#!groovy import groovy.json.JsonOutput def podYaml (Map config, List customImages = [[:]]) { def output = """ --- apiVersion: v1 kind: Pod metadata: name: ${config.templateName} spec: containers:""" if (config.kaniko == true) { output += """ - name: kaniko imagePullPolicy: Always image: ${config.repo}/library/kaniko:latest tty: true command: - /busybox/sh""" } if (config.alpine == true) { output += """ - name: alpine imagePullPolicy: Always image: ${config.repo}/library/alpine:latest tty: true command: - /bin/sh""" } if (config.fedora == true) { output += """ - name: fedora imagePullPolicy: Always image: ${config.repo}/dockerhub/library/fedora:latest tty: true command: - /bin/sh""" } for (image in customImages) { if (image.name && image.name != "" && image.path && image.path != "") { output += """ - name: ${image.name} imagePullPolicy: Always image: ${image.path} tty: true""" if (image.command && image.command != "") { output += """ command: - ${image.command}""" } } } return output } def deletePod (Map config) { def ws = pwd() stage ("Delete Pod") { container ("alpine") { sh """ if [ ! -f "/usr/bin/curl" ] || [ ! -x "/usr/bin/curl" ]; then apk add --no-cache curl fi if [ ! -f "/usr/local/bin/kubectl" ] || [ ! -x "/usr/local/bin/kubectl" ]; then curl -L --silent https://nexus.c.test-chamber-13.lan/repository/google-k8s/\$(curl -s https://nexus.c.test-chamber-13.lan/repository/google-k8s/stable.txt)/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl chmod +x /usr/local/bin/kubectl fi """ withKubeConfig ([ credentialsId: config.kubeAuth, serverUrl: config.kubeURL, namespace: config.namespace ]) { sh "for i in \$(kubectl get pods --selector ${config.selector} -o name); do kubectl delete \${i}; done" } } } } def createSecret (Map config) { def ws = pwd() stage ("Create/Update Secret") { container ("alpine") { sh """ if [ ! -f "/usr/bin/curl" ] || [ ! -x "/usr/bin/curl" ]; then apk add --no-cache curl fi if [ ! -f "/usr/local/bin/kubectl" ] || [ ! -x "/usr/local/bin/kubectl" ]; then curl -L --silent https://nexus.c.test-chamber-13.lan/repository/google-k8s/\$(curl -s https://nexus.c.test-chamber-13.lan/repository/google-k8s/stable.txt)/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl chmod +x /usr/local/bin/kubectl fi """ withKubeConfig ([ credentialsId: config.kubeAuth, serverUrl: config.kubeURL, namespace: config.namespace ]) { sh "printf '%s\n' \"" + config.secret + "\" | kubectl apply -f -" } } } } def buildContainer (Map config, List buildArg = []) { def ws = pwd() stage ("Build Container") { container ("kaniko") { writeFile (file: ws + "/Dockerfile", text: config.dockerFile) withCredentials([usernameColonPassword( credentialsId: config.repoCreds, variable: "dCreds" )]) { sh "set +x; printf '{\"auths\":{\"%s\":{\"auth\": \"%s\"}}}' \"${config.repository}\" \"${dcreds.bytes.encodeBase64().toString()}\" > /kaniko/.docker/config.json" } def buildArguments = "" for (i in buildArg) { buildArguments += " --build-arg ${i}" } sh """ /kaniko/executor \\ --force \\ --context "${ws}" \\ -f "${ws}/Dockerfile" \\ --destination "${config.imageDest}" \\ ${buildArguments} """ } } } def buildContainerMultipleDestinations (Map config, List buildArg = []) { def ws = pwd() stage ("Build Containers") { container ("kaniko") { writeFile (file: ws + "/Dockerfile", text: config.dockerFile) def repoAuth = ["auths": [:]] for (i in config.repositoryAccess) { withCredentials([usernameColonPassword( credentialsId: i.credentials, variable: "dCreds" )]) { repoAuth."auths"[i.repository] = ["auth": dCreds.bytes.encodeBase64().toString()] } } sh "set +x; printf '${JsonOutput.toJson(repoAuth)}' > /kaniko/.docker/config.json" def buildArguments = "" for (i in config.destination) { buildArguments += " --destination \"${i}\"" } for (i in buildArg) { buildArguments += " --build-arg ${i}" } sh """ /kaniko/executor \\ --force \\ --context "${ws}" \\ -f "${ws}/Dockerfile" \\ ${buildArguments} """ } } } def pushArtifact (Map config) { def ws = pwd() stage ("Push Artifact: " + config.fileName) { container ("alpine") { sh "apk add --no-cache curl" withCredentials([usernameColonPassword( credentialsId: config.repoCreds, variable: "aCreds" )]) { sh 'curl --fail --request PUT --user "$aCreds" --upload-file "' + config.filePath + config.fileName + '" "' + config.fileURL + config.fileName + '"' } } } } def getLocalRootCA () { def localRootCA = """-----BEGIN CERTIFICATE----- MIICLTCCAbOgAwIBAgIDAYagMAoGCCqGSM49BAMEME0xCzAJBgNVBAYTAlVTMScw JQYDVQQKDB5UZXN0IENoYW1iZXIgMTMgVHJ1c3QgU2VydmljZXMxFTATBgNVBAMM DFRDMTMgUm9vdCBSMTAgFw0xOTAxMDEwMDAwMDBaGA8yMDUwMDEwMTAwMDAwMFow TTELMAkGA1UEBhMCVVMxJzAlBgNVBAoMHlRlc3QgQ2hhbWJlciAxMyBUcnVzdCBT ZXJ2aWNlczEVMBMGA1UEAwwMVEMxMyBSb290IFIxMHYwEAYHKoZIzj0CAQYFK4EE ACIDYgAE8+/J1ECc0VHxTtGXFLnHJ3NGZ2SW38pp9wI58L5EQbHRLiezYuvkUbI/ XGJjLnFdpgjo7W1FFlyhx5ITlCstUX5Sn9bLZiA0+mE0n6b8VwhXwkHlnIeRo7od Zu/OfSFjo2MwYTAdBgNVHQ4EFgQUrGqUJhyRp93wXF645VNtYatRk/AwHwYDVR0j BBgwFoAUrGqUJhyRp93wXF645VNtYatRk/AwDwYDVR0TAQH/BAUwAwEB/zAOBgNV HQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwQDaAAwZQIxAJdgskimDJkf/MGVRrKotmNC xdH/UVQfQppjIR9FAiGeFDr47thclYrzIL6yCkV7nwIwYjf3MbOm/yWblzqe3Uyw UOemMEg3PjcKNsN65W2WVon5HIZx2XVfGRPjf5ZTVWzZ -----END CERTIFICATE-----""" return localRootCA }