forked from jenkins-infra/kubernetes-management
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Jenkinsfile_k8s
120 lines (117 loc) · 4.13 KB
/
Jenkinsfile_k8s
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
pipeline {
agent none
options {
buildDiscarder(logRotator(numToKeepStr: '10'))
timeout(time: 30, unit: 'MINUTES')
disableConcurrentBuilds()
}
triggers {
cron(env.BRANCH_NAME == 'main' ? 'H/30 * * * *' : '')
}
stages {
stage('Chore Tasks') {
parallel {
stage('Dependency Management') {
agent {
kubernetes {
yamlFile 'PodTemplates.yaml'
}
}
environment {
UPDATECLI_GITHUB_TOKEN = credentials('updatecli-github-token')
}
stages {
stage('Check Configuration Update') {
// Run updatecli's diff on both push and pull requests (in case a configuration change breaks updatecli)
steps {
sh 'updatecli diff --config ./updatecli/updatecli.d --values ./updatecli/values.yaml'
}
} // stage
stage('Apply Configuration Update') {
when {
allOf {
branch 'main'
// Only run updatecli's tasks when the pipeline is triggered by the "cron" routine
triggeredBy 'TimerTrigger'
}
}
steps {
sh 'updatecli apply --config ./updatecli/updatecli.d --values ./updatecli/values.yaml'
}
} // stage
}
} // stage 'Dependency Management'
stage('Yaml Lint') {
agent {
kubernetes {
yamlFile 'PodTemplates.yaml'
}
}
steps {
sh 'yamllint --config-file yamllint.config config'
}
} // stage 'Yaml Lint'
} // parallel
} // stage 'Chore Tasks
stage('Kubernetes Management Tasks') {
matrix {
axes {
axis {
name 'K8S_CLUSTER'
values 'prodpublick8s', 'cik8s', 'temp-privatek8s'
}
} // axes
agent {
kubernetes {
yamlFile 'PodTemplates.yaml'
}
}
environment {
KUBECONFIG = credentials("kubeconfig-${K8S_CLUSTER}")
// Required for secret decryption
AZURE_TENANT_ID = credentials('sops-tenant-id')
AZURE_CLIENT_ID = credentials('sops-client-id')
AZURE_CLIENT_SECRET = credentials('sops-client-secret')
// Required for AWS-hosted clusters.
// Variable name is constrained (ref. https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html)
AWS_SHARED_CREDENTIALS_FILE = credentials('eks_charter_awsconfig')
}
stages {
stage('Prepare Environment'){
steps {
// Retrieve the private repository holding the SOPS encrypted YAML secrets into the local directory "./secrets"
dir ('secrets'){
git branch: 'main', credentialsId: 'charts-secrets', url: '[email protected]:jenkins-infra/charts-secrets.git'
}
sh 'kubectl cluster-info'
}
}
stage('Helmfile Lint'){
steps {
sh 'helmfile -f "clusters/${K8S_CLUSTER}.yaml" lint'
}
} // stage
stage('Diff on Pull Request'){
when { changeRequest() }
steps {
script {
def diff = sh(
script:'helmfile --no-color -f "clusters/${K8S_CLUSTER}.yaml" diff --suppress-secrets --skip-deps --context=2 --concurrency=8',
returnStdout: true,
).trim()
// Note the GitHub markdown formatting for the diff, to have syntax coloration
publishChecks name: "helmfile-diff-${K8S_CLUSTER}", title: "Helmfile Diff for cluster ${K8S_CLUSTER}", text: '```diff\n' + diff + '\n```'
}
}
} // stage
stage('Apply'){
when { branch 'main' }
steps {
sh 'helmfile -f "clusters/${K8S_CLUSTER}.yaml" apply --suppress-secrets --concurrency=8'
}
} // stage
} // stages
} // matrix
} // stage 'stage('Kubernetes Management Tasks'
} // stages
}