chore (molgenis-jenkins): Retrieve pipeline secrets from vault when possible.
This commit is contained in:
		| @@ -40,57 +40,62 @@ You can use [all configuration values of the jenkins subchart](https://github.co | ||||
| ### GitHub Authentication delegation | ||||
| You need to setup a MOLGENIS - Jenkins GitHub OAuth App. You can do this by accessing this url: [add new OAuth app](https://github.com/settings/applications/new). | ||||
|  | ||||
| ### Additional configuration | ||||
| There is one additional group of configuration items specific for this chart, so not prefixed with `jenkins`: | ||||
| ### Secrets | ||||
|  | ||||
| * PipelineSecrets | ||||
|  | ||||
|    When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins and mounted in the jenkins  | ||||
|    build pods. The secrets, like the rest of the deployment, is namespaced so multiple instances can run beside | ||||
|    each other with their own secrets. | ||||
|    When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins. | ||||
|  | ||||
|    You can override the values at deploy time but otherwise also configure them  | ||||
|    [in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl. | ||||
|  | ||||
| *  Vault | ||||
| #### Vault | ||||
|  | ||||
|    New vault token to be used by the pods to retrieve their tokens from the vault. | ||||
| The vault secret gets mounted in the vault pod so pipeline scripts can retrieve secrets from the vault. | ||||
|  | ||||
| | Parameter                 | Description                                | Default                                        | | ||||
| | ------------------------- | ------------------------------------------ | ---------------------------------------------- | | ||||
| | `secret.vault.token`      | Token to log into the hashicorp vault      | `xxxx`                                         | | ||||
| | `secret.vault.addr`       | Address of the vault                       | `https:vault-operator.vault-operator.svc:8200` | | ||||
| | `secret.vault.skipVerify` | Skip verification of the https connection  | `1`                                            | | ||||
|  | ||||
| #### GitHub | ||||
|  | ||||
| Token used by Jenkins to authenticate on GitHub. | ||||
|  | ||||
| | Parameter             | Description              | Default            | | ||||
| | --------------------- | ------------------------ | ------------------ | | ||||
| | `secret.gitHub.user`  | username for the account | `molgenis-jenkins` | | ||||
| | `secret.gitHub.token` | token for the account    | `xxxx`             | | ||||
|  | ||||
| #### Gogs | ||||
|  | ||||
| Token used by Jenkins to authenticate on the [RuG Webhosting Gogs](https://git.webhosting.rug.nl). | ||||
|  | ||||
| | Parameter           | Description              | Default   | | ||||
| | ------------------- | ------------------------ | --------- | | ||||
| | `secret.gogs.user`  | username for the account | `p281392` | | ||||
| | `secret.gogs.token` | token for the account    | `xxxx`    | | ||||
|  | ||||
| #### Legacy: | ||||
|  | ||||
| ##### Docker Hub | ||||
|     | ||||
|    | Parameter                          | Description                                | Default                                        | | ||||
|    | ---------------------------------- | ------------------------------------------ | ---------------------------------------------- | | ||||
|    | `PipelineSecrets.Vault.Replace`    | Replace the molgenis-pipeline-vault secret | `true`                                         | | ||||
|    | `PipelineSecrets.Vault.Token`      | Token to log into the hashicorp vault      | `xxxx`                                         | | ||||
|    | `PipelineSecrets.Vault.Addr`       | Address of the vault                       | `https:vault-operator.vault-operator.svc:8200` | | ||||
|    | `PipelineSecrets.Vault.SkipVerify` | Skip verification of the https connection  | `1`                                            | | ||||
| Account used in pipeline builds to push docker images to `hub.docker.com`. | ||||
