp - name: ftp - readOnly: true - - mountPath: /pc/Household - name: household - - mountPath: /pc/MP3 - name: mp3 - readOnly: true - - mountPath: /pc/Pictures - name: pictures - - mountPath: /run/secrets/samba-admin-password - name: samba-admin-password - readOnly: true - subPath: samba-admin-password - hostNetwork: true - imagePullSecrets: [ $IMAGEPULL_SPEC ] - nodeSelector: - service.$SERVICE_NAME: allow - serviceAccountName: $K8S_NAMESPACE-privileged - volumes: - - name: samba-admin-password - secret: - secretName: samba-admin-password - - name: admin - hostPath: { path: $PATH_ADM } - - name: dos - hostPath: { path: $K8S_VOLUMES_PATH/dos } - - name: ftp - persistentVolumeClaim: - claimName: ftp - - name: household - hostPath: { path: $K8S_VOLUMES_PATH/household } - - name: log - emptyDir: {} - - name: mp3 - persistentVolumeClaim: - claimName: mp3 - - name: pictures - persistentVolumeClaim: - claimName: pictures - - name: share - hostPath: { path: $PATH_SHR } diff --git a/images/spamassassin/Dockerfile b/images/spamassassin/Dockerfile index dbd8189c..bb6935a1 100644 --- a/images/spamassassin/Dockerfile +++ b/images/spamassassin/Dockerfile @@ -16,7 +16,6 @@ ENV DEBIAN_FRONTEND=noninteractive \ PYZOR_SITE=public.pyzor.org:24441 ARG DCC_VERSION=2.3.169 -#ARG SPAMD_VERSION=4.0.1-5 ARG SPAMD_VERSION=4.0.1-5 ARG DCC_SHA=3447e655476ac742942daf25fc217236da456dd0f82b7117661b9a70484b7bf6 ARG SPAMD_UID=2022 @@ -49,5 +48,4 @@ RUN apt-get -yq update && apt-get -y upgrade && \ COPY entrypoint.sh /root/ VOLUME ["/var/lib/spamassassin", "/var/log"] EXPOSE 783 - ENTRYPOINT ["/root/entrypoint.sh"] diff --git a/images/spamassassin/Jenkinsfile b/images/spamassassin/Jenkinsfile deleted file mode 100644 index fe58a30f..00000000 --- a/images/spamassassin/Jenkinsfile +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env groovy -// Pipeline for docker-image build -// created by richb@instantlinux.net 20-apr-2017 - -node('swarm') { - def buildDate = java.time.Instant.now().toString() - def maintainer = 'richb@instantlinux.net' - def registry = 'nexus.instantlinux.net' - def registryCreds = [credentialsId: 'docker-registry', - url: "https://${registry}"] - def service = env.JOB_NAME.split('/', 2)[0] - - try { - stage('Static Code Analysis') { - checkout scm - sh "env ; cd images/${service} && make analysis" - } - stage('Create Image') { - gitCommit = checkout(scm).GIT_COMMIT - imageTag = "dev_build_${env.BUILD_NUMBER}_${gitCommit.take(7)}" - img = docker.build("${registry}/${service}:${imageTag}", - "--build-arg=VCS_REF=${gitCommit} " + - "--build-arg=BUILD_DATE=${buildDate} " + - "images/${service}") - } - stage('Push Image') { - withDockerRegistry(registryCreds) { - img.push imageTag - } - } - stage('Functional Tests') { - withDockerRegistry(registryCreds) { - dir("images/${service}") { - sh 'make test_functional' - } - } - } - stage('Promote Image') { - withDockerRegistry(registryCreds) { - img.push 'latest' - } - } - } - catch (Exception ex) { - echo "Exception caught: ${ex.getMessage()}" - currentBuild.result = 'FAILURE' - } - finally { - currentBuild.result = currentBuild.result ?: 'SUCCESS' - emailext ( - to: maintainer, - subject: "Job ${env.JOB_NAME} #${env.BUILD_NUMBER} ${currentBuild.result}", - body: "Build URL: ${env.BUILD_URL}.