From 3de15cd8160a28f7734162a26c5bda1c8ac4f192 Mon Sep 17 00:00:00 2001 From: raffaelespazzoli Date: Thu, 19 Jul 2018 16:19:36 +0200 Subject: [PATCH] added support for applier --- cucumber-selenium-grid/.gitignore | 1 + .../inventory/group_vars/seed-hosts.yml | 13 +- cucumber-selenium-grid/applier/params/jenkins | 1 + .../applier/params/projects | 1 + .../applier/params/zalenium | 1 + .../applier/templates/jenkins-ephemeral.yml | 212 ++++++++++++++++++ .../templates/jenkins-slave-node-8.yaml | 92 ++++++++ .../applier/templates/selenium-grid.yaml | 45 ++++ cucumber-selenium-grid/requirements.yml | 8 + 9 files changed, 372 insertions(+), 2 deletions(-) create mode 100644 cucumber-selenium-grid/applier/params/jenkins create mode 100644 cucumber-selenium-grid/applier/params/projects create mode 100644 cucumber-selenium-grid/applier/params/zalenium create mode 100644 cucumber-selenium-grid/applier/templates/jenkins-ephemeral.yml create mode 100644 cucumber-selenium-grid/applier/templates/jenkins-slave-node-8.yaml create mode 100644 cucumber-selenium-grid/requirements.yml diff --git a/cucumber-selenium-grid/.gitignore b/cucumber-selenium-grid/.gitignore index 52e98fce..1fbebe70 100644 --- a/cucumber-selenium-grid/.gitignore +++ b/cucumber-selenium-grid/.gitignore @@ -1,2 +1,3 @@ /npm-debug.log /tldr.md +/galaxy/ diff --git a/cucumber-selenium-grid/applier/inventory/group_vars/seed-hosts.yml b/cucumber-selenium-grid/applier/inventory/group_vars/seed-hosts.yml index 9d58b500..903f397c 100644 --- a/cucumber-selenium-grid/applier/inventory/group_vars/seed-hosts.yml +++ b/cucumber-selenium-grid/applier/inventory/group_vars/seed-hosts.yml @@ -2,16 +2,25 @@ openshift_cluster_content: - object: projects content: - name: "create environments" - file: "{{ inventory_dir }}/../projects/projects.yml" - file_action: create + template: "{{ inventory_dir }}/../projects/projects.yml" + params: "{{ inventory_dir }}/../params/projects" - object: deployments content: - name: "deploy dev environment" template: "{{ inventory_dir }}/../templates/deployment.yml" params: "{{ inventory_dir }}/../params/deployment-dev" + - name: "deploy jenkins slave image" + template: "{{ inventory_dir }}/../templates/jenkins-slave-node-8.yaml" + params: "{{ inventory_dir }}/../params/jenkins" + - name: "deploy jenkins" + template: "{{ inventory_dir }}/../templates/jenkins-ephemeral.yml" + params: "{{ inventory_dir }}/../params/jenkins" - name: "deply stage environment" template: "{{ inventory_dir }}/../templates/deployment.yml" params: "{{ inventory_dir }}/../params/deployment-stage" + - name: "deply zalenium" + template: "{{ inventory_dir }}/../templates/selenium-grid.yaml" + params: "{{ inventory_dir }}/../params/zalenium" - name: "deply prod environment" template: "{{ inventory_dir }}/../templates/deployment.yml" params: "{{ inventory_dir }}/../params/deployment-prod" diff --git a/cucumber-selenium-grid/applier/params/jenkins b/cucumber-selenium-grid/applier/params/jenkins new file mode 100644 index 00000000..2c0e0202 --- /dev/null +++ b/cucumber-selenium-grid/applier/params/jenkins @@ -0,0 +1 @@ +NAMESPACE=todomvc-build \ No newline at end of file diff --git a/cucumber-selenium-grid/applier/params/projects b/cucumber-selenium-grid/applier/params/projects new file mode 100644 index 00000000..2c4b35d6 --- /dev/null +++ b/cucumber-selenium-grid/applier/params/projects @@ -0,0 +1 @@ +APPLICATION_NAME=todomvc \ No newline at end of file diff --git a/cucumber-selenium-grid/applier/params/zalenium b/cucumber-selenium-grid/applier/params/zalenium new file mode 