diff --git a/infra/jenkins-cluster/deployment-jenkins.yaml b/infra/jenkins-cluster/deployment-jenkins.yaml index 965cb2098..dd2083aa4 100644 --- a/infra/jenkins-cluster/deployment-jenkins.yaml +++ b/infra/jenkins-cluster/deployment-jenkins.yaml @@ -15,7 +15,7 @@ spec: image: gcr.io/clusterfuzz-external/jenkins:latest env: - name: JAVA_OPTS - value: "-Duser.timezone=America/Los_Angeles -Dhudson.security.csrf.requestfield=Jenkins-Crumb" + value: "-Duser.timezone=America/Los_Angeles -Dhudson.security.csrf.requestfield=Jenkins-Crumb -Xmx16g" ports: - containerPort: 8080 - containerPort: 50000 @@ -48,9 +48,13 @@ spec: fsType: ext4 - name: secrets secret: - secretName: builder-service-account + secretName: secrets items: - key: build-service-account.json path: build-service-account.json - key: base-build-service-account.json path: base-build-service-account.json + - key: tls-cert + path: cert.pem + - key: tls-key + path: cert.key diff --git a/infra/jenkins-cluster/server/Dockerfile b/infra/jenkins-cluster/server/Dockerfile index e31ce3eb7..85125f817 100644 --- a/infra/jenkins-cluster/server/Dockerfile +++ b/infra/jenkins-cluster/server/Dockerfile @@ -16,4 +16,5 @@ RUN /google-cloud-sdk/bin/gcloud -q components update RUN chown -R jenkins:jenkins /google-cloud-sdk USER jenkins +ENV JENKINS_OPTS --httpPort=-1 --httpsPort=8080 --httpsCertificate=/var/secrets/cert.pem --httpsPrivateKey=/var/secrets/cert.key ENV PATH=$PATH:/google-cloud-sdk/bin diff --git a/infra/jenkins-cluster/service-jenkins-http.yaml b/infra/jenkins-cluster/service-jenkins-http.yaml index 7814f6a36..815be7f14 100644 --- a/infra/jenkins-cluster/service-jenkins-http.yaml +++ b/infra/jenkins-cluster/service-jenkins-http.yaml @@ -1,11 +1,12 @@ apiVersion: v1 kind: Service metadata: - name: jenkins-http + name: jenkins-https spec: type: LoadBalancer selector: app: jenkins-master ports: - - port: 80 + - port: 443 targetPort: 8080 + name: https diff --git a/infra/jenkins-cluster/service-jenkins-master.yaml b/infra/jenkins-cluster/service-jenkins-master.yaml index 1e4d58a44..f4e524c33 100644 --- a/infra/jenkins-cluster/service-jenkins-master.yaml +++ b/infra/jenkins-cluster/service-jenkins-master.yaml @@ -10,6 +10,6 @@ spec: ports: - name: agent port: 50000 - - name: http - port: 80 + - name: https + port: 443 targetPort: 8080