From df82820ef3d51824274e148c54acdb7971dbcfd8 Mon Sep 17 00:00:00 2001 From: Fleur Kelpin Date: Sat, 18 Aug 2018 23:29:18 +0200 Subject: [PATCH] feat (jenkins): Adds new molgenis pod with vault container and secrets. The new pod doesn't have the secrets. Keeps the existing pod with molgenis label so existing Jenkinsfiles can be fixed after this PR. --- .../molgenis-pipeline-vault-secret.yaml | 16 ++++++++ molgenis-jenkins/values.yaml | 39 ++++++++++++++++--- 2 files changed, 50 insertions(+), 5 deletions(-) create mode 100644 molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml diff --git a/molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml b/molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml new file mode 100644 index 0000000..e713c85 --- /dev/null +++ b/molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml @@ -0,0 +1,16 @@ +{{- if .Values.PipelineSecrets.Vault.Replace }} +apiVersion: v1 +kind: Secret +metadata: + name: molgenis-pipeline-vault-secret + labels: + app: {{ template "jenkins.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +type: Opaque +data: + token: {{ .Values.PipelineSecrets.Vault.Token | b64enc | quote }} + addr: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }} + skipVerify: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }} +{{- end }} \ No newline at end of file diff --git a/molgenis-jenkins/values.yaml b/molgenis-jenkins/values.yaml index 875b9c1..f994646 100644 --- a/molgenis-jenkins/values.yaml +++ b/molgenis-jenkins/values.yaml @@ -368,15 +368,12 @@ jenkins: install: true Pods: molgenis: - Label: molgenis - NodeUsageMode: NORMAL + Label: molgenisv2 + NodeUsageMode: EXCLUSIVE volumes: - type: HostPath hostPath: "/var/run/docker.sock" mountPath: "/var/run/docker.sock" - - type: Secret - secretName: molgenis-pipeline-file-secret - mountPath: "/root/.m2" Containers: maven: Image: "registry.webhosting.rug.nl/molgenis/maven" @@ -394,6 +391,34 @@ jenkins: Command: cat WorkingDir: /home/jenkins TTY: true + vault: + Image: "vault" + Command: cat + WorkingDir: /home/jenkins + TTY: true + EnvVars: + - type: Secret + key: VAULT_TOKEN + secretName: molgenis-pipeline-vault-secret + secretKey: token + - type: Secret + key: VAULT_SKIP_VERIFY + secretName: molgenis-pipeline-vault-secret + secretKey: skipVerify + - type: Secret + key: VAULT_ADDR + secretName: molgenis-pipeline-vault-secret + secretKey: addr + NodeSelector: {} + molgenis-legacy: + InheritFrom: molgenis + Label: molgenis + NodeUsageMode: NORMAL + volumes: + - type: Secret + secretName: molgenis-pipeline-file-secret + mountPath: "/root/.m2" + Containers: EnvVars: - type: Secret key: PGP_PASSPHRASE @@ -509,6 +534,10 @@ jenkins: memory: "512Mi" NodeSelector: {} PipelineSecrets: + Vault: + Replace: true + Token: xxxx + Addr: "https://vault-operator.vault-operator.svc:8200" Env: # Set to false to keep existing secret Replace: true