feat (jenkins): Add vault secret
This commit is contained in:
parent
764cda4064
commit
3a720a8a85
@ -52,6 +52,17 @@ There is one additional group of configuration items specific for this chart, so
|
||||
You can override the values at deploy time but otherwise also configure them
|
||||
[in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
|
||||
|
||||
* Vault
|
||||
|
||||
New vault token to be used by the pods to retrieve their tokens from the vault.
|
||||
|
||||
| Parameter | Description | Default |
|
||||
| ----------------------------------|--------------------------------------------|-----------------------------------------------|
|
||||
| `PipelineSecrets.Vault.Replace` | Replace the molgenis-pipeline-vault secret |`true` |
|
||||
| `PipelineSecrets.Vault.Token` | Token to log into the hashicorp vault |`xxxx` |
|
||||
| `PipelineSecrets.Vault.Addr` | Address of the vault |`https:vault-operator.vault-operator.svc:8200` |
|
||||
| `PipelineSecrets.Vault.skipVerify`| Skip verification of the https connection |`1` |
|
||||
|
||||
* Env
|
||||
|
||||
Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables
|
||||
|
@ -0,0 +1,16 @@
|
||||
{{- if .Values.PipelineSecrets.Vault.Replace }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: molgenis-pipeline-vault-secret
|
||||
labels:
|
||||
app: {{ template "jenkins.fullname" . }}
|
||||
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
||||
release: "{{ .Release.Name }}"
|
||||
heritage: "{{ .Release.Service }}"
|
||||
type: Opaque
|
||||
data:
|
||||
token: {{ .Values.PipelineSecrets.Vault.Token | b64enc | quote }}
|
||||
addr: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }}
|
||||
skipVerify: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }}
|
||||
{{- end }}
|
@ -509,6 +509,10 @@ jenkins:
|
||||
memory: "512Mi"
|
||||
NodeSelector: {}
|
||||
PipelineSecrets:
|
||||
Vault:
|
||||
Replace: true
|
||||
Token: xxxx
|
||||
Addr: "https://vault-operator.vault-operator.svc:8200"
|
||||
Env:
|
||||
# Set to false to keep existing secret
|
||||
Replace: true
|
||||
|
Loading…
Reference in New Issue
Block a user