-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathJenkinsfile
138 lines (117 loc) · 4.28 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
#! /usr/bin/env groovy
// pulls in HashiCorp vault env variables from environment
// - VAULT_ADDR: address of Vault server
// - VAULT_CACERT: CA cert that signed TLS cert on Vault server
// if those are not set, fall back to in-cluster defaults
@Library('vaultHelpers') _
def getK8sClusterTargets() {
println(env.getEnvironment())
// Optional filter
def branch_selector_for_clusters = env.BRANCH_NAME
// Vault connection parameters
def vault_addr = vaultHelpers.getVaultAddr()
def vault_cacert = vaultHelpers.getVaultCacert()
def vault_token = vaultHelpers.getVaultToken()
// Read Projects from Vault
def clusters = [
'sh',
'-c',
"PATH=/usr/local/bin VAULT_ADDR=${vault_addr} " + \
"VAULT_CACERT=${vault_cacert} " + \
"VAULT_TOKEN=${vault_token} " + \
"landscape cluster list --git-branch=${branch_selector_for_clusters}"
]
println("Getting K8S clusters for branch " + branch_selector_for_clusters)
sout = clusters.execute().text.split("\n")
return sout
}
// Generate target list of GCP Projects
def allK8sClusters = getK8sClusterTargets()
// Create job per-target under this folder
def jenkinsJobFolder = 'k8s-clusters'
// properties([parameters([choice(choices: getClusterTargets().join('\n'), description: 'Kubernetes Context (defined in Vault)', name: 'CONTEXT', defaultValue: '')])])
properties([
parameters([
choice(choices: "(all)\n" + allK8sClusters.join('\n'),
description: 'Kubernetes Cluster',
name: 'K8S_CLUSTER',
defaultValue: '(all)'
)
])
])
println(env.getEnvironment())
node('landscape') {
def seed_job_url = scm.getUserRemoteConfigs()[0].getUrl()
// create a GCP-specific Jenkins job for each listed in Vault
allK8sClusters.each {
jobDsl scriptText: """folder("${jenkinsJobFolder}")
pipelineJob("${jenkinsJobFolder}" + "/" + "${it}") {
definition {
cps {
script(\"\"\"
@Library('vaultHelpers') _
properties(
[
pipelineTriggers([cron('*/3 * * * *')]),
]
)
def setupKubectlCredentials(cluster_name, dry_run=true) {
def cmd = 'landscape cluster converge --cluster=' + cluster_name
if(dry_run) {
cmd += " --dry-run"
}
println("Running command: " + cmd)
sh cmd
}
def convergeCharts(cluster_name, dry_run=true) {
def cmd = 'landscape charts converge --cluster=' + cluster_name
if(dry_run) {
cmd += " --dry-run"
}
println("Running command: " + cmd)
sh cmd
}
node {
// clone branch of seed job
git url: "${seed_job_url}",
branch: 'master',
credentialsId: 'github'
// credentials is of kind 'Secret file', downloaded from GCP SA
withCredentials([
file(credentialsId: 'gcp-staging',
variable: 'GOOGLE_APPLICATION_CREDENTIALS')
]) {
withEnv(['VAULT_ADDR='+vaultHelpers.getVaultAddr(),
'VAULT_CACERT='+vaultHelpers.getVaultCacert(),
'VAULT_TOKEN='+vaultHelpers.getVaultToken()]) {
stage('Environment') {
setupKubectlCredentials("${it}", false)
sh 'helm repo add chartmuseum http://http.chartmuseum.svc.cluster.local:8080'
}
stage('Test Charts ' + "${it}") {
convergeCharts("${it}", true)
}
stage('Converge Charts ' + "${it}") {
convergeCharts("${it}", false)
}
}
}
}
\"\"\".stripIndent())
}
}
}"""
}
}
stage("Applying Helm Charts to Kubernetes Cluster(s)") {
def builds = [:]
for (k8sCluster in allK8sClusters) {
def jobName = jenkinsJobFolder + '/' + k8sCluster
builds["${k8sCluster}"] = {
node('landscape') {
build job: jobName
}
}
}
parallel builds
}