Schema

Spec defines the desired state of the Jenkins

Status defines the observed state of Jenkins

ConfigurationType is the name of the configuration type(base-groovy, user-groovy, user-casc)

Source is the name of source where is located groovy script

Name is the name of the groovy script

Hash is the hash of the groovy script and secrets which it uses

ContainerName is the container name responsible for backup operation

Action defines action which performs backup in backup container sidecar

Interval tells how often make backup in seconds Defaults to 30.

MakeBackupBeforePodDeletion tells operator to make backup before Jenkins master pod deletion

(Members of Customization are embedded into this type.)

Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL).

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always.

Compute Resources required by this container. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image.

List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default “0.0.0.0” address inside a container will be accessible from the network.

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence.

List of environment variables to set in the container.

Pod volumes to mount into the container’s filesystem.

Periodic probe of container liveness. Container will be restarted if the probe fails.

Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails.

Actions that the management system should take in response to container lifecycle events.

Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

(Members of Customization are embedded into this type.)

Exec specifies the action to take.

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node’s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

SecurityContext that applies to all the containers of the Jenkins Master. As per kubernetes specification, it can be overridden for each container individually. Defaults to: runAsUser: 1000 fsGroup: 1000

List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Defaults to: - image: jenkins/jenkins:lts imagePullPolicy: Always livenessProbe: failureThreshold: 12 httpGet: path: /login port: http scheme: HTTP initialDelaySeconds: 80 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 name: jenkins-master readinessProbe: failureThreshold: 3 httpGet: path: /login port: http scheme: HTTP initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: limits: cpu: 1500m memory: 3Gi requests: cpu: “1” memory: 600Mi

ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod

List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes

If specified, the pod’s tolerations.

BasePlugins contains plugins required by operator Defaults to : - name: kubernetes version: “1.30.11” - name: workflow-job version: “2.42” - name: workflow-aggregator version: “2.6” - name: git version: “4.10.0” - name: job-dsl version: “1.78.1” - name: configuration-as-code version: “1.55” - name: kubernetes-credentials-provider version: “0.20”

Plugins contains plugins required by user

DisableCSRFProtection allows you to toggle CSRF Protection on Jenkins

PriorityClassName for Jenkins master pod

HostAliases for Jenkins master pod and SeedJob agent

Master represents Jenkins master pod properties and Jenkins plugins. Every single change here requires a pod restart.

SeedJobs defines list of Jenkins Seed Job configurations More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configuration#configure-seed-jobs-and-pipelines

ValidateSecurityWarnings enables or disables validating potential security warnings in Jenkins plugins via admission webhooks.

Notifications defines list of a services which are used to inform about Jenkins status Can be used to integrate chat services like Slack, Microsoft Teams or Mailgun

Service is Kubernetes service of Jenkins master HTTP pod Defaults to : port: 8080 type: ClusterIP

Service is Kubernetes service of Jenkins slave pods Defaults to : port: 50000 type: ClusterIP

Backup defines configuration of Jenkins backup More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configure-backup-and-restore/

Backup defines configuration of Jenkins backup restore More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configure-backup-and-restore/

GroovyScripts defines configuration of Jenkins customization via groovy scripts

ConfigurationAsCode defines configuration of Jenkins customization via Configuration as Code Jenkins plugin

Roles defines list of extra RBAC roles for the Jenkins Master pod service account

ServiceAccount defines Jenkins master service account attributes

JenkinsAPISettings defines configuration used by the operator to gain admin access to the Jenkins API

OperatorVersion is the operator version which manages this CR

ProvisionStartTime is a time when Jenkins master pod has been created

BaseConfigurationCompletedTime is a time when Jenkins base configuration phase has been completed

UserConfigurationCompletedTime is a time when Jenkins user configuration phase has been completed

RestoredBackup is the restored backup number after Jenkins master pod restart

LastBackup is the latest backup number

PendingBackup is the pending backup number

BackupDoneBeforePodDeletion tells if backup before pod deletion has been made

UserAndPasswordHash is a SHA256 hash made from user and password

CreatedSeedJobs contains list of seed job id already created in Jenkins

AppliedGroovyScripts is a list with all applied groovy scripts in Jenkins by the operator

The web hook URL to MicrosoftTeams App

Name is the name of Jenkins plugin

Version is the version of Jenkins plugin

DownloadURL is the custom url from where plugin has to be downloaded.

ContainerName is the container name responsible for restore backup operation

Action defines action which performs restore backup in restore container sidecar

GetLatestAction defines action which returns the latest backup number. If there is no backup “-1” should be returned.

RecoveryOnce if want to restore specific backup set this field and then Jenkins will be restarted and desired backup will be restored

The name of the secret in the pod’s namespace to select from.

The key of the secret to select from. Must be a valid secret key.

ID is the unique seed job name

CredentialID is the Kubernetes secret name which stores repository access credentials

Description is the description of the seed job

Targets is the repository path where are seed job definitions

RepositoryBranch is the repository branch where are seed job definitions

RepositoryURL is the repository access URL. Can be SSH or HTTPS.

JenkinsCredentialType is the https://jenkinsci.github.io/kubernetes-credentials-provider-plugin/ credential type

BitbucketPushTrigger is used for Bitbucket web hooks

GitHubPushTrigger is used for GitHub web hooks

BuildPeriodically is setting for scheduled trigger

PollSCM is setting for polling changes in SCM

IgnoreMissingFiles is setting for Job DSL API plugin to ignore files that miss

AdditionalClasspath is setting for Job DSL API plugin to set Additional Classpath

FailOnMissingPlugin is setting for Job DSL API plugin that fails job if required plugin is missing

UnstableOnDeprecation is setting for Job DSL API plugin that sets build status as unstable if build using deprecated features

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/

Type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. “ExternalName” maps to the specified externalName. “ClusterIP” allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object. If clusterIP is “None”, no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a stable IP. “NodePort” builds on ClusterIP and allocates a port on every node which routes to the clusterIP. “LoadBalancer” builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services—service-types

The port that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies

The port on each node on which this service is exposed when type=NodePort or LoadBalancer. Usually assigned by the system. If specified, it will be allocated to the service if unused or else creation of the service will fail. Default is to auto-allocate a port if the ServiceType of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature.” More info: https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/#restricting-cloud-metadata-api-access

Only applies to Service Type: LoadBalancer LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature.

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

The web hook URL to Slack App