\nDocker Image ${registry}/${service}\n", - attachLog: true - ) - stage('Clean') { - sh "docker rmi ${registry}/${service}:${imageTag}" - deleteDir() - } - } -} diff --git a/images/spamassassin/kubernetes.yaml b/images/spamassassin/kubernetes.yaml deleted file mode 100644 index 82fa0a79..00000000 --- a/images/spamassassin/kubernetes.yaml +++ /dev/null @@ -1,72 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - name: $SERVICE_NAME -spec: - clusterIP: $SPAMASSASSIN_IP - ports: - - name: $SERVICE_NAME - port: 783 - targetPort: 783 - selector: - app.kubernetes.io/name: $SERVICE_NAME ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - release: "0.1" - name: $SERVICE_NAME -spec: - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/name: $SERVICE_NAME - release: "0.1" - serviceName: $SERVICE_NAME - template: - metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - release: "0.1" - spec: - containers: - - name: $SERVICE_NAME - env: - - { name: EXTRA_OPTIONS, value: --nouser-config --sql-config } - - { name: TZ, value: $TZ } - image: $REGISTRY_URI/$SERVICE_NAME:$VERSION_SPAMASSASSIN - ports: - - containerPort: 783 - volumeMounts: - - mountPath: /etc/mail/spamassassin/local.cf - name: admin - readOnly: true - subPath: services/$SERVICE_NAME/etc/local.cf - - mountPath: /var/lib/spamassassin - name: home - - mountPath: /var/log - name: logs - dnsConfig: - nameservers: [ $DNS_SERVERS ] - options: - - name: use-vc - - name: ndots - imagePullSecrets: [ $IMAGEPULL_SPEC ] - volumes: - - name: admin - hostPath: { path: $PATH_ADM } - - name: logs - emptyDir: {} - volumeClaimTemplates: - - metadata: - name: home - spec: - accessModes: [ ReadWriteOnce ] - resources: - requests: - storage: 50Mi diff --git a/images/squirrelmail/Jenkinsfile b/images/squirrelmail/Jenkinsfile deleted file mode 100644 index fe58a30f..00000000 --- a/images/squirrelmail/Jenkinsfile +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env groovy -// Pipeline for docker-image build -// created by richb@instantlinux.net 20-apr-2017 - -node('swarm') { - def buildDate = java.time.Instant.now().toString() - def maintainer = 'richb@instantlinux.net' - def registry = 'nexus.instantlinux.net' - def registryCreds = [credentialsId: 'docker-registry', - url: "https://${registry}"] - def service = env.JOB_NAME.split('/', 2)[0] - - try { - stage('Static Code Analysis') { - checkout scm - sh "env ; cd images/${service} && make analysis" - } - stage('Create Image') { - gitCommit = checkout(scm).GIT_COMMIT - imageTag = "dev_build_${env.BUILD_NUMBER}_${gitCommit.take(7)}" - img = docker.build("${registry}/${service}:${imageTag}", - "--build-arg=VCS_REF=${gitCommit} " + - "--build-arg=BUILD_DATE=${buildDate} " + - "images/${service}") - } - stage('Push Image') { - withDockerRegistry(registryCreds) { - img.push imageTag - } - } - stage('Functional Tests') { - withDockerRegistry(registryCreds) { - dir("images/${service}") { - sh 'make test_functional' - } - } - } - stage('Promote Image') { - withDockerRegistry(registryCreds) { - img.push 'latest' - } - } - } - catch (Exception ex) { - echo "Exception caught: ${ex.getMessage()}" - currentBuild.result = 'FAILURE' - } - finally { - currentBuild.result = currentBuild.result ?: 'SUCCESS' - emailext ( - to: maintainer, - subject: "Job ${env.JOB_NAME} #${env.BUILD_NUMBER} ${currentBuild.result}", - body: "Build URL: ${env.BUILD_URL}.