P129679/molgenis-ops-docker-helm
1
0
Fork 0
Code Releases Activity

feat (jenkins): Add vault secret

Browse Source
This commit is contained in:
Fleur Kelpin 2018-08-18 23:40:57 +02:00
parent 764cda4064
commit 3a720a8a85
3 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
molgenis-jenkins/README.md
View File

@ -52,6 +52,17 @@ There is one additional group of configuration items specific for this chart, so
You can override the values at deploy time but otherwise also configure them You can override the values at deploy time but otherwise also configure them
[in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl. [in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
* Vault
New vault token to be used by the pods to retrieve their tokens from the vault.
| Parameter | Description | Default |
| ----------------------------------|--------------------------------------------|-----------------------------------------------|
| `PipelineSecrets.Vault.Replace` | Replace the molgenis-pipeline-vault secret |`true` |
| `PipelineSecrets.Vault.Token` | Token to log into the hashicorp vault |`xxxx` |
| `PipelineSecrets.Vault.Addr` | Address of the vault |`https:vault-operator.vault-operator.svc:8200` |
| `PipelineSecrets.Vault.skipVerify`| Skip verification of the https connection |`1` |
* Env * Env
Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables

16
molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml Normal file
View File

@ -0,0 +1,16 @@
{{- if .Values.PipelineSecrets.Vault.Replace }}
apiVersion: v1
kind: Secret
metadata:
name: molgenis-pipeline-vault-secret
labels:
app: {{ template "jenkins.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
data:
token: {{ .Values.PipelineSecrets.Vault.Token | b64enc | quote }}
addr: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }}
skipVerify: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }}
{{- end }}

4
molgenis-jenkins/values.yaml
View File

@ -509,6 +509,10 @@ jenkins:
memory: "512Mi" memory: "512Mi"
NodeSelector: {} NodeSelector: {}
PipelineSecrets: PipelineSecrets:
Vault:
Replace: true
Token: xxxx
Addr: "https://vault-operator.vault-operator.svc:8200"
Env: Env:
# Set to false to keep existing secret # Set to false to keep existing secret
Replace: true Replace: true