jenkins: use shared harbor creds when present

services/jenkins/deployment.yaml

@@ -34,6 +34,12 @@ spec:
           HARBOR_ROBOT_USERNAME={{ .Data.data.username }}
           HARBOR_ROBOT_PASSWORD={{ .Data.data.password }}
           {{ end }}
+          {{ with secret "kv/data/atlas/shared/harbor-pull" }}
+          {{- if and .Data.data.username .Data.data.password }}
+          HARBOR_ROBOT_USERNAME={{ .Data.data.username }}
+          HARBOR_ROBOT_PASSWORD={{ .Data.data.password }}
+          {{- end }}
+          {{ end }}
           {{ with secret "kv/data/atlas/jenkins/gitea-pat" }}
           GITEA_PAT_USERNAME={{ .Data.data.username }}
           GITEA_PAT_TOKEN={{ .Data.data.token }}

services/vault/scripts/vault_k8s_auth_configure.sh

@@ -219,7 +219,7 @@ write_policy_and_role "nextcloud" "nextcloud" "nextcloud-vault" \
 write_policy_and_role "comms" "comms" "comms-vault,atlasbot" \
   "comms/* shared/chat-ai-keys-runtime shared/harbor-pull" ""
 write_policy_and_role "jenkins" "jenkins" "jenkins" \
-  "jenkins/*" ""
+  "jenkins/* shared/harbor-pull" ""
 write_policy_and_role "monitoring" "monitoring" "monitoring-vault-sync" \
   "monitoring/* shared/postmark-relay shared/harbor-pull" ""
 write_policy_and_role "logging" "logging" "logging-vault-sync" \