--- apiVersion: template.openshift.io/v1 kind: Template labels: app: ${NAME} template: jenkins-persistent-monitored message: A Jenkins service (monitored via Prometheus) has been created in your project. Log into Jenkins with your OpenShift account. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template. metadata: annotations: description: "Jenkins service, with persistent storage. \n\n To run this template extra RBAC permissions need to be provideed to the use to be able to create the ServiceMonitor Custom Resource managed by the prometheus-operator. \n\nNOTE: You must have persistent volumes available in your cluster to use this template." iconClass: icon-jenkins openshift.io/display-name: Jenkins Monitored openshift.io/documentation-url: https://docs.okd.io/latest/using_images/other_images/jenkins.html openshift.io/long-description: 'This template deploys a Jenkins server capable of managing OpenShift Pipeline builds and supporting OpenShift-based oauth login and Prometheus monitoring. DISCLAIMER: User needs to have RBAC Permissions to create the Service Monitor.' openshift.io/provider-display-name: Red Hat, Inc. openshift.io/support-url: https://access.redhat.com samples.operator.openshift.io/version: 4.18.25 tags: instant-app,jenkins creationTimestamp: "2025-10-11T10:37:43Z" labels: samples.operator.openshift.io/managed: "true" managedFields: - apiVersion: template.openshift.io/v1 fieldsType: FieldsV1 fieldsV1: f:labels: .: {} f:app: {} f:template: {} f:message: {} f:metadata: f:annotations: .: {} f:description: {} f:iconClass: {} f:openshift.io/display-name: {} f:openshift.io/documentation-url: {} f:openshift.io/long-description: {} f:openshift.io/provider-display-name: {} f:openshift.io/support-url: {} f:samples.operator.openshift.io/version: {} f:tags: {} f:labels: .: {} f:samples.operator.openshift.io/managed: {} f:objects: {} f:parameters: {} manager: cluster-samples-operator operation: Update time: "2025-10-11T10:37:43Z" name: jenkins-persistent-monitored namespace: openshift resourceVersion: "17339" uid: 22f09be7-d416-4117-bcbc-1186a5486c61 objects: - apiVersion: route.openshift.io/v1 kind: Route metadata: annotations: haproxy.router.openshift.io/timeout: 4m template.openshift.io/expose-uri: http://{.spec.host}{.spec.path} name: ${JENKINS_SERVICE_NAME} spec: tls: insecureEdgeTerminationPolicy: Redirect termination: edge to: kind: Service name: ${JENKINS_SERVICE_NAME} - apiVersion: v1 kind: PersistentVolumeClaim metadata: name: ${JENKINS_SERVICE_NAME} spec: accessModes: - ReadWriteOnce resources: requests: storage: ${VOLUME_CAPACITY} - apiVersion: v1 kind: ConfigMap metadata: labels: config.openshift.io/inject-trusted-cabundle: "true" name: ${JENKINS_SERVICE_NAME}-trusted-ca-bundle - apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: annotations: template.alpha.openshift.io/wait-for-ready: "true" name: ${JENKINS_SERVICE_NAME} spec: replicas: 1 selector: name: ${JENKINS_SERVICE_NAME} strategy: type: Recreate template: metadata: labels: name: ${JENKINS_SERVICE_NAME} spec: containers: - capabilities: {} env: - name: OPENSHIFT_ENABLE_OAUTH value: ${ENABLE_OAUTH} - name: OPENSHIFT_ENABLE_REDIRECT_PROMPT value: "true" - name: DISABLE_ADMINISTRATIVE_MONITORS value: ${DISABLE_ADMINISTRATIVE_MONITORS} - name: KUBERNETES_MASTER value: https://kubernetes.default:443 - name: KUBERNETES_TRUST_CERTIFICATES value: "true" - name: JENKINS_SERVICE_NAME value: ${JENKINS_SERVICE_NAME} - name: JNLP_SERVICE_NAME value: ${JNLP_SERVICE_NAME} - name: ENABLE_FATAL_ERROR_LOG_FILE value: ${ENABLE_FATAL_ERROR_LOG_FILE} - name: JENKINS_UC_INSECURE value: ${JENKINS_UC_INSECURE} - name: CASC_JENKINS_CONFIG value: /var/lib/jenkins/proxy.yaml - name: JAVA_FIPS_OPTIONS value: ${JAVA_FIPS_OPTIONS} image: ' ' imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 2 httpGet: path: /login port: 8080 initialDelaySeconds: 420 periodSeconds: 360 timeoutSeconds: 240 name: jenkins readinessProbe: httpGet: path: /login port: 8080 initialDelaySeconds: 3 timeoutSeconds: 240 resources: limits: memory: ${MEMORY_LIMIT} securityContext: capabilities: {} privileged: false terminationMessagePath: /dev/termination-log volumeMounts: - mountPath: /var/lib/jenkins name: ${JENKINS_SERVICE_NAME}-data - mountPath: /etc/pki/ca-trust/source/anchors name: ${JENKINS_SERVICE_NAME}-trusted-ca-bundle dnsPolicy: ClusterFirst restartPolicy: Always serviceAccountName: ${JENKINS_SERVICE_NAME} volumes: - name: ${JENKINS_SERVICE_NAME}-data persistentVolumeClaim: claimName: ${JENKINS_SERVICE_NAME} - configMap: name: ${JENKINS_SERVICE_NAME}-trusted-ca-bundle optional: true name: ${JENKINS_SERVICE_NAME}-trusted-ca-bundle triggers: - imageChangeParams: automatic: true containerNames: - jenkins from: kind: ImageStreamTag name: ${JENKINS_IMAGE_STREAM_TAG} namespace: ${NAMESPACE} lastTriggeredImage: "" type: ImageChange - type: ConfigChange - apiVersion: v1 kind: ServiceAccount metadata: annotations: serviceaccounts.openshift.io/oauth-redirectreference.jenkins: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"${JENKINS_SERVICE_NAME}"}}' name: ${JENKINS_SERVICE_NAME} - apiVersion: authorization.openshift.io/v1 groupNames: null kind: RoleBinding metadata: name: ${JENKINS_SERVICE_NAME}_edit roleRef: name: edit subjects: - kind: ServiceAccount name: ${JENKINS_SERVICE_NAME} - apiVersion: v1 kind: Service metadata: name: ${JNLP_SERVICE_NAME} spec: ports: - name: agent nodePort: 0 port: 50000 protocol: TCP targetPort: 50000 selector: name: ${JENKINS_SERVICE_NAME} sessionAffinity: None type: ClusterIP - apiVersion: v1 kind: Service metadata: annotations: service.alpha.openshift.io/dependencies: '[{"name": "${JNLP_SERVICE_NAME}", "namespace": "", "kind": "Service"}]' service.openshift.io/infrastructure: "true" name: ${JENKINS_SERVICE_NAME} spec: ports: - name: web nodePort: 0 port: 80 protocol: TCP targetPort: 8080 selector: name: ${JENKINS_SERVICE_NAME} sessionAffinity: None type: ClusterIP - apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: app: ${NAME} name: jenkins name: ${NAME}-monitored spec: endpoints: - interval: 10s path: /prometheus/ port: web selector: matchLabels: app: ${NAME} parameters: - description: Name of the Jenkins instance to be monitored defined by the `app` label displayName: Name name: NAME required: true value: jenkins-persistent - description: The name of the OpenShift Service exposed for the Jenkins container. displayName: Jenkins Service Name name: JENKINS_SERVICE_NAME value: jenkins - description: The name of the service used for master/slave communication. displayName: Jenkins JNLP Service Name name: JNLP_SERVICE_NAME value: jenkins-jnlp - description: Whether to enable OAuth OpenShift integration. If false, the static account 'admin' will be initialized with the password 'password'. displayName: Enable OAuth in Jenkins name: ENABLE_OAUTH value: "true" - description: Maximum amount of memory the container can use. displayName: Memory Limit name: MEMORY_LIMIT value: 1Gi - description: Volume space available for data, e.g. 512Mi, 2Gi. displayName: Volume Capacity name: VOLUME_CAPACITY required: true value: 1Gi - description: The OpenShift Namespace where the Jenkins ImageStream resides. displayName: Jenkins ImageStream Namespace name: NAMESPACE value: openshift - description: Whether to perform memory intensive, possibly slow, synchronization with the Jenkins Update Center on start. If true, the Jenkins core update monitor and site warnings monitor are disabled. displayName: Disable memory intensive administrative monitors name: DISABLE_ADMINISTRATIVE_MONITORS value: "false" - description: See https://access.redhat.com/documentation/en-us/openjdk/11/html-single/configuring_openjdk_11_on_rhel_with_fips/index#config-fips-in-openjdk for the available command line properties to facilitate the JVM running on FIPS nodes. displayName: Allows control over how the JVM interacts with FIPS on startup. name: JAVA_FIPS_OPTIONS value: -Dcom.redhat.fips=false - description: Name of the ImageStreamTag to be used for the Jenkins image. displayName: Jenkins ImageStreamTag name: JENKINS_IMAGE_STREAM_TAG value: jenkins:2 - description: When a fatal error occurs, an error log is created with information and the state obtained at the time of the fatal error. displayName: Fatal Error Log File name: ENABLE_FATAL_ERROR_LOG_FILE value: "false" - description: Whether to allow use of a Jenkins Update Center that uses invalid certificate (self-signed, unknown CA). If any value other than 'false', certificate check is bypassed. By default, certificate check is enforced. displayName: Allows use of Jenkins Update Center repository with invalid SSL certificate name: JENKINS_UC_INSECURE value: "false" - description: Setting this value overrides the image used for the 'jnlp' container in the sample kubernetes plug-in PodTemplates provided with this image. Otherwise, the image from the 'jenkins-agent-base:latest' ImageStreamTag in the 'openshift' namespace is used. displayName: Image used for the 'jnlp' container of the sample 'java-sidecar' and 'nodejs-sidecar' PodTemplates name: AGENT_BASE_IMAGE value: image-registry.openshift-image-registry.svc:5000/openshift/jenkins-agent-base:latest - description: Setting this value overrides the image used for the 'java-builder' container in the sample kubernetes plug-in PodTemplates provided with this image. Otherwise, the image from the 'java:latest' ImageStreamTag in the 'openshift' namespace is used. displayName: Image used for the 'java' container of the sample 'java-builder' PodTemplate name: JAVA_BUILDER_IMAGE value: image-registry.openshift-image-registry.svc:5000/openshift/java:latest - description: Setting this value overrides the image used for the 'nodejs-builder' container in the sample kubernetes plug-in PodTemplates provided with this image. Otherwise, the image from the 'nodejs:latest' ImageStreamTag in the 'openshift' namespace is used. displayName: Image used for the 'nodejs' container of the sample 'nodejs-builder' PodTemplate name: NODEJS_BUILDER_IMAGE value: image-registry.openshift-image-registry.svc:5000/openshift/nodejs:latest