1
0

Add secrets and mount them in the molgenis-jenkins pod.

This commit is contained in:
Fleur Kelpin 2018-06-28 09:25:27 +02:00
parent a82e4e1ac6
commit c8b1e1965b
4 changed files with 111 additions and 10 deletions

View File

@ -140,7 +140,32 @@ data:
<resourceLimitMemory>{{.Values.Pod.Memory}}</resourceLimitMemory>
</org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
</containers>
<envVars/>
<envVars>
<org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
<key>PGP_PASSPHRASE</key>
<secretName>molgenis-pipeline-env-secret</secretName>
<secretKey>pgpPassphrase</secretKey>
</org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
<org.csanchez.jenkins.plugins.kubernetes.model.KeyValueEnvVar>
<key>PGP_SECRETKEY</key>
<value>keyfile:/root/.m2/key.asc</value>
</org.csanchez.jenkins.plugins.kubernetes.model.KeyValueEnvVar>
<org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
<key>SONAR_TOKEN</key>
<secretName>molgenis-pipeline-env-secret</secretName>
<secretKey>sonarToken</secretKey>
</org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
<org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
<key>CODECOV_TOKEN</key>
<secretName>molgenis-pipeline-env-secret</secretName>
<secretKey>codecovToken</secretKey>
</org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
<org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
<key>GITHUB_TOKEN</key>
<secretName>molgenis-pipeline-env-secret</secretName>
<secretKey>githubToken</secretKey>
</org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
</envVars>
<annotations/>
{{- if .Values.Pod.ImagePullSecret }}
<imagePullSecrets>

View File

@ -0,0 +1,17 @@
{{- if .Values.PipelineSecrets.Env }}
apiVersion: v1
kind: Secret
metadata:
name: molgenis-pipeline-env-secret
labels:
app: {{ template "jenkins.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
data:
pgpPassphrase: {{ .Values.PipelineSecrets.Env.PGPPassphrase | b64enc | quote }}
codecovToken: {{ .Values.PipelineSecrets.Env.CodecovToken | b64enc | quote }}
githubToken: {{ .Values.PipelineSecrets.Env.GithubToken | b64enc | quote }}
sonarToken: {{ .Values.PipelineSecrets.Env.SonarToken | b64enc | quote }}
{{- end }}

View File

@ -0,0 +1,15 @@
{{- if .Values.PipelineSecrets.File }}
apiVersion: v1
kind: Secret
metadata:
name: molgenis-pipeline-env-secret
labels:
app: {{ template "jenkins.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
data:
maven.xml: {{ .Values.PipelineSecrets.File.MavenSettingsXML | b64enc | quote }}
key.asc: {{ .Values.PipelineSecrets.File.PGPPrivateKeyAsc | b64enc | quote }}
{{- end }}

View File

@ -70,7 +70,7 @@ jenkins:
CustomConfigMap: true
rbac:
install: true
# A second agent to configure a second pod template
# A second pod template for maven builds
Pod:
Enabled: true
Image: "webhost12.service.rug.nl/molgenis/molgenis-maven"
@ -78,10 +78,10 @@ jenkins:
# ImagePullSecret: jenkins
Label: "molgenis-maven"
Privileged: false
Cpu: "200m"
Memory: "256Mi"
Cpu: ""
Memory: ""
# You may want to change this to true while testing a new image
AlwaysPullImage: true
AlwaysPullImage: false
Command: "/bin/sh -c"
Args: "cat"
TTY: true
@ -90,12 +90,56 @@ jenkins:
# Configure the attributes as they appear in the corresponding Java class for that type
# https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes
volumes:
- type: "HostPath"
mountPath: "/var/run/docker.sock"
- type: HostPath
hostPath: "/var/run/docker.sock"
# - type: Secret
# secretName: mysecret
# mountPath: /var/myapp/mysecret
mountPath: "/var/run/docker.sock"
- type: Secret
secretName: molgenis-pipeline-file-secret
mountPath: "keyfile:/root/.m2"
NodeSelector: {}
# Key Value selectors. Ex:
# jenkins-agent: v1
PipelineSecrets:
Env:
# Passphrase for the pgp private key file
pgpPassphrase: xxxx
# Token for codecov.io service
codecovToken: xxxx
# Token for github bot account
githubToken: xxxx
# Token for sonarcloud.io
sonarToken: xxxx
File:
# PGP Private key in ascii format used to sign artifacts
PGPPrivateKeyAsc: |-
-----BEGIN PGP PRIVATE KEY BLOCK-----
xxxxx
-----END PGP PRIVATE KEY BLOCK-----
# maven.settings file
MavenSettingsXML: |-
<settings>
<!-- sets the local maven repository outside of the ~/.m2 folder for easier mounting of secrets and repo -->
<localRepository>${user.home}/.mvnrepository</localRepository>
<!-- lets disable the download progress indicator that fills up logs -->
<interactiveMode>false</interactiveMode>
<mirrors>
<mirror>
<id>nexus</id>
<mirrorOf>external:*</mirrorOf>
<url>https://registry.molgenis.org/repository/maven-central/</url>
</mirror>
</mirrors>
<servers>
<server>
<id>local-nexus</id>
<url>https://registry.molgenis.org/repository/maven-central/</url>
<username>admin</username>
<password>xxxxx</password>
</server>
<server>
<id>oss-sonatype-staging</id>
<username>molgenis</username>
<password>xxxxx</password>
</server>
</servers>
</settings>