\nDocker Image ${registry}/${service}\n", - attachLog: true - ) - stage('Clean') { - sh "docker rmi ${registry}/${service}:${imageTag}" - deleteDir() - } - } -} diff --git a/images/squirrelmail/kubernetes.yaml b/images/squirrelmail/kubernetes.yaml deleted file mode 100644 index 7aa7093d..00000000 --- a/images/squirrelmail/kubernetes.yaml +++ /dev/null @@ -1,118 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - name: $SERVICE_NAME -spec: - clusterIP: None - ports: - - port: 80 - selector: - app.kubernetes.io/name: $SERVICE_NAME ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - name: $SERVICE_NAME -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: $SERVICE_NAME - template: - metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - spec: - containers: - - name: $SERVICE_NAME - env: - - { name: DB_HOST, value: $DB_HOST } - - { name: DB_NAME_ADDR, value: rbaddr } - - { name: DOMAIN, value: pioneer.ci.net } - - { name: IMAP_SERVER, value: imap.$DOMAIN } - - name: MESSAGE_MOTD - value: Remote WebMail Access \ \  pioneer.ci.net - - { name: ORGANIZATION, value: Community Internet } - - { name: SMTP_PORT, value: "25" } - - { name: SMTP_SMARTHOST, value: smtp.$DOMAIN } - image: $REGISTRY_LOCAL/$SERVICE_NAME:latest - ports: - - containerPort: 80 - volumeMounts: - - mountPath: /var/local/squirrelmail/attach - name: share - subPath: $SERVICE_NAME/attach - - mountPath: /var/local/squirrelmail/data - name: share - subPath: $SERVICE_NAME/data - - mountPath: /var/log - name: logs - - name: squirrelmail-db-password - mountPath: /run/secrets/squirrelmail-db-password - subPath: squirrelmail-db-password - dnsConfig: - options: [ name: ndots ] - imagePullSecrets: [ $IMAGEPULL_SPEC ] - volumes: - - name: share - hostPath: { path: $PATH_SHR } - - name: logs - emptyDir: {} - - name: squirrelmail-db-password - secret: - secretName: squirrelmail-db-password ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: $SERVICE_NAME-ingress - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - kubernetes.io/ingress.class: nginx -spec: - tls: - - secretName: tls-$SERVICE_NAME - hosts: - - $SERVICE_NAME.$DOMAIN - rules: - - host: $SERVICE_NAME.$DOMAIN - http: - paths: - - path: / - backend: - service: - name: $SERVICE_NAME - port: - number: 80 - pathType: Prefix ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: $SERVICE_NAME-totp - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/auth-url: http://$AUTHELIA_IP/api/verify - nginx.ingress.kubernetes.io/auth-signin: https://authtotp.$DOMAIN -spec: - tls: - - secretName: tls-$SERVICE_NAME - hosts: - - $SERVICE_NAME.$DOMAIN - rules: - - host: $SERVICE_NAME.$DOMAIN - http: - paths: - - path: /src/login.php - backend: - service: - name: $SERVICE_NAME - port: - number: 80 - pathType: Prefix diff --git a/images/udp-nginx-proxy/Jenkinsfile b/images/udp-nginx-proxy/Jenkinsfile deleted file mode 100644 index fe58a30f..00000000 --- a/images/udp-nginx-proxy/Jenkinsfile +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env groovy -// Pipeline for docker-image build -// created by richb@instantlinux.net 20-apr-2017 - -node('swarm') { - def buildDate = java.time.Instant.now().toString() - def maintainer = 'richb@instantlinux.net' - def registry = 'nexus.instantlinux.net' - def registryCreds = [credentialsId: 'docker-registry', - url: "https://${registry}"] - def service = env.JOB_NAME.split('/', 2)[0] - - try { - stage('Static Code Analysis') { - checkout scm - sh "env ; cd images/${service} && make analysis" - } - stage('Create Image') { - gitCommit = checkout(scm).GIT_COMMIT - imageTag = "dev_build_${env.BUILD_NUMBER}_${gitCommit.take(7)}" - img = docker.build("${registry}/${service}:${imageTag}", - "--build-arg=VCS_REF=${gitCommit} " + - "--build-arg=BUILD_DATE=${buildDate} " + - "images/${service}") - } - stage('Push Image') { - withDockerRegistry(registryCreds) { - img.push imageTag - } - } - stage('Functional Tests') { - withDockerRegistry(registryCreds) { - dir("images/${service}") { - sh 'make test_functional' - } - } - } - stage('Promote Image') { - withDockerRegistry(registryCreds) { - img.push 'latest' - } - } - } - catch (Exception ex) { - echo "Exception caught: ${ex.getMessage()}" - currentBuild.result = 'FAILURE' - } - finally { - currentBuild.result = currentBuild.result ?: 'SUCCESS' - emailext ( - to: maintainer, - subject: "Job ${env.JOB_NAME} #${env.BUILD_NUMBER} ${currentBuild.result}", - body: "Build URL: ${env.BUILD_URL}.\nDocker Image ${registry}/${service}\n", - attachLog: true - ) - stage('Clean') { - sh "docker rmi ${registry}/${service}:${imageTag}" - deleteDir() - } - } -} diff --git a/images/vsftpd/Jenkinsfile b/images/vsftpd/Jenkinsfile deleted file mode 100644 index fe58a30f..00000000 --- a/images/vsftpd/Jenkinsfile +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env groovy -// Pipeline for docker-image build -// created by richb@instantlinux.net 20-apr-2017 - -node('swarm') { - def buildDate = java.time.Instant.now().toString() - def maintainer = 'richb@instantlinux.net' - def registry = 'nexus.instantlinux.net' - def registryCreds = [credentialsId: 'docker-registry', - url: "https://${registry}"] - def service = env.JOB_NAME.split('/', 2)[0] - - try { - stage('Static Code Analysis') { - checkout scm - sh "env ; cd images/${service} && make analysis" - } - stage('Create Image') { - gitCommit = checkout(scm).GIT_COMMIT - imageTag = "dev_build_${env.BUILD_NUMBER}_${gitCommit.take(7)}" - img = docker.build("${registry}/${service}:${imageTag}", - "--build-arg=VCS_REF=${gitCommit} " + - "--build-arg=BUILD_DATE=${buildDate} " + - "images/${service}") - } - stage('Push Image') { - withDockerRegistry(registryCreds) { - img.push imageTag - } - } - stage('Functional Tests') { - withDockerRegistry(registryCreds) { - dir("images/${service}") { - sh 'make test_functional' - } - } - } - stage('Promote Image') { - withDockerRegistry(registryCreds) { - img.push 'latest' - } - } - } - catch (Exception ex) { - echo "Exception caught: ${ex.getMessage()}" - currentBuild.result = 'FAILURE' - } - finally { - currentBuild.result = currentBuild.result ?: 'SUCCESS' - emailext ( - to: maintainer, - subject: "Job ${env.JOB_NAME} #${env.BUILD_NUMBER} ${currentBuild.result}", - body: "Build URL: ${env.BUILD_URL}.\nDocker Image ${registry}/${service}\n", - attachLog: true - ) - stage('Clean') { - sh "docker rmi ${registry}/${service}:${imageTag}" - deleteDir() - } - } -} diff --git a/images/vsftpd/kubernetes.yaml b/images/vsftpd/kubernetes.yaml deleted file mode 100644 index b1b2e615..00000000 --- a/images/vsftpd/kubernetes.yaml +++ /dev/null @@ -1,66 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - name: $SERVICE_NAME -spec: - clusterIP: $VSFTPD_IP - ports: - - { port: 21, targetPort: 21, name: ftp } - - { port: 30091, targetPort: 30091, name: pasv1 } - - { port: 30092, targetPort: 30092, name: pasv2 } - - { port: 30093, targetPort: 30093, name: pasv3 } - - { port: 30094, targetPort: 30094, name: pasv4 } - - { port: 30095, targetPort: 30095, name: pasv5 } - - { port: 30096, targetPort: 30096, name: pasv6 } - - { port: 