Merge pull request lachie83#92 from lachie83/dev

Major pipeline updates
EamonKeane · Sep 27, 2017 · 7b24cef · 7b24cef
2 parents 9fbf618 + 37b3cb1
commit 7b24cef
Show file tree

Hide file tree

Showing 8 changed files with 71 additions and 36 deletions.
diff --git a/DEMO.md b/DEMO.md
@@ -61,6 +61,12 @@ open ${JENKINS_URL}/login
 printf $(kubectl get secret --namespace jenkins jenkins-jenkins -o jsonpath="{.data.jenkins-admin-password}" | base64 --decode) | pbcopy
 ```
 
+## Add credentials for private container registry (optional)
+```
+kubectl create secret docker-registry croc-hunter-secrets --docker-server=$DOCKER_SERVER --docker-username=$DOCKER_USERNAME --docker-password=$DOCKER_PASSWORD --docker-email=$DOCKER_EMAIL --namespace=croc-hunter
+```
+Reference to the secret name must also be added to the chart values.yaml or set on install.
+
 ## Login and configure Jenkins and setup pipeline
 ```
 # username: admin
@@ -147,4 +153,4 @@ open https://github.com/lachie83/croc-hunter
 # PR builds
 # merge the PR
 # master builds and deploys new version
-```
+```
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.7-alpine
+FROM golang:1.8-alpine3.6
 
 MAINTAINER Lachlan Evenson <[email protected]>
 

diff --git a/Jenkinsfile b/Jenkinsfile
@@ -2,14 +2,16 @@
 
 // load pipeline functions
 // Requires pipeline-github-lib plugin to load library from github
-@Library('github.com/lachie83/[email protected]')
+
+@Library('github.com/lachie83/jenkins-pipeline@dev')
+
 def pipeline = new io.estrado.Pipeline()
 
 podTemplate(label: 'jenkins-pipeline', containers: [
-    containerTemplate(name: 'jnlp', image: 'jenkinsci/jnlp-slave:2.62', args: '${computer.jnlpmac} ${computer.name}', workingDir: '/home/jenkins', resourceRequestCpu: '200m', resourceLimitCpu: '200m', resourceRequestMemory: '256Mi', resourceLimitMemory: '256Mi'),
-    containerTemplate(name: 'docker', image: 'docker:1.12.6',       command: 'cat', ttyEnabled: true),
+    containerTemplate(name: 'jnlp', image: 'lachlanevenson/jnlp-slave:3.10-1-alpine', args: '${computer.jnlpmac} ${computer.name}', workingDir: '/home/jenkins', resourceRequestCpu: '200m', resourceLimitCpu: '300m', resourceRequestMemory: '256Mi', resourceLimitMemory: '512Mi'),
+    containerTemplate(name: 'docker', image: 'docker:1.12.6', command: 'cat', ttyEnabled: true),
     containerTemplate(name: 'golang', image: 'golang:1.8.3', command: 'cat', ttyEnabled: true),
-    containerTemplate(name: 'helm', image: 'lachlanevenson/k8s-helm:v2.5.0', command: 'cat', ttyEnabled: true),
+    containerTemplate(name: 'helm', image: 'lachlanevenson/k8s-helm:v2.6.0', command: 'cat', ttyEnabled: true),
     containerTemplate(name: 'kubectl', image: 'lachlanevenson/k8s-kubectl:v1.4.8', command: 'cat', ttyEnabled: true)
 ],
 volumes:[
@@ -79,12 +81,14 @@ volumes:[
           dry_run       : true,
           name          : config.app.name,
           namespace     : config.app.name,
-          version_tag   : image_tags_list.get(0),
           chart_dir     : chart_dir,
-          replicas      : config.app.replicas,
-          cpu           : config.app.cpu,
-          memory        : config.app.memory,
-          hostname      : config.app.hostname
+          set           : [
+            "imageTag": image_tags_list.get(0),
+            "replicas": config.app.replicas,
+            "cpu": config.app.cpu,
+            "memory": config.app.memory,
+            "ingress.hostname": config.app.hostname,
+          ]
         )
 
       }
@@ -94,10 +98,10 @@ volumes:[
 
       container('docker') {
 
-        // perform docker login to quay as the docker-pipeline-plugin doesn't work with the next auth json format
+        // perform docker login to container registry as the docker-pipeline-plugin doesn't work with the next auth json format
         withCredentials([[$class          : 'UsernamePasswordMultiBinding', credentialsId: config.container_repo.jenkins_creds_id,
                         usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD']]) {
-          sh "docker login -e ${config.container_repo.dockeremail} -u ${env.USERNAME} -p ${env.PASSWORD} quay.io"
+          sh "docker login -u ${env.USERNAME} -p ${env.PASSWORD} ${config.container_repo.host}"
         }
 
         // build and publish container
@@ -107,8 +111,18 @@ volumes:[
             acct      : acct,
             repo      : config.container_repo.repo,
             tags      : image_tags_list,
-            auth_id   : config.container_repo.jenkins_creds_id
+            auth_id   : config.container_repo.jenkins_creds_id,
+            image_scanning: config.container_repo.image_scanning
         )
+
+        // anchore image scanning configuration
+        println "Add container image tags to anchore scanning list"
+
+        def tag = image_tags_list.get(0)
+        def imageLine = "${config.container_repo.host}/${acct}/${config.container_repo.repo}:${tag}" + ' ' + env.WORKSPACE + '/Dockerfile'
+        writeFile file: 'anchore_images', text: imageLine
+        anchore name: 'anchore_images', inputQueries: [[query: 'list-packages all'], [query: 'list-files all'], [query: 'cve-scan all'], [query: 'show-pkg-diffs base']]
+
       }
 
