added support for applier

redhat-cop · Jul 19, 2018 · 3de15cd · 3de15cd
1 parent ec704fa
commit 3de15cd
Show file tree

Hide file tree

Showing 9 changed files with 372 additions and 2 deletions.
diff --git a/cucumber-selenium-grid/.gitignore b/cucumber-selenium-grid/.gitignore
@@ -1,2 +1,3 @@
 /npm-debug.log
 /tldr.md
+/galaxy/
diff --git a/cucumber-selenium-grid/applier/inventory/group_vars/seed-hosts.yml b/cucumber-selenium-grid/applier/inventory/group_vars/seed-hosts.yml
@@ -2,16 +2,25 @@ openshift_cluster_content:
 - object: projects
   content:
   - name: "create environments"
-    file: "{{ inventory_dir }}/../projects/projects.yml"
-    file_action: create
+    template: "{{ inventory_dir }}/../projects/projects.yml"
+    params: "{{ inventory_dir }}/../params/projects"
 - object: deployments
   content:
   - name: "deploy dev environment"
     template: "{{ inventory_dir }}/../templates/deployment.yml"
     params: "{{ inventory_dir }}/../params/deployment-dev"
+  - name: "deploy jenkins slave image"
+    template: "{{ inventory_dir }}/../templates/jenkins-slave-node-8.yaml"
+    params: "{{ inventory_dir }}/../params/jenkins"     
+  - name: "deploy jenkins"
+    template: "{{ inventory_dir }}/../templates/jenkins-ephemeral.yml"
+    params: "{{ inventory_dir }}/../params/jenkins"    
   - name: "deply stage environment"
     template: "{{ inventory_dir }}/../templates/deployment.yml"
     params: "{{ inventory_dir }}/../params/deployment-stage"
+  - name: "deply zalenium"
+    template: "{{ inventory_dir }}/../templates/selenium-grid.yaml"
+    params: "{{ inventory_dir }}/../params/zalenium"    
   - name: "deply prod environment"
     template: "{{ inventory_dir }}/../templates/deployment.yml"
     params: "{{ inventory_dir }}/../params/deployment-prod"

diff --git a/cucumber-selenium-grid/applier/params/jenkins b/cucumber-selenium-grid/applier/params/jenkins
@@ -0,0 +1 @@
+NAMESPACE=todomvc-build
diff --git a/cucumber-selenium-grid/applier/params/projects b/cucumber-selenium-grid/applier/params/projects
@@ -0,0 +1 @@
+APPLICATION_NAME=todomvc
diff --git a/cucumber-selenium-grid/applier/params/zalenium b/cucumber-selenium-grid/applier/params/zalenium
@@ -0,0 +1 @@
+NAMESPACE=todomvc-stage
diff --git a/cucumber-selenium-grid/applier/templates/jenkins-ephemeral.yml b/cucumber-selenium-grid/applier/templates/jenkins-ephemeral.yml
@@ -0,0 +1,212 @@
+apiVersion: template.openshift.io/v1
+kind: Template
+labels:
+  app: jenkins-ephemeral
+  template: jenkins-ephemeral-template
+message: A Jenkins service has been created in your project.  Log into Jenkins with
+  your OpenShift account.  The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md
+  contains more information about using this template.
+metadata:
+  annotations:
+    description: |-
+      Jenkins service, without persistent storage.
+
+      WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.
+    iconClass: icon-jenkins
+    openshift.io/display-name: Jenkins (Ephemeral)
+    openshift.io/documentation-url: https://docs.openshift.org/latest/using_images/other_images/jenkins.html
+    openshift.io/long-description: This template deploys a Jenkins server capable
+      of managing OpenShift Pipeline builds and supporting OpenShift-based oauth login.  The
+      Jenkins configuration is stored in non-persistent storage, so this configuration
+      should be used for experimental purposes only.
+    openshift.io/provider-display-name: Red Hat, Inc.
+    openshift.io/support-url: https://access.redhat.com
+    tags: instant-app,jenkins
+  creationTimestamp: 2018-07-09T13:39:38Z
+  name: jenkins-ephemeral
+  namespace: openshift
+  resourceVersion: "917"
+  selfLink: /apis/template.openshift.io/v1/namespaces/openshift/templates/jenkins-ephemeral
+  uid: 8695b82e-837d-11e8-bd48-fa163e2f4463
+objects:
+- apiVersion: v1
+  kind: Route
+  metadata:
+    annotations:
+      haproxy.router.openshift.io/timeout: 4m
+      template.openshift.io/expose-uri: http://{.spec.host}{.spec.path}
+    name: ${JENKINS_SERVICE_NAME}
+    namespace: ${NAMESPACE}
+  spec:
+    tls:
+      insecureEdgeTerminationPolicy: Redirect
+      termination: edge
+    to:
+      kind: Service
+      name: ${JENKINS_SERVICE_NAME}
+- apiVersion: v1
+  kind: DeploymentConfig
+  metadata:
+    annotations:
+      template.alpha.openshift.io/wait-for-ready: "true"
+    name: ${JENKINS_SERVICE_NAME}
+    namespace: ${NAMESPACE}
+  spec:
+    replicas: 1
+    selector:
+      name: ${JENKINS_SERVICE_NAME}
+    strategy:
+      type: Recreate
+    template:
+      metadata:
+        labels:
+          name: ${JENKINS_SERVICE_NAME}
+      spec:
+        containers:
+        - capabilities: {}
+          env:
+          - name: OPENSHIFT_ENABLE_OAUTH
+            value: ${ENABLE_OAUTH}
+          - name: OPENSHIFT_ENABLE_REDIRECT_PROMPT
+            value: "true"
+          - name: KUBERNETES_MASTER
+            value: https://kubernetes.default:443
+          - name: KUBERNETES_TRUST_CERTIFICATES
+            value: "true"
+          - name: JENKINS_SERVICE_NAME
+            value: ${JENKINS_SERVICE_NAME}
+          - name: JNLP_SERVICE_NAME
+            value: ${JNLP_SERVICE_NAME}
+          - name: JENKINS_JAVA_OVERRIDES
+            value: "-Dhudson.model.DirectoryBrowserSupport.CSP=''"
+          - name: INSTALL_PLUGINS
+            value: ansicolor:0.5.2  
+          image: ' '
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            failureThreshold: 2
+            httpGet:
+              path: /login
+              port: 8080
+            initialDelaySeconds: 420
+            periodSeconds: 360
+            timeoutSeconds: 240
+          name: jenkins
+          readinessProbe:
+            httpGet:
+              path: /login
+              port: 8080
+            initialDelaySeconds: 3
+            timeoutSeconds: 240
+          resources:
+            limits:
+              memory: ${MEMORY_LIMIT}
+          securityContext:
+            capabilities: {}
+            privileged: false
+          terminationMessagePath: /dev/termination-log
+          volumeMounts:
+          - mountPath: /var/lib/jenkins
+            name: ${JENKINS_SERVICE_NAME}-data
+        dnsPolicy: ClusterFirst
+        restartPolicy: Always