30097, targetPort: 30097, name: pasv7 } - - { port: 30098, targetPort: 30098, name: pasv8 } - - { port: 30099, targetPort: 30099, name: pasv9 } - - { port: 30100, targetPort: 30100, name: pasv10 } - selector: - app.kubernetes.io/name: $SERVICE_NAME ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - name: $SERVICE_NAME -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: $SERVICE_NAME - template: - metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - spec: - containers: - - name: $SERVICE_NAME - env: - - { name: PASV_ADDRESS, value: $VSFTPD_IP } - - { name: TZ, value: $TZ } - image: $REGISTRY_URI/$SERVICE_NAME:latest - ports: - - containerPort: 21 - - containerPort: 30091 - - containerPort: 30092 - - containerPort: 30093 - - containerPort: 30094 - - containerPort: 30095 - - containerPort: 30096 - - containerPort: 30097 - - containerPort: 30098 - - containerPort: 30099 - - containerPort: 30100 - volumeMounts: - - name: ftp - mountPath: /var/lib/ftp - imagePullSecrets: [ $IMAGEPULL_SPEC ] - volumes: - - name: ftp - persistentVolumeClaim: - claimName: ftp diff --git a/images/weewx/Jenkinsfile b/images/weewx/Jenkinsfile deleted file mode 100644 index fe58a30f..00000000 --- a/images/weewx/Jenkinsfile +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env groovy -// Pipeline for docker-image build -// created by richb@instantlinux.net 20-apr-2017 - -node('swarm') { - def buildDate = java.time.Instant.now().toString() - def maintainer = 'richb@instantlinux.net' - def registry = 'nexus.instantlinux.net' - def registryCreds = [credentialsId: 'docker-registry', - url: "https://${registry}"] - def service = env.JOB_NAME.split('/', 2)[0] - - try { - stage('Static Code Analysis') { - checkout scm - sh "env ; cd images/${service} && make analysis" - } - stage('Create Image') { - gitCommit = checkout(scm).GIT_COMMIT - imageTag = "dev_build_${env.BUILD_NUMBER}_${gitCommit.take(7)}" - img = docker.build("${registry}/${service}:${imageTag}", - "--build-arg=VCS_REF=${gitCommit} " + - "--build-arg=BUILD_DATE=${buildDate} " + - "images/${service}") - } - stage('Push Image') { - withDockerRegistry(registryCreds) { - img.push imageTag - } - } - stage('Functional Tests') { - withDockerRegistry(registryCreds) { - dir("images/${service}") { - sh 'make test_functional' - } - } - } - stage('Promote Image') { - withDockerRegistry(registryCreds) { - img.push 'latest' - } - } - } - catch (Exception ex) { - echo "Exception caught: ${ex.getMessage()}" - currentBuild.result = 'FAILURE' - } - finally { - currentBuild.result = currentBuild.result ?: 'SUCCESS' - emailext ( - to: maintainer, - subject: "Job ${env.JOB_NAME} #${env.BUILD_NUMBER} ${currentBuild.result}", - body: "Build URL: ${env.BUILD_URL}.\nDocker Image ${registry}/${service}\n", - attachLog: true - ) - stage('Clean') { - sh "docker rmi ${registry}/${service}:${imageTag}" - deleteDir() - } - } -} diff --git a/images/weewx/kubernetes.yaml b/images/weewx/kubernetes.yaml deleted file mode 100644 index c4c2e901..00000000 --- a/images/weewx/kubernetes.yaml +++ /dev/null @@ -1,97 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - name: $SERVICE_NAME -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: $SERVICE_NAME - template: - metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - spec: - containers: - - name: $SERVICE_NAME - env: - - { name: AIRLINK_HOST, value: $WX_AIRLINK_HOST } - - { name: ALTITUDE, value: "$WX_ALTITUDE, foot" } - - { name: COMPUTER_TYPE, value: $WX_COMPUTER } - - { name: DB_HOST, value: $DB_HOST } - - { name: DB_USER, value: wx } - - { name: LATITUDE, value: "$WX_LATITUDE" } - - { name: LONGITUDE, value: "$WX_LONGITUDE" } - - { name: LOCATION, value: "$WX_LOCATION" } - - { name: OPERATOR, value: "$WX_OPERATOR" } - - { name: OPTIONAL_ACCESSORIES, value: "$WX_OPTIONAL_ACC" } - - { name: RAIN_YEAR_START, value: "$WX_RAIN_YEAR_START" } - - { name: RSYNC_DEST, value: $WX_RSYNC_DEST } - - { name: RSYNC_HOST, value: $WX_RSYNC_HOST } - - { name: RSYNC_PORT, value: "$PORT_WX_SSH" } - - { name: SKIN, value: WeeGreen } - - { name: STATION_ID, value: $WX_STATION_ID } - - { name: STATION_FEATURES, value: "$WX_STATION_FEATURES" } - - { name: STATION_MODEL, value: "$WX_STATION_MODEL" } - - { name: STATION_TYPE, value: $WX_STATION_TYPE } - - { name: STATION_URL, value: "$WX_STATION_URL" } - - { name: SYSLOG_DEST, value: "@@$RSYSLOGD_IP:$PORT_RSYSLOGD" } - - { name: TZ, value: $TZ } - - { name: TZ_CODE, value: "4" } - - { name: WEBCAM_URL, value: "$WX_WEBCAM_URL" } - - { name: XTIDE_LOCATION, value: San Francisco } - image: $REGISTRY_URI/$SERVICE_NAME:$VERSION_WEEWX - resources: - limits: - memory: 1024Mi - requests: - cpu: 100m - memory: 64Mi - # TODO: better security, see - # https://github.com/kubernetes/kubernetes/issues/60748 - securityContext: - privileged: true - volumeMounts: - - name: usb - mountPath: /dev/ttyUSB0 - - name: var - mountPath: /var/www/weewx - - name: weewx-db-password - mountPath: /run/secrets/weewx-db-password - readOnly: true - subPath: weewx-db-password - - name: weewx-rsync-sshkey - mountPath: /run/secrets/weewx-rsync-sshkey - readOnly: true - subPath: weewx-rsync-sshkey - - name: weewx-wunderground-apikey - mountPath: /run/secrets/weewx-wunderground-apikey - readOnly: true - subPath: weewx-wunderground-apikey - - name: weewx-wunderground-password - mountPath: /run/secrets/weewx-wunderground-password - readOnly: true - subPath: weewx-wunderground-password - imagePullSecrets: [ $IMAGEPULL_SPEC ] - nodeSelector: - service.$SERVICE_NAME: allow - volumes: - - name: usb - hostPath: { path: /dev/ttyUSB0 } - - name: var - emptyDir: { medium: Memory } - - name: weewx-db-password - secret: - secretName: weewx-db-password - - name: weewx-rsync-sshkey - secret: - secretName: weewx-rsync-sshkey - - name: weewx-wunderground-apikey - secret: - secretName: weewx-wunderground-apikey - - name: weewx-wunderground-password - secret: - secretName: weewx-wunderground-password diff --git a/images/wxcam-upload/Jenkinsfile b/images/wxcam-upload/Jenkinsfile deleted file mode 100644 index fe58a30f..00000000 --- a/images/wxcam-upload/Jenkinsfile +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env groovy -// Pipeline for docker-image build -// created by richb@instantlinux.net 20-apr-2017 - -node('swarm') { - def buildDate = java.time.Instant.now().toString() - def maintainer = 'richb@instantlinux.net' - def registry = 'nexus.instantlinux.net' - def registryCreds = [credentialsId: 'docker-registry', - url: "https://${registry}"] - def service = env.JOB_NAME.split('/', 2)[0] - - try { - stage('Static Code Analysis') { - checkout scm - sh "env ; cd images/${service} && make analysis" - } - stage('Create Image') { - gitCommit = checkout(scm).GIT_COMMIT - imageTag = "dev_build_${env.BUILD_NUMBER}_${gitCommit.take(7)}" - img = docker.build("${registry}/${service}:${imageTag}", - "--build-arg=VCS_REF=${gitCommit} " + - "--build-arg=BUILD_DATE=${buildDate} " + - "images/${service}") - } - stage('Push Image') { - withDockerRegistry(registryCreds) { - img.push imageTag - } - } - stage('Functional Tests') { - withDockerRegistry(registryCreds) { - dir("images/${service}") { - sh 'make test_functional' - } - } - } - stage('Promote Image') { - withDockerRegistry(registryCreds) { - img.push 'latest' - } - } - } - catch (Exception ex) { - echo "Exception caught: ${ex.getMessage()}" - currentBuild.result = 'FAILURE' - } - finally { - currentBuild.result = currentBuild.result ?: 'SUCCESS' - emailext ( - to: maintainer, - subject: "Job ${env.JOB_NAME} #${env.BUILD_NUMBER} ${currentBuild.result}", - body: "Build URL: ${env.BUILD_URL}.\nDocker Image ${registry}/${service}\n", - attachLog: true - ) - stage('Clean') { - sh "docker rmi ${registry}/${service}:${imageTag}" - deleteDir() - } - } -} diff --git a/images/wxcam-upload/kubernetes.yaml b/images/wxcam-upload/kubernetes.yaml deleted file mode 100644 index e47bbb70..00000000 --- a/images/wxcam-upload/kubernetes.yaml +++ /dev/null @@ -1,197 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: $SERVICE_NAME -spec: - clusterIP: $WXCAM_UPLOAD_IP - ports: - - { port: 21, targetPort: 21, name: ftp } - - { port: 30081, targetPort: 30081, name: pasv1 } - - { port: 30082, targetPort: 30082, name: pasv2 } - - { port: 30083, targetPort: 30083, name: pasv3 } - - { port: 30084, targetPort: 30084, name: pasv4 } - - { port: 30085, targetPort: 30085, name: pasv5 } - - { port: 30086, targetPort: 30086, name: pasv6 } - - { port: 30087, targetPort: 30087, name: pasv7 } - - { port: 30088, targetPort: 30088, name: pasv8 } - - { port: 30089, targetPort: 30089, name: pasv9 } - - { port: 30090, targetPort: 30090, name: pasv10 } - selector: - app.kubernetes.io/name: $SERVICE_NAME ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - name: $SERVICE_NAME -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: $SERVICE_NAME - template: - metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME - spec: - containers: - - name: $SERVICE_NAME - env: - - { name: CAMS, value: $WXCAM_CAMS } - - { name: PASV_ADDRESS, value: $WXCAM_UPLOAD_IP } - - { name: UPLOAD_USERNAME, value: $WXCAM_UPLOAD_USERNAME } - - { name: TZ, value: $TZ } - image: $REGISTRY_URI/$SERVICE_NAME:$VERSION_WXCAM_UPLOAD - ports: - - containerPort: 21 - - containerPort: 30080 - - containerPort: 30081 - - containerPort: 30082 - - containerPort: 30083 - - containerPort: 30084 - - containerPort: 30085 - - containerPort: 30086 - - containerPort: 30087 - - containerPort: 30088 - - containerPort: 30089 - - containerPort: 30090 - volumeMounts: - - mountPath: /home/wx/upload - name: synced - - name: wunderground-pw-cam - mountPath: /run/secrets/wunderground-pw-cam - - name: wxcam-password-hashed - mountPath: /run/secrets/wxcam-password-hashed - subPath: wxcam-password-hashed - dnsConfig: - nameservers: [ $DNS_SERVERS ] - options: - - name: use-vc - - name: ndots - imagePullSecrets: [ $IMAGEPULL_SPEC ] - nodeSelector: - service.