apiVersion: v1
kind: Namespace
metadata:
  name: "jenkins"

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins-manager
  namespace: jenkins

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins-agent
  namespace: jenkins

---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: jenkins
  namespace: jenkins
rules:
- apiGroups: ["*"]
  resources: ["pods"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: ["*"]
  resources: ["pods/exec"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: ["*"]
  resources: ["pods/log"]
  verbs: ["get","list","watch"]
- apiGroups: ["*"]
  resources: ["secrets"]
  verbs: ["get"]
- apiGroups: ["*"]
  resources: ["persistentvolumeclaims"]
  verbs: ["create","delete","get","list","update","watch"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: jenkins
  namespace: jenkins
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: jenkins
subjects:
- kind: ServiceAccount
  name: jenkins-manager
- kind: ServiceAccount
  name: jenkins-agent

---
apiVersion: v1
kind: Service
metadata:
  name: jenkins-service
  namespace: jenkins
  labels:
    app.kubernetes.io/name: jenkins-service
  annotations:
     service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
     service.beta.kubernetes.io/aws-load-balancer-internal: "false"
spec:
  type: LoadBalancer
  externalTrafficPolicy: Cluster
  selector:
    app.kubernetes.io/name: jenkins
  ports:
  - port: 80
    targetPort: 8080
    protocol: TCP
    name: manager
  - port: 50000
    targetPort: 50000
    protocol: TCP
    name: agent

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: jenkins-manager
  namespace: jenkins
  labels:
    app.kubernetes.io/name: jenkins
spec:
  replicas: 1
  strategy:
    type: RollingUpdate
  selector:
    matchLabels:
      app.kubernetes.io/name: jenkins
  template:
    metadata:
      labels:
        app.kubernetes.io/name: jenkins
    spec:
      serviceAccountName: jenkins-manager # Enter the service account name being used
      securityContext:
        runAsUser: 0
        fsGroup: 0
        runAsNonRoot: false
      containers:
        - name: jenkins-manager
          image: <AWS-ACCOUNT-ID>.dkr.ecr.<AWS-REGION>.amazonaws.com/test-jenkins-manager:latest # Enter the jenkins manager image
          imagePullPolicy: Always
          resources:
            requests:
              cpu: 500m
              memory: 512Mi
            limits:
              cpu: "1"
              memory: 4096Mi
          ports:
            - containerPort: 8080
              protocol: TCP
              name: manager
            - containerPort: 50000
              protocol: TCP
              name: jnlp