jenkins: load vault env via env

2026-01-14 17:57:10 -03:00 · 2026-01-14 17:57:10 -03:00 · c98d24e91e
commit c98d24e91e
parent 4ff2f3e889
1 changed files with 12 additions and 13 deletions
--- a/services/jenkins/deployment.yaml
+++ b/services/jenkins/deployment.yaml
@ -23,20 +23,20 @@ spec:
        vault.hashicorp.com/agent-inject-secret-jenkins-env: "kv/data/atlas/jenkins/jenkins-oidc"
        vault.hashicorp.com/agent-inject-template-jenkins-env: |
          {{- with secret "kv/data/atlas/jenkins/jenkins-oidc" -}}
-          export OIDC_CLIENT_ID='{{ .Data.data.clientId | replace "'" "'\"'\"'" }}'
-          export OIDC_CLIENT_SECRET='{{ .Data.data.clientSecret | replace "'" "'\"'\"'" }}'
-          export OIDC_AUTH_URL='{{ .Data.data.authorizationUrl | replace "'" "'\"'\"'" }}'
-          export OIDC_TOKEN_URL='{{ .Data.data.tokenUrl | replace "'" "'\"'\"'" }}'
-          export OIDC_USERINFO_URL='{{ .Data.data.userInfoUrl | replace "'" "'\"'\"'" }}'
-          export OIDC_LOGOUT_URL='{{ .Data.data.logoutUrl | replace "'" "'\"'\"'" }}'
+          OIDC_CLIENT_ID={{ .Data.data.clientId }}
+          OIDC_CLIENT_SECRET={{ .Data.data.clientSecret }}
+          OIDC_AUTH_URL={{ .Data.data.authorizationUrl }}
+          OIDC_TOKEN_URL={{ .Data.data.tokenUrl }}
+          OIDC_USERINFO_URL={{ .Data.data.userInfoUrl }}
+          OIDC_LOGOUT_URL={{ .Data.data.logoutUrl }}
          {{- end }}
          {{- with secret "kv/data/atlas/jenkins/harbor-robot-creds" -}}
-          export HARBOR_ROBOT_USERNAME='{{ .Data.data.username | replace "'" "'\"'\"'" }}'
-          export HARBOR_ROBOT_PASSWORD='{{ .Data.data.password | replace "'" "'\"'\"'" }}'
+          HARBOR_ROBOT_USERNAME={{ .Data.data.username }}
+          HARBOR_ROBOT_PASSWORD={{ .Data.data.password }}
          {{- end }}
          {{- with secret "kv/data/atlas/jenkins/gitea-pat" -}}
-          export GITEA_PAT_USERNAME='{{ .Data.data.username | replace "'" "'\"'\"'" }}'
-          export GITEA_PAT_TOKEN='{{ .Data.data.token | replace "'" "'\"'\"'" }}'
+          GITEA_PAT_USERNAME={{ .Data.data.username }}
+          GITEA_PAT_TOKEN={{ .Data.data.token }}
          {{- end -}}
    spec:
      serviceAccountName: jenkins
@ -88,9 +88,8 @@ spec:
            - /bin/sh
            - -c
            - |
-              set -eu
-              . /vault/secrets/jenkins-env
-              exec /usr/bin/tini -- /usr/local/bin/jenkins.sh
+              set -e
+              exec env $(cat /vault/secrets/jenkins-env) /usr/bin/tini -- /usr/local/bin/jenkins.sh
          ports:
            - name: http
              containerPort: 8080