feat (jenkins): Adds new molgenis pod with vault container and secrets.
The new pod doesn't have the secrets. Keeps the existing pod with molgenis label so existing Jenkinsfiles can be fixed after this PR.
This commit is contained in:
Fleur Kelpin
parent
764cda4064
commit
df82820ef3
|
|
@ -0,0 +1,16 @@
|
||||||
|
{{- if .Values.PipelineSecrets.Vault.Replace }}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: molgenis-pipeline-vault-secret
|
||||||
|
labels:
|
||||||
|
app: {{ template "jenkins.fullname" . }}
|
||||||
|
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
||||||
|
release: "{{ .Release.Name }}"
|
||||||
|
heritage: "{{ .Release.Service }}"
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
token: {{ .Values.PipelineSecrets.Vault.Token | b64enc | quote }}
|
||||||
|
addr: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }}
|
||||||
|
skipVerify: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }}
|
||||||
|
{{- end }}
|
||||||
|
|
@ -368,15 +368,12 @@ jenkins:
|
||||||
install: true
|
install: true
|
||||||
Pods:
|
Pods:
|
||||||
molgenis:
|
molgenis:
|
||||||
Label: molgenis
|
Label: molgenisv2
|
||||||
NodeUsageMode: NORMAL
|
NodeUsageMode: EXCLUSIVE
|
||||||
volumes:
|
volumes:
|
||||||
- type: HostPath
|
- type: HostPath
|
||||||
hostPath: "/var/run/docker.sock"
|
hostPath: "/var/run/docker.sock"
|
||||||
mountPath: "/var/run/docker.sock"
|
mountPath: "/var/run/docker.sock"
|
||||||
- type: Secret
|
|
||||||
secretName: molgenis-pipeline-file-secret
|
|
||||||
mountPath: "/root/.m2"
|
|
||||||
Containers:
|
Containers:
|
||||||
maven:
|
maven:
|
||||||
Image: "registry.webhosting.rug.nl/molgenis/maven"
|
Image: "registry.webhosting.rug.nl/molgenis/maven"
|
||||||
|
|
@ -394,6 +391,34 @@ jenkins:
|
||||||
Command: cat
|
Command: cat
|
||||||
WorkingDir: /home/jenkins
|
WorkingDir: /home/jenkins
|
||||||
TTY: true
|
TTY: true
|
||||||
|
vault:
|
||||||
|
Image: "vault"
|
||||||
|
Command: cat
|
||||||
|
WorkingDir: /home/jenkins
|
||||||
|
TTY: true
|
||||||
|
EnvVars:
|
||||||
|
- type: Secret
|
||||||
|
key: VAULT_TOKEN
|
||||||
|
secretName: molgenis-pipeline-vault-secret
|
||||||
|
secretKey: token
|
||||||
|
- type: Secret
|
||||||
|
key: VAULT_SKIP_VERIFY
|
||||||
|
secretName: molgenis-pipeline-vault-secret
|
||||||
|
secretKey: skipVerify
|
||||||
|
- type: Secret
|
||||||
|
key: VAULT_ADDR
|
||||||
|
secretName: molgenis-pipeline-vault-secret
|
||||||
|
secretKey: addr
|
||||||
|
NodeSelector: {}
|
||||||
|
molgenis-legacy:
|
||||||
|
InheritFrom: molgenis
|
||||||
|
Label: molgenis
|
||||||
|
NodeUsageMode: NORMAL
|
||||||
|
volumes:
|
||||||
|
- type: Secret
|
||||||
|
secretName: molgenis-pipeline-file-secret
|
||||||
|
mountPath: "/root/.m2"
|
||||||
|
Containers:
|
||||||
EnvVars:
|
EnvVars:
|
||||||
- type: Secret
|
- type: Secret
|
||||||
key: PGP_PASSPHRASE
|
key: PGP_PASSPHRASE
|
||||||
|
|
@ -509,6 +534,10 @@ jenkins:
|
||||||
memory: "512Mi"
|
memory: "512Mi"
|
||||||
NodeSelector: {}
|
NodeSelector: {}
|
||||||
PipelineSecrets:
|
PipelineSecrets:
|
||||||
|
Vault:
|
||||||
|
Replace: true
|
||||||
|
Token: xxxx
|
||||||
|
Addr: "https://vault-operator.vault-operator.svc:8200"
|
||||||
Env:
|
Env:
|
||||||
# Set to false to keep existing secret
|
# Set to false to keep existing secret
|
||||||
Replace: true
|
Replace: true
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue