Add secrets and mount them in the molgenis-jenkins pod.
This commit is contained in:
Fleur Kelpin
parent
a82e4e1ac6
commit
c8b1e1965b
@ -140,7 +140,32 @@ data:
|
|||||||
<resourceLimitMemory>{{.Values.Pod.Memory}}</resourceLimitMemory>
|
<resourceLimitMemory>{{.Values.Pod.Memory}}</resourceLimitMemory>
|
||||||
</org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
|
</org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
|
||||||
</containers>
|
</containers>
|
||||||
<envVars/>
|
<envVars>
|
||||||
|
<org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
|
||||||
|
<key>PGP_PASSPHRASE</key>
|
||||||
|
<secretName>molgenis-pipeline-env-secret</secretName>
|
||||||
|
<secretKey>pgpPassphrase</secretKey>
|
||||||
|
</org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
|
||||||
|
<org.csanchez.jenkins.plugins.kubernetes.model.KeyValueEnvVar>
|
||||||
|
<key>PGP_SECRETKEY</key>
|
||||||
|
<value>keyfile:/root/.m2/key.asc</value>
|
||||||
|
</org.csanchez.jenkins.plugins.kubernetes.model.KeyValueEnvVar>
|
||||||
|
<org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
|
||||||
|
<key>SONAR_TOKEN</key>
|
||||||
|
<secretName>molgenis-pipeline-env-secret</secretName>
|
||||||
|
<secretKey>sonarToken</secretKey>
|
||||||
|
</org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
|
||||||
|
<org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
|
||||||
|
<key>CODECOV_TOKEN</key>
|
||||||
|
<secretName>molgenis-pipeline-env-secret</secretName>
|
||||||
|
<secretKey>codecovToken</secretKey>
|
||||||
|
</org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
|
||||||
|
<org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
|
||||||
|
<key>GITHUB_TOKEN</key>
|
||||||
|
<secretName>molgenis-pipeline-env-secret</secretName>
|
||||||
|
<secretKey>githubToken</secretKey>
|
||||||
|
</org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
|
||||||
|
</envVars>
|
||||||
<annotations/>
|
<annotations/>
|
||||||
{{- if .Values.Pod.ImagePullSecret }}
|
{{- if .Values.Pod.ImagePullSecret }}
|
||||||
<imagePullSecrets>
|
<imagePullSecrets>
|
||||||
|
|||||||
17
molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml
Normal file
17
molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
{{- if .Values.PipelineSecrets.Env }}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: molgenis-pipeline-env-secret
|
||||||
|
labels:
|
||||||
|
app: {{ template "jenkins.fullname" . }}
|
||||||
|
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
||||||
|
release: "{{ .Release.Name }}"
|
||||||
|
heritage: "{{ .Release.Service }}"
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
pgpPassphrase: {{ .Values.PipelineSecrets.Env.PGPPassphrase | b64enc | quote }}
|
||||||
|
codecovToken: {{ .Values.PipelineSecrets.Env.CodecovToken | b64enc | quote }}
|
||||||
|
githubToken: {{ .Values.PipelineSecrets.Env.GithubToken | b64enc | quote }}
|
||||||
|
sonarToken: {{ .Values.PipelineSecrets.Env.SonarToken | b64enc | quote }}
|
||||||
|
{{- end }}
|
||||||
@ -0,0 +1,15 @@
|
|||||||
|
{{- if .Values.PipelineSecrets.File }}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: molgenis-pipeline-env-secret
|
||||||
|
labels:
|
||||||
|
app: {{ template "jenkins.fullname" . }}
|
||||||
|
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
||||||
|
release: "{{ .Release.Name }}"
|
||||||
|
heritage: "{{ .Release.Service }}"
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
maven.xml: {{ .Values.PipelineSecrets.File.MavenSettingsXML | b64enc | quote }}
|
||||||
|
key.asc: {{ .Values.PipelineSecrets.File.PGPPrivateKeyAsc | b64enc | quote }}
|
||||||
|
{{- end }}
|
||||||
@ -70,7 +70,7 @@ jenkins:
|
|||||||