| > They should read `secret/gcc/account/dockerhub` from vault instead! | ||||
|  | ||||
| *  Env | ||||
| | Parameter                   | Description              | Default         | | ||||
| | --------------------------- | ------------------------ | --------------- | | ||||
| | `secret.dockerHub.user`     | username for the account | `molgenisci`    | | ||||
| | `secret.dockerHub.password` | password for the account | `xxxx`          | | ||||
|  | ||||
| ##### Registry | ||||
|     | ||||
|    Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables | ||||
|    in the slave pods. | ||||
| Account used in pipeline builds to push docker images to `registry.molgenis.org`. | ||||
| > They should read `secret/ops/account/nexus` from vault instead! | ||||
|  | ||||
|    | Parameter                               | Description                               | Default         | | ||||
|    | --------------------------------------- | ----------------------------------------- | --------------- | | ||||
|    | `PipelineSecrets.Env.Replace`           | Replace molgenis-pipeline-env secret      | `true`          | | ||||
|    | `PipelineSecrets.Env.PGPPassphrase`     | passphrase for the pgp signing key        | `literal:xxxx`  | | ||||
|    | `PipelineSecrets.Env.CodecovToken`      | token for codecov.io                      | `xxxx`          | | ||||
|    | `PipelineSecrets.Env.GitHubToken`       | token for GH molgenis-jenkins user        | `xxxx`          | | ||||
|    | `PipelineSecrets.Env.NexusPassword`     | token for molgenis-jenkins user in NEXUS  | `xxxx`          | | ||||
|    | `PipelineSecrets.Env.DockerHubPassword` | token for molgenis user in hub.docker.com | `xxxx`          | | ||||
|    | `PipelineSecrets.Env.SonarToken`        | token for sonarcloud.io                   | `xxxx`          | | ||||
|    | `PipelineSecrets.Env.NpmToken`          | token for npmjs.org                       | `xxxx`          |  | ||||
|    | `PipelineSecrets.Env.SauceAccessKey`    | token for saucelabs.com                   | `xxxx`          | | ||||
|  | ||||
| * File | ||||
|  | ||||
|   Environment variables stored in molgenis-pipeline-file secret, to be mounted as files | ||||
|   in the `/root/.m2` directory of the slave pods. | ||||
|   > The settings.xml file references the  | ||||
|  | ||||
|   | Parameter                              | Description                           | Default                                                                         | | ||||
|   | -------------------------------------- | ------------------------------------- | ------------------------------------------------------------------------------- | | ||||
|   | `PipelineSecrets.File.Replace`         | Replace molgenis-pipeline-file secret | `true`                                                                          | | ||||
|   | `PipelineSecrets.File.PGPPrivateKeyAsc`| pgp signing key in ascii form         | `-----BEGIN PGP PRIVATE KEY BLOCK-----xxxxx-----END PGP PRIVATE KEY BLOCK-----` | | ||||
|   | `PipelineSecrets.File.MavenSettingsXML`| Maven settings.xml file               | `<settings>[...]</settings>` (see actual [values.yaml](values.yaml))            | | ||||
| | Parameter                   | Description              | Default   | | ||||
| | --------------------------- | ------------------------ | --------- | | ||||
| | `secret.dockerHub.user`     | username for the account | `admin`   | | ||||
| | `secret.dockerHub.password` | password for the account | `xxxx`    | | ||||
|  | ||||
| ## Command line use | ||||
| Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. | ||||
|   | ||||
| @@ -8,9 +8,9 @@ metadata: | ||||
|     "jenkins.io/credentials-type": "usernamePassword" | ||||
|   annotations: { | ||||
| # description - can not be a label as spaces are not allowed | ||||
|     "jenkins.io/credentials-description" : "user to authenticate against Docker Hub (hub.docker.com)" | ||||
