Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
cdk8s-jenkins
Advanced tools
cdk8s-jenkins
is a library that lets you easily define a manifest for deploying a Jenkins instance to your Kubernetes cluster.
This library uses a Custom Resource Definition provided by jenkins, and thus requires both the CRD and the operator to be installed on the cluster. You can set this up by,
kubectl apply -f https://raw.githubusercontent.com/jenkinsci/kubernetes-operator/master/config/crd/bases/jenkins.io_jenkins.yaml
kubectl apply -f https://raw.githubusercontent.com/jenkinsci/kubernetes-operator/master/deploy/all-in-one-v1alpha2.yaml
For more information regarding applying jenkins crd and installing jenkins operator, please refer jenkins official documentaion.
The library provides a high level Jenkins
construct to provision a Jenkins instance.
You can just instantiate the Jenkins instance and that would add a Jenkins resource to the kubernetes manifest.
The library provide a set of defaults, so provisioning a basic Jenkins instance requires no configuration:
import { Jenkins } from 'cdk8s-jenkins';
// inside your chart:
const jenkins = new Jenkins(this, 'my-jenkins');
The library also enables configuring the following parmeters for the Jenkins instance:
const jenkins = new Jenkins(this, 'my-jenkins', {
metadata: {
namespace: 'jenkins-namespace',
labels: { customApp: 'my-jenkins' },
},
});
This allows you to toggle CSRF Protection for Jenkins.
const jenkins = new Jenkins(this, 'my-jenkins', {
disableCsrfProtection: true,
});
These are the plugins required by the jenkins operator.
const jenkins = new Jenkins(this, 'my-jenkins', {
basePlugins: [{
name: 'configuration-as-code',
version: '1.55',
}],
});
You can also utilize addBasePlugins
function to add base plugins to jenkins configuration after initialization.
const jenkins = new Jenkins(this, 'my-jenkins');
jenkins.addBasePlugins([{
name: 'workflow-api',
version: '2.76',
}]);
These are the plugins that you can add to your jenkins instance.
const jenkins = new Jenkins(this, 'my-jenkins', {
plugins: [{
name: 'simple-theme-plugin',
version: '0.7',
}],
});
You can also utilize addPlugins
function to add plugins to jenkins configuration after initialization.
const jenkins = new Jenkins(this, 'my-jenkins');
jenkins.addPlugins([{
name: 'simple-theme-plugin',
version: '0.7',
}]);
You can define list of jenkins seed job configurations here. For more info you can take look at jenkins documentation.
const jenkins = new Jenkins(this, 'my-jenkins', {
seedJobs: [{
id: 'jenkins-operator',
targets: 'cicd/jobs/*.jenkins',
description: 'Jenkins Operator repository',
repositoryBranch: 'master',
repositoryUrl: 'https://github.com/jenkinsci/kubernetes-operator.git',
}],
});
You can also utilize addSeedJobs
function to add seed jobs to jenkins configuration after initialization.
const jenkins = new Jenkins(this, 'my-jenkins');
jenkins.addSeedJobs([{
id: 'jenkins-operator',
targets: 'cicd/jobs/*.jenkins',
description: 'Jenkins Operator repository',
repositoryBranch: 'master',
repositoryUrl: 'https://github.com/jenkinsci/kubernetes-operator.git',
}]);
You can utilize escape hatches to make changes to the configurations that are not yet exposed by the library.
For instance, if you would like to update the version of a base plugin:
const jenkins = new Jenkins(this, 'my-jenkins');
const jenkinsApiObject = ApiObject.of(jenkins);
jenkinsApiObject.addJsonPatch(JsonPatch.replace('/spec/master/basePlugins/1', {
name: 'workflow-job',
version: '3.00',
}));
For more information regarding escape hatches, take a look at cdk8s documentation.
See CONTRIBUTING for more information.
This project is licensed under the Apache-2.0 License.
FAQs
Jenkins construct for CDK8s
The npm package cdk8s-jenkins receives a total of 65 weekly downloads. As such, cdk8s-jenkins popularity was classified as not popular.
We found that cdk8s-jenkins demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.