--- apiVersion: template.openshift.io/v1 kind: Template labels: app: jenkins-ephemeral template: jenkins-ephemeral-template message: A Jenkins service has been created in your project. Log into Jenkins with your OpenShift account. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template. metadata: annotations: description: |- Jenkins service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing. iconClass: icon-jenkins openshift.io/display-name: Jenkins (Ephemeral) openshift.io/documentation-url: https://docs.okd.io/latest/using_images/other_images/jenkins.html openshift.io/long-description: This template deploys a Jenkins server capable of managing OpenShift Pipeline builds and supporting OpenShift-based oauth login. The Jenkins configuration is stored in non-persistent storage, so this configuration should be used for experimental purposes only. openshift.io/provider-display-name: Red Hat, Inc. openshift.io/support-url: https://access.redhat.com samples.operator.openshift.io/version: 4.18.25 tags: instant-app,jenkins creationTimestamp: "2025-10-11T10:37:44Z" labels: samples.operator.openshift.io/managed: "true" managedFields: - apiVersion: template.openshift.io/v1 fieldsType: FieldsV1 fieldsV1: f:labels: .: {} f:app: {} f:template: {} f:message: {} f:metadata: f:annotations: .: {} f:description: {} f:iconClass: {} f:openshift.io/display-name: {} f:openshift.io/documentation-url: {} f:openshift.io/long-description: {} f:openshift.io/provider-display-name: {} f:openshift.io/support-url: {} f:samples.operator.openshift.io/version: {} f:tags: {} f:labels: .: {} f:samples.operator.openshift.io/managed: {} f:objects: {} f:parameters: {} manager: cluster-samples-operator operation: Update time: "2025-10-11T10:37:44Z" name: jenkins-ephemeral namespace: openshift resourceVersion: "17404" uid: 526e9cf9-e42d-4ae9-ab9f-660a952aa7c1 objects: - apiVersion: route.openshift.io/v1 kind: Route metadata: annotations: haproxy.router.openshift.io/timeout: 4m template.openshift.io/expose-uri: http://{.spec.host}{.spec.path} name: ${JENKINS_SERVICE_NAME} spec: tls: insecureEdgeTerminationPolicy: Redirect termination: edge to: kind: Service name: ${JENKINS_SERVICE_NAME} - apiVersion: v1 kind: ConfigMap metadata: labels: config.openshift.io/inject-trusted-cabundle: "true" name: ${JENKINS_SERVICE_NAME}-trusted-ca-bundle - apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: annotations: template.alpha.openshift.io/wait-for-ready: "true" name: ${JENKINS_SERVICE_NAME} spec: replicas: 1 selector: name: ${JENKINS_SERVICE_NAME} strategy: type: Recreate template: metadata: labels: name: ${JENKINS_SERVICE_NAME} spec: containers: - capabilities: {} env: - name: OPENSHIFT_ENABLE_OAUTH value: ${ENABLE_OAUTH} - name: OPENSHIFT_ENABLE_REDIRECT_PROMPT value: "true" - name: DISABLE_ADMINISTRATIVE_MONITORS value: ${DISABLE_ADMINISTRATIVE_MONITORS} - name: KUBERNETES_MASTER value: https://kubernetes.default:443 - name: KUBERNETES_TRUST_CERTIFICATES value: "true" - name: JENKINS_SERVICE_NAME value: ${JENKINS_SERVICE_NAME} - name: JNLP_SERVICE_NAME value: ${JNLP_SERVICE_NAME} - name: JENKINS_UC_INSECURE value: ${JENKINS_UC_INSECURE} - name: CASC_JENKINS_CONFIG value: /var/lib/jenkins/proxy.yaml - name: JAVA_FIPS_OPTIONS value: ${JAVA_FIPS_OPTIONS} image: ' ' imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 2 httpGet: path: /login port: 8080 initialDelaySeconds: 420 periodSeconds: 360 timeoutSeconds: 240 name: jenkins readinessProbe: httpGet: path: /login port: 8080 initialDelaySeconds: 3 timeoutSeconds: 240 resources: limits: memory: ${MEMORY_LIMIT} securityContext: capabilities: {} privileged: false terminationMessagePath: /dev/termination-log volumeMounts: - mountPath: /var/lib/jenkins name: ${JENKINS_SERVICE_NAME}-data - mountPath: /etc/pki/ca-trust/source/anchors name: ${JENKINS_SERVICE_NAME}-trusted-ca-bundle dnsPolicy: ClusterFirst restartPolicy: Always serviceAccountName: ${JENKINS_SERVICE_NAME} volumes: - emptyDir: medium: "" name: ${JENKINS_SERVICE_NAME}-data - configMap: name: ${JENKINS_SERVICE_NAME}-trusted-ca-bundle optional: true name: ${JENKINS_SERVICE_NAME}-trusted-ca-bundle triggers: - imageChangeParams: automatic: true containerNames: - jenkins from: kind: ImageStreamTag name: ${JENKINS_IMAGE_STREAM_TAG} namespace: ${NAMESPACE} lastTriggeredImage: "" type: ImageChange - type: ConfigChange - apiVersion: v1 kind: ServiceAccount metadata: annotations: serviceaccounts.openshift.io/oauth-redirectreference.jenkins: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"${JENKINS_SERVICE_NAME}"}}' name: ${JENKINS_SERVICE_NAME} - apiVersion: authorization.openshift.io/v1 groupNames: null kind: RoleBinding metadata: name: ${JENKINS_SERVICE_NAME}_edit roleRef: name: edit subjects: - kind: ServiceAccount name: ${JENKINS_SERVICE_NAME} - apiVersion: v1 kind: Service metadata: name: ${JNLP_SERVICE_NAME} spec: ports: - name: agent nodePort: 0 port: 50000 protocol: TCP targetPort: 50000 selector: name: ${JENKINS_SERVICE_NAME} sessionAffinity: None type: ClusterIP - apiVersion: v1 kind: Service metadata: annotations: service.alpha.openshift.io/dependencies: '[{"name": "${JNLP_SERVICE_NAME}", "namespace": "", "kind": "Service"}]' service.openshift.io/infrastructure: "true" name: ${JENKINS_SERVICE_NAME} spec: ports: - name: web nodePort: 0 port: 80 protocol: TCP targetPort: 8080 selector: name: ${JENKINS_SERVICE_NAME} sessionAffinity: None type: ClusterIP parameters: - description: The name of the OpenShift Service exposed for the Jenkins container. displayName: Jenkins Service Name name: JENKINS_SERVICE_NAME value: jenkins - description: The name of the service used for master/slave communication. displayName: Jenkins JNLP Service Name name: JNLP_SERVICE_NAME value: jenkins-jnlp - description: Whether to enable OAuth OpenShift integration. If false, the static account 'admin' will be initialized with the password 'password'. displayName: Enable OAuth in Jenkins name: ENABLE_OAUTH value: "true" - description: Maximum amount of memory the container can use. displayName: Memory Limit name: MEMORY_LIMIT value: 1Gi - description: The OpenShift Namespace where the Jenkins ImageStream resides. displayName: Jenkins ImageStream Namespace name: NAMESPACE value: openshift - description: Whether to perform memory intensive, possibly slow, synchronization with the Jenkins Update Center on start. If true, the Jenkins core update monitor and site warnings monitor are disabled. displayName: Disable memory intensive administrative monitors name: DISABLE_ADMINISTRATIVE_MONITORS value: "false" - description: See https://access.redhat.com/documentation/en-us/openjdk/11/html-single/configuring_openjdk_11_on_rhel_with_fips/index#config-fips-in-openjdk for the available command line properties to facilitate the JVM running on FIPS nodes. displayName: Allows control over how the JVM interacts with FIPS on startup. name: JAVA_FIPS_OPTIONS value: -Dcom.redhat.fips=false - description: Name of the ImageStreamTag to be used for the Jenkins image. displayName: Jenkins ImageStreamTag name: JENKINS_IMAGE_STREAM_TAG value: jenkins:2 - description: Whether to allow use of a Jenkins Update Center that uses invalid certificate (self-signed, unknown CA). If any value other than 'false', certificate check is bypassed. By default, certificate check is enforced. displayName: Allows use of Jenkins Update Center repository with invalid SSL certificate name: JENKINS_UC_INSECURE value: "false" - description: Setting this value overrides the image used for the 'jnlp' container in the sample kubernetes plug-in PodTemplates provided with this image. Otherwise, the image from the 'jenkins-agent-base:latest' ImageStreamTag in the 'openshift' namespace is used. displayName: Image used for the 'jnlp' container of the sample 'java-sidecar' and 'nodejs-sidecar' PodTemplates name: AGENT_BASE_IMAGE value: image-registry.openshift-image-registry.svc:5000/openshift/jenkins-agent-base:latest - description: Setting this value overrides the image used for the 'java-builder' container in the sample kubernetes plug-in PodTemplates provided with this image. Otherwise, the image from the 'java:latest' ImageStreamTag in the 'openshift' namespace is used. displayName: Image used for the 'java' container of the sample 'java-builder' PodTemplate name: JAVA_BUILDER_IMAGE value: image-registry.openshift-image-registry.svc:5000/openshift/java:latest - description: Setting this value overrides the image used for the 'nodejs-builder' container in the sample kubernetes plug-in PodTemplates provided with this image. Otherwise, the image from the 'nodejs:latest' ImageStreamTag in the 'openshift' namespace is used. displayName: Image used for the 'nodejs' container of the sample 'nodejs-builder' PodTemplate name: NODEJS_BUILDER_IMAGE value: image-registry.openshift-image-registry.svc:5000/openshift/nodejs:latest