     }
@@ -121,12 +135,14 @@ volumes:[
             dry_run       : false,
             name          : env.BRANCH_NAME.toLowerCase(),
             namespace     : env.BRANCH_NAME.toLowerCase(),
-            version_tag   : image_tags_list.get(0),
             chart_dir     : chart_dir,
-            replicas      : config.app.replicas,
-            cpu           : config.app.cpu,
-            memory        : config.app.memory,
-            hostname      : config.app.hostname
+            set           : [
+              "imageTag": image_tags_list.get(0),
+              "replicas": config.app.replicas,
+              "cpu": config.app.cpu,
+              "memory": config.app.memory,
+              "ingress.hostname": config.app.hostname,
+            ]
           )
 
           //  Run helm tests
@@ -153,12 +169,14 @@ volumes:[
             dry_run       : false,
             name          : config.app.name,
             namespace     : config.app.name,
-            version_tag   : image_tags_list.get(0),
             chart_dir     : chart_dir,
-            replicas      : config.app.replicas,
-            cpu           : config.app.cpu,
-            memory        : config.app.memory,
-            hostname      : config.app.hostname
+            set           : [
+              "imageTag": image_tags_list.get(0),
+              "replicas": config.app.replicas,
+              "cpu": config.app.cpu,
+              "memory": config.app.memory,
+              "ingress.hostname": config.app.hostname,
+            ]
           )
 
           //  Run helm tests

diff --git a/Jenkinsfile.json b/Jenkinsfile.json
@@ -5,7 +5,7 @@
     "cpu": "10m",
     "memory": "128Mi",
     "test": true,
-    "hostname": "croc-hunter.onesix.az.estrado.io"
+    "hostname": "croc-hunter.acs.az.estrado.io"
   },
   "container_repo": {
     "host": "quay.io",
@@ -14,13 +14,14 @@
     "jenkins_creds_id": "quay_creds",
     "repo": "croc-hunter",
     "dockeremail": ".",
-    "dockerfile": "./"
+    "dockerfile": "./",
+    "image_scanning": true
   },
   "pipeline": {
       "enabled": true,
       "debug": false,
       "library": {
-        "branch": "master"
+        "branch": "dev"
       }
   }
-}
+}
diff --git a/charts/croc-hunter/Chart.yaml b/charts/croc-hunter/Chart.yaml
@@ -1,6 +1,6 @@
 name: croc-hunter
 home: https://github.com/lachie83/croc-hunter
-version: 0.3.0
+version: 0.3.1
 description: Live out your dream hunting Crocs
 sources:
   - https://github.com/lachie83/croc-hunter

diff --git a/charts/croc-hunter/templates/croc-hunter.yaml b/charts/croc-hunter/templates/croc-hunter.yaml
@@ -40,6 +40,10 @@ spec:
         chart: "{{.Chart.Name}}-{{.Chart.Version}}"
         component: "{{.Release.Name}}-{{.Values.component}}"
     spec:
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+        - name: {{ .Values.imagePullSecrets }}
+      {{- end }}
       containers:
         - name: {{ template "fullname" . }}
           image: "{{.Values.image}}:{{.Values.imageTag}}"
@@ -61,4 +65,4 @@ spec:
           readinessProbe:
             httpGet:
               path: /healthz
-              port: http
+              port: http
diff --git a/charts/croc-hunter/values.yaml b/charts/croc-hunter/values.yaml
@@ -11,17 +11,19 @@ replicas: 3
 image: "quay.io/lachie83/croc-hunter"
 imageTag: "latest"
 imagePullPolicy: "Always"
+## If you have a private registry you specify a secret to use
+#imagePullSecrets:
 cpu: "10m"
 memory: "128Mi"
-# Ingress settings
+## Ingress settings
 ingress:
   enabled: true
   hostname: croc-hunter.acs.az.estrado.io
   annotations:
      kubernetes.io/ingress.class: nginx
      kubernetes.io/tls-acme: "true"
   tls: true
-# PodDisruptionBudget
+## PodDisruptionBudget
 pdb:
   enabled: false
   minAvailable: 2
diff --git a/jenkins-values.yaml b/jenkins-values.yaml
@@ -3,23 +3,27 @@
 # helm --namespace jenkins --name jenkins -f ./jenkins-values.yaml install stable/jenkins
 
 Master:
+  ImageTag: "2.74"
   Memory: "512Mi"
   HostName: jenkins.acs.az.estrado.io
   ServiceType: ClusterIP
   InstallPlugins:
-      - kubernetes:0.11 
+      - kubernetes:0.12
       - workflow-aggregator:2.5
-      - credentials-binding:1.12
-      - git:3.3.1
+      - credentials-binding:1.13
+      - git:3.5.1
       - pipeline-github-lib:1.0
       - ghprb:1.39.0
-      - blueocean:1.1.4
+      - blueocean:1.1.7
 
   ScriptApproval:
     - "method groovy.json.JsonSlurperClassic parseText java.lang.String"
     - "new groovy.json.JsonSlurperClassic"
     - "staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods leftShift java.util.Map java.util.Map"
     - "staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods split java.lang.String"
+    - "method java.util.Collection toArray"
+    - "staticMethod org.kohsuke.groovy.sandbox.impl.Checker checkedCall java.lang.Object boolean boolean java.lang.String java.lang.Object[]"
+    - "staticMethod org.kohsuke.groovy.sandbox.impl.Checker checkedGetProperty java.lang.Object boolean boolean java.lang.Object"
 
   Ingress:
     Annotations: