P129679
/
molgenis-ops-docker-helm
1
0
Fork 0
Code Releases Activity

Merge branch 'feature/vault' of P129679/molgenis-ops-docker-helm into master

This commit is contained in:
Sido Haakma 2018-08-20 12:18:27 +02:00 committed by Gogs
parent 764cda4064 6e4a3faa46
commit f9089f5ee0
3 changed files with 81 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
molgenis-jenkins/README.md
View File

@ -52,22 +52,33 @@ There is one additional group of configuration items specific for this chart, so
You can override the values at deploy time but otherwise also configure them
[in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
* Vault
New vault token to be used by the pods to retrieve their tokens from the vault.
| Parameter | Description | Default |
| ---------------------------------- | ------------------------------------------ | ---------------------------------------------- |
| `PipelineSecrets.Vault.Replace` | Replace the molgenis-pipeline-vault secret | `true` |
| `PipelineSecrets.Vault.Token` | Token to log into the hashicorp vault | `xxxx` |
| `PipelineSecrets.Vault.Addr` | Address of the vault | `https:vault-operator.vault-operator.svc:8200` |
| `PipelineSecrets.Vault.SkipVerify` | Skip verification of the https connection | `1` |
* Env
Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables
in the slave pods.
| Parameter | Description | Default |
| -------------------------------------- | ----------------------------------------- | --------------- |
| `PipelineSecrets.Env.Replace` | Replace molgenis-pipeline-env secret | `true` |
| `PipelineSecrets.Env.PGPPassphrase` | passphrase for the pgp signing key | `literal:xxxx` |
| `PipelineSecrets.Env.CodecovToken` | token for codecov.io | `xxxx` |
| `PipelineSecrets.Env.GitHubToken` | token for GH molgenis-jenkins user | `xxxx` |
| `PipelineSecrets.Env.NexusPassword` | token for molgenis-jenkins user in NEXUS | `xxxx` |
| `PipelineSecrets.Env.DockerHubPassword`| token for molgenis user in hub.docker.com | `xxxx` |
| `PipelineSecrets.Env.SonarToken` | token for sonarcloud.io | `xxxx` |
| `PipelineSecrets.Env.NpmToken` | token for npmjs.org | `xxxx` |
| `PipelineSecrets.Env.SauceAccessKey` | token for saucelabs.com | `xxxx` |
| Parameter | Description | Default |
| --------------------------------------- | ----------------------------------------- | --------------- |
| `PipelineSecrets.Env.Replace` | Replace molgenis-pipeline-env secret | `true` |
| `PipelineSecrets.Env.PGPPassphrase` | passphrase for the pgp signing key | `literal:xxxx` |
| `PipelineSecrets.Env.CodecovToken` | token for codecov.io | `xxxx` |
| `PipelineSecrets.Env.GitHubToken` | token for GH molgenis-jenkins user | `xxxx` |
| `PipelineSecrets.Env.NexusPassword` | token for molgenis-jenkins user in NEXUS | `xxxx` |
| `PipelineSecrets.Env.DockerHubPassword` | token for molgenis user in hub.docker.com | `xxxx` |
| `PipelineSecrets.Env.SonarToken` | token for sonarcloud.io | `xxxx` |
| `PipelineSecrets.Env.NpmToken` | token for npmjs.org | `xxxx` |
| `PipelineSecrets.Env.SauceAccessKey` | token for saucelabs.com | `xxxx` |
* File

16
molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml Normal file
View File

@ -0,0 +1,16 @@
{{- if .Values.PipelineSecrets.Vault.Replace }}
apiVersion: v1
kind: Secret
metadata:
name: molgenis-pipeline-vault-secret
labels:
app: {{ template "jenkins.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
data:
token: {{ .Values.PipelineSecrets.Vault.Token | b64enc | quote }}
addr: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }}
skipVerify: {{ .Values.PipelineSecrets.Vault.SkipVerify | b64enc | quote }}
{{- end }}

49
molgenis-jenkins/values.yaml
View File

@ -368,15 +368,12 @@ jenkins:
install: true
Pods:
molgenis:
Label: molgenis
NodeUsageMode: NORMAL
Label: molgenisv2
NodeUsageMode: EXCLUSIVE
volumes:
- type: HostPath
hostPath: "/var/run/docker.sock"
mountPath: "/var/run/docker.sock"
- type: Secret
secretName: molgenis-pipeline-file-secret
mountPath: "/root/.m2"
Containers:
maven:
Image: "registry.webhosting.rug.nl/molgenis/maven"
@ -389,11 +386,46 @@ jenkins:
requests:
cpu: "1"
memory: "4Gi"
EnvVars:
- type: KeyValue
key: MAVEN_OPTS
value: "-Duser.home=/home/jenkins"
- type: KeyValue
key: MAVEN_CONFIG
value: "/home/jenkins/.m2"
alpine:
Image: "spotify/alpine"
Command: cat
WorkingDir: /home/jenkins
TTY: true
vault:
Image: "vault"
Command: cat
WorkingDir: /home/jenkins
TTY: true
EnvVars:
- type: Secret
key: VAULT_TOKEN
secretName: molgenis-pipeline-vault-secret
secretKey: token
- type: Secret
key: VAULT_SKIP_VERIFY
secretName: molgenis-pipeline-vault-secret
secretKey: skipVerify
- type: Secret
key: VAULT_ADDR
secretName: molgenis-pipeline-vault-secret
secretKey: addr
NodeSelector: {}
molgenis-legacy:
InheritFrom: molgenis
Label: molgenis
NodeUsageMode: NORMAL
volumes:
- type: Secret
secretName: molgenis-pipeline-file-secret
mountPath: "/home/jenkins/.m2"
Containers:
EnvVars:
- type: Secret
key: PGP_PASSPHRASE
@ -401,7 +433,7 @@ jenkins:
secretKey: pgpPassphrase
- type: KeyValue
key: PGP_SECRETKEY
value: "keyfile:/root/.m2/key.asc"
value: "keyfile:/home.jenkins/.m2/key.asc"
- type: KeyValue
key: npm_config_registry
value: "http://nexus.molgenis-nexus:8081/repository/npm-central/"
@ -509,6 +541,11 @@ jenkins:
memory: "512Mi"
NodeSelector: {}
PipelineSecrets:
Vault:
Replace: true
Token: xxxx
Addr: "https://vault-operator.vault-operator.svc:8200"
SkipVerify: 1
Env:
# Set to false to keep existing secret
Replace: true