+        serviceAccountName: ${JENKINS_SERVICE_NAME}
+        volumes:
+        - emptyDir:
+            medium: ""
+          name: ${JENKINS_SERVICE_NAME}-data
+    triggers:
+    - imageChangeParams:
+        automatic: true
+        containerNames:
+        - jenkins
+        from:
+          kind: ImageStreamTag
+          name: ${JENKINS_IMAGE_STREAM_TAG}
+          namespace: ${IS_NAMESPACE}
+        lastTriggeredImage: ""
+      type: ImageChange
+    - type: ConfigChange
+- apiVersion: v1
+  kind: ServiceAccount
+  metadata:
+    annotations:
+      serviceaccounts.openshift.io/oauth-redirectreference.jenkins: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"${JENKINS_SERVICE_NAME}"}}'
+    name: ${JENKINS_SERVICE_NAME}
+    namespace: ${NAMESPACE}
+- apiVersion: v1
+  groupNames: null
+  kind: RoleBinding
+  metadata:
+    name: ${JENKINS_SERVICE_NAME}_edit
+    namespace: ${NAMESPACE}
+  roleRef:
+    name: edit
+  subjects:
+  - kind: ServiceAccount
+    name: ${JENKINS_SERVICE_NAME}
+- apiVersion: v1
+  kind: Service
+  metadata:
+    name: ${JNLP_SERVICE_NAME}
+    namespace: ${NAMESPACE}
+  spec:
+    ports:
+    - name: agent
+      nodePort: 0
+      port: 50000
+      protocol: TCP
+      targetPort: 50000
+    selector:
+      name: ${JENKINS_SERVICE_NAME}
+    sessionAffinity: None
+    type: ClusterIP
+- apiVersion: v1
+  kind: Service
+  metadata:
+    annotations:
+      service.alpha.openshift.io/dependencies: '[{"name": "${JNLP_SERVICE_NAME}",
+        "namespace": "", "kind": "Service"}]'
+      service.openshift.io/infrastructure: "true"
+    name: ${JENKINS_SERVICE_NAME}
+    namespace: ${NAMESPACE}
+  spec:
+    ports:
+    - name: web
+      nodePort: 0
+      port: 80
+      protocol: TCP
+      targetPort: 8080
+    selector:
+      name: ${JENKINS_SERVICE_NAME}
+    sessionAffinity: None
+    type: ClusterIP
+parameters:
+- description: The name of the OpenShift Service exposed for the Jenkins container.
+  displayName: Jenkins Service Name
+  name: JENKINS_SERVICE_NAME
+  value: jenkins
+- description: The name of the service used for master/slave communication.
+  displayName: Jenkins JNLP Service Name
+  name: JNLP_SERVICE_NAME
+  value: jenkins-jnlp
+- description: Whether to enable OAuth OpenShift integration. If false, the static
+    account 'admin' will be initialized with the password 'password'.
+  displayName: Enable OAuth in Jenkins
+  name: ENABLE_OAUTH
+  value: "true"
+- description: Maximum amount of memory the container can use.
+  displayName: Memory Limit
+  name: MEMORY_LIMIT
+  value: 512Mi
+- description: The OpenShift Namespace where the Jenkins ImageStream resides.
+  displayName: Jenkins ImageStream Namespace
+  name: IS_NAMESPACE
+  value: openshift
+- description: Name of the ImageStreamTag to be used for the Jenkins image.
+  displayName: Jenkins ImageStreamTag
+  name: JENKINS_IMAGE_STREAM_TAG
+  value: jenkins:2
+- description: The namespace to deploy into
+  name: NAMESPACE
+  required: true  
diff --git a/cucumber-selenium-grid/applier/templates/jenkins-slave-node-8.yaml b/cucumber-selenium-grid/applier/templates/jenkins-slave-node-8.yaml
@@ -0,0 +1,92 @@
+apiVersion: v1
+kind: Template
+labels:
+  template: jenkins-slave-node-8
+metadata:
+  annotations:
+    description: jenkins-slave-node-8
+    tags: jenkins, node
+  name: jenkins-slave-node-8
+objects:
+- apiVersion: v1
+  kind: ImageStream
+  metadata:
+    labels:
+      build: jenkins-slave-nodejs8
+    name: jenkins-slave-base-rhel7
+    namespace: ${NAMESPACE}
+  spec:
+    lookupPolicy:
+      local: false
+    tags:
+    - annotations:
+        openshift.io/imported-from: registry.access.redhat.com/openshift3/jenkins-slave-base-rhel7
+      from:
+        kind: DockerImage
+        name: docker-registry.default.svc:5000/pippo/jenkins-slave-base-rhel7:latest
+      generation: 2
+      importPolicy: {}
+      name: latest
+      referencePolicy:
+        type: Source
+  status:
+    dockerImageRepository: ""
+- apiVersion: v1
+  kind: ImageStream
+  metadata:
+    labels:
+      build: jenkins-slave-nodejs8
+    name: jenkins-slave-nodejs8
+    namespace: ${NAMESPACE}
+  spec:
+    lookupPolicy:
+      local: false
+  status:
+    dockerImageRepository: ""
+- apiVersion: v1
+  kind: BuildConfig
+  metadata:
+    labels:
+      build: jenkins-slave-nodejs8
+    name: jenkins-slave-nodejs8
+    namespace: ${NAMESPACE}
+  spec:
+    failedBuildsHistoryLimit: 5
+    nodeSelector: null
+    output:
+      to:
+        kind: ImageStreamTag
+        name: jenkins-slave-nodejs8:latest
+    postCommit: {}
+    resources: {}
+    runPolicy: Serial
+    source:
+      contextDir: cucumber-selenium-grid/nodejs-slave
+      git:
+        ref: selenium
+        uri: https://github.com/raffaelespazzoli/container-pipelines
+      type: Git
+    strategy:
+      dockerStrategy:
+        from:
+          kind: ImageStreamTag
+          name: jenkins-slave-base-rhel7:latest
+      type: Docker
+    successfulBuildsHistoryLimit: 5
+    triggers:
+    - github:
+        secret: amfuEOy_4bMoTyw2oM8Y
+      type: GitHub
+    - generic:
+        secret: kS_2uiAQf47DQqFyj1YC
+      type: Generic
+    - type: ConfigChange
+    - imageChange: {}
+      type: ImageChange
+  status:
+    lastVersion: 0
+parameters:
+- description: The namespace to deploy into
+  name: NAMESPACE
+  required: true    
+
diff --git a/cucumber-selenium-grid/applier/templates/selenium-grid.yaml b/cucumber-selenium-grid/applier/templates/selenium-grid.yaml
@@ -160,6 +160,51 @@ objects:
     resources:
       requests:
         storage: 2Gi
+- kind: SecurityContextConstraints
+  apiVersion: security.openshift.io/v1
+  allowHostDirVolumePlugin: false
+  allowHostIPC: false
+  allowHostNetwork: false
+  allowHostPID: false
+  allowHostPorts: false
+  allowPrivilegedContainer: false
+  allowedCapabilities: null
+  allowedFlexVolumes: null
+  defaultAddCapabilities: null
+  fsGroup:
+    type: RunAsAny
+  groups:
+  - system:cluster-admins
+  users:
+  - system:serviceaccount:${NAMESPACE}:zalenium  
+  metadata:
+    annotations:
+      kubernetes.io/description: anyuid provides all features of the restricted SCC
+        but allows users to run with any UID and any GID.
+    creationTimestamp: 2018-07-09T13:38:28Z
+    name: anyuid-zalenium
+    resourceVersion: "5412"
+    selfLink: /apis/security.openshift.io/v1/securitycontextconstraints/anyuid
+    uid: 5c7a7d67-837d-11e8-a8dc-fa163e2f4463
+  priority: 10
+  readOnlyRootFilesystem: false
+  requiredDropCapabilities:
+  - MKNOD
+  runAsUser:
+    type: RunAsAny
+  seLinuxContext:
+    type: MustRunAs
+  supplementalGroups:
+    type: RunAsAny
+  users:
+  - system:serviceaccount:todomvc-stage:zalenium
+  volumes:
+  - configMap
+  - downwardAPI
+  - emptyDir
+  - persistentVolumeClaim
+  - projected
+  - secret        
 parameters:
 - description: The namespace to deploy into
   name: NAMESPACE