apiVersion: apps/v1
kind: Deployment
metadata:
  name: jenkins
  namespace: jenkins
spec:
  replicas: 1
  selector:
    matchLabels:
      app: jenkins
  template:
    metadata:
      labels:
        app: jenkins
    spec:
      securityContext:
        fsGroup: 1000
      initContainers:
      - name: install-docker-cli
        image: docker:24-cli
        command:
        - sh
        - -c
        - |
          cp /usr/local/bin/docker /tmp/docker-bin/
          chmod +x /tmp/docker-bin/docker
        volumeMounts:
        - name: docker-cli
          mountPath: /tmp/docker-bin
      containers:
      - name: jenkins
        image: jenkins/jenkins:lts-jdk17
        ports:
        - containerPort: 8080
        - containerPort: 50000
        env:
        - name: JENKINS_OPTS
          value: "--httpPort=8080"
        - name: DOCKER_HOST
          value: "unix:///var/run/docker.sock"
        command:
        - sh
        - -c
        - |
          export PATH="/tmp/docker-bin:$PATH"
          exec /usr/local/bin/jenkins.sh
        volumeMounts:
        - name: jenkins-home
          mountPath: /var/jenkins_home
        - name: docker-sock
          mountPath: /var/run/docker.sock
        - name: docker-cli
          mountPath: /tmp/docker-bin
      volumes:
      - name: jenkins-home
        persistentVolumeClaim:
          claimName: jenkins-home
      - name: docker-sock
        hostPath:
          path: /var/run/docker.sock
          type: Socket
      - name: docker-cli
        emptyDir: {}