JenkinsfilePod.yaml

apiVersion: v1
kind: Pod
metadata:
  annotations:
    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
    karpenter.sh/do-not-disrupt: "true"
spec:
  # Try to keep build pods away from other build pods if possible, but it's not critical
  affinity:
    podAntiAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 10
        podAffinityTerm:
          labelSelector:
            matchLabels:
              jenkins/cgici-jenkins-jenkins-agent: "true"
          topologyKey: kubernetes.io/hostname
  serviceAccountName: cgici-gaiascope
  securityContext:
    runAsUser: 1000
    runAsGroup: 1000
    fsGroup: 1000
  containers:
  - name: libeopp-build
    image: public.ecr.aws/cgici-images/eopp-build-container:3.2.0
    imagePullPolicy: IfNotPresent
    command:
    - cat
    tty: true
    volumeMounts:
    # This volume is defined by the Jenkins agent, which extends this yaml
    # We want to also mount it under ~/.cache to add the Bazel cache to the workspace volume
    - mountPath: /home/jenkins/.cache
      name: workspace-volume
      subPath: .cache
    - name: kubedock-socket
      mountPath: /var/run/kubedock
    env:
    - name: DOCKER_HOST
      value: "unix:///var/run/kubedock/docker.sock"
    - name: TESTCONTAINERS_RYUK_DISABLED
      value: "true"
    - name: TESTCONTAINERS_CHECKS_DISABLE
      value: "true"
    # Update bazelrc flags at top of Jenkinsfile if changing resources
    resources:
      limits:
        cpu: "4"
        memory: "8Gi"
      requests:
        cpu: "4"
        memory: "8Gi"

  # Kubedock provides a limited Docker API backed by the local Kubernetes environment
  # we use this for container testing (e.g. our DockerRegistryRule)
  - name: kubedock
    image: docker.io/joyrex2001/kubedock:0.16.0
    imagePullPolicy: Always
    args:
    - server
    - --reverse-proxy
    - --unix-socket
    - /var/run/kubedock/docker.sock
    volumeMounts:
    - name: workspace-volume
      mountPath: /home/jenkins/agent
    - mountPath: /home/jenkins/.cache
      name: workspace-volume
      subPath: .cache
    - name: kubedock-socket
      mountPath: /var/run/kubedock
    resources:
      limits:
        cpu: 100m
        memory: 80Mi

  volumes:
    - name: kubedock-socket
      emptyDir: { }