|     "jenkins.io/credentials-description" : "(deprecated by vault) Account used in pipeline builds to push docker images to Docker Hub (hub.docker.com)" | ||||
|   } | ||||
| type: Opaque | ||||
| data: | ||||
|   username: {{ "molgenisci" | b64enc | quote }} | ||||
|   password: {{ .Values.PipelineSecrets.Env.DockerHubPassword | b64enc | quote }} | ||||
|   username: {{ .Values.secret.registry.user | b64enc | quote }} | ||||
|   password: {{ .Values.secret.registry.password | b64enc | quote }} | ||||
| @@ -8,9 +8,9 @@ metadata: | ||||
|     "jenkins.io/credentials-type": "usernamePassword" | ||||
|   annotations: { | ||||
| # description - can not be a label as spaces are not allowed | ||||
|     "jenkins.io/credentials-description" : "oauth token for the molgenis-jenkins github user" | ||||
|     "jenkins.io/credentials-description" : "Oauth token for the {{.Values.secret.gitHub.user}} GitHub user" | ||||
|   } | ||||
| type: Opaque | ||||
| data: | ||||
|   username: {{ "molgenis-jenkins" | b64enc | quote }} | ||||
|   password: {{ .Values.PipelineSecrets.Env.GitHubToken | b64enc | quote }} | ||||
|   username: {{ .Values.secret.gitHub.user | b64enc | quote }} | ||||
|   password: {{ .Values.secret.gitHub.token | b64enc | quote }} | ||||
| @@ -8,9 +8,9 @@ metadata: | ||||
|     "jenkins.io/credentials-type": "usernamePassword" | ||||
|   annotations: { | ||||
| # description - can not be a label as spaces are not allowed | ||||
|     "jenkins.io/credentials-description" : "user to authenticate against GOGS (git.webhosting.rug.nl)" | ||||
|     "jenkins.io/credentials-description" : "Account used to authenticate against RuG Webhosting Gogs." | ||||
|   } | ||||
| type: Opaque | ||||
| data: | ||||
|   username: {{ "p281392" | b64enc | quote }} | ||||
|   password: {{ .Values.PipelineSecrets.Env.GogsToken | b64enc | quote }} | ||||
|   username: {{ .Values.secret.gogs.user | b64enc | quote }} | ||||
|   password: {{ .Values.secret.gogs.token | b64enc | quote }} | ||||
| @@ -1,16 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
| # this is the jenkins id. | ||||
|   name: "molgenis-jenkins-nexus-secret" | ||||
|   labels: | ||||
| # so we know what type it is. | ||||
|     "jenkins.io/credentials-type": "usernamePassword" | ||||
|   annotations: { | ||||
| # description - can not be a label as spaces are not allowed | ||||
|     "jenkins.io/credentials-description" : "user to authenticate against NEXUS" | ||||
|   } | ||||
| type: Opaque | ||||
| data: | ||||
|   username: {{ "admin" | b64enc | quote }} | ||||
|   password: {{ .Values.PipelineSecrets.Env.NexusPassword | b64enc | quote }} | ||||
| @@ -0,0 +1,17 @@ | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: molgenis-jenkins-registry-secret | ||||
|   labels: | ||||
|     app: {{ template "jenkins.fullname" . }} | ||||
|     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" | ||||
|     release: "{{ .Release.Name }}" | ||||
|     heritage: "{{ .Release.Service }}" | ||||
|   annotations: { | ||||
| # description - can not be a label as spaces are not allowed | ||||
|     "jenkins.io/credentials-description" : "(deprecated by vault) Account used in pipeline builds to push docker images to registry.molgenis.org." | ||||
|   } | ||||
| type: Opaque | ||||
| data: | ||||
|   username: {{ .Values.secret.registry.user | b64enc | quote }} | ||||
|   password: {{ .Values.secret.registry.password | b64enc | quote }} | ||||
| @@ -1,16 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
| # this is the jenkins id. | ||||
|   name: "molgenis-jenkins-saucelabs-secret" | ||||
|   labels: | ||||
| # so we know what type it is. | ||||
|     "jenkins.io/credentials-type": "usernamePassword" | ||||
|   annotations: { | ||||
| # description - can not be a label as spaces are not allowed | ||||
|     "jenkins.io/credentials-description" : "user to authenticate against Saucelabs (saucelabs.com)" | ||||
|   } | ||||
| type: Opaque | ||||
| data: | ||||
|   username: {{ "molgenis-jenkins" | b64enc | quote }} | ||||
