# prep:
#  Also run:
#    ansible microk8s --become -a 'chmod g+rw,o+rw /dev/vchiq'
#    ansible microk8s --become -a 'chmod g+rw,o+rw /dev/video*'
#    ansible microk8s --become -a 'chmod -R g+rw,o+rw /dev/dri'
apiVersion: v1
kind: Service
metadata:
  name: jenkins
  labels:
    run: jenkins
spec:
  ports:
    - name: http
      port: 8080
      targetPort: 8080
#  ports:
#    - name: slaveport # hopefully not needed with a single server?
#      port: 50000
#      targetPort: 50000
  selector:
    run: jenkins
#  type: LoadBalancer
#status:
#  loadBalancer: {}
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: jenkins-home
spec:
  capacity:
    storage: 5Mi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain # Keep 4eva
  storageClassName: default
  mountOptions:
    - hard
    - nfsvers=3
  nfs:
    path: /mnt/DroboFS/Shares/Kubernetes/volumes/static/jenkins-home
    server: 10.42.42.10
  claimRef:
    name: jenkins-home
    namespace: default
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: jenkins-home
  annotations:
    nfs.io/storage-path: "jenkins-home"
spec:
  storageClassName: default
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 5Mi
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: jenkins
spec:
  replicas: 1
  selector:
    matchLabels:
      run: jenkins
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        run: jenkins
    spec:
      terminationGracePeriodSeconds: 30
      containers:
        - image: jenkins/jenkins:lts-jdk11
          imagePullPolicy: "Always"
          name: jenkins
          env:
            - name: TZ
              value: US/Michigan
          ports:
            - containerPort: 8080
              #            - containerPort: 50000
          resources: {}
          volumeMounts:
            - mountPath: /var/jenkins_home
              name: jenkins-home
      restartPolicy: Always
      volumes:
        - name: jenkins-home
          persistentVolumeClaim:
            claimName: jenkins-home
      dnsPolicy: "None"
      dnsConfig:
        nameservers:
          - 10.42.42.239
          - 10.42.42.1
        searches:
          - default.svc.cluster.local
          - svc.cluster.local 
          - cluster.local
        options:
          - name: ndots
            value: "2"
          - name: edns0
          - name: trust-ad
status: {}
---
# Hosting
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: jenkins-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    ## No basic auth for jenkins
    ## type of authentication
    #nginx.ingress.kubernetes.io/auth-type: basic
    ## name of the secret that contains the user/password definitions
    #nginx.ingress.kubernetes.io/auth-secret: basic-auth
    ## message to display with an appropriate context why the authentication is required
    #nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - Octoprint'
spec:
  tls:
  - hosts:
    - jenkins.monkeybox.org
    secretName: jenkins-tls
  rules:
  - host: jenkins.monkeybox.org
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: jenkins
            port:
              number: 8080