diff options
Diffstat (limited to 'README.md')
| -rwxr-xr-x | README.md | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/README.md b/README.md new file mode 100755 index 0000000..83cbe52 --- /dev/null +++ b/README.md @@ -0,0 +1,31 @@ +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# rkt-ice-jenkins (for kubernetes) + +## design considerations + +### goals + +- bog standard jenkins +- one admin user + - admin password defined in vault, not generated by jenkins +- no interactive setup on first launch +- ssh keys set +- turn on security by default (so anonymous doesn't have admin!) + +### ideas + +- no need for massive "initial home" tarball; just place the stuff we want and jenkins will install the rest as usual +- use groovy to set admin password + - nope: fragile, unreliable, and groovy is gross +- write users/admin/config.xml as templated k8s secret, insert password hash + - okay, but ansible has no bcrypt filter. need to store hashed. + - but paul says prefer environment variables + - but then any jenkins job has access to the hashed password +- write jenkins.install.InstallUtil.lastExecVersion jenkins.install.UpgradeWizard.state + - can't simply mount them; need some process to copy into place + +## design + +- tweak base image to insert bootstrap wrapper script +- store secrets wherever (/etc/secrets), bootstrap can apply them +- bootstrap can generate jenkins.install.InstallUtil.lastExecVersion & jenkins.install.UpgradeWizard.state |