jenkins.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins
  namespace: default
---
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
 name: jenkins-secret
 namespace: default
 annotations:
   kubernetes.io/service-account.name: jenkins
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: jenkins
  namespace: default
rules:
- apiGroups: [""]
  resources: ["pods","services"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: ["apps"]
  resources: ["deployments"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/exec"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/log"]
  verbs: ["get","list","watch"]
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]
- apiGroups: [""]
  resources: ["persistentvolumeclaims"]
  verbs: ["create","delete","get","list","patch","update","watch"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: jenkins
  namespace: default
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: jenkins
subjects:
- kind: ServiceAccount
  name: jenkins
---
# Allows jenkins to create persistent volumes
# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace.
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: jenkins-crb
subjects:
- kind: ServiceAccount
  namespace: default
  name: jenkins
roleRef:
  kind: ClusterRole
  name: jenkinsclusterrole
  apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  # "namespace" omitted since ClusterRoles are not namespaced
  name: jenkinsclusterrole
rules:
- apiGroups: [""]
  resources: ["persistentvolumes"]
  verbs: ["create","delete","get","list","patch","update","watch"]
---
# apiVersion: apps/v1
# kind: Deployment
# metadata:
#   name: jenkins
#   namespace: default
# spec:
#   selector:
#     matchLabels:
#       app: jenkins
#   replicas: 1
#   template:
#     metadata:
#       labels:
#         app: jenkins
#     spec:
#       containers:
#         - name: jenkins
#           image: truongpx396/myjenkins:latest
#           env:
#             - name: JAVA_OPTS
#               value: -Djenkins.install.runSetupWizard=false
#           ports:
#             - name: http-port
#               containerPort: 8080
#             - name: jnlp-port
#               containerPort: 50000
#           volumeMounts:
#             - name: jenkins-home
#               mountPath: /var/jenkins_home
#             - name: docker-sock-volume
#               mountPath: "/var/run/docker.sock"
#           imagePullPolicy: Always
#       volumes:
#         # This allows jenkins to use the docker daemon on the host, for running builds
#         # see https://stackoverflow.com/questions/27879713/is-it-ok-to-run-docker-from-inside-docker
#         - name: docker-sock-volume
#           hostPath:
#             path: /var/run/docker.sock
#         - name: jenkins-home
#           hostPath:
#             path: /mnt/jenkins-store
#       serviceAccountName: jenkins
# ---
# apiVersion: v1
# kind: Service
# metadata:
#   name: jenkins
#   namespace: default
# spec:
#   type: NodePort
#   ports:
#     - name: ui
#       port: 8080
#       targetPort: 8080
#       nodePort: 31000
#     - name: jnlp
#       port: 50000
#       targetPort: 50000
#   selector:
#     app: jenkins
# ---