How to use jenkins configuration as code

Installation

開啟 master.JCasC.enabled,詳細可以參考官方 values

Usage

you can reference examples of official provide.

Sections:

  • credentials
  • jenkins
  • security
  • unclassified
  • tool

Github OAuth

Plugin

  1. configure securityRealm in jenkins section

    1
    2
    3
    4
    5
    6
    7
    8
    jenkins:
    securityRealm:
    github:
    clientID: # get from github oauth app client id
    clientSecret: # get from github oauth app client secret
    githubApiUri: "https://api.github.com" # if you use github enterprise, might change it
    githubWebUri: "https://github.com" # if you use github enterprise, might change it
    oauthScopes: "read:org,user:email,repo"
  2. configure authorizationStrategy in jenkins section

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    jenkins:
    authorizationStrategy:
    github:
    adminUserNames: # admin user name of your organization
    allowAnonymousJobStatusPermission: true # can anonymous read job's status?
    allowAnonymousReadPermission: false # can anonymous read job?
    allowCcTrayPermission: false
    allowGithubWebHookPermission: true
    authenticatedUserCreateJobPermission: true
    authenticatedUserReadPermission: true
    organizationNames: # your organization
    useRepositoryPermissions: true
  3. configure CSRF

1
2
3
4
jenkins:
crumbIssuer:
standard:
excludeClientIPFromCrumb: true

Credentials

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
credentials:
system:
domainCredentials:
- credentials:
- string:
description: "example description"
id: "secret-text-id"
scope: GLOBAL
secret: "text"
- usernamePassword:
description: "example description"
id: "username-password-id"
password: "password"
scope: GLOBAL
username: "username"
- file:
fileName: "filename"
id: "file-cred-id"
scope: GLOBAL
secretBytes: "ZmlsZQ=="

Update Config

How to update the config

1
2
3
4
5
6
7
8
9
NS=cicd # namespace
NAME=jenkins-jenkins-jcasc-config # config name
CFG_PATH=./jcasc-default-config.yaml # you want to update from file path

kubectl --namespace=${NS} create configmap ${NAME} \
--from-file=${CFG_PATH} \
-o yaml \
--save-config \
--dry-run=client | kubectl apply -f -