85 lines
1.9 KiB
HCL
85 lines
1.9 KiB
HCL
job "jenkins" {
|
|
datacenters = ["columbia"]
|
|
region = "global"
|
|
type = "service"
|
|
|
|
update {
|
|
stagger = "30s"
|
|
max_parallel = 1
|
|
}
|
|
|
|
constraint {
|
|
attribute = "${meta.long_lived}"
|
|
value = "true"
|
|
}
|
|
|
|
vault {
|
|
policies = ["default", "ansible"]
|
|
change_mode = "restart"
|
|
}
|
|
group "jenkins" {
|
|
count = 1
|
|
|
|
task "jenkins" {
|
|
driver = "docker"
|
|
config {
|
|
image = "docker.service.masked.name:8082/jenkins"
|
|
ports = ["https"]
|
|
volumes = [
|
|
"/opt/jenkins_home:/var/jenkins_home"
|
|
]
|
|
}
|
|
|
|
template {
|
|
data = <<EOH
|
|
{{- with secret "pki_int/issue/masked-dot-name" "common_name=jenkins.service.masked.name" "alt_names=jenkins.service.columbia.masked.name" -}}
|
|
{{- .Data.certificate -}}
|
|
{{- end -}}
|
|
EOH
|
|
destination = "${NOMAD_SECRETS_DIR}/jenkins.crt"
|
|
change_mode = "restart"
|
|
}
|
|
|
|
template {
|
|
data = <<EOH
|
|
{{- with secret "pki_int/issue/masked-dot-name" "common_name=jenkins.service.masked.name" "alt_names=jenkins.service.columbia.masked.name" -}}
|
|
{{- .Data.private_key -}}
|
|
{{- end -}}
|
|
EOH
|
|
destination = "${NOMAD_SECRETS_DIR}/jenkins.key"
|
|
change_mode = "restart"
|
|
}
|
|
|
|
env {
|
|
ROOT_URL = "${NOMAD_ADDR_https}"
|
|
JAVA_ARGS = "-Xmx2048m"
|
|
JENKINS_OPTS = "--httpsPort=8443 --httpsKeyStore=/secrets/jenkins.jks --httpsKeyStorePassword=password --httpPort=-1"
|
|
}
|
|
|
|
resources {
|
|
cpu = 2000
|
|
memory = 2560
|
|
}
|
|
}
|
|
|
|
network {
|
|
port "https" {
|
|
to = 8443
|
|
}
|
|
}
|
|
|
|
service {
|
|
name = "jenkins"
|
|
port = "https"
|
|
|
|
check {
|
|
name = "jenkins"
|
|
type = "tcp"
|
|
interval = "10s"
|
|
timeout = "2s"
|
|
address_mode = "driver"
|
|
}
|
|
}
|
|
}
|
|
}
|