100644 index 00000000..634dfb42 --- /dev/null +++ b/cucumber-selenium-grid/applier/params/zalenium @@ -0,0 +1 @@ +NAMESPACE=todomvc-stage \ No newline at end of file diff --git a/cucumber-selenium-grid/applier/templates/jenkins-ephemeral.yml b/cucumber-selenium-grid/applier/templates/jenkins-ephemeral.yml new file mode 100644 index 00000000..2bdf8244 --- /dev/null +++ b/cucumber-selenium-grid/applier/templates/jenkins-ephemeral.yml @@ -0,0 +1,212 @@ +apiVersion: template.openshift.io/v1 +kind: Template +labels: + app: jenkins-ephemeral + template: jenkins-ephemeral-template +message: A Jenkins service has been created in your project. Log into Jenkins with + your OpenShift account. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md + contains more information about using this template. +metadata: + annotations: + description: |- + Jenkins service, without persistent storage. + + WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing. + iconClass: icon-jenkins + openshift.io/display-name: Jenkins (Ephemeral) + openshift.io/documentation-url: https://docs.openshift.org/latest/using_images/other_images/jenkins.html + openshift.io/long-description: This template deploys a Jenkins server capable + of managing OpenShift Pipeline builds and supporting OpenShift-based oauth login. The + Jenkins configuration is stored in non-persistent storage, so this configuration + should be used for experimental purposes only. + openshift.io/provider-display-name: Red Hat, Inc. + openshift.io/support-url: https://access.redhat.com + tags: instant-app,jenkins + creationTimestamp: 2018-07-09T13:39:38Z + name: jenkins-ephemeral + namespace: openshift + resourceVersion: "917" + selfLink: /apis/template.openshift.io/v1/namespaces/openshift/templates/jenkins-ephemeral + uid: 8695b82e-837d-11e8-bd48-fa163e2f4463 +objects: +- apiVersion: v1 + kind: Route + metadata: + annotations: + haproxy.router.openshift.io/timeout: 4m + template.openshift.io/expose-uri: http://{.spec.host}{.spec.path} + name: ${JENKINS_SERVICE_NAME} + namespace: ${NAMESPACE} + spec: + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + to: + kind: Service + name: ${JENKINS_SERVICE_NAME} +- apiVersion: v1 + kind: DeploymentConfig + metadata: + annotations: + template.alpha.openshift.io/wait-for-ready: "true" + name: ${JENKINS_SERVICE_NAME} + namespace: ${NAMESPACE} + spec: + replicas: 1 + selector: + name: ${JENKINS_SERVICE_NAME} + strategy: + type: Recreate + template: + metadata: + labels: + name: ${JENKINS_SERVICE_NAME} + spec: + containers: + - capabilities: {} + env: + - name: OPENSHIFT_ENABLE_OAUTH + value: ${ENABLE_OAUTH} + - name: OPENSHIFT_ENABLE_REDIRECT_PROMPT + value: "true" + - name: KUBERNETES_MASTER + value: https://kubernetes.default:443 + - name: KUBERNETES_TRUST_CERTIFICATES + value: "true" + - name: JENKINS_SERVICE_NAME + value: ${JENKINS_SERVICE_NAME} + - name: JNLP_SERVICE_NAME + value: ${JNLP_SERVICE_NAME} + - name: JENKINS_JAVA_OVERRIDES + value: "-Dhudson.model.DirectoryBrowserSupport.CSP=''" + - name: INSTALL_PLUGINS + value: ansicolor:0.5.2 + image: ' ' + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 2 + httpGet: + path: /login + port: 8080 + initialDelaySeconds: 420 + periodSeconds: 360 + timeoutSeconds: 240 + name: jenkins + readinessProbe: + httpGet: + path: /login + port: 8080 + initialDelaySeconds: 3 + timeoutSeconds: 240 + resources: + limits: + memory: ${MEMORY_LIMIT} + securityContext: + capabilities: {} + privileged: false + terminationMessagePath: /dev/termination-log + volumeMounts: + - mountPath: /var/lib/jenkins + name: ${JENKINS_SERVICE_NAME}-data + dnsPolicy: ClusterFirst + restartPolicy: Always + serviceAccountName: ${JENKINS_SERVICE_NAME} + volumes: + - emptyDir: + medium: "" + name: ${JENKINS_SERVICE_NAME}-data + triggers: + - imageChangeParams: + automatic: true + containerNames: + - jenkins + from: + kind: ImageStreamTag + name: ${JENKINS_IMAGE_STREAM_TAG} + namespace: ${IS_NAMESPACE} + lastTriggeredImage: "" + type: ImageChange + - type: ConfigChange +- apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + serviceaccounts.openshift.io/oauth-redirectreference.jenkins: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"${JENKINS_SERVICE_NAME}"}}' + name: ${JENKINS_SERVICE_NAME} + namespace: ${NAMESPACE} +- apiVersion: v1 + groupNames: null + kind: RoleBinding + metadata: + name: ${JENKINS_SERVICE_NAME}_edit + namespace: ${NAMESPACE} + roleRef: + name: edit + subjects: + - kind: ServiceAccount + name: ${JENKINS_SERVICE_NAME} +- apiVersion: v1 + kind: Service + metadata: + name: ${JNLP_SERVICE_NAME} + namespace: ${NAMESPACE} + spec: + ports: + - name: agent + nodePort: 0 + port: 50000 + protocol: TCP + targetPort: 50000 + selector: + name: ${JENKINS_SERVICE_NAME} + sessionAffinity: None + type: ClusterIP +- apiVersion: v1 + kind: Service + metadata: + annotations: + service.alpha.openshift.io/dependencies: '[{"name": "${JNLP_SERVICE_NAME}", + "namespace": "", "kind": "Service"}]' + service.openshift.io/infrastructure: "true" + name: ${JENKINS_SERVICE_NAME} + namespace: ${NAMESPACE} + spec: + ports: + - name: web + nodePort: 0 + port: 80 + protocol: TCP + targetPort: 8080 + selector: + name: ${JENKINS_SERVICE_NAME} + sessionAffinity: None + type: ClusterIP +parameters: +- description: The name of the OpenShift Service exposed for the Jenkins container. + displayName: Jenkins Service Name + name: JENKINS_SERVICE_NAME + value: jenkins +- description: The name of the service used for master/slave communication. + displayName: Jenkins JNLP Service Name + name: JNLP_SERVICE_NAME + value: jenkins-jnlp +- description: Whether to enable OAuth OpenShift integration. If false, the static + account 'admin' will be initialized with the password 'password'. + displayName: Enable OAuth in Jenkins + name: ENABLE_OAUTH + value: "true" +- description: Maximum amount of memory the container can use. + displayName: Memory Limit + name: MEMORY_LIMIT + value: 512Mi +- description: The OpenShift Namespace where the Jenkins ImageStream resides. + displayName: Jenkins ImageStream Namespace + name: IS_NAMESPACE + value: openshift +- description: Name of the ImageStreamTag to be used for the Jenkins image. + displayName: Jenkins ImageStreamTag + name: JENKINS_IMAGE_STREAM_TAG + value: jenkins:2 +- description: The namespace to deploy into + name: NAMESPACE + required: true \ No newline at end of file diff --git a/cucumber-selenium-grid/applier/templates/jenkins-slave-node-8.yaml b/cucumber-selenium-grid/applier/templates/jenkins-slave-node-8.yaml new file mode 100644 index 00000000..ee031b53 --- /dev/null +++ b/cucumber-selenium-grid/applier/templates/jenkins-slave-node-8.yaml @@ -0,0 +1,92 @@ +apiVersion: v1 +kind: Template +labels: + template: jenkins-slave-node-8 +metadata: + annotations: + description: jenkins-slave-node-8 + tags: jenkins, node + name: jenkins-slave-node-8 +objects: +- apiVersion: v1 + kind: ImageStream + metadata: + labels: + build: jenkins-slave-nodejs8 + name: jenkins-slave-base-rhel7 + namespace: ${NAMESPACE} + spec: + lookupPolicy: + local: false + tags: + - annotations: + openshift.io/imported-from: registry.access.redhat.com/openshift3/jenkins-slave-base-rhel7 + from: + kind: DockerImage + name: docker-registry.default.svc:5000/pippo/jenkins-slave-base-rhel7:latest + generation: 2 + importPolicy: {} + name: latest + referencePolicy: + type: Source + status: + dockerImageRepository: "" +- apiVersion: v1 + kind: ImageStream + metadata: + labels: + build: jenkins-slave-nodejs8 + name: jenkins-slave-nodejs8 + namespace: ${NAMESPACE} + spec: + lookupPolicy: + local: false + status: + dockerImageRepository: "" +- apiVersion: v1 + kind: BuildConfig + metadata: + labels: + build: jenkins-slave-nodejs8 + name: jenkins-slave-nodejs8 + namespace: ${NAMESPACE} + spec: + failedBuildsHistoryLimit: 5 + nodeSelector: null + output: + to: + kind: ImageStreamTag + name: jenkins-slave-nodejs8:latest + postCommit: {} + resources: {} + runPolicy: Serial + source: + contextDir: cucumber-selenium-grid/nodejs-slave + git: + ref: selenium + uri: https://github.com/raffaelespazzoli/container-pipelines + type: Git + strategy: + dockerStrategy: + from: + kind: ImageStreamTag + name: jenkins-slave-base-rhel7:latest + type: Docker + successfulBuildsHistoryLimit: 5 + triggers: + - github: + secret: amfuEOy_4bMoTyw2oM8Y + type: GitHub + - generic: + secret: kS_2uiAQf47DQqFyj1YC + type: Generic + - type: ConfigChange + - imageChange: {} + type: ImageChange + status: + lastVersion: 0 +parameters: +- description: The namespace to deploy into + name: NAMESPACE + required: true + diff --git a/cucumber-selenium-grid/applier/templates/selenium-grid.yaml b/cucumber-selenium-grid/applier/templates/selenium-grid.yaml index 402c08ef..bdb8b530 100644 --- a/cucumber-selenium-grid/applier/templates/selenium-grid.yaml +++ b/cucumber-selenium-grid/applier/templates/selenium-grid.yaml @@ -160,6 +160,51 @@ objects: resources: requests: storage: 2Gi +- kind: SecurityContextConstraints + apiVersion: security.openshift.io/v1 + allowHostDirVolumePlugin: false + allowHostIPC: false + allowHostNetwork: false + allowHostPID: false + allowHostPorts: false + allowPrivilegedContainer: false + allowedCapabilities: null + allowedFlexVolumes: null + defaultAddCapabilities: null + fsGroup: + type: RunAsAny + groups: + - system:cluster-admins + users: + - system:serviceaccount:${NAMESPACE}:zalenium + metadata: + annotations: + kubernetes.io/description: anyuid provides all features of the restricted SCC + but allows users to run with any UID and any GID. + creationTimestamp: 2018-07-09T13:38:28Z + name: anyuid-zalenium + resourceVersion: "5412" + selfLink: /apis/security.openshift.io/v1/securitycontextconstraints/anyuid + uid: 5c7a7d67-837d-11e8-a8dc-fa163e2f4463 + priority: 10 + readOnlyRootFilesystem: false + requiredDropCapabilities: + - MKNOD + runAsUser: + type: RunAsAny + seLinuxContext: + type: MustRunAs + supplementalGroups: + type: RunAsAny + users: + - system:serviceaccount:todomvc-stage:zalenium + volumes: + - configMap + - downwardAPI + - emptyDir + - persistentVolumeClaim + - projected + - secret parameters: - description: The namespace to deploy into name: NAMESPACE diff --git a/cucumber-selenium-grid/requirements.yml b/cucumber-selenium-grid/requirements.yml new file mode 100644 index 00000000..a0dd1e7a --- /dev/null +++ b/cucumber-selenium-grid/requirements.yml @@ -0,0 +1,8 @@ +# This is the Ansible Galaxy requirements file to pull in the correct roles +# to support the operation of CASL provisioning/runs. + +# From 'openshift-applier' +- name: openshift-applier + scm: git + src: https://github.com/redhat-cop/openshift-applier + version: v1.0.2 \ No newline at end of file