Compare commits
2 Commits
df82820ef3
...
d05e67c279
| Author | SHA1 | Date |
|---|---|---|
Fleur Kelpin
|
d05e67c279 | |
|
Fleur Kelpin
|
3a720a8a85 |
|
|
@ -52,6 +52,17 @@ There is one additional group of configuration items specific for this chart, so
|
|||
You can override the values at deploy time but otherwise also configure them
|
||||
[in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
|
||||
|
||||
* Vault
|
||||
|
||||
New vault token to be used by the pods to retrieve their tokens from the vault.
|
||||
|
||||
| Parameter | Description | Default |
|
||||
| ----------------------------------|--------------------------------------------|-----------------------------------------------|
|
||||
| `PipelineSecrets.Vault.Replace` | Replace the molgenis-pipeline-vault secret |`true` |
|
||||
| `PipelineSecrets.Vault.Token` | Token to log into the hashicorp vault |`xxxx` |
|
||||
| `PipelineSecrets.Vault.Addr` | Address of the vault |`https:vault-operator.vault-operator.svc:8200` |
|
||||
| `PipelineSecrets.Vault.skipVerify`| Skip verification of the https connection |`1` |
|
||||
|
||||
* Env
|
||||
|
||||
Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables
|
||||
|
|
|
|||
|
|
@ -0,0 +1,16 @@
|
|||
{{- if .Values.PipelineSecrets.Vault.Replace }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: molgenis-pipeline-vault-secret
|
||||
labels:
|
||||
app: {{ template "jenkins.fullname" . }}
|
||||
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
||||
release: "{{ .Release.Name }}"
|
||||
heritage: "{{ .Release.Service }}"
|
||||
type: Opaque
|
||||
data:
|
||||
token: {{ .Values.PipelineSecrets.Vault.Token | b64enc | quote }}
|
||||
addr: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }}
|
||||
skipVerify: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }}
|
||||
{{- end }}
|
||||
|
|
@ -368,15 +368,12 @@ jenkins:
|
|||
install: true
|
||||
Pods:
|
||||
molgenis:
|
||||
Label: molgenis
|
||||
NodeUsageMode: NORMAL
|
||||
Label: molgenisv2
|
||||
NodeUsageMode: EXCLUSIVE
|
||||
volumes:
|
||||
- type: HostPath
|
||||
hostPath: "/var/run/docker.sock"
|
||||
mountPath: "/var/run/docker.sock"
|
||||
- type: Secret
|
||||
secretName: molgenis-pipeline-file-secret
|
||||
mountPath: "/root/.m2"
|
||||
Containers:
|
||||
maven:
|
||||
Image: "registry.webhosting.rug.nl/molgenis/maven"
|
||||
|
|
@ -394,6 +391,34 @@ jenkins:
|
|||
Command: cat
|
||||
WorkingDir: /home/jenkins
|
||||
TTY: true
|
||||
vault:
|
||||
Image: "vault"
|
||||
Command: cat
|
||||
WorkingDir: /home/jenkins
|
||||
TTY: true
|
||||
EnvVars:
|
||||
- type: Secret
|
||||
key: VAULT_TOKEN
|
||||
secretName: molgenis-pipeline-vault-secret
|
||||
secretKey: token
|
||||
- type: Secret
|
||||
key: VAULT_SKIP_VERIFY
|
||||
secretName: molgenis-pipeline-vault-secret
|
||||
secretKey: skipVerify
|
||||
- type: Secret
|
||||
key: VAULT_ADDR
|
||||
secretName: molgenis-pipeline-vault-secret
|
||||
secretKey: addr
|
||||
NodeSelector: {}
|
||||
molgenis-legacy:
|
||||
InheritFrom: molgenis
|
||||
Label: molgenis
|
||||
NodeUsageMode: NORMAL
|
||||
volumes:
|
||||
- type: Secret
|
||||
secretName: molgenis-pipeline-file-secret
|
||||
mountPath: "/root/.m2"
|
||||
Containers:
|
||||
EnvVars:
|
||||
- type: Secret
|
||||
key: PGP_PASSPHRASE
|
||||
|
|
@ -509,6 +534,10 @@ jenkins:
|
|||
memory: "512Mi"
|
||||
NodeSelector: {}
|
||||
PipelineSecrets:
|
||||
Vault:
|
||||
Replace: true
|
||||
Token: xxxx
|
||||
Addr: "https://vault-operator.vault-operator.svc:8200"
|
||||
Env:
|
||||
# Set to false to keep existing secret
|
||||
Replace: true
|
||||
|
|
|
|||
Loading…
Reference in New Issue