P129679
/
molgenis-ops-docker-helm
1
0
Fork 0
Code Releases Activity

Compare commits

base: P129679:f9089f5ee0d4ac2325c56c1306fcefac4b538e0f
Branches Tags
P129679:master
P129679:fix/links
P129679:chore/pipeline
P129679:revert/nodeSelector
P129679:chore/nodeSelector
P129679:chore/jenkins-gitsource
P129679:fix/75
P129679:chore/upgrade-jenkins
P129679:feature/molgenis-it
P129679:feat/helm-in-jenkins
P129679:doc/helm-role
P129679:feature/helm-role
P129679:feature/s3
P129679:chore/remove-secrets
P129679:feature/vault
P129679:deploy-test
..
compare: P129679:764cda4064435b4de26fdd9ce9a2678f6e9e67c2
Branches Tags
P129679:fix/links
P129679:master
P129679:chore/pipeline
P129679:revert/nodeSelector
P129679:chore/nodeSelector
P129679:chore/jenkins-gitsource
P129679:fix/75
P129679:chore/upgrade-jenkins
P129679:feature/molgenis-it
P129679:feat/helm-in-jenkins
P129679:doc/helm-role
P129679:feature/helm-role
P129679:feature/s3
P129679:chore/remove-secrets
P129679:feature/vault
P129679:deploy-test

No commits in common. "f9089f5ee0d4ac2325c56c1306fcefac4b538e0f" and "764cda4064435b4de26fdd9ce9a2678f6e9e67c2" have entirely different histories.
f9089f5ee0 ... 764cda4064

3 changed files with 17 additions and 81 deletions
Show Stats Expand all files Collapse all files

33
molgenis-jenkins/README.md
View File

@ -52,33 +52,22 @@ There is one additional group of configuration items specific for this chart, so
You can override the values at deploy time but otherwise also configure them You can override the values at deploy time but otherwise also configure them
[in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl. [in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
* Vault
New vault token to be used by the pods to retrieve their tokens from the vault.
| Parameter | Description | Default |
| ---------------------------------- | ------------------------------------------ | ---------------------------------------------- |
| `PipelineSecrets.Vault.Replace` | Replace the molgenis-pipeline-vault secret | `true` |
| `PipelineSecrets.Vault.Token` | Token to log into the hashicorp vault | `xxxx` |
| `PipelineSecrets.Vault.Addr` | Address of the vault | `https:vault-operator.vault-operator.svc:8200` |
| `PipelineSecrets.Vault.SkipVerify` | Skip verification of the https connection | `1` |
* Env * Env
Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables
in the slave pods. in the slave pods.
| Parameter | Description | Default | | Parameter | Description | Default |
| --------------------------------------- | ----------------------------------------- | --------------- | | -------------------------------------- | ----------------------------------------- | --------------- |
| `PipelineSecrets.Env.Replace` | Replace molgenis-pipeline-env secret | `true` | | `PipelineSecrets.Env.Replace` | Replace molgenis-pipeline-env secret | `true` |
| `PipelineSecrets.Env.PGPPassphrase` | passphrase for the pgp signing key | `literal:xxxx` | | `PipelineSecrets.Env.PGPPassphrase` | passphrase for the pgp signing key | `literal:xxxx` |
| `PipelineSecrets.Env.CodecovToken` | token for codecov.io | `xxxx` | | `PipelineSecrets.Env.CodecovToken` | token for codecov.io | `xxxx` |
| `PipelineSecrets.Env.GitHubToken` | token for GH molgenis-jenkins user | `xxxx` | | `PipelineSecrets.Env.GitHubToken` | token for GH molgenis-jenkins user | `xxxx` |
| `PipelineSecrets.Env.NexusPassword` | token for molgenis-jenkins user in NEXUS | `xxxx` | | `PipelineSecrets.Env.NexusPassword` | token for molgenis-jenkins user in NEXUS | `xxxx` |
| `PipelineSecrets.Env.DockerHubPassword` | token for molgenis user in hub.docker.com | `xxxx` | | `PipelineSecrets.Env.DockerHubPassword`| token for molgenis user in hub.docker.com | `xxxx` |
| `PipelineSecrets.Env.SonarToken` | token for sonarcloud.io | `xxxx` | | `PipelineSecrets.Env.SonarToken` | token for sonarcloud.io | `xxxx` |
| `PipelineSecrets.Env.NpmToken` | token for npmjs.org | `xxxx` | | `PipelineSecrets.Env.NpmToken` | token for npmjs.org | `xxxx` |
| `PipelineSecrets.Env.SauceAccessKey` | token for saucelabs.com | `xxxx` | | `PipelineSecrets.Env.SauceAccessKey` | token for saucelabs.com | `xxxx` |
* File * File