|   password: {{ .Values.PipelineSecrets.Env.SauceAccessKey | b64enc | quote }} | ||||
| @@ -1,18 +0,0 @@ | ||||
| {{- if .Values.PipelineSecrets.Env.Replace }} | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: molgenis-pipeline-env-secret | ||||
|   labels: | ||||
|     app: {{ template "jenkins.fullname" . }} | ||||
|     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" | ||||
|     release: "{{ .Release.Name }}" | ||||
|     heritage: "{{ .Release.Service }}" | ||||
| type: Opaque | ||||
| data: | ||||
|   pgpPassphrase: {{ .Values.PipelineSecrets.Env.PGPPassphrase | b64enc | quote }} | ||||
|   codecovToken: {{ .Values.PipelineSecrets.Env.CodecovToken | b64enc | quote }} | ||||
|   githubToken: {{ .Values.PipelineSecrets.Env.GitHubToken | b64enc | quote }} | ||||
|   sonarToken: {{ .Values.PipelineSecrets.Env.SonarToken | b64enc | quote }} | ||||
|   npmToken: {{ .Values.PipelineSecrets.Env.NpmToken | b64enc | quote }} | ||||
| {{- end }} | ||||
| @@ -1,15 +0,0 @@ | ||||
| {{- if .Values.PipelineSecrets.File.Replace }} | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: molgenis-pipeline-file-secret | ||||
|   labels: | ||||
|     app: {{ template "jenkins.fullname" . }} | ||||
|     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" | ||||
|     release: "{{ .Release.Name }}" | ||||
|     heritage: "{{ .Release.Service }}" | ||||
| type: Opaque | ||||
| data: | ||||
|   key.asc: {{ .Values.PipelineSecrets.File.PGPPrivateKeyAsc | b64enc | quote }} | ||||
|   settings.xml: {{ .Values.PipelineSecrets.File.MavenSettingsXML | b64enc | quote }} | ||||
| {{- end }} | ||||
| @@ -1,4 +1,3 @@ | ||||
| {{- if .Values.PipelineSecrets.Vault.Replace }} | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
| @@ -10,7 +9,6 @@ metadata: | ||||
|     heritage: "{{ .Release.Service }}" | ||||
| type: Opaque | ||||
| data: | ||||
|   token: {{ .Values.PipelineSecrets.Vault.Token | b64enc | quote }} | ||||
|   addr: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }} | ||||
|   skipVerify: {{ .Values.PipelineSecrets.Vault.SkipVerify | b64enc | quote }} | ||||
| {{- end }} | ||||
|   token: {{ .Values.secret.vault.token | b64enc | quote }} | ||||
|   addr: {{ .Values.secret.vault.addr | b64enc | quote }} | ||||
|   skipVerify: {{ .Values.secret.vault.skipVerify | b64enc | quote }} | ||||
| @@ -368,8 +368,8 @@ jenkins: | ||||
|     install: true | ||||
|   Pods: | ||||
|     molgenis: | ||||
|       Label: molgenisv2 | ||||
|       NodeUsageMode: EXCLUSIVE | ||||
|       Label: molgenis | ||||
|       NodeUsageMode: NORMAL | ||||
|       volumes: | ||||
|         - type: HostPath | ||||
|           hostPath: "/var/run/docker.sock" | ||||
| @@ -417,39 +417,6 @@ jenkins: | ||||
|               secretName: molgenis-pipeline-vault-secret | ||||
|               secretKey: addr | ||||
|       NodeSelector: {} | ||||
|     molgenis-legacy: | ||||
|       InheritFrom: molgenis | ||||
|       Label: molgenis | ||||
|       NodeUsageMode: NORMAL | ||||
|       volumes: | ||||
|         - type: Secret | ||||
|           secretName: molgenis-pipeline-file-secret | ||||
|           mountPath: "/home/jenkins/.m2" | ||||
|       Containers: | ||||
|       EnvVars: | ||||
|         - type: Secret | ||||
|           key: PGP_PASSPHRASE | ||||
|           secretName: molgenis-pipeline-env-secret | ||||
|           secretKey: pgpPassphrase | ||||
|         - type: KeyValue | ||||
|           key: PGP_SECRETKEY | ||||
|           value: "keyfile:/home.jenkins/.m2/key.asc" | ||||
|         - type: KeyValue | ||||
|           key: npm_config_registry | ||||
|           value: "http://nexus.molgenis-nexus:8081/repository/npm-central/" | ||||
|         - type: Secret | ||||
|           key: SONAR_TOKEN | ||||
|           secretName: molgenis-pipeline-env-secret | ||||
|           secretKey: sonarToken | ||||
|         - type: Secret | ||||
|           key: CODECOV_TOKEN | ||||
|           secretName: molgenis-pipeline-env-secret | ||||
|           secretKey: codecovToken | ||||
