Add secrets and mount them in the molgenis-jenkins pod.
This commit is contained in:
Fleur Kelpin
parent
a82e4e1ac6
commit
c8b1e1965b
|
|
@ -140,7 +140,32 @@ data:
|
|||
<resourceLimitMemory>{{.Values.Pod.Memory}}</resourceLimitMemory>
|
||||
</org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
|
||||
</containers>
|
||||
<envVars/>
|
||||
<envVars>
|
||||
<org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
|
||||
<key>PGP_PASSPHRASE</key>
|
||||
<secretName>molgenis-pipeline-env-secret</secretName>
|
||||
<secretKey>pgpPassphrase</secretKey>
|
||||
</org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
|
||||
<org.csanchez.jenkins.plugins.kubernetes.model.KeyValueEnvVar>
|
||||
<key>PGP_SECRETKEY</key>
|
||||
<value>keyfile:/root/.m2/key.asc</value>
|
||||
</org.csanchez.jenkins.plugins.kubernetes.model.KeyValueEnvVar>
|
||||
<org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
|
||||
<key>SONAR_TOKEN</key>
|
||||
<secretName>molgenis-pipeline-env-secret</secretName>
|
||||
<secretKey>sonarToken</secretKey>
|
||||
</org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
|
||||
<org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
|
||||
<key>CODECOV_TOKEN</key>
|
||||
<secretName>molgenis-pipeline-env-secret</secretName>
|
||||
<secretKey>codecovToken</secretKey>
|
||||
</org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
|
||||
<org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
|
||||
<key>GITHUB_TOKEN</key>
|
||||
<secretName>molgenis-pipeline-env-secret</secretName>
|
||||
<secretKey>githubToken</secretKey>
|
||||
</org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
|
||||
</envVars>
|
||||
<annotations/>
|
||||
{{- if .Values.Pod.ImagePullSecret }}
|
||||
<imagePullSecrets>
|
||||
|
|
|
|||
|
|
@ -0,0 +1,17 @@
|
|||
{{- if .Values.PipelineSecrets.Env }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: molgenis-pipeline-env-secret
|
||||
labels:
|
||||
app: {{ template "jenkins.fullname" . }}
|
||||
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
||||
release: "{{ .Release.Name }}"
|
||||
heritage: "{{ .Release.Service }}"
|
||||
type: Opaque
|
||||
data:
|
||||
pgpPassphrase: {{ .Values.PipelineSecrets.Env.PGPPassphrase | b64enc | quote }}
|
||||
codecovToken: {{ .Values.PipelineSecrets.Env.CodecovToken | b64enc | quote }}
|
||||
githubToken: {{ .Values.PipelineSecrets.Env.GithubToken | b64enc | quote }}
|
||||
sonarToken: {{ .Values.PipelineSecrets.Env.SonarToken | b64enc | quote }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
{{- if .Values.PipelineSecrets.File }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: molgenis-pipeline-env-secret
|
||||
labels:
|
||||
app: {{ template "jenkins.fullname" . }}
|
||||
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
||||
release: "{{ .Release.Name }}"
|
||||
heritage: "{{ .Release.Service }}"
|
||||
type: Opaque
|
||||
data:
|
||||
maven.xml: {{ .Values.PipelineSecrets.File.MavenSettingsXML | b64enc | quote }}
|
||||
key.asc: {{ .Values.PipelineSecrets.File.PGPPrivateKeyAsc | b64enc | quote }}
|
||||
{{- end }}
|
||||
|
|
@ -70,7 +70,7 @@ jenkins:
|
|||
CustomConfigMap: true
|
||||
rbac:
|
||||
install: true
|
||||
# A second agent to configure a second pod template
|
||||
# A second pod template for maven builds
|
||||
Pod:
|
||||
Enabled: true
|
||||
Image: "webhost12.service.rug.nl/molgenis/molgenis-maven"
|
||||
|
|
@ -78,10 +78,10 @@ jenkins:
|
|||
# ImagePullSecret: jenkins
|
||||
Label: "molgenis-maven"
|
||||
Privileged: false
|
||||
Cpu: "200m"
|
||||
Memory: "256Mi"
|
||||
Cpu: ""
|
||||
Memory: ""
|
||||
# You may want to change this to true while testing a new image
|
||||
AlwaysPullImage: true
|
||||
AlwaysPullImage: false
|
||||
Command: "/bin/sh -c"
|
||||
Args: "cat"
|
||||
TTY: true
|
||||
|
|
@ -90,12 +90,56 @@ jenkins:
|
|||
# Configure the attributes as they appear in the corresponding Java class for that type
|
||||
# https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes
|
||||
volumes:
|
||||
- type: "HostPath"
|
||||
mountPath: "/var/run/docker.sock"
|
||||
- type: HostPath
|
||||
hostPath: "/var/run/docker.sock"
|
||||
# - type: Secret
|
||||
# secretName: mysecret
|
||||
# mountPath: /var/myapp/mysecret
|
||||
mountPath: "/var/run/docker.sock"
|
||||
- type: Secret
|
||||
secretName: molgenis-pipeline-file-secret
|
||||
mountPath: "keyfile:/root/.m2"
|
||||
NodeSelector: {}
|
||||
# Key Value selectors. Ex:
|
||||
# jenkins-agent: v1
|
||||
PipelineSecrets:
|
||||
Env:
|
||||
# Passphrase for the pgp private key file
|
||||
pgpPassphrase: xxxx
|
||||
# Token for codecov.io service
|
||||
codecovToken: xxxx
|
||||
# Token for github bot account
|
||||
githubToken: xxxx
|
||||
# Token for sonarcloud.io
|
||||
sonarToken: xxxx
|
||||
File:
|
||||
# PGP Private key in ascii format used to sign artifacts
|
||||
PGPPrivateKeyAsc: |-
|
||||
-----BEGIN PGP PRIVATE KEY BLOCK-----
|
||||
xxxxx
|
||||
-----END PGP PRIVATE KEY BLOCK-----
|
||||
# maven.settings file
|
||||
MavenSettingsXML: |-
|
||||
<settings>
|
||||
<!-- sets the local maven repository outside of the ~/.m2 folder for easier mounting of secrets and repo -->
|
||||
<localRepository>${user.home}/.mvnrepository</localRepository>
|
||||
<!-- lets disable the download progress indicator that fills up logs -->
|
||||
<interactiveMode>false</interactiveMode>
|
||||
<mirrors>
|
||||
<mirror>
|
||||
<id>nexus</id>
|
||||
<mirrorOf>external:*</mirrorOf>
|
||||
<url>https://registry.molgenis.org/repository/maven-central/</url>
|
||||
</mirror>
|
||||
</mirrors>
|
||||
<servers>
|
||||
<server>
|
||||
<id>local-nexus</id>
|
||||
<url>https://registry.molgenis.org/repository/maven-central/</url>
|
||||
<username>admin</username>
|
||||
<password>xxxxx</password>
|
||||
</server>
|
||||
<server>
|
||||
<id>oss-sonatype-staging</id>
|
||||
<username>molgenis</username>
|
||||
<password>xxxxx</password>
|
||||
</server>
|
||||
</servers>
|
||||
</settings>
|
||||
Loading…
Reference in New Issue