1
0

feat (jenkins): Add vault secret

This commit is contained in:
Fleur Kelpin 2018-08-18 23:40:57 +02:00
parent 764cda4064
commit 3a720a8a85
3 changed files with 31 additions and 0 deletions

View File

@ -52,6 +52,17 @@ There is one additional group of configuration items specific for this chart, so
You can override the values at deploy time but otherwise also configure them
[in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
* Vault
New vault token to be used by the pods to retrieve their tokens from the vault.
| Parameter | Description | Default |
| ----------------------------------|--------------------------------------------|-----------------------------------------------|
| `PipelineSecrets.Vault.Replace` | Replace the molgenis-pipeline-vault secret |`true` |
| `PipelineSecrets.Vault.Token` | Token to log into the hashicorp vault |`xxxx` |
| `PipelineSecrets.Vault.Addr` | Address of the vault |`https:vault-operator.vault-operator.svc:8200` |
| `PipelineSecrets.Vault.skipVerify`| Skip verification of the https connection |`1` |
* Env
Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables

View File

@ -0,0 +1,16 @@
{{- if .Values.PipelineSecrets.Vault.Replace }}
apiVersion: v1
kind: Secret
metadata:
name: molgenis-pipeline-vault-secret
labels:
app: {{ template "jenkins.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
data:
token: {{ .Values.PipelineSecrets.Vault.Token | b64enc | quote }}
addr: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }}
skipVerify: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }}
{{- end }}

View File

@ -509,6 +509,10 @@ jenkins:
memory: "512Mi"
NodeSelector: {}
PipelineSecrets:
Vault:
Replace: true
Token: xxxx
Addr: "https://vault-operator.vault-operator.svc:8200"
Env:
# Set to false to keep existing secret
Replace: true