|         - type: Secret | ||||
|           key: GITHUB_TOKEN | ||||
|           secretName: molgenis-pipeline-env-secret | ||||
|           secretKey: githubToken | ||||
|       NodeSelector: {} | ||||
|     node: | ||||
|       Label: node-carbon | ||||
|       NodeUsageMode: EXCLUSIVE | ||||
| @@ -461,155 +428,45 @@ jenkins: | ||||
|           Command: cat | ||||
|           WorkingDir: /home/jenkins | ||||
|           TTY: true | ||||
|       EnvVars: | ||||
|         - type: KeyValue | ||||
|           key: npm_config_registry | ||||
|           value: "http://nexus.molgenis-nexus:8081/repository/npm-central/" | ||||
|         - type: Secret | ||||
|           key: CODECOV_TOKEN | ||||
|           secretName: molgenis-pipeline-env-secret | ||||
|           secretKey: codecovToken | ||||
|         - type: Secret | ||||
|           key: GITHUB_TOKEN | ||||
|           secretName: molgenis-pipeline-env-secret | ||||
|           secretKey: githubToken | ||||
|         - type: Secret | ||||
|           key: NPM_TOKEN | ||||
|           secretName: molgenis-pipeline-env-secret | ||||
|           secretKey: npmToken | ||||
|       NodeSelector: {} | ||||
|     molgenis-it: | ||||
|       InheritFrom: molgenis | ||||
|       Label: molgenis-it | ||||
|       NodeUsageMode: EXCLUSIVE | ||||
|       Containers: | ||||
|         elasticsearch: | ||||
|           Image: docker.elastic.co/elasticsearch/elasticsearch | ||||
|           ImageTag: 5.5.3 | ||||
|           resources: | ||||
|             requests: | ||||
|               cpu: "100m" | ||||
|               memory: "1Gi" | ||||
|             limits: | ||||
|               cpu: "1" | ||||
|               memory: "1500Mi" | ||||
|         vault: | ||||
|           Image: "vault" | ||||
|           Command: cat | ||||
|           WorkingDir: /home/jenkins | ||||
|           TTY: true | ||||
|           EnvVars: | ||||
|           - type: KeyValue | ||||
|             key: ES_JAVA_OPTS | ||||
|             value: "-Xms512m -Xmx512m" | ||||
|           - type: KeyValue | ||||
|             key: cluster.name | ||||
|             value: molgenis | ||||
|           - type: KeyValue | ||||
|             key: bootstrap.memory_lock | ||||
|             value: "true" | ||||
|           - type: KeyValue | ||||
|             key: xpack.security.enabled | ||||
|             value: "false" | ||||
|           - type: KeyValue | ||||
|             key: discovery.type | ||||
|             value: single-node | ||||
|         postgres: | ||||
|           Image: postgres | ||||
|           ImageTag: 9.6-alpine | ||||
|           resources: | ||||
|             requests: | ||||
|               cpu: "100m" | ||||
|               memory: "250Mi" | ||||
|             limits: | ||||
|               cpu: "1" | ||||
|               memory: "250Mi" | ||||
|           EnvVars: | ||||
|           - type: KeyValue | ||||
|             key: POSTGRES_USER | ||||
|             value: molgenis | ||||
|           - type: KeyValue | ||||
|             key: POSTGRES_PASSWORD | ||||
|             value: molgenis | ||||
|           - type: KeyValue | ||||
|             key: POSTGRES_DB | ||||
|             value: molgenis | ||||
|         opencpu: | ||||
|           Image: molgenis/opencpu | ||||
|           AlwaysPullImage: true | ||||
|           resources: | ||||
|             requests: | ||||
|               cpu: "100m" | ||||
|               memory: "256Mi" | ||||
|             limits: | ||||
|               cpu: "1" | ||||
|               memory: "512Mi" | ||||
|             - type: Secret | ||||
|               key: VAULT_TOKEN | ||||
|               secretName: molgenis-pipeline-vault-secret | ||||
|               secretKey: token | ||||
|             - type: Secret | ||||
|               key: VAULT_SKIP_VERIFY | ||||
|               secretName: molgenis-pipeline-vault-secret | ||||
|               secretKey: skipVerify | ||||
|             - type: Secret | ||||
|               key: VAULT_ADDR | ||||