$SERVICE_NAME: allow - volumes: - - name: synced - hostPath: { path: $K8S_VOLUMES_PATH/wx } - - name: wunderground-pw-cam - secret: - secretName: wunderground-pw-cam - - name: wxcam-password-hashed - secret: - secretName: wxcam-password-hashed ---- -apiVersion: v1 -kind: Service -metadata: - name: $SERVICE_NAME-sync - labels: - app.kubernetes.io/name: $SERVICE_NAME-sync -spec: - clusterIP: None - ports: - - { port: 22, targetPort: 22 } - selector: - app.kubernetes.io/name: $SERVICE_NAME-sync - release: "0.1" ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME-sync - release: "0.1" - name: $SERVICE_NAME-sync -spec: - replicas: 2 - selector: - matchLabels: - app.kubernetes.io/name: $SERVICE_NAME-sync - release: "0.1" - serviceName: $SERVICE_NAME-sync - template: - metadata: - labels: - app.kubernetes.io/name: $SERVICE_NAME-sync - release: "0.1" - spec: - containers: - - name: $SERVICE_NAME-sync - env: - - name: PUBKEY1 - valueFrom: - secretKeyRef: - name: $DATA_SYNC_SECRET - key: pubkey1 - - name: PUBKEY2 - valueFrom: - secretKeyRef: - name: $DATA_SYNC_SECRET - key: pubkey2 - - { name: SYNC_INTERVAL, value: "20" } - - { name: TZ, value: $TZ } - image: $REGISTRY_URI/data-sync:$VERSION_DATA_SYNC - ports: - - containerPort: 22 - resources: - limits: - memory: 1536Mi - requests: - cpu: 100m - memory: 256Mi - volumeMounts: - - name: archive - mountPath: /root/.unison - - name: config-sync - mountPath: /etc/unison.d/common.prf - subPath: common.prf - - mountPath: /etc/ssh - name: etc - - mountPath: /var/log/unison - name: logs - - mountPath: /var/data-sync/wx - name: wx - - mountPath: /run/secrets/data-sync-sshkey1 - name: sshkeys - subPath: sshkey1 - - mountPath: /run/secrets/data-sync-sshkey2 - name: sshkeys - subPath: sshkey2 - nodeSelector: - service.$SERVICE_NAME: allow - volumes: - - name: config-sync - configMap: - name: data-sync - - name: sshkeys - secret: - secretName: $DATA_SYNC_SECRET - - name: logs - hostPath: { path: $K8S_VOLUMES_PATH/sync-logs/$SERVICE_NAME } - volumeClaimTemplates: - - metadata: - name: archive - spec: - accessModes: [ ReadWriteOnce ] - resources: - requests: - storage: 500Mi - - metadata: - name: etc - spec: - accessModes: [ ReadWriteOnce ] - resources: - requests: - storage: 500Mi - - metadata: - name: wx - spec: - accessModes: [ ReadWriteMany ] - resources: - requests: - storage: 8Gi - selector: - matchLabels: - volume.group: wx diff --git a/k8s/helm/nextcloud/Chart.yaml b/k8s/helm/nextcloud/Chart.yaml index 8835c717..0418a361 100644 --- a/k8s/helm/nextcloud/Chart.yaml +++ b/k8s/helm/nextcloud/Chart.yaml @@ -6,7 +6,6 @@ sources: - https://github.com/instantlinux/docker-tools type: application version: 0.1.6 -# Upon changes: override versionPrev (values.yaml) to the old value. appVersion: "32.0.5" dependencies: - name: chartlib diff --git a/k8s/helm/nextcloud/values.yaml b/k8s/helm/nextcloud/values.yaml index a69ffc9a..351d7838 100644 --- a/k8s/helm/nextcloud/values.yaml +++ b/k8s/helm/nextcloud/values.yaml @@ -13,9 +13,7 @@ passwordSalt: CkEFy/t4IpPhjJoem3NRdPt/UD8gOS redis: port: 6379 tag: 6.2.4-alpine -# To prevent the update detector logic from triggering upon every -# restart, get the value written to /var/www/html/config/config.php -# after last upgrade as 'version' and set this value to match: +# TODO: remove, versionPrev is (finally!) unneeded versionPrev: 25.0.3.2 deployment: @@ -31,9 +29,8 @@ deployment: chown www-data /var/www/html/config/config.php && exec /entrypoint.sh apache2-foreground env: - # NOTE - when updating, set this to 1 and set prev version - # (makefile var VERSION_NEXTCLOUD_PREV) to the old version - # to be upgraded + # Note - since v30.0, updates finally happen automatically upon image-tag + # up-rev, without having to fiddle with this stupid variable nextcloud_update: "0" redis_host: nextcloud-redis tz: UTC