Add secrets and mount them in the molgenis-jenkins pod.

2018-06-28 09:25:27 +02:00
parent a82e4e1ac6
commit c8b1e1965b
4 changed files with 111 additions and 10 deletions
--- a/molgenis-jenkins/templates/config.tpl
+++ b/molgenis-jenkins/templates/config.tpl
@ -140,7 +140,32 @@ data:
                  <resourceLimitMemory>{{.Values.Pod.Memory}}</resourceLimitMemory>
                </org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
              </containers>
-              <envVars/>
+              <envVars>
+                <org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                  <key>PGP_PASSPHRASE</key>
+                  <secretName>molgenis-pipeline-env-secret</secretName>
+                  <secretKey>pgpPassphrase</secretKey>
+                </org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                <org.csanchez.jenkins.plugins.kubernetes.model.KeyValueEnvVar>
+                  <key>PGP_SECRETKEY</key>
+                  <value>keyfile:/root/.m2/key.asc</value>
+                </org.csanchez.jenkins.plugins.kubernetes.model.KeyValueEnvVar>
+                <org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                  <key>SONAR_TOKEN</key>
+                  <secretName>molgenis-pipeline-env-secret</secretName>
+                  <secretKey>sonarToken</secretKey>
+                </org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                <org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                  <key>CODECOV_TOKEN</key>
+                  <secretName>molgenis-pipeline-env-secret</secretName>
+                  <secretKey>codecovToken</secretKey>
+                </org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                <org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                  <key>GITHUB_TOKEN</key>
+                  <secretName>molgenis-pipeline-env-secret</secretName>
+                  <secretKey>githubToken</secretKey>
+                </org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+              </envVars>
              <annotations/>
 {{- if .Values.Pod.ImagePullSecret }}
              <imagePullSecrets>
--- a/molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml
@ -0,0 +1,17 @@
+{{- if .Values.PipelineSecrets.Env }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: molgenis-pipeline-env-secret
+  labels:
+    app: {{ template "jenkins.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+type: Opaque
+data:
+  pgpPassphrase: {{ .Values.PipelineSecrets.Env.PGPPassphrase | b64enc | quote }}
+  codecovToken: {{ .Values.PipelineSecrets.Env.CodecovToken | b64enc | quote }}
+  githubToken: {{ .Values.PipelineSecrets.Env.GithubToken | b64enc | quote }}
+  sonarToken: {{ .Values.PipelineSecrets.Env.SonarToken | b64enc | quote }}
+{{- end }}
--- a/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml
@ -0,0 +1,15 @@
+{{- if .Values.PipelineSecrets.File }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: molgenis-pipeline-env-secret
+  labels:
+    app: {{ template "jenkins.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+type: Opaque
+data:
+  maven.xml: {{ .Values.PipelineSecrets.File.MavenSettingsXML | b64enc | quote }}
+  key.asc: {{ .Values.PipelineSecrets.File.PGPPrivateKeyAsc | b64enc | quote }}
+{{- end }}