|               secretName: molgenis-pipeline-vault-secret | ||||
|               secretKey: addr | ||||
|       NodeSelector: {} | ||||
| PipelineSecrets: | ||||
|   Vault: | ||||
|     Replace: true | ||||
|     Token: xxxx | ||||
|     Addr: "https://vault-operator.vault-operator.svc:8200" | ||||
|     SkipVerify: 1 | ||||
|   Env: | ||||
|     # Set to false to keep existing secret | ||||
|     Replace: true | ||||
|     # Passphrase for the pgp private key file, prefixed with literal: | ||||
|     PGPPassphrase: literal:xxxx | ||||
|     # Token for codecov.io service | ||||
|     CodecovToken: xxxx | ||||
|     # Token for github bot account | ||||
|     GitHubToken: xxxx | ||||
|     # Token for github bot account | ||||
|     GogsToken: xxxx | ||||
|     # Token for sonarcloud.io | ||||
|     SonarToken: xxxx | ||||
|     # Token for npmjs.org | ||||
|     NpmToken: xxxx | ||||
|     # Password Local NEXUS | ||||
|     NexusPassword: xxxx | ||||
|     # Password hub.docker.com | ||||
|     DockerHubPassword: xxxx | ||||
|     # Access key for saucelabs.com | ||||
|     SauceAccessKey: xxxx | ||||
|   File: | ||||
|     # Set to false to keep existing secret | ||||
|     Replace: true | ||||
|     # PGP Private key in ascii format used to sign artifacts | ||||
|     PGPPrivateKeyAsc: |- | ||||
|       -----BEGIN PGP PRIVATE KEY BLOCK----- | ||||
|       xxxxx | ||||
|       -----END PGP PRIVATE KEY BLOCK----- | ||||
|     # maven.settings file | ||||
|     MavenSettingsXML: |- | ||||
|       <settings> | ||||
|         <localRepository>${user.home}/.mvnrepository</localRepository> | ||||
|         <interactiveMode>false</interactiveMode> | ||||
|         <mirrors> | ||||
|           <mirror> | ||||
|             <id>nexus</id> | ||||
|             <mirrorOf>external:*</mirrorOf> | ||||
|             <url>http://nexus.molgenis-nexus:8081/repository/maven-central/</url> | ||||
|           </mirror> | ||||
|         </mirrors> | ||||
|         <servers> | ||||
|           <!-- for snapshot builds of the master --> | ||||
|           <server> | ||||
|             <id>sonatype-nexus-staging</id> | ||||
|             <username>molgenis</username> | ||||
|             <password>xxxx</password> | ||||
|           </server> | ||||
|           <server> | ||||
|             <id>local-nexus</id> | ||||
|             <url>http://nexus.molgenis-nexus:8081/repository/maven-snapshots/</url> | ||||
|             <username>admin</username> | ||||
|             <password>xxxxx</password> | ||||
|           </server> | ||||
|           <!-- for docker images--> | ||||
|           <server> | ||||
|             <id>registry.molgenis.org</id> | ||||
|             <username>admin</username> | ||||
|             <password>xxxx</password> | ||||
|           </server> | ||||
|           <server> | ||||
|             <id>registry.hub.docker.com</id> | ||||
|             <username>molgenisci</username> | ||||
|             <password>xxxx</password> | ||||
|           </server> | ||||
|         </servers> | ||||
|       </settings> | ||||
| #secret contains configuration for the kubernetes secrets that jenkins can access | ||||
| secret: | ||||
|   # vault configures the vault secret | ||||
|   vault: | ||||
|     token: xxxx | ||||
|     addr: "https://vault-operator.vault-operator.svc:8200" | ||||
|     skipVerify: "1" | ||||
|   # githubToken contains access token for jenkins bot account on github.com | ||||
|   gitHub: | ||||
|     user: "molgenis-jenkins" | ||||
|     token: xxxx | ||||
|   # gogs contains access token for jenkins bot account on RuG GoGs | ||||
|   gogs: | ||||
|     user: p281392 | ||||
|     token: xxxx | ||||
|   # registry contains credentials for registry.molgenis.org | ||||
|   registry: | ||||
|     user: admin | ||||
|     password: xxxx | ||||
|   # dockerHubPassword contains password for hub.docker.com | ||||
|   dockerHub: | ||||
|     user: molgenisci | ||||
|     password: xxxx | ||||
		Reference in New Issue
	
	Block a user