CustomConfigMap: true
|
CustomConfigMap: true
|
||||||
rbac:
|
rbac:
|
||||||
install: true
|
install: true
|
||||||
# A second agent to configure a second pod template
|
# A second pod template for maven builds
|
||||||
Pod:
|
Pod:
|
||||||
Enabled: true
|
Enabled: true
|
||||||
Image: "webhost12.service.rug.nl/molgenis/molgenis-maven"
|
Image: "webhost12.service.rug.nl/molgenis/molgenis-maven"
|
||||||
@ -78,10 +78,10 @@ jenkins:
|
|||||||
# ImagePullSecret: jenkins
|
# ImagePullSecret: jenkins
|
||||||
Label: "molgenis-maven"
|
Label: "molgenis-maven"
|
||||||
Privileged: false
|
Privileged: false
|
||||||
Cpu: "200m"
|
Cpu: ""
|
||||||
Memory: "256Mi"
|
Memory: ""
|
||||||
# You may want to change this to true while testing a new image
|
# You may want to change this to true while testing a new image
|
||||||
AlwaysPullImage: true
|
AlwaysPullImage: false
|
||||||
Command: "/bin/sh -c"
|
Command: "/bin/sh -c"
|
||||||
Args: "cat"
|
Args: "cat"
|
||||||
TTY: true
|
TTY: true
|
||||||
@ -90,12 +90,56 @@ jenkins:
|
|||||||
# Configure the attributes as they appear in the corresponding Java class for that type
|
# Configure the attributes as they appear in the corresponding Java class for that type
|
||||||
# https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes
|
# https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes
|
||||||
volumes:
|
volumes:
|
||||||
- type: "HostPath"
|
- type: HostPath
|
||||||
mountPath: "/var/run/docker.sock"
|
|
||||||
hostPath: "/var/run/docker.sock"
|
hostPath: "/var/run/docker.sock"
|
||||||
# - type: Secret
|
mountPath: "/var/run/docker.sock"
|
||||||
# secretName: mysecret
|
- type: Secret
|
||||||
# mountPath: /var/myapp/mysecret
|
secretName: molgenis-pipeline-file-secret
|
||||||
|
mountPath: "keyfile:/root/.m2"
|
||||||
NodeSelector: {}
|
NodeSelector: {}
|
||||||
# Key Value selectors. Ex:
|
# Key Value selectors. Ex:
|
||||||
# jenkins-agent: v1
|
# jenkins-agent: v1
|
||||||
|
PipelineSecrets:
|
||||||
|
Env:
|
||||||
|
# Passphrase for the pgp private key file
|
||||||
|
pgpPassphrase: xxxx
|
||||||
|
# Token for codecov.io service
|
||||||
|
codecovToken: xxxx
|
||||||
|
# Token for github bot account
|
||||||
|
githubToken: xxxx
|
||||||
|
# Token for sonarcloud.io
|
||||||
|
sonarToken: xxxx
|
||||||
|
File:
|
||||||
|
# PGP Private key in ascii format used to sign artifacts
|
||||||
|
PGPPrivateKeyAsc: |-
|
||||||
|
-----BEGIN PGP PRIVATE KEY BLOCK-----
|
||||||
|
xxxxx
|
||||||
|
-----END PGP PRIVATE KEY BLOCK-----
|
||||||
|
# maven.settings file
|
||||||
|
MavenSettingsXML: |-
|
||||||
|
<settings>
|
||||||
|
<!-- sets the local maven repository outside of the ~/.m2 folder for easier mounting of secrets and repo -->
|
||||||
|
<localRepository>${user.home}/.mvnrepository</localRepository>
|
||||||
|
<!-- lets disable the download progress indicator that fills up logs -->
|
||||||
|
<interactiveMode>false</interactiveMode>
|
||||||
|
<mirrors>
|
||||||
|
<mirror>
|
||||||
|
<id>nexus</id>
|
||||||
|
<mirrorOf>external:*</mirrorOf>
|
||||||
|
<url>https://registry.molgenis.org/repository/maven-central/</url>
|
||||||
|
</mirror>
|
||||||
|
</mirrors>
|
||||||
|
<servers>
|
||||||
|
<server>
|
||||||
|
<id>local-nexus</id>
|
||||||
|
<url>https://registry.molgenis.org/repository/maven-central/</url>
|
||||||
|
<username>admin</username>
|
||||||
|
<password>xxxxx</password>
|
||||||
|
</server>
|
||||||
|
<server>
|
||||||
|
<id>oss-sonatype-staging</id>
|
||||||
|
<username>molgenis</username>
|
||||||
|
<password>xxxxx</password>
|
||||||
|
</server>
|
||||||
|
</servers>
|
||||||
|
</settings>
|
||||||
Loading…
Reference in New Issue
Block a user