added custom Jenkins Dockerfile

Author: Jaime Salas Zancada

03-cd/01-jenkins/00-instalando-jenkins/Dockerfile

@@ -0,0 +1,48 @@
+FROM jenkinsci/blueocean:latest
+
+USER root
+
+# insatll node
+RUN apk add --update nodejs npm
+
+# compose deps
+RUN apk add --no-cache \
+    gcc \
+    libc-dev \
+    libffi-dev \
+    make \
+    openssl-dev \
+    python3-dev \
+    py-pip
+
+# install docker-compose via python 
+RUN pip install docker-compose
+
+# .NET Core deps
+RUN apk add --no-cache \
+    ca-certificates \
+    icu-libs \
+    krb5-libs \
+    libgcc \
+    libintl \
+    libssl1.1 \
+    libstdc++ \
+    zlib
+
+ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT="true" \
+    PATH="${PATH}:/root/.dotnet"
+
+# .NET Core SDK
+# see https://github.com/dotnet/dotnet-docker/blob/master/3.1/sdk/alpine3.11/amd64/Dockerfile
+RUN dotnet_sdk_version=3.1.201 \
+    && wget -O dotnet.tar.gz https://dotnetcli.azureedge.net/dotnet/Sdk/$dotnet_sdk_version/dotnet-sdk-$dotnet_sdk_version-linux-musl-x64.tar.gz \
+    && dotnet_sha512='9a8f14be881cacb29452300f39ee66f24e253e2df947f388ad2157114cd3f44eeeb88fae4e3dd1f9687ce47f27d43f2805f9f54694b8523dc9f998b59ae79996' \
+    && echo "$dotnet_sha512  dotnet.tar.gz" | sha512sum -c - \
+    && mkdir -p /usr/share/dotnet \
+    && tar -C /usr/share/dotnet -oxzf dotnet.tar.gz \
+    && ln -s /usr/share/dotnet/dotnet /usr/bin/dotnet \
+    && rm dotnet.tar.gz \
+    # Trigger first run experience by running arbitrary cmd
+    && dotnet help
+
+USER jenkins

