diff --git a/molgenis-jenkins/README.md b/molgenis-jenkins/README.md
index c53571c..a2d1866 100644
--- a/molgenis-jenkins/README.md
+++ b/molgenis-jenkins/README.md
@@ -52,22 +52,33 @@ There is one additional group of configuration items specific for this chart, so
You can override the values at deploy time but otherwise also configure them
[in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
+* Vault
+
+ New vault token to be used by the pods to retrieve their tokens from the vault.
+
+ | Parameter | Description | Default |
+ | ---------------------------------- | ------------------------------------------ | ---------------------------------------------- |
+ | `PipelineSecrets.Vault.Replace` | Replace the molgenis-pipeline-vault secret | `true` |
+ | `PipelineSecrets.Vault.Token` | Token to log into the hashicorp vault | `xxxx` |
+ | `PipelineSecrets.Vault.Addr` | Address of the vault | `https:vault-operator.vault-operator.svc:8200` |
+ | `PipelineSecrets.Vault.SkipVerify` | Skip verification of the https connection | `1` |
+
* Env
Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables
in the slave pods.
- | Parameter | Description | Default |
- | -------------------------------------- | ----------------------------------------- | --------------- |
- | `PipelineSecrets.Env.Replace` | Replace molgenis-pipeline-env secret | `true` |
- | `PipelineSecrets.Env.PGPPassphrase` | passphrase for the pgp signing key | `literal:xxxx` |
- | `PipelineSecrets.Env.CodecovToken` | token for codecov.io | `xxxx` |
- | `PipelineSecrets.Env.GitHubToken` | token for GH molgenis-jenkins user | `xxxx` |
- | `PipelineSecrets.Env.NexusPassword` | token for molgenis-jenkins user in NEXUS | `xxxx` |
- | `PipelineSecrets.Env.DockerHubPassword`| token for molgenis user in hub.docker.com | `xxxx` |
- | `PipelineSecrets.Env.SonarToken` | token for sonarcloud.io | `xxxx` |
- | `PipelineSecrets.Env.NpmToken` | token for npmjs.org | `xxxx` |
- | `PipelineSecrets.Env.SauceAccessKey` | token for saucelabs.com | `xxxx` |
+ | Parameter | Description | Default |
+ | --------------------------------------- | ----------------------------------------- | --------------- |
+ | `PipelineSecrets.Env.Replace` | Replace molgenis-pipeline-env secret | `true` |
+ | `PipelineSecrets.Env.PGPPassphrase` | passphrase for the pgp signing key | `literal:xxxx` |
+ | `PipelineSecrets.Env.CodecovToken` | token for codecov.io | `xxxx` |
+ | `PipelineSecrets.Env.GitHubToken` | token for GH molgenis-jenkins user | `xxxx` |
+ | `PipelineSecrets.Env.NexusPassword` | token for molgenis-jenkins user in NEXUS | `xxxx` |
+ | `PipelineSecrets.Env.DockerHubPassword` | token for molgenis user in hub.docker.com | `xxxx` |
+ | `PipelineSecrets.Env.SonarToken` | token for sonarcloud.io | `xxxx` |
+ | `PipelineSecrets.Env.NpmToken` | token for npmjs.org | `xxxx` |
+ | `PipelineSecrets.Env.SauceAccessKey` | token for saucelabs.com | `xxxx` |
* File
diff --git a/molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml b/molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml
new file mode 100644
index 0000000..aa50fe7
--- /dev/null
+++ b/molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.PipelineSecrets.Vault.Replace }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: molgenis-pipeline-vault-secret
+ labels:
+ app: {{ template "jenkins.fullname" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+type: Opaque
+data:
+ token: {{ .Values.PipelineSecrets.Vault.Token | b64enc | quote }}
+ addr: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }}
+ skipVerify: {{ .Values.PipelineSecrets.Vault.SkipVerify | b64enc | quote }}
+{{- end }}
\ No newline at end of file
diff --git a/molgenis-jenkins/values.yaml b/molgenis-jenkins/values.yaml
index 875b9c1..a6ec1c2 100644
--- a/molgenis-jenkins/values.yaml
+++ b/molgenis-jenkins/values.yaml
@@ -368,15 +368,12 @@ jenkins:
install: true
Pods:
molgenis:
- Label: molgenis
- NodeUsageMode: NORMAL
+ Label: molgenisv2
+ NodeUsageMode: EXCLUSIVE
volumes:
- type: HostPath
hostPath: "/var/run/docker.sock"
mountPath: "/var/run/docker.sock"
- - type: Secret
- secretName: molgenis-pipeline-file-secret
- mountPath: "/root/.m2"
Containers:
maven:
Image: "registry.webhosting.rug.nl/molgenis/maven"
@@ -389,11 +386,46 @@ jenkins:
requests:
cpu: "1"
memory: "4Gi"
+ EnvVars:
+ - type: KeyValue
+ key: MAVEN_OPTS
+ value: "-Duser.home=/home/jenkins"
+ - type: KeyValue
+ key: MAVEN_CONFIG
+ value: "/home/jenkins/.m2"
alpine:
Image: "spotify/alpine"
Command: cat
WorkingDir: /home/jenkins
TTY: true
+ vault:
+ Image: "vault"
+ Command: cat
+ WorkingDir: /home/jenkins
+ TTY: true
+ EnvVars:
+ - type: Secret
+ key: VAULT_TOKEN
+ secretName: molgenis-pipeline-vault-secret
+ secretKey: token
+ - type: Secret
+ key: VAULT_SKIP_VERIFY
+ secretName: molgenis-pipeline-vault-secret
+ secretKey: skipVerify
+ - type: Secret
+ key: VAULT_ADDR
+ secretName: molgenis-pipeline-vault-secret
+ secretKey: addr
+ NodeSelector: {}
+ molgenis-legacy:
+ InheritFrom: molgenis
+ Label: molgenis
+ NodeUsageMode: NORMAL
+ volumes:
+ - type: Secret
+ secretName: molgenis-pipeline-file-secret
+ mountPath: "/home/jenkins/.m2"
+ Containers:
EnvVars:
- type: Secret
key: PGP_PASSPHRASE
@@ -401,7 +433,7 @@ jenkins:
secretKey: pgpPassphrase
- type: KeyValue
key: PGP_SECRETKEY
- value: "keyfile:/root/.m2/key.asc"
+ value: "keyfile:/home.jenkins/.m2/key.asc"
- type: KeyValue
key: npm_config_registry
value: "http://nexus.molgenis-nexus:8081/repository/npm-central/"
@@ -509,6 +541,11 @@ jenkins:
memory: "512Mi"
NodeSelector: {}
PipelineSecrets:
+ Vault:
+ Replace: true
+ Token: xxxx
+ Addr: "https://vault-operator.vault-operator.svc:8200"
+ SkipVerify: 1
Env:
# Set to false to keep existing secret
Replace: true