16
molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml
View File

@ -1,16 +0,0 @@
{{- if .Values.PipelineSecrets.Vault.Replace }}
apiVersion: v1
kind: Secret
metadata:
name: molgenis-pipeline-vault-secret
labels:
app: {{ template "jenkins.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
data:
token: {{ .Values.PipelineSecrets.Vault.Token | b64enc | quote }}
addr: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }}
skipVerify: {{ .Values.PipelineSecrets.Vault.SkipVerify | b64enc | quote }}
{{- end }}

49
molgenis-jenkins/values.yaml
View File

@ -368,12 +368,15 @@ jenkins:
install: true install: true
Pods: Pods:
molgenis: molgenis:
Label: molgenisv2 Label: molgenis
NodeUsageMode: EXCLUSIVE NodeUsageMode: NORMAL
volumes: volumes:
- type: HostPath - type: HostPath
hostPath: "/var/run/docker.sock" hostPath: "/var/run/docker.sock"
mountPath: "/var/run/docker.sock" mountPath: "/var/run/docker.sock"
- type: Secret
secretName: molgenis-pipeline-file-secret
mountPath: "/root/.m2"
Containers: Containers:
maven: maven:
Image: "registry.webhosting.rug.nl/molgenis/maven" Image: "registry.webhosting.rug.nl/molgenis/maven"
@ -386,46 +389,11 @@ jenkins:
requests: requests:
cpu: "1" cpu: "1"
memory: "4Gi" memory: "4Gi"
EnvVars:
- type: KeyValue
key: MAVEN_OPTS
value: "-Duser.home=/home/jenkins"
- type: KeyValue
key: MAVEN_CONFIG
value: "/home/jenkins/.m2"
alpine: alpine:
Image: "spotify/alpine" Image: "spotify/alpine"
Command: cat Command: cat
WorkingDir: /home/jenkins WorkingDir: /home/jenkins
TTY: true TTY: true
vault:
Image: "vault"
Command: cat
WorkingDir: /home/jenkins
TTY: true
EnvVars:
- type: Secret
key: VAULT_TOKEN
secretName: molgenis-pipeline-vault-secret
secretKey: token
- type: Secret
key: VAULT_SKIP_VERIFY
secretName: molgenis-pipeline-vault-secret
secretKey: skipVerify
- type: Secret
key: VAULT_ADDR
secretName: molgenis-pipeline-vault-secret
secretKey: addr
NodeSelector: {}
molgenis-legacy:
InheritFrom: molgenis
Label: molgenis
NodeUsageMode: NORMAL
volumes:
- type: Secret
secretName: molgenis-pipeline-file-secret
mountPath: "/home/jenkins/.m2"
Containers:
EnvVars: EnvVars:
- type: Secret - type: Secret
key: PGP_PASSPHRASE key: PGP_PASSPHRASE
@ -433,7 +401,7 @@ jenkins:
secretKey: pgpPassphrase secretKey: pgpPassphrase
- type: KeyValue - type: KeyValue
key: PGP_SECRETKEY key: PGP_SECRETKEY
value: "keyfile:/home.jenkins/.m2/key.asc" value: "keyfile:/root/.m2/key.asc"
- type: KeyValue - type: KeyValue
key: npm_config_registry key: npm_config_registry
value: "http://nexus.molgenis-nexus:8081/repository/npm-central/" value: "http://nexus.molgenis-nexus:8081/repository/npm-central/"
@ -541,11 +509,6 @@ jenkins:
memory: "512Mi" memory: "512Mi"
NodeSelector: {} NodeSelector: {}
PipelineSecrets: PipelineSecrets:
Vault:
Replace: true
Token: xxxx
Addr: "https://vault-operator.vault-operator.svc:8200"
SkipVerify: 1
Env: Env:
# Set to false to keep existing secret # Set to false to keep existing secret
Replace: true Replace: true