03-cd/01-jenkins/00-instalando-jenkins/readme.md

@@ -0,0 +1,156 @@
+## Downloading and running Jenkins in Docker
+
+### 1. Create a network for Jenkis
+
+```bash
+$ docker network create jenkins
+```
+
+### 2. Create the following volumes to share the Docker client TLS certificates needed to connect to the Docker daemon and persist the Jenkins data 
+
+```bash
+$ docker volume create jenkins-docker-certs 
+$ docker volume create jenkins-data 
+```
+
+### 3. In order to execute Docker commands inside Jenkins nodes, download and run the docker:dind Docker image
+
+```bash
+docker container run \
+    --name jenkins-docker \
+    --rm \
+    --detach \
+    --privileged \
+    --network jenkins \
+    --ntework-alias docker \
+    --env DOCKER_TLS_CERTDIR=/certs \
+    --volume jenkins-docker-certs:/certs/client \
+    --volume jenkins-data:/var/jenkins_home \
+    --publish 2376:2376
+    docker:dind
+```
+
+#### Commands explanation
+
+```
+docker container run \
+    --name jenkins-docker \ # 1
+    --rm \ # 2
+    --detach \ # 3
+    --privileged \ # 4
+    --network jenkins \ # 5
+    --ntework-alias docker \ # 6
+    --env DOCKER_TLS_CERTDIR=/certs \ # 7
+    --volume jenkins-docker-certs:/certs/client \ # 8
+    --volume jenkins-data:/var/jenkins_home \  # 9
+    --publish 2376:2376 # 10
+    docker:dind # 11
+```
+
+1. The Docker conatiner name
+2. Removes the Docker conatiner instance when it is shut down.
+3. Runs the Docker container in the background.
+4. Running Docker in Docker currently requires provileged access to function properly.
+5. Join to previous created network
+6. Makes the Docker in Docker container available as the hostname _docker_ within the _jenkins_ network.
+7. Enables the use of TLS in the Docker server. Due to the use of a privileged container, this is recommended, though it requires the use of the shared volume described below. This environment variable controls the root directory where Docker TLS certificates are managed.
+8. Maps the _/certs/client_ directory inside the container to a Docker volume named _jenkins-docker-certs_ as created above.
+9. Maps the */var/jenkins_home* directory inside the container to the Docker volume named _jenkins-data_ as created above. This will allow for other Docker containers controlled by this Docker container’s Docker daemon to mount data from Jenkins.
+10. Exposes the Docker daemon port on the host machine. This is useful for executing _docker_ commands on the host machine to control this inner Docker daemon.
+11. The _docker:dind_ image itself.
+
+* Annotation free version
+
+```bash
+docker container run --name jenkins-docker --rm --detach \
+  --privileged --network jenkins --network-alias docker \
+  --env DOCKER_TLS_CERTDIR=/certs \
+  --volume jenkins-docker-certs:/certs/client \
+  --volume jenkins-data:/var/jenkins_home \
+  --publish 2376:2376 docker:dind
+```
+
+### 4. Run jenkins as a container
+
+```bash
+docker container run \
+    --name jenkins-blueocean \
+    --rm \
+    --detach \
+    --network jenkins \
+    --env DOCKER_HOST=tcp://docker:2376 \
+    --env DOCKER_CERT_PATH=/certs/client \
+    --env DOCKER_TLS_VERIFY=1 \
+    --publish 8080:8080 \
+    --publish 50000:50000 \
+    --volume jenkins-data:/var/jenkins_home \
+    --volume jenkins-docker-certs:/certs/client:ro \
+    jenkinsci/blueocean
+```
+
+#### Commands explantion
+
+```
+docker container run \
+    --name jenkins-blueocean \ # 1
+    --rm \ # 2
+    --detach \ # 3
+    --network jenkins \ # 4
+    --env DOCKER_HOST=tcp://docker:2376 \ # 5
+    --env DOCKER_CERT_PATH=/certs/client \
+    --env DOCKER_TLS_VERIFY=1 \
+    --publish 8080:8080 \ # 6
+    --publish 50000:50000 \ # 7
+    --volume jenkins-data:/var/jenkins_home \ # 8
+    --volume jenkins-docker-certs:/certs/client:ro \ # 9
+    jenkinsci/blueocean # 10
+```
+
+1. Specifies the Docker container name for this instance of the _jenkinsci/blueocean_ Docker image. 
+
+2. Removes the Docker conatiner instance when it is shut down.
+
+3. Runs the Docker container in the background.
+
+4. Connects this container to the jenkins network defined in the earlier step. This makes the Docker daemon from the previous step available to this Jenkins container through the hostname docker.
+
+5. Specifies the environment variables used by `docker`, `docker-compose`, and other Docker tools to connect to the Docker daemon from the previous step.
+
+6. Maps (i.e. "publishes") port 8080 of the _jenkinsci/blueocean_ container to port 8080 on the host machine. The first number represents the port on the host while the last represents the container’s port. Therefore, if you specified _-p 49000:8080_ for this option, you would be accessing Jenkins on your host machine through port 49000.
+
+7. Maps port 50000 of the jenkinsci/blueocean container to port 50000 on the host machine. This is only necessary if you have set up one or more inbound Jenkins agents on other machines, which in turn interact with the _jenkinsci/blueocean_ container (the Jenkins "controller"). Inbound Jenkins agents communicate with the Jenkins controller through TCP port 50000 by default. You can change this port number on your Jenkins controller through the Configure Global Security page. If you were to change the TCP port for inbound Jenkins agents of your Jenkins controller to 51000 (for example), then you would need to re-run Jenkins (via this docker run …​ command) and specify this "publish" option with something like _--publish 52000:51000_, where the last value matches this changed value on the Jenkins controller and the first value is the port number on the machine hosting the Jenkins controller. Inbound Jenkins agents communicate with the Jenkins controller on that port (52000 in this example). Note that WebSocket agents in Jenkins 2.217 do not need this configuration.
+
+8. Maps the */var/jenkins_home* directory in the container to the Docker volume with the name _jenkins-data_. Instead of mapping the */var/jenkins_home* directory to a Docker volume, you could also map this directory to one on your machine’s local file system. For example, specifying the option
+*--volume $HOME/jenkins:/var/jenkins_home* would map the container’s */var/jenkins_home* directory to the jenkins subdirectory within the *$HOME* directory on your local machine, which would typically be */Users/<your-username>/jenkins* or */home/<your-username>/jenkins*. Note that if you change the source volume or directory for this, the volume from the _docker:dind_ container above needs to be updated to match this.
+
+9. Maps the _/certs/client_ directory to the previously created _jenkins-docker-certs_ volume. This makes the client TLS certificates needed to connect to the Docker daemon available in the path specified by the *DOCKER_CERT_PATH* environment variable.
+
+10. The _jenkinsci/blueocean_ Docker image itself.
+
+* Annotation-free version
+
+```bash
+docker container run --name jenkins-blueocean --rm --detach \
+  --network jenkins --env DOCKER_HOST=tcp://docker:2376 \
+  --env DOCKER_CERT_PATH=/certs/client --env DOCKER_TLS_VERIFY=1 \
+  --volume jenkins-data:/var/jenkins_home \
+  --volume jenkins-docker-certs:/certs/client:ro \
+  --publish 8080:8080 --publish 50000:50000 jenkinsci/blueocean
+```
+
+## Starting Jenkins
+
+To unlock Jenkins we have to paste a password, we can find the password inside the running container, run the following command `cat /var/jenkins_home/secrets/initialAdminPassword` to obtain the initial password
+
+```bash
+$ docker container exec -it jenkins-blueocean bash
+```
+
+```bash
+$ ls
+bin  certs  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
+$ cat /var/jenkins_home/secrets/initialAdminPassword 
+8b0ee7a1a0214fe0a3029b8232c56087
+```
+
+Now install the suggested plugins and wait until Jenkins finishes

03-cd/01-jenkins/00-instalando-jenkins/start_jenkins.sh

@@ -0,0 +1,19 @@
+IMAGE=$1
+CERTS_VOLUME=$2
+DATA_VOLUME=$3
+
+# StartDocker in Docker into jenkins network
+docker container run --name jenkins-docker --rm --detach \
+    --privileged --network jenkins --network-alias docker \
+    --env DOCKER_TLS_CERTDIR=/certs \
+    --volume "$CERTS_VOLUME":/certs/client \
+    --volume "$DATA_VOLUME":/var/jenkins_home \
+    --publish 2376:2376 docker:dind
+
+# Start Jenkins in the same network
+docker container run --name jenkins-blueocean --rm --detach \
+  --network jenkins --env DOCKER_HOST=tcp://docker:2376 \
+  --env DOCKER_CERT_PATH=/certs/client --env DOCKER_TLS_VERIFY=1 \
+  --volume "$DATA_VOLUME":/var/jenkins_home \
+  --volume "$CERTS_VOLUME":/certs/client:ro \
+  --publish 8080:8080 --publish 50000:50000 "$IMAGE"